Connections list - plugin?

[bynio00]

Hi. I use from many years routers with Tomato firmware. I love this soft, rock solid, and many killer features in easy form. Ok, now i have FTTH which need expensive hardware for Tomato to handle all speed.

So, i have a question. One from features Tomato is connection list like on attachments. I have full information - source/dest ip/port, bytes in/out per connection, i can sort it by any criteria. I can toggle visilility by ip, etc.
Next - great visualisation a transfer rates per IP. I can find who make high load or how big amount of data is transferred.
In OpnSense is possible make views like from this photos? I not find this on any router distro except Tomato. Yes, i can filter some info from console, but this is very uncomfortable, take a long time and i cannot get all set of data like from Tomato. In Tomato - few click and i know everything.

[bynio00]

And thrid attachnment.

[bartjsmit]

Yes:

Firewall, Log View - current states
Reporting, Insight - traffic total, by source and by protocol

Bart...

[bynio00]

I start OpnSense on VM and yes, this look much better than in PfSense. But still, in Insight i have IP's, not names, Tomato automatically resolve it (local and remote), OpnSense can to do this too? This better fit for data from first two photos.

Thrid photo with data about transfer rates - Insight is not solution or i not see it. Where i click on local IP and get historical graph?

One more thing - QOS. In tomato i check Bandwich limiter, set IP/MAC and max transfer for it. Few clicks and ip is limited. In OpnSense i get few pages witch tons of options, not see easy solution, i must make queues, rules, pipes. Grrrr, i need only limit one ip! Or make priority for DNS/www/ftp/whatever - QOS -> source/destination  -> port/L7 -> bandwith -> done. Easy and uderstable. Powerful options in easy and clear GUI.

In OpnSense we get extensive monitoring tools, each of which shows only a part of the necessary information. And there is no way to find something like that in Tomato. And it is precisely this type of charts with a minimum of redundant information that has caused that this firmware has been keeping its shape on the market for over 10 years. And no modern open source platform can even come close to that. Without tedious setting filters or breaking through hundreds of incomprehensible options. Click and after a few seconds you get a set of information - you can see if the computer has worms/rootkits, who occupies the whole band, etc. This is basic information about the network and should be available immediately in an understandable form. Why can't developers make it that simple in OpnSense for example?

And i still buy routers for Tomato for friends. Set and forgot - work like a charm. Problem - fast look in gui and i see where is problem.

[lfirewall1243]

I start OpnSense on VM and yes, this look much better than in PfSense. But still, in Insight i have IP's, not names, Tomato automatically resolve it (local and remote), OpnSense can to do this too? This better fit for data from first two photos.

Thrid photo with data about transfer rates - Insight is not solution or i not see it. Where i click on local IP and get historical graph?

One more thing - QOS. In tomato i check Bandwich limiter, set IP/MAC and max transfer for it. Few clicks and ip is limited. In OpnSense i get few pages witch tons of options, not see easy solution, i must make queues, rules, pipes. Grrrr, i need only limit one ip! Or make priority for DNS/www/ftp/whatever - QOS -> source/destination  -> port/L7 -> bandwith -> done. Easy and uderstable. Powerful options in easy and clear GUI.

In OpnSense we get extensive monitoring tools, each of which shows only a part of the necessary information. And there is no way to find something like that in Tomato. And it is precisely this type of charts with a minimum of redundant information that has caused that this firmware has been keeping its shape on the market for over 10 years. And no modern open source platform can even come close to that. Without tedious setting filters or breaking through hundreds of incomprehensible options. Click and after a few seconds you get a set of information - you can see if the computer has worms/rootkits, who occupies the whole band, etc. This is basic information about the network and should be available immediately in an understandable form. Why can't developers make it that simple in OpnSense for example?

And i still buy routers for Tomato for friends. Set and forgot - work like a charm. Problem - fast look in gui and i see where is problem.

Opnsense shows many things
And you can build your dashboard to fit your needs.

To see which device has malware isn't really possible because the OPNsense can't take a look on your system, but IDs alert will be shown (but you can't be 100% sure that your device isn't infected).

For an enterprise environment a Log management/monitoring software is necessary and that's good.
You can monitor other devices centralized and that's important to do.


The Documentation for Traffic shaping is good- so should be a easy set up but with more possibilities

[bynio00]

Ok, thanks. Sorry, maybye my last post is too pompous.
But, i need simple solution which works. OpnSense works - but configuration is too problematic. When i test OpnSense i configured RouterOnAStick with one interface i cant find option to enter upstream dns server - basic option. Some time ago i need make 3-wan solution with failover/load balancing. I make config from tutorials - work terrible. Problems with sticky connections, login to banks or other sites almost always fail. Need make additional unlogic profiles, and other miracles. I buy cheap ER-X, set wizard config, set sticky connections and.... work without ANY issues.
So, i suggest make interface easier and condense options in logic places.

How i find worms? I have realtime connection lists, i can see connections to C&C, a upload do strange servers, or any other strange behavior. This is not perfect, but i always find problems with computers by this way. This is reason why i love this option. Or old internet radio have not working today time servers hardcoded. In connection list i find connections to port 123, make iptables rule to make destination, put it on custom firewall rules box - and work. Easy and fast.

Ok, maybye im too stupid for this solution. But please - use 2 days router with Tomato - You see what i talking about. Advanced options in easy Gui. Opn is like a Webmin - all available options is displayed - confuse level max, faster and easier is make config by CLI.

[lfirewall1243]

Ok, thanks. Sorry, maybye my last post is too pompous.
But, i need simple solution which works. OpnSense works - but configuration is too problematic. When i test OpnSense i configured RouterOnAStick with one interface i cant find option to enter upstream dns server - basic option. Some time ago i need make 3-wan solution with failover/load balancing. I make config from tutorials - work terrible. Problems with sticky connections, login to banks or other sites almost always fail. Need make additional unlogic profiles, and other miracles. I buy cheap ER-X, set wizard config, set sticky connections and.... work without ANY issues.
So, i suggest make interface easier and condense options in logic places.

How i find worms? I have realtime connection lists, i can see connections to C&C, a upload do strange servers, or any other strange behavior. This is not perfect, but i always find problems with computers by this way. This is reason why i love this option. Or old internet radio have not working today time servers hardcoded. In connection list i find connections to port 123, make iptables rule to make destination, put it on custom firewall rules box - and work. Easy and fast.

Ok, maybye im too stupid for this solution. But please - use 2 days router with Tomato - You see what i talking about. Advanced options in easy Gui. Opn is like a Webmin - all available options is displayed - confuse level max, faster and easier is make config by CLI.

You can't compare a full Firewall with a simple Router OS like Tomato.
That are different things

When you look at the competitors to OPNsense (Sophos,Watchguard,...) you'll see that OPNsense is the easiest one to configure and has the better UI.
But with more functions you have more options...
The basic stuff is good reachable over Rules,NAT,...

Maybe openwrt or something like that is the way you have to look at - a router OS, not a enterprise level firewall

[lfirewall1243]

And securing a network by manually looking at the Connections is the wrong way.
Maybe you'll see some C&C servers
But when a normal public server is hacked and used as c&c youll not recognize it

[bynio00]

Yes, Tou have right, but advanced IPS have problems too with it. This was only an example. I know what to expect this and I notice the irregularities. Clean and interactive connection list is useful in many situations. As so far it has saved my ass many times. Easy option, it would be nice to see it in this form in OpnSense.

[bynio00]

Maybe openwrt or something like that is the way you have to look at - a router OS, not a enterprise level firewall

No, Openwrt is not suitable for any more than easy router with basic services. I have used it extensively, not stable, not feature rich, luci is very basic. Old dd-wrt can much more than modern Openwrt. But OpenWrt i can install almost ewrywhere, sometimes this is only option to make hardware live.

[bynio00]

When you look at the competitors to OPNsense (Sophos,Watchguard,...) you'll see that OPNsense is the easiest one to configure and has the better UI.
But with more functions you have more options...

Ok, i agree, but what is preventing the solutions I am talking about? All in all, it is a matter of reorganizing the script, adding options to the gui. Do all advanced administrators feel better when it takes a few minutes to check a simple thing in the gui?

[lfirewall1243]

When you look at the competitors to OPNsense (Sophos,Watchguard,...) you'll see that OPNsense is the easiest one to configure and has the better UI.
But with more functions you have more options...

Ok, i agree, but what is preventing the solutions I am talking about? All in all, it is a matter of reorganizing the script, adding options to the gui. Do all advanced administrators feel better when it takes a few minutes to check a simple thing in the gui?

But unter Firewall- Diagnoses->States... you see all active connections.

Is that the thing you are looking for ?

[bynio00]

In one interface in VM i not see this. In home lab i cannot assign second interface or make vlan. I must install on HW and check how this look. Where i find something like from thrid screen?

[bynio00]

Ok, i checked. 2 years ago when i tested OpnSense i not find this reporting options. Firewall -> Log view is most great tool which i see in opensource routers - diffrent like in Tomato but powerful and clear. Transfer rates in traffic reportings is even better like in Tomato - i see all ip in one time, in Tomato i must select one by one.

But where i find historical traffic usage data for lan ip?

[bynio00]

And one more question. When i have media converter in ftth service i need enter VPI/VCI option in pppoe. Tomato not have this option, OpenWrt has, i not see this in pppoe cart in OpnSense. This is available option?