Messages

1

General Discussion / Changing default IP of blocked domains

« on: October 10, 2024, 05:21:37 pm »

I have set up Unbound DNS with several of the provided block-lists.

As I understand it the format of those block lists is

0.0.0.0 some.domain.com

I assume that 0.0.0.0 is standard, it has been the value I have seen in all the examples at least.

If some service is listening on all devices (0.0.0.0) on the local machine, on the requested port, the contents of that is served. It should not be a problem in most cases, but I would like to point all the blocked domains either to a container with that IP or to an IP reserved in DHCP to an invalid MAC. is there a way to do this, besides proxying the blocklists and rewriting all the 0.0.0.0 entries?

2

General Discussion / Re: Changing WAN

« on: September 17, 2024, 08:25:56 pm »

nvm - i just changed the interface under assignment

3

General Discussion / Changing WAN

« on: September 17, 2024, 08:22:11 pm »

I have been running OPNSense with a USB3 1Gbps adapter as WAN interface. Now I have installed a new mini-PCIe NIC and would like that to be WAN instead of OPT1.


is the best way to backup my config and reinstall with the USB NIC not attached? (and then using my backup config in the installation process...) or can i reassign the adapter name and gateways?

4

General Discussion / Re: Issues with NICs

« on: September 17, 2024, 08:20:12 pm »

It wasn't

5

General Discussion / Re: Issues with NICs

« on: September 09, 2024, 07:28:48 pm »

so returning that crab and getting an intel i210 base card is a better choice?

6

General Discussion / Re: Issues with NICs

« on: September 09, 2024, 06:41:45 pm »

Also, don't buy Realtek. And - last but not least - don't touch any products with crapb in logo. 

I had to think about that one - until I opened the case and saw the RTL chips....

7

General Discussion / Issues with NICs

« on: September 09, 2024, 04:34:45 pm »

I recently bought a used Fujitsu S920 with 8 GB ram and unfortunately only a singe build in NIC, in order to set up a low-budget firewall.  I upgraded the 8GB msata drive to a 64gb one, and set up a test with a USB NIC which looked promising , apart from a horrible throughput of only 5Mbit/s...

Test setup
During my test I used the following setup:
* re0 built in Realtek RTL8111/8168/8211/8411 as WAN
* ue0 USB NIC as the LAN interface
* WAN connected to my 192.168.1.0/24 home network

Purchasing adapter
I wanted to get a StarTech.com Mini PCIe Card ST1000SMPEX card, but had some issues sourcing that, so I found a Digitus DN-10134 which also pops up in opnsense as a RTL8111 card.
I also got a Lenovo 4X90S91830 USB3 gigabit NIC so I had something to test with...

Failures
I installed the miniPCIe card with the dual ports, partially worrying that the two ports would be hard to tell apart, but that was not my issue - they appeared as re1 and re2, and very conveniently were in numerical order when viewed from the back.

Config 0:
I reinstalled OPNsense afresh to avoid issues due to my experiments with the slow USB adapter.
I used re0 as the WAN as in my test, and re1 for LAN, connecting it to a known working network jack in a laptop, with all other network interfaces disabled. The PC was running Linux Mint DE and worked when plugged directly into my home network, but when I plugged it into the LAN port, it got no IP and even If I set the IP manually to 192.168.1.2 and pinged 192.168.1.1 I only got sporadical results in the form of timeouts...
I tried reinstalling a couple of times with this config, and gave up on it. Sometiimes a pc plugged in would get an IP assigned, but the web GUI would time out.

Config 1:
I reinstalled OPNsense again.
LAN set to use 10.0.0.0/16
WAN IP set to 192.168.1.160
I switched everything around, using re2 as the WAN, and re0 for LAN. now I got an IP address when connected. But I could not ping any of my servers on my LAN. I have one set up with iperf3 running as a daemon for simple throughput tests, and it was as if it did not exist to the Fujitsu OPNsense machine. I had two PCs on the 192.168.1.0/24 net which could tracepath and ping each other, but they could not see the OPNsense interface using ping or tracepath/traceroute...


Config 2:
I reinstalled OPNsense again.
LAN set to use 10.0.0.0/16
WAN IP set to 192.168.1.160
I plugged in the Lenovo USB3 Network dongle (ue0) and set it up as LAN, set up the built in NIC as WAN, and reinstalled a couple of times.

Now I can use iperf from behing the OPNsense box and get a 1Gbit/s throughput, but I would prefer to have a  built in NIC and not the USB3.0 dongle..

My question
I have no experience with mini-pcie, but when I can see the interfaces in the OS and BIOS, it does not make sense to me that they don't just work. Can I have missed something, or is the big issue that the RTL is a bad choice - or am I facing a bad adapter?