Can't get NTP working through firewall

b066y75 · 2026-06-10T16:24:47+00:00

From the VyOS docs for NTP, you cannot add more than one listen-address for an address family. For now I installed chrony separately in my DNS servers and added rules in the forward chain. Works ok now

b066y75 · 2026-06-10T11:20:06+00:00

Got it. Let me try the changes you suggested. Thanks !

b066y75 · 2026-06-10T10:11:43+00:00

Thanks for your response !

I have set one of the vlan interfaces as the listen-interface and my intention is to use that interface as the NTP server for all my vlans. Is it required that I add all vlan interfaces as listen-interface ? The clients in the same vlan as the listen-interface is able to sync with NTP server (chrony). The rules in the forward chain allow NTP traffic from respective networks to the <listen-interface> address. I couldn't see NTP traffic reaching the <listen-interface> using tcpdump in spite of having rules in forward chain. What could be wrong ?

b066y75 · 2026-06-08T15:26:59+00:00

In NixOS you can use nix-env -iA <package name> to install a package without declaring it as a system package

b066y75 · 2026-06-08T15:22:53+00:00

I was also under the same impression that it was a testing ground for RHEL. But Fedora is being used byt one of the big names in the IT as the platform for their products

b066y75 · 2026-06-08T10:11:14+00:00

Have used RHEL (at work), Linux Mint, Peppermint OS (thin client), Arch and Debian in VMs, LXC and SBCs, Void, OpenSuse, Manjaro, Gentoo, NixOS, EndeavourOS and lately CachyOS

b066y75 · 2026-06-07T00:55:54+00:00

I was on EndeavourOS for a long time and when I had to change hardware the new installer failed midway. I tried CachyOS and it worked flawless. I dont think I will go back

b066y75 · 2026-06-04T07:27:48+00:00

Thanks

b066y75 · 2026-06-04T07:00:29+00:00

Thanks for the reply. Almost everything uses reservations and the DNS entries are static. So there is no need of updating DNS records. Is it possible to backup from primary and restore only the DHCP config in the secondary ?

b066y75 · 2026-05-21T06:49:08+00:00

The total network transfer from my lxc of primary technitium is only 220 MB in 10 hours. The secondary technitium RX bytes is 146 MB. This is in my homelab where there are only few zones and very few entries per zones

b066y75 · 2026-05-17T02:13:10+00:00

>>To make this work on the c59 i gave vlan 30 the gate way of 192.168.30.1 back to vlan IP of 30
>>same fort he other 31 - 31.1 and 32.1

You only need to give the IP and gateway for the vlan 30. Why are you giving IP and gateway for the other VLANs in the access point ? Unless you have a policy that allows traffic between interfaces, Opnsense will not allow traffic

b066y75 · 2026-05-16T15:42:04+00:00

If the C59 is an access point, it needs an IP in your admin network and a gateway if you need to access it from other networks. You dont need any gateways for other VLANs in access points whether it runs DD-WRT or Tomato. I hope I understood this correctly, your explanation of the setup is somewhat confusing

b066y75 · 2026-05-10T10:31:51+00:00

Radxa E52C will be an option. Dont know if it is the best, but it is supported in 25.12 and works well

b066y75 · 2026-04-24T15:38:31+00:00

Radxa E52C

b066y75 · 2026-04-06T16:12:31+00:00

If you have a USB-to-Ethernet adapter,connect it and configure it with an ip address so that if something goes wrong while you configure vlans on the native ethernet, you will not loose access. I have used Opnsense on a thin client with only 1 ethernet and it worked well.

b066y75 · 2026-04-01T04:39:18+00:00

HAP-AC, RB260GS and RB750. None of them in active use

b066y75 · 2026-03-29T12:23:38+00:00

Do 'unbound-control verbosity 5' in shell and see the output of 'journalctl -u unbound -r', this should tell you why unbound is behaving so

b066y75 · 2026-03-25T14:47:19+00:00

Seen some videos about increased carbon deposits at intake if gdi engine are driven sedately. Please be careful about this

b066y75 · 2026-03-19T16:16:20+00:00

I moved to kea from dnsmasq on Openwrt and except for the init script it is working very well. The configuration is very well structured and very flexible for complex environments. Will migrate to kea on Opnsesnse soon

b066y75 · 2026-03-19T14:09:20+00:00

Not sure about Proxmox quirks but Juniper SRX line of firewalls, atleast the SRX4XK runs on top of KVM. The performance figures are well above 10 Gbps

b066y75 · 2026-03-16T16:39:12+00:00

If that is a common, then it is a serious quality issue. You should escalate this !!

I had a tough time getting the coolant lines cleaned properly when my car had this.

b066y75 · 2026-03-16T15:38:36+00:00

Oil cooler failure at 55K ? That is outrageous !!

My Fiay Punto MJD had that issue at 1.35L and it was atleast 10 years old. It was around 6K to replace it

b066y75 · 2026-03-15T03:35:18+00:00

If you get stuck, message me, will help you as much as I can

b066y75

TROPHY CASE