"Recent posts
#1
Hardware and Performance / Re: Single home... device?
Last post by BrandyWine - Today at 07:30:20 AMQuote from: pfry on November 14, 2025, 07:01:21 PMWhat would be your PSU -> motherboard link? USB?No.
It's a simple pickup by mobo bios, just as my PC bios monitors various temp sensors and can control cooling fans. There's would need to be a "device" between mobo and OS, an Intel chip, and then an OS device driver to grab the info from the chip. Rather simple. The compliant PSU would need to have a filter that feeds signal from line to the mobo chip, systems with modular PSU's have a ton of wires connected to mobo. Systems with integrated PSU have all the wiring on pcb. It should not be difficult at all to achieve. Having one tiny SMD SOIC (1mmx1mm) would be nice to have for the mobo makers, but they have the phone numbers to Intel and the like.
As for USB-C ports, it's more about the ports on devices and less to do with cables. The size of sfp and rj45 on a mobo is just absurdly big. Cables are readily available (cots) and fairly inexpensive. Fiber cables are very expensive in comparison.
#2
General Discussion / Re: Nginx DuckDNS and Home Ass...
Last post by alfuth - Today at 05:35:09 AMWanted to post an update, I enabled my expressvpn and filtered on that ip address. I saw the "Pass" in the firewall logs when trying to access xxx.duckdns.org. However, I still get "ERR_Connection_time_out".
So it seems like my firewall is configured properly, but nginx is not properly forwarding to correct IP or port. Any troubleshooting steps would be greatly appreciated!
So it seems like my firewall is configured properly, but nginx is not properly forwarding to correct IP or port. Any troubleshooting steps would be greatly appreciated!
#3
Q-Feeds (Threat intelligence) / Re: Bigcommerce problem
Last post by passeri - Today at 05:28:56 AMQuote from: vk2him on Today at 03:24:31 AMI just tested with Wireguard and it does block if you add the Wireguard interface into the two Qfeeds floating rules:
It blocked a known malicious IP on my LAN and Wireguard interfaces:
I think we are talking about different things. If I am out and using my VPN server at home, the Wireguard interface is in Qfeeds and traffic is normal from its point of view. If I am at home and using a VPN provider so it is not my home address, Qfeeds sees only an encrypted stream to my VPN provider. It is the latter case I was discussing.
#4
25.7, 25.10 Series / Wireguard external routing - h...
Last post by Lucid1010 - Today at 05:28:31 AMn100 , 16gb ram, nvme ssd
Is this a performance limitation of the N100 CPU? Or can it be improved by adjusting tunables?
Is this a performance limitation of the N100 CPU? Or can it be improved by adjusting tunables?
#5
25.7, 25.10 Series / Re: How delete bunch of IDS po...
Last post by someone - Today at 05:00:12 AMTry loading the rules again, with no policies
#6
General Discussion / Re: OPNsense VLANs Configurati...
Last post by alfuth - Today at 04:53:52 AMSo, it could be a few things. Lets start by checking a few things to make sure they are configured correctly. In OPNsense:
1. Make sure your interfaces are configured (and enabled) and have the appropriate IP address assigned.
2. Make sure you have your firewall configured so that each Vlan can actually get out to the internet. I have mine set up with a firewall alias named privateNetworks with type: network, content: 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16 -> under each vlan firewall interface make sure you have a rule set up with: Action: PASS, quick: x, direction: in, TCP/IP version: IPv4, protocol: any, source: "vlan" net (from dropdown), invert: x, destination: privateNetwork, then make sure you save and hit apply.
3. Go to services->DNSMasq DNS & DCHP -> general-> enabled: x and include all of your vlan interfaces. Then under "DCHP ranges" set up your ranges for each interface. Then what I did is under "hosts" I make static IP's for all of my networking devices (unifi switch, server, etc) on the default network, I think for you that is 172.16.99.## (whatever network your opnsense is on).
4. One other helpful firewall rule is to allow ICMP from your LAN to all networks. To do this, under firewall->rules->LAN interface click add and create a rule with: Action: pass, TCP/IP version: IPv4, protocol: ICMP, source: LAN net, invert: unchecked, destination: any, destination port: any. This will allow you to hardwire into your switch and ping all of your devices to make sure they are connected properly.
On to the unifi server: Under settings->networks, make sure you have each Vlan set up and your VLAN ID matches the same VLAN ID you have in OPNsense.
For any port that you want a single vlan on make sure the "Native VLAN" is set to that vlan and under "tagged vlan management" hit block all. for any port you want all (or some) vlans on (trunked port) click on the port and make the native vlan default, make sure it shows the ip address range you are expecting to the right. Under "tagged vlan management" hit allow all.
If you are planning on setting up multiple wifi ssid's, each one for each vlan, make sure you set those up in settings->wifi set up each wifi ssid with a single vlan under the "network" selection dropdown.
It took me a bit to set up my OPNsense and unifi switch. Its honestly easier to just set up one vlan, getting that working with your LAN and then adding after that. Setting all of them up at once tends to lead to errors and mishaps. Sorry for the long winded response, I hope this helps!
1. Make sure your interfaces are configured (and enabled) and have the appropriate IP address assigned.
2. Make sure you have your firewall configured so that each Vlan can actually get out to the internet. I have mine set up with a firewall alias named privateNetworks with type: network, content: 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16 -> under each vlan firewall interface make sure you have a rule set up with: Action: PASS, quick: x, direction: in, TCP/IP version: IPv4, protocol: any, source: "vlan" net (from dropdown), invert: x, destination: privateNetwork, then make sure you save and hit apply.
3. Go to services->DNSMasq DNS & DCHP -> general-> enabled: x and include all of your vlan interfaces. Then under "DCHP ranges" set up your ranges for each interface. Then what I did is under "hosts" I make static IP's for all of my networking devices (unifi switch, server, etc) on the default network, I think for you that is 172.16.99.## (whatever network your opnsense is on).
4. One other helpful firewall rule is to allow ICMP from your LAN to all networks. To do this, under firewall->rules->LAN interface click add and create a rule with: Action: pass, TCP/IP version: IPv4, protocol: ICMP, source: LAN net, invert: unchecked, destination: any, destination port: any. This will allow you to hardwire into your switch and ping all of your devices to make sure they are connected properly.
On to the unifi server: Under settings->networks, make sure you have each Vlan set up and your VLAN ID matches the same VLAN ID you have in OPNsense.
For any port that you want a single vlan on make sure the "Native VLAN" is set to that vlan and under "tagged vlan management" hit block all. for any port you want all (or some) vlans on (trunked port) click on the port and make the native vlan default, make sure it shows the ip address range you are expecting to the right. Under "tagged vlan management" hit allow all.
If you are planning on setting up multiple wifi ssid's, each one for each vlan, make sure you set those up in settings->wifi set up each wifi ssid with a single vlan under the "network" selection dropdown.
It took me a bit to set up my OPNsense and unifi switch. Its honestly easier to just set up one vlan, getting that working with your LAN and then adding after that. Setting all of them up at once tends to lead to errors and mishaps. Sorry for the long winded response, I hope this helps!
#7
Intrusion Detection and Prevention / Re: Linux mint has apparmor bu...
Last post by someone - Today at 04:50:32 AMApparmor is an endpoint IPS, also Wazuh, and other third party contributions
Which all help protect our operating system and opnsense router
I still cant get opnsense to last more than around two weeks, anything that would help would be a help to us all
Which all help protect our operating system and opnsense router
I still cant get opnsense to last more than around two weeks, anything that would help would be a help to us all
#8
Intrusion Detection and Prevention / Re: How to apply drop action w...
Last post by someone - Today at 04:42:16 AMIDS does not Drop, Drop is only for IPS.
IDS is alert only
IDS is alert only
#9
Intrusion Detection and Prevention / Syslog and Suricata 9.0
Last post by someone - Today at 04:31:09 AMTrue no syslog in Suricata 9.0, but
" They plan to add 'syslog' as a filetype (target) for fastlog. Which they said is essentially a 1:1 replacement
for the syslog output
" They plan to add 'syslog' as a filetype (target) for fastlog. Which they said is essentially a 1:1 replacement
for the syslog output
#10
Intrusion Detection and Prevention / Re: Does anyone kmow how to bl...
Last post by someone - Today at 04:26:52 AMIf a server auto connects you to a server you may have blocked, you cant stop the connection
We need to work on that, thats hopefully on a non malicious level, but it happens with malware
We need to work on that, thats hopefully on a non malicious level, but it happens with malware
