Messages

The X710 series has some cards that are 10Gb/1Gb  Those cards can only connect at those speeds and nothing in between.  That means if the device has a 2.5Gb port it will not be able to connect at 10Gb speeds so it will drop down to something slower. 

Sadly with so many cards out there you will need to pull the card and figure the EXACT version to see if it is even compatible with what you are trying to do.  After that you will need to see what the ONT you have will connect at.  If they can't talk to each other at faster speeds they will drop to the slower speed that is supported by both devices.

There should not be a major issue accessing the modem through the router at all.  Have you set things up and tried doing so yet?  The biggest thing is you do not want both to be using the same ip address scheme.  For instance I use a cable modem and it's internal IP address for diagnostics is 192.168.100.1   So as long as I do not use ANY address that can potentially translate to such it should be fine.  I use a 10.XXX.XXX.XXX address for my internal lan so there has never been an issue.  I can use any 192.168.XXX.XXX or 172.16.XXX.XXX  to 172.31.XXX.XXX ip address as well as long as you do not use 192.168.100.XXX in my case https://en.wikipedia.org/wiki/Private_network

The major issue that you may however come across is when the modems are setup to also act as a DHCP server/router.  Most of the time those also have multiple LAN ports as well as WiFi Access.  Not knowing if that is the case or not I can't help a ton however most of the time they can be set into a bridge mode and the above should also work.  You will also benefit of not having a double NAT with a modem in bridge mode when they want to act as a router as well.

Was having the same type of problem as well and it seemed to help so far.  Once applied ipv6 was working again.  I am on Cox with the IPv6 setup to track the external interface.  After about a day the router was able to connect to IPv6 addresses but the LAN was not.  Otherwise nothing fancy just a single lan setup.

Glad to see I am not the only one who was having the issue.  Thanks for the fix information. 

Success.  For anyone interested I found some directions and they worked perfectly.  This post is coming from a bridged 10G X2 plus 1G LAN network.

Credist go to https://forum.pfsense.org/index.php?topic=48947.0

This is the instructions and are designed for pfSense but work with a few differences in spots of where the tunables are etc.

1. Assign your additional interfaces and enable them with type 'none'. They will come up as OPT1, OPT2 etc.
2. Switch bridge filtering from the bridge members onto the bridge itself (assuming you don't need to apply firewall rules between devices on the bridge/switch). Go to System: Advanced: System Tunables: and edit the two values.
Change net.link.bridge.pfil_member to 0.
Change net.link.bridge.pfil_bridge to 1.
Apply these changes.
3. Now create a bridge in Interfaces: (assign): Bridges: and add to it the additional interfaces you just created, you can select multiple interfaces by holding Ctrl. I named the bridge 'Switch Configuration' to remind me how I have configured it.
4. Now go to Interfaces: (assign) and change the LAN assignment to bridge0. Save and reconnect your ethernet cable to one of the bridge interfaces. It should come back up, however you will want to make sure you have console access before you do this as if you've done something different you could end up locked out!  ;)
5. Assign the interface that was originally assigned to LAN and enable it with type 'none'. Add it to bridge0 to include it in the 'switch'.

After step 3/4 are done REBOOT.  The bridge should be working.

If what you are thinking about for filtering URL's is basically to setup an ad blocker there is a post on here about using Unbound DNS to basically do just that.  You can setup a script to automatically poll text documents and then parse them for your system. 

I use the same thing and it has worked fairly well.  If you had specific URL's you wanted to block you could easily add them a list and host it somewhere for the script to parse.

I have been using OPNsense for about a year now and have enjoyed it.  I started setting up and trying pfsense and it just didn't feel like a good fit for me.

You can also do this locally if you use Unbound DNS.  Once setup just go into the overrides and set the ip you want blocked to 0.0.0.0

This also allows you to use pretty much ANY DNS server out there to grab results.  The bad thing is all someone has to do to bypass is change the DNS on their computer or device.

I am going to be doing something like this soon with some 10Gbe cards so I can add a couple 10G connections to my network for my FreeNAS and my Desktop to use but would rather buy a couple extra Melanox cards (about 30 bucks) than to spend 300 on a switch when I have multiple PCIe slots open on my OPNsense box anyway.  The rest of the network is going to stay with 1Gb for now but I will still need that to all be able to connect to the FreeNAS.

If I bridge the interfaces will I need to add any rules so that the systems that are on the Melanox cards can deal with the rest of the network.  I already have my FreeNAS setup with a static IP address but should I be doing the same with my desktop?  I am more of a hardware guy but with a little help I can usually figure things out with software.

I am sure now that the Melanox 10Gbe cards can be found for around twenty bucks a piece that this will become more and more useful at least until the cost of the switches drops down to a decent price range.

Not a firewall setup but should work pretty well for anyone who can setup the DNS Resolver and set their clients to use the OpnSense box as their DNS server.

https://devinstechblog.com/block-ads-with-dns-in-opnsense/

I was able to get it up and running and it does seem to mostly work so far but it may need some tweaking.  I do have to say that the end of each line in the file linked needs to be removed since it was likely saved on a windows machine and has "^M" at the end of each line but that is a simple fix and it should be looked over before using anyway.

The script itself is based off of https://wuffleton.com/code/unbound-blacklist/

You need to add the line "include: /var/unbound/ad-blacklist.conf" to the custom options in the DNS resolver.

If anyone with more experience than I have wants to look it over and make modifications and/or adjustments please feel free to do so.  I just figured this would be helpful to others who do not want to use a service for ad blocking when they can manage something in house.