• PFSense allow Chrome Remote Desktop

    2
    0 Votes
    2 Posts
    2k Views
    GertjanG

    Hi,

    The default firewall rule present on LAN will handle the job : pass all.

    I'm not using any Google tools myself (except their mail services) but I guess "Chrome Remote Desktop" works the same way as "TeamViewer" : there is no need to setup something on your router. There is nothing that says you have to "NAT" something on your router.
    Which is quiet logic because Google want to see all the information you see, so all info passes by THEIR servers fist. This means that both app on both sides connects to a central Google server, which means that both devices - the controller and the "controlled one" make outbound connections only, which means pfSense is set up by default just fine.

  • After 2.4.0 update, LAN IP will not configure

    4
    0 Votes
    4 Posts
    462 Views
    D

  • Plain-language newbie security instructions

    5
    0 Votes
    5 Posts
    782 Views
    B

    yes, your firewall is up and running from the moment you install it and plug it in. It runs out of the box for almost all network configurations, and is secure in that configuration.

    As far as uploading files to your box, yes you can do it from the webgui, or from SSH. It's as simple as creating a new file and copying the list of IPs into the new file. Then point pfBlockerNG to that file, it might be done with DNSBL? I'm sure you could also import the list as an alias and just use that on firewall.
    I've never imported a list to an alias before and don't have a pfsense box to look at right now but I'm almost certain there is a webgui button for it?

    If you named the list "BAD_IP" then the rule would be something along
    BLOCK any_source_ip on any_source_port > BAD_IP

    Again, I've never done it that way but am pretty sure that will work. I don't know how you're compiling your list but the problem with most self-maintained lists of bad IP's is that IP's are dynamic and will change over time. So after enough time you'll eventually not be blocking bad guys anymore but will be blocking whatever computer or service is now behind that IP.

    Depending on what you are trying to block with this personal list, you can probably either find a maintained list that covers it and is updated by a service, or use an IDS/IPS to block the IP's.

  • SNTP Problem getting connection!

    9
    0 Votes
    9 Posts
    2k Views
    P

    i reinstalled suricata . i did these a serveral times before i solved my problem with sntp.
    at the moment everything works without any problem. still don´t know exactly what solved the sntp problem.

    by the way…

    i use suricata now in monitor mode because i want to change it to "block on drop" but i do not quite understand it.

    see my post. perhaps you could help me with my questions?

    -> https://forum.pfsense.org/index.php?topic=137669.msg752860#msg752860

  • Reliable traffic counter?

    2
    0 Votes
    2 Posts
    524 Views
    H

    Does nobody have an idea why the vnstat values are quite far off the actual traffic passing through the system?

  • ISCSI Possible?

    2
    0 Votes
    2 Posts
    1k Views
    F

    I don't know if this would work but I can say it is ill advised from a security standpoint..
    You don't want your internet facing firewall to do anything but routing and network tasks.
    iSCSI file serving is something you want to do behind pfSense not on top of it.

  • Pfsense goes down every morning

    18
    0 Votes
    18 Posts
    3k Views
    ?

    What should I be looking for?

    In Germany it is common that many of the ISPs are cutting the Internet connection once a day, could this be the
    point you should also looking for?

    If there is a double NAT situation you could try out to set at the pfSense WAN settings a satic IP address from the
    network of the router in front of that pfSense box. Because the DHCP lease will be out after xyz minutes/days/weeks
    or so on.

  • Show the Number of Active LAN Clients

    4
    0 Votes
    4 Posts
    1k Views
    ?

    Internal:

    The ARP table as named above Squid & SARG perhaps

    External:

    CentOS and NAGIOS2 TclMon on an APU, NUC or other small device On a small external device such the RaspBerry PI or the netgate MinnowBoard Turbot series and a Linux or FreeBSD
    OS on it with CACTI and MRTG.
  • Pfsense without nanobsd image

    7
    0 Votes
    7 Posts
    939 Views
    ?

    I learn that release 2.4 will have no nanobsd image.

    32Bit and NANO BSD are gone, but there fore we got ARM support and some other nice things, so it was nothing
    less but more changed against other things that are available now.

    If I install pfsense to a compact flash drive, how can I reduce writing to CF?

    Alternately you may go with a 4 GB or 8 GB IDE flash module or with a IDE SSD that might be the best option in my eyes.

    Currently, I have a old PC with a 2G CF card with nanobsd image installed on a IDE slot, it works great for more than 5 years.

    32Bit hardware? This might be also running out too! So newer hardware will be not so really high in price,
    the APU2C4 or the SG series might be holding for Internet account with lower speeds.

    Is it possible to have a similar installation like this after 2.4 released, I mean with minial CF wear out problem?

    As stated above you should try out a small IDE SSD.

    Thanks for you reply. I will only need snort package. Is snort only write to /tmp or /var?

    What is your Internet connection speed?

    BTW: How much disk space is required for a full pfsense install, I cannot find it documented
    anywhere

    pfSense and snort is able to install on a small 16 GB mSATA storage. The APU2C4 is able to get around
    for ~199 € and the SG-2220 is able to get for $299.

  • Selective routing via VPN interface

    22
    0 Votes
    22 Posts
    4k Views
    I

    Wonderful. Thank you again for sticking by a novice like me.

  • MOVED: squid transparent proxy doesn't work in Azure

    Locked
    1
    0 Votes
    1 Posts
    228 Views
    No one has replied
  • Restarting OpenVPN when connection is down

    2
    0 Votes
    2 Posts
    265 Views
    T

    I'm not aware of anything other than dpinger, but you can specify the IP that it pings to check connectivity.  While generally pinging the gateway makes the most sense, if it's not reliable you can use something else.  For example, you could ping one of Google's DNS servers live 8.8.8.8.

  • Change VLAN's on a schedule / cronjob?

    3
    0 Votes
    3 Posts
    474 Views
    B

    yeah, that is the process i was trying to automate on my switch.

    Apparently some have had success with simply setting pfSense WAN to DHCP and then you don't have to run through the process every 14 days.

    Honestly though, I agree. All of the options sound really hacky and reliable.

    Everything goes out the window if the connection resets for any reason and I'm not home to fix it.

    If I don't hear of something more reliable I'll probably just run the gateway in their crappy pseudo-bridge mode.

  • Cron to enable ssh , transfer backup, disable ssh - is this possible?

    2
    0 Votes
    2 Posts
    263 Views
    D

    0/ You don't need sshd enabled to copy files via SCP/SFTP.
    1/ Windows does not support the above natively.

  • I want to Block all Traffic Except Skype for Business

    1
    0 Votes
    1 Posts
    276 Views
    No one has replied
  • WAN speed has increased, pfSense throughput remains at old speed

    5
    0 Votes
    5 Posts
    710 Views
    ?

    There you go…  :)

    I suspect it's something to do with the ip profile in the DSLAM that get's updated when the session is re-started.

  • What is 'dc' and why would it be using 100% CPU

    5
    0 Votes
    5 Posts
    516 Views
    D

    Nothing fancy… it's 2.4.0RC as shipped.

    The firewall has now reset itself and is back online. There's nothing useful in dmesg or system.log.

    Only package installed is AutoConfigBackup.

    I'll try digging more with ps next time it happens. I might try rigging up monit to do it for me.

    I was hoping there would at least be some pfsense-related reason for dc having been called… now I'm somewhat unsettled.

    Thanks, everyone…

  • Implications of Removing Port 500 (ISAKNP) NAT Rule

    7
    0 Votes
    7 Posts
    935 Views
    KOMK

    Thanks, Jim.

    My install has been upgraded many times since 2.1.x, and I've got a tunnel defined but disabled.  We don't use IPSec at all and never have.  I thought it was there by default, but most likely I created it while playing years ago and forgot about it.  Why I would disable it instead of deleting it is a mystery.

  • Stepping up my game. My plan, and any helpful advice requested.

    11
    0 Votes
    11 Posts
    969 Views
    johnpozJ

    So I will agree that its clunky.. The only thing it has going for it is cheap, and it can handle my new 500/50 at speed.

    I am running the latest 4.4.8 code.. But I have left my pfsense vm running to handle dhcp and resolver - those features in the usg are pretty bare.. And no resolver at all.  Just forwarder mode. So good luck running your own dns on it, etc.

    And your correct anything like openvpn or HE tunnel has to be done at the cli - which wouldn't be the end of the world.  But if controller does a re provision seems that all gets wiped.. If your a simple home user with 1 network and no need for vpn or tunnel (it doesn't seem to do any ipv6 on its own) might be a good thing.  But from the day I have had to play with it seems more a toy than the mature very feature rich easy to use pfsense.. The dpi stuff looks interesting, but that seems to be the only thing its got going for it.  And with pfsense you could just install ntopng and get all that kind of info as well, etc.

    But again thanks for your thoughts and appreciated your willingness to test its top limit, etc.  Prob going to have to live with it till nov when I can replace it real pfsense hardware ;)  But after that it will be either on my self collecting dust - or looks like I might have some buyers for it ;)

  • PfSense and Skype

    2
    0 Votes
    2 Posts
    1k Views
    D

    Try doing static port?
    https://doc.pfsense.org/index.php/Static_Port

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.