Messages

1

General Discussion / ntpd local time problem

« on: November 25, 2020, 05:34:13 am »

Hello

My current local time is Tue Nov 24 7:02 PM.  OPNsense has the time as 8 hours later.  Did I miss a setting somewhere?

Dashboard
Current date/time
Wed Nov 25 3:02:32 AKST 2020

System: Settings: General
Time zone America/Anchorage

Services: Network Time: General
Time servers 0.pool.ntp.org to 3.pool.ntp.org
Orphan mode 12

Services: Network Time: Status
Unreach/Pending

Services: Network Time: Log File
kernel reports TIME_ERROR: 0x41: Clock Unsynchronized

Thanks for any feedback.

2

General Discussion / Re: NAT: Port Forward testing

« on: March 30, 2020, 12:54:43 am »

After adding the new port forward rule my daughter tried to connect to her friends game on the Switch and got 2618-0521 and 2618-0511 "NAT traversal process may have failed" error codes.  Then went to Switch System->Internet->Test Connection and received a "D" NAT score (not good).

Found two more Nintendo Switch posts for setting static NAT outbound rule at:
https://forum.opnsense.org/index.php?topic=11801.msg53771#msg53771 and
https://forum.netgate.com/topic/112631/nintendo-switch-needs-static-port-on-its-outbound-nat

After adding the Firewall: NAT: Outbound manual rule I reran the Switch Test Connection routine and received an "A" NAT score.  Have two happy young ladies now visiting between Alaska and New Mexico.

Regards,
Kurt

3

General Discussion / Re: NAT: Port Forward testing

« on: March 29, 2020, 09:12:46 pm »

Good morning,

I'm about as much of a network guy as McCoy defusing a photon torpedo.  So I tend to proceed slowly.

I just ran Qbittorrent with 36000 as the listening port on the Neon box and got positive feedback.

Code: [Select]

Canyouseeme.org:
Success: I can see your service on X.X.X.X on port (36000)
Your ISP is not blocking port 36000
Thanks to the following two posts for getting the Port Forward config set up for me.

https://forum.opnsense.org/index.php?topic=8783.0
https://homenetworkguy.com/how-to/firewall-rules-cheat-sheet/

The next step then is a port forward for the Switch box for Animal Crossing for my daughter and her college friend.  I run what I consider the critical devices on the LAN interface and all of the phones and gaming consoles on a separate WAP on the OPT1 interface.  Nintendo support calls for UDP: 1-65535 to be open.  Although a reddit post suggests that UDP: 45000-65535 will suffice.  Is having this many ports open just something you live with or are there other ways to work this problem?

Thanks,
Kurt

4

General Discussion / NAT: Port Forward testing

« on: March 29, 2020, 09:18:52 am »

Hello,

Need to port forward to Nintendo Switch for daughter's game but have never performed this action before.  Thought I might test a port forward configuration to a Linux box first. If the config worked then I'd try to extend it to new rule for the Switch. Don't know how to test port forwarding but gave it a try below.  Used KDE Neon box with VPN off for test.

Firewall: NAT: Port Forward config

Code: [Select]

- Interface: WAN
- TCP/IP Version: IPv4   
- Protocol: TCP
- Source / Invert: Unchecked
- Source: any
- Source Port Range: any to any
- Destination / Invert: Unchecked
- Destination: WAN address
- Destination Port range: (other) 36000 to (other) 36000
- Redirect target IP: Alias "htpc"
- Redirect target Port: (other) 36000
- Pool Options: Default
- Log: Checked
- NAT reflection: Enable

Port forward check below:

Canyouseeme.org test for forwarded port "36000":

Code: [Select]

Error: I could not see your service on x.x.x.x on port (36000)
Reason: Connection refused
Firewall: Log Files: Plain View for 10.1.36.80 (KDE Neon test box)

Code: [Select]

2020-03-29T05:48:13 filterlog: 85,,,0,igb1,match,pass,in,4,0x0,,64,6022,0,DF,6,tcp,60,10.1.36.80,10.1.36.1,58006,443,0,S,4050776014,,64240,,mss;sackOK;TS;nop;wscale
2020-03-29T05:46:30 filterlog: 85,,,0,igb1,match,pass,in,4,0x0,,64,64196,0,DF,6,tcp,60,10.1.36.80,10.1.36.1,58004,443,0,S,4125679719,,64240,,mss;sackOK;TS;nop;wscale
2020-03-29T05:46:05 filterlog: 83,,,0,igb1,match,pass,out,4,0x0,,41,4375,0,DF,6,tcp,60,52.202.215.126,10.1.36.80,39715,36000,0,S,2441912499,,26883,,mss;sackOK;TS;nop;wscale
2020-03-29T05:46:05 filterlog: 91,,,0,pppoe0,match,pass,in,4,0x0,,42,4375,0,DF,6,tcp,60,52.202.215.126,10.1.36.80,39715,36000,0,S,2441912499,,26883,,mss;sackOK;TS;nop;wscale

Canyouseeme.org test for non-forwarded port "36001":

Code: [Select]

Error: I could not see your service on x.x.x.x on port (36001)
Reason: Connection timed out
Firewall: Log Files: Plain View for 36001

Code: [Select]

2020-03-29T05:54:17 filterlog: 9,,,0,pppoe0,match,block,in,4,0x0,,42,52835,0,DF,6,tcp,60,52.202.215.126,72.35.119.90,60412,36001,0,S,397295950,,26883,,mss;sackOK;TS;nop;wscale
The forwarded port "36000" gave a "Connection refused" error.  This seems better than the "36001" "Connection timed out" error.  What should I try next to make sure that port forwarding works correctly and safely on OPNsense.

Thanks,
Kurt

5

19.1 Legacy Series / lost PPPoE dialup

« on: June 04, 2019, 06:59:32 pm »

Hello,

First time user as of 6/2/19.  Am now away from network.  This is for a home system using an older PC with 3 NICS configured as WAN, LAN, and OPT1.  Currently have no PPPoE connection to the ISP. 

Starting with my initial install, the system repeatedly tripped into an IRQ interrupt storm that knocked the ISP immediately offline.  Vmstat and dmesg seemed to indicate a USB conflict.  So with no internet and my rudimentary understanding of PCs I turned USB off in the bios.  The ISP connection then stayed on. 

Started configuring a few things like static host ips and so forth.  On Sunday evening the ISP connection was lost again.  Ended up going to the CLI to do a machine reset and redefined the 3 interfaces.  Then went to the web GUI wizard and reentered the various options.  Still no ISP connection.  LAN and OPT1 seem to work ok.  A direct dialup from a Win10 computer to the ISP works.  But when I reboot OPNsense, the WAN text line on the command interface is just blank.

Don't know how to debug this problem.  The problem could be me, the hardware, or the software - likely in that order. 

Ideas or help to look at log messages would be appreciated.

Thanks,
Kurt