See https://redmine.pfsense.org/issues/10789

Feature request: https://redmine.pfsense.org/issues/6544

@Gertjan yeap! right, correct redmine link https://redmine.pfsense.org/issues/3128

@kiokoman said in Help getting unbound grafana dashboard working:

rm /usr/local/etc/unbound/unbound.conf

Hi,

I tried what you said, but dispite the conf file with

Unbound Statistics
statistics-interval: 0
extended-statistics: yes
statistics-cumulative: no

the stats is cumulative, which is no good for influx. How did you manage to make it not cumulative ?

The licensing of the ubiquity software makes packaging it problematic, and that really isn't a service that should be on a firewall. It should be on a separate device, VM, etc. Isolated on a management system.

OK, managed to fix this by installing FTP Proxy Plugin and selecting below.
It mentions some firewall rules being created, but i dont see anything.

ftp fix.png

@tandyuk

There are some Solutions to this with a VPS in an Datacenter and your Pfsense at home.
Like MLVPN or mptunnel/VPN.

Indeed, pfBlockerNG + DNS Resolver (unbound) is pretty much the exactly same use case as PiHole and can/could be used for that for a long time now. ;)

@900MHZDUDE

Sorry I thought you were looking for something running on your firewall.

Take a deep breath. IPsec can be frustrating, but it's not that hard. Typically, the people you are working with will provide you with the parameters- their IP, a pre-shared key, The P1 alogorithm, hash, etc. You add a new phase one under VPN/IPsec and plug the info in. The phase 2 consists of the network on your side (typically your lan) and their side that are reachable via the tunnel. Do a best effort configuration, then get the IT person from the other company on the phone to go over the settings if it doesn't come up. That way you will learn something instead of paying someone to do it for you.

How many hours of work... Seems like quite a few to me.. So unless you get lucky and someone writes it up for their own use and shares it. You have to provide enough incentive for someone to do all the work.

$100 at best at best cover an hour worth of work - this is clearly more than 1 hour to implement, etc.

I would second the option to just virtualize many firewalls. I have a cloud solution for clients running on vmware and I have my internet pipes vlan'd on the network so I can just spool up a pfsense per client.

The downside, you would need much more than an E3. I almost went the "super-firewall" route using a server with dual E5-2630v4 and 64GB of RAM with 8x 240GB SSDs in a RAID 10. But then decided to just use smaller virtual firewalls on my main ESXi servers.

A managed switch, even if it is just a "smart" switch that can handle vlans on the internet side as what I call a "dirty switch". VLan your internet pipes, lets VLAN150 and VLAN151. Then I would route that to dual servers, single E5-2620v4 with at least 16GB of ram or a dual E5-2620v4 with 32 GB minimum. Then load ESXi and set 6 total firewalls with 50 VLANs each.

You can use something like pfmonitor to manage all of those virtual firewalls.

You could conceivably even have 300 virtual firewalls, I would have more powerful servers. Maybe a stack of 3 dual-proc servers running full vmotion and such, like ESX Essentials Plus.

Or at that point, just do straight up L3 routing with a dedicated external IP per ethernet port dorm. Then let the kids put their own firewalls and wireless networks in. Sure it causes congestion, but if it works in high-rises in NYC. Heck I live in a suburban neighborhood with 53 other houses on my street and I can clearly see a dozen or more wireless networks.