• Session logging

    2
    0 Votes
    2 Posts
    335 Views
    T

    anyone?

  • Not Using ATT router in ATT Fiber Setup

    3
    0 Votes
    3 Posts
    3k Views
    GrimsonG

    https://forum.pfsense.org/index.php?topic=111043.0

  • How to secure only one running instance of Linux script?

    3
    0 Votes
    3 Posts
    285 Views
    B

    I ended up with something like this:

    if [ `pgrep script.sh | wc -l` -gt 1 ]; then   exit fi
  • AMD PSP TPM

    1
    0 Votes
    1 Posts
    440 Views
    No one has replied
  • UPS PfSense Shutdown

    8
    0 Votes
    8 Posts
    14k Views
    R

    @Peter847:

    I run a small small office LAN through PfSense and am looking for advice on how I manage my UPS.

    The UPS supplies PfSense and a couple of Windows machines.  Its main purpose is to ride through the relatively frequent power drop outs that last a few seconds, real outages (greater than a minute) are rare.  It does not look easy to get one UPS management suite that will gracefully shutdown all the machines so I am thinking about letting PfSense just run out of power.

    PfSense runs on a passively cooled Atom system with an SSD, will I damage anything if I just let the power on the UPS run out and restart PfSense when the power returns?

    I have commonly dropped the power on a Pfsense router I have (Basically whenever I had a need to turn it off/restart it).  Only once in a few years of doing this have I had a problem.  I somehow managed to line up one of my power drops with a process you can't drop the power on and I had to run some program to fix it so that the router would operate again.  Consdering how many times I have dropped the power and yet I had this happen only once, it is quite rare.

  • MBUF usages increase after new access points?

    3
    0 Votes
    3 Posts
    272 Views
    H

    It's possible that older APs didn't have the bandwidth to load the firewall to trigger the issue.

  • [Solved] need to add an upstream certificate for my FW.

    6
    0 Votes
    6 Posts
    2k Views
    A

    So, solution update. Editing the files via the webconfigurator was my problem. It seems as though the editor was saving blank files instead of my changes, and as such nothing was working. I edited the files with VI and the cert was accepted into the system. I do still have a issue with a different upstream cert, but I can fix that based on my fix with this one.

    Thanks for everyone's help, I'll try to add a guide on my site for this because I couldn't find anywhere online that referenced both files.

  • Can someone explain this warning

    8
    0 Votes
    8 Posts
    589 Views
    johnpozJ

    There isn't one if you ask me - ask Derelict he is the fan all tagged, no native or untagged on interface ;)

    I am not aware of any security issue with running tagged or untagged on same interface.  As long as you don't try and run multiple untagged vlans on the same interface there is no problem.

    moikerz point about the stats would be the only reason I could see of putting all vlans vs native and vlans… Because he is right the native interface will show total stats for the untagged and all tagged traffic... While your stats for your vlan interfaces will only show you stats for that specific vlan.. So if that is your concern, then that would be the reason you skin the cat that way vs the other way ;)

  • PfSense and PIA

    2
    0 Votes
    2 Posts
    323 Views
    R

    Pfsense will not block it.  Firewalls work by blocking connections you do not initiate.  When you connect to PIA, you are initiating the connection.

  • Freeradius for added security? How?

    2
    0 Votes
    2 Posts
    270 Views
    johnpozJ

    One way radius can be used to increase security is the ability to use say eap-tls to auth clients to a wireless network.  So now clients would have to have a different method of auth vs just a PSK.. This could be a username and password to auth to the network, or if something as secure as eap-tls.. Where now your clients have to have a cert issued by your CA, etc..

    Use of of eap allows for the functionality of different logins for different users, so if say a user creds have been compromised or believe to be compromised you could just change those specific creds or disable them without having to change all your devices to use a new PSK, etc.

    You could 802.1x with your radius server so that devices are not allowed on the network be it wired or wireless unless they pass the auth you setup with 802.1x

    As example - you state you have your personal wireless.. Which I assume has access to more of your network then any of your other wireless networks.  So in this case you could require eap-tls to get on this network.  So only devices you actual trust and have given the correct certs could get on this network.

  • Problem with e-mail notifications while using PIA

    2
    0 Votes
    2 Posts
    333 Views
    V

    Maybe post a screen shot of the rules for your WAN and LAN? Not sure I can help but others might…

  • Is this VLan Setup Possible?

    8
    0 Votes
    8 Posts
    496 Views
    R

    @johnpoz:

    So you want to put your ATT internet router behind pfsense??  It doesn't work that way..

    You would put the ISP device in front of pfsense between pfsense and the internet/wan connection.  You could then bridge this so pfsense gets a public IP On it… Or you can double nat..

    What specific device do you have from the ISP, or what device/service are you looking to get..

    Needed any other information?

  • User based Firewall rules

    6
    0 Votes
    6 Posts
    6k Views
    johnpozJ

    This is possible via switch that does vlans and support dynamic vlans, or wifi again that supports via radius or 802.1x etc..

    This has always been possible - but really has zero to do with pfsense.. This is your switching/networking infrastructure to put your devices/users on different vlans… Once your devices are on different vlans then pfsense comes into play and can firewall that vlan from different vlan or allow network/vlan X to use wan 1  while vlan Y users wan 2.

    You don't need to be on different vlans to control which wan a connection goes out of - you can do this with policy routing based upon the IP all in the same vlan.. So IP 192.168.1.100 could go out wan 1, while 192.168.1.101 goes out wan 2, etc.

    Whatever method you want to use to make sure user X gets a specific IP works too - say radius auth handing user specific IP vs vlan ID, etc.  But all of that is your network and not pfsense.

  • What's triggering "Dial On Demand" ?

    4
    0 Votes
    4 Posts
    1k Views
    T

    You mean root like A, B, C, etc. ?
    Because this pfSense's DNS servers are set to servers on my LAN, so no outbound communication should be made related to name resolution.

  • Rack setup

    13
    0 Votes
    13 Posts
    1k Views
    johnpozJ

    unless you have separate your different networks you will have to wait til you have smart/managed switches to segment your network.

  • Increased RTT times

    13
    0 Votes
    13 Posts
    1k Views
    gregeehG

    @johnpoz:

    Well that is clearly some IP in their network.. If your normal wan monitoring RTT has not increased you will have to get with them on any slowdowns your seeing in their network.

    OK, Thanks for your time.

    Greg

  • Switch VLAN Configuration

    2
    0 Votes
    2 Posts
    553 Views
    GrimsonG

    https://forum.pfsense.org/index.php?topic=142311.0

  • Connecting to a cisco device using serial console cable from pfsense

    8
    0 Votes
    8 Posts
    3k Views
    DerelictD

    That is cuau0 not cuaU0 which is why he was seeing that on cuau0.

    ls -l /dev/cu*

    connect the USB console.

    ls -l /dev/cu*

    The connected console will be the new devices.

  • How to transfer settings from a 32-bit to 64-bit

    3
    0 Votes
    3 Posts
    986 Views
    F

    I tried what you wrote and did not succeed

    So did most manually
    I reinstalled the packages
    I left the addresses in the new range
    The most annoying part is to add all addresses to a fixed address

    There is an access point
    Which does not appear in a list of addresses
    But it can be accessed

    In the old system it did appear on the list

    For some reason clamd ClamAV Antivirus Does not work
    i did```
    freshclam

    and i got this message

    ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
    ERROR: /var/log/clamav/freshclam.log is locked by another process

    How can I fix this problem?
  • NTP PPS with Navisys GR-701W USB GPS?

    12
    0 Votes
    12 Posts
    4k Views
    R

    I run a Sure GPS serial module with an extrernal GPS antenna, runs smooth for about 4 years now on my pfSense box.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.