"
viragomann, meyergru
Thank you both. I now have local name resolution working properly.
Thank you both. I now have local name resolution working properly.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
25.7, 25.10 Series / Accessing internal web server by name
September 19, 2025, 09:08:13 PM
While attempting to upgrade to V25.7 my system was corrupted by the Intel N100 file system corruption problem.
Because of this I had to do a new install and was unable to retain my existing configuration.
I now have everything working except local access to my web server.
I have a web server running on my local network. I have port forwards so that it is accessible from the web.
I can now only access the web server mesterhome.com from an external network. Local access to mesterhome.com is now resolving the default gateway 192.168.1.1 instead of the web server local address 192.168.1.149. I know I had to do some extra configuration to allow local dns lookups to resolve the proper hostname. It's been several yeard ago when I set up OPNsense. I don't remember what was needed to be done to allow local access to the server. I've tried some tutorials here but have been unable to get them to work.
This did not work for me:
https://forum.opnsense.org/index.php?topic=6155.0
I then tried to configure a host override in unbound DNS. How do I enter the host override in the dropdown box? I tried entering mesterhome and get "No results matched mesterhome" It seems that I don't understand what should be placed in the host override box.
Can someone help me to get a host override or some other method working to have local access to my server?
Because of this I had to do a new install and was unable to retain my existing configuration.
I now have everything working except local access to my web server.
I have a web server running on my local network. I have port forwards so that it is accessible from the web.
I can now only access the web server mesterhome.com from an external network. Local access to mesterhome.com is now resolving the default gateway 192.168.1.1 instead of the web server local address 192.168.1.149. I know I had to do some extra configuration to allow local dns lookups to resolve the proper hostname. It's been several yeard ago when I set up OPNsense. I don't remember what was needed to be done to allow local access to the server. I've tried some tutorials here but have been unable to get them to work.
This did not work for me:
https://forum.opnsense.org/index.php?topic=6155.0
I then tried to configure a host override in unbound DNS. How do I enter the host override in the dropdown box? I tried entering mesterhome and get "No results matched mesterhome" It seems that I don't understand what should be placed in the host override box.
Can someone help me to get a host override or some other method working to have local access to my server?
#3
25.7, 25.10 Series / Re: Intel Alder Lake / N100 instability in FreeBSD and data corruption with UFS
August 12, 2025, 03:46:44 PMQuote from: OPNenthu on August 12, 2025, 12:25:58 PMThere's a chance that your disk has gone bad, which is something I see often on the forums. Try to install the 'os-smart' plugin and run a S.M.A.R.T check to see about your disk health. That plugin provides a simple status widget that you can add to the Lobby screen as well. Probably not worth reinstalling if it's running well now and passing the Health audit (System->Firmware->Status->Run an audit->Health).
As for tunables during installation, you can set them temporarily from the boot menu:
https://forum.opnsense.org/index.php?topic=47494.msg239887#msg239887
You'll need console access- serial or VGA.
I think the system is corrupted. I'm seeing errors in the health audit. Can't install os-smart. Getting errors when I try to install updates.
Code Select
############### Health audit errors ##############
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 09:20:05 EDT 2025
>>> Root file system: /dev/gpt/rootfs
>>> Check installed kernel version
Version 25.7 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 25.7 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense (Priority: 11)
>>> Check installed plugins
os-nut 1.9
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: ....
nspr-4.37: checksum mismatch for /usr/local/bin/nspr-config
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_aix32.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_aix64.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_darwin.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_freebsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_hpux32.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_hpux64.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_linux.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_netbsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_nto.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_openbsd.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_qnx.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_riscos.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_solaris.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/md/_win95.cfg
nspr-4.37: checksum mismatch for /usr/local/include/nspr/pratom.h
nspr-4.37: checksum mismatch for /usr/local/include/nspr/prinit.h
nspr-4.37: checksum mismatch for /usr/local/lib/libnspr4.a
nspr-4.37: checksum mismatch for /usr/local/lib/libnspr4.so
nspr-4.37: checksum mismatch for /usr/local/lib/libplc4.so
nspr-4.37: checksum mismatch for /usr/local/lib/libplds4.so
nspr-4.37: checksum mismatch for /usr/local/libdata/pkgconfig/nspr.pc
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/LICENSE
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/MPL20
nspr-4.37: missing file /usr/local/share/licenses/nspr-4.37/catalog.mk
Checking all packages.....
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/LICENSE
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/METADATA
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/RECORD
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/WHEEL
py311-certifi-2025.7.14: missing file /usr/local/lib/python3.11/site-packages/certifi-2025.7.14.dist-info/top_level.txt
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__init__.py
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__main__.py
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__init__.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__init__.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__main__.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/__main__.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/core.cpython-311.opt-1.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/__pycache__/core.cpython-311.pyc
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/cacert.pem
py311-certifi-2025.7.14: checksum mismatch for /usr/local/lib/python3.11/site-packages/certifi/core.py
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/LICENSE
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/MPL20
py311-certifi-2025.7.14: missing file /usr/local/share/licenses/py311-certifi-2025.7.14/catalog.mk
Checking all packages.....
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/__pycache__/typing_extensions.cpython-311.opt-1.pyc
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/__pycache__/typing_extensions.cpython-311.pyc
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/METADATA
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/RECORD
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/WHEEL
py311-typing-extensions-4.14.1: missing file /usr/local/lib/python3.11/site-packages/typing_extensions-4.14.1.dist-info/licenses/LICENSE
py311-typing-extensions-4.14.1: checksum mismatch for /usr/local/lib/python3.11/site-packages/typing_extensions.py
Checking all packages..... done
>>> Check for core packages consistency
Core package "opnsense" at 25.7 has 68 dependencies to check.
Checking packages: .......................
opnsense-25.7 version mismatch, expected 25.7.1_1
Checking packages: ...........................
py311-duckdb-1.3.1_1 version mismatch, expected 1.3.2
Checking packages: ..............
sudo-1.9.17p1 version mismatch, expected 1.9.17p2
Checking packages: ..
syslog-ng-4.8.2_3 version mismatch, expected 4.8.2_4
Checking packages: ... done
***DONE***
######### os-smart install fails #########
***GOT REQUEST TO INSTALL***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 09:24:10 EDT 2025
Installation out of date. The update to opnsense-25.7.1_1 is required.
***DONE***
######## Firmware update fails ###########
***GOT REQUEST TO UPDATE***
Currently running OPNsense 25.7 (amd64) at Tue Aug 12 00:54:33 EDT 2025
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
Checking for upgrades (11 candidates): .......... done
Processing candidates (11 candidates): .......... done
The following 11 package(s) will be affected (of 0 checked):
Installed packages to be UPGRADED:
boost-libs: 1.88.0_1 -> 1.88.0_2
curl: 8.14.1 -> 8.15.0
ivykis: 0.43.2 -> 0.43.2_1
jq: 1.8.0 -> 1.8.1
libucl: 0.9.2_1 -> 0.9.2_2
nss: 3.113.1_1 -> 3.114
opnsense: 25.7 -> 25.7.1_1
py311-duckdb: 1.3.1_1 -> 1.3.2
sudo: 1.9.17p1 -> 1.9.17p2
syslog-ng: 4.8.2_3 -> 4.8.2_4
webp: 1.5.0 -> 1.6.0
Number of packages to be upgraded: 11
36 MiB to be downloaded.
[1/11] Fetching boost-libs-1.88.0_2.pkg: .......... done
[2/11] Fetching nss-3.114.pkg: .......... done
[3/11] Fetching jq-1.8.1.pkg: .......... done
[4/11] Fetching syslog-ng-4.8.2_4.pkg: .......... done
[5/11] Fetching webp-1.6.0.pkg: .......... done
[6/11] Fetching ivykis-0.43.2_1.pkg: .......... done
[7/11] Fetching curl-8.15.0.pkg: .......... done
[8/11] Fetching libucl-0.9.2_2.pkg: .......... done
[9/11] Fetching opnsense-25.7.1_1.pkg: .......... done
[10/11] Fetching py311-duckdb-1.3.2.pkg: .......... done
[11/11] Fetching sudo-1.9.17p2.pkg: .......... done
Checking integrity...Assertion failed: (strcmp(uid, p->uid) != 0), function pkg_conflicts_check_local_path, file pkg_jobs_conflicts.c, line 315.
Child process pid=26045 terminated abnormally: Abort trap
Starting web GUI...done.
***DONE***
QuoteAs for tunables during installation, you can set them temporarily from the boot menu:
https://forum.opnsense.org/index.php?topic=47494.msg239887#msg239887
I assume that i'll need to do this for all future updates unless the developers change the default for this tunable. Is this correct? This will make future updates painful :-(
#4
25.7, 25.10 Series / Re: Intel Alder Lake / N100 instability in FreeBSD and data corruption with UFS
August 12, 2025, 06:41:42 AMQuote from: OPNenthu on August 04, 2025, 08:35:26 PMI came across this mailing list thread while searching online about FreeBSD instabilities with N100, as many have been reporting upgrade issues. I'm not sure if this is related to the problematic microcode updates.
https://lists.freebsd.org/archives/freebsd-current/2025-January/006984.html
Thank you!
I have an N100 system. I recently upgraded to 25.7. The system crashed during the first boot after the upgrade. I saw that there were file system errors during the boot. After a re-install it appeared to be running OK. While reading the forum to try and solve some other problems I had during the upgrade I found this thread. I have now added vm.pmap.pcid_enabled=0 to the tunables. Even though it seems to be running fine I assume that there could still have been some file system corruption. Do you think I should re-install 25.7? If so, how would I do this so that the vm.pmap.pcid_enabled=0 setting is in place before the first boot? Sorry this may be simple but I'm not very good with Linux.
#5
General Discussion / Re: Web server port forwarding problems.
May 01, 2020, 03:46:57 AMQuote from: stefanpf on April 29, 2020, 07:03:39 PM
Dns:
First IP shown at nslookup is the resolving DNS server.
The DHCP in your ipfire was configured to push an external DNS server to the Clients.
Your opnsense DHCP pushes itself as DNS resolver to the Clients.
In my opinion it's okay and the better choice as for example it's allowing you to resolver local hostnames.
Portforward: the destination address should be your wan address instead of LAN address.
That should so the job from the outside.
From inside you need either
- split-dns (Host overwriting in unbound): your local DNS resolver gives back the local IP of your webserver
or enable NAT Reflection:
https://docs.opnsense.org/manual/nat.html
Turning on NAT reflection and correcting the port forwarding solved the problems. Everything is working now. Thank you for your help!
#6
General Discussion / Re: Web server port forwarding problems.
April 29, 2020, 09:35:13 AMQuote from: stefanpf on April 27, 2020, 08:12:56 AM
Goto System: Settings: Administration
and Change your Port to 444 for example.
And Check "Disable web GUI redirect rule".
I changed the web GUI port to 444. and disabled the web GUI redirect rule.
I no longer see the OPNsense GUI when I access my web server from the LAN. I now just get a timeout. Port forwarding to my web server is still not working. Also, It looks like OPNsense is still modifying LAN DNS lookups.
Below are command prompt sessions showing the different name lokkup results using OPNsense and my old IPCop firewall. I assume that I must have some problems with the OPNsense DNS settings. Using OPNsense, my hostname "mesterhome.com" is being redirected from WAN addresses of 129.250.35.250 and 198.252.121.79 to the local LAN address 192.168.1.1 and 198.252.121.79.
The address 198.252.121.79 is the actual ip address assigned to my hostname.
Code Select
Microsoft Windows [Version 10.0.18363.778]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\Users\Luke-AMD6>REM nslookup results using OPNsense
C:\Users\Luke-AMD6>nslookup mesterhome.com
Server: OPNsense.localdomain
Address: 192.168.1.1
Non-authoritative answer:
Name: mesterhome.com
Address: 198.252.121.79
C:\Users\Luke-AMD6>
Microsoft Windows [Version 10.0.18363.778]
(c) 2019 Microsoft Corporation. All rights reserved.
C:\Users\Luke-AMD6>REM nslookup using IPCop
C:\Users\Luke-AMD6>nslookup mesterhome.com
Server: x.ns.gin.ntt.net
Address: 129.250.35.250
Non-authoritative answer:
Name: mesterhome.com
Address: 198.252.121.79
C:\Users\Luke-AMD6>Screen captures of my current OPNsense settings can be viewed here: https://mesterhome.com/OPNsense/
I must be making a stupid mistake! Port forwarding is not hard to do. Just assign the WAN port to a LAN address and port.
#7
General Discussion / Web server port forwarding problems.
April 27, 2020, 07:15:39 AM
Hello,
I've been running the IPCop Linux based firewall for many years. Unfortunately that project has quietly died. I decided to use OPNsense as a replacement.
I have the basic configuration working. The local LAN is able to access the WAN connected through my cable modem. I'm having no luck getting port forwarding working. I have a lot of port forwarding entries in IPCop. I decided to work with the most critical one first. My web server. I can't get external access to it. Also, when I try to hit it from the LAN side I'm getting redirected to the OPNsense web GUI instead of my WWW server.
It looks like OPNsense is redirecting port 80 and 443 to it's GUI. This is even though i've added a port forward to direct this traffic to my WWW server.
When I do an nslookup while running OPNsense, I see that DNS info is being modified by OPNsense. It's pointing my hostname (mesterhome.com) to 192.168.1.1 (the OPNsense WWW GUI) instead of 192.168.1.25 (the WWW server address). See the two command prompt screen captures. One is using IPCop and the other with OPNsense.
Also attached is my OPNsense config file and screen captures of the working IPCop port forwards and the non functional OPNsense forwarding.
I must have some basic problem with my setup. I hope that someone here can help me fix what I'm doing wrong.
Looks like this forum won't allow me to attach pictures. You can view them here: https://mesterhome.com/OPNsense/
I've been running the IPCop Linux based firewall for many years. Unfortunately that project has quietly died. I decided to use OPNsense as a replacement.
I have the basic configuration working. The local LAN is able to access the WAN connected through my cable modem. I'm having no luck getting port forwarding working. I have a lot of port forwarding entries in IPCop. I decided to work with the most critical one first. My web server. I can't get external access to it. Also, when I try to hit it from the LAN side I'm getting redirected to the OPNsense web GUI instead of my WWW server.
It looks like OPNsense is redirecting port 80 and 443 to it's GUI. This is even though i've added a port forward to direct this traffic to my WWW server.
When I do an nslookup while running OPNsense, I see that DNS info is being modified by OPNsense. It's pointing my hostname (mesterhome.com) to 192.168.1.1 (the OPNsense WWW GUI) instead of 192.168.1.25 (the WWW server address). See the two command prompt screen captures. One is using IPCop and the other with OPNsense.
Also attached is my OPNsense config file and screen captures of the working IPCop port forwards and the non functional OPNsense forwarding.
I must have some basic problem with my setup. I hope that someone here can help me fix what I'm doing wrong.
Looks like this forum won't allow me to attach pictures. You can view them here: https://mesterhome.com/OPNsense/
Pages1
