Messages

Hello, good afternoon. Currently, my router has three different interfaces for different work areas. I'm trying to open a specific port for the network called "NPL" from the Firewall>NAT>Port Forwarding section, but I'm not configuring some of them correctly, and I can't access it from the outside. Could any of you help me? Here are some screenshots.
Wacky Flip
I'm using the most up-to-date version of OPNsense 25.1.7_4

Have you tried checking the auto-generated rule in Firewall > Rules for the "NPL" interface after configuring NAT? I had the same error because there was no corresponding firewall rule, even though the port forwarding was correct.

Baseball Bros IO
So, we found a recommendation to add  floating allow-all rule, and did that, but its only somewhat helping.

I also disabled one of our upstream ISPs so we're not multi-wan anymore, but that too did not make a difference.

We aren't seeing much of a pattern to go on...Just some sites don't work and others do.  Even though we've committed the cardinal sin and just "allowed all from everywhere"... I'm still very, very confused as to why we can't get to wordpress.com and other such sites.

When you have BGP, multiple routes, and public IPs, it is important to ensure that the routing and return paths are consistent. If you just allow all without a proper routing policy, OPNsense may not know which 'return path' for the session is correct, especially if there is asymmetric routing. I recommend checking the routing table of each interface carefully (Diagnostics → Routes) and using tcpdump to verify which flows are failing.

Hey all, Incredibox Game

from pfSense I really enjoyed the log view because I could search for blocked packets using a filter, view and thus identify them and then click on "Add to ..." and add the firewall rule in the corresponding section for the respective interface. Example: I searched for destination port 443, saw the blocked packet in the live log, and was able to add just such a rule for an interface by clicking on the arrow.

I miss this option in OPNsense or it is hidden somewhere else. Can anyone point me to the right direction, please?

Thanks in advance.

Have you tried using the "Live View" feature in OPNsense's Firewall Logs with the os-intrusion-detection-content plugin?

Regarding the building of it. The build instructions and the code is in a public repository, and as Patrick says, there are people who regularly build for different purposes and benefit of others i.e. for the arm arch. For now that is a bit of a niche user group but the process is tested regularly.
You probably don't mean that is needed for having images, just the build process. However if it gives you some certainty about getting your images ready-made so you can just download and install, well, that is what happens now and has been made available all along.
I say this because you gave the context that you are not a developer and having to build with make, etc. is not necessarily what you want to have to do. Well, with OPN you don't.
So in sum, the build is known to work and for everyone else and the majority, just download the image, burn it as an installer USB and install to the disk of your appliance. Like any Live distro. Among Us Online

Thank you so much for sharing your details and thoughtfulness — your answers helped me feel less confused and anxious when I first approached OPNsense. Knowing that the build process is regularly tested, transparent, and not mandatory for a casual user like me is a big plus.

I am very happy to see the positive difference in OPNsense compared to some of the recent directions of pfSense CE. Your answers give me the feeling that this is a project with a real "living" community, not just existing on paper.

I am also curious: in your experience, for a new user who wants to get acquainted quickly and properly with OPNsense, what resources (in the form of videos, forums, or specific articles) do you find really useful, and where should I start so as not to be overwhelmed?

I'm biased toward bare metal for security and performance.

- Smaller overall attack surface
- Single source of bugs and bug fixes rather than multiple (no dependency on Proxmox & Debian in addition to OPNsense & FreeBSD)
- No "noisy neighbor" VMs sapping performance
- Some router manufacturers now ship coreboot as an option to mitigate e.g. supply chain key leak issues and Intel ME backdoors
    -- although you are now shifting trust from A to B, you are making a bet that B carries less overall risk Block Blast

Thanks for sharing your insight into security and performance when using bare metal! The points you raise about attack surface, error management, and risk from dependencies are really worth considering. Your input is greatly appreciated!

This issue shows up when the etpro-telemetry & os-intrusion-detection-content-et-open is installed and the etpro-sensor is switched to et_open because of connectivity issues.
So you have two different et-open sets.

See https://forum.opnsense.org/index.php?topic=45112.0 Love Pawsona

Thanks for pointing that out! It makes sense that having two different et-open sets could cause issues.