Messages

1

24.1 Legacy Series / Re: How to change hostname using CLI

« on: March 20, 2024, 06:56:47 pm »

there is a config.xml file where you can change

Code: [Select]

<hostname>OPNsense</hostname
but did you keep a backup xml??  you could modify the backup and load it back in.

I found the config.xml file in the /config folder.

I changed the host name so it starts with an "alpha" character and now the system boots.

Maybe this calls for a little Input Validation to ensure that you cannot change the hostname of OPNsense from the webgui.

Similar issues may arrise if you attempt to create a static DHCP/Firewall Rule etc if you start a hostname with a number. Depending on what Hostname RFC the systems in question are using. It might be safer to ensure that the original RFC that stated hostnames had to start with an Alpha character {a-z}. While I thought this might be related to the DHCP server (Arris DSL Modem) even with the Network Cable to OPNsense disconnected it would not boot when the hostname started with a number. OPNsense is virtualized in Proxmox 8 latest version and connected via a Linux Virtual Bridge to the physical adapter. It could be Proxmox or OPNsense that is using an outdated RFC in regards the structure of the Hostname.

2

24.1 Legacy Series / How to change hostname using CLI

« on: March 20, 2024, 06:05:51 am »

So I did this thing and now my system hangs at getting an IP on the WAN interface. I can interrupt the boot process and get to a CLI and hopefully I can recover it.

What did I do? I changed the host name to "66STST" it really does not like the host name starting with a number and gave no warning.

I am very confident this is what happened as I tried it two more ti.es on new VMs that all resulted in the same result

Is there a way to edit the configuration to fix the hostname?

3

General Discussion / DNS Rules and Port Forwarding not working

« on: March 16, 2024, 04:21:37 pm »

NAT:Port Forward
Interface: IOTNET
IPV4
TCP/UDP
Source: Any
Destination/Invert: Checked
Destination: IOTNET address
Destination Port: From:any   To:DNS
Redirect Target IP: Single host  127.0.0.1
Redirect Port: DNS
Log: Checked

I have created the above NAT Forwarding rule. It does not appear to be working as when a host (I manually set the DNS on the host to 8.8.8.8 overriding DHCP settings) on that network pings a domain. TCPDump/Wireshark show that the DNS Request/Reply is bypassing the Local Unbound DNS and going directly to google.com@8.8.8.8.

On NAT: Port Forward summary page I have noticed that the Ports column shows 53-105 when I have DNS or Other (with 53) selected as the Destination To

I have also created Reject Rules on the Interface for TCP/UDP port 53 that should be logging but not seeing those log entries either and the traffic is clearly being passed.

These type of logs should be under what type?

4

General Discussion / Nested opnSense only allows ICMP traffic

« on: February 14, 2024, 06:35:01 pm »

I have the following setup and am trying to get full routing and DNS between opnSense2 networks and the networks on opnSense1.

I have full connectivity between MGTNET and InternetSW networks.
I have full connectivity between LabNet and TestNet.
I have copied the default All all IPV4 rule to each Interface.
I have disabled Bogons and RFC1918 on all interfaces.
I have disabled IPV6 on all interfaces
Networks on opnSense1 and opnSense2 both have full Internet access.
all networks have a domain name of xxxx.local

On opnSense1 MGTNET and InternetSW interfaces I had to enable "Dynamic gateway policy" which allows ICMP (IP Address only) traffic from the opnSense2 networks to opnSense1 networks.  DNS lookups from LabNet are not successful to the MgtNet or InternetSW. DNS lookups from LabNet to the Internet work correctly.

5

General Discussion / Re: Strange Intranet Routing

« on: August 29, 2023, 08:14:32 pm »

Thanks for the ideas tron80.

So I think i finally found the problem after reinstalling all systems...swapping out switches and NICS...

Pretty sure it was a faulty network cable. It worked intermittently then would fail at random times. Replacing the cable also improved overall throughput on the PVT network and reduced CPU spikes of 20% to 4-5%. All seems to be good now.

When I pinged the host with the bad cable and no connectivity firewall logs would show no traffic

After a few hours of operation that bad network cable would cause the entire PVT network to stop working even internally. I only noticed it because after it was in operation for over 12 hours it would not even maintain an constant link...would keep cycling on and off. Hopefully this resolves it.

6

General Discussion / Strange Intranet Routing

« on: August 28, 2023, 08:26:03 am »

I have a virtualized instance of OpnSense running on Proxmox with PCI Passthrough for all NICs in use.

WAN is currently a 10.0.0.x address
LAN is 10.1.1.x
PVT is 10.20.20.x

RFC1918 and Bogons disabled on all interfaces

Default rule from LAN was cloned to the PVT network and both networks can access the 10.0.0.X as well as the Internet on the other side.

Currently have multiple hosts on the LAN and two hosts on the PVT that have static IPs and Static ARP in the in DHCP server.

PVT Hosts .27, .28 and .30
24 hours ago .27 and .28 both accessible from the LAN
in the last 12 hours the .27 was removed and a new host with .30 was added to PVT
both of these hosts can connect to each other


From the LAN I can access the .30 server but not the .28 server.

I conducted tracert from the LAN and the .30 shows one hop via the 10.1.1.1 GW
tracert to the .28 shows hop to 10.1.1.1 but then times out until it reaches 30 hops

The first attempt to tracert the .28 host from the LAN showed
10.1.1.1
10.0.0.??
10.0.0.??

I forgot to write down the IPs and lost the results.