For todays generation, 8N1 doesn’t make sense!
I would be interested if we could open a topic on the differences we have between nethserver firewall and opnsense.
People here prefers to install opnsense but what I cannot figure is that NethSecurity (the enterprise version of the firewall) is a best seller, so hence my guess on what you miss
Sure, I’d be glad to contribute what I can. Not coding, I leave that point to you as a pro…
But I’m in networking, and firewalls are an essential bit in that whole infrastructure of IT…
If you want, fire up a VM with OPNsense, as said, I can help with the configuration so you can see what features are available, what could be easily implemented in the next generation of NethServer…
I can say, from a netadmin’s point of view, that’s a cool feature!
You can say, from a dev’s point of view, yes, I see how i could code that…
My 2 cents
Andy
Also don’t forget, the NethSecurity is a different animal than the usual all in one NethServer here on the Forum.
This box, as eg. OPNsense or PFsense, are generally dedicated Perimeter Firewalls, regulating access and security to other Networks, especially the Internet.
Same goes for Cisco Pix, Checkpoint or whatever you have out there…
The main thing for company or enterprise users, but also Institutions is the security that provides…
An application error in any server can’t bring down the Internet, as it could in an All in One box.
My 2 cents
Andy
OT
It is a daily driver for me: in the embedded space without whatever graphical output it is the tool to work with.
So many cisco admins have the same issue - they can’t even operate the ones with a Web-GUI anymore… But give them serial - they’ll copy and paste whole configs in for an Enterprise!
My 2 cents
Andy
If you want, fire up a VM with OPNsense
I did, the discovering is still occuring
My first feeling is how we (NethServer) wants to hide/expose the complexity
Nethserver hides the complexity and propose a workable solution
OpnSense exposes the complexity of the options, with a lot of settings
however opnsense offers: ipv6, opendns, unbound as default dns, dynamic dns, radius
good tools to create
nc
tcdump
You want to try out wireshark? Easy…
You prefer Bind as DNS? also easy…
Need VMWare Tools? also there…
And the finding on top right…
Type DHCP, or port, it’s fast.
But have a look at backup / restore, especially the “partial restore”.
Say for NethServer to reload a DHCP with 50 odd reservations…
My 2 cents
Andy
The cpu obviously is not a monster but for my use (ns7.9+Nexcloud+zabbix+pihole and sometimes ntopng or proxy) it is more than enough and it’s low power
I am curious how did you instal pihole
Salut Stéphane
My PI-Hole at home or at clients is usually a Debian 10 LXC on Proxmox. This is very stable and works very well.
Here is my own Instruction, in english.
This can also be used / help others here!
My 2 cents
Andy
Setup PI-Hole as Linux-Container in Proxmox
Base: Debian 10, must be downloaded and ready in Container-Templates, otherwise download it (in Container-Templates)
Create new LXC Container in Proxmox.
Prerequisites:
Debian10 basis
2 CPU core
1024 MB RAM, 512 MB Swap
Network: 192.168.XXX.29/24 Gateway 192.168.XXX.1
(Adapt Network to your network!)
Disk: 20 GB
When the LXC container is created, use the Proxmox console and login as root.
First do an update:
apt-get update
Install general tools:
apt install openssh-server mc htop nano screen snmp snmpd curl sudo
Activate SSH, also für root:
nano /etc/ssh/sshd_config
add in the line below as shown:
#PermitRootLogin prohibit-password
PermitRootLogin yes
Save with CTRL X, confirm with y
Set SSH as service, restart
systemctl enable ssh
systemctl restart ssh
Configure SNMP konfigurieren (eg for Zabbix monitoring)
rm /etc/snmp/snmpd.conf
nano /etc/snmp/snmpd.conf
Content of the new snmpd.conf file (Use your own!):
rocommunity public
syscontact Admin
syslocation FIRMA, ORT
Save with CTRL X, confirm with y
Set SNMPD as service, restart
systemctl enable snmpd
systemctl restart snmpd
Now’s the time for the actual PI-Hole installation:
curl -sSL https://install.pi-hole.net | sudo bash -x
Confirm as required with ENTER or y (ca 5-6 Screens)…
At the end set the password for your PI-Hole, i suggest using the root password.
Note:
It can make sense to use a different password here, if other non-admins are to view the page.
pihole -a -p
PI-Hole is installed, a reboot is not needed!
You need to set your PI-Hole on all clients as DNS server, or set it in your DHCP server.
You can now access your PI-Hole with http://192.168.xxx.29/admin, use the passwort you set earlier.
Done! Have fun with your PI-Hole!
1024 GB RAM, 512 GB Swap
i am glad that this does not only happen to me
1024 GB RAM, 512 GB Swap
well: 1024 MB RAM, 512 MB Swap
But this typo could easily be mine. Therefore I had to smile
I personnally use my nethserver-pihole module based on docker with a macvlan network. Basically the container gets an IP that I use as the external dns server of the nethserver, the dhcp server gives the dns IP to the clients indeed.
Quite reliable, I need to test it on a thin server/gateway it should work
I am curious how did you instal pihole
You know I’m a little bit lazy, so i chose the easy and working way: nethserver-pihole… what else?
Quite reliable, I need to test it on a thin server/gateway it should work
yes it works well with macvlan… I remember having to make some changes, maybe because I went from a previous test from aeria to macvlan. I remember thinking “then I’ll try to understand the problem better” but obviously I forgot
I’ll do a search in the history and let you know … and of course tnx!
happy to know that you use it, let me know if you find bug or enhancement
Edit…I hope to see you in 2021, this year has been so strange that I am happy it is quite over
Lets play with it, finally got it
great! but now I’m curious … what hardware did you choose?
i’d be so curious about the results of spectre-meltdown-checker
My console toolbox for NethServer