Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - noviceiii

Pages1
#1
General Discussion / Re: Microsoft Broken
May 24, 2023, 12:22:59 AM
Thank you for the suggestion. But, although I make damage in various ways, it wasn't because of that. This time :-)

It was blocked by one of the unboundDNS DNSBL blocklists. 

As I figured, I guess, it was mainly my understanding of the use of wildcards for the whitelist that was not in line of how opnsense understands it. And, there where 2 or 3 list items, I've added directly manualy from the block log (m.hotmail, outlook.office365 and officeclient.microsoft if I remember right).

n3
#2
General Discussion / Re: Need help pls with a simple PASS-rule.... (Default deny / state violation rule)
May 23, 2023, 10:23:32 PM
and then again, it was something completely different.

I had to disable IGMP snooping on the bridge. See here: https://forum.proxmox.com/threads/multicast-bridge-problem.107410/

n3
#3
General Discussion / Need help pls with a simple PASS-rule.... (Default deny / state violation rule)
May 22, 2023, 09:49:19 PM
Dear all

Sorry to ask a certainly very basic question but it drives me mad after an hour of trying... I don't get it to work.
May I ask for a helping hand?

I'd like to allow IGMP traffic that matches
- "LAN" interface,
- source "LAN net",
- protocol "IGMP"
- destination "any"
(I have played with a various combinations).

But the trafic gets blocked by the default deny rule (see screenshot).

Greetings
n3
#4
General Discussion / Re: Bond/ Trunk no igmp?
May 15, 2023, 08:03:42 PM
Thank you for your help. However, the issue was on proxmox.

Solved:
I've figured it out on following one of my first guess' (always follow your first guess!).
On ProxMox, I had to change the hash policy to layer 2+3.

n3
#5
General Discussion / Re: Bond/ Trunk no igmp?
May 14, 2023, 09:59:41 PM
Thank you. I'll give it a try.
In what file do I need to write that? /sys/class/net/vmbr0?

n3
#6
General Discussion / Bond/ Trunk no igmp?
May 12, 2023, 10:10:14 PM
Dear all

I have recently exchanged my ethernet card with fiber network card with two ports.
This two ports are connected to an unifi switch in trunk mode (bond; bundle, you name it).

Problem:
Although nothing changed beside what's required to exchange the card, I have no longer multicast streams (INIT7 TV) in my network.Certainly, it was working previously swapping the cards.

Setup:
- OpenSense installed on a proxmox (virtual machine host)
- Proxmox configured network as
  - Linux Bond - "bond0", mode LACP (802.3ad), Slaves: both new ports
  - vmbr0 with bridge port "bond0"
  - OpenSense network device

Switch
Unifi Switches. I haven't changed the settings beside creating the trunk: Multicast DNS enabled, IGMP Snooping off.

Console (igmproxy -d -v config) shows at least some traffic
Code Select
RECV Membership query from 192.168.3.11 to 224.0.0.1
REC V2 member report from 192.168.3.32 to 224.0.0.252
Undated route entry for 224.0.0.252 on VIF #1

Any ideas?

Kind regards
n3
#7
General Discussion / Re: Microsoft Broken
March 19, 2023, 09:21:19 PM
ok.. I DID investigate. It was the blocklist.
#8
General Discussion / Re: Microsoft Broken
March 19, 2023, 08:06:43 PM
I have the same issue here: a few Microsoft services to not work, if the opensense Unbound DNS server is used.

For now, I've added public DNS servers to the be distributed by DHCP (Services -> DCPv4 -> LAN -> DNS Servers) to the local clients which can therefore lookup directly.

I haven't investigated any further but I guess, it is an issue that Microsoft wants to connect through DNS 853 (SSL/TLS).
Pages1