@hax2021 said in SG-1000 issues pfSense 2.4.0-BETA:

Card did not respond to voltage select!

You saw https://docs.netgate.com/pfsense/en/latest/solutions/sg-1000/faq.html ?

If possible, check the SSD.

Contact support.

@clazmania Well, the ultimate fix was to re-image and restore the config...problem solved. Just in case anyone else has a similar issue.

@deuce I sent mine back under warranty and they reflashed the firmware and did some other things to it. They saw exactly what I had been experiencing (mine would continually restart during the reboot, meaning it never even got to the point of running).

Is it exactly 1 hour?

The black diamond LED flashing fast indicates it's booting. So the first thing I would be doing is checking the logs to see any any cause for a reboot has been recorded.
If nothing is there I would try hooking up the serial console and wait for it to next happen. The review the console log. Something might be shown there that the system is unable to log to the filesystem.

If it's already been re-installed though you should open a ticket with us about this.
Steve

@bmeeks

Thanks Thanks...
So update. Suricata and pfBlockNG has been disabled.

pfBlockerNG I might re-enable, by all the advise here, unlikely to enable Suricata again.

And it seems neither might have been the root cause, that it seems was a damaged modem,
Had the local Telco guy check the line, he came back, line's 100% but when he does test from his side against my modem it refuses to sync above 8Mbps... so the last bit of yesterday was to pull a old modem out of a box, configure it as per my network, where I was previously maxing out at 3/5-4Mbps I'm now getting 7-8 Mbps... so hoping he will enable my line for faster this morning and we will then get even better ...
I'm so waiting for the 200-300 Mbps fiber in January.
Will advise later when this has been done and what I found.
So far, thanks for comments.
G

@steveits Thanks for the quick reply!

You may well be able to script something. Or modify one of the existing scripts. It would be unsupported though. You would have to take care at firmware upgrade to ensure the scripts were replaced etc.

Steve

The ports on the 6100 are completely independent. The only way to make them work the way you describe is via bridging.

@nikolaosinlight Ok, I might have interrupted the crash dump gathering. Thank you.

Yeah, I used a Draytek V120 with ADSL for years. It just worked. When my last Huawei HG612 expires I might have to go to the V130. Unless FTTP has arrived by then. 🤞

Steve

pfSense is designed to be a web configured firewall. It's pretty much the reason it exists!

You could block access to the webgui on every interface and just use links at the console directly:

Screenshot from 2021-11-20 15-11-02.png

It's pretty inconvenient though for the security it gets you.

At some point int the future this might become a more practical option as we move functionality out of the front end.

Steve

@stephenw10 thanks Stephen, my idea is just to have a 100% safe laptop/PC only to access the router. I don't think you need to be connected to the net to login/configure the router(?)

I'm also looking at Linux & physically removing the wifi/bluetooth capabilities. Or even OpenBSD/FreeBSD OS... Thanks Tails may be going too far for me, but I will need to understand it better. Hopefully a VPN will be enough to stop them acquiring my IP.

Anyhow, I think I'm started to understand enough to know that I am going to give the Netgate 6100 / PFSense a go - then add additional security measures on top.

Just some last Qs, since all this networking lark requires a fair bit of knowledge, and is therefore easy to mess things up in configuration -

Would I be able to get someone from your support to screenshot me the [100%] correct setup/configurations for whatever I decided to go with in terms of devices/clients and addons such as pfBlockerNG-Devel?

Am I going to need a separate switch to do VLANs?

Should I add Squid / ACLs for extra security? If possible, can briefly explain how ACLs will help (I can't figure it out with VLANs & whether it's necessary).

Thank you very much!

@steveits thank you for the reply, I had thought about setting it up with the double nat, its how my current system is, mostly because i was being lazy. I am getting ready to buy some security cameras and was thinking it would be wise to create an IOT ssid and segregate it off with vlans and I am not sure that would work very well with a double nat type setup.

Excellent! 👍

You can still get in if the console is password protected, it's just trickier.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html

@stephenw10 : also, how can I be 100% certain that the plug polarity required is as follows?

Barrel / conductor / outside: minus
Tip (inside): plus

This is the most common plug type but if it’s reversed I may damage the unit.

Thanks,
Pete

[edit: never mind that, it's written on the bottom of the device]

Applying a change by playing back a php shell script is the same as editing it in the GUI. Assuming the script is correct!
Both those things apply changes via the etherswitchcfg command. So, yes, I'd expect the behaviour to be the same at the time of the change.

Steve

Hmm, not that then. You can remove that cron-job if you don't have Squid installed.

Hard to say what that might have been then. You'd have to check the process list while it was stuck, after restring the config.

Steve