Messages

Hi all,
I'm curious if I can use this method for internal running services (jails on freenas) without exposing them outside.
I can force the DNS override so I resolve them with fqdn from LAN but I can't make HAproxy work and serve the Certificate for them. I already got certificates for all instances in acme (jail1.domain.x, jail2.domain.x)

thank you in advance

I understood it wrong.
now it's clear. in this case this exception is not even needed.
thank you

Thanks for your reply.

As you said, IN rules apply to WAN and OUT rules are applied to LAN.
Now my question is :
How can I exclude 1 single IP from LAN (direction out) from matching the block rule that has as destination the FireHOL1 list.

Hi all,
I have a few floating rules on both WAN (direction IN)  and LAN (direction OUT) which are blocking one specific host from lan to reach outside connections.
I don't want to disable the rules on LAN (this is where it happens), instead, I tried excluding that particular host from the match by using invert. something doesn't work and I have no clue what

The blocking rule is Block DROP out 1 - LAN.
how can I exclude only 1 ip from matching this rule?

problem fix.
I was missing the out rules on each interface.
thanks - this thread can be closed

forgot 1 thing:
on both interfaces I have a rule that allows traffic from 172.16.10.11/24 to 172.16.20.3/29 and vice versa via the default gateway.

[2 networks have a problem:]

Hi all,
I got stuck with the following situation:
I have a few vlans and several networks.
2 networks have a problem:
network 1 -> 172.16.10.0/24 with x clients - no VLAN
network 2 -> 172.16.20.0/29 with only 2 clients - VLAN10
now this 2 networks intersect in my storage (TrueNAS) where I have 1 interface linked to network 1 and the second interface linked to network 2:
jail 1 -> connects to the non-vlan network and gets DHCP (172.16.10.11)
jail 2 -> connects to Vlan10 and gets DHCP (172.16.20.3)

now the problem is: VLAN10 network uses an openVPN gateway (SurfShark) to reach internet.
I need to make the 2 jails talk to each other by preventing 172.16.20.3 to use default gateway as internet gateway.

ping from 172.16.10.11 to 172.16.20.3 works
ping from 172.16.20.3 to 172.16.10.1 (gateway) works but it doesn't with 172.16.20.3.

what am i missing?
can be the switch port? network 2 binds to a tagged switch port. I think is blocked at the firewall level

thank you

any clue ?

What am i doing wrong ?

Hi all,
I have a wierd unbond problem. It crashes once a day because of:

Code Select Expand

2022-10-31T05:03:13 Error unbound [75750:0] error: remote control failed ssl crypto error:02FFF020:system library:func(4095):Broken pipe
2022-10-31T05:03:13 Notice unbound [75750:0] notice: failed connection from 127.0.0.1 port 14221
2022-10-31T05:03:13 Error unbound [75750:0] error: remote control failed ssl crypto error:02FFF020:system library:func(4095):Broken pipe

I have DNS over TLS enabled with cloudflare and under Custome Options I manually added

Code Select Expand

tls-cert-bundle:  /var/unbound/unbound_server.pem
I have verified all CAs and Certifications. All (self signed + ACME) are valid

any clue what this error means?

Cpu is actually 2.4 Ghz

Hi all,
I see the new version comes with sqlight as local db for the data in zenarmon. I was wondering, did anyone managed to define it as datasource in Grafana ?

I experience the same behaviour. Without Zenarmor I get 600 Mbps download. With Zenarmor I only get 300-350 Mpbs
The setup I have for Opnsense is an atom 8 cores, 16 GB ram ecc, Intel Gigabit NICs
However when I am running the tests I follow the resource allocation/consumption and neither the CPU or Ram seem to be under stress. I think it's software bottleneck

Hi all,

I am on OPNsense 22.7.2-amd64

Sensei doesn't work because MongoDB cannot strat:
pkg check -da
Checking all packages: 100%
py37-markupsafe has a missing dependency: python37
py37-markupsafe has a missing dependency: py37-setuptools
py37-markupsafe is missing a required shared library: libpython3.7m.so.1.0
py37-pymongo has a missing dependency: python37
py37-pymongo has a missing dependency: py37-setuptools
py37-pymongo is missing a required shared library: libpython3.7m.so.1.0

Anyone can tell a repo from where to get these missing files?

thanks

Seems dns related. If i add the interface in unbound under the list of served interfaces it works.
However i want to use specific dns fw for this interface and i define them manually on the clients.

Still working on understanding the issue

Mine looks active, but no internet for clients as well.
Investigating