• Which dist should I download?

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    johnpozJ

    are you going to be installing to hard drive?  If so then no you wouldn't use a nanbsd/embedded image

    have you looked at
    http://www.pfsense.org/index.php?option=com_content&task=view&id=43&Itemid=44

    This goes over all the different versions

    example
    Embedded (NanoBSD)
    The embedded version is specifically tailored for use with any hardware using Compact Flash rather than a hard drive.

    Architectures
    Starting with pfSense 2.0, there are versions for both i386 (32-bit) and amd64 (64-bit) architectures. This architecture is noted in each of the filenames for download. If you are unsure which version to use, then use i386. It is the most mature and well-tested architecture, and it will work on both 32-bit and 64-bit capable systems. The amd64 architecture (which does work even on Intel 64-bit CPUs) can address more memory and may have other performance advantages, but requires a compatible CPU.

    Now with that 8GB ram you have - if you want to have full use of that 64bit should be used.  But 8GB seems a bit high for a pfsense box..  Are you planning on running stuff like squid and snort, ntop, etc.?

  • Problems with openvpn after upgrading to 2.0.2

    Locked
    1
    0 Votes
    1 Posts
    767 Views
    No one has replied
  • Overkill machine (Spanking new i5, SATA only) won't install to SATA

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    T

    I've had a default installation of snort take out the entire network.  Even after uninstall the box is down.  Snort's FW block rules are time-based and persist even after uninstallation.  I'm not sure if this is a fact, but it was the root cause for my non-routing box.  I had to reinstall snort, remove all of the rules, purge the block list, and then uninstall for routing to work again.  I've learned the hard way that snort is not 100% out of the box "set and forget" friendly.  Add one rule at a time and review the logs.  Lots of people take out their network thinking snort is "set and forget".

  • PfSense on virtual machine inside windows

    Locked
    10
    0 Votes
    10 Posts
    5k Views
    E

    Hi All,

    Thanks all on your comments and efforts to help me, My specific issue was to create a router with pfSense and to set it up as a virtual machine inside a windows machine, windows machine is also virtual , A nested virtual machine. The system I have established is for testing an application.
    Finally I decided to install pfsense on a stand alone machine of course virtual , So I set up my pfSense machine as a router between two virtual switches inside ESxi.

    Now my next challenge is how to set up different NAT types…(asymmetric, Port-restricted)....
    Any suggestions?

    Thanks In Advanced.

  • Cannot access Router/Internet

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    F

    Ok, many thanks, it works now!
    I don't know why, but as soon as I set up the static route again, it worked. Even the Zyxel does NAT, the route was obviously necessary!

  • Making my home network overly complicated.. vBest Practices?

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    stephenw10S

    @verbal:

    As I mentioned above, does that mean that if I have LAN2 and LAN3 as different subnets, do I have to create separate block/pass rules that match for them?

    If you have many internal subnets and you want to block access to any of them from the DMZ you have a few choices.
    As I said by default everything is blocked. If you add a new interface but don't put any firewall rules on it the only that will be allowed is DHCP (assuming you have set a dhcp server on it). The only exception to this is the LAN interface which has some rules added by default as you can see.

    You could add BLOCK rules that have destination LAN* subnet at the top of the list. Traffic coming into the interface will be matched against one of these if is for a local LAN. Once it has matched it will be blocked, no further action is taken on that packet. Then add a rule below the block rules to allow out any traffic you wish to allow.

    I have 11 subnets on my home box and adding 10 block rules on an interface is time consuming and makes the firewall rules table harder to read. Instead I have created an ALIAS that contains all my local subnets in a list, I called it LOCAL.
    Then I have a single firewall rule that is ALLOW traffic with destination 'not LOCAL'. Much easier to read but doing just that does not allow traffic to the local DNS forwarder, even on the same interface. So I have an additional rule ALLOW traffic with destination LAN(whichever interface this is) subnet on port 53.
    I use this on a guest wifi interface. Doing this does not block traffic to the pfSense webgui listening on the WAN so you must add a block rule or add it to the ALIAS if you don't want this.

    Steve

    wifi2rules.jpg
    wifi2rules.jpg_thumb

  • PfSense Upgrade from 2.0.1 to 2.0.2

    Locked
    2
    0 Votes
    2 Posts
    997 Views
    C

    Every release's release notes contain the changes since the last stable release, that's the differences between 2.0.1 and 2.0.2. It does technically "upgrade" the OS because of some security fixes to components within FreeBSD, but it's strictly those security fixes, it's not a completely different version. Still 8.1.

  • GA-E350N Installation issues with onboard NIC

    Locked
    1
    0 Votes
    1 Posts
    839 Views
    No one has replied
  • (newbie) How connect WAN and LAN to internet

    Locked
    11
    0 Votes
    11 Posts
    3k Views
    W

    If the "192.168.2.x router" does do NAT the static route won't be necessary but won't do any harm.

    If the "192.168.2.x router" doesn't do NAT the static route will be necessary (but may not be sufficient).  Just add the static route.

  • Window server 2008R is not connected when using pfsense and virtualbox

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    R

    If I'm not mistaken the "!" means it's connected and can't get to the internet. That's what will happen if you have "host-only" as your connection.

  • Location of Static DHCP Lease File?

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    P

    Yes, all the settings are stored in config.xml - so yyou need to get the dhcpd section of that and add your static mappings in the same format as an existing one. For example, here is a tpyical DHCPD section of config.xml:

    <dhcpd><lan><range><from>10.99.0.200</from> <to>10.99.0.239</to></range> <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><domain><domainsearchlist><ddnsdomain><tftp><ldap><nextserver><filename><rootpath><dhcpleaseinlocaltime><numberoptions><enable><staticmap><mac>00:9c:02:07:89:1e</mac> <ipaddr>10.99.0.25</ipaddr> <hostname>PRINTER-01</hostname> <filename><rootpath></rootpath></filename></staticmap> <staticmap><mac>00:1d:e0:03:46:21</mac> <ipaddr>10.99.0.81</ipaddr> <hostname>ADMIN-PC-01</hostname> <filename><rootpath></rootpath></filename></staticmap> <mac_allow><mac_deny></mac_deny></mac_allow></enable></numberoptions></dhcpleaseinlocaltime></rootpath></filename></nextserver></ldap></tftp></ddnsdomain></domainsearchlist></domain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></lan> <opt1><range><from>10.99.1.192</from> <to>10.99.1.223</to></range> <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><domain>extralan.mydomain</domain> <domainsearchlist><enable><ddnsdomain><tftp><ldap><nextserver><filename><rootpath><dhcpleaseinlocaltime><numberoptions><staticmap><mac>00:1d:09:56:78:13</mac> <ipaddr>10.99.1.50</ipaddr> <hostname>HR-PC-01</hostname> <filename><rootpath></rootpath></filename></staticmap> <mac_allow><mac_deny></mac_deny></mac_allow></numberoptions></dhcpleaseinlocaltime></rootpath></filename></nextserver></ldap></tftp></ddnsdomain></enable></domainsearchlist></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></opt1></dhcpd>
  • Cannot access PFSense on ALIX

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F

    Hey,
    I could fix it! The first problem was that I bought a straight through cable and not a Nullmodem cable. As soon as I got access the ALIX I could fix it. So, I am back to square one and have to configure everything new. That might call for many many new posts.
    Thanks and see you next time! ;)
    F N

  • ESXI + 1 NIC Install Help?

    Locked
    3
    0 Votes
    3 Posts
    981 Views
    M

    Right, if you don't have a switch that supports VLAN tagging (and know how to set that up), there's not much we can do to help.  Either a switch that supports VLANs or another NIC is what you need.  But, do yourself a favor and do not get a USB NIC.

    If you tell us more about what hardware you're running on we can help point you in the direction of inexpensive NICs or other solutions.

  • Active Directory search resulted in error: Operations error

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    A

    omg i've finally fixed it after trying thousands of different combinations. I really hate this cn, dn, ou, stuff.

    Here is my final working configuration;

  • Live CD stops booting before getting to the final menu.

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    jimpJ

    While it might be a problem with the CD on your hardware, it's not a general issue that happens to everyone. Many people that I talk to have used the LiveCD without issue.

    Have you tried a 2.1 livecd? http://snapshots.pfsense.org/

  • Latency Issues and Possible Hardware Issues in 2.0.2

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    stephenw10S

    What NICs are you using that are supported by the rl(4) driver? I didn't think it supported any pci-e NICs.  :-\

    If 300ms is within your 'normal' range of latency you might have to tune the apinger parameters. Is think 200ms is the default setting for latency warnings.

    Steve

  • BIOS - No way of changing from Auto to LBA hence sata wont work

    Locked
    13
    0 Votes
    13 Posts
    5k Views
    G

    @wallabybob:

    Try a pfSense 2.1 snapshot build. It includes much more up to date device drivers than any of the pfSense 2.0.x builds.

    That did it!! Thanks!! I hope I dont miss any of the features of the stable release. This beta is going to a production environment…thanks again!

  • Problems when update to 2.0.2

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    P

    Hi,

    Just to report an upgrade problem : 2.0.1 + siproxy -> 2.0.2
    I have lost the DNS, as described in the release notes (PPPOE problem).
    But I have broken all the packaging system too. Siproxy was broken in the interface & not running.

    Revert to previous 2.0.1 & waiting for stable 2.0.3, as I don't have issues for my needs.

    If you are interested in, I have keep the update log file & the diff file from my previous user setup.

    Thanks for the good job.

    Phil

  • 147456 bytes writtenWrite error after 147456 bytes (8192)

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • 2.0.2 x86 upgrades - 1 issue [solved] - 1 note for pfBlocker users

    Locked
    8
    0 Votes
    8 Posts
    5k Views
    L

    @trunix:

    LinuxTracker - you may want to consider this nic if you have to purchase another pcmcia adapter in the future. I moved off realtek and onto this card based on the dc driver and it's been great.

    Appreciate the reply.
    Unfortunately the WAN adapter is giving me trouble right now and it's onboard.
    The notebook only has one PCMCIA slot and for whatever reason I don't like USB NICs.

    The location where this is has a newer notebook on hand; I'll just swap it out.
    That should put an end to this saga - or at least to this thread.

    @trunix:

    NETGEAR FA511 10/100Mbps PCMCIA Ethernet Adapter

    I was wondering what chipset was inside that card.
    It took me a while but I finally found a partial list of Netgear Chipsets
    http://tuto.netgear-forum.com/Documentation/Chipsets/

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.