• Advice for network 500 users?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    R

    @heper:

    squid on pfsense can work with AD authentication. How well it integrates with squidguard/dansguardian i don't know.

    You have to install the following packages

    you will sea the proxy filter and proxy server on the service tab you have configure like this

  • Two Public IPs and Two Networks

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    T

    You can't use two WAN NICs with the same gateway.  It'll only route traffic out of the default gateway.

    If you have more than one public IP address that can use the same gateway, you can do it with one NIC, and VirtualIPs and 1:1 NAT routing. (http://doc.pfsense.org/index.php/1:1_NAT)(http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)

    On my WAN2 interface I have a public IP address ...39, and ...40, and ...41.  The ...39 is the LAN2 subnet.  ...40 is a single IP on LAN2, and ...41 is another single IP on LAN2.  I could easily have added another public IP and had that route to LAN1, but in my case I have a completely different WAN connection with a different (different than WAN2) gateway instead.

    Create the one WAN interface and use 1:1 NAT with a VirtualIP.

  • VPN Client

    Locked
    14
    0 Votes
    14 Posts
    3k Views
    stephenw10S

    If you are looking at building a new box it's hard to recommend anything other than a low-end Sandybridge/Ivybridge based board. As Tim suggests above, using an socket 1155 board gives you lots of upgrade options. This board:
    http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622
    Is slightly more but gives you a smaller footprint and DC power for greater efficiency.
    Even a low-end Celeron will firewall/NAT at Gigabit wire speed so should be good for 120Mb of OpenVPN (I have no test results to confirm this). http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889
    If you want less building then maybe something like the Shuttle DS61: http://forum.pfsense.org/index.php/topic,56950.0.html

    To be honest you could probably get 120Mb VPN with a far less powerful system but it's probably easier and cheaper to go with something such as the systems above.

    Steve

  • How does code changes in freebsd make it to pfsense

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    jimpJ

    If they fix it upstream, we pick up the changes either the next time we shift OS versions (not very often) or if we bring their patch into our code (happens all the time).

  • NanoBSD - expanding 1GB working image to 4GB?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    stephenw10S

    You cannot expand it to fill the card, at least not at all easily. It's relatively easy to load up the 4GB image and restore the config though.
    However there is very little point in doing so. It's very unlikely you'll run out of space in the 1GB image. The RRD data is stored in the config (50MB) partition and I think that is the same size in the 4GB image. I'd have to check that. The RRD data does not grow in size though, that's the primary feature of it.

    Steve

  • How can i set rule in pfsense for rebooting

    Locked
    15
    0 Votes
    15 Posts
    11k Views
    B

    **my system work on ESXI 4.1 , pfsense for merge 2 line my multigatwy then go to Mikrotik 5.20 for Distribution internet to clients ,
    every route have bult in siwtch take cable form router 1 to router 2  and from router 2 cable to wan , ( i disable dhcp in bothe of them )  ( in ESXI creat  2 virual network adapter in pfsense , contact to wan by creat virtual  switch then acreat vm switch btween mikrotik an pfsense

    this is my network every time restart my Routers only one is online and the other is offline to solve problem need to restart pfsense every time after restart routers  , hop to fond solutoin**

  • 0 Votes
    5 Posts
    4k Views
    A

    thanks for your reply..
    @dhatz:

    Your best bet to increase overall performance would be to switch to pfsense 2.1-BETA (based on FreeBSD 8.3, with new drivers for most hardware). As long as you won't be doing any disk-intensive tasks (e.g. squid) the most important factor affecting performance would be your NIC(s) e.g. Intel or Broadcom etc.

    Since you have plenty of RAM, you could try
    kern.ipc.nmbclusters=262144

  • Help needed redirecting a specific URL

    Locked
    1
    0 Votes
    1 Posts
    670 Views
    No one has replied
  • Newbie needs help

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    N

    thanx  for thats a  big help  now i  just need to  work out  installing  but it cant be  that  difficult    hopefully  ???

    however that  not my  firebox 700  but its a big help

  • Hardware and software capacity planning

    Locked
    1
    0 Votes
    1 Posts
    884 Views
    No one has replied
  • WAN Going Offline / arp is using my IP address

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    C

    That's an IP conflict, the device with the MAC it's listing is using your IP. It won't be in the ARP table since that IP is local and it won't believe whatever the conflicting device is. But your upstream router will. What to do about it depends, if that's something on your network, turn it off or change its IP. If you're plugged straight into your ISP's network, you'll have to contact them about it.

  • IGMP spam?

    Locked
    2
    0 Votes
    2 Posts
    940 Views
    C

    That'll happen if that traffic makes it to the firewall. At that point you can either block or pass it, but it's going to show up in your RRDs either way. Whether or not it makes it to your firewall depends on the device its WAN is plugged into. Something on that upstream device must have changed to send out that multicast on all ports rather than just ports that have joined the appropriate group. Whether or not that's configurable or you can do anything to change the behavior, not sure, better chance of finding that out from your provider (if you can get someone with a clue) or a forum of theirs if one exists.

  • Excessive hits on port 15783?

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    W

    @dillbilly:

    Is there any way to figure out what might be advertising itself on that port?

    Traffic doesn't necessarily result from something "advertising itself" on the port. For example, some might "probe" a range of IP addresses on a particular port looking for a systems that responds. Or you might have a dynamic IP address which was recently used by a system providing a service on that port.

    Do you see a range of IP addresses accessing the port in question?  Do you see the accesses in the firewall log?

  • High bandwidth Usage

    Locked
    2
    0 Votes
    2 Posts
    954 Views
    O

    Diagnostics -> Traffic Graph?

  • Squidguard: Proxy filter not blocking sites.

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    C

    Thank You everyone for all you help!  It is now fixed.  I had to reinstall blacklist and this time setup the correct URL for the download and everything went back to normal.

    Again,  Thanks All for your time and efforts.

    ChiefTenToes

  • SSH hungs

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    M

    That does the trick. Thanks for helping!

  • Tunnel Broker with 2.0.3?

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    jimpJ

    IPv6 support is only available on 2.1.

    2.1 is not "alpha" it's BETA1, and nearly a release candidate at this stage.

    If you need IPv6, use 2.1. You may not like it, but that's the answer.

  • 0 Votes
    6 Posts
    3k Views
    E

    Try using something like BandwidthD, DarkStat, or NTOP. These packages can let you see what IP's (and thus PC's) are creating the most traffic. Check for both lots of upload packets and throughput.

  • Kern.maxfiles limit exceeded by uid 62 please see tuning(7)

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D

    Well, the error message is pretty much self-explanatory. Are you running some package that opens many files (e.g. squid) ?

    On my system, uid 62 is proxy. You can check which process(es) are responsible, by running the following command on CLI
    ps aux|fgrep proxy

    The obvious solution would be to increase kern.maxfiles, by going to webGUI System -> Advanced -> System Tunables, assuming your system has enough RAM to handle it.

    PS: Although many pfSense users run the squid package, my opinion is that if you have more than a few (~20) users it'd be best both for security and performance/reliability reasons to use an external caching proxy, appropriately sized & tuned (fs + kernel).

  • P3Scan for POP3 transparent proxy with AntiSpam and Antivirus. Loop error

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.