@ptt:
@luke240778:
Ok all, i am seriously needing help here.
Have you considered the Commercial Support ?
https://portal.pfsense.org/
Have considered it yes. Was hoping that some one on the forum would have been able to assist first, but if i can't get anywhere i guess thats what i'll have to do.
Thank you, that worked perfectly. I enabled the DNS-Rebind check and enabled NAT Reflection.
EDIT: I found this page explaining the problem in more detail and showing other solutions.
http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
When deciding which interface to use to send an IP packet, IP software will send the packet on the interface belong to the subnet of the destination (either the ultimate destination or a router which will forward the packet closer to its destination). If you have multiple interfaces belong to the same subnet then it is not well defined which interface will get used (if any).
There is a Wikipedia article on IP routing which you may find informative.
It's all being kept carefully under wraps. The only clue we ever has was this tweet in which Scott says:
@Scott:
Later this summer we will change how large scale deployments of pfSense are managed
Clearly that time period has passed so you'd have to ask Scott. :-\
Steve
@st4rtx:
hello all
i cant find any good pakage for pfsense to use snort sam
any body now how to use snortsam in pfsense ?
Developers are working on that:
http://forum.pfsense.org/index.php/topic,27388.0.html
Check here as well:
http://forum.pfsense.org/index.php/topic,34751.0.html
Sounds to me like it's not so nice and stable as you say…
Perhaps this behaviour is fixed in the current release?. Maybe you should test that in a lab?
@stephenw10:
You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.
Steve
WoW !!! Yes Steve, I got it, many thanks, I'm really greatful, you saved me from a lot of troubles ;)
I'm fairly sure that by default you entire disk is partitioned and mounted and most of that will be available to the squid cache. However it's been a long time since I used a full HD install.
To check you can run the command:
df -h
Either in the console or in Diagnostic:Command Prompt in the GUI. You should see something like:
$ df -h
Filesystem Size Used Avail Capacity Mounted on
/dev/ufs/pfsense1 443M 139M 268M 34% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/md0 38M 2.9M 33M 8% /tmp
/dev/md1 58M 12M 41M 23% /var
/dev/ufs/cf 49M 1.6M 44M 3% /cf
devfs 1.0K 1.0K 0B 100% /var/dhcpd/dev
The above is a NanoBSD install so your output will look different. Squid stores it's cache in /var so that's what you want to be big. :)
Steve
Yeah, that kicked it back into gear. ;D
Now my log is flooded with:
dhclient[5428]: DHCPREQUEST on re0 to 10.252.48.1 port 67
dhclient[5428]: SENDING DIRECT
Messages every minute or so again. :o
Cheers.
There are no build tools included in pfSense as this would only serve to reduce security.
If you need to compile new drivers (it may not be possible) you need to do it on a FreeBSD 8.1 install and then transfer the file.
Steve
Just want to say something to the Squid Proxy point:
It would be able to install a squid proxy on each tower and another one at the main office. Then you have to enter the proxy at the main office as the upstream proxy for the tower proxies.
But I think this would only make sense if the bandwidth between the towers and the main office are to small.
Get all the easy stuff out of the way first:
Test your memory with memtest
Test your hard-drive with the manufacturer's utility
Install pfSense 2.0 Release, it's been out for a while now (do your config from scratch for best results and do not install ANY packages)
Make sure your hardware (especially your nic cards) are on the freebsd compatibility list
You either will need to swap out your production machine for this, or do the work after hours. Once you have done everything above, come back and let us know how it goes.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
