Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - XeroX

#16
22.7 Legacy Series / Re: WOL sends on port 40000? Why?
August 18, 2022, 12:30:57 PM
More details pls.

What are you trying to wake up? Same subnet? What device? Wireshark capture?
#17
I'm not sure what the version numbers of your monitoring tools have to do with opensense?

Install latest and try this dashboard: https://grafana.com/grafana/dashboards/13386-opnsense-firewall/
#19
Quote from: tessus on August 05, 2022, 03:30:07 PM
I know that i211 is Intel, since I also have that NIC, but what I am saying is that I don't see the suffix -AT on my system. Neither in the UI, nor on the commandline.

Its the official name for that chipset. Not sure whats the decision behind the naming schemes on the driver.

However now you know.

https://www.intel.com/content/www/us/en/products/sku/64404/intel-ethernet-controller-i211at/specifications.html
#20
Quote from: tessus on August 05, 2022, 12:35:28 AM
What is i211-AT? I only see i211 on my system. So maybe I should not set it to "Leave default" after all.

I am currently travelling and won't be back for 2 months, so I will wait until I am home before updating to 22.7 and/or playing around with those settings...

i211-AT = Intel i211

But my described scenario only applies to configurations with IPS.

I mean, nobody knows your configuration, so I wouldn't risk it.
#21
Okay so "Leave Default" can be Enabled or Disabled. Depends on the driver.

However "Leave Default" is Enabled for igb (i211-AT). You have to set it to Disabled to make VLANs working again. Really confusing and really shitty implementation on BSD side.

This effect only applies with IPS enabled. Enabled, Disabled or Default work without Suricata.
#22
Hello,
I'm facing the following problem with Suricata with 22.7. Hardware offloading is off. I set VLAN Filtering to "Leave Default" prior the update.

Interfaces:
WAN = PPPoE on igb0
MODEMACCESS = igb0
LAN = igb1
VLAN1, VLAN2 = Child of igb1

Suricata is configured in Promiscous and IPS Mode to LAN and MODEMACCESS as those are the physical interfaces. LAN because I want to see which machines maybe compromised and communicating to the internet. However it worked flawless with 22.1.

After the update. VLANs are not reachable when Suricata is running. No settings changed.


Stats for 'igb0':  pkts: 78997, drop: 0 (0.00%), invalid chksum: 0
Stats for 'igb0^':  pkts: 84275, drop: 0 (0.00%), invalid chksum: 0
Stats for 'igb1':  pkts: 102971, drop: 0 (0.00%), invalid chksum: 0
Stats for 'igb1^':  pkts: 107821, drop: 0 (0.00%), invalid chksum: 0



Switching to MODEMACCESS only. Seems to work but it doesnt. emergering_user_agents ruleset is enabled and added to the Policy. But # curl -A "BlackSun" www.google.com results in nothing although it should be blocked. It does work when adding LAN again BUT VLANs stop working. In general I question the use of IPS on WAN interface?!

Stats for 'igb0':  pkts: 3342, drop: 0 (0.00%), invalid chksum: 0
Stats for 'igb0^':  pkts: 4858, drop: 0 (0.00%), invalid chksum: 0


Any advices? I can life with not IPS on LAN, but it does not work on WAN physical interface. This renders IPS pretty useless for me.

I downgraded to 6.0.5 as well without improvement.

Is this related to the merge of EM and IGB Driver in 13.1?

https://www.freebsd.org/cgi/man.cgi?query=em&apropos=0&sektion=4&manpath=FreeBSD+13.1-RELEASE+and+Ports&arch=default&format=html
https://www.freebsd.org/cgi/man.cgi?query=netmap


#23
Hello guys.

I still have issues with VLANs.

None of my VLANs are working after the upgrade.

I switched to "Leave Default" prior updating (as I've an older installation).

Suricata runs on LAN (igb1), WAN(igb0) (Physical interfaces). VLANs are on igb1.

All Hardware acceleration is off (switched off CRC Offloading recently).

My VMs are still not able to reach the gateway (no route to host).

Any advices?

EDIT: 100% IPS related. However I'm not sure why this was working before with 22.1 (VLAN set to leave default) and isnt working with 22.7. Downgrade to 6.0.5 did not work as well.
#24
22.1 Legacy Series / Re: os-ddclient
August 01, 2022, 09:41:11 PM
Quote from: chtse53 on July 25, 2022, 02:43:38 AM
Quote from: athurdent on July 24, 2022, 01:01:17 PM
Late to the party, sorry.

Could not find a way to properly set the IONOS API update URL. It just needs to call that custom URL, nothing else. ( https://www.ionos.de/hilfe/domains/ip-adresse-konfigurieren/dynamisches-dns-ddns-einrichten-bei-company-name/ )

Also, even if it worked, no way to update it to a GW group anymore?
I am also using IONOS API.  Since it is as simple as calling a custom URL, I just created a custom cron job to do it. Need not bother about the os-ddclient.

Using All-Inkl, however IONOS is straight forward with os-ddclient. Set to custom, set to DynDns2, post URL as mentioned for FritzBox, leave everything empty. Done.

https://www.ionos.de/hilfe/domains/ip-adresse-konfigurieren/dynamisches-dns-ddns-einrichten-bei-company-name/

#25
22.1 Legacy Series / Re: os-ddclient
July 24, 2022, 09:45:03 PM
Late to the party as well.

Is there a generic setting? Same as athurdents provider mine needs just a generic curl with creds.
#26
Quote from: RamSense on June 25, 2022, 09:19:27 PM
XeroX: have you tried stop and start nginx from the opnsense gui?

Yes, works fine for me.
#27
Looks like completely messed up.

Upgrade to latest and apply patch afterwards. Applying patch twice will undo the patch.
#28
Quote from: RamSense on June 25, 2022, 08:44:43 PM
@XeroX, did you try to stop and restart Nginx after the patch?

Nginx was in stopped state while patching and started afterwards.

What does general logs say?
#29
Can confirm patch works.

opnsense-patch -c plugins a357676
#30
I found the "hidden" rules via /tmp/rules.debug.

rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {80} -> 127.0.0.1 port 3128 # redirect traffic to proxy
rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {443} -> 127.0.0.1 port 3129 # redirect secure traffic to proxy

a) Why they are "hidden" and not removed when switching off transparent mode?
b) how can I remove this?

@franco sry to summon, any ideas? is this a known issue?