Recent posts

#1

Q-Feeds (Threat intelligence) / Re: blocking https://internet....

Last post by RamSense - Today at 04:11:23 PM

Thanks, and correct. Website is working again.

#2

Q-Feeds (Threat intelligence) / Re: blocking https://internet....

Last post by lmoore - Today at 03:46:42 PM

Both the IPv4 & IPv6 addresses are listed in AbuseIPDB, and ipvoid has has the IPv4 address reported in a handful of block lists. Nothing found in urlvoid.

The postfix web site was in the in the Q-Feeds malware ip list 5 days ago when I tried to access it. It appears to have since been removed as I was able to access the site yesterday.

#3

General Discussion / Re: Packet received by interfa...

Last post by Monviech (Cedrik) - Today at 03:39:31 PM

What kind of network device are you using (intel nic)?
Are VLANs involved?
How large is the UDP packet, would it need to be fragmented?
Is intrusion detection used (netmap driver)?
Is a Captive Portal configured? (ipfw enabled, can block packets before pf)
Is a ipsec policy installed that might blackhole this paket?

I know a few things that can make packets "vanish" without a trace in tcpdump, the above are some.

[Default block]

#4

General Discussion / Re: Packet received by interfa...

Last post by lmoore - Today at 03:16:19 PM

There are no firewall logs indicating the packet was blocked.

The likelihood is that it is being blocked by a firewall rule, or you don't have a rule to allow it out of the destination interface. It's difficult to suggest anything without seeing the relevant rules and if Source or Destination NAT is required.

Ensure you have enabled logging of Default block and Default pass in Firewall -> Settings -> Advanced.

In addition, if you have configured any block rules, ensure logging is enabled in them so you can spot anything amiss.

#5

Zenarmor (Sensei) / Re: Zenarmor performance expec...

Last post by tangofan - Today at 02:07:31 PM

Hi,

Yes, the expectation will be up to 10 Gbps with multicore support. Can you share the exact model of CPU?

So that means one has to pay up for the business edition to get multicore support and thus the 10 Gbps? At least that's what the roadmap at https://www.zenarmor.com/roadmap suggests.

#6

26.1, 26,4 Series / Re: DNSCrypt service had a red...

Last post by MrHappyHippo - Today at 01:40:05 PM

I've added two more cron jobs that might serve as a workaround. I didn't see any errors in the logs, so my idea is to have these additional tasks run shortly after the system reboot:

4:00 AM System reboot
4:10 AM dnsycrpy-proxy restart
4:15 AM unbound restart

Hopefully, staggering these restarts will ensure the services come up cleanly. I'll monitor and see if this resolves the issues.

#7

General Discussion / Re: Packet received by interfa...

Last post by nero355 - Today at 01:31:08 PM

I've run a packet capture on both interfaces, I can see the packet coming in on the input interface but it just disappears after that.

You should share your tcpdump/pcap output IMHO if you want anyone to say anything useful about it :)

#8

Hardware and Performance / Re: Recommended OPNsense SFP+ ...

Last post by rumshot - Today at 11:58:03 AM

Hi Guys,

I wanna share my experience with FS and why i've decided to abandon them and use flexoptix .
Ive bought 20 SFP+ ethernet from FS because they claimed they were able to recorded a specific vendor. The SFP arrived and didnt worked at all.
They shipped to me a magic box to change the eprom myself... after a lot of troubleshooting with their engineering they were able to make it work but with the eprom as Fiber....
Unfortunately this is not ok for myself and my customer and when we tried to ship it back they didnt accepted.
So... I cant buy from them like that.
Ive changed to flexoptix (https://www.flexoptix.net/en/transceiver) where they shipped to me the transceiver and also their magic box (that was not needed, because the transceiver came programmed and working as ive asked).

With that being said, i would change to another supplier to double check if it will work.

The cable we are using is a 2 fibers LC UPC Duplex to LC UPC Duplex OS2 (link : https://www.fs.com/fr/products/40384.html?attribute=103594&id=3704291)

I checked to make sure the cables are connected properly and not reversed.
There is only one way to connect them to the transceiver.

It's most probably the single mode fiber cable but from our understanding it only depends on the use of your communication.
But we are likely wrong if most of you ask this question.
If that is indeed the problem, what is the explanation?
What did we misunderstand about multi-mode and single-mode cables?

As soon as possible, I'll try using a multi-mode cable to run the test and post an update here.

What Mikrotik switch model is it and does the Mirotik switch also show the correct information about the transceiver?

The switch does show the correct information about the transceiver
The Mikrotik we have is a CRS354-48G-4S+2Q+ (link :https://mikrotik.com/product/crs354_48g_4splus2qplusrm)

Edit : Is it normal for the transceiver displayed on the Mikrotik switch to be the OPNsense transceiver (SFP-10GSR-85) even though the SFP+ module connected to the switch is actually the other one ?

I have read a lot about MikroTik products having issues with certain SFP/SFP+ modules in the past so the first thing I would look at is any recent Firmware Change Logs mentioning any kind of issues and see if they match your situation.

Fortunately, I can't find any logs that point in that direction

#9

Q-Feeds (Threat intelligence) / Re: blocking https://internet....

Last post by DEC740airp414user - Today at 11:23:32 AM

its labeled as malware ip with an alternate dns tool.

#10

26.1, 26,4 Series / Re: [Solved] Connectivity Audi...

Last post by Patrick M. Hausen - Today at 11:07:18 AM

The connectivity audit is as far as I know intended to be a debugging aid in case you observe any problem with updates. It's not a regular health check that must necessarily be "green" all the time.