"Recent posts
#91
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by nero355 - February 04, 2026, 06:46:17 PMQuote from: Monviech (Cedrik) on February 04, 2026, 06:34:43 PMA loopback interface can have any IP address. I usually give them like 192.168.89.4/32 or something. Doesn't matter.OK, so a bit like CISCO Router ID addresses ?
Do you use any Firewall rules for it ?
I would think it's not needed since it's /32 and only local anyways ?
#92
26.1 Series / Re: upgrade from 25.7.11_9 an...
Last post by jmcgee - February 04, 2026, 06:44:05 PMOK, so I need baby steps.
Backup config.
Upgrade
Install ISC plugin?
Reboot?
And I am fine to wait for later upgrade if that will somehow ease process.
Backup config.
Upgrade
Install ISC plugin?
Reboot?
And I am fine to wait for later upgrade if that will somehow ease process.
#93
General Discussion / Re: offtopic - dnsmasq tutoria...
Last post by nero355 - February 04, 2026, 06:42:16 PMQuote from: Greg_E on February 04, 2026, 04:47:29 PMWhy has no one ever built a GUI for dnsmasq, Bind, Kea, etc.Pi-Hole expanded DNSMasqd with a lot of features and calls it FTLDNS and you can do EVERYTHING you need to do via their webGUI ;)
One of the alternatives could be to install something like WebAdmin and see if their plug-ins/add-ons feature has something for any kind of DHCP Service like they have/had for OpenVPN for example.
QuoteAnd yes, I know, real admins don't use GUIs. Been told that a few times.Not necessarily the truth : Sometimes you need the overview of a nice webGUI ;)
And very expensive devices like the ones from https://www.f5.com/ or https://www.fortinet.com/ use it all the time as their primary administration interface.
#94
Tutorials and FAQs / Re: [HOWTO] Reach your ONT or ...
Last post by Maurice - February 04, 2026, 06:37:39 PM... and for dynamic prefixes (DHCPv6 PD), OPNsense adds a null route automatically (since 23.1).
https://github.com/opnsense/core/issues/3304
https://github.com/opnsense/core/issues/3304
#95
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by julsssark - February 04, 2026, 06:36:13 PM26.1.1 adds some really nice updates to the rules interface!
#96
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by Monviech (Cedrik) - February 04, 2026, 06:34:43 PMA loopback interface can have any IP address. I usually give them like 192.168.89.4/32 or something. Doesn't matter.
#97
General Discussion / Re: No internet to clients con...
Last post by darkencraft - February 04, 2026, 06:34:38 PMso, i wasn't able to fix the problem, and ended up buying TL-SG1016D (16-Port Switch).
My current setup is using 1 port to wan, 1 port to lan without any bridges, and remaining 4 ports being unused.
Now all my connections rely on the newly bought 16 port switch, including the wifi ap. with this setup, wifi devices do get internet connection.
My current setup is using 1 port to wan, 1 port to lan without any bridges, and remaining 4 ports being unused.
Now all my connections rely on the newly bought 16 port switch, including the wifi ap. with this setup, wifi devices do get internet connection.
#98
26.1 Series / Re: Management Interface openi...
Last post by meyergru - February 04, 2026, 06:33:30 PMI think what you see is probably an overlay of several misconfigurations. OpnSense does not have a basic authentication for starters.
Maybe what you see is the basic login of your ONT or modem, which often has a management IP of 192.168.100.1. For this very reason, the use of that specific subnet is discouraged here.
That being said, you should not have the ONT on your management network, because it much likely also is your WAN.
Maybe what you see is the basic login of your ONT or modem, which often has a management IP of 192.168.100.1. For this very reason, the use of that specific subnet is discouraged here.
That being said, you should not have the ONT on your management network, because it much likely also is your WAN.
#99
Hardware and Performance / Re: Drowning in (old) hardware...
Last post by OPNenthu - February 04, 2026, 06:33:03 PMMore storage doesn't help with IDP throughput, so I wouldn't waste money there unless you have a specific need (are you virtualizing)?
RAM helps with performance up to a point, but those larger systems are designed for capacity: very large number of users, policies/tables, VPNs, etc. Doesn't sound like that's your use case. I think 8-16 GB of DDR4 or better is good, dual-channel if you can. IIRC, both the DEC850 and the VP66xx are dual channel.
The CPU is the limiting factor. IDS/IDP is CPU bound and in many cases they are single-threaded applications. You need a CPU with high frequency in order to get the kind of throughput you are asking for, but as I'm not a user of those I would refer you to the respective forum sections for ZA and Intrusion Prevention.
I would drop an email to the vendor you are looking into and get their opinion of what kind of throughput you might expect for your use case.
RAM helps with performance up to a point, but those larger systems are designed for capacity: very large number of users, policies/tables, VPNs, etc. Doesn't sound like that's your use case. I think 8-16 GB of DDR4 or better is good, dual-channel if you can. IIRC, both the DEC850 and the VP66xx are dual channel.
The CPU is the limiting factor. IDS/IDP is CPU bound and in many cases they are single-threaded applications. You need a CPU with high frequency in order to get the kind of throughput you are asking for, but as I'm not a user of those I would refer you to the respective forum sections for ZA and Intrusion Prevention.
I would drop an email to the vendor you are looking into and get their opinion of what kind of throughput you might expect for your use case.
#100
26.1 Series / Re: Rules [new] Sort order Seq...
Last post by nero355 - February 04, 2026, 06:29:26 PMQuote from: Monviech (Cedrik) on February 04, 2026, 05:12:35 PMCheat via adding a loopback interface to some rules.What would be a good one to avoid future conflicts addressing wise ?
Since 127.0.1.1 for example exists for special purposes.
I am thinking about using it for two reasons :
- Bind the webGUI and OpenSSH to it to avoid unavailability of both when the Management NIC's Port is disconnected for whatever reason.
- For the Firewall Rules "Interfaces Group" workaround should I ever need it.
