• Yes, we scan

    29
    0 Votes
    29 Posts
    7k Views
    K

    Its not really that port mirroring is "bad".
    Its bad if it can be remotely switched on via a back door and pointed towards destination of choice.
    No technology is bad unless used in a bad way.

    Well…  I guess its also bad if its use to seamlessly funnel every single bit and byte of data running across a major trunk in two directions simultaneously.  One towards destination that serves the consumer and the other for real-time ingestion at line speed and later analysis elsewhere and calling it a feature of the unit.  I don't think privacy is a privilege, but rather a right.  No one has to be licensed for privacy.  Its not something that you should have or not have at the digression of the government or anyone else.

  • HTTP, FTP download slow

    1
    0 Votes
    1 Posts
    999 Views
    No one has replied
  • Routing

    3
    0 Votes
    3 Posts
    1k Views
    johnpozJ

    Yes a drawing would be very helpful

    But couple of things - if your using as just a "router", then your not using any firewall rules?  And your not doing nat?

    How do the devices in your live network route to the lab network, I would assume they are using a default gateway other than your wan interface of your pfsense VM.  So you would either have to use host routing on the devices in that network - or their gateway would have to know to talk to the wan interface of your pfsense vm to talk to the lab network, etc.

    where you say you can not ping from the lan (lab network I assume) interface – lets call live network address A, and lab network B -- how does your firewall (gateway of live network I assume) know how to get to network B?  It would need a route to this network, if not its just going to go out your ISP connection which I would assume is its default route.  So it would be unlikely you ping your live network firewall from lab network.

  • L2TP and DHCP

    1
    0 Votes
    1 Posts
    770 Views
    No one has replied
  • Does pfSense 2 have a SIP ALG?

    19
    0 Votes
    19 Posts
    13k Views
    jimpJ

    You only need siproxd if ALL of these are true:

    You have multiple phones connecting to a remote PBX, or multiple PBXs More than one of the phones connects to the same remote PBX The PBX requires that the source port be 5060 for the phone's SIP traffic (this is not very common these days)

    In most cases multiple phones work fine now with zero adjustments so long as the PBX doesn't assume/enforce a 5060 client source port.

  • Interface says offline even though it isn't

    26
    0 Votes
    26 Posts
    10k Views
    K

    I wasn't angry.  Glad it works.

  • Solved – Limitation of bandwidth to each computer by ip - how ?

    11
    0 Votes
    11 Posts
    3k Views
    M

    @trunix:

    @Hollander:

    Might I jump in to ask a question that relates to this? Is the following possible:

    My download server gets unlimited download unless my wife or me are using the internet;

    Then the download server is automatically capped off during that time, and gets full bandwith again if neither my wife nor me are using the internet.

    The reason I ask is: currently I have to restrict the server bandwith manually in the morning (on the server self), and cancel that restriction at night (so it can download at full speed while we are sleeping).

    Sometimes my wife is up earlier than I am (so she will suffer from not having sufficient bandwith since that hasn't been restricted yet), the other times I simply forget to do it (and when I come home I meet an angry mrs.  :-[).

    Would this be possible?

    Thank you in advance for any reply  ;D

    Bye,
    [/quote]

    You can use the traffic shaper to lower the priority of the protocol (bit torrent?) being used by your download server. Whenever any other traffic is present on your network during the day (you and/or your wife surfing, checking email, etc.), the download server throughput is suppressed. At night, when nothing else is using your bandwidth, the server gets full access.

    My apologies for not responding sooner, and thank you for your reply  :P

  • Would anybody be willing to give me some conceptual networking information?

    24
    0 Votes
    24 Posts
    5k Views
    M

    @stephenw10:

    Separating your wireless and wired traffic is something I would recommend just to make it easier to control your traffic.

    If you want to get a paranoia level of security you could setup a vpn server in pfSense and then configure your wireless interface firewall rules to only allow access to that. Then all your wireless devices would have to connect to the vpn server to get access to anything. VPN encryption level can be anything you choose.  Potentially you could use two factor authentication or something!  ;)

    Steve

    I still have to do this all, but I don't have enough time  :-\

    Thank you for your reply, Steve  ;D

  • Something goes wrong with i change LAN IP

    2
    0 Votes
    2 Posts
    1k Views
    W

    It has been my experience that some major configuration changes to pfSense don't correctly clear the old values so that new values can properly take effect. I suggest you save (but not apply) the LAN IP subnet change then reboot for it to take effect.

    @itson:

    when i type the voucher it just seems like refreshes the page doesnt redirect and doesnt let me connect to the internet.

    I would be helpful to know what the browser did do (for example, what was shown in the location bar? did the browser report a name resolution problem?) as well as what it didn't do.

    @itson:

    after trying to figure out what it could be and started getting calls from customers that they cant connect, i quickly had to change ip and dhcp ips back to 192.168.1.1 range

    PERHAPS some of these customers still had DHCP leases for IP addresses in the 192.168.1.x range.

    PERHAPS you needed to restart Captive Portal (Disable then enable) after the IP address change.

  • Guest Network

    18
    0 Votes
    18 Posts
    19k Views
    K

    Yep - I learned something also.

  • PfSense LACP problem with HP Procurve switch

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Suggestion: Upload config via zmodem

    4
    0 Votes
    4 Posts
    1k Views
    D

    @jimp:

    pkg_add -r lrzsz

    Then use lrz to start a zmodem receive.

    Awesome!

    Thank you,

    -A

  • Better logging & RPC Traffic

    25
    0 Votes
    25 Posts
    7k Views
    B

    As an update:

    I THINK ive resolved this….wasnt PfSense causing this at all, it was TMG.

    "strict RPC compliance" was on. Turn it off, and thus far, works fine, as well as fixing a few other minor issues which i assume use RPC or DCOM.

    Im still testing but it'll be hilarious if a protocol that MS products rely on to work, is "broken" by a MS product too. :p

  • Automatic Service restart when service stopps ?

    1
    0 Votes
    1 Posts
    866 Views
    No one has replied
  • Can i connect pfsense to a vpn or proxy server for all network traffic?

    3
    0 Votes
    3 Posts
    2k Views
    K

    You could go internet > TOR > PFSENSE > LAN Clients.

    The TOR box could be either a small cheap/old stand alone computer you put between pfsense and the internet or you could get TOR up and running inside pfsense.  The last option isn't supported out of the box.

    I'm sure VPN providers are no more likely to protect your privacy than facebook is.

  • What WAN type is ethernet ?

    5
    0 Votes
    5 Posts
    1k Views
    K

    haha.

    I glossed over the "If I plug a laptop into the port and manually set the LAN ip on the laptop with one of the public ip's it works great."

    Yes.  Static IP.  However, I'm wondering about his 8 IPs since he will only get one if he doesn't take steps to see all 8?

    I see a nice youtube video on that here:

    http://www.youtube.com/watch?v=zrBr0N0WrTY

  • High CPU load [ 63.87% {irq16: bge0 bge1} ]

    16
    0 Votes
    16 Posts
    5k Views
    D

    @stephenw10:

    The box should remain responsive though.

    Responsive - not really. Was barely recoverable by reverting to previous config via serial console.

  • User-Password NOT clear text?

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Not enough of the exchange to really tell from that, but probably a difference such as PAP vs CHAP or other settings in the RADIUS server that govern what it claims to support.

    It could also be a difference in the compile-time options given to freeradius and not in the config file.

  • PFSense VM using 3 times as much CPU as Sabnzbd, Normal?

    1
    0 Votes
    1 Posts
    760 Views
    No one has replied
  • Bridge Interfaces as inactive

    8
    0 Votes
    8 Posts
    2k Views
    stephenw10S

    They may not timeout, mine don't under normal use. There's an easy fix anyway.  :)

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.