Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Seimus

Pages1 2 3 ... 58
#1
Hardware and Performance / Re: 10Gbps on DEC740
August 15, 2025, 10:08:52 AM
Do not test Iperf between a host and the GW, test it across.

PC1 (iperf) - OPNsense - PC2 (iperf)

As well upgrade your BIOS
https://forum.opnsense.org/index.php?topic=46672.15

Regards,
S.
#2
General Discussion / Re: Floating Rules and WAN Interfaces
August 13, 2025, 11:25:42 AM
By default yes, but you can choose as well to which to apply it explicitely.

Open that Floating rule and check to which interfaces is it applied.

Regards,
S.
#3
General Discussion / Re: Help identifying unintentional change
August 13, 2025, 11:22:06 AM
Doesn't look like anything changed. You hit the apply button which triggered an "empty change".

OPNsense config compare will always tell you what exactly changed, in this case only config timestamp.

Regards,
S.
#4
General Discussion / Re: Floating Rules and WAN Interfaces
August 13, 2025, 11:02:57 AM
To which interfaces did you assign that floating rule?

Regards,
S.
#5
General Discussion / Re: Firewall > Logs Files > Live View ---- But for historical stored logs?
August 12, 2025, 03:14:19 PM
Or you can just sent them to Pfelk or just a simple syslog server.

OPNsense can do that, you will not have such a "nice" "eye candy" representation but the sessions can be sent via syslog to a collector.

Regards,
S.
#6
Hardware and Performance / Re: Small formfactor router
August 11, 2025, 08:52:26 PM
I use two types NVMEs for my PRX and OPNsense

Samsung 980 500GB - 300 TBW
Lexar SSD NM790 512GB - 500 TBW

Regards,
S.
#7
General Discussion / Re: Traffic not filtered on WAN with VLAN tagging
August 11, 2025, 08:49:29 PM
Also is there a chance you spoof your MAC address on WAN and LAN interfaces?

Regards,
S.
#8
General Discussion / Re: Traffic not filtered on WAN with VLAN tagging
August 11, 2025, 01:46:22 PM
Is it possible you have promiscuous mode enabled on the interfaces?

Regards,
S.
#9
Hardware and Performance / Re: DEC4280 - low speed on multi-gig interfaces
August 08, 2025, 01:52:45 PM
One questions to all of the affected.

Do you run Suricata or ZenArmor?

Regard,
S.
#10
General Discussion / Re: LAN Interface with it's own external gateway
August 08, 2025, 11:30:39 AM
By default every router, FW; any device capable routing consists only from:
A. Directly attached networks
B. Default route

A. Directly attached networks
these are your RFC1918 networks mostly, e.g networks you configure as Interfaces on your Device e.g LAN 192.168.1.1/24 (subnet 192.168.1.0/24 ). This will create a Directly attached route pointing to the Interface LAN

B. Default route
is the 0.0.0.0/0 which sends all the traffic that didn't match any more specific route to the configured GW

By default to route traffic From LAN to WAN, and WAN to LAN these two routes are all you need. If there is a traffic for destination example 10.10.10.10/24, but the device doesn't have any route for it, it will be catched by B. Default route cause there is no more specific route.


As mentioned by the others "these are networking basics".

Regards,
S.
#11
25.1, 25.4 Series / Re: virtual ip
July 31, 2025, 10:47:45 AM
Here you go

https://docs.opnsense.org/manual/nat.html#one-to-one

External network - the IP that should be NATed
Source - the IP to which it should be NAted
Destination - The destination network packages should match, when used to map external networks, this is usually any


rule on Firewall -> rules -> WAN:
Interface -> WAN
Direction -> in
TCP/IP version : IPv4
Protocol -> TCP
Source -> any
Destination -> Source from 1-to-1 NAT rule
Destination port range -> From https to https
Gateway -> WAN GW

Here is a diagram of packet packet flow, NAT is always in the chain before rule matching. So you need to always consider creating rules after NAT rules are applied.

https://forum.opnsense.org/index.php?topic=36326.msg210877#msg210877

Regards,
S.
#12
General Discussion / Re: Rule Separators
July 31, 2025, 10:28:57 AM
Honestly, the fact you baked it like nothing as POC is impressive.

Regards,
S.
#13
General Discussion / Re: Rule Separators
July 30, 2025, 09:22:17 PM
Quote from: Monviech (Cedrik) on July 29, 2025, 03:28:03 PMJust linking this here, its a POC that uses the new tabulator implementation of 25.7:

https://github.com/opnsense/core/pull/9015

When ones dream comes true :D
#14
General Discussion / Re: Should I use Opnsense?
July 29, 2025, 12:00:38 PM
For the OP a question begs,

What are your future lookups with a FW/GW?

OPNsense has a ton of features (VLANs, VPNs, RProxy, Captive portal, DHCP/NTP servers, etc.), if you can imagine yourself that you would in time need one of this features. Than you should go with OPNsense.

I have friends who have been looking to replace their off-the-shelf and most of them ended on OPNsense instead due to few reasons:
1. Money/performance ratio
2. Longevity
3. Features

Usually most of the people are interested in the 1. 2., cause they want most of their buck. The point 3. they started to explore as they explored OPNsense, realizing they need VLANs, VPNs etc. the fact they had a system capable of this made it easy for them and made them to learn.

Regards,
S.
#15
General Discussion / Re: Should I use Opnsense?
July 28, 2025, 10:32:20 AM
Most of the questions were very nicely explained and expanded by @meyergru

Quote from: Herdie27 on July 28, 2025, 07:52:56 AM4, Is Opnsense a hobby you put time into? Or a means to an end? (Plus being a very part-time network technician)

Well this is a interesting one. I would say its both, but mostly hobby. Running anything extra at a homelab other than an off-the-shelf-router can be considered a hobby. We are doing it not cause we can but cause we want, want to learn, want to have control and want to participate.

In theory you can just set it up and forget about it. But whats the point then? Just use an off-the-shelf-router...

Regards,
S.
Pages1 2 3 ... 58