"Recent posts
#81
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by viragomann - November 24, 2025, 09:49:07 PMQuote from: awado on November 24, 2025, 01:15:49 PMIch habe aus den anderen Posts hier rausgelesen, dass man die neue IP als virtuelle IP der vorhandenen WAN-Schnittstelle zuweist. Danach muss eine Outbound-Regel (Source = LAN IP des Webservers, Translation Target = neue WAN IP) und entsprechend eine Portweiterleitung anlegen.Erster Teil ist korrekt und nötig, sofern die zweite IP nicht vom ISP auf die erste geroutet wird. Das macht man hier: Interfaces: Virtual IPs: Settings
Typ: IP Alias
Der zweite Teil ist aber nur für ausgehende Verbindungen nötig, falls du in diesen die andere WAN IP als Quelle sehen möchtest.
Quote from: awado on November 24, 2025, 08:32:42 PMEs sieht jetzt so aus, wie in den Screenshots, aber klappt noch nicht in Bezug auf die 2. WAN IP.Die Weiterleitung sollte so eigentlich funktionieren. Fehlt doch die virtuell IP?
BTW: Aliases für einzelne IP Adressen sind Geschmacksache. Du kannst ebenso gut direkt die IP-Adresse in die Regel schreiben.
Quote from: Patrick M. Hausen on November 24, 2025, 01:26:53 PMDenn "WAN IP" matcht auf alle IP-Adressen am WAN-Anschluss, nicht nur die primäre.Das ist mir auch neu. Auf pfSense war es jedenfalls nicht so.
#82
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 24, 2025, 09:32:15 PMMicrocode updates are applied via a BIOS update, there aren't any separate updates. It's running the lasted BIOS L43 1.16.
I would try the Realtek plugin but this requires to upgrade the opnsense fw first and I can't get the device to stay up long enough.
It's just strange that it seems to die under load.
I would try the Realtek plugin but this requires to upgrade the opnsense fw first and I can't get the device to stay up long enough.
It's just strange that it seems to die under load.
#83
Hardware and Performance / Re: N150 / N355 good fits?
Last post by Billy2010 - November 24, 2025, 09:26:29 PM@pfry No, i don't have temp constraints. The hardware is spread out.
@Seismus thanks for pointing out, it indeed seems to be for the higher tiers and and thus not affordable.
Are there good alternatives to Zenarmor?
Or are there better solutions offering this kind of configuration.
A dream machine pro max also has 5G with ids. And thats not even per core it seems on first glance.
Would you suggest the i5 1335u (1334u was a typo).
They also have a H155 (6P+8E+2le cores).
Yes the prices are insane. Everything is. Ram is becoming super expensive.
Or should I dedicate my minisforum ms-a2 to it? Then I need a second one. But thats an energy sucker.
Or otherwise put, knowing what I am looking for, what would you advice? (Does not has to be on this list.)
@Seismus thanks for pointing out, it indeed seems to be for the higher tiers and and thus not affordable.
Are there good alternatives to Zenarmor?
Or are there better solutions offering this kind of configuration.
A dream machine pro max also has 5G with ids. And thats not even per core it seems on first glance.
Would you suggest the i5 1335u (1334u was a typo).
They also have a H155 (6P+8E+2le cores).
Yes the prices are insane. Everything is. Ram is becoming super expensive.
Or should I dedicate my minisforum ms-a2 to it? Then I need a second one. But thats an energy sucker.
Or otherwise put, knowing what I am looking for, what would you advice? (Does not has to be on this list.)
#84
General Discussion / Re: GUI/Shell crashing
Last post by meyergru - November 24, 2025, 09:18:46 PMRealTek NICs are known to work badly with FreeBSD / OpnSense. If at all, you can try the os-realtek-re plugin.
I also do not know if the latest BIOS is up to par w/r to microcode updates (or if there are still updates from AMD for this old platform).
And, yes of course it can be a compatibility issue. FreeBSD does not support as many hardware types as Linux and some of the FreeBSD drivers are abysmal.
I also do not know if the latest BIOS is up to par w/r to microcode updates (or if there are still updates from AMD for this old platform).
And, yes of course it can be a compatibility issue. FreeBSD does not support as many hardware types as Linux and some of the FreeBSD drivers are abysmal.
#85
General Discussion / Re: GUI/Shell crashing
Last post by Mattps - November 24, 2025, 09:00:30 PMWell, no closer to getting this working. I reimaged the T730 with Windows 11 IoT today and ran non-stop speed tests for 6 hours and it didn't skip a beat. Then I re-imaged with opnsnese and just left the LAN connection in ping a host. This worked for 2.5 hours and stayed up. I then connected the LAN and tried to run a bandwdidth speed test and bang it locks up. I thought it may have been the onboard Realtek nic so changed interfaces to just use the Intel pro/1000 but tis made no difference.
I can't even do an opnsense fw update before it dies, it gets about 10 secs in the locks up.
Could this be a compatibility issues with FreeBSD and an HP T730 think client? I'm sure I read other people using this device with opnsense.
Not sure where to go from here.
I can't even do an opnsense fw update before it dies, it gets about 10 secs in the locks up.
Could this be a compatibility issues with FreeBSD and an HP T730 think client? I'm sure I read other people using this device with opnsense.
Not sure where to go from here.
#86
25.7, 25.10 Series / Re: Firewall rule being ignore...
Last post by supercm - November 24, 2025, 08:34:20 PMI also tried blocking the same rule, and this was respected. But the allow (right above it) is ignored.
#87
German - Deutsch / Re: Verständnisfrage zu Portfo...
Last post by awado - November 24, 2025, 08:32:42 PMDanke für die Erklärung. Es sieht jetzt so aus, wie in den Screenshots, aber klappt noch nicht in Bezug auf die 2. WAN IP. Ich hätte gedacht, dass diese als "Source" eingetragen werden muss, da sie ja Quelle der Anfrage ist. Oder liege ich da falsch? Wird das Alias als Host oder als Network angelegt?
#88
25.7, 25.10 Series / Firewall rule being ignored
Last post by supercm - November 24, 2025, 07:36:40 PMAny idea why this wouldnt be working?
__timestamp__ 2025-11-24T10:28:48-08:00
ack 1184052709
action [block]
dst X.X.X.X
label Default deny / state violation rule
reason match
Pass
Interface
LAN
Direction
in
TCP/IP Version
IPv4
Protocol
TCP
Source / Invert Use this option to invert the sense of the match.
Source
Single host or Network
192.168.2.214/32
Source
Destination / Invert Use this option to invert the sense of the match.
Destination
Any
Destination port range
from:
Destination port range
from: to:
any
__timestamp__ 2025-11-24T10:28:48-08:00
ack 1184052709
action [block]
dst X.X.X.X
label Default deny / state violation rule
reason match
Pass
Interface
LAN
Direction
in
TCP/IP Version
IPv4
Protocol
TCP
Source / Invert Use this option to invert the sense of the match.
Source
Single host or Network
192.168.2.214/32
Source
Destination / Invert Use this option to invert the sense of the match.
Destination
Any
Destination port range
from:
Destination port range
from: to:
any
#89
General Discussion / DNS Queries on my firewall fro...
Last post by MrLee - November 24, 2025, 07:12:00 PMI'm using OPNSense as a edge router on my network.
I have to permit most IP Traffic through to allow my devices inside to work.
In my firewall logs I see a lot of DNS Queries hitting my "inside" interface.
is there a way to specifically block this through rules?
my router is not a DNS Server for anything that I need.
I have to permit most IP Traffic through to allow my devices inside to work.
In my firewall logs I see a lot of DNS Queries hitting my "inside" interface.
is there a way to specifically block this through rules?
my router is not a DNS Server for anything that I need.
#90
General Discussion / Re: Trouble with VLAN setup on...
Last post by pfry - November 24, 2025, 06:24:11 PMQuote from: cookiemonster on November 24, 2025, 03:20:17 PMForgive me if I fail to understand the setup but aren't these two ends only access ports in reality? What is marking the packets with a VLAN tag if there is no managed switch there to do it?
The endpoints/access ports. It's segregation with extra steps. Without virtual system or VRF support it's (almost*) entirely rule-based, but what the heck, it's a choice. The bridge adds a bit of a twist, but I can't think of anything really unique about it as described. Setting up VLANs might make insertion of a switch at some point easier.
In this case, it's a troubleshooting opportunity, so to speak.
And of course there may be aspects I'm missing.
* You could get into different Ethernet attributes, but again, I can't think of any real difference between VLAN segregation and none.
