Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - watts3000

Pages: [1] 2 3
General Questions / Re: openvpn or ipsec vpn tunnel
« on: March 06, 2018, 10:29:46 am »
Also I forgot to mention I am working with dynamic IP addresses. Do I need to configure dynamic DNS before doing the IPSEC tunnel?

General Questions / openvpn or ipsec vpn tunnel
« on: March 06, 2018, 08:38:31 am »
Guys I have an interesting request from my parents. I have installed a PFsense box at there home I also have a Pfsense box installed at there lake house. At home they use Kodi for watching OTA TV and for playing back my fathers huge DVD/Bluray collection. There main home has a 1gig ATT fiber connection at the lake they have a 50 meg internet connection. They want to be able to access there media content while at the lake. So in order to accomplish this what type of tunnel would you guys suggest openvpn or IPSEC? I have played around with OpenVPN but I don't know much about IPSEC. I guess I'm looking for the pros and cons of each type.

Cache/Proxy / send squid traffic to a differnet gateway
« on: January 12, 2018, 04:21:38 pm »
I have a connected my PF to a couple Private Internet Access tunnels. I would like for Squid to use my PIA gateway instead of the regular system gateway.  So any help would be appreciated.

General Questions / routing traffic with squid
« on: March 07, 2017, 02:04:28 pm »
I have configured a vpn tunnel connecting to private internet access all of that works fine. However, I would like to be able to use Squid as a proxy and direct squids traffic through the vpn tunnel. Can someone tell me if this is possible or how to approach?

Firewalling / Re: can't block DNS request for a specific client
« on: March 07, 2017, 02:00:00 pm »
doktornotor is correct if I define dns servers for example google dns the rule works. My problem is the dns queries are sent to an internal dns server than that server is configured with forwarders out to opendns.

Firewalling / Re: can't block DNS request for a specific client
« on: March 07, 2017, 09:14:24 am »
Not following you on non matching alias. I configured a basic alias for example alias name is BOB I than added IP address of the workstation in question As stated this same alias has zero problems with http traffic I just find it weird.

Firewalling / Re: can't block DNS request for a specific client
« on: March 07, 2017, 08:26:37 am »
I actually had tcp/udp there before and it still did not work. I even flushed the state table and still nothing. As I stated other protocols work just not dns.

Firewalling / Re: can't block DNS request for a specific client
« on: March 07, 2017, 06:28:30 am »
Check out the link

Firewalling / can't block DNS request for a specific client
« on: March 07, 2017, 06:11:30 am »
I need to be able to block DNS for a specific client on my network. I have created an alias for that client however when I try to block DNS request using the alias nothing is blocked. However, if I change the protocol to http or https it gets blocked. So my question is how do I block DNS for a specific client?

Cache/Proxy / Re: squid and active directory
« on: January 22, 2016, 01:20:04 pm »
I think this can be integrated into AD using Keberos, Winbind, and Samba. I am doing research on this now I will post back what I find out.   I wonder can I install these packages on Pfsense or is it just best to build a CentOS server.

Cache/Proxy / Re: squid and active directory
« on: January 21, 2016, 02:05:36 pm »
C0RR0SIVE I am going to configure a test virtual machine to see if I can get this to work. However, believe me users are not going to be happy when they have to log in it has to be integrated.

Cache/Proxy / Re: squid and active directory
« on: January 21, 2016, 04:22:01 am »
You are suggesting to configure filter rules by ip address range. Filtering by IP is ok but if you have an AD configuration being able to do this by user name and group is a lot more flexible.  In our work environment we accomplish these task by using Websense which is now being replaced by Palo Alto. I know sophos can do this I have a Sophos test box setting under my desk. However, Sophos feels slow so that's why I'm looking at PF.

Cache/Proxy / squid and active directory
« on: January 19, 2016, 05:55:02 pm »
I would like to know has anyone here integrated Squid Proxy with Active Directory? I am interested in using Pfsense for filtering however being able to filter by user name or user groups is really a big deal. Anyway if you have accomplished this please let me know.

General Questions / Re: Deployment methods for VPN users?
« on: March 03, 2015, 02:56:09 pm »
I am curious why do you want to replace SSTP? Are you having some technical problems. Or do you want to replace it just because it's Microsoft we run SSTP and L2TP and have zero problems.

General Questions / Re: Cable modem DHCP Pfsense and ESXI
« on: March 03, 2015, 02:07:11 pm »
I have ran Pfsense in a few different modes namely virtual guest tagging and virtual switch tagging. When I was running virtual guest tagging I did use tag 4096 that way all tagging was handled by Pfsense directly. I don't remember if I had this problem when letting PF handle the tagging. Now when I went to using virtual switch tagging. I had a port group coming off the vswitch with my wan vlan tag thats when I started having problems where PF could not pick up a wan iP without rebooting several times. So I than switched to using a dedicated vswitch for the wan with no trunking.

Pages: [1] 2 3