# Current Tasks > **Last Updated**: 2025-12-21 ## In Progress ### OPNsense NAT Configuration (URGENT) Config was corrupted during editing. Restored to backup. Need to re-add: **Via OPNsense UI (https://10.4.2.1):** 1. **Port Forwards** (Firewall → NAT → Port Forward): - TCP 80 → 10.4.2.10:80 (Traefik HTTP) - TCP 443 → 10.4.2.10:443 (Traefik HTTPS) - TCP/UDP game ports → 10.4.2.26 (AMP server) 2. **NAT Reflection** (Firewall → Settings → Advanced): - Reflection for port forwards: Enable (NAT + proxy) 3. **Disable Rebind Check** (System → Settings → Administration): - Uncheck "HTTP Referer enforcement" 4. **WireGuard** should still work (built into OPNsense 25.7) ## Pending ### Remaining Network Tasks - [x] Disable DHCP on Asus router and switch LAN to OPNsense DHCP - [x] Test firewall isolation (IoT device cannot ping LAN device) - [x] Test LAN access to IoT (Home Assistant, Frigate can reach IoT devices) - [ ] Migrate devices from Asus APs to UniFi APs (to retire Asus routers) ### Future Network Upgrades - [ ] Order hardware (2× GiGaPlus 10G PoE, 2× U7 Pro) for 10G backhaul - [ ] Consider managed 2.5G PoE switches for proper VLAN support - [ ] Consider OPNsense HA (CARP) with second USB NIC on another node ### Media Organization - [ ] Verify Jellyfin can see all imported media - [ ] Clean up `.processing-loose-episodes` folder - [ ] Review and potentially restore TV shows from processing folder ### Configuration - [ ] Consider custom format to prefer English audio releases - [ ] Review Sonarr language profiles for non-English releases ### Infrastructure - [ ] Define backup strategy and schedule - [ ] Set up monitoring/alerting system - [ ] Document disaster recovery procedures ## Completed (Recent) - [x] OPNsense WAN cutover to AT&T modem (192.168.1.x) - [x] VLAN isolation working (Trusted, IoT, Guest) - [x] pm4 vmbr0 VLAN-aware with persistent bridge vlan config - [x] Pi-hole accepting DNS from all subnets (listeningMode=ALL) - [x] Pi-hole gateway set to OPNsense for return routing - [x] UniFi SSIDs configured with VLAN tags - [x] Configured OPNsense VLANs (10, 20, 30) on vtnet0 - [x] Configured VLAN interfaces with IPs (10.4.10.1, 10.4.20.1, 10.4.30.1) - [x] Configured DHCP on all VLAN interfaces - [x] Implemented firewall rules for IoT/Guest isolation - [x] Added Traefik routes for UniFi Controller and OPNsense - [x] Resized Traefik LXC 104 rootfs from 2GB to 4GB - [x] Configured pm4 vmbr1 bridge with USB 2.5G NIC for OPNsense WAN - [x] Added net1 (vmbr1) to OPNsense VM 130 - [x] Deployed UniFi Controller LXC 111 on pm4 - [x] Fixed SSH access between cluster nodes (pm2 can access all nodes) - [x] Fixed NZBGet permissions (UMask=0000 for 777 files) - [x] Fixed Sonarr permissions (chmod 777 on imports) - [x] Fixed Jellyfin LXC mounts (restarted LXC) - [x] Fixed Jellyseerr IP in Traefik config - [x] Consolidated documentation structure - [x] Created documentation index ## Blocked None currently.