Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - kensan

Pages1
#1
Documentation and Translation / clarification/possible typo in "Pool options" under nat/port forwarding?
January 16, 2026, 02:50:48 AM
Here https://docs.opnsense.org/manual/nat.html#some-terms-explained one can read the following :


QuotePool options: When there are multiple IPs to choose from, this option will allow regulating which IP gets used. The default, Round Robin, will simply distribute packets to one server after the other. If you only have one **external IP**, this option has no effect.
though It makes perfect sense for outgoing nat as one can have multiple external ips to nat from to.
I'm interested in the option in the context of port forwarding as it is in the UI for port forwarding (and I didn't test it to so what it really does).
When in the context for port forwarding the implication is that  someone or something tried to connect (external_ip:external_port), how does the  above **external IP ** square with this scenario? Internal IP makes more sense as on can have a plethora of internal IPs to forward to.
Or am I missing something here?

If it is indeed the case, doesn't his make relayd redundant?
 
#2
High availability / Re: Default gateway lost on CARP master after failback #4977
May 10, 2021, 08:25:48 PM
i our case the default gateway and the wan ip (virtual or not) are in the same subnet.
One way I found to trigger the loss on the backup is to  play with both buttons to disable CARP.
I have to do that every time it goes from MASTER->BACKUP as it is the only way I found to make it stop using the the virtual WAN ip to communicate with the outside world.
#3
19.1 Legacy Series / DHCP option update-conflict-detection
May 24, 2019, 07:11:08 AM
hi is there particular reason as to why update-conflict-detection is set (hard coded) to false?

disabling it disables among other things: ddns-guard-id-must-match

this is what the man page says :
The ddns-guard-id-must-match statement

           ddns-guard-id-must-match flag;

           The ddns-guard-id-must-match parameter controls whether or not a
           the client id within a DHCID RR must match that of the DNS update's
           client to permit DNS entries associated with that DHCID RR to be
           ovewritten.  Proper conflict resolution requires ID matching and
           should only be disabled after careful consideration.  When
           disabled, it is allows any DNS updater to replace DNS entries that
           have an associated DHCID RR, regardless of client identity. This
           parameter is on by default, has no effect unless update-conflict-
           detection is enabled, and may only be specified at the global
           scope.

if I'm (am I?) reading it correctly this will enable any client to rewrite A record it wishes to  (if DDNS is enabled).
Pages1