OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of berrydan »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - berrydan

Pages: [1]
1
24.7 Production Series / Re: Traffic when NAT "Reflection for port forwards" is enabled locks up opnsense
« on: August 16, 2024, 07:43:05 pm »
While your approach is interesting and I considered having split DNS, I feel that it's more problematic for administrating.

My chief concern is that there may be some form of memory leak going on, or perhaps some table that is filling up with records and then causing opnsense to get into an out-of-memory condition. WebDav doesn't generate as much packet traffic, unlike something like streaming video. Which in itself seems annoying, as the box my opnsense is running on has 16GB of RAM, so it's not exactly short on space.

2
24.7 Production Series / Traffic when NAT "Reflection for port forwards" is enabled locks up opnsense
« on: August 16, 2024, 03:06:06 am »
I have a OPNsense installation running where I have internal traffic going to ports 80/443 of the public IP, which in turn goes to an nginx reverse proxy, then to a Jellyfin ("JF") server.  Yes, I could simply point the JF client to the internal JF server address, but for configuration simplicity's sake, I point the client to the public IP so tablets connect regardless if I'm internal/external to my LAN.

For this purpose, I have "Reflection for port forwards" enabled so internal traffic can hairpin out and in through the public IP.

<int. jf client:443> --> <public IP opnsense> --> <int. nginx revproxy:443> --> <int. jf server:8096>

When running in this configuration, traffic succeeds for as little as several seconds to as much as several minutes before the entire OPNsense firewall blocks/freezes traffic completely for everyone and everything. It's unpredictable how long it will take. Recovering necessitates that I power cycle the OPNsense firewall and reboot.

This was not happening prior to upgrading to 24.7, where I was running 24.1.

Public-facing traffic has no problem transitioning through OPNsense with the NAT configuration as it is. I've been forced to deactivate Reflection out of concerns that any amount of traffic could lock up OPNsense on me.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2