Messages

No, I had not.

I changed Firewall --> NAT --> Outbound
from: "Automatic outbound NAT rule generation (no manual rules can be used)"
to: "Hybrid outbound NAT rule generation (automatically generated rules are applied after manual rules)"

Then I added a new manual outbound NAT rule:
PS4 alias as "Source" and checked "Static Port" (got that info from this post.). Kept everything else default.


Thank you for your help, it seems to work now.

To be honest, I'm not really sure what I did there? Allowing traffic to pass back from the PS4? And what does the static port setting do?

Hi, I'm trying to get my PS4 to work properly, but are having issues.

I basically followed @thegravity's guide

And then opened these ports:
TCP: 1935, 3478-3480, 9308
UDP: 3074, 3478-3479



I'm still getting NAT type 3 (ie. port forwarding not working)

Thanks, and merry christmas! *<:-)

Great, thanks for pointing me in the right direction.

The R210II only has 4 gb of memory – but that should be fine for OPNsense. I'm not running any caching atm.

Hi all,

I'm currently running OPNsense on an Dell R210 with an old school HDD, but I now have a spare    
Samsung 850 EVO 250GB M.2 SSD.

Is it worth it to put it in the R210II?

If yes, how would you go about setting it up? Installing default and restoring the config? Clone the drive (if yes, how?)?

Thanks!

Thank you! That did the trick. I was looking all over for other solutions.
I did not think of that. In prior updates, it has been no issues.

Hi, I recently took the jump to 18.7, but after upgrade I do not get an external ip on my WAN interface.

My network setup is: cable modem --> Opnsense --> switch --> users.

It can see the ISP dhcp server fine, but it's not getting an ip.

Any input on this?

EDIT:
I briefly got ipv6 connection

And I have this in my logfile:

Code Select Expand

opnsense: /interfaces.php: The command '/sbin/dhclient -c '/var/etc/dhclient_wan.conf' -p '/var/run/dhclient.bce0.pid' 'bce0'' returned exit code '15', the output was 'dhclient: PREINIT dhclient: Starting delete_old_states() dhclient: Comparing IPs: Old: 84.209.XXX.XXX New: dhclient: Removing states from old IP '84.209.XXX.XXX' (new IP '') 0 states cleared killed 0 src nodes from 1 sources and 0 destinations DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPREQUEST on bce0 to 255.255.255.255 port 67 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 2 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 5 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 13 DHCPDISCOVER on bce0 to 255.255.255.255 port 67 interval 14'

Also I have a lot of rules going through my FW log with the source IP as my previous public IP. Even though my WAN shows an ip 0.0.0.0.

Any help i much appreciated (sorry I'm pretty new to this).

My ISP scheduled maintenance in my area today, and that fixed the problem.

Code Select Expand

traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 40 byte packets
1  10.233.128.1 (10.233.128.1)  5.552 ms  5.609 ms  6.073 ms
2  cm-<redacted>.getinternet.no (<redacted>)  6.184 ms  5.962 ms  5.686 ms
3  ae6.no-323-rt1.get.no (185.1.55.18)  6.356 ms  6.060 ms  5.798 ms
4  185.1.55.41 (185.1.55.41)  6.215 ms  3.942 ms  6.099 ms
5  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  5.686 ms  5.894 ms  6.002 ms

Their "IT department" has tried to get a hold of me every day this week (except today), but I haven't been able to pick up the phone in time. Calling back I just get the default customer service, and they apparently sees that it's "IT" that tries to contact me, but they can't put me through since they are not allowed ("IT" decides for themselves when to call – pretty typical I think).

Anyhow, seems like my reporting lit a fire under their ass, and it seems fixed. :)

Hi all,

any best practice to monitor dropped packages (and possible high latency spikes) on my WAN interface?

I'm currently having quite a bit of dropped packages and/or high latency, and to me it seems that it's up chain (i.e my ISP).

Thanks. :)

Thanks. I'm on a 260mbit / 20 mbit cable connection.

But this got me to dig a bit deeper, and it seems like an internal server (10.233.128.1) of the ISP is the problem. Apparently, it is their DHCP server.

Code Select Expand

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 40 byte packets
1  10.233.128.1 (10.233.128.1)  969.363 ms  363.980 ms  47.442 ms
2  cm-<redacted>.getinternet.no (<redacted>)  112.461 ms  102.901 ms  22.952 ms
3  ae6.no-323-rt1.get.no (185.1.55.18)  7.610 ms  16.708 ms  23.552 ms
4  185.1.55.41 (185.1.55.41)  27.113 ms  22.835 ms  26.102 ms
5  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  24.120 ms  23.919 ms  24.059 ms

Code Select Expand

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
1  opnsense (10.0.0.1)  1.053 ms  0.784 ms  0.743 ms
2  10.233.128.1 (10.233.128.1)  246.141 ms  13.284 ms  105.476 ms
3  cm-<redacted>.getinternet.no (<redacted>)  1147.611 ms  555.554 ms  462.964 ms
4  ae6.no-323-rt1.get.no (185.1.55.18)  10.045 ms  16.408 ms  24.218 ms
5  185.1.55.41 (185.1.55.41)  164.107 ms  21.188 ms  23.941 ms
6  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  270.039 ms  175.628 ms  12.147 ms

Code Select Expand

traceroute to 1.1.1.1 (1.1.1.1), 64 hops max, 52 byte packets
1  opnsense (10.0.0.1)  3.347 ms  0.780 ms  1.008 ms
2  10.233.128.1 (10.233.128.1)  47.112 ms  891.952 ms  297.987 ms
3  cm-<redacted>.getinternet.no (<redacted>)  288.130 ms  17.094 ms  126.216 ms
4  ae6.no-323-rt1.get.no (185.1.55.18)  89.709 ms  19.233 ms  16.726 ms
5  185.1.55.41 (185.1.55.41)  8.411 ms  13.376 ms  9.940 ms
6  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  19.957 ms  7.618 ms  16.547 ms

Not sure what's going on, but I guess I should contact my ISP.

Yes, but a second per query? And the ttl does not exactly last long.


Sent from my iPhone using Tapatalk Pro

Anyone of you that experience ~1 second when you visit a new domain?


Sent from my iPhone using Tapatalk Pro

Yes, a bit weird.

Also, lately it feels like the DNS has slowed down a bit. I get ~1000ms when I resolve a new domain. If it's cached I get 0ms.

Code Select Expand

drill -D norge.no @10.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 36955
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; norge.no. IN A

;; ANSWER SECTION:
norge.no. 300 IN A 93.94.10.5
norge.no. 300 IN RRSIG A 14 2 300 20180628000000 20180607000000 52173 norge.no. hRF42hSawMhG8IpIEtOall6XPFV8n/MHKm6XyD4QrgIO+9z/NGa8MTRTItkdDEKksR4klEUGsDWKTkk/6hQ52BmZosAegVbbI13z4H4g3Hj3wJ7WxpJzfbTzWTdORrvG

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 1603 msec
;; EDNS: version 0; flags: do ; udp: 4096
;; SERVER: 10.0.0.1
;; WHEN: Mon Jun 18 20:02:52 2018
;; MSG SIZE  rcvd: 189

Code Select Expand

drill -D norge.no @10.0.0.1
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 56876
;; flags: qr rd ra ad ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; norge.no. IN A

;; ANSWER SECTION:
norge.no. 265 IN A 93.94.10.5
norge.no. 265 IN RRSIG A 14 2 300 20180628000000 20180607000000 52173 norge.no. hRF42hSawMhG8IpIEtOall6XPFV8n/MHKm6XyD4QrgIO+9z/NGa8MTRTItkdDEKksR4klEUGsDWKTkk/6hQ52BmZosAegVbbI13z4H4g3Hj3wJ7WxpJzfbTzWTdORrvG

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; EDNS: version 0; flags: do ; udp: 4096
;; SERVER: 10.0.0.1
;; WHEN: Mon Jun 18 20:03:28 2018
;; MSG SIZE  rcvd: 189

I feel ~1 second is a bit too much. Any input on this?

I'm also seeing this.

Code Select Expand

Jun 13 17:30:52 unbound: [89359:2] info: generate keytag query _ta-4a5c-4f66. NULL IN
Jun 13 17:30:52 unbound: [89359:3] info: generate keytag query _ta-4a5c-4f66. NULL IN
Jun 13 17:19:54 unbound: [89359:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Jun 13 16:25:23 unbound: [89359:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Jun 13 15:28:45 unbound: [89359:0] info: generate keytag query _ta-4a5c-4f66. NULL IN

Thanks.

Only had it running for a few minutes, but it looks Cloudflare DNS (only) is working. :)

Just to be sure.

You specify the same DNS servers in the "General" settings, and then add this to the advanced section of Unbound?