• Need some ideas

    6
    0 Votes
    6 Posts
    839 Views
    G

    Hello forum,

    I need some help. I am not a networking expert. I am a noob to pfSense.

    I have my set up functional as this:

    Internet –> Cable Modem --> pfSense (Qotom) --> Dlink Switch (DGS1100 - 8 port easy smart) ---> Ubiquity AC Pro AP.

    The way configured now is simple. No Vlans defined. That is the part I need help on.

    What I want to accomplish is to have an SSID defined which will always route traffic via openVPN client (PIA). I have not defined the client yet - but I will be doing so once I am able to define vlans.

    Should I define Vlans on pfSense and also on Dlink Switch? If yes how do I instruct the Vlan defined on pfsense to use a specific port of the switch?

    The dlink Switch is only accessible on its own default IP. Should I connect to it and change it to an static IP of my choice so that I can access the web GUI of the switch?

    The Unifi AC Pro AP also has capability to identify the vlan for wireless traffic. So I must probably identify the tag for specific vlans for a particular SSID. Am I right?

    Appreciate the time spent on responding to my questions.

    Regards

    Guru

  • Possible bug - squid config

    1
    0 Votes
    1 Posts
    330 Views
    No one has replied
  • 0 Votes
    6 Posts
    773 Views
    JKnottJ

    @jahonix:

    As long as both ends of a cable are configured the same way it doesn't matter.
    One manufacturer (r+m) made a comparison and found TIA568A to be capable of slightly faster transmission speeds than TIA568B. I cannot find the paper ATM though and can't explain why that should be.

    Just found on de.wikipedia that 568A is supposed to be the preferred standard in Europe and 568B is around in the US for historical reasons … oh well.

    The only difference between pairs is the twist rate.  Each pair has a different twist rate, to minimize cross talk.  However, with a 10 or 100 Mb cable,the same 2 pairs are used and only the signal direction reversed between A & B.  With Gigabit, all 4 pairs are used.  568B goes back to what eventually became 10baseT, StarLAN.  StarLAN was designed to share an existing 3 pair CAT3 cable with a telephone.  The phone would be on the first pair (blue/white), with the 2nd (orange/white) and 3rd (green/white) used for the LAN.  It also used a 6 position connector, as was common for phones.  This also means that Ethernet was designed to share a cable with phones, but that's not recommended practice now.

    https://en.wikipedia.org/wiki/StarLAN

  • No access through interfaces

    4
    0 Votes
    4 Posts
    749 Views
    K

    @Grimson:

    @kcallis:

    This morning, in a moment of inspiration, I thought I would get tor working. So I configured polipo as well as tor and decided that it wasn't working for me. I removed the packages and find that I could no longer access the internet.

    Those aren't official packages, so whatever you did there probably messed with the pfSense install itself. Do a fresh install.

    I was hoping for a snazzy way to solve this problem, but the tried and true solution always win! I was just burning my USB thumb drive when I saw your response!

    K.

  • Hdac0: Unexpected unsolicited response from address 0: 00000000

    2
    0 Votes
    2 Posts
    800 Views
    jimpJ

    The startup/shutdown beeps use the PC Speaker and not a sound card. Disable the sound card.

  • Is DMZ supported in pfSense firewall?

    5
    0 Votes
    5 Posts
    4k Views
    MikeV7896M

    If you want the servers in your DMZ to be accessible via IPv4, yes, you do.  If you have IPv6 available and you're happy with your DMZ devices being only accessible through IPv6 (assuming they support it), then there's no requirement that you create IPv4 port forwards.

  • [Solved] Pinging VLAN from LAN

    2
    0 Votes
    2 Posts
    327 Views
    J

    Disregard, got it working. Forgot to create a new virtual interface on my NIC on Mac OS X box.

  • 0 Votes
    9 Posts
    1k Views
    NogBadTheBadN

    Did you add the firewall rule ?

    If you did try changing it to an any any rule and does it then work?

    https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2#Add_Firewall_Rules_for_IPsec

    TBH I just followed https://doc.pfsense.org/index.php/IKEv2_with_EAP-MSCHAPv2 and it worked, I then tweaked my settings to suit what I wanted after.

  • New, lost, hacked!

    18
    0 Votes
    18 Posts
    2k Views
    johnpozJ

    Dude I have been doing this for over 30 years, getting paid to do it for 25.. Before there were real computers and "networks" ;)

    Just not possible to "teach" you security in a few posts… I can answer your questions on how to block or allow something specific in firewall rules.. More than happy to help you understand how to read the headers in an email message, etc.

    But you have not given any actual evidence of being "hacked"  more you have seen 1 too many movies or tv shows.. Did you just binge watch some episodes of Mr Robot? ;)

    Turning on pfsense is not going to fix your issue or really make you any more secure from being "hacked" than any off the shelf router.. When it comes down to it out of the box they do the same thing - they block unsolicited inbound and allow you out via a nat.  Its not a magic box you turn on and it makes your network secure from being "hacked"..

    It just a tool you use to secure your network.. But without the understanding of how to use the tool, its not some magic thing you turn on..  Many new users hear oh I can turn on IPS and will be secure from hackers - sorry it doesn't work that way.  If anything going to block the user from what they want to do when they want to do it.. And provide them with so much information it will just be overload of info they do not understand anyway..

    For all we know you bought your phone off ebay and was jailbroken when you got it.. As to your bank account username and password being changed - sorry makes no sense.. Why would someone do that? And then not take any money?  Come on did you maybe forget your password?  And the username you norm use wouldn't work so its different than the normal username you pick... Maybe you smoked a bit of thee good stuff and got a bit paranoid after watching mr robot and thought someone changed your password - ie "hacked" you...

    Don't mean to make fun - You got some p0rn spam that said it was from you and your getting hacked? ??

  • Traffic Graph with page : "graph.php"

    2
    0 Votes
    2 Posts
    489 Views
    GertjanG

    Hi,

    The page you mentioned does exist - but I guess it isn't really part of the GUI anymore.

    From what I make of your question, you are using a tool that parses the html of that page to feed your own stats.
    That's ok, but understand that pfSense can change format, data, etc all the time.

    It's up to you to change your parsing tools.

    I guess that after changing the kernel version, from 9 to 10 to 11 (FreeBSD) interface internal naming, numbering, details, data, whatever, changed, so these pages are useless right now. Consider them as left overs from an old GUI version.  They have to be updated first if you want to see any data. Because you wrote - or at least: set up - de parser, you might as well 'repair' the pages graph.php (and ifstats.php). It's PHP, not a hassle for a "IT" guy.

    Btw : never ever keep old version 2.4.0 have been replaced by two newer version already, when asking questions you should use the latest, because now you are asking a question about a version that no one uses anymore … (not a problem of course, but your question becomes non-answerable).

  • No Group RADIUS Authentication with Active Directory

    2
    0 Votes
    2 Posts
    634 Views
    jimpJ

    Take a packet capture of the RADIUS auth exchange. Load it up in Wireshark and inspect the reply from the AD server, see if it has the Class attribute and how it looks.

  • Allow user to choose gateway 'on the fly'

    12
    0 Votes
    12 Posts
    1k Views
    G

    Sorry for the delayed reponse…

    @johnpoz:

    "he wants to access the same site"

    That I think is still unclear.. I think its more he wants to access site xyz wan 1, and then site abc via wan 2.  But sure it could access site xyz 1 time with wan 1 and then next time with wan 2, etc..

    This is exactly what I meant. Sorry for the broken English…

    Example: user 1 is a mobile user. He wants to connect to site "xyz.com" using wan 1. A few moments later, he wants to access this same site but using wan 2 without disconnecting from his actual LAN.

    As he does not have admin privileges he cannot access pfSense admin page to update his default gateway.

    @johnpoz:

    I think best way to do something like that would be with 2 proxies and then pointing your browser at specific proxy to use wan 1 or wan 2.

    This is a perfect workaround! I can set 2 proxies so users can choose which proxy to use. As each proxy is linked to a specific gateway the magic is done! Thanks a lot :-)

    kind regards

  • HOWTO: Automatic PPPOE connection reset in case of packet loss

    1
    0 Votes
    1 Posts
    533 Views
    No one has replied
  • Custom log rotation

    1
    0 Votes
    1 Posts
    313 Views
    No one has replied
  • 2.4.2 Connectivity Issues

    4
    0 Votes
    4 Posts
    912 Views
    X

    I beleive my issues are related to the APU2 BIOS. I've rolled back all but one unit to BIOS V4.0.7. So far, no issues with those routers for the last few days. I haven't reinstalled any packages yet.

  • MOVED: Modifying URL via matching regex to rewrite url

    Locked
    1
    0 Votes
    1 Posts
    226 Views
    No one has replied
  • Supporting Let's Encypt certificate generation and automated renewal

    6
    0 Votes
    6 Posts
    4k Views
    P

    I got it! Well, almost!

    From desec.io. But while fixing the shell script I wasted my 5 free attempts for this hour. You can add the proper TXT record with desec.

    I also had to install certbot, and its annoyingly long dependancies.

    After the temp ban is lifted (i think one hour) I let you know if I can really validate the service and install the cert.

    –---------------------

    Worked!

    IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at:   /usr/local/etc/letsencrypt/live/xxxxxxx.dedyn.io/fullchain.pem   Your key file has been saved at:   /usr/local/etc/letsencrypt/live/xxxxxxx.dedyn.io/privkey.pem   Your cert will expire on 2018-04-16\. To obtain a new or tweaked   version of this certificate in the future, simply run certbot   again. To non-interactively renew *all* of your certificates, run   "certbot renew"
  • Issue after restart

    6
    0 Votes
    6 Posts
    867 Views
    B

    Tks for that. I was scared someone would say that :(

    Will try the same setup on another computer with 2 nice and see how it goes. Will update.

    Tks

  • 3 Routers setup how TO ???

    13
    0 Votes
    13 Posts
    842 Views
    NogBadTheBadN

    What is the model of the linksys switch ?

    What spec is the fiber ?

  • 0 Votes
    2 Posts
    271 Views
    NogBadTheBadN

    They'll be under /var/log/snort :-

    [2.4.2-RELEASE][admin@pfsense]/var/log/snort: ls -alg
    total 100
    drwxr-xr-x  9 root  wheel    512 Jan  5 20:52 .
    drwxr-xr-x  7 root  wheel  1024 Dec 19 20:59 ..
    -rw-rw–--  1 root  wheel      0 Dec 22 12:17 alert
    drw-rw–--  3 root  wheel  4096 Jan 15 11:15 snort_igb0.256577
    drw-rw----  3 root  wheel    512 Jan 13 00:08 snort_igb0.343654
    drw-rw----  3 root  wheel  2048 Jan 15 00:20 snort_igb0.427080
    drw-rw----  3 root  wheel  3072 Jan 15 00:20 snort_igb0.516395
    drw-rw----  3 root  wheel  2048 Jan 15 00:20 snort_igb0.658303
    drw-rw----  3 root  wheel    512 Dec 19 21:10 snort_igb035478
    drw-rw----  3 root  wheel  12288 Jan 15 09:05 snort_pppoe054518
    -rw-rw–--  1 root  wheel  56255 Jan 15 18:05 snort_rules_update.log
    [2.4.2-RELEASE][admin@pfsense]/var/log/snort:

    The entries in red are directories, the info is stored under here.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.