Installing packages and speed tweaks
-
hello guys im kinda new to the whole freebsd world
on my personal computer i cal tweak the sysctl.con configuration and now its faster likefs.file-max = 5000000
net.core.netdev_max_backlog = 400000
net.core.optmem_max = 10000000
net.core.rmem_default = 10000000
net.core.rmem_max = 10000000
net.core.somaxconn = 100000
net.core.wmem_default = 10000000
net.core.wmem_max = 10000000
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_congestion_control = bic
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_max_syn_backlog = 12000
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_mem = 30000000 30000000 30000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_wmem = 30000000 30000000 30000000
net.ipv4.tcp_fin_timeout = 30as an example
second question is there anyway to install nano or aptitude or apt-get via ssh ?i am a noob on pfsense you can laugh at me if you want :) lol
but i wont know unless i ask …............right? .....
if i have been unclear in any way i appologize in advance and thanks to everyone -
Most tweaks you would do on a workstation are not applicable to a firewall, but tunables are at System, Advanced, System Tunables. You can use 'pkg install' for some packages. Again, most packages you would install on a workstation, you would not want on a firewall. Clarification: You can use 'pkg install nano' for some FreeBSD packages that are available in the repo. pfSense packages are managed via System, Package Manager in the gui…
-
ok cool i've seen the tunables tab but i did not want to mess with anything that i didnt know about
i am also having trouble understanding the port forwarding via nat
i use metasplot alot over the web then when i built the pfsense firewall i couldnt figure out how to port forward
i have read most of the forums and i think i got close to making it work one time i went to diagnostics > test port
and it said succeeded but i still could not connect my payload to the targeti need an more simplistic explanation on how to portforward on pfsense i know there's a bunch of them out there
i think thats whats confusing me each of them is a little differenti mean its nothing like port forwarding on a home router lol
but i went to firewall > nat > click the plus sign to add a new rule then on that page i select > protocal as tcp/udp
then i select destination port range and choose what ports i want forwardedthen on redirect target ip i choose my local ip addr. (example ifconfig then wlan0's ip addr 192.168.1.104 )
ok then i choose redirect target port the port that i want forwardedthen on description tab name it whatever
then save it
somebody told me to enable pure nat rflection
also add nat reflection on the advanced > firewall nat page
and to set outbound to manualidk lol its confusing me to death
if someone could clarify what i am supose to do ( dumb it down for me please lol)
i would very much appreciate it
i want to port forward ports 22 ,21 ,443,4444,80
i thinks thats the most commaon ports anyways but thanks in advance -
No idea what you are doing with metasploit, so I can't comment there.
Reflection is only needed if you are trying to hit the public IP of a box on your local network. e.g.- you have a web server on the lan that local clients hit via a public IP.
Port forwards are not that hard. A typical forward for a web server would go something like-
IF WAN
Proto TCP
Dest WAN address
Dest port HTTP
Redirect target IP 192.168.1.100
Redirect target port HTTP
Description HTTP to web serverNote that pfSense usually listens on TCP 443 (and maybe 22), so If you only have one IP, you'll need to change the webgui port to forward HTTPS to your WAN.
