Messages

151

General Discussion / Re: Traffic Stats

« on: March 18, 2018, 01:41:03 pm »

What's wrong with using an external solution where you can get the results in the format you want? You can do that with the Telegraf plug-in sending the data to Grafana and then building your own graphs, I do.

152

18.1 Legacy Series / Re: [CALL FOR TESTING] Speculative Execution Kernel Patch for amd64

« on: March 16, 2018, 10:27:22 am »

Another "me too", no problems since I installed it yesterday.

153

General Discussion / Re: How to setup ipv6 DHCPv6

« on: March 13, 2018, 08:21:38 pm »

Do you have the router advertisements service enabled on the LAN interface?

154

18.1 Legacy Series / Re: Option missing ?

« on: March 12, 2018, 02:59:03 pm »

Whereas I made it clear I don't need lectures on the topic to avoid those who would use such lectures as a way to justify not having the option or to try and sound clever.

I don't need a lecture on the use of the word "patronising" as I know what it means and your latest comments seem to fit the definition quite well.

I asked a question re an option that seems to have disappeared, I did not invite a debate on the merits or demerits of its use.

If you read my post again you'll see that I made a comment about advice given on forums, just like you I have an opinion about that and it's never a bad idea to give advice on security and in any case I actually didn't do that nor did I attempt to engage you in debate over your request.

155

Hardware and Performance / Re: Dell/Intel PRO/1000 VT Quad Port Server Adapter

« on: March 12, 2018, 11:39:21 am »

Yes, I've used those NICs in the past with OPNsense and without problems. I currently use Intel i34-T4 & i350 NICs in my ESXi server and they're also without problems - you might want to consider those if the price difference isn't too great.

156

18.1 Legacy Series / Re: Option missing ?

« on: March 11, 2018, 01:32:35 pm »

Has the option to permit users to save login details in the browser GUI been removed ?

Possibly.

If not where is it - why does 18.1 now force me to log in all the time - I can't find the option in any settings window to allow this ( I know it used to be a setting - been using a form of pFSense or OPNSense for years ).

That's poor practice and it's closing the browser that forces you to login again and, I guess, the session will expire after a period of time.

I'm not interested in lectures why saving login details is a bad idea.

That's a rather patronising statement, it's never a 'lecture' to tell people about good security practice and something about which they may never have previously been told.

157

General Discussion / Re: How to setup ipv6 DHCPv6

« on: March 10, 2018, 11:04:21 am »

You need to configure the LAN interface to have a fixed IP address, that will allow you to enable the DHCPv6 server on that interface to allocate IPv6 addresses for your LAN.

158

General Discussion / Re: How to setup ipv6 DHCPv6

« on: March 09, 2018, 07:15:01 pm »

A couple of things, first I'm no great expert with IPv6 and I've never had much success getting the 'track interface' to work correctly - I resorted to fixed IP address for the LAN.

I assume you want to hand out IPv6 addresses for your LAN, would that be correct? If what you're trying to achieve is IP address allocation for IPv6 then you would use a DHCP serve not a relay, I'm guessing that would explain why you're mentioning a 'destination server'.  If you could just clarify if you're trying to get LAN IPv6 addresses allocated or something else.

If when you got the Services/DHCPv6 menu you're only seeing the Relay/leases wntries I'm assuming that's because you have no fixed IPv6 addresses on your firewall.

159

Tutorials and FAQs / Re: How to start GUI in OPNsense?

« on: March 07, 2018, 03:10:22 pm »

That's rather a vague description. Which version of OPNsense did you download, i386 or AMD64 and was it a DVD or something else and what type of hardware did you install it on?

160

General Discussion / Re: How to setup ipv6 DHCPv6

« on: March 06, 2018, 07:56:02 pm »

What errors are you seeing with DHCP? Do you see a suggested range when you to the DHCPv6 config page?

[EDIT] I forgot to ask if you have a fixed IP address for IPv6?

161

General Discussion / Re: New to firewalls

« on: February 23, 2018, 07:57:43 am »

You do not want to expose (and under no circumstances should you do this) a LAN DNS server to the internet. You can either set-up port forwarding to your internal LAN server(s) or you can do the sensible thing and use a VPN to access your LAN, you'll then have full and secure access to your LAN without exposing anything to the outside world.

162

Russian - Русский / Re: Cant start configd

« on: February 22, 2018, 11:17:47 am »

I can't specifically answer your question but I'd guess you need to give more information about the problem such as OPNsense version and what errors you see in the log files plus what exactly happens when you try to restart configd?. Have you also rebooted the server and does configd start when you do that? If it does start, does it fail after a period of time?

BTW, as you've posted in English I'd suggest this may have been better posted in the English language section as not many English speakers are likely to visit the Russian forum.

163

Web Proxy Filtering and Caching / Re: Why not squid 4?

« on: February 21, 2018, 10:27:50 am »

The mos recent version of Squid is 3.5 and version 4 is beta and probably not suitable for a firewall yet. If you want to raise the subject of a version change/upgrade then you're probably better off posting on github.

164

Intrusion Detection and Prevention / Re: Port 53 flood on IPS

« on: February 14, 2018, 08:44:26 pm »

Don't have a DNS server I use Outbound (DNS Resolver) and the IPS DNS.
I will shut down port 53 and allow only traffic from the ISP DNS servers

You should not need to 'allow' and DNS servers access to anything inside your network. As I mentioned, I use a DNS Authoritative Server and DNS Recursor inside my lan and no external server needs specific access my my recursor.

165

Intrusion Detection and Prevention / Re: Port 53 flood on IPS

« on: February 14, 2018, 05:17:47 pm »

Problem is some may be responses to my DNS queries from OPNsense Unbound. I do not run a DNS server.

No, they should not.

So I now let them in but hardened my GeoIP block and added filehol. Should I really just block all inbound port 53? Except of course my own ISP DNS IP's.

Yes, you should block all inbound port 53 and ,as already been said, you should never allow a ;local DNS server be seen by anything on the internet. I run a local DNS server and I have no specific ports open (inbound or outbound) that relate to DNS, my systems all work fine.

Just out of interest, is your DNS server located on the LAN or WAN interface?