• 2 internal LAN and 1 WAN Interface not correctly working together

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    R

    @Perry:

    Just to be sure. Did you add a rule on lan2 like the default rule on lan

    There is no smiley hitting his head with his hand ;-)

    That was the point, that solved the problem, thank you!

  • In/Out errors

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S

    Buffers are smaller on 10 megabit.  100 or gigabit will show better performance.

    Check duplex as well.

  • VPN and Windows client

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    Y

    @dear arno:
    you success to  use pfsense pptp sever + windows IAS (radius server), plain windows xp vpn client - it works perfect since installed .

    but I got problem:pptp server with radius
    1.enable pptp server with local aaa,that's all ok!
    2.only change aaa from local to radius server(such as evolynx radius server),success to in ,and get subnet ip,it seems all ok,but problem comes:can not ping any ip ,public ip(such DNS ,gateway of wan) and LAN ip of pfsense.(Tips:that's can ping when AAA with local,firewall peimit any IP any protocol).
    3.return aaa to local,all become ok.
    only change just local or radius server. Pfsense exist bugs on working with radius server or I wrong configuration? I NO IDEAR ?WHAT'S WRONG?can you help me?
    thanks
    yours yasian
    my email: yasian@163.com

  • Bridging 2 networks

    Locked
    13
    0 Votes
    13 Posts
    5k Views
    Cry HavokC

    Yeah, if you're dealing with fibre then you won't want to be trying to cut corners on costs - it will come back and bite you later (from experience).

    If you go wireless then you may want to look at a UK company http://www.solwise.co.uk/.  They have a page all about kit for linking buildings and have a PDF document about setting it up.

  • Monitoring bandwidth by LAN user

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Remote UPS shutdown & pfSense.

    Locked
    5
    0 Votes
    5 Posts
    12k Views
    Cry HavokC

    I have the following in /etc/rc.initial, just before the line /etc/rc.banner:

    REMOTE_IP=`echo ${SSH_CLIENT} | awk '{ print $1 }'` if [ "${REMOTE_IP}" = "10.11.12.13" ]; then            /bin/tcsh         exit && exit && logout fi

    Replace 10.11.12.13 wit h the IP of the system you want to be able to bypass the menu.

  • Looking for similar TORCH (like in mikrotik) tool in pfsense?

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    B

    Hello,

    You right , pftop is the right tool :)

    thanks,
    B.

  • Corrupted MAC on input

    Locked
    8
    0 Votes
    8 Posts
    15k Views
    C

    yes, I did (using the web interface): <disablechecksumoffloading>yes</disablechecksumoffloading>

    For my system it seems that the options doesn't have to be explicitly activated (as the original code does), but deactivated (what the code did not). At least this was my observation, ymmv of course :)

  • Having trouble with a site using a pfsense…

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    imwondering if i can use the traffic prioritizer to set priority based on IP range.  then i could set the DHCP scope to be less priority, and the servers and SAP workstatsions to have higher priority (and well, the bosses laptop too).

    i was playing with the traffic shaper, and even tho it wasnt listed, when i turn on the catch-all-p2p, ftp is limited as well.  the penalty box feature is kinda cool… is there a way to add more than one computer (or, is just copying the rule and putting in another IP the way to do it) ?

  • PfSense box as a http server

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    No and this has to be one of the worst security practices ideas I have heard yet.  It's a firewall, leave it be and deploy another server for this task.  No offense.

  • WAN -> LAN ssh problem

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    Cry HavokC

    It's an easy mistake to make, from personal experience :)

  • Is it possible to block websites in pfsense?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    M

    you could do it by dns, by adding a entry to 127.0.0.1, se when people try to access www.eviladdress.com they will be redirected to 127.0.0.1, but no logging features support this and it's pretty easy to bypass

  • Portsentry for pfsense

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    S

    These things are not supported.  Have fun :)

  • Port Spannig?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R

    AFAIC this is supposed to be done by the switch (if its able to do so) where's pfsense is plugged.

    Regards from Rio de Janeiro.

  • NTP Settings - What should I select?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    R

    I guess it's possible that the clock was way off to begin with and just hasn't been able to sync with a time server yet.

    Usually NTP protocol don't do big jumps in time.  It has some limit to the automatic time change.  If the time shift is greater than XXX seconds / minutes, it will not update.

    Have you tried to config the clock manually to the closest as possible and then asked pfsense to then, sincronize ?

    Also, sometimes time settings is not change on the fly on some process.  Sometimes it is necessary to restart the service.  If it is something related to kernel, usually a reboot will make the time to be correct (if the hardware clock is correct at boot time).

    Regards from Rio de Janeiro.

  • Monitor and log http sites visited by domain name ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S

    use the Squid package?

  • Its possible to enable MPPE on pfSense PPPoE server ?

    Locked
    1
    0 Votes
    1 Posts
    4k Views
    No one has replied
  • Download or upload eats all available bandwidth

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    Cry HavokC

    Enable traffic shaping then :)

  • Increase NTP Frequency

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    A

    Please test Your local time server (pfsense) from windows machine. Is it synchronized to upstream servers at all? Stop windows time service, install ntpdate, and do test:

    ntpdate -d yourlocalpfsenseserver

    I think - better way for company's local time source - to use BSD "stock" ntpd from www.ntp.org, not OpenNTPD. Configure 3-5 reliable stratum1 or stratum2 time servers and keep Your windows machines always happy.

    Arnis

  • Sonicwall and pfsense setup

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    Cry HavokC

    My personal take would be to leave the Sonicwall as a standard firewall, put the web and mail servers on non-internet IPs and forward the relevant ports only.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.