256
Hardware and Performance / Re: QSFP NICs and breakout cables
« on: April 08, 2024, 03:49:55 pm »
I'm just going to ask... What hardware are you running that will route at QSFP speeds, even broken down into a quad of 10gbps speeds?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
257
Hardware and Performance / Re: Realtek 2.5 Nic. Im a complete NOOB.
« on: April 08, 2024, 03:44:51 pm »
How does a person install that plugin from the VGA or serial console?
I think I might grab a cheap gigabit USB to ethernet device and plug it in, that should hopefully show up in the list so you can configure it as LAN (temporary), then you can go into the web gui and install the plugin for the Realtek driver.
Notice I said USB gigabit (or older 100mbps), that way it should be using a chip that is known to the OS, but it's kind of a guess and since I have a few of these devices around, would be my first go to attempt.
I think I might grab a cheap gigabit USB to ethernet device and plug it in, that should hopefully show up in the list so you can configure it as LAN (temporary), then you can go into the web gui and install the plugin for the Realtek driver.
Notice I said USB gigabit (or older 100mbps), that way it should be using a chip that is known to the OS, but it's kind of a guess and since I have a few of these devices around, would be my first go to attempt.
258
General Discussion / Re: About Business License
« on: April 05, 2024, 04:39:33 pm »
What exactly isn't working? Since you have a business license, why aren't you contacting support directly? If you did contact support, and they haven't responded, that's a different issue altogether.
259
Intrusion Detection and Prevention / Re: IDS and Alerts
« on: April 03, 2024, 07:45:01 pm »
Can Zabbix tie in and do this? I'm still working on setting up Zabbix to monitor stuff, but it might be able to send you a play by play or maybe a summary of alerts every XX minutes/hours. Might be worth looking into a little deeper. Needs a Zabbix server running and then (I assume) installing the Zabbix client from the plug in selection (OPNsense).
260
General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports
« on: April 03, 2024, 05:03:24 pm »
Eventually I have a feeling you will end up buying a 2.5gbps switch, looks like you can get a 5 port that includes a 10gbps uplink for around $44usd. No idea if these cheap switches will really perform, but https://www.servethehome.com/ has a bunch of reviews on some "cheap" 2.5 and 10gbps switches that might be worth looking at.
Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.
Summary is that I think you are going to get tired of fooling around trying to bridge those ports and get full speed out of them. Maybe it works, maybe it doesn't, but a switch is going to be a lot easier down the road.
261
General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports
« on: April 02, 2024, 03:35:58 pm »
The switches in your diagram above, what are they? Do they have enough ports for everything wired and still have a couple left over?
In short, I would not create a bridge.
I would either get a bigger switch (if needed) or do the following:
OPNsense LAN --> switch 1 --> switch 2
AP1 --> switch 1
AP2 --> switch 1 or switch 2
Yes switch 2 is another hop, as long as switch 1 is not "full" (at capacity) you won't really be losing performance. And most switches in home or light business are not near capacity.
You could also make the above "better" by getting a third switch that is faster to work as the first level, then connect switch 1 and switch 2 to this new switch. Both AP could also connect to this new switch, depending on capability.
In short, I would not create a bridge.
I would either get a bigger switch (if needed) or do the following:
OPNsense LAN --> switch 1 --> switch 2
AP1 --> switch 1
AP2 --> switch 1 or switch 2
Yes switch 2 is another hop, as long as switch 1 is not "full" (at capacity) you won't really be losing performance. And most switches in home or light business are not near capacity.
You could also make the above "better" by getting a third switch that is faster to work as the first level, then connect switch 1 and switch 2 to this new switch. Both AP could also connect to this new switch, depending on capability.
262
General Discussion / Re: Firewall WAN IP is seen differently externally?
« on: April 02, 2024, 03:25:39 pm »
Thanks. TMobile didn't get the memo. 
I have a 192.168.x.x on my home internet service. Maybe they ran out of 100.64.x.x to hand out.
I have a 192.168.x.x on my home internet service. Maybe they ran out of 100.64.x.x to hand out.
263
General Discussion / Re: Nothing major, just moved from pfSense to OPNsense. Very satisfied so far.
« on: April 02, 2024, 03:20:59 pm »
Why did you go with 23.x and not 24.x?
I'm about a month into my journey from PF to OPN and getting ready to create a purchase order for a 3 year Business license. I will say, there are some things I still just can not grasp and kind of just hoping they get worked out down the road. I'm using legacy rules application for Suricata, the new way doesn't seem to work for me. Crowdsec installed because way easier. Zenarmor doing some filtering because way easier.
I needed to replace hardware no matter what I did, so testing on an HP T740 and will make the production server out of an "old" Supermicro server that I've used for a few years (X11 mainboard so not that old). Eventually I'll budget for new hardware but might take that first 3 year license to get there.
I'm about a month into my journey from PF to OPN and getting ready to create a purchase order for a 3 year Business license. I will say, there are some things I still just can not grasp and kind of just hoping they get worked out down the road. I'm using legacy rules application for Suricata, the new way doesn't seem to work for me. Crowdsec installed because way easier. Zenarmor doing some filtering because way easier.
I needed to replace hardware no matter what I did, so testing on an HP T740 and will make the production server out of an "old" Supermicro server that I've used for a few years (X11 mainboard so not that old). Eventually I'll budget for new hardware but might take that first 3 year license to get there.
264
General Discussion / Re: Firewall WAN IP is seen differently externally?
« on: April 01, 2024, 03:59:05 pm »
Why would a company be using a publicly routed IP behind the CGnat?
I have a CGnat on my home service and it uses a private IP address for the clients behind the CGnat.
While nothing stops you from doing it the first way, it could certainly get in the way of DNS depending on the site you are trying to reach.
I have a CGnat on my home service and it uses a private IP address for the clients behind the CGnat.
While nothing stops you from doing it the first way, it could certainly get in the way of DNS depending on the site you are trying to reach.
265
24.1 Legacy Series / Re: 24.1.4 dhcp hands-out same ip-address twice
« on: April 01, 2024, 03:49:18 pm »
Since these are a VM, did you have a look at the VM host and see if by any chance it also had the same IP address? Just wondering if an address is handled out before that the virtual MAC is supplied. Do you have a physical computer you can connect and see if it gets the same 3.130 address?
266
Hardware and Performance / Re: OPNSense installation on SSD and use ZFS considering wearing out SSD
« on: March 29, 2024, 02:35:28 pm »
How big are system logs though? They shouldn't amount to a lot of data per month written.
267
Intrusion Detection and Prevention / Re: Suricata policy - v7.0.3 ?
« on: March 29, 2024, 02:29:45 pm »
I have my policies set to drop, but if the main rules is set to alert, all I get is alert. It seems to parse the rules first, do what it says and exit (first match). Mine never seems to get to the policy.
Obviously, more experiments are needed for me to figure this out.
Obviously, more experiments are needed for me to figure this out.
268
General Discussion / Re: Need help with new setup/install Mini PC, 6x2.5GbE 1 subnet, DHCP on 5 ports
« on: March 28, 2024, 06:38:22 pm »
The instructions did say that this is not a recommended way.
Make a backup of the config, then start testing?
I would probably connect a switch to LAN, cascade to the second switch, etc. but trying the bridge would be worth doing just to find out if it works for possible situations that one might run into.
Make a backup of the config, then start testing?
I would probably connect a switch to LAN, cascade to the second switch, etc. but trying the bridge would be worth doing just to find out if it works for possible situations that one might run into.
269
General Discussion / Re: Intel 82599ES, interfaces in RED with "no carrier"
« on: March 28, 2024, 06:35:49 pm »
Would it be wise to delete any/all vlans on that interface until you can get the interface up?
Make a config backup first and then delete them?
Make a config backup first and then delete them?
270
Intrusion Detection and Prevention / Re: Drop Policy and directly set Rule to "Drop" not working.
« on: March 28, 2024, 06:32:26 pm »
After changing them, did you go back to the rules tab and hit apply? I'm guessing you did but thought I would ask.
Otherwise I'm not sure as you did everything else I would recommend. Something I really need to sit down and figure out and it might be a case of messing it up once, and the mess up stays on the machine so wipe the drive and start from a config backup (probably my next step for a couple of reasons).
Otherwise I'm not sure as you did everything else I would recommend. Something I really need to sit down and figure out and it might be a case of messing it up once, and the mess up stays on the machine so wipe the drive and start from a config backup (probably my next step for a couple of reasons).