Messages

Digging a little deeper into webmin, I think I'm going to go ISC dhcp and Bind DNS, those are both supported under webmin and right now I want stupid gui.

I've had no issues with windows with dual servers for DHCP or DNS, also for AD, they integrate nicely at least for my small network. And really easy to configure with the gui. Been using it since 2003 and dual servers since 2016 or so when I got budget for more hardware. Also running the same on a single mini-pc in my lab because I know it well enough to get work done, and get it done quickly.

The webmin module was orphaned about two years ago. Might still work and might still be a decent idea.

Sadly, if this was Windows server I would have had this done by now, so much easier with the gui provided.

This has nothing to do with OPNsense, but I'm guessing I'll find good help here.

I'm looking for something a little more "conversational" than the man page for dnsmasq, and specifically on Debian 13 if the OS matters.

I recently bought a cheap NVR device, they have all kind of drivers for Windows, but I want to run Frigate with is really linux (in a docker container). This thing has 2 gigabit ethernet phy that they run into two separate switch chips to yield two pairs of 8x100mb ports, these also have POE up to 120 watts per 8 ports. Obviously I'm going to need a DHCP server and really should have DNS server running for those 16 ports.

I have a rough idea of what I think I need to do, but would like to find a nice guide to all the features that dnsmasq can provide, one that is easier to read than the man pages and gives a little better explanation.

If you want to see the device in question, here is a thread, it was cheap enough on ebay to give it a try (since I had ram and drives):
https://forums.servethehome.com/index.php?threads/nexcom-nvis-14162-nvr-device.54703/

I think I can just assign IPs to both of those gigabit interfaces, putting them on the same lan, then bind dnsmasq to both of those interfaces to serve up IP and DNS to all 16 of those ports. The actual syntax is in question, but I think I might have a starting point. I might need to form a bridge between them, not really sure yet.

And a question... Why has no one ever built a GUI for dnsmasq, Bind, Kea, etc. And yes, I know, real admins don't use GUIs. Been told that a few times.

I think I might have used Raspberry Pi Imager the last time I wrote one of these to USB (25.x), I also use Ventoy for a lot of these things so I can't really remember what I did the last time I set up a new machine.

You should add in mindlessly paste from AI.

You could step up to an HP T740, or move over to an n150 or n305 based system. I'm not sure the T740 with Zenarmor will handle a full gigabit, I haven't tested it. My similar performance Intel E series Xeon does not give me full gigabit with Zenarmor, but the clock speed is also lower than the AMD v1756b that's in the T740.

Note that if you go with a T740 or T755 there is something you must change or it will not boot. I have a thread on the changes you need to make in here somewhere.
Kind of a long read https://forum.opnsense.org/index.php?topic=38921.msg190577#msg190577 with most of the info at the bottom of the first page and into the second page (I think).

The Netgear AV Line of switches are pretty solid, they were pointed towards the NDI video and Dante audio market, both of which have some timing requirements that are met by these two lines of switches. M4250 and M4350 are the two model lines, not exactly cheap though. I have a 4250 at work and it was doing fine when we were using it with NDI video streams at roughly 140mbps per stream, 10gb to the computer doing the work.

If you decide to look at Mikrotik, find the datasheet for the speeds, you should find 3 different ratings depending on router, bridge, or switch OS, as long as you keep things within your operational limits based on the functions you need, they are fine.

And yes I have seen quad port i226 based cards, I think they were going for around $100 on ebay. I went a different way and tracked down a couple quad x710 cards for my faster needs, they integrate into my lab better because a lot of things are SFP+ on DAC or fiber, and gigabit SFP modules are cheap if I only need gigabit.

When ZenArmor is installed, best to wait until they release a version compatible.

Also make sure you back up your config file and make a snapshot of the VM (or physical).

I might do this on my lab so I can fight through the DHCP changes before Business gets this in a few months and I upgrade production.

General advice:

Make sure your home network is simple and works for the rest of your family, remember that not all of them will have the knowledge to fool with this system if it gets too complex.

As far as the router hardware, as was suggested above, I'd go with 4 ports of Intel i226. Build it or buy it. For build it I like HP T740 thin client with a network card added, but it will be many more watts of power than an n150 or probably more than an n305. I like them because they have a PCIe 3.0 x8 slot and you can put things like quad port x710 (10gbps) cards in there or down to a old quad port Pro1000 card. You can also add an Intel i226 through the wifi card slot with an a+e card which gives you a total of 6 connections. I use the onboard Realtek as a back up management port, not a real workhorse port. Expect at least 30 watts from a T740.

I also use a bunch of T740 for my hypervisor systems, they are in the "good enough" range for a small lab, though decking out the ram is going to break the bank these days (64gb max). I have x520 dual port cards in each of mine, plus the a+e card. I'll be shifting (slowly) to x710 based cards, probably dual port to save some money, the quad port cards are kind of expensive on the used market. I run XCP-ng, and have run VMware vSphere on these (until the license ran out). Working on Hyper-V cluster, then moving on to something else like Harvester or Nutanix and see if these little computers have enough power to handle them. I'm sure Proxmox would be more than fine on the T740 with a reasonable amount of RAM installed. My lab in the following post if you want to see: https://forums.servethehome.com/index.php?threads/my-lab-an-ongoing-project.54462/

My only experience with x710 is well after that time period, so far, so good. I'm also using Supermicro versions of the cards and maybe that makes a difference.

Could it be from our "friends" on another project? Wouldn't be the first time, so history might repeat itself here.

Well, that's a mess happening in Linux too, many a video on the subject reading out the mailing list. Too bad, their loss, and thank you for the past work.

Will OPNsense fork BSD so that they can add in the work that's important (and being ignored), or will they continue using the main branch? Are any of the current forks worth moving towards for OPNsense?

Too bad the amount of work to move to Linux is on the scale of extremely large, moving to Debian or Alma might be worth doing as BSD will continue the slow march to obscurity. Just waiting for Broadcom to buy up all of BSD, we know where that would go. If it can be done to Redhat and Centos, it can be done to BSD, and Broadcom would do Broadcom things. Remember when Oracle did part of that? Those were the days.

The data centers are not employing people, least of all locals.  That's a lie.  They're bringing in experts to set them up and then they run autonomously more or less.

Now if the politicians throwing money at these projects would listen to this, one of the great selling points would be lost.

Different company. Microchip's market overlaps little with Micron (or TSMC). As far as Arizona water, agriculture far exceeds any other use, and it's mostly for cotton, I believe. They have management issues beyond semiconductor manufacturing.

Oops, you are right.

One thing people are not factoring in when they throw money at the plants that are going to hire "many" local workers is the cost of power, we don't have enough as it is, and these fabs and more importantly these AI datacenters are going to cause problems. When datacenters are no longer rated in compute or storage power, now they are rated in megawatts of power used, and gigawatts are being discussed. We don't have the surplus to operate these systems, and no one is building nuclear fast enough to accommodate the construction. Also I generally do not see drawings of these new datacenters with the roof covered in solar panels.

I see this as the rise of RAM produced in China. Make a vacuum and something will fill it. They still need ram for the RISC V processors that they are trying to switch towards to create independence, so they will make ram to fit in their infrastructure. Slow process but they are already starting down this path with RISC-V.

And once that country tools up and starts producing good quality product, the strategy of selling only to volume customers may backfire on Micron. Remember that Micron is building multiple new fab sites in the USA, and while they are getting huge amounts of subsidies from the governments, ultimately this will cost them money to build. And yet they closed the Arizona plant because they had too much capacity in other plants? https://www.abc15.com/news/business/microchip-to-close-arizona-facility-amid-cost-concerns

Now what I can't find is the proof that the Arizona plant really closed, and I have my guesses at why they would close this place and TSMC would build in the same state. Problem is that making and etching silicon takes a lot of water, and stable bedrock, not sure why either would build in a desert and near a large and active fault line. https://www.restonyc.com/how-many-gallons-of-water-does-it-take-to-make-a-chip/ https://www.weforum.org/stories/2024/07/the-water-challenge-for-semiconductor-manufacturing-and-big-tech-what-needs-to-be-done/

Here is what the NY plan looks like, you can see 4 WWT buildings and I assume these are waste water treatment buildings. The selection of the location was based on access to lots of clean water, and lots of electric power. https://townofclayny.gov/sites/default/files/2025-10/Micron%20New%20York%20Planning%20Board%20Presentation_10.08.2025_FINAL.pdf

We will see what happens, but there seems to be conflicting statements around this whole build. I think they just wanted to dump all the hassles that come with consumer products and consumers. Just like when Lexar got sold off https://www.micron.com/about/blog/company/partners/micron-discontinuing-lexar

Sell the bulk chips to module builders and let the builders take care of the consumers.

Maybe NEC will come back from the obscure, I have a stick of PC100 ram sitting on my desk pulled from a dead device from more than 10 years ago. ST, Broadcom (shudders) and a few others could tool up in the next couple of years if they wanted to fill the void, but I think China will be faster to tool up, and will be "OK" enough quality to fill the immediate void. We'll see if I'm right.