• Set up DMZ in pfSense?

    Locked
    3
    0 Votes
    3 Posts
    33k Views
    H

    @superwormy:

    Incoming T1 connection, a few machines need to have public static IP addresses, the rest will be NATed and just need access to the Internet. I'd like to have the machines that are exposed to the Internet in something like a DMZ… does pfSense have DMZ support, or is there a better way to do this, or...?

    I have 3 network cards in the pfSense box... if I use one for WAN, one for LAN, and one for the DMZ machines, will this work to isolate the LAN machines from the machines that should be in the DMZ?

    take a look to the docu from monowall written by cmb, it runs as it should.
    http://doc.m0n0.ch/handbook-single/#id2604946

  • Is it a Split-Brain DNS I need?

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    R

    @Tai:

    Im not sure what disabling NAT Reflection really entails if it is a horrible security risk or just makes port forwarding/nat more work. ??
    Cheers

    It's not a security risk, it just puts more load on the pfSense box. The domain name you use to access your virtual sites internally looks up to a public IP. Thus the request goes out to the pfSense box. Enabling NAT reflection allows the pfSense box to redirect the request back into the internal network to the correct host.

    If you had split DNS when inside your network the domain name would look up to the internal IP of the server. This would avoid the unnecessary loop to the pfSense box as the request would go directly to the server. When outside your network the domain name would look up to your public IP.

  • Pfsense - on access virus scanner

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    E

    There are ways to do such configs not from the pfsense gui!

    Search google if you want to do such a config but it just provides basic security and not a real protection.

  • Traffic graph shown by IP

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H

    Go to the console or ssh in (if you have ssh enabled at system>advanced) In the menu you'll find an item "pftop" that will do exactly what you are looking for. Press "h" for advanced options while running pftop.

  • Can Join the function:system-user and group manager?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    X

    THKQ very much.
    I`ll wait it…

  • Error - Bad PTE…?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    E

    Try setting your harddisk in PIO4 mode if you still recive this message check your RAM.

    There might be an edge case where might need to change the allocated memory to kernel vs. user base. What version of pfSense is this?

  • Multi LAN / Rate limiting / Tables

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    H

    You need at least 2 interfaces (WAN and LAN) but you can have as many interfaces as your hardware supports basically with multiple LANs or WANs.

  • Basic multi WAN setup

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    H

    You only have to follow this simple guide: Rules are applied on incoming traffic only so if you want to do outbound balancing to multiple WANs the traffic is coming in on the LAN and leaving on the WANs/OPTs. Your rules have to go to the LAN tab therefor. And also have a look at the tutorials and docs. They should get you started quickly.

  • PPPOE and External RADIUS

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • PPPOe Status Page

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • 0 Votes
    2 Posts
    2k Views
    Cry HavokC

    Assuming you have the full install then "pkg_add -r zoneinfo" (from the command line) should do it.

  • How to make the whole OS more multi-wan aware?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G

    Great to hear that. Good progress has been made on the traffic shaper. Now can we put together a bounty to extend captve port to be multi-wan and multiple interface?

  • Can I give Qos priority to a particular LAN interface?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • 0 Votes
    3 Posts
    3k Views
    Cry HavokC

    128 MB of RAM is the minimum supported.  If you ever plan on adding any packages you'll want to add more RAM.

  • Planning to build a webserver

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    Cry HavokC

    I'd go with rsync over SSH.  Rsync will allow you to keep the webserver updated with changes on the fileserver and as you should be using SSH to admin it anyway you're not opening up any new holes.

  • /usr/local/bin/php High CPU Load, is it "Normal" ?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D

    Oke , sensei Ullrich

    Thanks a lot

  • RSTP

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    F

    Doesn't matter if it's in the GUI for me, personally.  If the support was there, I was just going to modify /etc/inc/interfaces.inc to add the lines.  No big deal.

  • WAN weirdness

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    D

    After posting the last reply, I saw what was wrong, LAN is now on 192.168.10.1 and it all works. So much for late nights! Thanks, ~Lawrence

  • Request for memory % to show system memory installed

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    jahonixJ

    Either go to:  https://<pfsense-ip>/status.php#sysctl%20hw.physmem
    or install the phpsysinfo package if you're not on embedded installs.</pfsense-ip>

  • I have 100 computers to network any advice?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jahonixJ

    @MTHead:

    Please please PLEASE tell me you mean "switch", not "hub"!

    …or just a 24/48-port bridge.  ::)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.