Subcategories

  • Discussions and feedback related to this forum

    607 Topics
    3k Posts
    johnpozJ

    @microserfs and what IP was that - clearly your current IPv6 address is not block that I show you connected with.. And the only other IPv4 I see you using is not blocked.. You would have to let me know what IP you were coming from that was blocked.. Send it to me via PM if you don't want to make it public.

  • Community Hiring and For Hire postings related to jobs that require pfSense software skills

    27 Topics
    114 Posts
    w0wW

    @sef1414
    Name it "run.sh", copy to pf and chmod according documentation
    https://docs.netgate.com/pfsense/en/latest/development/boot-commands.html#shell-script-option
    You will see messages in the system log like those quoted in the script after logger command.

  • Feedback request on home network design

    3
    0 Votes
    3 Posts
    461 Views
    D

    @SteveITS said in Feedback request on home network design:

    @disi1 said in Feedback request on home network design:

    if I enable QoS for VLAN30, it is also applied on the WAN interface for all traffic?

    re: inspecting encrypted traffic, the PC would need to trust a cert on the proxy which decrypts the traffic. So, could be an issue for phones or other devices. I know the Bitdefender GravityZone we use for clients can do that on the PC by adding its own cert to Windows and then it intercepts traffic on the PC.

    I did register a domain and issued a valid certificate (Let's encrypt) to all internal services, including the firewall (wildcard which I know I have to manually renew every three months). To be clean and potentially use the Squid proxy*.

    Before I changed our network over, I did experiment with squid on the exact hardware, using the old setup as the uplink and it produced a lot of overhead on the firewall.

    The good news:
    Since I use pfSense for all networking and isolated the VLAN30, there were no issues. Before I had extreme lags when I used ZScaler and Pulse VPN for work. It seems the network runs overall smoother. This is without any Traffic Shaping or QoS,

    Only today I switched the ISP router to Modem Mode.

    p.s. if anyone else wants to split WLAN into VLAN using Mobility Express, it took me some time to figure this out (where 10.10.10.3 is the wlc management interface, but the management vlan needs to stay 0 or the APs cannot join).
    switch port access vlan 10 -> IP for the AP
    switchport trunk allowed vlan 10,20,30 -> for the wlc interface and the WLANs
    switchport trunk native vlan 10 -> needs to be the same as the APs vlan (10)

    interface GigabitEthernet1/0/16 description VLAN20_POE switchport access vlan 10 switchport trunk allowed vlan 10,20,30 switchport trunk native vlan 10 switchport mode trunk power inline port poe-ha

    Don't forget the ip helper to point to the DHCP for each vlan on the switch.

    For Squid transparent proxy you do need a CA, not only a valid certificate. I thought process was wrong. But it doesn't hurt to have a valid certificates in the network.
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    16 Views
    No one has replied
  • Signature edit

    3
    5 Votes
    3 Posts
    217 Views
    NeverSimpleN

    Thanks for the 'thumbs up' > signature now made a 10 year jump: pfSense 2.2 to 2.7.2, does not sound like 10 years though 🤔

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    15 Views
    No one has replied
  • Grafana CVE-2024-9264 - 9.9 score vulnerability

    1
    0 Votes
    1 Posts
    198 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    21 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    1 Views
    No one has replied
  • Weird .... mouse-gesture remote configuration file?

    Moved
    5
    0 Votes
    5 Posts
    766 Views
    JonathanLeeJ

    @johnpoz It’s because my Netgate firewall works too well, and they don’t like it. Unbelievable, yeah, I was like what is going on with that my mouse? It’s dancing all over and that config I see on the proxy coming down gestures from Microsoft Azure like I am on a domain. I’m not even on a corporate domain, it’s a private system. Weird, someone doesn’t like my firewall. Works really well, I am glad I finally caught it, while I was working on my AA in cyber security it would do the dancing mouse like clockwork at 4:30 every day when I was doing class, drove me crazy, it would act like the track pad broke. reset would fix it. New laptop same thing same time. It was like crazing making, gas lighting. I wonder if it was a "can, you catch me thing" for the cyber security classes. Again, Microsoft pushes it from Azure.... that's weird. Maybe because I login to a school account for the outlook program that is part of it. Still if I look at the json file it lists a blacklist with google earth, none of it makes sense. Mouse Gestures do not need any remote configurations.

    https://answers.microsoft.com/en-us/windows/forum/all/what-is-httpsedge-consumer-staticazureedgenetmouse/615baaf0-a6c2-4adb-b27b-c34d60a6bb42

  • Commodore OS Vision 2.0

    1
    0 Votes
    1 Posts
    446 Views
    No one has replied
  • The NIST Cybersecurity Framework 2.0

    1
    0 Votes
    1 Posts
    227 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    553 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    7 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    7 Views
    No one has replied
  • 0 Votes
    3 Posts
    321 Views
    johnpozJ

    @keyser pfsense is upstream and has no switch ports..

    pfsense -- sg300-28 --- sg300-10 -- nvr

    The sg300-10 port connected to the poe port on the back of the nvr to put a leg into that L2 was the one going up down.. The actual nvr lan port was fine. But there was no possible way for there to be any sort of loop that is for sure. The sg300-10 was the one logging the up/down.

    Yeah the poe didn't dawn on me for a bit.. And I tried turning off auto neg, turning off green ethernet, etc. etc.. tried all kinds of settings.

    Is it poe related - no I am not 100% sure on that.. But I know if your going to connect another switch to poe port of an upstream switch, if possible should make sure poe is disabled on that port, etc. But with the nvr there is no way to do anything like that..

    What I can say is no longer seeing any packet loss at all - which before there was some, that would go together with a up/down of the port even if very short 2 seconds, etc.. And there are no log entries for up down on that port connected to the nvr poe port with the little mini between the sg300-10 and the NVR poe port.. And the mini is being powered by the poe coming off the nvr port.

    edit: so before I was seeing some minor packet loss

    Packets: Sent = 386, Received = 383, Lost = 3 (0% loss)

    Now after I put the mini between I don't see any

    Packets: Sent = 1524, Received = 1524, Lost = 0 (0% loss)

  • No PayPal at Checkout

    4
    0 Votes
    4 Posts
    503 Views
    Sergei_ShablovskyS

    @Gertjan said in No PayPal at Checkout:

    @NollipfSense

    As a company that sells devices or services on the Internet, paypal is just a choice.
    Like accepting a credit card.
    Be ware that the selling party looses a percentage, and it isn't just "1 %".
    Furthermore, when a product is sold, the buyer can go to paypal.com and 'contest' Example : because he wanted a router that could handle 1000+ LAN devices, and he discovered that the "1100" can't handle it. Accepting paypal means you have to hire some one to handle paypal transactions.
    Money you receive, as a seller, from a paypal transaction, doesn't go to your bank account,, it goes to your paypal account. You want the money on your bank ? Ok, you have to pay for that as well.
    Etc.

    But anyway as a BIG company (#1 in SOHO firewalls solutions, honorable, etc, etc see the ADs), Netgate MUST ACCEPT THE MOST USABLE PAYMENT METHODS that work with fiats money like PayPal, Moneybookers, etc…
    BUT NOT THE CRYPTO

    Be aware : I love paypal, as a consumer. I never used them as a seller, and I'm telling this 'as heard' (and reading their usage conditions).

    As a BIG HiTech company - this PayPal fees (and all for its support and processing) must be YOUR EXPENDITURES. No doubts.

    P.S.
    From my business experience, 2 full-time stuff’s persons with ZenDesk able to processing with a stable quality about 200-300 transactions: this mean all aspects from just monitoring to resolving issues by mailing, phone calling, money return, etc…
    I hope, Netgate company have sufficient funds on 2 full-time persons, even hiring them from rich places like NYDC, California, or Switzerland:)

  • Anker Solix 800 Plus as UPS

    3
    0 Votes
    3 Posts
    872 Views
    N

    @stephenw10 said in Anker Solix 800 Plus as UPS:

    UPS but the switch over time is not great

    It works great in UPS mode and switch over is very quick

    Did the Anker run as continuously from battery in UPS mode?

    in UPS mode, all conected devices uses the mains power (bypasses anker) . The battery kicks in (in UPS mode) when power is cut off seamlessly (I did test this by disconnecting the power and my modem and netgate 2100 worked fine)

    Anker switch over is documented by 20 seconds and it works very good. I was dissappointed to return the unit because of some other fault - The app started flooding messages as low temp while my basement is constant 66 degrees F. Maybe I will wait for couple of years before buying another one.
    I would welcome anybody else who have tried such a thing and please mention the make and model numbers you have.

    FYI, I have solix anker 800 (not the plus) as my garage door opener UPS and so far (2 weeks) it is working good.

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    7 Views
    No one has replied
  • 23 days accident free

    17
    0 Votes
    17 Posts
    1k Views
    S

    @JonathanLee

    uptime between 200 and 250 days, depending on the Netgate release cycle ;)
    Accident free over more than 14 years, well ok two fails, both hardware...

  • Ping error? Invalid Argument

    Moved
    5
    0 Votes
    5 Posts
    3k Views
    T

    Better late than never.........

    I had a similar issue and noticed that you didn't have a number '1' after -c (presuming that you only wanted it to ping once): -c 1

    Maybe that would work.

    Cheers.

  • New GNS3 lab after yearsss

    1
    0 Votes
    1 Posts
    133 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.