Messages

1

24.1 Legacy Series / Re: 24.1.9 - NAT 1:1 incorrectly changed and missing GUI information

« on: June 19, 2024, 08:28:43 pm »

I had read the english one, not the German one.  The english one was about reflection, not about the fact that values had been actually changed in the system (the source was duplicated to the destination). So I posted since I hadn't seen that particular fact discussed.

2

24.1 Legacy Series / 24.1.9 - NAT 1:1 incorrectly changed and missing GUI information

« on: June 19, 2024, 08:13:04 pm »

With the change to 24.1.9, suddenly all my NAT 1:1 started failing on the inbound.  Turns out that the "source" was duplicated into the "destination" field and of course there is no local destination that matches the source.

For instance, I had the following:
   - external: 100.64.4.67
   - source: 172.31.7.129/32 (single host)
   - destination: 172.31.7.129/32 (single host)

This was after the upgrade to 24.1.9

To "fix" this I had to change on all my entries and firewalls that had been updated:
   - destination: any

---

Additionally, the GUI has the "External" field blank even though the editor has a value in it.

Tried the same on 24.1.9_1 and had the same issue.

3

General Discussion / Re: Monitoroing: Missing SNMP Agent support

« on: May 29, 2024, 09:35:07 pm »

net-snmp and bsnmpd are two DIFFERENT snmpd applications. Both run on port 161/udp and are in conflict with one another. Why is this important?  The plugin that is the currently supported SNMPd system is the UCD-snmp application (now called net-snmpd). The OS level plugin (bsnmpd) included the BEGEMOT-PF-MIB with it that allows for a ton of performance monitoring, alerting on failed applications, etc.  Most of these options were not duplicated with the net-snmpd plugin (there are other threads on the missing Enterprise level monitoring that disappeared with this change).

I've personally been experimenting trying to get one of the daemons to run on a non-standard port so that I can make use of both but so far am running into other problems/issues.

Note that despite multiple requests, there still is no published documentation on what MIBs the net-snmpd plugin is presenting and I didn't have the time to go thru the source code of the pluging to see what is being incorporated.

Monitoring and alerting of these things from an Enterprise level has not been a priority for the development team. I can understand why, but it has relegated this product to the back seat for many of our suggested customer deployments due to the inability to alert based on off the shelf monitoring and alerting systems.

Marcos

4

High availability / Re: MIB File for Net snmp

« on: April 08, 2024, 04:41:30 pm »

I've been searching for a published MIB for OPNsense as well with no luck so far. Only references I've found so far is the loss of the BEGEMOT-PF-MIB.  Since they adopted net-snmp, I have the default MIB that comes with that application, however there appears to be no documented additions or changes to the MIB tree specifically for OPNsense.

Am I wrong? Does anyone have a reference to additional MIBs that OPNsense supports or adds to the stack?

Ive looked inside the root@igw1:/usr/local/share/snmp/mibs directory for a list of MIBs that net-snmp is using but haven't found anything interesting that looks specific to OPNsense...