Subcategories

  • Discussions and feedback related to this forum

    607 Topics
    3k Posts
    johnpozJ

    @microserfs and what IP was that - clearly your current IPv6 address is not block that I show you connected with.. And the only other IPv4 I see you using is not blocked.. You would have to let me know what IP you were coming from that was blocked.. Send it to me via PM if you don't want to make it public.

  • Community Hiring and For Hire postings related to jobs that require pfSense software skills

    27 Topics
    114 Posts
    w0wW

    @sef1414
    Name it "run.sh", copy to pf and chmod according documentation
    https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shell-script-option
    You will see messages in the system log like those quoted in the script after logger command.

  • A more up-to-date pfSense?

    4
    0 Votes
    4 Posts
    1k Views
    JeGrJ

    @jantypas said in A more up-to-date pfSense?:

    Dare I say it, other than pf filters, what is BSD about pfSense that couldn't be ported to a modern Linux environment?

    You've already heard of TNSR? There are a few things you scratch, why it's running on a Linux core (FD.io & DPDK and more). As SCLR was also mentioned besides TNSR a year or so ago, I was instantly thinking: Hmm.. 'pfSense 3.0' could very well be something along the lines of SCLR. Same fast core underneath with fd.io/dpdk with CLI, API etc. and "just" put a pfSense style UI on top (docked via API). So I don't think it impossible you get away with murder ;)

    OTOH some have to see, that pfSense Devs already do and commit much of their stuff upstream into FreeBSD so... calling BSD dying etc. has been going on for years. It's still there :) Any way I think we still have much to see where this is headed.

    Greets

  • Adding a deny rule in console using easyrule

    2
    0 Votes
    2 Posts
    542 Views
    jimpJ

    The block function only works by source IP address. That's just how the utility was coded. It's original purpose was for blocking and passing items seen in the firewall log. From there, the most secure choice was to assuming blocking meant anything from that address, and for passing the most secure choice was to be specific and only pass to one IP address/proto+port.

  • Router and bridges

    5
    0 Votes
    5 Posts
    1k Views
    johnpozJ

    A bridge is nothing more than a switch... If you need more ports on a L2, use a switch..

    How about some details of what your trying to do exactly. What is this device/thing/whatever your trying to connect to a network? And what are the details of the network you want to connect to.

    Is wireless involved? I can tell you most of the time - bridging would not be the right solution ;) Unless you are talking about bridging a wireless to wired??

    Nobody can help you make a decision or even explain why you would want to do XYZ vs ABC without some details!

  • AMD CPUs decent performance for firewall?

    2
    0 Votes
    2 Posts
    916 Views
    H

    @harvy66 ryzern is leaps better than the failed design that was the construction series. The biggest issue is hardware support under BSD. There's not many server boards around for ryzen as AMD has positioned ryzen for the desktop. EPYC and threadripper are the cpus that support server boards. if you build a ryzen system do not use the onboard nic if it is anything other than intel or broadcom. those other winnics will cause issues with pfsense down the road..if not immediately.

  • LARGE IP SUBNETS.

    Moved
    15
    0 Votes
    15 Posts
    2k Views
    M

    @johnpoz said in LARGE IP SUBNETS.:

    Optimal design of the lan is quiet often overlooked ;)
    See it all the time.. But everything is connected at gig why I am I not getting gig.. The NAS is X*SSD in a raid 0, etc.
    Well - lets see you have 100 users talking to all kinds of stuff intervlan with your 10 different vlans all on the same physical 1 gig interface... Yeah your router is a freaking BEAST and can see its not breaking a sweat... Your road between is just overused... Suppose to be able to go 55 on the highway as well, but when its crowded and over used.. Can you go 55 ;)

    I have 10gb Uplink Modules for each of the switches, so no problem in that regard. I'm also having fiber run between 2 floors of the building. I might set up LAG teams for NAS however.

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    15 Views
    No one has replied
  • Broadcast Storm Control Traffic

    3
    0 Votes
    3 Posts
    956 Views
    V

    Got it, thanks.

  • GatewayGroup \ Openvpn not following

    3
    0 Votes
    3 Posts
    496 Views
    T

    thanks for your fast respond, i will check this out tonight and reply if my issue is resolved or not !

    thanks !

  • PfSense Intel I350-T4 NIC card install

    1
    0 Votes
    1 Posts
    440 Views
    No one has replied
  • Configuring pfsense with one WAN and one LAN

    2
    0 Votes
    2 Posts
    447 Views
    GrimsonG

    https://www.netgate.com/docs/pfsense/book/ read it completely.

  • Before I install pfsense

    2
    0 Votes
    2 Posts
    498 Views
    RicoR

    You don't need to split into different subnets, you can just Policy Route by source IP.
    I highly recommend you to check out the great OpenVPN as a WAN hangout (https://www.netgate.com/resources/videos/openvpn-as-a-wan-on-pfsense.html) to give you a general overview what's possible and how it's done.

    -Rico

  • 0 Votes
    3 Posts
    552 Views
    P

    Can the tunnel network IP work as like a gateway?

    Because I have another problem, that I can't reach the site-site vpn from another vpn.

  • Default gateway switching option not seen in Pfsense 2.4.4

    4
    0 Votes
    4 Posts
    741 Views
    RicoR

    Yes that is a normal behavior when the WAN gets switched.

    -Rico

  • Help needed, custom Snort rule prevent me from starting the WAN interface

    2
    0 Votes
    2 Posts
    537 Views
    bmeeksB

    @sjady said in Help needed, custom Snort rule prevent me from starting the WAN interface:

    Good evening everyone

    Im having an issue where when i add a custom rule to my WAN interface(SNORT), i cant start the interface, not even the simplest ping rules work now despite having worked just fine all day. Trouble started after i started doing some test monitoring of some SMB traffic with the following rule:

    alert tcp any any -> $HOME_NET[139, 445] (msg:"Home network SMB triggered"; flow:to_server,established; content:"P|00|S|00|E|00|X|00|E|00|S|00|V|00|C"; nocase; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; classtype:suspicious-filename-detect; sid:2010781; rev:3; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

    Not sure what went wrong, but the rule didnt work, and now my other custom rules dont either(as in they prevent me from starting the interface), awsome sigh..

    Anyone who knows what has happend?

    Your rule given in your post has a syntax error. There should be a space between $HOME_NET and the SMB ports string. Secondly, you are using a SID range that is not guaranteed to be unique. There can only be one unique SID for each rule loaded. You should generally start custom rules at a very high range like 5555 or 9999, etc.

    Your rule should look like this:

    alert tcp any any -> $HOME_NET [139, 445] (msg:"Home network SMB triggered"; flow:to_server,established; content:"P|00|S|00|E|00|X|00|E|00|S|00|V|00|C"; nocase; reference:url,xinn.org/Snort-psexec.html; reference:url,doc.emergingthreats.net/2010781; classtype:suspicious-filename-detect; sid:2010781; rev:3; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

    Did you look in the pfSense system log for any error messages? I would expect one to be in there complaining about the rule syntax and/or duplicated SIDs.

  • The switch is counting up

    1
    0 Votes
    1 Posts
    206 Views
    No one has replied
  • 0 Votes
    8 Posts
    1k Views
    GrimsonG

    @demonclaw said in Need Help Setting Up PF Sense Box For A Game Server On A DMZ And A PC on A Local Lan:

    I some what under stand how to set up the rules I was just having trouble which interface .

    Then read the book until you really know how firewall rules work, this will answer your question then.

  • Any new pfSense Hangouts in schedule?

    2
    0 Votes
    2 Posts
    372 Views
    jimpJ

    We had a busy few months with releases of TNSR and pfSense, plus the holidays and the SG-1100 launch, so there wasn't much time to allocate toward them recently. Assuming there is a viable topic to cover this month, the current plan is to have one at the end of January as usual.

  • Limit access to specific IP based on Credentials

    7
    0 Votes
    7 Posts
    2k Views
    johnpozJ

    If your "wan" is only an intranet - may I ask why your natting? Normally doesn't make a lot of sense to nat rfc1918 to rfc1918 unless you have a overlap in space.. Which its always better to fix the overlap by using different space, etc.

  • InterVlan Routing, Layer 3 switch & Pfsense

    4
    0 Votes
    4 Posts
    850 Views
    F

    @derelict Fixed the pictures, thanks. And Under Gateways I have 4 interfaces, WAN, LAN, OPT1 and OPT2.

    I should rename OPT1 to L3_SWITCH and set the IP to 192.168.0.25 (an IP on VLAN 1).
    And I should static route 192.168.0.0 to L3_SWITCH (192.168.0.25). Would I also have to do this for every other VLAN?

    EX:
    VLAN 10: 192.168.10.3 to L3_SWITCH (192.168.0.25)
    VLAN 20: 192.168.20.3 to L3_SWITCH (192.168.0.25)
    ETC or do I just need the route for 192.168.0.0?

    Thanks,
    MF

  • Hypervisor Recommendation For Linux VM's

    5
    0 Votes
    5 Posts
    660 Views
    KOMK

    I would use VMware ESXi. It's free and best of class.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.