Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Installing packages and speed tweaks

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      datajumper
      last edited by

      hello guys im kinda new to the whole freebsd world 
      on my personal computer i cal tweak the    sysctl.con    configuration    and now its faster  like

      fs.file-max = 5000000
      net.core.netdev_max_backlog = 400000
      net.core.optmem_max = 10000000
      net.core.rmem_default = 10000000
      net.core.rmem_max = 10000000
      net.core.somaxconn = 100000
      net.core.wmem_default = 10000000
      net.core.wmem_max = 10000000
      net.ipv4.conf.all.rp_filter = 1
      net.ipv4.conf.default.rp_filter = 1
      net.ipv4.ip_local_port_range = 1024 65535
      net.ipv4.tcp_congestion_control = bic
      net.ipv4.tcp_ecn = 0
      net.ipv4.tcp_max_syn_backlog = 12000
      net.ipv4.tcp_max_tw_buckets = 2000000
      net.ipv4.tcp_mem = 30000000 30000000 30000000
      net.ipv4.tcp_rmem = 30000000 30000000 30000000
      net.ipv4.tcp_sack = 1
      net.ipv4.tcp_syncookies = 0
      net.ipv4.tcp_timestamps = 1
      net.ipv4.tcp_wmem = 30000000 30000000 30000000   
      net.ipv4.tcp_fin_timeout = 30

      as an example
      second question is there anyway to install  nano  or aptitude or apt-get  via ssh ?

      i am a noob on pfsense you can laugh at me if you want :)  lol 
      but i wont know unless i ask    …............right? .....
      if i have been unclear in any way i appologize in advance  and thanks to everyone

      1 Reply Last reply Reply Quote 0
      • dotdashD Offline
        dotdash
        last edited by

        Most tweaks you would do on a workstation are not applicable to a firewall, but tunables are at System, Advanced, System Tunables. You can use 'pkg install' for some packages. Again, most packages you would install on a workstation, you would not want on a firewall. Clarification: You can use 'pkg install nano' for some FreeBSD packages that are available in the repo. pfSense packages are managed via System, Package Manager in the gui…

        1 Reply Last reply Reply Quote 0
        • D Offline
          datajumper
          last edited by

          ok cool  i've seen the tunables tab but i did not want to mess with anything that i didnt know about
          i am also having trouble understanding the port forwarding via nat
          i use metasplot alot over the web  then when i built the pfsense firewall  i couldnt figure out how to port forward
          i have read most of the forums and i think i got close to making it work one time  i went to diagnostics > test port
          and it said succeeded but i still could not connect my payload to the target

          i need an more simplistic explanation on how to portforward  on pfsense i know there's a bunch of them out there
          i think thats whats confusing me each of them is a little different

          i mean its nothing like port forwarding on a home router lol

          but i went to firewall > nat >  click the plus sign to add a new rule then on that page i select  > protocal as  tcp/udp
          then i select  destination port range  and choose what ports i want forwarded

          then on redirect target ip  i choose my local ip addr.  (example ifconfig  then wlan0's ip addr 192.168.1.104 )
          ok then i choose  redirect target port  the port that i want forwarded

          then on description tab  name it whatever

          then  save it

          somebody told me to enable pure nat rflection
          also add nat reflection on the advanced > firewall nat page
          and to set outbound to manual

          idk lol its confusing me to death
          if someone could clarify what i am supose to do ( dumb it down for me please lol) 
          i would very much appreciate it 
          i want to port forward  ports 22 ,21 ,443,4444,80
          i thinks thats the most commaon ports anyways  but  thanks in advance

          1 Reply Last reply Reply Quote 0
          • dotdashD Offline
            dotdash
            last edited by

            No idea what you are doing with metasploit, so I can't comment there.
            Reflection is only needed if you are trying to hit the public IP of a box on your local network. e.g.- you have a web server on the lan that local clients hit via a public IP.
            Port forwards are not that hard. A typical forward for a web server would go something like-
            IF WAN
            Proto TCP
            Dest WAN address
            Dest port HTTP
            Redirect target IP 192.168.1.100
            Redirect target port HTTP
            Description HTTP to web server

            Note that pfSense usually listens on TCP 443 (and maybe 22), so If you only have one IP, you'll need to change the webgui port to forward HTTPS to your WAN.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.