Constant firewall lock ups while playing Minecraft

Started by allanonmage, May 18, 2025, 01:03:32 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 18, 2025, 01:03:32 AM Last Edit: May 18, 2025, 01:32:03 AM by allanonmage
I recently set up OPNSense on a mini PC (Zotac zbox CI325) to replace a pfSense full PC (custom made) acting as my firewall. I use them as a firewall and as a network device to put all traffic out a commercial VPN. The pfSense box also has some NAT rules (double NAT actually incl ISP modem/router, has been working for over 3 years) to allow other players to connect to my Minecraft server, and I replicated those rules to the OPNSense box as well. I set up the OPNSense box as an OpenVPN server, and with the help of Grok, set it up so that when I connect in with the VPN, the traffic is routed out the normal VPN endpoint and also able to access LAN devices.

Today was the first day where I was playing Minecraft, and I've had like 10 crashes, and the only commonality is while playing Minecraft. Sometimes OPNSense locks up when a player connects, sometimes when a player disconnects, sometimes when players have been online for a period of time (instant or 15 mins to 1 hr+).

I turned on logging for the NAT firewall, and after about 20 minutes without a crash, turned it off since I thought disabling a superflous firewall rule did the trick. It did not.

I don't see anything suspicious, but I don't often troubleshoot this kind of thing. Grok thinks I might have a circular firewall rule or route, but a regular internet search gave me rubbish for results, either keying off minecraft exclusively, or OPNSense exclusively. I've bee using NAT and port forwarding for many years, it's not rocket surgery.

When a failure occurs, OPNSense is not responsive via the web GUI, and all internet traffic in and out ceases. I don't know what to provide for logs, I'll grab some screenshots of the firewall rules and post them as an edit or followup post.

QUICK EDIT
There's no long edit, nor a way to upload a picture here. I have only added 1 firewall rule, 2 NAT rules, and a couple were added while I set up the OpenVPN client connection. The one I added was in Firewall, Rules, OpenVPN, and I allowed Source: 192.168.166.0/24 (the OpenVPN server related IP addresses) to LAN NET. That's what forces incoming OpenVPN connections (via the OPNSense OpenVPN server) to go out the commercial VPN that I pay for and wind up in the middle of the internet, but also allows the connections to reach my LAN IP addresses. The 2 NAT rules allow specific Minecraft related ports to be forwarded to my server.

My internal network is 172.16.100.0. The super network from my ISPs router/modem is 192.168.1.0, and the incoming OpenVPN connections are 192.168.166.0



May 18, 2025, 07:13:38 AM #1
New topic, Reply and Preview add a little banner under the edit box.
You can attach files there and optionally insert them in the post/reply.

A quick search indicates that this mini PC features Realtek NICs which don't have a good rep under FreeBSD.
I don't know if what you're experiencing is one of symptoms. You could search the forums...
There's a plug-in driver that may help.
May 18, 2025, 09:18:54 PM #2
Quote from: allanonmage on May 18, 2025, 01:03:32 AMZotac zbox CI325
Your box is hugely redundant to your use case. I have 600+ WAN rules plus geoip on a 1x HT Atom with 2gb DDR2, and it never skipped a beat. So it's not the lack of processing power that's killing you, it's something else: Realtek and its drivers or FreeBSD 13 of which I am weary. It's following the downward spiral of other FOSS operating systems, having climbed to its top glory by 10, stagnated at 11, and began to retard at 12.
Print
Go Up Pages1
User actions