Messages

1

19.7 Legacy Series / Re: accessing dsl modem behind firewall with some caveats...

« on: August 29, 2019, 05:19:59 pm »

I solved it with an SSH port forwarding.
My Vigor DSL modem has the IP 192.168.244.1

OPNsense has the IP 192.168.11.1

Allow ssh login on the OPNsense.

Use the following command to get the port of the DSL modem to the local PC.

ssh -p 9998 OPNSenseUser@192.168.11.1 -L 8082:192.168.244.1:443

9998 = SSH Port OPNSense
Now directly access the modem in the WEB browser on the local PC with the following URL:
https://127.0.0.1:8082/

So I can see all parameters and also do firmware updates.

Possibly the solution is also interesting for others.

2

19.7 Legacy Series / Re: Intel Lan not recognized after upgrade

« on: July 24, 2019, 03:30:17 pm »

I have the same problem!

I had already reported this here "https://forum.opnsense.org/index.php?topic=11477.msg55319#msg55319=11477.msg55319#msg55319" in the
"Call for testing: New netmap enabled kernel".

3

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: March 20, 2019, 11:02:24 pm »

I've done that before, but it's always been the same result.

I don't have much experience with FreeBSD, I usually only use Linux and Windows. I would have liked to use the VirtIO network driver under KVM Q35. This works under the standard kernel only with the i440FX chipset from KVM. If anyone has an idea, I would like to try it out.

4

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: March 19, 2019, 11:18:03 pm »

Hello,

In 19.1.4 with the default kernel everything is OK

5

19.1 Legacy Series / Re: Call for testing: New netmap enabled kernel

« on: March 18, 2019, 11:34:27 am »

After installing the new netmap-kernel, the Intel network card was no longer found. I ran OPNSense under KVM and passed 2 ports of a hardware Intel card into the VM. The third E1000 is a KVM emulated card. With the new kernel only the virtual card is found. Is there a solution for this ?
Standard kernel: pciconf -l
em0@pci0:3:0:0: class=0x020000 card=0x11bc8086 chip=0x10bc8086 rev=0x06 hdr=0x00
em1@pci0:4:0:0: class=0x020000 card=0x11bc8086 chip=0x10bc8086 rev=0x06 hdr=0x00

em2@pci0:8:1:0: class=0x020000 card=0x11001af4 chip=0x100e8086 rev=0x03 hdr=0x00

netmap kernel:
em0@pci0:8:1:0: class=0x020000 card=0x11001af4 chip=0x100e8086 rev=0x03 hdr=0x00

Thank you. I'll take care of it,
  Sasha

6

18.7 Legacy Series / Re: Firewall API use

« on: November 12, 2018, 03:46:13 pm »

@franco

Did you talk about it -- and what came of it ?
Will the function be available soon?

Thanks,
  Sascha

7

18.7 Legacy Series / Re: Firewall API use

« on: November 03, 2018, 11:56:45 am »

Yes, that's right!
A TTL could always be deposited for an alias.

But to make it work in real time you have to be able to force a reload.
I have my own Syslog which gets the data from several other SyslogServers. These are stored in a DB and can lock out an IP address on the OPNSense within seconds. If the syslog server triggers an alias reload for this.

Wenn die neue API bereit ist, sollte diese Funktion kein Problem darstellen ! oder ?

Thanks

8

18.7 Legacy Series / Re: Firewall API use

« on: November 03, 2018, 11:32:27 am »

Hi m,

I looked at the code on my OPNSense, with "ssh" access to the console.

Looks like it's not on the agenda right now, as I need it.

So far I simply added a function to the file "/usr/local/opnsense/mvc/app/controllers/OPNsense/Core/Api/FirmwareController.php".

 public function aliasreloadAction()
    {
        $response = array();
        $stat = stat('/var/db/aliastables/HillscheidIPv4BlockList.txt');
       if (!$stat)
       {
         $response['command'] = 'stat';     
         $response['status'] = 'failed';
       }
       {
         $ctime = $stat['ctime'] - 93600;
         $response['command'] = 'touch';
         if (!touch('/var/db/aliastables/HillscheidIPv4BlockList.md5.txt', $ctime, $ctime))
         {
           $response['status'] = 'failed';
         }
         else
         {
           system('/usr/local/etc/rc.update_urltables_datiscum ', $ret);
           $response['status'] = 'ok';
        }
      }
      return $response;   
    }

About the API URL "https://IP:Port/api/core/firmware/aliasreload"
he reloads my alias. This has been working very well for a few years now.
But with every update the API file has to be updated.

9

18.7 Legacy Series / Re: Firewall API use

« on: November 02, 2018, 06:03:30 pm »

Thanks, the URL works now.

But by reloading an alias, I meant something else.
I would like to trigger the reloading of a "URL Table (IPs)" before the time has elapsed.
e.g. /api/firewall/alias/reconfigure/MyAlias

I couldn't find an API call that seemed to do that.

10

18.7 Legacy Series / Firewall API use

« on: October 30, 2018, 09:31:47 pm »

First simple test:
I have assembled the URL to test the Firewall API as follows.

https://192.168.11.1/api/firewall/aliasutil/aliases

{"message":"controller OPNsense\\Firewall\\Api\\AliasutilController not found","status":400}

In the path: /usr/local/opnsense/mvc/app/controllers/OPNsense/Firewall/Api

I copied the following file

cp AliasUtilController.php AliasutilController.php
Please pay attention to upper/lower case here

After that it worked and I got back a list of all defined aliases.

Did I do something wrong?
or does it have to be corrected ?

Which call can be used to reload an "alias" ?