Messages

1

Hardware and Performance / Re: Protectli VP4650 with AMI Bios - beeper problems

« on: July 06, 2024, 01:40:47 am »

hmm ... it looks like that freebsd is trying to use pcm0 for the output of /dev/speaker - that will not work and there is a real beeper in there.

So I would need to get advise on how to disable the internal PCM0 device for the realtec chip.

I also opened a ticket with Protectli as it does not look like I can disable the sound device in the BIOS. At least I did not find any option to disable the internal Realtek soundcard.

2

Hardware and Performance / Protectli VP4650 with AMI Bios - beeper problems

« on: July 06, 2024, 12:33:48 am »

Hi,

originally I had installed Coreboot on my Protectli Vault and then installed OPNsense on top of it. The beeper worked fine and played the 5 beeps on startup and shutdown.

However the firewall did not run stable and crashed without any log entry on daily base.

So after seeing some other comments on changing to AMI Bios, I did that.

But now with the AMI Bios default settings the beeper does not work properly in OPNsense.

It beeps on startup of the BIOS (the single beep during startup), so it actually works.
However in FreeBSD it only clicks (5 times).

So this test should work, but does only give clicks:
/bin/echo "\msl16oldcd4mll8pcb-agf+4.g4" > /dev/speaker

Anyone had that issue and have any idea which setting in the BIOS might affect that? Unfortunately Protectli does not provide any documentation on what settings are factory default if installed from Protectli. On Installing it from scratch and resetting to defaults, it does not work.

3

General Discussion / Re: Please Make a Donation to OPNsense

« on: April 04, 2024, 08:34:37 am »

Great product and great community worhtwhile to support. Another 25€ to the project.

4

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 04, 2024, 08:33:15 am »

Thanks for the followup, yes it does.

I need to get myself more familar with the way the documentation is written. I was not able to find it.

Thank you so much for your support.

5

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 04, 2024, 01:05:48 am »

Thanks for your help and have redacted the logs.

6

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 04, 2024, 12:27:04 am »

I think I do now understand the log output.

I do not see the source in the outgoing rule as it is NAT protocol.

After activating loging for the LAN rule, I can see the original LAN package (that has the correct source and destination) and then I do see the repacked new package from Firewall to Internet. Because of NAT the original sender would not make sense as the destination server would not know how to reach my client behind the firewall.

After enabeling that part of the log, the picture is now much clearer.

7

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 04, 2024, 12:13:19 am »

Not sure how you set up your firewall rules / what you expect to see, but this looks like standard 'clients going through the WAN interface'.

I have not setup any firewallrules myself, it is just the default.

Block everything that is coming from outside (initiate) and pass everything from inside. So plain vainlla.

What I expected to see in the firewall log is, from where (inside) is the package coming and where is it going.

But I think I would need to setup the firewall rule to output a log entry for the LAN rule.

8

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 04, 2024, 12:10:55 am »

Okay, here I do see some information:

So this is my PC (192.168.0.195) and it is connecting to somewhere ...

It always consists of two lines:

Code: [Select]

Direction  Source                     Gateway                        Destination
IN         192.168.0.195:5019                                        17.57.146.55:5223
OUT        myownip:49279      192.168.0.195:50194             17.57.146.55:5223

So that might explain why I only see those Out Firewall log entries ... But I am still surprised that I cannot see the simple Input from 192.168.0.195 to 17.57.146.55

Code: [Select]

Firewall: Diagnostics: Sessions

Proto Source                    Gateway      Destination               State                                        Age (sec) Expires (sec)                 Pkts Bytes    Rule
tcp 192.168.0.195:50194 17.57.146.55:5223 ESTABLISHED:ESTABLISHED 33610 86326 120.00 Bytes 16.26 KB Default allow LAN to any rule
tcp redacted:49279 192.168.0.195:50194 17.57.146.55:5223 ESTABLISHED:ESTABLISHED 33610 86326 120.00 Bytes 16.26 KB let out anything from firewall host itself (force gw)
tcp 192.168.0.195:54154 40.113.110.67:443 ESTABLISHED:ESTABLISHED 9098 86247 110.00 Bytes 13.61 KB Default allow LAN to any rule
tcp redacted:7504 192.168.0.195:54154 40.113.110.67:443 ESTABLISHED:ESTABLISHED 9098 86247 110.00 Bytes 13.61 KB let out anything from firewall host itself (force gw)
tcp 192.168.0.195:54139 142.250.186.106:443 ESTABLISHED:ESTABLISHED 9098 86392 649.00 Bytes 58.03 KB Default allow LAN to any rule
tcp redacted:56993 192.168.0.195:54139 142.250.186.106:443 ESTABLISHED:ESTABLISHED 9098 86392 649.00 Bytes 58.03 KB let out anything from firewall host itself (force gw)
tcp 192.168.0.195:54247 91.222.185.232:443 ESTABLISHED:ESTABLISHED 9092 86390 1.29 KB 58.96 KB Default allow LAN to any rule
tcp redacted:10064 192.168.0.195:54247 91.222.185.232:443 ESTABLISHED:ESTABLISHED 9092 86390 1.29 KB 58.96 KB let out anything from firewall host itself (force gw)
tcp 192.168.0.195:54427 157.240.223.22:443 ESTABLISHED:ESTABLISHED 9071 86372 919.00 Bytes 58.19 KB Default allow LAN to any rule
tcp redacted:39451 192.168.0.195:54427 157.240.223.22:443 ESTABLISHED:ESTABLISHED 9071 86372 919.00 Bytes 58.19 KB let out anything from fire


9

General Discussion / Re: Suspicious Activity on my OPNsense Firewall logs

« on: April 03, 2024, 11:57:35 pm »

Hmm ...

I do not see any connection from my internal network (LAN) to external ... But as I am writing here at this point in time, I would expect some traffic from this computer to the forum server.

Anyone able to explain, what is going on and why I do not see the traffic in a normal way?

10

General Discussion / Suspicious Activity on my OPNsense Firewall logs

« on: April 03, 2024, 11:48:39 pm »

Hi looking at my firewall with a plain vanilla new install with OPNsense 24.1.4-amd64

I am getting a lot of firewall logs from the firewall itself to some unknown IP addresses .. I am not using a proxy currently.

The configuration is like this:
Two ports active: LAN and WAN
WAN is connected to Deutsche Telekom via Telekom Modem (VLAN 7 and PPPoE).

And thats about it. The rest is just default (not the internal IP adress range, but that is a different topic).

I also did install UPnP plugin.

So what is actually the firewall doing all around? I would not expect the firewall itself to send out a lot of packages, other than DNS requests.