"Recent posts
#91
General Discussion / Re: Forward local port to WAN...
Last post by teclab - January 18, 2026, 06:06:33 PMI tried two versions, both failing.
(I am having difficutly understanding translation/destination).
(I am having difficutly understanding translation/destination).
#92
25.7, 25.10 Series / Re: hostwatch at 100% CPU
Last post by zakaron - January 18, 2026, 05:57:39 PMSomething definitely went wrong somewhere. Just curious, what size environment is this installed in? I just installed the update in my home network yesterday and it has discovered 43 unique MACs. I've left the default settings alone on it. The log from yesterday is 25KB and only 223B from today.
When running "top" from the CLI, I did notice the hostwatch process near the top of the list with typical usage of 0.08% to 0.15% with occasional spikes to 0.35%
Still less that a whole percent, but still more than most processes.
EDIT: I should have read the post further down regarding similar issues. It has more info in there: https://forum.opnsense.org/index.php?topic=50405.0
When running "top" from the CLI, I did notice the hostwatch process near the top of the list with typical usage of 0.08% to 0.15% with occasional spikes to 0.35%
Still less that a whole percent, but still more than most processes.
EDIT: I should have read the post further down regarding similar issues. It has more info in there: https://forum.opnsense.org/index.php?topic=50405.0
#93
General Discussion / Re: It all started because I w...
Last post by gspannu - January 18, 2026, 05:47:37 PMQuote from: mikes91 on January 17, 2026, 02:02:07 AMI use Verizon 5G Home Internet and their XCI55AX cell router. My journey to OPNsense started when I decided I wanted to use Pi-hole but the XCI55AX router will not allow the end user to change the DNS settings, so what I must do is put their router in passthrough mode and use my own router instead.
If anyone has already done this, I would appreciate whatever you are willing to share regarding the appropriate configuration settings. I've gotten as far as installing OPNsense VM on my Proxmox installed mini-pc (a Beelink SER5 Ryzen 7 5825U) and poking around a bit to get oriented.
Any and all advice/pointers will be appreciated.
Install another VM on Proxmox, either Alpine Linux or Debian. Install PiHole in this VM. Make sure this VM gets assigned a static IP.
Now in OPNsense, assign the PiHole IP as your DNS.
#94
General Discussion / Re: Forward local port to WAN...
Last post by viragomann - January 18, 2026, 05:45:21 PMIf you did the suggested configuration it should work, presupposed OPNsense is the default gateway on the PC.
Again the steps.
Virtual IP:
You added a virtual IP (IP alias) to the OPNsense WAN, say 192.168.33.10.
Outbound NAT rule:
Firewall: NAT: Outbound > "Hybrid outbound NAT rule generation" enabled
Add a rule:
Interface: WAN
Source: LAN net
destination: 192.168.33.1 (modem)
translation: virtual IP
This changes the outbound NAT behavior only for the stated destination. All other traffic will be natted to the primary WAN IP.
Access the modem by http:192.168.33.1 or whatever protocol it supports.
OPNsense will normally route the traffic to the modem. Due to the outbound NAT, the modem sees access coming from the virtual IP and responses to it properly.
Again the steps.
Virtual IP:
You added a virtual IP (IP alias) to the OPNsense WAN, say 192.168.33.10.
Outbound NAT rule:
Firewall: NAT: Outbound > "Hybrid outbound NAT rule generation" enabled
Add a rule:
Interface: WAN
Source: LAN net
destination: 192.168.33.1 (modem)
translation: virtual IP
This changes the outbound NAT behavior only for the stated destination. All other traffic will be natted to the primary WAN IP.
Access the modem by http:192.168.33.1 or whatever protocol it supports.
OPNsense will normally route the traffic to the modem. Due to the outbound NAT, the modem sees access coming from the virtual IP and responses to it properly.
#95
25.7, 25.10 Series / Re: Update to OPNsense 25.7.11...
Last post by Monviech (Cedrik) - January 18, 2026, 05:43:43 PMYeah I made a small mistake, sorry.
This command will fix it:
Reference: https://github.com/opnsense/plugins/pull/5141
Alternatively if you are not able to use the shell, just create a virtual CARP IP on any interface, then it will start too. It was a mistake in the latest update that enables the CARP tracking feature even though it shouldnt be on by default.
This command will fix it:
Code Select
opnsense-patch https://github.com/opnsense/plugins/commit/10e42b15e03386e854fef0f430baa6d7e2c4cbd8Reference: https://github.com/opnsense/plugins/pull/5141
Alternatively if you are not able to use the shell, just create a virtual CARP IP on any interface, then it will start too. It was a mistake in the latest update that enables the CARP tracking feature even though it shouldnt be on by default.
#96
25.7, 25.10 Series / Re: hostwatch at 100% CPU
Last post by aperezva - January 18, 2026, 05:33:07 PMAny recomendation to update or not? Finally this hostwatch situation is a issue or normal behaviour?
Its not normal to see that access to disk increase in this way.
No make sense ti add a new service when more of us will disable it. It would be better to have the option to enable it.
Its not normal to see that access to disk increase in this way.
No make sense ti add a new service when more of us will disable it. It would be better to have the option to enable it.
#97
General Discussion / Re: Forward local port to WAN...
Last post by teclab - January 18, 2026, 05:30:31 PMQuote from: viragomann on January 18, 2026, 05:09:23 PMJust access it using its IP. OPNsense is a router and will route the traffic properly.This does not work. No it does not.
LAN and IP Bridge are on different network.
I made a drawing to help make things more clear.
#98
25.7, 25.10 Series / Update to OPNsense 25.7.11 bro...
Last post by Courier1027 - January 18, 2026, 05:25:45 PMI was using the ndp-proxy-go plugin to proxy the ISP provided /64 IPv6 prefix from WAN to LAN interfaces. Post the update to OPNsense 25.7.11 The plugin fails to start / run. Manual start command from the "Services" panel didn't work. I am unable to see anything in the log file too. Following is the current configuration for my setup.
#99
25.7, 25.10 Series / Re: DNS requests delayed for 5...
Last post by Maurice - January 18, 2026, 05:15:11 PMSince it seems you're not using OPNsense for DNS at all, this is more likely an issue with your DNS servers. While OPNsense advertises the DNS server addresses (using DHCP / RAs), DNS requests are sent from the clients to the DNS servers, not to OPNsense.
Cheers
Maurice
Cheers
Maurice
#100
25.7, 25.10 Series / Re: hostwatch at 100% CPU
Last post by bycarlsjr - January 18, 2026, 05:10:27 PMQuote from: crlt on January 18, 2026, 03:58:59 PMQuote from: bycarlsjr on January 17, 2026, 07:05:25 PMQuote from: Patrick M. Hausen on January 17, 2026, 04:01:33 PMNothing is going to be worse, just disable it.
Interfaces: Neighbors: Automatic Discovery
It fills in a missing feature people coming from consumer routers like Fritzbox got used to and frequently demanded: show an overview of all devices in my network.
More useless garbage that we didn't ask for..... Why can't this be a plugin that those folks can install separately and not brick our routers.... I have a 16Gig hostwatch log this morning, lose gui, forced to restart to recover... Definitely not a professional group here....
I don't think that's fair to say as it was a popular request. I believe that it's not a plugin because it's developed by the opnsense team and you can simply disable it. With all that said it probably could have shipped disabled by default.
I manage a few personal firewalls across a few locations and I always read the change log and forums before updating so I knew to look out for this potential issue. Perhaps you should consider doing that in the future.
No, it's completely fair to say. Anything that potentially trades stability for features should not be allowed to be enabled as a default in a mainline release, ever. For that point, no new features should be enabled by default. Bugs happen, I get that, but with 26 around the corner who releases new features on possibly the last release of a given train!
