Messages

Firewall -> Settings -> Advanced
Enable:
- Reflection for port forwarding
- 1: 1 reflection
- Automatic outbound NAT for reflection NAT

Firewall -> NAT -> Port Forwarding
WAN    TCP    *    *    WAN address    80 (HTTP)    192.168.1.50    80 (HTTP)    Name

This is not best practice and should be not used at all.
https://docs.opnsense.org/manual/firewall_settings.html
https://docs.opnsense.org/manual/how-tos/nat_reflection.html

https://en.wikipedia.org/wiki/169.254


I propose to read through some HowTo's...

1. Workstation OS and IP addressing
2. Installation of OPNsense
3. Switch configurations. e.g VLANs

Sorry... Keine Kekse, keinen Support...

Ich gehe davon aus, du arbeitest nicht in der IT?

Nix persönliches. Allerdings "geht nicht" "funktioniert nicht", hilft nicht sonderlich beim Troubleshooten. Für mich funktioniert es noch bei der non business version.

Zudem schaue ich hier eher selten rein. Allerdings hätte ich vermutlich direkt helfen können, sofern ich eine hilfreiche Problembeschreibung bekommen hätte. Einfach mal drüber nachdenken ;)

@franco

I've tried the new approach. Unfortunatelly your commit does not give the full output.

e.g
root@fw:~ # configctl firmware changelog current
25.1.5
root@fw:~ # configctl firmware changelog latest
25.1.5

I would expect as output: 25.1.5_4

At least to have monit working properly to notify about a new version.

I did not read through the complete commit, but it would be nice if the complete version can be shown.

DNS umbiegen.... nur auf interne den traffic zulassen... Done...

Wenn mit Certs gearbeitet wird, schwieriger....aber machbar...

Ich würde mir ggf. mal die Firewall logs anschauen ob irgendwo was geblockt wird. Natürlich muss dafür das Loggin eingeschaltet werden. Im Zweifelsfall eine floating rule erstellen die alles loggt. Wenn er den wirklich eine IP automatisch bekommt...

ansonsten ist ping, traceroute, mtr, tcdump und wireshark dein freund.

Nebenher wenn die PVID nicht korrekt gesetzt wäre, dann würde der Client auch keine IP bekommen, denn dann geht gar nix.

[no]

And for now my impression is like the usual case is a 2-3°C delta and up to 15°C for cases where heat transfer is problematic.

I wonder if it is better to keep the old way of doing it and explaining users that if they observe a big difference, they should inspect their cooling  ;)

Maybe it's just me, maybe I am in the wrong mood at this moment. But sometimes I have the impression you think that other users are stupid.

In this regard I can only speak for myself for sure. Actually I precisely know what I am doing. I know my hardware, and I know my tools. If not, I put time and effort in it to get a deep knowledge of the things I work with.

But to make it very short: There is no issue with the cooling in my devices. If it would, it would have been fixed already.

@OPNenthu

I have a protectli, but like mentioned its a different model. The VP6000 Series is almost brand new and shipped with two fans.
My 6630 has a complete different behavior with a Linux installed and using lm-sensors. In my case I can say the difference is like 30-40°C compared with the output I get from the dashboard.
Even the output of "sysctl dev.cpu | grep temperature" is far away from this peaks.

https://protectli.com/wp-content/uploads/2024/07/VP6630-Datasheet-20240628.pdf
Page 8 you can see the Mainboard. #28 would be the place for the NVME (I'm using a INTENSO SSD with SLC). There is an additional heatsink with a thermal pad mounted in my case.

On top of that I got a replacement part from Protectli. The first 36-48hours the Dashboard showed lower values in comparison to the other machine. After that it reached as well the 80-82°C on the dashboard. So to summarize. Both devices have the same behavior after ~2+ days

My environmental temperature is monitored by different Sensors. Just to name some: BME680, BME280 and some others.

The NVME is monitored as well:
E.g
Temperature:                        36 Celsius

Room_Temperature right now:  21,52 °C (increasing)
Also this temperature is far away from having an impact on the temperature of the FW. In a high computing power pc build, the NVME temperatures are even similar. And there the heatsink is "MASSIV" (Gigabyte X670 Aorus Master)

Let's see how it goes in the summer :D

Code Select Expand

[quote author=fastboot link=topic=44373.msg221848#msg221848 date=1733331746]
[quote author=Patrick M. Hausen link=topic=44373.msg221843#msg221843 date=1733330957]

You logged into a file with the command `sysctl -a | grep temperature`?
[/quote]

No, not that command. I did not test it, but I would assume that even this would't make a huge difference.


Trust me, it will. This command reads 16.000 OIDs from the kernel and this is what heats up the CPU.

And while it is perfectly fine to argue that this is not a clever way to read the CPU temperature because a side effect of the reading itself raises it significantly, the temperature read is correct at that very moment.

That's the entire point. Finding better ways to read temperatures while not missing sensors some users might consider essential.

Well... give the users the choice what they want to see.

When I build dashboards in Grafana, Home Assistant, .... I choose only what I want to see.
But not sure if this is that easy to implement, as I am far away of being a dev myself.

Like just mentioned. My Unix skills are very limited.

From reading the other threads, the way to measure is "sysctl dev.cpu | grep temperature | sort" but correct me if I am wrong.

As I never reach the 80-82°C with this reading, I assume that the other reading must be wrong. I only reach this specific temperatures when I stress the CPU to 100% and even this does not happen in just 1 second.

[is]

You logged into a file with the command `sysctl -a | grep temperature`?

No, not that command. I did not test it, but I would assume that even this would't make a huge difference.


cat test.sh

Code Select Expand

#!/bin/sh
LOGFILE="/var/log/cpu_temp.log"

while true; do
    TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S.%3N")
    TEMP_DATA=$(sysctl dev.cpu | grep temperature | sort)
    echo "$TIMESTAMP - $TEMP_DATA" >> "$LOGFILE"
    sleep 0.5
done


Not fast enough to reach any evidence that the data is just wrong?
And by the way, even this script stresses the CPU and HDD ;) But not really a tangible or measurable effect. Maybe I am blind?

Like mentioned, my Unix "fu" is limited...

That would be cool. Hope it make it in the next release :) I'll adapt the script then

[is]

Because at the end of the day I want to rely on data. If the data is not correct, I don't need it.

[...]

I really do appreciate the effort of the OPNsense team to create this lovely piece of software. I really do. But also do I appreciate accuracy and data I can rely on.

But the data shown is correct. In the moment the dashboard is rendered the CPU temperature is higher, because of the processing taking place to display the dashboard.

No, the data is not correct. As I logged into a file. There I never reached the 80°C. Also the  CPU is an I3. Guess reading the temperature should now have such an effect on it.

Wie meyergru schon schrieb... Ja es geht. Aus diesem Grund habe ich mir ne neue FW gekauft. Protectli 6630. Der Support von Protectli sagte mir auch, dass das Problemlos mit dem Zyxel aka Telekom GPON SFP funktioniert. Nutzen sie selbst...

Nun warte ich auf den Fibre Link...

@TELEKOM: GIB GAS!

Telekom, VDSL, Vigor 166, PPPOE => Keine Probleme.