OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Waschbuesch »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Waschbuesch

Pages: [1]
1
20.7 Legacy Series / inconsistent tunables?
« on: December 27, 2020, 01:14:10 pm »
Hi all,
I just noticed that the default settings for tunables do not seem to match:

net.inet.ip.redirect = 0

but

net.inet6.ip6.redirect = 1


Is there a reason for disabling redirects for ipv4 but not ipv6? Or are the tunables similar only in name but not function (which would be bad, too, I guess.)

Thanks,

Martin

2
20.7 Legacy Series / Traffic shaper and ACK packets
« on: May 23, 2020, 11:43:11 am »
Hi there,

I noticed something weird when trying to prioritize ACK packages.
Selecting "tcp (ACK packets only)" in the proto drop-down results in almost all tcp traffic being matched.
Doing something similar in m0n0wall or even the firewall solution that shall not be named, did not result in comparable behavior.
Though, with those solutions I could (and did) specify the packet size to something very small so only empty ACKs where prioritized. That does not seem to be an option in the OPNsense shaper currently?

If "tcp (ACK packets only)" matches any packet having the ACK flag set, then that is not (to me at least) particularly useful...

3
20.1 Legacy Series / flowd not working after upgrade.
« on: February 01, 2020, 09:50:17 pm »
Hi all,

I upgraded a firewall from 19.7 to 20.1 yesterday.
The upgrade itself went well, but afterwards, flowd is not working.

The passage in config.xml

Code: [Select]
    <Netflow version="1.0.1">
      <capture>
        <interfaces>lan,opt7,opt10,opt1,opt2</interfaces>
        <egress_only>opt1,opt2</egress_only>
        <version>v9</version>
        <targets>127.0.0.1:2056</targets>
      </capture>
      <collect>
        <enable>1</enable>
      </collect>
      <activeTimeout>1800</activeTimeout>
      <inactiveTimeout>15</inactiveTimeout>
    </Netflow>

/var/log/flowd.log is empty

and the flowd process has zero CPU usage despite running for hours and there being a lot of traffic:

Code: [Select]
gw01:~ # ps ax | grep flow
 6611  -  Is      0:00.00 flowd: net (flowd)
57722  -  Is      0:00.00 flowd: monitor (flowd)

Reboots and deleting the flowd.log and /var/netflow/* files have not made a difference.

I have a very similar setup on another box where this still works even after the upgrade to 20.1

Any ideas what else to try?

4
17.7 Legacy Series / [SOLVED] c-icap, clamav & size limit
« on: September 19, 2017, 11:52:46 pm »
Hi there,

Just saw the following on my firewall at home (OPNsense 17.7.3-amd64):
I have enabled c-icap, clamav and transparent squid (for SSL too) like detailed in the online manual.
What happened is that a large download (XCode update on my Mac) was not bypassed but written to /var/tmp/CI_TMP_XXXX and filled up the disk completely. (the download in question is >5G in size).
Should the configured size-limits for both c-icap and clamav not prevent this sort of thing?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2