Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - tmp

#1
Dear community,

I'm facing a strange problem that has already been reported in this thread https://forum.opnsense.org/index.php?topic=7145.0. In my case, OPNsense does not run virtualized.

My setup:

HP Elitedesk 705 G1
AMD A8-6500b
8 GB RAM (2x4 Dual channel)
Intel EXPI9402PT Pro Dual 1000 (pciex)

My config is quite basic:
em0-> LAN (192.168.0.x) static
em1-> WAN (192.168.1.x) dhcp (connected to plastic crap cable router-> can't be changed)

Services I'm running:
Squid (transparent setup, SSL-Inspection enabled but only for filtering domains, shallalist as blocklist)
Suricata (in IDS-Mode, not IPS, Rules: ET-P2P, ET-Tor, ET-Malware)
100 users

Everything else is in default configuration.

When put in production, the firewall works as it should for a few hours. After a few hours in combination with higher load (100mbit routed through WAN), internet browsing becomes slow and a few minutes later completly inaccessible. The routing between LAN and WAN completly breaks down at this moment. The CPU and RAM load is always accetable.
In this situation, I'm able to access the webinterface, but can't ping out to WAN (even from the box itself).
On the attached LCD I can see (even without being logged in to the machine) the following output:

em0: watchdog timeout - reset.
(and some statistical data about packets ->if needed I'll take a screenshot)


I already tried:
-Disabled hardware offloading in interface settings (no change)
-completly reinstall and reconfigure OPNsense
-disabled squid


Nothing of these steps helped so far. I want to get this working, because I prefer OPNsense and are quite happy with it - great work, guys!
Do you have any idea what I can do to get this working? It seems to me like a driver issue with the nic, as far as is found out on various searches.

Kind regards

tmp





#2
Dear community,

currently I'm setting up an opnsense-appliance in a network where I am unable to change any network configuration except for the opnsense appliance.

Given setup:

Router (plastic crap-> 192.168.1.x) ->>>> OPNSENSE (Proxy + eventually IDS) ->>>>> Server / Wireless AP (192.168.1.x).


Actually i got opnsense running in transparent filtering bridge mode and can access the internet from the server without touching the network configuration.
But I'm stuck in setting the transparent proxy. I configured squid to listen on all interfaces (for testing). But this doesn't work because there are no log entries inside the squid-logfile so the traffic doesn't pass through it.
For which interface do I need to configure the NAT-/FW-Rules?

Actually I got 3 NICs and one software bridge inside the machine:
WAN
LAN (management interface)
OPT 1 (bridged to WAN interface)
and OPT 2 (Bridge between WAN and OPT1).


I tried to set the NAT-Rules for OPT1 / WAN and OPT2 but nothing is working. Is my configuration just wrong or does opnsense not support Transparent Proxy when the device is set up as a transparent filtering bridge?


Regards

tmp
#3
Dear opnsense-community,

I'm new to opnsense and need some help in setting up opnsense as a transparent firewall bridge for content filtering. I'm using opnsense 18.

I followed the instructions given in this Wiki-Entry: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html.
But now i'm facing the same issues as the user amithad in this thread:https://forum.opnsense.org/index.php?topic=5162.0.

My setup:


Router with DHCP and NAT (192.168.1.x) ------> OPNsense -------> (192.168.1.x) Server.
I have 3 Nics and followed the tutorial step by step, despite of defining a management ip as stated in Step 4, because I don't need this due to a dedicated managment nic.
I added an any->any rule to EVERY interface but I still cannot pass traffic through the new bridge. Do I need to set a gateway for the bridge interface pointing to the router that is doing dhcp etc? I'm really stuck at this point and tried everything that has been stated in this forum to transparent firewall configs.

Is there anything that has changed from version 17.x to 18.x so that the tutorial fails?

Regards

tmp