Basic firewalling rule



  • Hi,
          i did try to follow some tutorials online and browsing the various threads, unfortunately some of them it's showing options which aren't present in my version of pfSense (2.02) and i can't let other pc's connected through the wireless lan to access the web, i created a passthrough rule for the mac address of the machine having access to the pfSense interface, but everytime i switch on the captive portal, they get blocked.
    What needs to be changed and/or added to do that ???



  • pfSense 2.0.2 is ancient (December 2012). You should seriously consider upgrading to 2.2.4.

    There is likely to be little interest in supporting someone running such an old release.

    It would also help if you gave more information on what you are doing - what rule have you created where, and what do you expect it to do?



  • I made many rules to test with, but none worked as expected, so i erased them all apart from the 2 pass rules that comes as default.
    Basically everytime that i click to go on the next page, i get bounced back to the portal's page, i would only be able to browse the web once i click instead to be taken back everytime to the same place.


  • LAYER 8 Netgate

    With a captive portal you have two sets of rules.  The interface rules and the portal rules.

    First thing you need to do is upgrade to 2.2.4 or, barring that, 2.1.5.



  • @Derelict:

    First thing you need to do is upgrade to 2.2.4

    I kept on purpose this version as i had it working perfectly in the past, and it also worried me the chance that maybe some of the additional packages would no longer be supported by the new version.
    Is it worth to upgrade or will i end up in a whole lot of new nightmares ?


  • LAYER 8 Netgate

    You will get no support for 2.0.2. Nobody cares. Upgrade.

    Maintaining a firewall, or any IT system, is sometimes work. Sometimes that work is significant. The longer it it put off the more significant it gets.


  • LAYER 8 Global Moderator

    "I kept on purpose this version as i had it working perfectly in the past"

    While the its not broke don't fix it mentality might fly for some isolated application, its not really good idea not to patch your security systems!!!  As there will be enhanced security, fixes to exploits discovered, etc.  Just plain enhancements and new features to make your job easier..

    What packages are you using that are so important as to not upgrade your security device??



  • @johnpoz:

    Just plain enhancements and new features to make your job easier..

    What packages are you using that are so important as to not upgrade your security device??

    That sounds inviting, as the sistem it's already very complicated for people without an appropriate techie's background.
    The machine i am using it's an old 386, security it's not a big concern for me, apart from some sort of "insurance" that a package as "Squid" can give me in case someone misbehave, i would also like to do some experiments with Asterisk in the future.
    I might give it a go tomorrow, ohh wait a minute, i can't see a section from where i can download again the version i am currently using in case the worse happen, where is it?


  • LAYER 8 Global Moderator

    old 386???  Your joking right?

    Every mirror should have all the old releases going back to 1 even..
    http://files.nyi.pfsense.org/mirror/downloads/old/

    As to someone misbehave - this is in production/work setup??  Or you mean like your 13 year old visiting porn when he is not suppose too in a home setup?



  • @johnpoz:

    old 386???  Your joking right?

    Nope, why should i? Just recycled an old machine and it worked out very nicely, then i had to put it aside because of some problems and now i switched it on again, but i had to reset to factory default because i couldn't worked out a few things.
    Will the new version be okay into an old machine?

    The setup it's not work/production, just giving free wi-fi access to the neighbourood.


  • LAYER 8 Global Moderator

    A 386, do you mean you installed the i386 (32bit) version of pfsense??  If your computer is really a 386 your talking circa 1985, 30 years ago.. I find it highly unlikely any computer that old would still be running..  Even in the shittiest of 3rd world countries I highly doubt they would be using it..  Maybe a museum??



  • Free wifi access for a whole neighbourhood via an i386? Well, they're getting what they paid for, anyway. Is this a remote mountain village in Afghanistan by any chance?



  • @johnpoz:

    A 386, do you mean you installed the i386 (32bit) version of pfsense??

    The Pc is between 15 and 20 y.o.

    Yes i think that's the correct version of pfSense.



  • @muswellhillbilly:

    Free wifi access for a whole neighbourhood via an i386? Well, they're getting what they paid for, anyway. Is this a remote mountain village in Afghanistan by any chance?

    Ah ahh you'r a funny guy, for your information there are plenty of areas in the so called "evoluted world" where even an adsl internet's connection it's not yet available.
    However it's a (not so) remote part of Asia and i had to made a personal investment on a telecom's mast to be able to navigate the web at a decent speed and read your posts Muswellhillbilly….


  • LAYER 8 Global Moderator

    Even if it was 20 years old it would not be a 386…  386 were 30 Years ago.. 20 years ago your talking a 90mhz Pent..  Which I doubt pfsense would run on.. Dude pfsense didn't come out until near end of 2004, 3Ghz Pent 4 were this time frame..  That your saying your running it on hardware 20 years before pfsense even came out it is just pure utter NONSENSE..  Freebsd didn't even come out until 1994, 10 years after the hardware your saying your running it on..

    How and the hell are you running anything for anyone when you don't even know what computer your running it on??  Lets say it was 15 years old.. You would have better performance taking a wrt54G that came out in 2002 and putting it on a pole..

    I don't care if your in the depths of some jungle in the congo or some remote island in the middle of the pacific - there is NO FREAKING way you running pfsense on a 386...  Sorry your just not, not even version 1.01



  • @johnpoz:

    How and the hell are you running anything for anyone when you don't even know what computer your running it on??

    Dear, calm down a bit, did you skip your meds or what? Sometime you just have to believe in "magic" you know?
    It worked in the past, so why shouldn't now?
    Anyway, i kind of lost interest in trying to find a solutions asking here, honestly, i would have been more than happy if someone would have suggested a work around for this firewalling issue, however that seems to be a bit to much to ask for, i tell you what, just don't bother, i might have better luck asking in some other place about pfSense rather than trying here….enjoy.


Log in to reply