• Proxy, Whitelist

    1
    0 Votes
    1 Posts
    266 Views
    No one has replied
  • apcupsd- Back UPS 650VA

    15
    0 Votes
    15 Posts
    2k Views
    M
    @jimp LOL! I have been thinking this very thing and will probably do it. If I do, I’ll report back.
  • LDAP authentication works in Diag:Auth but not for login

    1
    0 Votes
    1 Posts
    105 Views
    No one has replied
  • how to block bad guys who is sharing internet by laptop

    Moved
    18
    0 Votes
    18 Posts
    2k Views
    JKnottJ
    @marvosa said in how to block bad guys who is sharing internet by laptop: We even have a few clinics that are sharing a single T1... A real T1? These days, those are generally emulated over Ethernet. I first did that over 10 years ago. They have also been run over SHDSL for many years. I was working with that stuff back in the early '90s. I suppose there are still some parts of the world that rely on 2 cans and a string.
  • Pfsense 2.5.0 pppoe Limit on Radius

    Moved
    6
    0 Votes
    6 Posts
    732 Views
    stephenw10S
    Possible solution here: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-working/3 Pretty hacky though.... Steve
  • 0 Votes
    3 Posts
    424 Views
    R
    @jimp said in [2.4.4p3] Reboots with ctrl-alt-del on console even though hw.syscons.kbd_reboot = 0: kern.vt.kbd_reboot That was a quick fix, that indeed works. I wonder if that could be in the default tunables table, or maybe even a GUI options somewhere, I musn't be the only one who rebooted their box unintentionally by pressing this often-used MS combination... Thanks!
  • Is pfSense affected from CVE-2019-19521: Authentication bypass?

    2
    0 Votes
    2 Posts
    400 Views
    T
    Just crosslinking the other thread, basically asking the same question. https://forum.netgate.com/topic/148666/cve-2019-19521-and-pfsense To date: no "official" statement there either, but same assumptions about FreeBSD != OpenBSD, plus pfSense not using anything of the mentioned auth mechanisms exept for SSH, which would fail anyways.
  • pfsense backup

    2
    0 Votes
    2 Posts
    166 Views
    M
    Diagnostics > Backup & Restore > Download configuration as XML
  • 0 Votes
    21 Posts
    3k Views
    stephenw10S
    It looks like you have something configured using 192.168/16 somewhere that is conflicting. It's not in the routing table though. I would open your config file and search it for 192.168 and see what pops out at this point. There will be a lot of entries since you're using that for LAN. Steve
  • User account - need permission to run scripts via SSH

    15
    0 Votes
    15 Posts
    2k Views
    JKnottJ
    @tkohhh said in User account - need permission to run scripts via SSH: why is logging on as root considered insecure? Root has absolute power and can do a lot of damage. Mere mortals cannot damage anything out of their own area. If you only have local access and no one else can log in with the root ID, then you're okay. One common practice is to require those with root access to log in with their own ID, then su to root. This creates a log entry to show who assumed root access. Of course, never allow root login via anywhere beyond the local LAN. If I want to connect remotely, then I have to fist connect to my main system and then connect to my firewall from there. You can also enable passwordless connections, which use a public/private key pair, to ensure connections only from that one computer.
  • Eventual TFTP failure - "couldn't forward tftp packet: Permission denied"

    8
    0 Votes
    8 Posts
    1k Views
    T
    @stephenw10 Good call - I'll start here next time pfsense is in this state and see if those requests are making it out of the firewall. I ended up rebooting pfsense last night and everything came back up fully functional. I have no doubt this situation will happen again, and I usually have a chunk of time to mess around with it. If this indeed only happens during a power outage or loss of provider, I can at least know to reboot the system when the automated alerts tell me things have come back up - that alone is a big win. I can't confirm as I didn't think to check the uptime in the past, but it seems as good a theory as any right now. I'll keep an eye on this post for any new comments, and I truly appreciate everyone's time and assistance in helping me resolve this issue.
  • Diagnosing can't ping out

    6
    0 Votes
    6 Posts
    531 Views
    DerelictD
    What happened? How could I have diagnosed further before resorting to a reboot? Probably packet captures to see what was actually going out WAN. Evaluating the routing table to see what the state of the network was at the time.
  • WAN1<>LAN1, WAN2<>LAN2, no cross traffic allowed

    3
    0 Votes
    3 Posts
    429 Views
    stephenw10S
    Yes, this should be two IPs. Two interfaces in the same subnet is not valid. If you really want them completely separate and it's running in ESXi then you could just use two pfSense VMs. Though I notice you have the firewall labelled as "pfSense LB", is it running as a load-balancer? Steve
  • Plex issue with having 2 Wans

    2
    0 Votes
    2 Posts
    247 Views
    stephenw10S
    Yes, you can just set a pass firewall rule for he Plex device as source above the load-balancing rule and specify a single gateway. You should not have to though. The port forward coming in is independent of the load-balancing of outbound connections. It might be affected if the Plex detects the external IP and advertises that somewhere. Steve
  • Possible to modify rule based on a schedule?

    2
    0 Votes
    2 Posts
    271 Views
    stephenw10S
    You can put a schedule on a firewall rule: https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-schedules.html But that would require scheduling it enabled too and it doesn't sound like that would fit your usage. You might be able to just set the rule as disabled using a php shell command/script. Then call that from a cronjob. https://docs.netgate.com/pfsense/en/latest/development/using-the-php-pfsense-shell.html Steve
  • Blocking Acces to Another VLAN but Allow Internet Acces

    5
    0 Votes
    5 Posts
    478 Views
    M
    Where are you testing from? Because I'm not seeing hits on any of those rules. The first thing I would do is re-verify that your access ports are in the correct VLAN. Then, If you only want MUSTERI to access WDSPAYLASIM and nothing else, then remove everything you have and configure an explicit pass rule for: Source = MUSTERI net Destination = WDSPAYLASIM net and be done. Everything else will get blocked by the implicit deny.
  • An unsettling outage

    6
    0 Votes
    6 Posts
    703 Views
    P
    @JKnott - Thanks. I will check to be sure the coax is still grounded and that my modem power supply hasn't gone wonky.
  • how to access a dmz servers from LAN?

    15
    0 Votes
    15 Posts
    3k Views
    johnpozJ
    @stephenw10 said in how to access a dmz servers from LAN?: Er I think there's some confusion here Yeah for sure!!!! Whoever put up that drawing has ZERO!!! understanding of how networking works.. if that is some teacher??? Then just shoot me!!! Our future is failed - we should just give up.. I really do not get how that could be any sort of class - there is zero possible how that someone that is a teacher of networking could put up such a drawing.. If so we are just failed!!!! WTF???? Really - if someone put that up as some sort of test, other than what is F'ing wrong with this drawing... We are all is serious trouble for the future!!!
  • PPOE Not working

    8
    0 Votes
    8 Posts
    770 Views
    stephenw10S
    Assign the parent NIC as a new interface. Enable it, spoof the MAC, leave the IP types set as none.
  • (SOLVED) Unable to connect to public SAMBA server

    3
    0 Votes
    3 Posts
    416 Views
    N
    @johnpoz Thanks for answering. Just a couple of minutes ago I checked with my ISP and it seems they have an option to request unlocking this port. I didn't expect this, as in the past they blocked only port 25. I expect it was this after all.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.