Messages

1

General Discussion / Re: Incoming packets blocked with only default pass rules?

« on: April 30, 2023, 05:28:53 am »

SOLUTION: I'm not sure what got misconfigured, but I decided to remove the interface assignment, remove the GW associated with it, and recreate it with "block private networks" unchecked. Maybe there was a bug with the auto-generated firewall rules not getting updated if you change the state of that checkbox after creating the interface/gateway? Not sure.

Once I did that everything worked perfectly with exactly the same settings as before, except I didn't bother to uncheck "block bogon networks" this time. Just sharing the remedy for anyone who runs across something similar in the future.

2

General Discussion / Re: Bridge network - Errors out

« on: April 29, 2023, 10:44:06 pm »

I have a similar device, but I'm running Proxmox on it, and OPNsense inside a container. Proxmox is providing the bridge.

It's not stable. I've stopped connecting 2.5 Mbps devices to it and run them through a GbE switch first. Even so, periodically one of the NICs will lock up, cause some kernel messages and it require a reboot. There's a lot of worry that there's a hardware flaw in the Intel i226-v drivers and it's not certain if it'll be fixable by a driver update.

All of this may or may not be related to the particular issue you two are seeing, however.

3

General Discussion / Re: How can I change the mount device?

« on: April 29, 2023, 04:36:35 pm »

Usually swap is configured as a partition on FreeBSD. It's possible to set up swap on a file. See here for instructions:
https://people.freebsd.org/~blackend/en_US.ISO8859-1/books/handbook/adding-swap-space.html

But are you sure you need it? And did you need it before? I run a fairly complex setup on 2GB RAM and no swap. You can run "swapinfo" on your 21.7.8 instance and see if any swap is configured there. If it's not, and your memory usage isn't concerning, why bother?

4

General Discussion / Multi WAN dropping packets - SOLVED

« on: April 29, 2023, 05:15:25 am »

I feel like this is a stupid problem, but I'm pulling my hair out and just can't see it.

I'm trying to set up Multi WAN failover. The WAN2 device is a cellular hotspot device (Alcatel Linkzone 2), connection is USB-over-ethernet. Hooked up to other computers with same cable this connection works fine. I've followed the Multi WAN howto for a failover configuration, setting up gateway groups, the policy-based routing rules, etc. DHCP on the hotspot issued a 10.30.30.0/24 address to WAN2. (Double-NAT). I have unchecked the "block private networks" and "block bogon networks" checkboxes in the WAN2 configuration.

The problem is that incoming packets don't seem to make their way through the WAN2 device. When I run tcpdump on the ue0 interface (WAN2) I see the ICMP packets go out and return! But ping shows 100% packet loss. I toggled the "Disable Firewall" switch, and indeed the pings start working.

The thing is, I only have the default WAN2 firewall rules defined- Looks like they should be passing all traffic. What am I missing?

5

General Discussion / Re: IPv6 Router Advertisements

« on: April 29, 2023, 04:49:23 am »

Not my experience. I'm running Windows 10 dual stack and getting both IPv4 and IPv6 DNS pushed to my machines.

I have Router Advertisements set to "Assisted", Router Priority Normal, Source Address Automatic, Advertise Default Gateway enabled.

On my LAN interface I'm using Track Interface as the IPv6 configuration type tracking the WAN interface.

I will say I have had some issues where I needed to restart the Router Advertisement service periodically when I got fancy trying multiple Prefix Domains. (hit the curved arrow "restart service" button on the Router Advertisments page) But since switching to a single PD, it's been very stable for months.

Hope that helps!