So where are you actually stuck here? I don't see a question. 😉
It sounds like you are going to setups pfSense as 'router on a stick', a single NIC with VLAN interfaces. So you are going to havbe to configured the DDWRT device to handle those VLANs to separate switch ports. Or use some other managed switch for that purpose.
Not easily. That is usually accomplished by having staff and student VLANs where you can apply different firewall rules to the traffic. So if it's wifi for example you can have a separate ssid with 802.1x authentication that only staff can connect to.
And a ... I'm not giving up kinda moment.
I haven't even bothered implementing that "trick" on the Job ones ....
I appreciate it! I have some 2.4.5 systems in the wild myself that customers aren't able to update right now and those had rising numbers of dead/zombie processes (dying bogon procs) that we were able to fix that way - so thumbs up from me for the fact finding mission 😄
Glad to be able to give a little back 😊
Now i know that to tomorrow on the job for 7 firewalls 😕
And home fwall 😊
Fresh install w. ZFS , and config restoren only one minor "quirk"
iftop didn't install , but the pkgmgr. was informing about that 👍
I built an ASUS ProArt B550-Creator with 2x2.5G ethernet ports to use for pfSense (I know, probably overkill but Netgate 6100 is not available right now) and I added a SolorFlare 4-port SFP card. Can I turn 1-port of the SolorFlare SFP card into 1 WAN and a 2.5G ethernet port into a WAN (to = 2 WAN's) and the other 3 SolorFlare SFP ports into LAN's?
Thank you in advance,
Yes, you can turn all but one ports into WAN if you wish. PfSense allows you to use/define ports as you see fit.
Only requirement is that the NIC’s are supported and has a driver in the pfSense distribution (Which may be an issue with that SFP card).
I've gone through all the documentation and whatnot, and it's all just very odd to me.
My nic is a genuine intel.. it's not an intel by HP or Dell.. straight intel.. and i would've thought by now the drivers would've been updated. the I340 is a fairly old card, and considering that intel has cards that are running at 10Gb+, what happens to those who are running pfsense on connections such as that at the enterprise level?
what about the latest 800 series cards? Will the iflib work with them?
Agree that it can be very confusing, especially with Intel, because for a while (and it may still be true) the version numbering scheme used by Intel on their web site for various NIC drivers differed from the scheme used for the same Intel drivers in FreeBSD. That makes it hard to determine which is actually the most "current" version.
But for the most part, FreeBSD depends on Intel contributors to provide updates for Intel NIC drivers in FreeBSD.
The 21.09 release has been postponed. There are a few reasons for this such as some issues found in late-stage testing. We want to make sure the next release will be a quality release. There is a high focus on 22.01. We are confident it will be worth the wait.
@patch You can create whatever rule you want be it allow or block or reject - and set it not to log.. But unless you were using something like avahi to pass on the mdns query - pfsense really has no use for such traffic, and wouldn't be doing anything with it. If you allowed it.
Pfsense is clearly blocking it already, what interface your seeing the traffic on would be the interface you create the rule on to block it and "not" log it.
anything is possible - but that shouldn't create a ping permission denied.. Do a sniff on your wan - do you see the ping go out? I would assume no if your getting permission denied on the send to.. But if see it go out - maybe your getting a specific reject back?
Or maybe that IP specifically is blocking your IP.. But again that really shouldn't create that error, unless there is a specific reject that comes back..
Sniff on your wan will show for sure be it your sending it out the wire..
Traceroute via linux normally defaults to UDP, and is not a icmp message other than ttl expired that comes back.
And it did work. Then I tried cron, also does work!
So the key is to use .255 at the end.
I still wonder why the web-GUI-thingy works with the MAC only, but on the other hand, when I first added the host to the Wake-on-LAN Devices list, it had an IP-address, so it might have saved it there.
So, that rule I sent was the only rule I had set up on the OPT1 interface. I also failed to mention that I modeled the OPT1 interface after what I had the WAN interface configured to- which was to NOT block private or bogon networks.
But I just found out with more testing that my comcast router cannot actually ping any of my devices...So, not worried about that. My devices (including Pfsense) can ping the CC router and that's fine.
My only worry now is why the WAN interface didnt work with all the same settings configured as OPT1. Everything is the same between the two, but I'll take that up with Protectli if my own troubleshooting doesnt do anything.
Thank you both for the help! I'm hoping to become more proficient with Pfsense and incorporate it into my career, so it's been great to have good support just starting out. Appreciate ya'll
Overriding: all depends on how you do it.
If you force a speed/duplex on one end, leave the other end at autoneg, it typically gets the speed correct, but mucks up duplex.
If instead of forcing you leave autoneg but specifically advertise a speed and duplex, if the other side is autoneg it works correctly.
So a 1G NIC can do 10/100/1000 for speed, and full/half for duplex. If you force "1000/full" leaving other side autoneg, you'll wind up with 1000/half.
If you advertise "I only do 1000/full" the autoneg works.
In my case I imported the OpenVPN configuration which defined an interface. I had previously defined and deleted a physical interface which I had configured DHCP. The 2 aligned to the same name, OPT3. This may be an uncommon result.
@johnpoz so, after a hiccup, somehow i forgot to assign static dhcp address to the server and the access to docker server stopped working.
Once the DHCP static ip was set, everything went back to normal.. 😃
@natbart just want to say thanks for figuring this out, it’s working great for me so far. just recently upgraded Fibe and my HH3000 would literally just freeze when maxing the connection out. Ecstatic that I can finally drop kick that POS and just have my pfsense box. Glad you didn’t give up and managed to figure it out. Great work.
I was going to get the port forwarding working through a double NAT, but worried about leaving open ports to hackers. I decided to go with adding to my unraid server a docker container for Nginx, cloudflare with free argo tunnel, bought a domain .com from Go Daddy for $20, and used three youtube videos from IBRACORP for setting up ngix with cloudflare and free argo tunnel.
Cloudflare CDN: How to Setup + Purchase Domain + NGINX Proxy Manager on Unraid (2021) (sets up SSL full encrypt)
Cloudflare: How to Set up Cloudflare Argo Tunnel FREE on Unraid - Bypass CGNAT (sets up argo tunnel (IP obfuscation))
NGINX Proxy Manager: How to Install and Setup Reverse Proxy on Unraid (2021) (sets up nginx)
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.