Topics

1

General Discussion / Anyone interested in a used dual core Atom with 6 Intel ports?

« on: March 28, 2019, 03:01:24 pm »

I have a recently freed up Lanner FW-7541 to sell. This was a direct from Netgate buy but is simply a Netgate branded Lanner box.

It has 4GB CF card in it as well as 4GB RAM. This Atom D525 does NOT have hardware decryption but this little guy has served our medium sized network fine for 5 years. We just cycled to newer hardware and I'm finally in the "safe" zone to pass this along.

I still have pretty much everything that came with it with the exception of the SATA/power connector which if needed can be easily found online. It will ship with a fresh image of OPNsense 19.1 nano on the CF card. The serial cable is in there but if you don't have a serial port handy the default will be port1 (em0) as WAN and port 2 (em1) as LAN with DHCP so setup can be done via GUI.

I'm asking $100 + shipping. PM me with any interest.

Thanks,
kkOH

2

General Discussion / What are your wireless setups behind your opnsense boxes?

« on: March 27, 2019, 03:41:51 pm »

I am done testing with my Qotom box and have the general settings the way I intend to put into my house. I'm now wondering what the best practice is for the Wireless router(s) behind the border.

My setup will be a 30-40MB cable internet going into the Qotom box. I intend for it to handle security/NAT/VPN/DHCP and perhaps some Ad Blocking. I have an Archer C7 v2 and a Netgear R7000 to space out in the basement of my single story ranch to maximize coverage.

I'm wondering if I should stick with their manufacturer's firmware? My gut reaction is a yes since they would likely get the highest throughput and often the best signal for their 2.4/5G but bridging and repeating in stock is usually poorly implemented if implemented at all.

I feel like so long as I can consistently get 100MB on wifi I'd throw a *wrt on the boxes if this can make bridging and/or hand-offs of wifi traffic easier to setup and maintain. I've got the Archer C7 v2 box which has some custom builds that apparently get really good throughput as well. I've used both Advanced Tomato and stock on the R7000. Ideally the internal Wi-fi will have high throughput as well for streaming devices and shares from my NAS but consistent throughput and stability would rank higher on the scale as we don't have a lot going on.Suggestions appreciated.

3

General Discussion / Sale of old equipment...

« on: March 07, 2019, 03:36:14 pm »

Hi,

I looked at the single forum rules post and didn't see anything regarding this but wanted to ask before posting to be safe...

I have two old pfSense boxes (Lanner FW-7541) that are about to get cycled out as I have new hardware arriving today. Is it acceptable to offer these up for sale here? I won't be asking much... just wanted to see if any home users have a need as they are still working models but are underpowered for my office environment and the extras I'm now planning to run.

I can post them on eBay of course but to save on all fees involved and keep it cheaper I'd rather offer them up straight in this community as it's the intended audience for this hardware since pfS will no longer work with non AES-NI boxes.

Thanks,
kkOH

4

Hardware and Performance / Qotom and the thermal paste...

« on: March 05, 2019, 04:09:46 pm »

I'm just trying to get clarification... I took my Q355G4 apart and there is a "pad" that the aluminum heatsink rests against on the top of the case. Am I safe to assume that the pad stays put and that I should remove the heatsink, clean the residue that's there, and apply a pea sized drop of my Arctic Silver 5 to the i5 and reattach the heatsink?

Thanks,
K

A pic:

5

General Discussion / How can I route to my other provider without leaving the building...

« on: March 01, 2019, 05:21:30 pm »

Take a look at this simplified network diagram:


So I have a portion of my LAN users use one of the WAN's and another portion use the other. What I am trying to figure out is how I can route traffic that is coming from one side to the other without climbing all the way out of (for example) WAN-A's tree and back into WAN-B.

So as a User the firewall rule that I use sends me out the WAN-A above. For 99.999% of things that's great. But if I try to trace or ping to a public facing address on WAN-B I go all the way out until I hit a common peer and then come back. Shouldn't there be a way within the scope of my opnS box to say that when packets going out of WAN-A are destined for WAN-B/24 that it can stay inside my building somehow?

Sorry my route-fu isn't strong enough for me to figure this out. I'm afraid perhaps it's not possible as it would likely take some sore of nested firewall rule unless something in the System|Routes|Config can supersede the FW rules?

6

19.1 Legacy Series / Help reversing ports install?

« on: February 21, 2019, 05:09:12 pm »

I apologize in advance for my lack of freeBSD knowledge... I'm learning as I learn more about opnsense but have been in debian for the core of the past 15 years.
I was trying to get htop installed as it's a familiar friend and was following this old thread: https://forum.opnsense.org/index.php?topic=7796.0
As I watched a LOT of ports being pulled down I realized pretty quickly that the 4GB flash card I had was filling up. I actually had to CTRL-C break the progress as I saw disk space used go over 90%.
Is there a graceful way to back out of this or should I be looking to move to my backup device and start this config over?

7

19.1 Legacy Series / Fresh Install - looking for pointers/best practices

« on: February 13, 2019, 09:16:56 pm »

After years of junk and forgotten machines/services on this clients old network I'm stepping in fresh to setup an opnSense router for their border. Their needs aren't overly complex but it does present a situation I've not dealt with in the past. Basics are they have two providers, mainly for redundancy, each with it's own public IP set but no BGP. The hardware is a quad core ATOM, 6 Intel NICs, 4Gigs of RAM, and a 4GB CF Card.
It's essentially a small company user LAN behind the box. The boss would like to keep all users on a single subnet but be able to force certain clients out of one WAN and others out of another but also allow for failover to the "good" line for all users if one WAN goes down.
It seemed in theory simple enough. I setup the gateways and then setup two GW Groups with one favoring WAN1 and the other favoring WAN2. I entered DNS for each and monitoring IPs in the public and then I edited the default LAN out rule to favor GWgrp1. I copied that rule and set it to have a /26 which aligns with the DHCP range (and some extras) to prefer GWgrp2.
This way DHCP is handed out and they can hard code leases to numbers outside of the subnet or hardcode at the clients if they like. In theory it should work said the little voice in my head. It does work as far as outbound traffic when all it right... something seems to be failing when I take a WAN down. It seems like the routing is happening correctly but resolution fails for the IPs on the wrong preferred side.
I have an allow DNS rule at the top of the LAN FW that lets all port 53 TCP/UDP requests go to the opnsense box. What am I missing to make work?

8

Hardware and Performance / $99 on NewEgg...

« on: January 31, 2019, 03:18:14 pm »

https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/datasheet-c78-731522.html
Running Linux from the factory... wish it was more clear on what the hardware actually is....

9

Hardware and Performance / RockPort useable?

« on: January 23, 2019, 09:40:42 pm »

Anyone seen these?

https://www.pine64.org/?product=rockpro64-4gb-single-board-computer
Should be able to add an intel multi-NIC card perhaps...

10

18.1 Legacy Series / RFH: Proper way to route traffic from WAN to LAN

« on: June 18, 2018, 04:52:52 pm »

I've been on pfsense for years now. We have what I think is a relatively simple setup... two WANs each with full class Cs and a single LAN that houses users and a few services, some of which need to be accessed from the WAN side.
For our purposes we often have a virtual IP on each of our ISP class Cs lead to a single service within our LAN and simply give them different DNS names so that in the case of an outage of one of our ISPs we have a backup ingress point.
In the past (pfsense) I'd use VirtIPs and 1:1 NAT along with a firewall rule. I intend to start testing opnsense now that I've got it running on my NETGATE hardware. I'm at the stage where I'd like to test the above mentioned techniques but I'm at a loss in understanding the One-to-One interface as my only prior experience was the pfsesne version. Also, I'm willing to accept that perhaps we weren't doing it right back then as we hired a third party to get us up and running and he seemed to be figuring it out as he went.
So, if my goal is to give access to a handful of internal LAN services via dual ISP virtual IPs... and usually only from a specific host or subnet and to a specific port, which method is the correct way?

If it still is VirtIP - 1:1 - FW Rules, then can somebody point me to the correct doc becasue I can't find it on the doc pages and the threads that turn up here are all over the place as to intent and none that I've found explain it clearly.
Thanks for any pointers.

11

Hardware and Performance / Lanner Network Appliances...

« on: June 15, 2018, 05:55:46 pm »

I've been trying to get opnSense installed on my old pfSense box that I purchased through netgate waaaaay back and it led me to cracking the case open to see if I could find VGA pins on the MB which led me to the fact that the appliance is simply a Lanner netapp box with a netgate sticker on it... so, has anyone used any of the intel based boxes for opn?
https://www.lanner-america.com/buy-lanner/utm-firewall-network-appliances/