"Recent posts
#91
General Discussion / Re: Forward local port to WAN...
Last post by viragomann - January 18, 2026, 08:59:39 PMQuote from: teclab on January 18, 2026, 08:50:52 PMI did it as Patrick suggested without destination and translation.You didn't read his post carefully. He just suggested to not state ports.
#92
General Discussion / Re: Forward local port to WAN...
Last post by teclab - January 18, 2026, 08:50:52 PMQuote from: viragomann on January 18, 2026, 08:40:52 PMDid you limit the destination in the NAT rule to the modem IP or subnet?I did it as Patrick suggested without destination and translation.
But now I tried 192.168.33.1/32 as Destination and have both working! Hurray!
Thank you All for your help and patience!!
#93
25.7, 25.10 Series / Re: netcup dynDNS
Last post by Mr.Goodcat - January 18, 2026, 08:42:25 PMQuote from: viragomann on January 18, 2026, 08:34:16 PMNote that you can run the ddclient in two different mode, selectable on the general settings tab: native and ddclient.
That's just the hint I was looking for! Thank you very much! :-D
#94
General Discussion / Re: Forward local port to WAN...
Last post by viragomann - January 18, 2026, 08:40:52 PMQuote from: teclab on January 18, 2026, 08:33:33 PMThe WAN network 192.168.33.x was exposed to my private local 10.10.x.x network.You want to access it from 10.x.x.. So yes, it's accessible.
However, you can ever limit the access to certain LANs or IP addresses by firewall rules.
Just add a rule on the respective internal interface to allow the desired access, followed by a block rule for destination of modem subnet.
Quote from: teclab on January 18, 2026, 08:33:33 PMInternet did not work any more!!So you might have done something wrong.
Is the outbound NAT in hybrid mode?
Did you limit the destination in the NAT rule to the modem IP or subnet?
#95
25.7, 25.10 Series / Re: DNSMASQ IPSET update delay...
Last post by franco - January 18, 2026, 08:37:45 PMIt's certainly a problem with allowlisting. Blocklisting is preferable. I'm unsure much can be done about an initial delay.
Historically, this is one of the main reasons why we added Suricata with true IPS functionality over Snort with a block table over 10 years ago.
Cheers,
Franco
Historically, this is one of the main reasons why we added Suricata with true IPS functionality over Snort with a block table over 10 years ago.
Cheers,
Franco
#96
25.7, 25.10 Series / Re: netcup dynDNS
Last post by viragomann - January 18, 2026, 08:34:16 PMNote that you can run the ddclient in two different mode, selectable on the general settings tab: native and ddclient.
Both may provide different service providers.
Mine is in native mode and I can select netcup.
Both may provide different service providers.
Mine is in native mode and I can select netcup.
#97
General Discussion / Re: Forward local port to WAN...
Last post by teclab - January 18, 2026, 08:33:33 PMI did what Patrick suggested and could reach my modem. Unfort. there are two side effects:
That's not what I was trying to achive. I do not want to expose 192.168.x.x in my 10.10.x.x network.
- The WAN network 192.168.33.x was exposed to my private local 10.10.x.x network.
- Internet did not work any more!!
That's not what I was trying to achive. I do not want to expose 192.168.x.x in my 10.10.x.x network.
#98
25.7, 25.10 Series / Re: IPv6 connectivity error af...
Last post by franco - January 18, 2026, 08:30:33 PMWhat I don't understand is that there are actually two ways dhcp6c is started: once immediately and once per rtsold. 25.7.11 decouples the starts of both so they don't race to the finish line together, but OTOH that was never really the case and only the side effect that the second one would release the IP of the first one and try again (and sometimes fail because the ISP says no to the second request).
You can just start via "/var/etc/rtsold_wan_script.sh igb1" normally which is how the system does it. "wan" and "igb1" may be different for you.
The other thing is to check /var/etc/dhcp6c.conf if the configuration for "igb1" is actually there or not. In the worst case it's not there when it decides to start which means it may exit as soon as it was started and then it looks like it wasn't started. If not some code path decided that it's simply not ready (or misconfigured).
Cheers,
Franco
You can just start via "/var/etc/rtsold_wan_script.sh igb1" normally which is how the system does it. "wan" and "igb1" may be different for you.
The other thing is to check /var/etc/dhcp6c.conf if the configuration for "igb1" is actually there or not. In the worst case it's not there when it decides to start which means it may exit as soon as it was started and then it looks like it wasn't started. If not some code path decided that it's simply not ready (or misconfigured).
Cheers,
Franco
#99
25.7, 25.10 Series / Re: Dnsmasq stops occasionaly
Last post by ligand - January 18, 2026, 08:29:02 PMHere's something interesting... it looks like there is a problem with serving DHCPv6... so after turning on radvd memory consumption started increasing substantially...
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
PID RSS COMMAND
97469 49720 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 09:03:02 EST 2026
PID RSS COMMAND
97469 65652 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 10:03:02 EST 2026
PID RSS COMMAND
97469 92148 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 11:03:02 EST 2026
PID RSS COMMAND
97469 121672 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 12:03:02 EST 2026
PID RSS COMMAND
97469 139552 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 13:03:02 EST 2026
PID RSS COMMAND
97469 154424 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 14:03:02 EST 2026
97469 34896 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 08:03:02 EST 2026
PID RSS COMMAND
97469 49720 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 09:03:02 EST 2026
PID RSS COMMAND
97469 65652 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 10:03:02 EST 2026
PID RSS COMMAND
97469 92148 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 11:03:02 EST 2026
PID RSS COMMAND
97469 121672 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 12:03:02 EST 2026
PID RSS COMMAND
97469 139552 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 13:03:02 EST 2026
PID RSS COMMAND
97469 154424 /usr/local/sbin/dnsmasq -x /var/run/dnsmasq.pid -C /usr/local/etc/dnsmasq.conf
Sun Jan 18 14:03:02 EST 2026
#100
German - Deutsch / Alte Hostnamen im Netz
Last post by awado - January 18, 2026, 08:28:50 PMHi. Hier im Netz haben manche IPs einen falschen Hostnamen, meist von Geräten, die diese IP vorher mal hatten, aber nicht mehr existieren. Ich sehe die am PC und Laptop, wenn ich einen Netzwerk-Scan mache. Die ARP Tables am PC/Laptop hab ich bereits gelöscht. Nun frage ich mich, ob das vielleicht auch von der OPNsense kommen könnte? Dort macht ISC DHCPv4 seinen Dienst. Bei den Leases ist aber nichts von den Leichen zu finden. Bin also dankbar für Tipps, wo ich noch suchen könnte.
