Behind another firewall
-
If it is working, you don't need to do anything. I didn't think that VLAN ids would be kept intact when passing over the bridge much less be able to see any subnets in it. If you remove a VLAN subnet from your alias, does that VLAN no longer work? how is your network connected?
-
when i removed one VLAN subnet on my aliase. and i use that VLAN port on my Layaer 2 switch, icant ping my pfsense, my zywall even i cant get ip from dhcp server..
-
This would mean that filtering is working as expected. Just install the packages you want and configure them to allow all your subnets. Once everything is working, you can start restricting if you want.
-
In this st up I want to limit download and upload in my network,, example i want to limit download and upload in VLAN 2 with the network of 192.168.1.1/24, how can i dothis
thanks,, -
You can do this with limiter, traffic shaper, or squid … The best way depends on what you want to limit as in, all traffic, traffic on certain ports, or just web based download and upload. I am most familiar with the shaper and you can do this with that using a penalty setup. Just run the wizard and when you see penalty ip, put in the entire VLAN2 subnet. You can then create other penalty queues for other subnets. If you want to just have a physical cap, you would use the limiter, but I am not sure how to set that up as I have never used it. (Something for me to learn soon)
-
sir how can i use transparent proxy in transparent bridge mode
thankas,,,
-
I have not done this before, but I would speculate that you just need to install squid3, set is to listen on WAN and LAN, and check the option to be transparent.
-
ok sir thank I'll try the squid3..
-
how to use this squid3 sir?
-
Where are you having trouble? Perhaps some questions. Search, there is probably a doc or a forum write up for a simple starter config.
-
hi si this is what i get in my setup using squid3, i cant access my pfsense box,
 -
Well to get back into your gui, ssh or get to a console and do this:
pgrep -fl proxy_monitor
<get the="" process="" id=""># pgrep -fl squid
<get this="" process="" id="" also=""># kill -9 <proxy_monitory process="" ids=""># kill -9 <squid process="" ids="">This should stop squid and stop it from restarting. You should be able to get to your GUI to remove the package or change the config to only listen on the bridge interface. Does the bridge have an IP address? If not, then it will probably not work.</squid></proxy_monitory></get></get> -
hi sir, my PFSense box is on transparent bridge mode. where LAN and WAN is set to none and the only interface that has an IP was the OPT1 (192.168.0.2) where I assign the bridge.
Where can I put this command sir what option will i use?
thanks,
-
Sir can i send to you my backup config so that you can see it with or to your test machine?
-
hi sir, my PFSense box is on transparent bridge mode. where LAN and WAN is set to none and the only interface that has an IP was the OPT1 (192.168.0.2) where I assign the bridge.
Where can I put this command sir what option will i use?
thanks,
There are a couple of places. You can get on the console with a keyboard or you can enable ssh and do it remotely in a ssh console session.
Squid is a proxy and as such is going to need an IP address. The processes goes PC -> LAN -> localhost proxy -> WAN -> remote server. Since the proxy is running on localhost, is going to need some translation and that is going to require an IP address. If you don't have an extra one, then you are not going to be able to use a proxy service.
-
I cant get what are you saying sir,
-
Do u mean i will provide an extra IP for my proxy server, not the existing IP of OPT1,
-
Yes, This is because of how squid works. It is the man in the middle, as in it communicates to remote servers on behalf of the system it is protecting. If you have a fast internet with no caps, it is really not necessary, unless you are using it to block access to certain websites.
-
In what interface can I assign my new IP?
-
OPT1 or WAN, you just have to create a NAT rule for 127.0.0.1 to use on the outbound NAT.