• Help on this Firewall+Routing question ??? Can this be done?

    2
    0 Votes
    2 Posts
    147 Views
    NogBadTheBadN

    Where is "someone else’s firewall", directly connected to yours ?

    If so a VIP + 1:1 NAT and a static default route on "someone else’s firewall" pointing to your router should do it.

    https://docs.netgate.com/pfsense/en/latest/book/nat/1-1-nat.html

  • key based auth ssh issue

    8
    0 Votes
    8 Posts
    848 Views
    johnpozJ

    @mod said in key based auth ssh issue:

    3 . password +public key login works

    That is not really an option.. If you set password and public key your just using password to auth..

    2: I use linux version of putty and we don't get keygen/ don't need to convert.

    Pretty sure you do..
    https://www.ssh.com/ssh/putty/linux/puttygen

    4

    Yeah no idea why your bringing that up at all - yeah no shit everyone uses 2 ;)
    BTW, current stable version of putty is .71

  • Running EdgeRouter X behind Pfsense

    21
    0 Votes
    21 Posts
    2k Views
    stephenw10S

    I have to say I would swap out that rl NIC if you possibly can. It will almost certainly cause you headaches in the future.

    https://github.com/freebsd/freebsd/blob/master/sys/dev/rl/if_rl.c#L48

    Steve

  • Creating two subnets on same lan using two Wan connections

    7
    0 Votes
    7 Posts
    654 Views
    A

    well just add it to both groups on tier 3, it's that simple.
    if tier 1 (high packets loss or high latency) it will switch to tier 2.
    and if both 1,2 dropped 3 will kick in.
    you control which one are primary and secondary with tier numbers.

    believe me every day you will find a new reason to love pfsense more. i love it so much
    i just installed it on a VPS and configured openvpn on it.
    so now i have a personal vpn for 5$/moth.

  • How to downgrade from 2.5 to 2.4.4

    4
    0 Votes
    4 Posts
    5k Views
    GertjanG

    From GUI ?
    Noop.

    Download latest "2.4.4" and put it on a stick.
    Reboot from stick, and do the initial partition thing, etc.

    It's also advisable to use the config file you saved just before you went to 2.5 - if not, import the 2.5 config and see what happens.

  • pfSense to pfSense router with no vpn?

    6
    0 Votes
    6 Posts
    671 Views
    canadianllamaC

    @chpalmer Thank you guys, we will be looking into this!!

  • pfBlocker - There were error(s) loading the rules

    2
    0 Votes
    2 Posts
    282 Views
    stephenw10S

    You can see that if you rebooted and pfBlocker has not downloaded that alias yet. I often see that with the v4 table but as soon as it loads it the error is resolved.

    Try deleting the error then going to Status > Filter Reload and reloading the ruleset. If the error doesn't re-appear it has been resolved.

    Steve

  • VPN Bonding

    10
    0 Votes
    10 Posts
    3k Views
    stephenw10S

    A manual install to prove it works and does what it says it should, maybe in FreeBSD, would be the first step here.

    It would certainly be interesting though. ☺

    Steve

  • No/Slow/Sporadic WAN FQDN connection with Cloudflare, Acme/LE, Namecheap

    3
    0 Votes
    3 Posts
    227 Views
    T

    Thanks, Steve. I did some more checking, and while it is difficult to know what exactly I changed to make it work, I think I needed to add the domain name to the host name boxes on the DNS Server Settings in General Setup. That, plus a couple of changes in the Cloudflare set-up, solved the problem.

    Thanks for your input.

  • PFSense and Windows Network Location Awareness

    5
    0 Votes
    5 Posts
    1k Views
    G

    @stephenw10, that sounds like it may be the problem. I have the LAGG bridged with the WLAN. I'm going to try and set the bridge's MAC to whatever it happens to be right now and see if that resolves the issue. Thanks for the insight.

    Best,
    Chuck

  • T-Mobile WIFI Calling

    Locked
    14
    0 Votes
    14 Posts
    9k Views
    stephenw10S

    Locking this thread, it's over 4 years old!

    If you have new information on a subject please start a new thread.

    Steve

  • Why is auto-update not recommended

    8
    0 Votes
    8 Posts
    822 Views
    C

    Thanks all for your input. Very helpful. I forgot for a moment that this is enterprise class software/hardware that I am using at home/small business. That being said, @johnpoz your at home case makes a lot of sense too! I followed another post with some PHP that should check and email me about updates (albeit is not working yet - weekend troubleshooting). Will use that and not auto update. Appreciate the education!

  • Load Balancing LDAP for pfsense Authentication

    5
    0 Votes
    5 Posts
    851 Views
    G

    Yes indeed... very impressed with HAProxy in pfsense..
    My only slight complaint, is that I would like to use a port alias to simplify my configurations but it seems HAProxy doesn't currently support that.

    So for a web site hosting 80 and 443 connections I need to duplicate everything once for port 80 and once for port 443.

  • Pfsense support tacacs server?

    8
    0 Votes
    8 Posts
    2k Views
    johnpozJ

    Not sure where you got that idea.. Look again on ISE
    https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/compatibility/b_ise_sdt_26.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/compatibility/ise_sdt.html
    Cisco Identity Services Engine Network Component Compatibility, Release 2.6

    Again what is the scope of devices your wanting to auth?

  • best router for Comcast Highspeed Internet

    4
    0 Votes
    4 Posts
    253 Views
    johnpozJ

    yet nobody reported it ;) Its gone now..

  • Big DNS Problems *Illustrated*

    82
    0 Votes
    82 Posts
    17k Views
    S

    @johnpoz
    Actually, I do. I am using the unbound DNS Resolver with forwarding mode. I got that after you pointed out my mistake and some digging.

    Look. I am thankful for the help. I really am, but please do not be aggressive. There are some noobs like me who try to understand things by making mistakes and learning from them. We all start from scratch, isn't it?

  • Help with simple configuration

    10
    0 Votes
    10 Posts
    936 Views
    stephenw10S

    @zanahoria13 said in Help with simple configuration:

    How can I set routing from NAT subnet to the internet without hitting home network with the outgoing and incoming traffic?

    You don't want to set a route for that. Instead set a block firewall rule on that interface in pfSense above any pass rules to deny access to the WAN subnet. That way clients will only be able to access either public IPs or other local subnets.

    You can also simply omit a pass rule for it.

    Steve

  • Multi-factor Authentication for Web GUI?

    11
    0 Votes
    11 Posts
    2k Views
    R

    @johnpoz Thanks for responding. I was inquiring about MFA and not just 2FA. The admin password is secure and not the default or some variation of P@55w0rd. Switch ports on the Cisco switches are protected and therefore plugging in the laptop won't give necessary access. More than anything, I was just curious about pfSense & it's support for MFA/2FA.

    Thanks
    -r

  • Firewall public routing

    14
    0 Votes
    14 Posts
    1k Views
    stephenw10S

    You have two sites with two public IPs right? You can only have one VM at each so if you need pfSense to accept traffic on the IP the server is using currently it would easier to just put pfSense there and have it filter and forward requests to the other site where you can host the server.
    It's not a great option but it's the only way I could see it working realistically.

    Steve

  • mail.php not working with simplest unsecure SMTP configuration

    3
    0 Votes
    3 Posts
    556 Views
    J

    Sadly it's my fault. I hit TEST on the Advanced>Notification screen but I never hit save... definitely works now when mail.php is called from the shell.

    I did start using Node RED as my email middleman with curl being called from pfSense... that also worked well. However, generic mail.php is obviously much simpler.

    This is the piece I'm trying to automate notifications for: https://forum.netgate.com/topic/118401/openvpn-server-notification-on-connect

    Thanks for the input, thread can be closed...

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.