• 0 Votes
    1 Posts
    837 Views
    No one has replied
  • 0 Votes
    3 Posts
    4k Views

    Thanks for you help pfSense 2.1 solved the problems :)

  • 0 Votes
    5 Posts
    2k Views

    I have VLAN isolated VAP's working in Atheros DD-WRT. Never could get them working in Broadcom DD-WRT. I strongly recommend just buying an AP made for this. Right now, I'm recommending the EnGenius EAP-600.

  • 0 Votes
    4 Posts
    2k Views

    @stephenw10:

    Edit: Some Googling has shown that the Cyrix M2 333 actually ran at 250MHz! 333 was just a rating relative to a P100.

    Yeah, I had the earlier P150+ that was rated to run at 120MHz.  It was so unstable at that speed, however, that we ended up clocking them down to 90MHz.  I ended up with 2 of them, back then.  They were pretty worthless for much of anything desktop related, but once they were clocked down they were perfectly stable.  They became a pair of DNS servers for our super-small colo we built back then.

  • 0 Votes
    4 Posts
    18k Views

    finally got server to show green on zabbix agent & snmp on status. Below are my configs

    pfsense zabbix_agentd.conf
    –--------------------------
    LogFile=/tmp/zabbix_agentd.log
    Server=192.168.56.101
    Hostname=router

    zabbix server

    Server=localhost,zabbix
    Hostname=Zabbix Server
    StartAgents=5
    DebugLevel=3
    PidFile=/var/run/zabbix-agent/zabbix_agentd.pid
    LogFile=/var/log/zabbix-agent/zabbix_agentd.log
    Timeout=3

    note:

    -i'm connecting trough IP, hence Hostname are based on host setting at zabbix interface
    -i add entry on /etc/hosts for zabbix hostname of zabbix server
    -templates used on pfsense host Template_SNMPv2_Device & Template_pfSense

  • Problems installing and problems

    Locked Feb 14, 2013, 1:32 AM
    0 Votes
    8 Posts
    2k Views

    em1 is your LAN interface, yes?
    It has an IP of 10.1.10.1/24 which is inside the RFC1918 private IPv4 address space. Hence if you have 'block private networks' checked pfSense will block packets initiating connections coming from the LAN subnet.

    You are not opening anything to attack by unchecking these on your LAN interface. By unchecking these on WAN you are no longer specifically blocking these things on that interface. However you are still not opening up the WAN interface to packets from the WAN side because everything is blocked by default anyway. You would have to put in specific allow rules on WAN to open it. In your case the WAN interface is in a private network so you probably should have it unchecked.

    Steve

  • 0 Votes
    1 Posts
    721 Views
    No one has replied
  • 0 Votes
    3 Posts
    1k Views

    Thanks its up now. Sorry for the late response have to sleep after 18 hours of work… :)

  • MOVED: VM Tools Problems

    Locked Feb 15, 2013, 9:22 PM
    0 Votes
    1 Posts
    762 Views
    No one has replied
  • 0 Votes
    5 Posts
    2k Views

    @cmb:

    You definitely can use Squid and Squidguard on embedded, many people do.

    Thanks. I'll investigate but it looks like the blocklist itself must be loaded on the ramdisk (modifying the configuration files to access it from the CF wasn't successful according to some forum posts) and the default one are oversized for 512Mo RAM.

  • 0 Votes
    3 Posts
    3k Views

    Almost impossible to do this. Certainly that would be impractical.
    There is too greater difference between pfSense and FreeBSD to simply lay in on top.

    Steve

  • Which dist should I download?

    Locked Feb 13, 2013, 1:50 AM
    0 Votes
    7 Posts
    2k Views

    are you going to be installing to hard drive?  If so then no you wouldn't use a nanbsd/embedded image

    have you looked at
    http://www.pfsense.org/index.php?option=com_content&task=view&id=43&Itemid=44

    This goes over all the different versions

    example
    Embedded (NanoBSD)
    The embedded version is specifically tailored for use with any hardware using Compact Flash rather than a hard drive.

    Architectures
    Starting with pfSense 2.0, there are versions for both i386 (32-bit) and amd64 (64-bit) architectures. This architecture is noted in each of the filenames for download. If you are unsure which version to use, then use i386. It is the most mature and well-tested architecture, and it will work on both 32-bit and 64-bit capable systems. The amd64 architecture (which does work even on Intel 64-bit CPUs) can address more memory and may have other performance advantages, but requires a compatible CPU.

    Now with that 8GB ram you have - if you want to have full use of that 64bit should be used.  But 8GB seems a bit high for a pfsense box..  Are you planning on running stuff like squid and snort, ntop, etc.?

  • 0 Votes
    1 Posts
    770 Views
    No one has replied
  • 0 Votes
    7 Posts
    3k Views

    I've had a default installation of snort take out the entire network.  Even after uninstall the box is down.  Snort's FW block rules are time-based and persist even after uninstallation.  I'm not sure if this is a fact, but it was the root cause for my non-routing box.  I had to reinstall snort, remove all of the rules, purge the block list, and then uninstall for routing to work again.  I've learned the hard way that snort is not 100% out of the box "set and forget" friendly.  Add one rule at a time and review the logs.  Lots of people take out their network thinking snort is "set and forget".

  • 0 Votes
    10 Posts
    5k Views

    Hi All,

    Thanks all on your comments and efforts to help me, My specific issue was to create a router with pfSense and to set it up as a virtual machine inside a windows machine, windows machine is also virtual , A nested virtual machine. The system I have established is for testing an application.
    Finally I decided to install pfsense on a stand alone machine of course virtual , So I set up my pfSense machine as a router between two virtual switches inside ESxi.

    Now my next challenge is how to set up different NAT types…(asymmetric, Port-restricted)....
    Any suggestions?

    Thanks In Advanced.

  • Cannot access Router/Internet

    Locked Feb 10, 2013, 10:08 AM
    0 Votes
    6 Posts
    3k Views

    Ok, many thanks, it works now!
    I don't know why, but as soon as I set up the static route again, it worked. Even the Zyxel does NAT, the route was obviously necessary!

  • 0 Votes
    9 Posts
    4k Views

    @verbal:

    As I mentioned above, does that mean that if I have LAN2 and LAN3 as different subnets, do I have to create separate block/pass rules that match for them?

    If you have many internal subnets and you want to block access to any of them from the DMZ you have a few choices.
    As I said by default everything is blocked. If you add a new interface but don't put any firewall rules on it the only that will be allowed is DHCP (assuming you have set a dhcp server on it). The only exception to this is the LAN interface which has some rules added by default as you can see.

    You could add BLOCK rules that have destination LAN* subnet at the top of the list. Traffic coming into the interface will be matched against one of these if is for a local LAN. Once it has matched it will be blocked, no further action is taken on that packet. Then add a rule below the block rules to allow out any traffic you wish to allow.

    I have 11 subnets on my home box and adding 10 block rules on an interface is time consuming and makes the firewall rules table harder to read. Instead I have created an ALIAS that contains all my local subnets in a list, I called it LOCAL.
    Then I have a single firewall rule that is ALLOW traffic with destination 'not LOCAL'. Much easier to read but doing just that does not allow traffic to the local DNS forwarder, even on the same interface. So I have an additional rule ALLOW traffic with destination LAN(whichever interface this is) subnet on port 53.
    I use this on a guest wifi interface. Doing this does not block traffic to the pfSense webgui listening on the WAN so you must add a block rule or add it to the ALIAS if you don't want this.

    Steve

    wifi2rules.jpg
    wifi2rules.jpg_thumb

  • 0 Votes
    2 Posts
    1k Views

    Every release's release notes contain the changes since the last stable release, that's the differences between 2.0.1 and 2.0.2. It does technically "upgrade" the OS because of some security fixes to components within FreeBSD, but it's strictly those security fixes, it's not a completely different version. Still 8.1.

  • 0 Votes
    1 Posts
    846 Views
    No one has replied
  • 0 Votes
    11 Posts
    3k Views

    If the "192.168.2.x router" does do NAT the static route won't be necessary but won't do any harm.

    If the "192.168.2.x router" doesn't do NAT the static route will be necessary (but may not be sufficient).  Just add the static route.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.