Topics

I have setup 2 Adguard Home DNS server in Raspberry Pi and was wondering what should go into the Use Gateway field? The drop down shows Wan DHCP6 IPV6 address and Wan DHCP IPV4 address.
And secondly, how to setup primary and secondary DNS so the secondary becomes active when the primary is down? As is, if I turn off the primary, 192.168.4.209 DNS, the LAN devices does not use the secondary DNS 192.168.4.208. Under Services DHCPv4 i have bother DNS listed.

I just configured IPV6 in my router, It's working with AT&T Comcast.
I need some help setting up some basic firewall rules to protect my LAN devices.
Can you point me to some kind of documentation or write up more of newbi friendly?

I'm running 23.7.3 in a X86 device.

I need some recommendation for my next HW.
I am using an x86 fan less PC with 2 ports but need to get a new hardware. The X86 is about to die any day.
I'm looking into Zimaboard 432.
I have an At&t gig fiber, the At&t modem is set for Passthru mode.
I have 2 Unifi AP AC Lite an Unifi 8-60 POE switch.
I am not using any VLANs but would like to take advantage of the At&t IPV6 as well.

We are 4 users in the house, 8 to 10 cameras, few streaming devices and 2 of us work from home.
My budged is $200.00 US range.

Any advice or suggestions?

I am running 21.1.6.
I have experienced twice in last month an a half that my router stopped receiving IPV4 WAN address from the AT&T pass thru modem. It does not lose the IPV6 address.
I had to reboot to get it back up and running.

What could cause this?
For troubleshooting this, what logs should I be looking into? I have Zenarmor- Sensei setup for LAN interface, and this is what I saw in the System Diagnostic Activity. Can this be the reason, "HeapDumpOnOutOfMemoryError"?
My box has 8 GIG of memory and Intel core i5 2.30 GHZ 4 core cpu.

• /usr/local/openjdk8/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djdk.io.permissionsUseCanonicalPath=true -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true -XX:+HeapDumpOnOutOfMemoryError -Des.path.home=/usr/local/lib/elasticsearch -cp /usr/local/lib/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -d --pidfile=/var/run/elasticsearch/elasticsearch.pid -Epath.conf=/usr/local/etc/elasticsearch{VM Periodic Task Th}

I am running 21.1.6.
I have experienced twice in last month an a half that my router stopped receiving IPV4 WAN address from the AT&T pass thru modem. It does not lose the IPV6 address.
I had to reboot to get it back up and running.

What could cause this?
For troubleshooting this, what logs should I be looking into? I have Zenarmor- Sensei setup for LAN interface, and this is what I saw in the System Diagnostic Activity. Can this be the reason, "HeapDumpOnOutOfMemoryError"?
My box has 8 GIG of memory and Intel core i5 2.30 GHZ 4 core cpu.

• /usr/local/openjdk8/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+AlwaysPreTouch -server -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -Djdk.io.permissionsUseCanonicalPath=true -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Dlog4j.skipJansi=true -XX:+HeapDumpOnOutOfMemoryError -Des.path.home=/usr/local/lib/elasticsearch -cp /usr/local/lib/elasticsearch/lib/* org.elasticsearch.bootstrap.Elasticsearch -d --pidfile=/var/run/elasticsearch/elasticsearch.pid -Epath.conf=/usr/local/etc/elasticsearch{VM Periodic Task Th}

I have a simple setup of Opnsense+PiHole.
I have assigned the IP of my PiHole to the DNS field in DHCP of Opnsense.
Should I use PiHole's IP in the System- Setting - General in the DNS field or use something like 9.9.9.9 in the system DNS box?

I have created a LAN and VLAN-IOT setup for my home office.
I simply want VLAN-IOT subnet to just have internet access but not the LAN access.
I am not an IT person and not sure the rules I created, with help of the Opnsense forum and internet, are valid and protects my network.

I would appreciate any feedback.

LAN Rules


IOT Rules


Aliases

I am planning to follow this guide to enable Intrusion Prevention System using this guide. Will this give me basic protection?

https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_

I static mapped a MAC address from DHCPv4 --> Leases.
I don't see this MAC any where in here but the device is functioning.
How do I undo the static mapping?

I am setting up a new SOHO for my own use and I'm trying to move from my existing setup of one LAN for my home user and a VLAN for the IoT devices.
All my gears with static IP are residing in the LAN.
The devices are
Opnsense router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6

IoT VLAN20: 10.0.20.0/24
User VLAN 10.0.10.0/24

My goal is to keep all the devices and IPs as is. I already created a new VLAN10 where all the users laptops and pcs will be using VLAN10.

I have already created rules to block VLANs to access each other and LAN.

I created an alias for the Piholes and a allow rule to have my VLAN access it. I also have a rule to block any other DNS services for the VLANs.

I need to figure out 2 things:
1. How do I keep the printer in the LAN and have VLAN users share it?
2. For creating 2 Piholes alias what is the "Type" in the alias window? Is it hosts or networks?

For Type should it be Hosts in the dropdown or Networks?

This is what I'm trying to setup but I think I need to do something in the firewall to allow PiHole DNS and other devices from Lan to VLAN10 access.

LAN 192.168.4.0/24 -MGT
VLAN10- 10.0.10.0/24 -0 family use, laptop, PC etc
VLAN20- 10.0.20.0/24 - IoT
PiVPN 192.168.4.0/24 subnet. I want to open port for 51826 in the firewall and port forward to PiVPN IP address.

I have the following setup using static IP in 192.168.4.0/24 network - Route, Unifi switch, 2 Unifi AP-AC Lite access points, Pihole, printer.
2X Unifi access points have already been setup with Vlan10 & Vlan 20 profile. One SSID for home use another for IoT.

I want to use the Pihole from my management subnet to Vlan 10 for it's DNS and ad blocker. The Lan and Vlan10 can talk to each other, I don't need to restrict this. I'm trying to make it simple.
IoT Vlan20 will use DNS 8.8.8, no need for PiHole access.

Now, what would be the most simplest way i Can implement this? I probably need some firewall rules but not sure how to.

i was looking into enabling IPv6 and for some reason now I can't stop the IPv6 dhcp server.
On the dashboard it shows the ipv6 dhcp server/service is not running but if O try to save the ipv6 settings under interface Lan to "none" from "dhcp6" it tells me the dhcp6 server is running and that needs to stop first.
I looked everywhere, unchecked it under firewall rules and rebooted the router but still seeing the error.

How do I export the entire firewall /aliases rules so I can post it on a forum for specific suggestion?
I tries the export option but that did not give me the entire firewall rules in a format I can use.

I have Pihole as my DNS server.
I have setup under DHCPv4 with Pihole IP address in DNS Server field and it's all good.
On the other hand, My WAN and LAN clients are getting IPv^ address and the IPv^ test comes back as"working".

What I'm facing with now is where in Opnsense do I enter the IPV6 IP address of my Pihole so any lan clients using IPv6 with do thru Pihole DNS?

As I'm adding widgets in my dashboard they are all stacking on the right side. How can I move some of these of to left where I have empty real estate?
Here's a screenshot.

I looks like my ipv6 is somewhat working, I'm seeing ipv6 addresses and also seeing ipv6 address for devices in ipv6 lease.
Why this does not show in my dashboard? if I try to add it manually by clicking the pencil and save it still does not add in the lists. added.

I have a lan network which is used by my middle schooler so I use PiHole with OpenDNS family shield.
The VLAN is used by my daughter for her home office and I don't want any DNS filter blocking her from accessing work related stuff, so I have google DNS setup in the VLAN she connects.

Here's the setup;
LAN 192.168.4.0/24 Dhcp service DNS 192.168.4.2 (PiHole)
VLAN 10.0.8.0/24    Dhcp service DNS 8.8.8.8

System --> settings --> general --> DNS server "none"

What shoud be in /etc/resolv.config
     nameserver 127.0.0.1
     or
     nameserver 8.8.8.8
     or
     nameserver 192.168.4.2
     or wharever
 

I have 2 Pi-hole I want to implement on my home network.
here's my network layout. What would be the best way to setup everything?

LAN- 192.168.4.0 - home network
DNS 1 - 192.168.4.200 -Pi-hole#1
DNS 2 - 192.168.4.201 -Pi-hole#2
=========================
VLAN IOT - 10.0.20.0/24
DNS 1 - 8.8.8.8
DNS 2 - 8.8.4.4

Is there such thing I can use in Opnsense for vpn which will only pass one or 2 ip addresses thru the vpn tunnels and nothing else.
I want to use VPN when streaming iptv.
Any idea is appreciated. I can use a 2nd router, mikrotik, opnsesne and edgerouterx, to accomplish this if needs to be. My main router  is Opnsense and the rest are collecting dusts.

If I restore a configuration to the same hardware on freshly installed OS, given I have already installed all previously installed plugins, same or close to the same OS version, will it restore VLANs, Aliases, Firewall rules etc to prior running state?