"Recent posts
#1
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by SMG - Today at 12:21:48 AMInterfaces to capture - select all
gc0 [LAN]
igc1 [WAN]
re0 [DMZ]
lo0 [Loopback]
enc0
pflog0
pfsync0
wg0 [HedwigWireGuard]
Sieht so aus als würde alles nur auf LAN und DMZ landen
"Ich nehme an, re0 ist das DMZ-Interface."
-ja
gc0 [LAN]
igc1 [WAN]
re0 [DMZ]
lo0 [Loopback]
enc0
pflog0
pfsync0
wg0 [HedwigWireGuard]
Code Select
DMZ
re0 2026-01-29
00:13:57.571658 68:84:7e:xxxxxx 00:e0:4c:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 963, length 64
DMZ
re0 2026-01-29
00:13:58.591672 68:84:7e:xxxxxx 00:e0:4c:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 964, length 64
LAN
igc0 2026-01-29
00:13:57.571638 44:37:e6:xxxxxx 02:76:c6:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 963, length 64
LAN
igc0 2026-01-29
00:13:57.972811 02:76:c6:xxxxxx d8:47:32:xxxxxx IPv4, length 118: 192.168.0.1 > 192.168.0.71: ICMP 132.163.96.6 udp port 123 unreachable, length 84
LAN
igc0 2026-01-29
00:13:58.591649 44:37:e6:xxxxxx 02:76:c6:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 964, length 64
Sieht so aus als würde alles nur auf LAN und DMZ landen
"Ich nehme an, re0 ist das DMZ-Interface."
-ja
#2
General Discussion / Re: Device Monitor - a tool fo...
Last post by xXHelperXx - Today at 12:14:04 AMWow this is amazing!
thanks for creating and sharing this tool. I'll Give it a try.
thanks for creating and sharing this tool. I'll Give it a try.
#3
General Discussion / Re: DNSmasq RA MTU
Last post by Boxer - Today at 12:02:47 AMThanks very much for the pointers, I will go through it thoroughly tomorrow.
#4
General Discussion / Re: DNSmasq RA MTU
Last post by meyergru - January 28, 2026, 11:51:48 PMAh, so you only got problems because of PPPoE. Yes, you should use the same MTU as on WAN, because if you do not clamp your MSS, you may experience problems with sites that have defect PMTUD.
You can also try this - but only if your ISP supports mini jumbo frames... if that works, you can use the "usual" 1500 byte MTU and problems as this will be resolved. There is no 100% guarantee, though.
You can also try this - but only if your ISP supports mini jumbo frames... if that works, you can use the "usual" 1500 byte MTU and problems as this will be resolved. There is no 100% guarantee, though.
#5
General Discussion / Re: Securing interactive hospi...
Last post by nero355 - January 28, 2026, 11:44:00 PMQuote from: meyergru on January 28, 2026, 10:52:34 AMBecause that would be just as bad...Just like someone working in an environment that's apparently above his level if he needs to ask about Firewall Rules advise for it on a forum... -_-
#6
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by Patrick M. Hausen - January 28, 2026, 11:43:46 PMIch hatte den Verdacht, dass du evtl. 192.168.10.0 falsch routest, z.B. weil du es bei WireGuard in die "AllowedIPs" eingetragen hast. Das ist aber nicht der Fall. Ich nehme an, re0 ist das DMZ-Interface.
Dann mach doch mal einen Paket-Trace auf allen anderen Interfaces (WAN, WireGuard), während du den Ping vom LAN in die DMZ absetzt. Irgendwo müssen die Pakete ja landen. Wenn wir wissen, wo, können wir gucken, weshalb.
Dann mach doch mal einen Paket-Trace auf allen anderen Interfaces (WAN, WireGuard), während du den Ping vom LAN in die DMZ absetzt. Irgendwo müssen die Pakete ja landen. Wenn wir wissen, wo, können wir gucken, weshalb.
#7
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by SMG - January 28, 2026, 11:18:11 PMCode Select
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 178.201.166.1 UGS igc1
10.10.10.0/24 link#8 U wg0
10.10.10.1 link#4 UHS lo0
10.10.10.2 link#8 UHS wg0
10.10.10.3 link#8 UHS wg0
10.10.10.4 link#8 UHS wg0
10.10.10.5 link#8 UHS wg0
80.69.96.12 178.201.166.1 UGHS igc1
81.210.129.4 178.201.166.1 UGHS igc1
127.0.0.1 link#4 UH lo0
178.201.166.0/23 link#2 U igc1
178.201.167.223 link#4 UHS lo0
192.168.0.0/24 link#1 U igc0
192.168.0.1 link#4 UHS lo0
192.168.10.0/24 link#3 U re0
192.168.10.1 link#4 UHS lo0
Internet6:
Destination Gateway Flags Netif Expire
default fe80::201:5cff:fe77:4a46%igc1 UGS igc1
::1 link#4 UHS lo0
2a02:908:2:a::1 fe80::201:5cff:fe77:4a46%igc1 UGHS igc1
2a02:908:2:b::1 fe80::201:5cff:fe77:4a46%igc1 UGHS igc1
2a02:908:1900:6::1bee link#4 UHS lo0
2a02:908:1900:8::/64 link#2 U igc1
2a02:908:1960:e5a0::/64 link#1 U igc0
2a02:908:1960:e5a0::/59 link#4 USB lo0
2a02:908:1960:e5a0:76:c6ff:fe01:6d6d link#4 UHS lo0
2a02:3102:8001:d7::/64 link#2 U igc1
2a02:3102:8001:80d7::/64 link#2 U igc1
fd00::/64 link#2 U igc1
fe80::%igc0/64 link#1 U igc0
fe80::76:c6ff:fe01:6d6d%lo0 link#4 UHS lo0
fe80::%igc1/64 link#2 U igc1
fe80::76:c6ff:fe01:7154%lo0 link#4 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0
#8
26.1 Series / Re: radvd warnings
Last post by OPNenthu - January 28, 2026, 11:15:52 PMQuote from: Incogni on January 28, 2026, 07:50:07 PMI had the same issue but then I noticed I used router advertisements from DNSmasq and forgot to disable the RAs under Services->Router Advertisements.
I had a little bit of weirdness after upgrade to -RC2 which franco pointed out to me might have been caused by past options I was using.
IMO, it doesn't hurt for folks upgrading from an older install to check once under Service->Router Advertisements afterward just to make sure everything is still as expected. Especially if you maybe once used radvd with "Allow manual adjustment of DHCPv6 and Router Advertisements" but are now using Dnsmasq RAs.
#9
General Discussion / Re: DNSmasq RA MTU
Last post by Boxer - January 28, 2026, 11:08:07 PMOk, thanks meyergru. Leaving it blank (default) gives me issues with Microsoft websites. I would be interested in knowing what the default MTU value is but I'm unable to find any such documentation.
And since dnsmasq dhcp will be the default option for most home networks going forward I think it would be helpful if there was at least a note in the opnsense docs regarding this. Unless I've just run into a bug.
And since dnsmasq dhcp will be the default option for most home networks going forward I think it would be helpful if there was at least a note in the opnsense docs regarding this. Unless I've just run into a bug.
#10
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 28, 2026, 11:05:53 PMAll patched and logging turned on. :-). I also turned on RA in dnsmasq and turned off radvd.
Patching file opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf using Plan A...
Hunk #1 succeeded at 152.
No such line 354 in input file, ignoring
Hunk #2 succeeded at 347 (offset -8 lines).
done
All patches have been applied successfully. Have a nice day.
Patching file opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf using Plan A...
Hunk #1 succeeded at 152.
No such line 354 in input file, ignoring
Hunk #2 succeeded at 347 (offset -8 lines).
done
All patches have been applied successfully. Have a nice day.
