Topics

1

Development and Code Review / miniupnpd default static 2189 port

« on: May 17, 2019, 12:44:48 am »

The OPNsense configuration file for miniupnpd uses port 2189 by default. This specific static port was first seen in pfsense many many years ago and to this day is the same static port that OPNsense, pfsense and FreeBSD uses. There's no reason by default that this port should be static. If no port is specified miniupnpd randomizes the port. Even the developer of miniupnpd doesn't know why pfsense started using a static port in the first place.

I would like to see a setting in OPNsense under UPNP for this port setting. I believe the port should be blank which will allow miniupnpd to automatically generate a random port when started or allow someone to set a static port if they wish to do so. The only reason for a static port would only be for a strict LAN rule-set where someone might need to add a LAN rule for the static port.

I have other ideas surrounding miniupnpd settings as well. There's build settings I would like to discuss such as enabling randomize_urls and enable_https but for now hopefully we can get started with the dreadful 2189 static port.

2

19.1 Legacy Series / [SOLVED] Dashboard showing CPU (1 cores)

« on: April 27, 2019, 09:09:48 am »

OPNsense version: 19.1.6

Dashboard shows the following for my CPU which has 4 cores:

Intel(R) Celeron(R) CPU N2930 @ 1.83GHz (1 cores)

Is OPNsense only detecting 1 core for my CPU?

3

Tutorials and FAQs / Xbox One - Open NAT Tutorial

« on: August 11, 2016, 05:01:42 am »

Update: December 8th 2017. This tutorial was outdated so I removed the content. It needs to be updated with more accurate information.

4

16.7 Legacy Series / IPv6 rules question

« on: August 10, 2016, 01:28:23 am »

I haven't spent time examining the entire rules list until today. I expected that there wouldn't be IPv6 rules if I didn't have IPv6 enabled. I see that there's ICMP IPv6 rules that apparently are required for IPv6 but not for IPv4. Is there an easy way to completely remove IPv6 rules?

Edit: Okay so I was looking at my /tmp/rules.debug file and the following rules were listed:

Code: [Select]

# block bogon networks (IPv4)
# http://www.cymru.com/Documents/bogon-bn-nonagg.txt
block in log quick on $WAN from <bogons> to any  label "block bogon IPv4 networks from WAN"
# block bogon networks (IPv6)
# http://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt
block in log quick on $WAN from <bogonsv6> to any label "block bogon IPv6 networks from WAN"
antispoof log for $WAN
# block anything from private networks on interfaces with the option set
block in log quick on $WAN from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8"
block in log quick on $WAN from 127.0.0.0/8 to any label "Block private networks from WAN block 127/8"
block in log quick on $WAN from 100.64.0.0/10 to any label "Block private networks from WAN block 100.64/10"
block in log quick on $WAN from 172.16.0.0/12 to any label "Block private networks from WAN block 172.16/12"
block in log quick on $WAN from 192.168.0.0/16 to any label "Block private networks from WAN block 192.168/16"
block in log quick on $WAN from fc00::/7 to any label "Block ULA networks from WAN block fc00::/7"
Aren't the 6 rules below the bogons and bogonsv6 table rules redundant? Those 6 rules seem to do exactly what the bogons rules do.

5

General Discussion / [SOLVED] Fetch updates - There are no updates available

« on: March 24, 2016, 04:06:25 am »

I had an issue upgrading from OPNsense 16.1.5-amd64 to 16.1.8 today. I was able to fetch updates but it upgraded my system to version 16.1.7. After that upgrade I attempted to fetch updates again thinking 16.1.7 was a prerequisite for version 16.1.8 and the fetch request indicated there were no updates available. I restarted my router 3 times attempting to fetch for updates but it kept on indicating there were no updates available. Tried restarting configd as well (was already running) and that didn't help either. The Fetch attempts were both done using the webgui and the console. So I saved my configuration file and restored my system to default settings. I then rebooted and setup basic settings to establish an internet connection and I was able to fetch and then upgrade to version 16.1.8. I found it strange since I've always been able to fetch and upgrade without any issues.

6

16.1 Legacy Series / tabbing between elements in webgui

« on: February 20, 2016, 02:10:45 am »

Just noticed that pressing the tab button on my keyboard doesn't necessarily tab to the next webgui relevant element on a webgui page. Just testing a few of the webgui pages resulted in tabbing to non useful elements of the page. I would think that a page with edit boxes for instance would tab to the next appropriate edit box instead of tabbing for instance to a description icon. Appears this is the default behavior. Any plans to change the default tabbing behavior? This is more of less a cosmetic related issue and isn't something I would suspect isn't a concern at the moment.

7

16.1 Legacy Series / [SOLVED] Purpose for hiding NAT rules from normal rules screen?

« on: January 30, 2016, 04:28:13 am »

After upgrading to 16.1 from from the lastest 15 production release using the webgui I encountered a port forwarding issue. My Xbox One nat turned to moderate from open which was very unusual. I couldn't see any of the normal rules generated from the NAT rules which I had previously created. It appears you modified the code in the 16.1 release:

" firewall: hide NAT rules from normal rules screen"

I restored a saved OPNsense config file and my Xbox nat returned to open from moderate. The normal rules were still hidden but it fixed the port forwarding issue. What was the purpose of hiding the normal NAT generated rules?

8

General Discussion / Please Make a Donation to OPNsense

« on: January 22, 2016, 07:23:11 pm »

If you've found OPNsense to be useful please donate  . I'm not affiliated with OPNsense by any means nor am I a spokesman but the developers are working hard with daily commits to the repository. I migrated from m0n0wall to OPNsense and I've been very pleased.

Donated $25.00

I'm sure any amount you're able to donate the developers would appreciate it.

9

Development and Code Review / [SOLVED] Building source code will result in large img/iso file sizes

« on: January 17, 2016, 11:49:47 am »

Initially wanted to know why building OPNsense source code resulted in large img/iso file sizes. I was surprised to see the file sizes were around 750mbs.  The newer official OPNsense release builds were closer to 213mbs. I then quickly posted on this forum to find out why. Right after posting my question at the corner of my eye I saw the extension bz2 at the end of the official OPNsense releases . within a few seconds after posting my question I looked for a delete post button and didn't see one so I modified the original post to say "Delete this post".

Today I returned to the forum to see my post still here with a reply from phoenix wanting me to share my findings.

So yea my finding are that I'm a complete idiot. First off the release builds are compressed. Second there is a "Delete this post" option at the top when you modify your post. Thank you for wasting your time reading this  .

10

15.7 Legacy Series / question about blocked ipv6 icmp in firewall logs

« on: January 15, 2016, 08:51:35 pm »

I constantly see blocked ipv6 icmp traffic in my firewall logs. It's from the same source and destination all the time. My ISP provides me with an ipv4 ip address. I disabled ipv6 in OPNsense. I would like to know why I'm seeing so much ipv6 icmp blocked traffic specifically from the same source and destination?

11

15.7 Legacy Series / adduser from serial console

« on: November 20, 2015, 12:56:35 am »

Just was curious about adding users from the serial console. By chance I attempted to add a user using the adduser command. It appeared it added the user without any problems. I then checked to see if the webui would show the newly added user which it didn't. So I took a closer look at the files (passwd, master.passwd, and group) that should have been modified when I added a new user. Both the passwd and master.passwd files were modified but the group wasn't and didn't show the newly added user.

I'm positive the most appropriate method of adding a user should be from the webui. I just wanted to make sure this was the intended behavior of adduser from the shell. Attempting to add the same user from the webui after adding the user with adduser from the shell ends up with the following error:

The following input errors were detected:
That username is reserved by the system.

So I had to use rmuser from the shell before I could add the same user from the webui. This question is only out of curiosity since adding a user from the webui works as intended.

12

15.7 Legacy Series / Development build

« on: November 18, 2015, 09:05:37 pm »

I'm currently using the development build (opnsense-devel) which has a significantly changed menu design. Is this the route you are going with the menu are are you moving on to something different. Reading the git issue located at:

https://github.com/opnsense/core/issues/465

seems to suggest you maybe going a different direction then the development build menu. Was just curious since I've noticed minor cosmetic webui issues in the development build and wondering if I should even point them out.

If you guys get a chance take a look at the Advanced Tomato webui demo. The online demo is a bit buggy but does provide some menu ideas. It's using bootstrap as well. Can be found at:

https://advancedtomato.com/demo/status-overview.asp#status-home.asp

13

15.7 Legacy Series / Minor webui issues

« on: November 13, 2015, 06:56:49 am »

Few minor webui issues that I noticed after install. In addition I added a few suggestions as well  .

Status --> RRD Graphs

• Status menu collapses when RRD Graph tabs are selected

Diagnostics --> States

• Diagnostics menu collapses when reset states tab is selected

Suggestions:
Status --> System Logs
Highlighting each tab at the top should highlight the entire box not just the top half. I'm referring to tabs that don't have 2 levels of text.

Diagnostics --> ARP Table
Allow each column to be sortable. I see up and down arrows on the tabs, but clicking on the tabs doesn't sort them.

The resolution I'm currently using on my computer lcd doesn't show the entire left side menu when for instance Diagnostics is expanded. I noticed that if I use the left side scrollbar to scroll down to select a menu item that after I select the item the menu scrollbar scrolls all the way back up to the top hiding the menu item down below that I selected. Maybe this can be changed from happening.

Finally just wanted to say that I'm impressed with OPNsense. First time user coming over from m0n0wall. Used OPNsense-15.7.18-OpenSSL-serial-amd64.img to install to an msata drive. Look forward to seeing OPNsense around for along time.