• Skype not working properly

    20
    0 Votes
    20 Posts
    11k Views
    K

    Well - Like I said, the effectiveness of this will also depend on you getting things like "ultrasurf" off your network.

    I did have a little conversation with some very smart people on that subject here:

    http://forum.pfsense.org/index.php/topic,64432.msg349171.html#msg349171

    Pay special attention to one post by phil.davis and how he handles port 53 with this solution.
    Basically, you want to only allow access to port 53 to your pfsense box and the DNS servers at dyndns from the LAN.

    You can set up your DYNdns filters at https://account.dyn.com/labs/dyn-internet-guide/              (log in to dyndns first)
    Then click defense plan or default defense.  Modify it to block whatever you need blocked in the office)
    You will need to also set up your dynamic DNS service in pfsense so that dyndns always knows your network's IP.
    Then follow instruction I gave in the thread above.

  • Is this setup Feasible? Medium Sized-Biz

    1
    0 Votes
    1 Posts
    980 Views
    No one has replied
  • System log quit working after a panic reboot

    5
    0 Votes
    5 Posts
    2k Views
    B

    Thank You to the suggestoins made to the syslog problem. After looking a second time,,I noticed this time in the syslog it was showing something about" kernel/boot was a binary files".( one line of logging)
    I done a "Clear log" as suggested.
    This got rid of 'the binary file ' thing',,and system log is working again now.

    This machine actually panic rebooted ,again last night ,overnight,,,drove to the remote location where this pfSense machine resides to find one of the  case cooling fans had quit and the second case fan is barley turning so,,I'm sure it is overheating,,,not an pfSense/OS problem at all.

    Take Care,
    Barry

  • Access AP behind pfsense

    6
    0 Votes
    6 Posts
    2k Views
    K

    I think its smarter to put an extra NIC card in the pfsense so that you have

    WAN  (assigned by ISP DHCP)  Plugged directly into modem
    LAN (for you)        -  10.15.20.0/24
    OPT (for visitors)  -  10.15.21.0/24

    Then plug an AP into OPT1 port for visitors.  Bind Captive portal to OPT1
    If the AP gets a STATIC IP on the OPT1, you can allow just that 1 IP to LAN net (10.15.20.0/24) in Firewall Rules. 
    Then:
    In firewall rules for interface OPT1 block any with DESTINATION LAN net  (10.15.20.0/24)  (Before the pass everything rule)

    The AP interface should be available to you.

  • Content filtering on systems without use of squid or dansguardian

    15
    0 Votes
    15 Posts
    7k Views
    P

    Your solution still works - it sometimes might work for an even wider audience than planned.
    My real office users have desktops in the domain, or laptops for which they do not have admin privilege. So they can't change their allocated DNS server and can't add 1,000 naughty name/address pairs to their hosts file. All DHCP for allowed/known devices are static mapped. General devices in the DHCP pool get addresses in a range that has internet access blocked. When someone arrives with a new allowed device they have to get the WiFi password, connect, then we find them in the DHCP pool and static map them to their proper allocated address. Of course, someone can connect by cable to a real wall socket, set at suitable IP address and get access - but these days most people want to get their mobile device onto the WiFi, so they are stuck at step 1 getting the WiFi password.
    I block any TCP+UDP to port 53 !LANaddress - then people with personal devices can set whatever DNS server they like, all the ones other than the one provided on the pfSense will simply not respond/work.
    These people with personal devices could still load up a hosts file with a list of naughty site names and IP addresses that they get from somewhere, but they know the organisation policy and that there would be big trouble if they were caught going to those lengths to access prohibited material.
    For me, the DNS provider filtering option is quite effective, simple to use and cheap!

  • ALERTS on RRD Categories

    3
    0 Votes
    3 Posts
    2k Views
    P

    Thank you sir.  Will have to wait for 2.1.  I've got 1.2.3 as the rock solid ones in production.

  • PFSense - Kernel Panic on 2.0.3 - Redundant Firewalls

    3
    0 Votes
    3 Posts
    1k Views
    D

    Looks like I have the double-whammy with both igb interfaces (Intel expansion slot) as well as Broadcom on board. Thanks for the quick response, I'll deploy this on the two firewalls I'm building for the local office. I'll definitely let you know if this fixes the issue.

    Thanks

  • SD Card encryption

    3
    0 Votes
    3 Posts
    1k Views
    jimpJ

    We don't officially have any support for disk encryption, but FreeBSD does. It does require manually entering the password, otherwise as doktornotor said it would be pretty worthless. You can have security, or you can have convenience, you can almost never have both.

    http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html

    You need an unencrypted section of the disk in addition to the encrypted section (or two separate disks), I don't believe it supports booting from an encrypted disk for some obvious reasons.

    If you're that worried about someone stealing the CF, then you either need to not keep such sensitive data on it, or invest in some good physical security measures to keep it physically safe and locked up.

  • XMLRPC sync without CARP/pfsync

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Sure, XMLRPC works with or without CARP. Some people use it just to sync aliases and such.

  • Bandwidth test = fine, browsing = impossible

    2
    0 Votes
    2 Posts
    907 Views
    S

    I should note that this is 2.1 because of RADIUS/IPSec

  • A new vulnerability was discovered in Haproxy !!!

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    The haproxy package on pfSense 2.x is already on 1.4.24. Just reinstall the package and you'll be OK.

  • Routing of the public ip to the switch in pfsense.

    6
    0 Votes
    6 Posts
    2k Views
    M

    Or I use the option virtual ips?
    http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

  • Pfsense vs firewalls ??

    2
    0 Votes
    2 Posts
    800 Views
    stephenw10S

    Like this? http://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

    Steve

  • Inactive Memory problems

    9
    0 Votes
    9 Posts
    4k Views
    A

    @wallabybob:

    This is the sort of symptom you would see if mbufs (kernel network buffers) are (nearly) exhausted. pfSense shell command```
    netstat -m

    reports mbuf statistics. It could be worth running a shell script on the console to loop giving a timestamp, reporting the statistics and sleeping for an hour. You could also run that in a SSH session to capture history while the console run will (hopefully) give you statistics after you lose network access.

    I wish mbuf counts were on an rrd graph in pfsense.  It is such an important thing to keep an eye out for.  It would be great to see the history of that over time.

    Thinking about it… It would be great if we could get a consensus on some very important things to monitor like this and get a script going to send an email alert when the values are approaching the maximum values.

  • Monitor (RRD) of external device (cable modem)

    1
    0 Votes
    1 Posts
    968 Views
    No one has replied
  • Migrating from smoothwall to pfsense.

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Unexplained Excess Traffic on WAN

    9
    0 Votes
    9 Posts
    4k Views
    D

    Sounds like you somehow created open proxy…

  • Failed to mount pppoe with my ISP on Pfsense 2.0.2 or 2.0.3

    6
    0 Votes
    6 Posts
    2k Views
    L

    Hi,

    just for information, my provider has changed is radius configuration. I obtain tha gateway and the dns.

    thanks for all

  • Adding a second NIC - Issue

    11
    0 Votes
    11 Posts
    3k Views
    K

    What does the pfsense status say about all of your interfaces on the main page?

    UP? down? Red?  Green?

    Also, in the drop down menu, for MAC addresses in your interfaces > assign, for the OPT1, what is the MAC?  How many choices for MACS are there?  If you count all the possible MACS is it , less, the same, more than interfaces on your system?  Are the macs you assigned to each interface different?  (not even sure if its possible to assign 1 MAC to 2 interfaces, but I'm wondering)

    And is 255.255.0.0 a typo?

  • Multi-pppoe server not working

    3
    0 Votes
    3 Posts
    8k Views
    C

    Try use different IP on different Server from any router

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.