Messages

Hey all,

I want to start by saying that before updating from 23.7.4 everything worked flawlessly, no issues with anything. Since updating to 23.7.9, i don't get internet access at all. If I log into the shell i get no route to host which is weird. I even did a factory reset, updating from 23.7 to 23.7.9 and restored my config, same issue. Reset again to 23.7, updated to 23.7.9 and this time all I added was my config to my ISP (PPPoE config) and still doesn't work.

Is this a known issue?? I could reinstall 23.7 and reload my config but I worry that any updates going forward will just brick everything again.

EDIT: I figured out why it was causing this problem, I had zerotier installed and it some how was taking over acting as the WAN rather than my ISP configured port. Not sure how to stop it from acting this way.

[un]

Try this instead of your current rules:

Create an ACL containing all local (RFC1918) address ranges which you do not want addressed from the LAB, assuming it is this one you want isolated (else as applicable). I'll call it no_go for the example.

This confused me, I know what an ACL is but the RFC stuff made me go blank.

Create a Pass rule for your LAB interface: direction in, source/invert unchecked, source any, dest/invert checked, dest "no_go", dest port any.
This will give access to the WAN and to anything not in your no_go ACL.
You can add a Block rule below which is source "LAB net" dest any to catch anything else.

I use this for my IoT which is allowed out to WAN and nowhere else, with nothing incoming to it. I can still access IoT devices from LAN of course.

Edited to mention Pass and Block

Currently I only have LAB and LAN so ultimate go is LAB = internet access and nothing else in LAN

LAN = Access everything else.

By your suggestion of the rules, i could substitute no_go for LAN net (hoping I understood all that correctly).

Im confused as to how this actually worked (ignorance kicking in at the moment) as it isn't making sense to me.

For "Alternate hostnames" I specified both my LAN and LAB gateways which allows me to ping both subnets but the traffic to each should still be segregated right?

Screenshot of the rules section for the Lab portion is attached

Sorry but are you looking for screenshots or a CLI output?

Only DNS settings I have made were for the DHCP scope which is the same that I did for the main LAN (multiple ports are setup via lan bridge mode).

I don't know what Unbound is and I never messed with any of those settings.

Tracert results from a windows system

C:\Windows\System32>tracert 1.1.1.1

Tracing route to 1.1.1.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
10     *        *        *     Request timed out.
11     *        *        *     Request timed out.
12     *        *        *     Request timed out.
13     *        *        *     Request timed out.
14     *        *        *     Request timed out.
15     *        *        *     Request timed out.
16     *        *        *     Request timed out.
17     *        *        *     Request timed out.
18     *        *        *     Request timed out.
19     *        *        *     Request timed out.

[...] and gateway.

Did you specify a gateway in the firewall rule? Don't do that unless you know what you're doing (policy-based routing).

Currently set to default at the moment.

Opnsense is on a physical machine - tiny mini pc with 6 ports. I plugged a laptop directly into it and it's getting a dhcp lease but no access to the internet.

I just made the change and I still can't seem to load any webpage, do i need to have any other rules for internet access?

Hey,

So i am not a networking expert but I am hoping to get some assistance with an issue i am dealing with. Currently I have a mini pc with multiple ports and one port I labelled as a LAN port with subnet 10.0.0.0/24, main LAN is 192.168.1.1

I can't seem to get internet going on this LAN and I think my rules are wrong, even a simple ping would work for a bit then fail entirely.

I currently have the LAB network, any port going to the WAN address as destination with any port for port and gateway.

Is that the wrong rule?

Did opnsense automatically detect the ports or did you have to install the driver for it?

Hi All,

Was thinking about purchasing this little unit and was wondering if anyone has experience with the intel nic's inside?

I have seen tons of posts on reddit about the intel i225 being complete garbage but not sure if peoples experience is on windows. Makes me wonder if the experience is the same on freebsd or even linux? I have seen the i226 but it seems like a rehash of the i225.

If anyone has a recommendation for a regular gigabit unit with 6 ports I am all ears.

Thanks in advance.