• Routing through the firewall

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H

    What is the point of having a firewall if all networks are in the same layer2 network? You could do it with 1 interface when using vlans but that is virtually 2 seperate networks again.

    You can shut down NAT by enabling advanced outbound nat at firewall>nat, outbound tab. Delete all nat mappings that it creates for you in the table at the bottom.

  • Time of day based rules

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    J

    I actually need the same functionality.  On our old Sonicwall we were able to firewall out our remote Citrix users between 8 AM and 6 PM.  I know there's some way to control that within Citrix as well so we'll probably have to use that option once we get the m0n0wall/pfsense fully in place.

  • Stateful Packet Inspection

    Locked
    4
    0 Votes
    4 Posts
    9k Views
    A

    Thanks for the replies. That cleared things up. For some reason I mistakingly thought layer7 and SPI were the same thing.

  • Bittorrent / DHT / UDP Problem

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    D

    this may be attributed to NAT reflection not being enabled on all configurations.

    The clients checks itself by connecting to the outside port it forwarded and see if it works. eMule has some KAD network issues with this UDP port forward as well. So yes, it would actually work from the outside. But testing from the inside would/could fail.

  • Firewall feature request : users …

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D

    Starting with version 2 a user manager will be included for administration. That one will be a lot more fine grained. So after 2.0 is released we can do something with this.

    Release schedule for 2.0 is currently quite uknown.

  • What does the '@' in '@184 blocks … ' mean in firewall system logs ?

    Locked
    8
    0 Votes
    8 Posts
    3k Views
    D

    The number is the line number which refers to the rule in /tmp/rules.debug.

  • Connection Losses

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    D

    i've not had the best of experiences with the 3c2000 cards. regardless it should work.

    Did you reboot your box to enforce the ifconfig settings?

    a manual ifconfig sk0 media 100baseTX full-duplex should work anyhow.

    From the console menu, the webgui or ssh, pick one.

  • [Solved] Another ping problem

    Locked
    11
    0 Votes
    11 Posts
    5k Views
    Y

    @KiaN:

    Ok, now I get it :

    @hoba:

    Btw, you should upgrade to 1.0.1. 1.0 had a really annoying bug where rules sometimes were not reloaded.

    Yep, tis why I asked what version you were running. Glad to hear its working now :).

  • Possible solution for bridging and carp (evolved to bridging and STP)

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    P

    Tomorrow already looks promising :)

  • Cannot ping wan ip of another pfsense

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    Y

    No problem. Glad to hear you got it working. Pass the word along about pfsense ;).

  • Remote admin access to WDS network AP's on OPT1

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H

    remote admin works on the router WAN port only. it works only on port 80 or 8080

    there is a single way to remote admin your routers : setup a PPTP connection to your gateway (pfsense)

    Give me more details to give you more help (I have a similar setup)

    chady

  • Problem with NAT reflection

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    H

    See http://cvstrac.pfsense.com/tktview?tn=1138,6 for how to setup a workaround rule for this problem. At least for natreflection this should work for 1.0.1 without this rule but you will  need it for ftphelper anyway so it won't hurt  ;)

  • Allowing http

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    P

    @jeroen234:

    if port 56 is not open they can not access the dnsserver

    DNS is port 53/UDP (TCP for zone transfers)

  • Simple block of traffic to port 80 on webserver machine

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    M

    Okay, I got it working; it's a tricky if you don't know what you are doing.  Thanks for your help!

  • Blocking access to ntop

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    H

    You have to disable the antilogout rule at lan (system>advanced) which grants access to the lan IP of the pfsense. This rule is in place to make sure you don't log yourself out from the administration. Beware that disabling that rule might log you out if you have incorrect rules at LAN, so verify your settings before applying a new ruleset.

  • Keep finding this address in routes -> 10.18.160.1

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    M

    @sai:

    Port 67 is the port a bootp/dhcp server listens on, port 68 is the port the DHCP server
    sends out information on. So there is a DHCP server on your WAN. These things tend to spew a lot of packets. Very annoying.

    Thanks.

  • Pf tool for evaluating packet's path

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    S

    No idea.  As I told you before, I am not crazy about that patch and you will have to get it into the tree through someone else.  Sorry.

  • Can't ping from subnet to Opt1 subnet

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    M

    I dropped all of the Gateways but still cannot connect to the WAN from my host on the OPT1 network.  I can connect from my LAN to the host on the OPT1 network.

  • Cannot access pfsense box behind a router on the LAN

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    G

    thank u

    works fine

  • After installing 1.0.1 I don´t have firewall logs

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    D

    Yes, sorry, working now!!!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.