Recent posts

#91
General Discussion / Re: Micron exits consumer mark...
Last post by coffeecup25 - December 08, 2025, 03:50:37 PM
I still have some old DDR3 Laptop memory put away somewhere. Time to make some money on eBay.

Seriously, I recently looked for 16GB DDR4 and a larger SSD to upgrade an old laptop and was surprised at how the prices had gone up. I decided not to get any. I'll probably buy a new to me refurbished laptop with newer and larger everything for only a little more later.
#92
25.7, 25.10 Series / Re: Resolved: Update 25.7 -> 2...
Last post by franco - December 08, 2025, 03:46:29 PM
No, you just get the popup during upgrades when the package manager removes vital files for a second before putting them back and the GUI needing them to render the page. It's not easily fixable, but also almost always benign.

We could hide the error, but at the cost of hiding real errors.


Cheers,
Franco
#93
General Discussion / Re: Micron exits consumer mark...
Last post by Greg_E - December 08, 2025, 03:42:55 PM
I see this as the rise of RAM produced in China. Make a vacuum and something will fill it. They still need ram for the RISC V processors that they are trying to switch towards to create independence, so they will make ram to fit in their infrastructure. Slow process but they are already starting down this path with RISC-V.

And once that country tools up and starts producing good quality product, the strategy of selling only to volume customers may backfire on Micron. Remember that Micron is building multiple new fab sites in the USA, and while they are getting huge amounts of subsidies from the governments, ultimately this will cost them money to build. And yet they closed the Arizona plant because they had too much capacity in other plants? https://www.abc15.com/news/business/microchip-to-close-arizona-facility-amid-cost-concerns

Now what I can't find is the proof that the Arizona plant really closed, and I have my guesses at why they would close this place and TSMC would build in the same state. Problem is that making and etching silicon takes a lot of water, and stable bedrock, not sure why either would build in a desert and near a large and active fault line. https://www.restonyc.com/how-many-gallons-of-water-does-it-take-to-make-a-chip/ https://www.weforum.org/stories/2024/07/the-water-challenge-for-semiconductor-manufacturing-and-big-tech-what-needs-to-be-done/

Here is what the NY plan looks like, you can see 4 WWT buildings and I assume these are waste water treatment buildings. The selection of the location was based on access to lots of clean water, and lots of electric power. https://townofclayny.gov/sites/default/files/2025-10/Micron%20New%20York%20Planning%20Board%20Presentation_10.08.2025_FINAL.pdf

We will see what happens, but there seems to be conflicting statements around this whole build. I think they just wanted to dump all the hassles that come with consumer products and consumers. Just like when Lexar got sold off https://www.micron.com/about/blog/company/partners/micron-discontinuing-lexar

Sell the bulk chips to module builders and let the builders take care of the consumers.

Maybe NEC will come back from the obscure, I have a stick of PC100 ram sitting on my desk pulled from a dead device from more than 10 years ago. ST, Broadcom (shudders) and a few others could tool up in the next couple of years if they wanted to fill the void, but I think China will be faster to tool up, and will be "OK" enough quality to fill the immediate void. We'll see if I'm right.
#94
25.7, 25.10 Series / Re: KEA hostnames in the fire...
Last post by Monviech (Cedrik) - December 08, 2025, 03:41:10 PM
I assume the firewall itself must use Unbound as its resolver.

If you go to "System - Administration - General" there shouldnt be any DNS forwarders assigned, and the option that DHCp can override DNS servers should be off.

Then OPNsense will only use 127.0.0.1, forcing all lookups through it.

You can check in this file:

# cat /etc/resolv.conf
#95
General Discussion / Re: Struggling with OPNsense i...
Last post by coffeecup25 - December 08, 2025, 03:30:55 PM
First, apologies, but I didn't read all that. I admire anyone who can follow someone else's description of their network. Everyone has a different special situation, it seems. I've never been able to.

My first instinct was to use 'problem decomposition'. Basically, get it working as you like in the simplest form possible, without any of the extras included. Then layer the other features one at a time. Like a jigsaw puzzle. Nobody pours a jigsaw puzzle out of the box to see it automatically put itself together. Start with basic internet that works reliably and branch out from that.

Good luck.
#96
25.7, 25.10 Series / Re: Could This Be The Reason?
Last post by pfry - December 08, 2025, 03:29:22 PM
Quote from: timlab55 on December 08, 2025, 02:06:28 PM[...]Even my maintenance can't get back in.[...]

How are you physically connected? (I couldn't determine this offhand from your earlier posts.) I do not use transparent bridging; I use four non-transparent bridges, and I have ~6 physical ports - likely not comparable. I just wouldn't expect an external device to play a role in workstation-to-firewall communication. Are you using the Asus as a LAN distribution device?

Why not set up your bridge as non-transparent (i.e. assign an IP to it)? At least initially; if you have the burning desire to remove it, you can.

I'm an oddball here in that I like bridging. It fits my Internet link, and it has certain flexibility that I value (enough to put up with the disadvantages).
#97
25.7, 25.10 Series / Re: Afther Update meet issues
Last post by cookiemonster - December 08, 2025, 03:22:06 PM
What I mean is that your process is perfectly valid but unknown to us here on how it works.
Quoteyes I'm keeping the list in remote server. Firewall Aliases has a rules ( URL IP's tabele) who is checking every 60 sec for update the remote black list. from this rule i got Floating who does actual restriction to the network.

Before the update if I want restrict an IP,  just have to add it to the remote server black list.  And Firewall Aliases fetching this list automatic and blocking the new ip's.
Now this doesn't work anymore , to do so i need to go to Firewall: Diagnostics: States: find were is the new  ip or IP's  and manual drop it. And then the actual block comes in force.
It is impossible to tell why "this does not work anymore", your mechanism to fetch the list I imagine is the Alias automation on OPN. But the content might not be "correct".
Maybe use the Diagnostic part of the alias in OPN, to look into the table.
Or when you say "this doesn't work anymore". Does it mean nothing is fetched or something else?
#98
25.7, 25.10 Series / Re: Could This Be The Reason?
Last post by Monviech (Cedrik) - December 08, 2025, 03:12:46 PM
It eludes my why so many (new) users choose the transparent filtering bridge setup. It is quite advanced, and the benefits are simply not applicable for small home setups.

I would strongly advice against it, or read my updated guide on it to learn more about the scope of that decision:

https://github.com/opnsense/docs/blob/master/source/manual/how-tos/transparent_bridge.rst

#99
25.7, 25.10 Series / Re: Afther Update meet issues
Last post by rumenblg - December 08, 2025, 03:11:51 PM
Yes,
its shows multiple attempts, and the same IP or IP's has secondary row with no information.

So each ip is repeating twice were the second repeat has empty information. will take a screenshot next time.  Apart of this no errors in the logs.

Also what i discovered is. because suricata and IPS, does't blocking or restricting ddos anymore, if i do manual -> Services: Intrusion Detection: Administration Update to existing rules . Its getting back to working mode for five hours mostly  1 or 2 hours.  And then same issues no restriction.



Quote from: cookiemonster on December 08, 2025, 02:58:38 PMit helps. So have you diagnosed the process ?
#100
25.7, 25.10 Series / Re: Could This Be The Reason?
Last post by bimbar - December 08, 2025, 03:06:54 PM
Transparent bridge is not a supported or recommended setup for opnsense - or any other router, for that matter.

It is what you do when you can not do anything else.