• How to set user time out on SSH sessions?

    10
    0 Votes
    10 Posts
    2k Views
    D

    Thanks for that - I'll remember to log out from now on!

  • How to assign Virtual IP for outbound to LAN Device?

    20
    0 Votes
    20 Posts
    5k Views
    jimpJ

    The reset button is only probed during boot. If you press and hold the reset button while it's booting, it will reset to factory defaults.

    As doktornotor mentioned you can hijack that to replace the default config with your own, but then you could never actually do a true factory reset again (until you do a firmware upgrade and that default config goes back to a stock version)

  • PFSense - Reboot Randomly

    7
    0 Votes
    7 Posts
    2k Views
    W

    Thanks wallabybob…

    Shows different than acd0 in VMWare but makes sense, will be trying that, will let you know how it works.

    Thanks for everyones responses!!!

  • Blocking Access to Certain Web Sites for Certain Users?

    2
    0 Votes
    2 Posts
    4k Views
    K

    Dansguardian will probably serve you well andf you will get AV scanning to boot.

    http://forum.pfsense.org/index.php?topic=42664.0
    pay attention to the section on HTTPS and forwarding to 8080
    This is a more recent write up:
    http://thegeekninja.wordpress.com/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/
    I would stick with the stable release of squid rather than use the squid3 beta.

    Dansguardian is a package now so you can add it directly from package and no listing of commands is needed.

    Go into the ACL (access control list)
    Disable all the filters you don't want
    Make sure URL list is enabled.
    Edit the regexp in the banned section just adding the url of things you don't want people to see.

    like youtube.com
          facebook.com
          whyisuckattyping.com    or whatever.

    It will be easier to make a firewall rule for you if you make an alias including all the machines you wish to filter.

    For me, I disable all the filters except url and antivirus scan.

  • PfSense Firewall Schedules and Active Firewall States

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    Scheduled rules go under a label in pf for that schedule. When the time comes, only states labeled for that schedule are killed.

  • Access remote database via portal

    2
    0 Votes
    2 Posts
    1k Views
    F

    mysql server not run, so you can't connect. My problem is same, if open shell in pfsense and write this in console "service mysql-server onestart" if you install mysql-serverxxx packet it will start and connect.

  • RRD Graph not showing interface….

    2
    0 Votes
    2 Posts
    818 Views
    ?

    Check the Interfaces tab, how does lit look like ?

    http://pfsense/interfaces_assign.php

  • How can I see who is connected?

    8
    0 Votes
    8 Posts
    3k Views
    jimpJ

    We've discussed that and want to add it, but we need to get moved to SMF 2.x first. That has been a challenge to get done (we tried once and had to back it out, even after getting it to work on a test clone of the forum).

    Once we're on there, a few other things will be enabled like that. That's a topic for a different thread, though. :-)

  • PfSense v2.0.3 Connection reset by peer problem

    7
    0 Votes
    7 Posts
    14k Views
    M

    @jimp:

    On 2.1 I added a checkbox to the system log settings to disable the logs from lighttpd. So you won't need to edit the code directly once you move to 2.1, just (un)check the box.

    It says under your nick that you are a 'Hero member': I can now understand why  ;D ;D

    Thank you for all you are doing  :P

  • 0 Votes
    9 Posts
    7k Views
    K

    Thats a good way.  Fairly convenient.  Never thought of that one.

  • Pfsense Persistent Static Routes

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    Please do not post the same thread more than once. Someone replied to your other thread already, so I'll lock this one.

  • Captive Portal: Possibility to show MAC and IP of used vouchers?

    4
    0 Votes
    4 Posts
    1k Views
    O

    @asdf:

    I'm not sure what you're asking for. If it's the file containing MAC/IP's per user, then I guess you want /var/db/captiveportal.db

    Thanks bro. I got it already. I found it at the status> syslogs > Port Auth

  • Bandwidth monitoring

    5
    0 Votes
    5 Posts
    1k Views
    S

    you can only monitor with this package, If you want to limit your users within the cap, I don't think there's a package for that!

  • Critique my setup please

    8
    0 Votes
    8 Posts
    2k Views
    D

    @kejianshi:

    Sounds good.  I'd say its perfect then if thats just the way you want it.
    Bigger certs certainly should never make your VPN less secure unless its a compromised algorithm..

    meh makes me feel safer having bigger numbers…perhaps I'm compensating for something else! :)

    Thanks for taking the time to reply.

  • Thanks

    3
    0 Votes
    3 Posts
    1k Views
    P

    So, under the firewall rules, lan, I created a rule for every single static IP mapped address, and selected which gateway I wanted it to exit through. So, if I wanted 192.168.1.2 to exit via my isp, I selected that. Seems to be working perfectly. Specific devices are going through my vpn provider, the rest are going through my ISP.

    You can make your life a little easier by creating an alias (Firewall->Aliases). Make 1 rule sending that alias to the VPN. Put all the devices that should go over the VPN into that alias. Less "almost duplicated" rules to manage, and 1 easy place to add/remove devices from the list.
    You could also allocate static mapping IPs for the "over the VPN" devices to a nice "power of 2" range of your subnet - e.g. 192.168.1.16 to 31 - that means they are all in network 192.168.1.16/28 - then you can make your alias just be the network 192.168.1.16/28. Static mapping something inside that network will result in its traffic going over the VPN. If you are comfortable with thinking/using variable-sized network masks then that can be easy.

  • Blocking Facebook Videos

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Yes, we scan

    29
    0 Votes
    29 Posts
    7k Views
    K

    Its not really that port mirroring is "bad".
    Its bad if it can be remotely switched on via a back door and pointed towards destination of choice.
    No technology is bad unless used in a bad way.

    Well…  I guess its also bad if its use to seamlessly funnel every single bit and byte of data running across a major trunk in two directions simultaneously.  One towards destination that serves the consumer and the other for real-time ingestion at line speed and later analysis elsewhere and calling it a feature of the unit.  I don't think privacy is a privilege, but rather a right.  No one has to be licensed for privacy.  Its not something that you should have or not have at the digression of the government or anyone else.

  • HTTP, FTP download slow

    1
    0 Votes
    1 Posts
    999 Views
    No one has replied
  • Routing

    3
    0 Votes
    3 Posts
    1k Views
    johnpozJ

    Yes a drawing would be very helpful

    But couple of things - if your using as just a "router", then your not using any firewall rules?  And your not doing nat?

    How do the devices in your live network route to the lab network, I would assume they are using a default gateway other than your wan interface of your pfsense VM.  So you would either have to use host routing on the devices in that network - or their gateway would have to know to talk to the wan interface of your pfsense vm to talk to the lab network, etc.

    where you say you can not ping from the lan (lab network I assume) interface – lets call live network address A, and lab network B -- how does your firewall (gateway of live network I assume) know how to get to network B?  It would need a route to this network, if not its just going to go out your ISP connection which I would assume is its default route.  So it would be unlikely you ping your live network firewall from lab network.

  • L2TP and DHCP

    1
    0 Votes
    1 Posts
    769 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.