• Verifying a secure and private network?

    4
    0 Votes
    4 Posts
    351 Views
    DerelictD

    Diagnostics > Packet Capture.

  • Plex indirect with Packet Filtering enabled

    3
    0 Votes
    3 Posts
    513 Views
    D

    I've got a comcast business modem where I have put the Sophos XG WAN interface in the DMZ and everything works just fine when packet filtering is turned off on the pfsense side. The goal is to use pfsense to isolate/route between the different vlans and have sophos maintain the firewall aspect.

    I have gone through that and haven't had success even with pfsense as the Edge and in the DMZ of the comcast modem the problem persisted. From what I can tell I don't see a NAT issue (Sophos XG is handling correctly, and PFsense does not have NAT enabled) but are there other areas in PFSense I can check for that?

    –-Topology Update---

    Comcast modem <> Sophos XG (Edge Firewall. This is listed in the Comcast Modem DMZ) <> PFSense (Handles vlans and inter-vlan routing. Currently has both packet filtering and nat disabled which is causing the vlans to be able to speak to each either versus follow the rules that are in place.) <> Various vlans.

  • Wireless solution equivalent to Watchguard's AP320?

    1
    0 Votes
    1 Posts
    230 Views
    No one has replied
  • MOVED: Some help over here please

    Locked
    1
    0 Votes
    1 Posts
    201 Views
    No one has replied
  • VIP setting

    5
    0 Votes
    5 Posts
    788 Views
    V

    Yes, of course you may assign additional IP aliases to WAN and forward it to the server.
    It would also work if the primary is pulled from DHCP. So if you have a static mapping it will be fine to provide a service.
    However, the IP aliases have to be static.

  • Route specific hosts over VPN

    3
    0 Votes
    3 Posts
    394 Views
    K

    OK, so I got it working
    But it seems there's DNS leaks.
    Anyone know how to get rid of them?

  • Problem with Interface Bridges

    4
    0 Votes
    4 Posts
    922 Views
    johnpozJ

    In what scenario would you need/want to create a bridge on a vm?  Zero sense..

  • Redirect to web page when WAN is down

    2
    0 Votes
    2 Posts
    563 Views
    Q

    interested in this too… current deployment is on an island that suffers from downtime, would be nice to implement and let guests/staffs know that the ISP is having issues

    @crisdavid:

    Hello,
    Not sure if this has been talked before but I would like to know how it would be possible to redirect a user's web browser to a local page to indicate the WAN connection is down. Had a ASUS router with this feature and would like if pfSense could handle this.

    Any ideas, guides or help is appreciated

    crisdavid: were you able to find a solution to this??

  • Thank You!

    1
    0 Votes
    1 Posts
    370 Views
    No one has replied
  • Admin password changed itself. Twice. Yes it did.

    56
    0 Votes
    56 Posts
    16k Views
    B

    @ecfx:

    I am just absolutely disgusted what I have found here:
    http://www.wipo.int/amc/en/domains/search/text.jsp?case=D2017-1828
    http://web.archive.org/web/20160314132836/http://www.opnsense.com/

    no comment.  :-X

    I don't care about legalese. The trailer was LOL, RELEASE THE FILM. Make Movies Great Again!

  • New pfSense Router Purchase

    6
    0 Votes
    6 Posts
    937 Views
    johnpozJ

    I would take a look at the 3100 if you want an update.. It just came out few months back really, and should be good for a few years to be sure. And is way under your budget.

  • PfSense repeatedly crashing :(

    5
    0 Votes
    5 Posts
    877 Views
    P

    Hi,

    Unfortunately the problem seems to still occur. Although a lot less, I noticed something though```
    em1: <intel(r) 1000="" pro="" network="" connection="" 7.6.1-k=""> port 0xe000-0xe01f mem 0xff840000-0xff85ffff,0xff820000-0xff83ffff irq 17 at device 0.1 on pci1
    em1: Using an MSI interrupt
    em1: Ethernet address: 00:1b:78:5c:4f:99
    em1: netmap queues/slots: TX 1/1024, RX 1/1024
    vgapci0: <vga-compatible display=""> port 0xf140-0xf147 mem 0xff900000-0xff97ffff,0xd0000000-0xdfffffff,0xff600000-0xff6fffff irq 16 at device 2.0 on pci0
    agp0: <intel g33="" svga="" controller=""> on vgapci0
    agp0: aperture size is 256M, detected 7164k stolen memory
    vgapci0: Boot video device
    pcib2: <acpi pci-pci="" bridge=""> irq 16 at device 28.0 on pci0
    pcib2: [GIANT-LOCKED]
    pcib3: <acpi pci-pci="" bridge=""> irq 17 at device 28.1 on pci0
    pcib3: [GIANT-LOCKED]
    pci2: <acpi pci="" bus=""> on pcib3
    re0: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet=""> port 0xd000-0xd0ff mem 0xff720000-0xff720fff irq 17 at device 0.0 on pci2</realtek></acpi></acpi></acpi></intel></vga-compatible></intel(r)>

    Both NIC's look like they've got IRQ 17? Could this be it?
  • OpenVPN CIDR pool

    3
    0 Votes
    3 Posts
    616 Views
    johnpozJ

    "10.10.0.0/16 does the job after all."

    Does the job of what - a firewall rule?  A summary route - those are really the only valid uses of such a CIDR.. Do you have 65k some hosts you need on the same network? ;)

    Use a more appropriate CIDR would be my suggestion.. Say a /24 or /23 if you have a lot of hosts..

  • Additional Pool in DHCP, MAC address, MutilWAN, and PIA OpenVPN.

    5
    0 Votes
    5 Posts
    551 Views
    A

    You can have two dhcp pools but you cannot tell this client should select from pool A and this client should select from pool B. So all the clients you want to be in pool B give them fixed ip. But remember if any other client which was suppose to get dhcp address from Pool A, fix his ip to pool B then he'll be allowed.

    So to avoid this you should either use Managed switch or go for vlan.

    If you have all wireless devices, then setting up vlans is quite simple. Only thing then required will be device which can tag the clients. Most of the APs now a days come vlan tagging facility.

    If you have desktops then you have to invest in managed switch.

    I can help you setup vlans, incase you decide to do so.

  • Search firewall logs by rule names?

    1
    0 Votes
    1 Posts
    216 Views
    No one has replied
  • Сertificates

    2
    0 Votes
    2 Posts
    326 Views
    johnpozJ

    They are stored in the xml… You could do a backup, and then pull them out and then reload them on a new system via edit of xml and restore.  I do not see a specific for just backup of them..  But with a bit of manipulation you could do it that way..

    How many do you have to move?  You can also just export them in the cert manager and then import them into your new system.  That is how I did the few certs I wanted to move over from my old system when I got my sg4860.. I wanted to save my CA since had certs deployed that it had signed, etc.

    certs-cas.png
    certs-cas.png_thumb

  • Monitoring of multiple pfsense?

    1
    0 Votes
    1 Posts
    271 Views
    No one has replied
  • Reboot pfsense when 4G router is rebooted?

    1
    0 Votes
    1 Posts
    218 Views
    No one has replied
  • 2.3.5 - status/system log flooded with: NTPd not found

    2
    0 Votes
    2 Posts
    310 Views
    GertjanG

    Hi,

    Enter console mode. Option 8.
    Enter :

    ls -al /usr/local/sbin/ntpd

    You should see :

    -r-xr-xr-x  1 root  wheel  692424 Oct  9 00:12 /usr/local/sbin/ntpd

    This program, the time deamon, is part of a basic FreeBSD/pfSense setup. It isn't possible that it isn't there.

    I really advise you to do a clean install.

    True, the "Watchdog"  isn't very smart neither, trying to (re) start a program that isn't there.

    Not being able to check for updates could be the proof of other missing system files - or just a broken DNS setup. Don't spend more time, wipe it clean ;)

  • 2.4.2\. GUI slow in responding

    1
    0 Votes
    1 Posts
    295 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.