"Recent posts
#81
25.7, 25.10 Series / Re: Afther Update meet issues
Last post by cookiemonster - December 08, 2025, 05:18:09 PMI think the issue is a bit clearer now. Hopefully someone will have a suggestion.
I'm thinking maybe new sessions get blocked and existing ones are still visible but pure guess.
Firewall > Log Files > General : might have something.
I just checked mine, a URL Table (IPs) Alias.
Last updated 2025-06-21 13:18:03 and log has
I'm not saying you have the same problem but you need to try to narrow down _why_ it is happening.
I'm thinking maybe new sessions get blocked and existing ones are still visible but pure guess.
Firewall > Log Files > General : might have something.
I just checked mine, a URL Table (IPs) Alias.
Last updated 2025-06-21 13:18:03 and log has
Code Select
"2025-12-06T12:42:00 Error firewall alias resolve error IP_PublicDNS (error fetching alias url https://raw.githubusercontent.com/jpgpi250/piholemanual/master/DOHipv4.txt)"So I had missed that alias failing to update and I can see why.I'm not saying you have the same problem but you need to try to narrow down _why_ it is happening.
#82
25.7, 25.10 Series / Re: Time based Shaper?
Last post by knebb - December 08, 2025, 04:56:22 PMQuote from: Seimus on December 04, 2025, 06:57:40 PMTime based rules are not possible with the ipfw ruleset (FW > shaper > Rules) but they are possible when using the pf rules + Traffic shaping feature (FW > Rules (option Traffic Shaping)). However there is a BUG in regards of that feature for reverse-direction if NAT is involved see:Hmmm.. can you help me a little bit how this works all together?
https://forum.opnsense.org/index.php?topic=47716.msg254051
I got it so far the pipes limit the bandwidth (upper limit) while the queues weight the traffic according to the rules. Queues can get oignoredd when a rule sends the traffic to a pipe immediately ( I do not know how any weight is then calculated). Got this so far.
But how are the (firewall-)rules coming into the game you mentioned above? Do I overwrite everything and directly assign traffic to pipes/queues? How are they different (except scheduling possibility) from the shaper rules?
Thanks a lot!
/KNEBB
#83
General Discussion / Re: Micron exits consumer mark...
Last post by meyergru - December 08, 2025, 04:45:36 PMYup, sometimes, this hits earlier than one thinks... Yesterday, I found my Proxmox server getting unstable until I increased Vcore by 100mV - obviously a VRM is on its way out.
Replacing it by a current platform means getting 128 GByte of DDR5 instead of DDR4, which costs ~1500€ for any non-abysmal speed at the time of writing, so the cost for mainboard, CPU, RAM and cooler comes to ~2500€
It is an AM4 system with lots of storage, so I need a decent chipset for many PCIe lanes - X570 is the only one that fits. The only specimens capable of handling my needs and still being available are at least 400€ and are backordered.
At that price, it is easier to keep the existing RAM and order an Intel LGA1700 based board, CPU and cooler for the same cost.
Replacing it by a current platform means getting 128 GByte of DDR5 instead of DDR4, which costs ~1500€ for any non-abysmal speed at the time of writing, so the cost for mainboard, CPU, RAM and cooler comes to ~2500€
It is an AM4 system with lots of storage, so I need a decent chipset for many PCIe lanes - X570 is the only one that fits. The only specimens capable of handling my needs and still being available are at least 400€ and are backordered.
At that price, it is easier to keep the existing RAM and order an Intel LGA1700 based board, CPU and cooler for the same cost.
#84
25.7, 25.10 Series / Re: Afther Update meet issues
Last post by rumenblg - December 08, 2025, 03:53:50 PMnew IP's has been fetched and has entry in to alias list . this was the first thing i did check.
When i say doesn't works anymore means the restriction / blocking doesn't block the new ip's automatic any more, except if i do manual removing from Firewall-> Diagnostics-> Aliases: then the new blocked ip's who are in black list comes in force.
When i say doesn't works anymore means the restriction / blocking doesn't block the new ip's automatic any more, except if i do manual removing from Firewall-> Diagnostics-> Aliases: then the new blocked ip's who are in black list comes in force.
Quote from: cookiemonster on December 08, 2025, 03:22:06 PMWhat I mean is that your process is perfectly valid but unknown to us here on how it works.Quoteyes I'm keeping the list in remote server. Firewall Aliases has a rules ( URL IP's tabele) who is checking every 60 sec for update the remote black list. from this rule i got Floating who does actual restriction to the network.It is impossible to tell why "this does not work anymore", your mechanism to fetch the list I imagine is the Alias automation on OPN. But the content might not be "correct".
Before the update if I want restrict an IP, just have to add it to the remote server black list. And Firewall Aliases fetching this list automatic and blocking the new ip's.
Now this doesn't work anymore , to do so i need to go to Firewall: Diagnostics: States: find were is the new ip or IP's and manual drop it. And then the actual block comes in force.
Maybe use the Diagnostic part of the alias in OPN, to look into the table.
Or when you say "this doesn't work anymore". Does it mean nothing is fetched or something else?
#85
General Discussion / Re: Micron exits consumer mark...
Last post by coffeecup25 - December 08, 2025, 03:50:37 PMI still have some old DDR3 Laptop memory put away somewhere. Time to make some money on eBay.
Seriously, I recently looked for 16GB DDR4 and a larger SSD to upgrade an old laptop and was surprised at how the prices had gone up. I decided not to get any. I'll probably buy a new to me refurbished laptop with newer and larger everything for only a little more later.
Seriously, I recently looked for 16GB DDR4 and a larger SSD to upgrade an old laptop and was surprised at how the prices had gone up. I decided not to get any. I'll probably buy a new to me refurbished laptop with newer and larger everything for only a little more later.
#86
25.7, 25.10 Series / Re: Resolved: Update 25.7 -> 2...
Last post by franco - December 08, 2025, 03:46:29 PMNo, you just get the popup during upgrades when the package manager removes vital files for a second before putting them back and the GUI needing them to render the page. It's not easily fixable, but also almost always benign.
We could hide the error, but at the cost of hiding real errors.
Cheers,
Franco
We could hide the error, but at the cost of hiding real errors.
Cheers,
Franco
#87
General Discussion / Re: Micron exits consumer mark...
Last post by Greg_E - December 08, 2025, 03:42:55 PMI see this as the rise of RAM produced in China. Make a vacuum and something will fill it. They still need ram for the RISC V processors that they are trying to switch towards to create independence, so they will make ram to fit in their infrastructure. Slow process but they are already starting down this path with RISC-V.
And once that country tools up and starts producing good quality product, the strategy of selling only to volume customers may backfire on Micron. Remember that Micron is building multiple new fab sites in the USA, and while they are getting huge amounts of subsidies from the governments, ultimately this will cost them money to build. And yet they closed the Arizona plant because they had too much capacity in other plants? https://www.abc15.com/news/business/microchip-to-close-arizona-facility-amid-cost-concerns
Now what I can't find is the proof that the Arizona plant really closed, and I have my guesses at why they would close this place and TSMC would build in the same state. Problem is that making and etching silicon takes a lot of water, and stable bedrock, not sure why either would build in a desert and near a large and active fault line. https://www.restonyc.com/how-many-gallons-of-water-does-it-take-to-make-a-chip/ https://www.weforum.org/stories/2024/07/the-water-challenge-for-semiconductor-manufacturing-and-big-tech-what-needs-to-be-done/
Here is what the NY plan looks like, you can see 4 WWT buildings and I assume these are waste water treatment buildings. The selection of the location was based on access to lots of clean water, and lots of electric power. https://townofclayny.gov/sites/default/files/2025-10/Micron%20New%20York%20Planning%20Board%20Presentation_10.08.2025_FINAL.pdf
We will see what happens, but there seems to be conflicting statements around this whole build. I think they just wanted to dump all the hassles that come with consumer products and consumers. Just like when Lexar got sold off https://www.micron.com/about/blog/company/partners/micron-discontinuing-lexar
Sell the bulk chips to module builders and let the builders take care of the consumers.
Maybe NEC will come back from the obscure, I have a stick of PC100 ram sitting on my desk pulled from a dead device from more than 10 years ago. ST, Broadcom (shudders) and a few others could tool up in the next couple of years if they wanted to fill the void, but I think China will be faster to tool up, and will be "OK" enough quality to fill the immediate void. We'll see if I'm right.
And once that country tools up and starts producing good quality product, the strategy of selling only to volume customers may backfire on Micron. Remember that Micron is building multiple new fab sites in the USA, and while they are getting huge amounts of subsidies from the governments, ultimately this will cost them money to build. And yet they closed the Arizona plant because they had too much capacity in other plants? https://www.abc15.com/news/business/microchip-to-close-arizona-facility-amid-cost-concerns
Now what I can't find is the proof that the Arizona plant really closed, and I have my guesses at why they would close this place and TSMC would build in the same state. Problem is that making and etching silicon takes a lot of water, and stable bedrock, not sure why either would build in a desert and near a large and active fault line. https://www.restonyc.com/how-many-gallons-of-water-does-it-take-to-make-a-chip/ https://www.weforum.org/stories/2024/07/the-water-challenge-for-semiconductor-manufacturing-and-big-tech-what-needs-to-be-done/
Here is what the NY plan looks like, you can see 4 WWT buildings and I assume these are waste water treatment buildings. The selection of the location was based on access to lots of clean water, and lots of electric power. https://townofclayny.gov/sites/default/files/2025-10/Micron%20New%20York%20Planning%20Board%20Presentation_10.08.2025_FINAL.pdf
We will see what happens, but there seems to be conflicting statements around this whole build. I think they just wanted to dump all the hassles that come with consumer products and consumers. Just like when Lexar got sold off https://www.micron.com/about/blog/company/partners/micron-discontinuing-lexar
Sell the bulk chips to module builders and let the builders take care of the consumers.
Maybe NEC will come back from the obscure, I have a stick of PC100 ram sitting on my desk pulled from a dead device from more than 10 years ago. ST, Broadcom (shudders) and a few others could tool up in the next couple of years if they wanted to fill the void, but I think China will be faster to tool up, and will be "OK" enough quality to fill the immediate void. We'll see if I'm right.
#88
25.7, 25.10 Series / Re: KEA hostnames in the fire...
Last post by Monviech (Cedrik) - December 08, 2025, 03:41:10 PMI assume the firewall itself must use Unbound as its resolver.
If you go to "System - Administration - General" there shouldnt be any DNS forwarders assigned, and the option that DHCp can override DNS servers should be off.
Then OPNsense will only use 127.0.0.1, forcing all lookups through it.
You can check in this file:
# cat /etc/resolv.conf
If you go to "System - Administration - General" there shouldnt be any DNS forwarders assigned, and the option that DHCp can override DNS servers should be off.
Then OPNsense will only use 127.0.0.1, forcing all lookups through it.
You can check in this file:
# cat /etc/resolv.conf
#89
General Discussion / Re: Struggling with OPNsense i...
Last post by coffeecup25 - December 08, 2025, 03:30:55 PMFirst, apologies, but I didn't read all that. I admire anyone who can follow someone else's description of their network. Everyone has a different special situation, it seems. I've never been able to.
My first instinct was to use 'problem decomposition'. Basically, get it working as you like in the simplest form possible, without any of the extras included. Then layer the other features one at a time. Like a jigsaw puzzle. Nobody pours a jigsaw puzzle out of the box to see it automatically put itself together. Start with basic internet that works reliably and branch out from that.
Good luck.
My first instinct was to use 'problem decomposition'. Basically, get it working as you like in the simplest form possible, without any of the extras included. Then layer the other features one at a time. Like a jigsaw puzzle. Nobody pours a jigsaw puzzle out of the box to see it automatically put itself together. Start with basic internet that works reliably and branch out from that.
Good luck.
#90
25.7, 25.10 Series / Re: Could This Be The Reason?
Last post by pfry - December 08, 2025, 03:29:22 PMQuote from: timlab55 on December 08, 2025, 02:06:28 PM[...]Even my maintenance can't get back in.[...]
How are you physically connected? (I couldn't determine this offhand from your earlier posts.) I do not use transparent bridging; I use four non-transparent bridges, and I have ~6 physical ports - likely not comparable. I just wouldn't expect an external device to play a role in workstation-to-firewall communication. Are you using the Asus as a LAN distribution device?
Why not set up your bridge as non-transparent (i.e. assign an IP to it)? At least initially; if you have the burning desire to remove it, you can.
I'm an oddball here in that I like bridging. It fits my Internet link, and it has certain flexibility that I value (enough to put up with the disadvantages).
