Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help ….

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elshentenawy
      last edited by

      hello everyone
      (""sorry for my poor English"")
      actually I have a small wired  network working with mikrotik 
      I was thinking to try anther server such as pfsense
      I don't know if It's better than mikrotik OR not but any way I want to give it a try
      I wanne ask if I can do these thing with using this server

      1/ adding a client with specific mac and IP
      2/ merging 2 ISP lines to gether
      3/ limit clients internet speed
      4/ disable spoofing programs such as (netcut…..etc)
      5/what about MAC Vulnerability

      sorry I'm a beginner in networking
      I just want do the basics setting to run the server
      don't want these complicated  nomenclature  :(
      just basic stuff and ThanQ any way

      1 Reply Last reply Reply Quote 0
      • E
        elshentenawy
        last edited by

        well ….
                Is there is any Thing wrong with my question  ..
                          can Any body explain Please ..

        1 Reply Last reply Reply Quote 0
        • E
          elshentenawy
          last edited by

          views views and no replies  :))

          Is there is any thing wrong with my question

          I just need to limit Users speed + merging 2 or more ISP Connection .

          that's all just very basic to run the Pfsense and then I'll try other functions ??

          that's all  can any one tell me how to do it Please !!

          I'll be very grateful ..

          1 Reply Last reply Reply Quote 0
          • D
            dvserg
            last edited by

            Looking here wiki, examples and tutorials http://www.pfsense.org/index.php?option=com_content&task=view&id=50&Itemid=78

            SquidGuardDoc EN  RU Tutorial
            Localization ru_PFSense

            1 Reply Last reply Reply Quote 0
            • E
              elshentenawy
              last edited by

              sure man I have such Book explain every thing but the problem IS  I don't understand I think it is complicated  :))

              1 Reply Last reply Reply Quote 0
              • D
                dvserg
                last edited by

                @elshentenawy:

                sure man I have such Book explain every thing but the problem IS  I don't understand I think it is complicated  :))

                If it is difficult for you, try looking through commercial support https://portal.pfsense.org/

                SquidGuardDoc EN  RU Tutorial
                Localization ru_PFSense

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  1. You mean static DHCP leases? Yes.
                  2. Multi-WAN load balancing. Yes.
                  3. Yes, there are multiple traffic shaping options.
                  4. Not too sure you can do much about that at the router. Arpwatch maybe?
                  5. I don't know what you mean by this. You're the second person asking about 'mac vulnerability' coming from Mikrotik is it a recent development?

                  Hope this helps you a little.

                  Steve

                  Edit: My mistake you're the same person!

                  1 Reply Last reply Reply Quote 0
                  • D
                    dhatz
                    last edited by

                    @elshentenawy:

                    I wanne ask if I can do these thing with using this server

                    1/ adding a client with specific mac and IP
                    2/ merging 2 ISP lines to gether
                    3/ limit clients internet speed
                    4/ disable spoofing programs such as (netcut…..etc)
                    5/what about MAC Vulnerability

                    1/ yes
                    2/ yes
                    3/ yes (traffic shaper)
                    4/ no - can't be done in router, you need appropriate functionality in your managed switch
                    5/ ??? what is it?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm after more reading.
                      4. Netcut is a tool that performs an arp spoofing attack on local subnet machines that redirects traffic intended for the subnet gateway into a black hole.
                      Using Arpwatch, for which there is a pfSense package, you could see who on the network is doing this and then physically disconnect them / beat them with a stick etc!  :P

                      I'm not sure whether or not there might be tool to detect ARP spoofing automatically but even if there was there's not much you can do about it at the router other than logging.  :-\ Anyone?

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • E
                        elshentenawy
                        last edited by

                        well thanQ for answering my questions

                        well if the server cann't disable spoofing this makes quit abig problem for me actually
                        what is manged switch ?? how can I get one ,,,,
                        "MAC Vulnerability" is mikrotik weakness point using it people on your network can access any others accouns

                        1 Reply Last reply Reply Quote 0
                        • stephenw10S
                          stephenw10 Netgate Administrator
                          last edited by

                          Do you have a big problem with arp spoofing then? What sort of network are you using this in?

                          @http://en.wikipedia.org/wiki/Network_switch#Configuration_options:

                          Managed switches — These switches have one or more methods to modify the operation of the switch

                          You can connect to the switch configure it for your network. Typically you might use VLANs or QoS options.
                          Some such switched have:

                          MAC filtering and other types of "port security" features which prevent MAC flooding

                          In order to prevent an arp spoofing attack you need to stop a malicious client machine sending out arp packets announcing that the gateway IP has changed MAC address. Or at least prevent those packets reaching your other clients. The only way to do this is at layer 2, typically the switch. You set the switch to filter and arp announcements for the gateway IP other than the correct MAC which you have set.

                          I'm still not sure what you mean by MAC Vulnerability. Do you have a link to the Mikrotik forum explaining it? It sounds like possibly you are referring to a paid access captive portal arrangement. Clients spoof their MAC address in order to get access that someone alse has paid for. Is that it?

                          Steve

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.