Messages

For others that may come across this topic with the same or similar issues.

My GeoIP was list update 2 2/2 months prior to this post. I had a previous unknown issue where I was getting the following error "In order to use GeoIP, you need to configure a source in the GeoIP settings tab". I logged in to my Maxmind account deleted my current license and create a new one. Created the link as described in this link. Pasted it in to my web browser to verify the link worked. I then had to copy it again out of the URL text field in the web browser then paste it into the proper field in OPNSense. My GeoIP rules were update

For my spam blocking rules, for some reason the update interval was blank, thus not updating. As soon as I entered a value (4 hours in my case), these too updated.

Thank You Patrick M. Hausen for your assistance.

Hopefully my spam volume will decrease with just these changes.

Thanks.

It has been over a year since I created the rule I couldn't remember.

The Geo IP blocking doesn't have the update option, does it not need to be updated? If not it makes since, since they keep saying they are running out of IPs for version 4

I created firewall rules for GeoIP blocking and spam blocking using spamhaus.

Is it necessary to update these rules every so often, or do they update on their own or is an update not needed at all?

Thank You

I just check for updates on on of my routers and the version it is currently run is 25.7.7_4 (amd64) at Sun Nov  9 17:17:29 UTC 2025.

I had everything working correctly, then this past weekend Fri Oct 31 actually I had to restore defaults. I believe an update was done after I initially got it configured, but before the restoring of defaults.

I have three local LANS - LAN1, LAN2, and LAN3.

The issue I am having is after a restart ISC DHCPv4 Server is running. That would be fine, however only LAN2 and LAN3 can get IP Address' form DHCP, LAN1 cannot. However, if I stop ISC DHCPv4 Server and start Dnsmasq DNS/DHCP. Then all three networks can get IP Address' from DHCP.

How can I either get all three networks to get IP Address' from ISC DHCPv4?
Or make Dnsmasq DNS/DHCP the default DHCP server?

Is there any benefit from using one over the other?

I need to set up dual WANS on multiple routers.

I found this Multi WAN.

Is this the best tutorial to use
If it is the best, what is the point of the monitor IPs. I get what they are (going by the name anyway, maybe they aren't what I think), what is their purpose for dual wans? IE why are they need for a multi WAN setup but not a single WAN setup?
If this is not the best tutorial, what is?

Did you install the plugin ? GUI or SSH would work just fine

Code Select Expand

pkg install os-realtek-re

Thank You that resolved the issue. All five NICS are now visible and usable by OPNSense.

Did you install the plugin ? GUI or SSH would work just fine

Code Select Expand

pkg install os-realtek-re

No, I did not. I didn't have to with the i5's. However, I will try it.

I just recently purchased five (5) Lenovo M920Q with I3 processors. I also just recently purchase five (5) H!Fiber quad port 2.5G Network Card with the Realtek RTL8125 Chip. One NIC card for each of the M920Qs. All five M920Qs came with Windows 10.

With in Windows all five NICS (4 on the NIC and the one on board or integrated) connect at 1G to a 1G switch. However, when doing automatic port assignment only the on board NIC is recognized to have an active connection. All four ports on the quad NIC and on the switch get link lights but not activity or connection speed light.

I also have two M920Q with i5 processors and they work fine. I do not know if it matters but these were running version 24.7 and I upgraded them t0 25.1. The i3's are a fresh install of 25.1.

I am going to try to install 24.7 for giggles (if I can find the image)

Anybody have any suggestions

Thank You

Does this UPS have a network interface? If yes there should be a web UI for tasks like this. If it doesn't you probably need APC's proprietary software on Windows or Linux and a USB or serial connection.

For my Cyberpower UPS with RMCARD205 I can do it in the web UI.

It does but it is only for surge protection (In and out). It does not receive an IP address.

Thank you. I am trying to get SSH to work so I can try. Using the console would be difficult in my situation.

I am running 25.1.1

I have just connected a APC Back-UPS XS 1500 LCD, I have a few of questions.

• Both in the Apcupsd widget on the dashboard and in status under the Apcupsd service it says the battery date is Dec 7, 2006. I just replaced the battery February 15. How can I update this?
• The APC Windows app has a button to test the UPS, is it possible to perform this test in OPNSense?
• In the APC Windows app the minimum and maximum voltages can be change for it to go on battery. Is it possible to change these in OPNSense?

The way I got it working my not be ideal but I didn't have to beat my head against a brick wall to get it to work.

I first posted on the OpenWRT forums, was told I need to create a route on OPNSense.
I then post here and was told it would be better to create the route on the Debian (spam) server
I posted on the Debian forums and was told I should redo part of my network.

It appeared that it was not going to be fun nor easy to get OPNSense, OpenWRT and Debian to all play nice. So I modified what I already had. I already had a cable connected to the 10.78.239.0 network and one connected to the 192.168.107.0 network, although 192.168.107.0 was DHCP -- not ideal but was meant to be temporary. I changed it to a static IP with no assigned gateway. I then created firewall rules on the Debian server to allow SMTP traffic then block everything else.

Yes, basically I'd have what you described. 10.78.239.106 is my spam server which will forward any "clean" / "legit" email to the exchange server. I do have a web server and an RMM server also in the DMZ, but the spam server will be the only one to send unsolicited or unrequested traffic to the 192.168.107.0 network.

Thanks you for the advice, I have never had to set up a static route on any firewall or OS

I am looking for some assistance adding a route.

From the image below I need to create a route preferably only from 10.78.239.106 to 192.168.107.10. If I understand correctly I need to create another gateway. If so, do I use 10.78.239.1 or 10.78.239.2?

I'd appreciate if somebody could add some clarity or provide a good link that does a good job of describing the process.

Thank You

I got it working, however, being completely honest I have no idea how.

I decided that I did not like the network scheme. It half matched the scheme that I use on my private network. I deceided I wanted my DMZ to closely match the public scheme. I changed the 2nd,3rd and 4th octets of the private IPs to match the 2nd,3rd and 4th octets of my public IPs. Now for what ever reason all port forwards, work as I want.

I am having issues with DNS. It works locally, but will not work for public sites / addresses. But I don't see how that would have affected port forwarding.