• Radius and pfsense radius configuration

    Locked
    1
    0 Votes
    1 Posts
    933 Views
    No one has replied
  • Newbie Setup - Cannot Ping / No DNS - Can AutoUpdate Gateway Online

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    W

    @ljadmin:

    My gateway status is 'online' but i cannot ping my gateway from the IP of my Firebox but I can from other systems on the switch.
    [Gateway (#.#.#.217)] – switch -- [Firebox (#.#.#.219) & ServerA (#.#.#.220)]

    What does ping report? (a png report is nearly always more informative than "cannot ping").

    How many interfaces have you configured on the firebox? How many of them are in the same IP subnet as the pfSense WAN interface?

    I presume the switch you mentioned is connected to the pfSense WAN interface and Server A such that Server A can directly contact the gateway (bypassing the Firebox).

  • Remote ftp access to device

    Locked
    9
    0 Votes
    9 Posts
    2k Views
    P

    @marvosa:

    When using FTP behind a NAT Firewall, I've always forwarded the passive ports.  Unless the firewall dynamically monitors FTP connections and opens ports dynamically when it detects a passive FTP connection, which I'm guessing is what the FTP helper is trying to achieve.

    From -> http://doc.pfsense.org/index.php/2.0_New_Features_and_Changes:

    FTP helper now in kernel

    So, maybe it's a kernel bug or the "FTP Helper" has been deprecated.  If someone has a more official explanation, feel free to chime in.

    I think you are correct. I have not disabled it so maybe there is some kind of bug on the FTP helper since although enabled i have to port forward the passive ports my self.
    Except if the FTP helper on pfsense is not supposed to do this as the [ Tracking / NAT Helpers - FTP nat helper ] i said.

    Who knows.

    Regards

  • Vlan troubles

    Locked
    2
    0 Votes
    2 Posts
    982 Views
    W

    Try looking for the VLANs tab on Interfaces -> (assign)

  • 2.0.3 upgrade errors

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    D

    I realize this was posted in wrong place. I just want to update in case someone was scared off by my experience, When I downgraded to 2.0.2 I had the same issue when I restored the config backup. So apparently there was an issue with my config exposed by the upgrade process, unrelated to version 2.0.3. I am now running 2.0.3 with config rebuilt by hand (with aid of the xml file open in notepad) and all seems fine. Was probably a good time for a config 'spring cleaning' anyway..
    Thanks again to maintainers of this project for this solid update!

    @pvoigt:

    @dig1234:

    I'm on nanoBSD i386. upgrade from 2.0.2 to 2.0.3 was a disaster. Bootup would hang at Starting Firewall.
    Turned on verbose logging, eventually bootup finishes but packages did not reinstall.
    Getting message in syslog and console:  kernel: t_delta 15.fd984de3455432fc too short etc.
    Will try installing from scratch, maybe upgrade process just crapped out. Otherwise I'll go back to 2.0.2

    Well, these issues are looking even more serious than those nsswitch warnings. Maybe I missed it but are you getting the nsswitch warning besides your other problems? If yes, could you please give feedback I they do disappear after a clean install? I'm runing a NanoBSD image and it is a real pain to exchange CF card for re-imaging.

  • Integration with radius server for captive portal authentication

    Locked
    1
    0 Votes
    1 Posts
    794 Views
    No one has replied
  • How to detect infected computers in my lan

    Locked
    11
    0 Votes
    11 Posts
    10k Views
    R

    Thank you all for your help. I also found out that every night comes the night guard to this company with his own laptop which was also infected:)

  • 2.0.3 - mod_fastcgi.c.2676 - FastCGI-stderr: ALERT squidguard sgerror.php

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Advice for network 500 users?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    R

    @heper:

    squid on pfsense can work with AD authentication. How well it integrates with squidguard/dansguardian i don't know.

    You have to install the following packages

    you will sea the proxy filter and proxy server on the service tab you have configure like this

  • Two Public IPs and Two Networks

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    T

    You can't use two WAN NICs with the same gateway.  It'll only route traffic out of the default gateway.

    If you have more than one public IP address that can use the same gateway, you can do it with one NIC, and VirtualIPs and 1:1 NAT routing. (http://doc.pfsense.org/index.php/1:1_NAT)(http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F)

    On my WAN2 interface I have a public IP address ...39, and ...40, and ...41.  The ...39 is the LAN2 subnet.  ...40 is a single IP on LAN2, and ...41 is another single IP on LAN2.  I could easily have added another public IP and had that route to LAN1, but in my case I have a completely different WAN connection with a different (different than WAN2) gateway instead.

    Create the one WAN interface and use 1:1 NAT with a VirtualIP.

  • VPN Client

    Locked
    14
    0 Votes
    14 Posts
    3k Views
    stephenw10S

    If you are looking at building a new box it's hard to recommend anything other than a low-end Sandybridge/Ivybridge based board. As Tim suggests above, using an socket 1155 board gives you lots of upgrade options. This board:
    http://www.newegg.com/Product/Product.aspx?Item=N82E16813121622
    Is slightly more but gives you a smaller footprint and DC power for greater efficiency.
    Even a low-end Celeron will firewall/NAT at Gigabit wire speed so should be good for 120Mb of OpenVPN (I have no test results to confirm this). http://www.newegg.com/Product/Product.aspx?Item=N82E16819116889
    If you want less building then maybe something like the Shuttle DS61: http://forum.pfsense.org/index.php/topic,56950.0.html

    To be honest you could probably get 120Mb VPN with a far less powerful system but it's probably easier and cheaper to go with something such as the systems above.

    Steve

  • How does code changes in freebsd make it to pfsense

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    jimpJ

    If they fix it upstream, we pick up the changes either the next time we shift OS versions (not very often) or if we bring their patch into our code (happens all the time).

  • NanoBSD - expanding 1GB working image to 4GB?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    stephenw10S

    You cannot expand it to fill the card, at least not at all easily. It's relatively easy to load up the 4GB image and restore the config though.
    However there is very little point in doing so. It's very unlikely you'll run out of space in the 1GB image. The RRD data is stored in the config (50MB) partition and I think that is the same size in the 4GB image. I'd have to check that. The RRD data does not grow in size though, that's the primary feature of it.

    Steve

  • How can i set rule in pfsense for rebooting

    Locked
    15
    0 Votes
    15 Posts
    11k Views
    B

    **my system work on ESXI 4.1 , pfsense for merge 2 line my multigatwy then go to Mikrotik 5.20 for Distribution internet to clients ,
    every route have bult in siwtch take cable form router 1 to router 2  and from router 2 cable to wan , ( i disable dhcp in bothe of them )  ( in ESXI creat  2 virual network adapter in pfsense , contact to wan by creat virtual  switch then acreat vm switch btween mikrotik an pfsense

    this is my network every time restart my Routers only one is online and the other is offline to solve problem need to restart pfsense every time after restart routers  , hop to fond solutoin**

  • 0 Votes
    5 Posts
    4k Views
    A

    thanks for your reply..
    @dhatz:

    Your best bet to increase overall performance would be to switch to pfsense 2.1-BETA (based on FreeBSD 8.3, with new drivers for most hardware). As long as you won't be doing any disk-intensive tasks (e.g. squid) the most important factor affecting performance would be your NIC(s) e.g. Intel or Broadcom etc.

    Since you have plenty of RAM, you could try
    kern.ipc.nmbclusters=262144

  • Help needed redirecting a specific URL

    Locked
    1
    0 Votes
    1 Posts
    670 Views
    No one has replied
  • Newbie needs help

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    N

    thanx  for thats a  big help  now i  just need to  work out  installing  but it cant be  that  difficult    hopefully  ???

    however that  not my  firebox 700  but its a big help

  • Hardware and software capacity planning

    Locked
    1
    0 Votes
    1 Posts
    884 Views
    No one has replied
  • WAN Going Offline / arp is using my IP address

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    C

    That's an IP conflict, the device with the MAC it's listing is using your IP. It won't be in the ARP table since that IP is local and it won't believe whatever the conflicting device is. But your upstream router will. What to do about it depends, if that's something on your network, turn it off or change its IP. If you're plugged straight into your ISP's network, you'll have to contact them about it.

  • IGMP spam?

    Locked
    2
    0 Votes
    2 Posts
    941 Views
    C

    That'll happen if that traffic makes it to the firewall. At that point you can either block or pass it, but it's going to show up in your RRDs either way. Whether or not it makes it to your firewall depends on the device its WAN is plugged into. Something on that upstream device must have changed to send out that multicast on all ports rather than just ports that have joined the appropriate group. Whether or not that's configurable or you can do anything to change the behavior, not sure, better chance of finding that out from your provider (if you can get someone with a clue) or a forum of theirs if one exists.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.