Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - KOM

Pages: [1] 2 3 4 5 ... 361
1
Traffic Shaping / Re: Bandwidth limit on a interface
« on: Today at 08:15:47 pm »
Quote
Is the 2MB for the entire interface or is it for each individual device?

It depends on how you configure it.

I found this helpful:

https://www.reddit.com/r/PFSENSE/comments/3e67dk/flexible_vs_fixed_limiters_troubleshooting_with/

2
Firewalling / Re: Block external access to office IP adddress
« on: December 08, 2017, 11:19:50 am »
A port-forward is a NAT rule plus a firewall rule.  To restrict access to your NAT, simply specify proper sources.  Create an alias and then fill it with the IP addresses you want to allow, then use that alias as the Source on your WAN firewall rule.

3
Firewalling / Re: WAN out blocked TCP:a TCP:PA
« on: December 08, 2017, 11:17:11 am »
Are you experiencing any problems, or are you just concerned about log spam?  Blocked ACKs on an open interface are usually indicative of out of state traffic.

https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

If they really bug you, you can craft rules without logging that will not report those.

4
Firewalling / Re: Firewall rule not blocking
« on: December 07, 2017, 03:00:27 pm »
Glad to help.

5
Firewalling / Re: Firewall rule not blocking
« on: December 07, 2017, 01:01:59 pm »
That's a redirect to squid web proxy which listens on tcp/3128.

6
Firewalling / Re: Firewall rule not blocking
« on: December 07, 2017, 09:57:42 am »
Those rules should block WWW traffic on that interface.  Are you sure you're on the interface and not some other VLAN?

7
Firewalling / Re: Firewall rule not blocking
« on: December 07, 2017, 08:16:47 am »
You don't need that last rule since there is a hidden Default Deny rule on all interfaces.

Did you reset your states after you made your firewall rule changes?  Established states will not be affected by a rule update.

8
Installation and Upgrades / Re: Having problems with installation
« on: December 06, 2017, 03:34:55 pm »
Nobody has a clue with the level of detail you have provided.  Try a screenshot and/or any error messages you saw, plus any actions you took and the results.

9
General Questions / Re: How to block all 80/443 traffic except whitelist
« on: December 06, 2017, 01:19:15 pm »
Squid & squidguard can do that.  In squidguard, you create Group ACLs and then apply policies to the group.

10
Get rid of that Bogon rule on LAN.  LAN is almost always a private network, so blocking them is counterproductive.  Also get rid of that Allow Any rule on WAN.  The port forwards to your Wordpress box are fine.

You should also be aware that since your WAN is also private network space, the Block Bogons rule is going to interfere with anything trying to reach your WP server via port forward.

11
Blocks upstream, like a cache or something else?

Quote
I am right now allowing all traffic through from both the LAN and WAN.

Sounds scary to me.  You normally don't let ANYTHING inbound on WAN except port forwards, for example.

Post your network details for WAN, LAN, and the firewall rules for both.  Remove or obfuscate any public IP references such as your WAN IP.

12
General Questions / Re: Host name resolution
« on: December 05, 2017, 06:32:19 pm »
Unifi APs don't have a hostname until you set the alias (Config - General) and then force a re-provision:

https://community.ubnt.com/t5/UniFi-Wireless/Set-hostname-on-APs/td-p/1505421

13
General Questions / Re: Host name resolution
« on: December 05, 2017, 03:16:30 pm »
Why do you have a lite, an LR and a Pro?  You work for Ubiquiti?  ;D

You have an Alexa??

(Jeremy, sorry for hijacking your thread with my irrelevant comments!)

14
General Questions / Re: Host name resolution
« on: December 05, 2017, 02:06:57 pm »
It's up to the device to report its hostname.  I also have a Unifi with a blank hostname.  I don't really care since I use static leases and I know what every device on my network is.

15
Firewalling / Re: windows file share in DMZ
« on: December 05, 2017, 02:04:03 pm »
Look at your firewall log and see what is being explicitly blocked and work backwards from there.

Pages: [1] 2 3 4 5 ... 361