"Recent posts
#21
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by SMG - January 28, 2026, 10:48:49 PMMüsste hier eigentlich die Mac-Adressse des hosts und nicht die Mac-Adresse des LAN interface auftauchen?
4c:52:62:xx:xx:xx 02:76:c6:xxxx(LAN Interface) IPv4, length 98: 192.168.0.13 > 192.168.10.4
4c:52:62:xx:xx:xx 02:76:c6:xxxx(LAN Interface) IPv4, length 98: 192.168.0.13 > 192.168.10.4
#22
26.1 Series / Re: Please add reverse lookp t...
Last post by nxrosco - January 28, 2026, 10:45:54 PMHi,
The first entry below is added automatically, but I had to add the second one manually.
The first entry below is added automatically, but I had to add the second one manually.
#23
General Discussion / Re: DNSmasq RA MTU
Last post by meyergru - January 28, 2026, 10:45:51 PMIPv6 MTU is way smaller than IPv4. Leave it at default or set it to 40 bytes less than your IPv4 MTU.
#24
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by Patrick M. Hausen - January 28, 2026, 10:45:45 PM #25
26.1 Series / Re: radvd warnings
Last post by franco - January 28, 2026, 10:41:04 PMJust for reference switched to -d1 mode here https://github.com/opnsense/core/commit/e1cc2661b647f2959
#26
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by SMG - January 28, 2026, 10:35:39 PMFirewall: Rules: LAN
Die Regel habe ich nach der Installation nicht/nie angefasst....
Code Select
Protocol Source Port Destination Port Gateway Schedule Description
IPv4 * LAN net * * * * * Default allow LAN to any rule
IPv6 * LAN net * * * * * Default allow LAN IPv6 to any rule
Die Regel habe ich nach der Installation nicht/nie angefasst....
#27
26.1 Series / Re: Please add reverse lookp t...
Last post by franco - January 28, 2026, 10:29:25 PMThanks for the feedback! Which exact steps for "reverse lookup" did you make? So we are clear about the procedure.
Cheers,
Frnaco
Cheers,
Frnaco
#28
German - Deutsch / Re: Kann DMZ aus LAN nicht err...
Last post by Patrick M. Hausen - January 28, 2026, 10:23:23 PMHast du bei der LAN "allow" Regel einen Gateway drin? Wenn ja, weshalb? Das würde dazu führen, dass er alle Pakete in Richtung des Gateway schickt statt in die DMZ.
#29
26.1 Series / Please add reverse lookp to wi...
Last post by nxrosco - January 28, 2026, 10:22:11 PMI installed 26.1rc1 and set it up with the wizard. The new wizard is great and automatically set up a query forward in Unbound to forward DNS lookups for the default domain to DNSmasq, but I had to add the reverse lookup manually. If this could be added to the wizard so it happens automatically, that would be great.
This release is so much simpler to setup than 25.7. There really was not much left for me to do after following the wizard. Great work, and thanks!
This release is so much simpler to setup than 25.7. There really was not much left for me to do after following the wizard. Great work, and thanks!
#30
25.7, 25.10 Series / Re: OPNsense Gateway Blocking ...
Last post by Patrick M. Hausen - January 28, 2026, 10:22:09 PMQuote from: zigana on January 28, 2026, 09:17:54 PMCould this dual-uplink / asymmetric routing design be the root cause of the state violation and 100% packet loss I'm seeing, even with correct firewall rules and NAT disabled?
If so, am I correct that the proper design should be:
a single uplink only into OPNsense (WAN), and
the switch should be connected only to the OPNsense LAN, with no direct uplink of its own?
I want to make sure all traffic is forced symmetrically through the firewall.
Yes of course. Asymmetric routing is to be avoided. Exactly like that - force all traffic through OPNsense by network topology. Make sure your servers have OPNsense as their default gateway. Without NAT also make sure the gateway OPNsense uses has a static route for the server network pointing to OPNsense's WAN address.
