• Web Admin via SSH Tunnel

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    There isn't a way to adjust its interface binding, but you can certainly block it with firewall rules and access it via ssh port forwarding if you like.

  • Captive portal user accounts

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    T

    Ouh… thatz hell of a task :)
    anyways thx fr ur suggestions :)

  • Bridging interfaces

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    N

    Thank you for your reply.
    i definitely need to assign a public IP on my server. NAT is not working on the internet service i need (according to the internet service support team).
    I have tried to bridge WAN - OPT and after that, two more interfaces appear on Interfaces - Assign. The BRIDGE0 and an opt which has the same mac address with my WAN. Should i do something with them?
    If you thing that this is not a good implementation, i can use pfsense in bridge mode only and route internet traffic of my lan to another connection.

    Thanks again

  • GigE between 2 subnets = 50Mbit limit?

    Locked
    8
    0 Votes
    8 Posts
    2k Views
    P

    Well we are trying to figure out the problem. Let us eliminate RIP and set a perm route to make sure.

  • How to block HTTPS website?

    Locked
    21
    0 Votes
    21 Posts
    76k Views
    R

    @stephenw10:

    pfSense uses pf(4) not ipfw. Though it does use ipfw for the captive portal function.
    I think you may out of luck translating that from iptables.  :-\

    Steve

    If you don't mind setting up the rules manually, you can activate the portal and then create your own ipfw rules. The only trick is to make the last step in your rules skip over the portal rules (assuming you don't want captive portal functionality).

  • Pfsense vmware dhcp failing

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    johnpozJ

    I run dhcp on my pfsense, and it provides IPs for ALL devices on my LAN.  This interface has been enabled since pfsense was installed.

    What your saying doesn't make any sense - enabling dhcp has NOTHING to do with the web gui of pfsense.

    How are you access the web gui now?  Via what IP and from what client?  You say your enabling the lan interface?? Can I please see a screen shot of your interfaces and what IP do you access the gui on now?  Your accessing it via 172.16.1.xxx  – why hide the last octet btw, that is a PRIVATE IP and not routable via the public net - there is NO security concerns with giving out this info.

    You say that is your WAN IP in pfsense.  That is not how you would normally access the gui, you would have to allow for special firewall rules to access gui via WAN interface -- since default firewall rules would block all inbound traffic and block private networks.

    So what rules do you have in place?

    edit:  If your LAN network is 10.0.0.0/24 with pfsense on 10.0.0.1, then your client your accessing pfsense from would also be on this 10 network, not on the 172.16 network.  Your not setup like me if your access pfsense web gui on 172.16 wan address that is for sure.  I access everything on pfsense via its lan interface.  Are you changing lan from dhcp to static?  And your lan was dhcp before and its getting an IP from something else?  Your router??

    What is your settings for your lan when it works and you can access the gui?

    lan1.jpg_thumb
    lan1.jpg
    lansetup.jpg
    lansetup.jpg_thumb

  • Captive portal hangs

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J

    pfsense 2.01

    We've only had it running for a day or so, but I'm trying to address issues early, like I said m0n0wall didn't work so well for us, we found ourselves restarting it every couple of weeks.

    pfsense itself seems fine, the only stat I saw go too high was CPU usage, but that happened only when I reset the captive portal, and everyone had to log back in. State table is under 50% used, memory 75% used, everything else shows similar levels of usage.

    You're right about 10Mb/s being insufficient, but this is for a school, giving students all the bandwidth they want for their smart phones isn't something they can do. The whole guest network is done on the cheap.

    I am the consultant who's done it before. Like I said, the wireless is fine, we're just doing the guest captive portal part on the cheap.

    I'll throw some more memory on the VM and see how it works.

  • 2 seperate VPN connections on same firewall?

    Locked
    1
    0 Votes
    1 Posts
    782 Views
    No one has replied
  • Backup File Name?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    B

    Well, rebuilding the pfSense box took just a bit more effort than I had hoped.

    I saw where the installation was looking for 'config.xml' on the floppy, so I suppose if I had it on there, it would have found it.

    I think I saw where it looked on the flash drive, and if I had the file named 'config.xml', it would have found it. But it had the backup name. So I had to wait until I could access the WebConfigurator to load it up that way.

    Anyway, just reporting that the pfSense box is functional.

  • Adding an external Proxy server

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D

    Sure, if it's configured to run in transparent mode, you can forward the necessary port(s) to it (as marcelloc suggests in the link that heper gave).

  • 0 Votes
    19 Posts
    8k Views
    T

    I was finally able to get the wireless up and running on OpenWRT is been working pretty good, the max speed for file transfers is 6MB/s which I thought was kinda low but I can deal with it.

    However these connection limit emails are really starting to bug me, I don't know what is telling them to be sent out…

  • DDOS and logging

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    W

    @kradalby:

    I have been in contact with my isp, they cant help me unless i have ips i can give to them, and i have not been able to get something out of the box under the attacks because it overloads.

    I presume you have firewall rules on your WAN interface to block unsolicited traffic. Enable logging on those rules.

    When you are hit by a DOS attack stop the flow (for example by disconnecting or powering off your modem). Your box should soon become usable again. Dump the firewall log file to a text file, (for example pfSense shell command```

    clog /var/log/filter.log > firewall-log.txt The firewall log should give you some IPs involved in the attack UNLESS you have bugs in your rules OR the attack is very specifically targeted at your open ports in which case you might be able to configure the attacked servers to log incoming connects and such logs might provide some IP addresses you could ask your ISP to block. When you have a bit more information about the nature of the attacks it might be possible to make more specific suggestions.
  • PfSense security vs commercial options

    Locked
    16
    0 Votes
    16 Posts
    11k Views
    C

    I created this page on the wiki to answer this common question/concern. If anyone can think of any points I missed, let me know.

    http://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

  • Can pfSense do all of this for me? (drawing attached)

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    R

    @bobn:

    Thanks both of you.

    rjcrowder, Yea, I've noticed that is a wide difference among posters opinions about the matter of pfsense hosting wireless services.

    starshooter10, are these steps in the gui, or a command line option; like is scheduler gui or cli?   Oops, I've finally found the scheduler tie in with the firewall rules…...  nm

    Does the GUI firewall builder offer up enough that I don't need to learn the CLI?  If not, has anyone run across a great primer for that CLI.

    I come from a cisco ios and asa background.  I dislike cisco's automagic network access they try institute in enterprise class products with their security zones freely allowing network from higher to lower security zones, I always start a new dmz vlan with an implicit deny ip any any inbound and outbound.  So I'm not unfamiliar with the SIP, DIP, DP, and masking concepts.  I just haven't actually had to work with linux type of firewall CLI, so I'm starting out at ground zero with it.

    Is the web/http content filtering in this an inline filter, or explicit proxy filter?

    Thanks

    Probably shouldn't admit it, but I don't have much of a networking background… so I don't know much about Cisco devices.

    The pfsense gui firewall rule creator is pretty nice and lets you do about anything you would want to do at layer 3. However, because it is using PF under the covers it will not let you do anything with layer 2. In order to mess with layer 2, you need to use the ipfw firewall - which is installed as part of the captive portal. Unfortuntely, there is no pfsense gui that allows you to create ipfw firewall rules - so if you need layer 2 rules you are at the command line...

    From what I've seen, this is the major difference from linux based firewalls that I've played with (ipcop for example) which use iptables and let you create layer 2/3 rules.

  • Multiple servers with different domains, one external IP

    Locked
    2
  • PfSense Vs. Commercial Solutions

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    C

    Thanks for your replies guys, really helpful.

    Jimp, I appreciate the company names and I appreciate the expansion into the security/update side of things, thanks.

    As far as CARP goes I'm not sure how I could utilize and granted I have not built a CARP setup before. Our setup will go;

    Fiber in –> What appears to be a media converter (Provided by ISP), ethernet out --> Cisco Router (Provided by ISP) single ethernet out --> Our current/replacement pfsense firewall. I can whack a diagram together tomorrow if that makes it clearer but because the Cisco router (which acts transparently as far as I can imagine; we have the public IP presented to the WAN interface on our current firewall and only need to NAT on that existing firewall and nothing above. I don't know how they set it up I'm just making educated guesses. I'll ask the person that comes out to program the cisco router. We're with BT by the way unless anyone knows) only has a single ethernet port coming out of it I don't know what I could do in terms of failover from there apart from having a warm spare (with an interface on both for pfsync if that's how it works? I'll look though the wiki/docs/forums/book) and physically change the cable over in the case of a firewall outage?

    I do also like the idea of the support being provided by people who are also the developers. It would also be nice to put some decent contributions in and fund new features. On which note I'm glad to see there's processing for credit cards, as much as I love pfSense I couldn't help feeling the uninformed I may have to pitch my choice to may not value a solution that could only process paypal, so I'm chuffed!

    Anyone got any UK based companies they could suggest? I'll be doing the usual Google reccy too. It is likely however that I'll reutilise some soon to be old servers and build the box myself, all the servers are the same model which will make any possible replacements my easier.

  • MOVED: limite de conexiones por usuarios usando FreeRADIUS

    Locked
    1
    0 Votes
    1 Posts
    788 Views
    No one has replied
  • Figure out users uploads

    Locked
    19
    0 Votes
    19 Posts
    5k Views
    stephenw10S

    My money's on spam.  ;)
    Though you might expect the provider to have notified you.

    Steve

  • Can't connect to a pc behind my firewall from remote computer

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    johnpozJ

    so she could go to other internet sites?  But not yours?  Prob others that you were just not aware of.

    Glad I could be of help, and that its now working.

  • Finding the source of disk write

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    Y

    I've found the following 0 byte files that are being written pretty often (no idea what with, or why the writes are so large)

    [2.0.1-RELEASE][root@pfsense]/var/log(33): find / -type f | xargs ls -lt | head -n 2 -rw-r--r--  1 root      wheel          0 Sep 19 17:15 /tmp/tmpHOSTS -rw-r--r--  1 root      wheel          0 Sep 19 17:15 /var/db/currentipsecpinghosts [2.0.1-RELEASE][root@pfsense]/var/log(34):

    How can I stop these files being written?

    Cheers,

    Yax

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.