Messages

1

17.7 Legacy Series / Why won't unmanaged switch work behind Opnsense firewall box?

« on: November 04, 2017, 07:48:25 am »

Hi - simple newbie question I think, but very frustrating...

I've recently set up a firewall box using Opnsense, and it works great: I have internet access when I connect my computer directly to the LAN port.

However, when I connect my unmanaged switch as an intermediary between the firewall and my computer, I have no Internet.  What do I need to do to make this work?

The configuration is: Modem -> Opnsense firewall machine -> unmanaged hub -> computer
I've tried the obvious sequential power-up of Modem, then Opnsense, then switch, then computer, but still nothing.  All the cables work, and the ethernet plug lights all indicate successful connections.

I'm sure that there is some simple, obvious solution, so what could it be?...

2

17.7 Legacy Series / Re: 2 Problems: 1. Intrusion detection not working. 2. HUGE memory demand/disk IO

« on: November 02, 2017, 05:26:32 pm »

SOLVED - partially.

1. In case anyone else has similar problems..  I discovered that the problem with setting IPS mode, and having "Save" buttons work was with the browser.  Must be some JavaScript setting.  When I logged into the GUI with a different browser, the check boxes stayed checked, and "Save" worked.  Other checkboxes in Opnsense also would not keep checked till I changed the browser.

2. I also discovered that it is entering website names rather than IPs into the imported alias was what is eating memory - megabytes per second, with my SSD showing continual usage.  ?Bug.

3

17.7 Legacy Series / 2 Problems: 1. Intrusion detection not working. 2. HUGE memory demand/disk IO

« on: November 01, 2017, 06:14:58 pm »

Hi,

I hope someone smart out there can help me out:

1.  I want to use GeoIP in the Intrusion Detection function, but IPS mode will not stay "checked" after I leave the page.  Also when I Create a New Rule to block a country, after pressing "Save Changes", nothing shows up as having been saved.  Interestingly, I can select a country by typing in its name, but if I scroll, only about 6 countries starting with "A" show up in the list.  It makes no difference though, my selection doesn't get saved.

Hardware offloading is disabled, as per the user manual.
I have gone so far as to reinstall OpnSense from scratch, reinstalled GeoIP, reinstalled GeoIPs data files, and no difference.

2. I don't know what the expected resource demand is from a firewall list, but Opnsense is using > 7 Gbytes of memory, and my SSD seems to be in continuous use.  CPU demand is only 1%.  In my firewall I have blocked about 1000 adware IPs and website names, and as a test blocked South America using GeoIP via Alias.  I wouldn't have expected such a demand on the system.  Response time from the GUI takes perhaps 30 seconds after a mouse click.

Boot up takes between 15-20 minutes at the Firewall initialization stage.  I wondered whether the demand of resolving the website DNS information to IPs is the cause, so I changed the Firewall Advanced settings to DNS update frequency of 10 hrs, and increased maximum firewall entries to 2 million, but these changes made no difference.

I reinstalled OpnSense from scratch, with all current updates - no better.

What is taking up so much memory, SSD demand, and creating such a slow boot?  Are these resource demands typical?  What can I do to improve things?

Thanks!