Topics - amitis5

#1

22.7 Legacy Series / 1:1 NAT Not Working

August 17, 2022, 05:50:50 PM

I have placed an IP from my public IP pool in a virtual IP (xx.xx.xx.108). I created a 1:1 NAT rule:

Interface -> WAN
External IP -> xx.xx.xx.108
Internal IP -> 10.0.0.144 listed under source with a /32 subnet
Destination -> any
Type -> BINAT

WAN Firewall rules allow all traffic to 10.0.0.144

VLAN is setup through the switches correctly as well.

What am I missing?

Thanks in advance for the assistance.

#2

22.1 Legacy Series / Can't Assign Interfaces in 22.1_4

April 06, 2022, 10:24:43 PM

I'm trying to setup zerotier and a new interface and I can't add an interface. There is no + option anymore on the interface assignment page.

Any ideas? Thanks in advance for any assistance.

#3

General Discussion / VLAN Encapsulation

October 07, 2019, 11:06:38 PM

Does anyone know if I can place a VLAN in another VLAN?

Example: Our APs have a 32 VLAN cap. I have 50 VLANs in use. I need the to create a VLAN (VLAN2) and then assign (VLAN 200, VLAN 201, VLAN 202) to that VLAN so that I can ride up the stack to the end points on fewer VLANs. I have done this with Mikrotik in the past. I can't seem to find a way to make opnsense do it though.

Thanks in advance for any help!

#4

19.7 Legacy Series / VLAN Encapsulation

October 07, 2019, 11:06:08 PM

Does anyone know if I can place a VLAN in another VLAN?

Example: Our APs have a 32 VLAN cap. I have 50 VLANs in use. I need the to create a VLAN (VLAN2) and then assign (VLAN 200, VLAN 201, VLAN 202) to that VLAN so that I can ride up the stack to the end points on fewer VLANs. I have done this with Mikrotik in the past. I can't seem to find a way to make opnsense do it though.

Thanks in advance for any help!

#5

Hardware and Performance / DHCP Stopping and Will Not REstart

June 29, 2019, 01:28:25 AM

I'm having issues with the DHCP services turning itself off, and then will not restart. I'm not sure where to start to fix. Here is my backend log:

Date Message
Jun 28 18:24:17 configd.py: [0e0befb6-f77a-4abb-b751-60a9bede0ad6] request filter log output
Jun 28 18:24:13 configd.py: [3dca0a34-d57f-4116-a1c0-a0f4dd262e99] request pfctl byte/packet counters
Jun 28 18:24:10 configd.py: [2cc350ae-a555-46e5-b083-4d9588a885b5] request filter log output
Jun 28 18:24:03 configd.py: [abb8d7fc-dc41-4035-9b83-f981a152c767] request filter log output
Jun 28 18:24:02 configd.py: [686aed41-e081-48eb-82ad-329bbd9cd625] request pfctl byte/packet counters
Jun 28 18:23:55 configd.py: [b88f6ad6-22a9-42d4-a3be-32c93881b8f8] request filter log output
Jun 28 18:23:53 configd.py: [2f944253-9a6d-4418-a7a2-0607b042d1ba] IPsec list status
Jun 28 18:23:52 configd.py: [ef2da84e-0fb8-4df5-b7dc-b3977f6f2636] IPsec list ip address pools
Jun 28 18:22:14 configd.py: [0a373db4-94bc-4bc6-ab52-a61033ee60fe] Reloading filter
Jun 28 18:07:53 configd.py: message 3beb9e94-9e87-4f21-978b-91aef97ed20c [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 18:07:52 configd.py: unable to sendback response [OK ] for [filter][reload][None] {b4c8c0e1-b287-4f6a-a6f6-91702f07c940}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 18:07:52 configd.py: [3beb9e94-9e87-4f21-978b-91aef97ed20c] refresh url table aliases
Jun 28 18:07:52 configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 18:07:51 configd.py: generate template container OPNsense/Filter
Jun 28 18:07:50 configd.py: [6fc9bbbc-3632-4d5c-a9cb-4f2d168f45c1] generate template OPNsense/Filter
Jun 28 18:03:15 configd.py: [b4c8c0e1-b287-4f6a-a6f6-91702f07c940] Reloading filter
Jun 28 18:03:14 configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jun 28 18:03:14 configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jun 28 18:03:13 configd.py: generate template container OPNsense/WebGui
Jun 28 18:03:12 configd.py: [c0afd8f8-4214-4444-ae9a-c6c2684543b6] generate template OPNsense/WebGui
Jun 28 18:02:18 configd.py: [7eb697ed-ce0b-413c-aebd-0a59e8c95506] updating dyndns opt224
Jun 28 17:42:07 configd.py: message f01b3c0a-8785-48c8-8950-32b150134810 [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:42:06 configd.py: unable to sendback response [OK ] for [filter][reload][None] {54ad4008-3ca9-4eb7-a430-df2baa3bf378}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:42:06 configd.py: [f01b3c0a-8785-48c8-8950-32b150134810] refresh url table aliases
Jun 28 17:42:06 configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:42:06 configd.py: generate template container OPNsense/Filter
Jun 28 17:42:05 configd.py: [03ca638c-1e78-492b-beee-b1960815a87e] generate template OPNsense/Filter
Jun 28 17:39:56 configd.py: [13af0d61-44a4-4384-9ac5-3e4adfb90c1c] updating dyndns opt223
Jun 28 17:36:27 configd.py: [54ad4008-3ca9-4eb7-a430-df2baa3bf378] Reloading filter
Jun 28 17:25:42 configd.py: [4dc2c1ff-69d1-4cba-b237-3f7dfacabe9c] updating dyndns opt222
Jun 28 17:13:16 configd.py: message f170ab46-25df-4f8a-8e5b-1d285c722d8e [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:13:16 configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:13:16 configd.py: [f170ab46-25df-4f8a-8e5b-1d285c722d8e] refresh url table aliases
Jun 28 17:13:16 configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:13:15 configd.py: generate template container OPNsense/Filter
Jun 28 17:13:14 configd.py: [2999e7d7-f2a6-4613-8e5a-af4c7cfa6281] generate template OPNsense/Filter
Jun 28 17:12:08 configd.py: [02dfc847-217b-4df8-8d68-d3a64ebf5cb7] updating dyndns opt221
Jun 28 17:08:00 configd.py: [2809bea7-d36c-4e08-989e-a210cf07d674] Reloading filter
Jun 28 17:08:00 configd.py: [577242e0-91bf-49f9-88a6-a2a4a2f4c81a] restarting cron
Jun 28 17:07:53 configd.py: [5d57876d-b0bf-4692-8fd1-064ef2aa23e0] request osfp
Jun 28 17:07:45 configd.py: [ad89ed3e-3197-4206-b3ce-e32691181bf5] request osfp
Jun 28 17:07:28 configd.py: [1a2d88d3-8901-4e8e-bf46-4f00ab9be3bd] request osfp
Jun 28 17:07:19 configd.py: [11a8c66f-ad01-4160-b3e9-367e39c02dee] request osfp
Jun 28 17:07:01 configd.py: [8a890129-d59a-4eae-8b42-baeea69c8bf6] request osfp
Jun 28 17:06:51 configd.py: [608bcb08-2653-4eef-9f37-f3278a10a590] request osfp
Jun 28 17:06:26 configd.py: [81bd38c9-a5a4-4f12-9f10-0c861ac718f0] request osfp
Jun 28 17:06:17 configd.py: [9d9e4cd3-1fa0-44be-aa06-19037fa0574e] request osfp
Jun 28 17:06:08 configd.py: [d09a7072-67cb-41a1-b3b9-165833959ddc] request pfctl byte/packet counters
Jun 28 17:06:06 configd.py: [ab10efa3-6d36-45b8-9a94-b896b0945c6f] request filter log output
Jun 28 17:05:57 configd.py: [e4fc0753-e255-4e9e-8b20-18aea142f276] request pfctl byte/packet counters

I keep seeing this: configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Not sure what this means or if it is the issue.

Thanks in advance for your help.

#6

19.1 Legacy Series / DHCP Service Will Not Stay Up

June 29, 2019, 01:27:12 AM

I'm having issues with the DHCP services turning itself off, and then will not restart. I'm not sure where to start to fix. Here is my backend log:

Date   Message
Jun 28 18:24:17   configd.py: [0e0befb6-f77a-4abb-b751-60a9bede0ad6] request filter log output
Jun 28 18:24:13   configd.py: [3dca0a34-d57f-4116-a1c0-a0f4dd262e99] request pfctl byte/packet counters
Jun 28 18:24:10   configd.py: [2cc350ae-a555-46e5-b083-4d9588a885b5] request filter log output
Jun 28 18:24:03   configd.py: [abb8d7fc-dc41-4035-9b83-f981a152c767] request filter log output
Jun 28 18:24:02   configd.py: [686aed41-e081-48eb-82ad-329bbd9cd625] request pfctl byte/packet counters
Jun 28 18:23:55   configd.py: [b88f6ad6-22a9-42d4-a3be-32c93881b8f8] request filter log output
Jun 28 18:23:53   configd.py: [2f944253-9a6d-4418-a7a2-0607b042d1ba] IPsec list status
Jun 28 18:23:52   configd.py: [ef2da84e-0fb8-4df5-b7dc-b3977f6f2636] IPsec list ip address pools
Jun 28 18:22:14   configd.py: [0a373db4-94bc-4bc6-ab52-a61033ee60fe] Reloading filter
Jun 28 18:07:53   configd.py: message 3beb9e94-9e87-4f21-978b-91aef97ed20c [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 18:07:52   configd.py: unable to sendback response [OK ] for [filter][reload][None] {b4c8c0e1-b287-4f6a-a6f6-91702f07c940}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 18:07:52   configd.py: [3beb9e94-9e87-4f21-978b-91aef97ed20c] refresh url table aliases
Jun 28 18:07:52   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 18:07:51   configd.py: generate template container OPNsense/Filter
Jun 28 18:07:50   configd.py: [6fc9bbbc-3632-4d5c-a9cb-4f2d168f45c1] generate template OPNsense/Filter
Jun 28 18:03:15   configd.py: [b4c8c0e1-b287-4f6a-a6f6-91702f07c940] Reloading filter
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/etc/php.ini
Jun 28 18:03:14   configd.py: OPNsense/WebGui generated //usr/local/lib/php.ini
Jun 28 18:03:13   configd.py: generate template container OPNsense/WebGui
Jun 28 18:03:12   configd.py: [c0afd8f8-4214-4444-ae9a-c6c2684543b6] generate template OPNsense/WebGui
Jun 28 18:02:18   configd.py: [7eb697ed-ce0b-413c-aebd-0a59e8c95506] updating dyndns opt224
Jun 28 17:42:07   configd.py: message f01b3c0a-8785-48c8-8950-32b150134810 [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:42:06   configd.py: unable to sendback response [OK ] for [filter][reload][None] {54ad4008-3ca9-4eb7-a430-df2baa3bf378}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:42:06   configd.py: [f01b3c0a-8785-48c8-8950-32b150134810] refresh url table aliases
Jun 28 17:42:06   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:42:06   configd.py: generate template container OPNsense/Filter
Jun 28 17:42:05   configd.py: [03ca638c-1e78-492b-beee-b1960815a87e] generate template OPNsense/Filter
Jun 28 17:39:56   configd.py: [13af0d61-44a4-4384-9ac5-3e4adfb90c1c] updating dyndns opt223
Jun 28 17:36:27   configd.py: [54ad4008-3ca9-4eb7-a430-df2baa3bf378] Reloading filter
Jun 28 17:25:42   configd.py: [4dc2c1ff-69d1-4cba-b237-3f7dfacabe9c] updating dyndns opt222
Jun 28 17:13:16   configd.py: message f170ab46-25df-4f8a-8e5b-1d285c722d8e [filter.refresh_aliases] returned {"status": "ok"}
Jun 28 17:13:16   configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe
Jun 28 17:13:16   configd.py: [f170ab46-25df-4f8a-8e5b-1d285c722d8e] refresh url table aliases
Jun 28 17:13:16   configd.py: OPNsense/Filter generated //usr/local/etc/filter_tables.conf
Jun 28 17:13:15   configd.py: generate template container OPNsense/Filter
Jun 28 17:13:14   configd.py: [2999e7d7-f2a6-4613-8e5a-af4c7cfa6281] generate template OPNsense/Filter
Jun 28 17:12:08   configd.py: [02dfc847-217b-4df8-8d68-d3a64ebf5cb7] updating dyndns opt221
Jun 28 17:08:00   configd.py: [2809bea7-d36c-4e08-989e-a210cf07d674] Reloading filter
Jun 28 17:08:00   configd.py: [577242e0-91bf-49f9-88a6-a2a4a2f4c81a] restarting cron
Jun 28 17:07:53   configd.py: [5d57876d-b0bf-4692-8fd1-064ef2aa23e0] request osfp
Jun 28 17:07:45   configd.py: [ad89ed3e-3197-4206-b3ce-e32691181bf5] request osfp
Jun 28 17:07:28   configd.py: [1a2d88d3-8901-4e8e-bf46-4f00ab9be3bd] request osfp
Jun 28 17:07:19   configd.py: [11a8c66f-ad01-4160-b3e9-367e39c02dee] request osfp
Jun 28 17:07:01   configd.py: [8a890129-d59a-4eae-8b42-baeea69c8bf6] request osfp
Jun 28 17:06:51   configd.py: [608bcb08-2653-4eef-9f37-f3278a10a590] request osfp
Jun 28 17:06:26   configd.py: [81bd38c9-a5a4-4f12-9f10-0c861ac718f0] request osfp
Jun 28 17:06:17   configd.py: [9d9e4cd3-1fa0-44be-aa06-19037fa0574e] request osfp
Jun 28 17:06:08   configd.py: [d09a7072-67cb-41a1-b3b9-165833959ddc] request pfctl byte/packet counters
Jun 28 17:06:06   configd.py: [ab10efa3-6d36-45b8-9a94-b896b0945c6f] request filter log output
Jun 28 17:05:57   configd.py: [e4fc0753-e255-4e9e-8b20-18aea142f276] request pfctl byte/packet counters

I keep seeing this: configd.py: unable to sendback response [OK ] for [filter][reload][None] {2809bea7-d36c-4e08-989e-a210cf07d674}, message was Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 203, in run self.connection.sendall('%s\n' % result) File "/usr/local/lib/python2.7/socket.py", line 228, in meth return getattr(self._sock,name)(*args) error: [Errno 32] Broken pipe

Not sure what this means or if it is the issue.

Thanks in advance for your help.

#7

19.1 Legacy Series / DHCP From Command Line

June 29, 2019, 12:42:07 AM

Is there a way to add dhcp to an interface from the command line? I have created interface VLAN111 and want to add DHCP to it? The GUI is so slow in this, so I thought I would try to add from the terminal.

Thanks,

#8

19.1 Legacy Series / DHCP Service Stops and Won't Restart

June 26, 2019, 07:33:04 AM

Hi All,

I have an install in place with supermicro, xeon D, 8gig ram, 256 gig ssd. We are running an apartment building with it, and it has been going very well. We have 150 or so VLANs, with 150 or so DHCP running. I'm not sure why, but over the last couple of days, DHCP service is stopping, and I can't seem to get it to restart without a lot of patience (randomly seems to come back sometimes on its own). Sometimes a good 30 minutes to come back up after clicking the play sign. Any ideas on why it would be stopping in the first place? CPU is running about 20% load (was having some trouble here, but fabian helped with this, net flow was chewing up the processor). Even after fixing this, I'm still seeing the issue with DHCP stopping.

Any ideas?

Thanks in advance

#9

Hardware and Performance / Python CPU running at 100

June 26, 2019, 06:45:55 AM

Hi Everyone,

I'm running on a super micro, XeonD, 8gig ram, 256gig SSD with a 5gig pipe from ISP.

I'm seeing a huge increase, CPU running around 100 for hours per day, and I can't figure out why. Python seems to be the main pull here, with ARP as number 2 and 3 per top. I'm randomly seeing the DHCP service stop as well, takes forever to restart. Nothing has really changed. This unit runs a 150 unit apartment building, with 150 VLANs. Up until two days ago, we've only been running about a 10% processor load.

pfctl pops in at 80+% here and there on top as well. I've attached the services running as well.

Thanks in advance for the assist.

Top Output:

root@ICCN2:~ # top

last pid: 59182; load averages: 9.47, 6.93, 6.97 up 8+07:43:51 23:28:10
59 processes: 4 running, 55 sleeping
CPU: 27.1%10131, 0.0% nice, 11.0 8.95, 6.86, 6.95err up 8+07:43:51e 23:28:10
57m: 182M Activ5, 2507M Ina2t, 88M Laundry, 1224M Wired, 758M Buf, 3797M Free
Swap:31.92M Total, 8192M Free 5.0 14.1 49.0
68 1 2 6 820
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAN
25508 root 1 81 0 1043M 13328K CPU2 2 0:04 96.75% pfctl
80879 root 1 101 0 42708K 36228K CPU6 6 142.1H 95.94% python
80879 unbound 8 100 0 42708K 36268K kqr1 1 142.1H 95.61% python
17105 unbound 8 20 0 119M 92168K kqread 7 1:30 3.83% unboun
4742 root 1 21 0 1033M 2332K CPU4 4 243:52 3.43% filter
11707 root 1 50 0 49052K 37724K accept 4 0:09 2.92% php-cg
59342 dhcpd 1 20 0 39112K 31280K CPU7 7 0:06 0.87% dhcpd
53556 _flowd 1 20 0 6300K 2496K select 7 13:39 0.61% flowd
51807 root 1 20 0 1034M 3228K CPU5 1 0:00 0.33% top
51807 root 1 20 0 1034M 3228K CPU2 2 0:00 0.22% top
26888 root 1 37 0 90092K 67344K accept 2 2:39 0.15% python
63180 zabbix 1 20 0 18968K 6808K nanslp 0 0:03 0.12% zabbix
3556 _flowd 1 20 0 6300K 2496K select 0 13:39 0.11% flowd
23870 root 1 20 0 10972K 6792K kqread 1 0:28 0.06% lightt
36904 www 1 20 0 15289M 5724K kqread 0 0:45 0.05% ntphtt
36525 root 1 20 0 1038M 6612K select 0 0:01 0.02% sshd
23180 zabbix 1 20 0 58968K 6808K nanslp 6 0:09 0.02% zabbix
11322 92753 3 5.31, 5.98, 6.56ct up 8+07:46:26 23:30:45
58188 www 4 4 15284K 9640K kqread 4 0:13 lightt
last 29.0 71096; load averag20.0 5.16, 5. 7.2 6.56 up 843.846:24 23:30:43
60 proc1sses: 5 runn1ng, 55 sleeping 0 5 8
CPU: 17.4% user, 0.0% nice, 35.2% system, 7.7% interrupt, 39.8% idle
Mem: 196M Active, 2460M Inact, 88M Laundry, 1231M Wired, 764M Buf, 3824M Free
Swap: 8192M Total, 8192M Free
6 6 5.23
202 USERNAME THR P75 NICE S33M 3180K CPU2 2 TIM1 78.19% arp
42679 root 1 172 0 23728K 18692K CPU1 1 142.10 7.41% python
11707 root 1 52 0 60320K 43636K nanslp 7 0:12 7.26% php-cg
4742 root 1 23 0 1033M 2332K bpf 2 243:57 2.88% filter
88844 unbound 8 20 0 99M 60548K kqread 4 0:03 1.35% unboun
51653 zabbix 1 0 0 18968K 6040K select 7 114:03 1.29% syslog
59793 zabbix 1 22 0 18968K 6736K accept 5 10:40 0.99% zabbix
8951 zabbix 1 21 0 18968K 6784K accept 1 10:38 0.80% zabbix
26888 root 2 20 0 92140K 67384K accept 4 2:39 0.66% python
84320 zabbix 1 22 0 18968K 6560K select 7 10:45 0.64% zabbix
59342 dhcpd 1 21 0 39112K 31280K select 4 0:07 0.16% dhcpdg
88844 unbound 8 20 0 99M 60536K kqread 6 0:03 2.14% unboun
51807 root 1 20 0 1034M 3232K CPU7 7 0:00 1.13% top
62732 nobody 1 20 0 6303M 1548K sbwait 6 13:17 0.22% sampli
62732 nobody 1 20 0 1033M 1548K sbwait 7 13:17 0.17% sampli
51807 root 1 20 0 1034M 3232K CPU6 6 0:00 0.13% top
last pid: 99735; load averages: 5.79, 5.89, 6.12 up 8+08:00:17 23:44:36
61 processes: 8 running, 53 sleeping
CPU: 18.4% user, 0.0% nice, 45.3% system, 12.0% interrupt, 24.3% idle
Mem: 196M Active, 2484M Inact, 88M Laundry, 1240M Wired, 774M Buf, 3790M Free
Swap: 8192M Total, 8192M Free

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAN
80879 root 1 102 0 42708K 36228K CPU5 5 142.3H 96.29% python
78992 root 1 86 0 1043M 13328K CPU2 2 0:07 89.53% pfctl
15278 root 1 87 0 1033M 3168K CPU3 3 0:08 88.53% arp
11329 root 1 87 0 1033M 3192K CPU6 6 0:08 88.08% arp
99735 root 1 75 0 1033M 3252K CPU1 1 0:01 52.15% ifconf
8951 zabbix 1 23 0 18968K 6784K CPU0 0 11:18 7.75% zabbix
59793 zabbix 1 23 0 18968K 6736K accept 4 11:21 7.45% zabbix
84320 zabbix 1 23 0 18968K 6560K CPU4 4 11:25 6.78% zabbix
49439 root 1 52 0 56608K 37396K piperd 2 0:04 2.06% php-cg
4742 root 1 21 0 1033M 2332K bpf 3 244:17 1.59% filter
51653 root 1 20 0 1033M 2040K select 0 114:12 0.84% syslog
88844 unbound 8 20 0 109M 65520K kqread 1 0:13 0.75% unboun
59342 dhcpd 1 20 0 39112K 31280K select 2 0:08 0.26% dhcpd
51807 root 1 20 0 1034M 3232K CPU7 7 0:02 0.21% top
3556 _flowd 1 20 0 6300K 2496K select 2 13:40 0.10% flowd
62732 nobody 1 20 0 1033M 1548K sbwait 2 13:18 0.08% sampli
36904 root 1 20 0 1039M 5724K select 7 0:52 0.05% ntpd

#10

Hardware and Performance / Large Network Hardware Needs

June 06, 2019, 07:37:41 AM

Hi Everyone,

I'm using OPNsense in some of our smaller installations, mostly hotel and small apartments. We landed a large residential tower (850 residences), and it's getting ready to open. I have one server onsite with Xeon, 8 gig RAM, 256gb SSD Msata with 2 10gig sfp+ (supermicro server) and it is running fine for the few residents that are there and the office, parking, etc systems.

My concern is when the building fully leases and moves in in the next couple of months, what do you guys think for hardware expansion needs? I'm already noticing the mbuf climbing, and a little bit more processor load.

Should I be looking into clustering? If so, I've seen HA options with failover, but I should be able to cluster multiple servers together for performance right? When all is said and done, we will have over 800 VLANs running on this system. Trying to get ahead of it.

Thanks again for the advice.

#11

19.1 Legacy Series / One to One NAT Kills Internet Access

May 31, 2019, 12:09:01 AM

When I setup one to one NAT the machine statically configured to the LAN side 10.3.53.2, has no internet access. As soon as I delete the 1:1 rule, it has access.

Here's what we are needing: I have a pool of public IPs, x.x.x.29/27 and I need x.x.x.31 to send and receive all traffic to 10.3.53.2 as it were an public IP.

I have setup VIP: x.x.x.31 Ip alias WAN interface

One to One NAT: WAN Interface, x.x.x.31 external IP, Source 10.3.53.2, Destination any, default reflection.

Firewall rules on WAN: *, * , 10.3.53.2, *

Outbound NAT is set to Automatic

What am I missing here?

Thanks,

#12

19.1 Legacy Series / Help Noob with Routing WAN IP group to second Opnsense Router

May 30, 2019, 11:22:21 PM

Hi Everyone,

Thanks in advance for the assistance. I'm pulling my hair out here.

I have a set of IPs I need to route to a Opnsense box downstream. Here's the scenario:

We have x.x.x.26 coming from the ISP with gateway of x.x.x.25. I have setup one Opnsense firewall there and have connection. From there I have to route block of public IPs, x.x.x.29/27. x.x.x.28 the ISP has static route set back to x.x.x.26.

I have the LAN on this gateway set to x.x.x.29/27. On second Opnsense router (captive portal, vlans, guest network etc running) I statically set to x.x.x.30 with gateway of x.x.x.29 and I have internet connectivity.

I need to pass public ips x.x.x.31 and x.x.x.32 from LAN on first router to 10.x.x.52 on LAN of second router for PCI compliance. I have the VIPs setup on the second router x.x.x.31-58 and one to one nat for x.x.x.31 -> 10.x.x.52.

How do I simply pass these IPs from the first router to the second router? Essentially the ISP is requiring us to route our own IPs and I've never had to set this up before.

First router has automatic outbound DNS, second as well. I have firewall rules in router 2 on WAN to allow traffic to 10.x.x.52.

Whoever can help me set this up, I have a pizza and beer delivery with your name on it.

Thanks,

Jon

#13

19.1 Legacy Series / Port Forwarding Not Working All of the Time

May 27, 2019, 07:52:21 AM

Hi All,

Thanks in advance for the help/advice. I'm newer to the system, coming over from Mikrotik.

I have setup several port forwards in the port forward section of NAT. One rule works fine, my ssh rule. I've set the others up exactly as the ssh rule, and they are not working.

I'm trying to redirect port 6001 to port 80 on the internal ip of 16.16.16.100 and it doesn't seem to work. I've attached a screenshot of my port forward rule for this. In the firewall rules for the WAN it is automatically placed there, and exactly as the SSH rule that is working. Where am I going wrong?

Thanks,

amitis5

Show posts