Messages

You most likely did not change the interface in the selectpicker. It's "Floating" per default, but you should choose "LAN". There you can find your rules.

You were right, that was it.

I'm glad this happened to someone and I got to see it because I'm pretty sure this would've happened to me eventually. Now I'm ready.

Just make sure you have a config.xml downloaded somewhere so you are prepared.  :)


Cheers,
Franco

Oh yeah, if I forget that part, it's time to throw all the networking gear in a box and find a new hobby.

Every year or so I like to do the major version upgrade by installing fresh and then restoring my latest config backup. Any major watchouts or gotchas that I should be aware of this time around? For reference, I have a pretty vanilla setup. Just a couple of VLANs and a site-to-site Wireguard instance. No IPv6. I already migrated to dnsmasq for DHCP and I'm using the Adguard Home plugin for DNS. No Unbound in use.

This guide helped me tremendously:

https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/

Nothing is going to be worse, just disable it.

Interfaces: Neighbors: Automatic Discovery

It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.

More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover...  Definitely not a professional group here....

You should definitely demand a refund. Be sure to draw attention to your post count so the devs know who they're dealing with.

Go to the NUT configuration page. Next, select the "UPS type" tab and choose "Netclient" using the little down arrow on the right side of the tab. From there, you can enter your client credentials.

Interestingly it does not show up any traffic in the firewall log which is pretty weird. I log everything to see and learn.

Traffic on the same subnet is layer 2 (switched), which is why you won't see anything in the logs due to it never reaching the firewall.

I disabled and enabled google drive backup, nothing more.

It looks like that since the update to 25.1 the backup function is not working automatically.

What I am saying is that a backup is only made to Google Drive when changes to your config have been made since the last backup. For example, I made some minor changes to firewall rules on Jan 31st. That night, a backup was saved to Google Drive. For almost 2 weeks, I made no changes to any settings in OPNsense so no new backups were saved until I made another change on Jan 13th. Try making a minor change to a rule description or something like that and see if it prompts a backup to be saved by the next day.

Are you actually changing any settings in OPNsense? A daily backup is only created if settings have been changed.

Here is the screenshot of Firewall Rule for OPT1:

As was already mentioned, that rule doesn't accomplish anything. After creating an interface, all traffic is denied by default until allow rules are created. To accomplish your intended goal, edit that rule to be an allow rule and check the inverse box for the destination. That will allow traffic to any destination that is not your LAN net; i.e. the internet.

Please show the interface configuration, the DHCP settings, and the firewall rule(s) you configured for OPT1.

Firewall Rules:
LAN = No custom rules all default generated rules
OPT1 = IPv4+6 *    *    *    LAN net    *    *    *       OPT_Block

It's not clear what that one OPT1 rule is supposed to be doing but you certainly don't seem to have any rules that allow internet access. If your goal is to allow OPT1 internet access but no access to the LAN, create a rule that allows all traffic to the inverse (check Destination/invert box) of LAN net.

It's still not very clear what you're trying to accomplish. Post a screenshot of all rules (excluding the auto ones) on your LAN interface. Just showing the one rule isn't relevant because the order of the rules matters.

It looks like you're trying to block LAN clients from reaching a particular Adguard DNS server? From your 1st screenshot, it appears you put the rule after the "allow all" rules. That's not going to work since the "allow all" rule will be matched first and all following rules ignored. Once you fix that, the 2nd rule you posted is not needed.

[* Port forward incoming TCP on port 2222 to port 22 on server on LAN - FAILURE!!!]

* Port forward incoming TCP on port 2222 to port 22 on server on LAN - FAILURE!!!

- Forwarding to : Single server <IP of LAN server>
- port: 2222

Based on your requirement, you should change to the following:

- Forwarding to : Single server <IP of LAN server>
- port: 22

[/32]

...that will allow a computer (IP address 192.168.100.2/24)...

Just a heads up. For a single host, you want 192.168.100.2/32. If you express your rule as 192.168.100.2/24, then you'll be allowing the entire range of IPs from 192.168.100.0 thru 192.168.100.255 to pass.