Recent posts

#1
26.1 Series / Re: RC1: hundreds of rc.newwan...
Last post by Patrick M. Hausen - Today at 12:20:26 AM
I don't use Suricata or Zenarmor.
#2
Don't override but use the public IP address for access from internal networks, too. Either by NAT reflection or by setting up a reverse proxy like Caddy. I prefer the latter.
#3
26.1 Series / Re: RC1: hundreds of rc.newwan...
Last post by nero355 - Today at 12:16:57 AM
Quote from: Patrick M. Hausen on January 25, 2026, 05:55:15 PMHalf an hour later Internet was down. SSH to the box still working, system quite sluggish, dashboard widgets failing to load.

A couple of hundred processes like this:

/usr/local/bin/php /usr/local/etc/rc.newwanipv6 pppoe0 force

"killall -9 php" made the system responsive again for a short while but the processes kept piling up.
Sounds similar to : https://forum.opnsense.org/index.php?msg=257256 ??
#4
General Discussion / Re: DNS bind error when access...
Last post by nero355 - Today at 12:05:04 AM
Quote from: patrick3000 on January 25, 2026, 05:48:36 PMThis does not happen when I use Chrome on Windows. It only happens in recent versions of Firefox on Mint.
That's because the first two can benefit from it and the other two don't and never will do anything towards such abuse unlike all those spyware creators in this weird world of ours...

See for example : https://securityboulevard.com/2025/06/dns-rebind-protection-revisited/

This abuse example was discovered not that long ago !! ;)
#5
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by fastboot - January 25, 2026, 11:30:46 PM
A flow is the permitted connection path through the firewall, defined by source, destination, protocol and port. So for Sonos that includes the controller -> speaker TCP connections and the mDNS UDP 5353 traffic that must be able to pass (or be repeated) between the VLANs.

Show me your "LAN" rules.
#6
General Discussion / Re: IPv6 and Android Google pl...
Last post by NetworkNitwit - January 25, 2026, 11:21:38 PM
It's a Galaxy S24 Android 16 I bought it in Thailand & I didn't know it at the time but doesn't have all the EU privacy restrictions, like recording phone conversations without the other party knowing! I don't use that feature .......yet :-)
#7
26.1 Series / Re: 26.1.r_9 -> to 26.1 offici...
Last post by notspam - January 25, 2026, 10:48:22 PM
Thanks for the clarification.
Switched now to 26.1_r1 and wait for the next releases.
#8
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by Mr.SmartEpants - January 25, 2026, 10:47:03 PM
1. Yes (see screenshot)

2. Yes (see screenshot)

3. What do you mean "flows"?  I disabled the "rule-1" to no effect, and I also changed the destination to !'Private'(matches alias) for RFC1918 nets.
I followed your steps, they did not work for me.  I factory-reset all my Sonos speakers and the phone app (on LAN interface) can not see the speakers on the IoT interface and the setup fails.  If I switch my phone to the IoT interface, the setup proceeds normally.  But when I switch the phone back to LAN interface, the Sonos app loses contact with all speakers.
#9
German - Deutsch / Re: letsencrypt DNS Problem
Last post by Simaryp - January 25, 2026, 10:45:11 PM
Da weiß ich ad hoc nicht, wie das geht. Ich muss da für heute auch eine Pause einlegen.

Die Regeln zum DNS umleiten sind so aufgesetzt, dass source alles ist, bis auf die mac adresse des Servers.
#10
German - Deutsch / Re: letsencrypt DNS Problem
Last post by meyergru - January 25, 2026, 10:38:35 PM
Nein, das ist nicht notwendig. Ich würde mal schauen, welchen Weg die DNS-Update-Pakete nehmen (also TCPdump auf der OpnSense). Vielleicht ist noch etwas falsch konfiguriert.

Die einzige Möglichkeit wäre, dass der DNS-Server, dem Du die Updates schickst, zufällig in Deinem internen Unbound-DNS auf die interne IP umgelenkt wird. Deswegen muss man dafür einen eigenen DNS-Namen nehmen, der ungleich dem Webserver-DNS-Namen ist, z.B. ns.domain.de vs. www.domain.de. Und dann trägt man die lokale IP nur für www.domain.de ein, nicht für ns.domain.de.