Installing packages and speed tweaks

  • hello guys im kinda new to the whole freebsd world 
    on my personal computer i cal tweak the    sysctl.con    configuration    and now its faster  like

    fs.file-max = 5000000
    net.core.netdev_max_backlog = 400000
    net.core.optmem_max = 10000000
    net.core.rmem_default = 10000000
    net.core.rmem_max = 10000000
    net.core.somaxconn = 100000
    net.core.wmem_default = 10000000
    net.core.wmem_max = 10000000
    net.ipv4.conf.all.rp_filter = 1
    net.ipv4.conf.default.rp_filter = 1
    net.ipv4.ip_local_port_range = 1024 65535
    net.ipv4.tcp_congestion_control = bic
    net.ipv4.tcp_ecn = 0
    net.ipv4.tcp_max_syn_backlog = 12000
    net.ipv4.tcp_max_tw_buckets = 2000000
    net.ipv4.tcp_mem = 30000000 30000000 30000000
    net.ipv4.tcp_rmem = 30000000 30000000 30000000
    net.ipv4.tcp_sack = 1
    net.ipv4.tcp_syncookies = 0
    net.ipv4.tcp_timestamps = 1
    net.ipv4.tcp_wmem = 30000000 30000000 30000000   
    net.ipv4.tcp_fin_timeout = 30

    as an example
    second question is there anyway to install  nano  or aptitude or apt-get  via ssh ?

    i am a noob on pfsense you can laugh at me if you want :)  lol 
    but i wont know unless i ask    …............right? .....
    if i have been unclear in any way i appologize in advance  and thanks to everyone

  • Most tweaks you would do on a workstation are not applicable to a firewall, but tunables are at System, Advanced, System Tunables. You can use 'pkg install' for some packages. Again, most packages you would install on a workstation, you would not want on a firewall. Clarification: You can use 'pkg install nano' for some FreeBSD packages that are available in the repo. pfSense packages are managed via System, Package Manager in the gui…

  • ok cool  i've seen the tunables tab but i did not want to mess with anything that i didnt know about
    i am also having trouble understanding the port forwarding via nat
    i use metasplot alot over the web  then when i built the pfsense firewall  i couldnt figure out how to port forward
    i have read most of the forums and i think i got close to making it work one time  i went to diagnostics > test port
    and it said succeeded but i still could not connect my payload to the target

    i need an more simplistic explanation on how to portforward  on pfsense i know there's a bunch of them out there
    i think thats whats confusing me each of them is a little different

    i mean its nothing like port forwarding on a home router lol

    but i went to firewall > nat >  click the plus sign to add a new rule then on that page i select  > protocal as  tcp/udp
    then i select  destination port range  and choose what ports i want forwarded

    then on redirect target ip  i choose my local ip addr.  (example ifconfig  then wlan0's ip addr )
    ok then i choose  redirect target port  the port that i want forwarded

    then on description tab  name it whatever

    then  save it

    somebody told me to enable pure nat rflection
    also add nat reflection on the advanced > firewall nat page
    and to set outbound to manual

    idk lol its confusing me to death
    if someone could clarify what i am supose to do ( dumb it down for me please lol) 
    i would very much appreciate it 
    i want to port forward  ports 22 ,21 ,443,4444,80
    i thinks thats the most commaon ports anyways  but  thanks in advance

  • No idea what you are doing with metasploit, so I can't comment there.
    Reflection is only needed if you are trying to hit the public IP of a box on your local network. e.g.- you have a web server on the lan that local clients hit via a public IP.
    Port forwards are not that hard. A typical forward for a web server would go something like-
    IF WAN
    Proto TCP
    Dest WAN address
    Dest port HTTP
    Redirect target IP
    Redirect target port HTTP
    Description HTTP to web server

    Note that pfSense usually listens on TCP 443 (and maybe 22), so If you only have one IP, you'll need to change the webgui port to forward HTTPS to your WAN.

Log in to reply