Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - timmiet

Pages: [1]
"Get-VMNetworkAdapter -VMName "PFSense" | Where-Object -Property MacAddress -eq "00155d0061f" | Set-VMNetworkAdapterVlan -Trunk -AllowedVlanIdList "1-10" -NativeVlanId 99"
is this different from setting VLAN ID in the Hyper-v VM Network GUI?

"As long as there is never more than 1 untagged vlan on port then its not a problem.  This is just considered a native vlan on say a trunk port that carries tagged. "
So many VLANs as well as 1 Untagged on 1 Port and the switch and 1 Port on hyper-v server is ok?

When I tried to setup this way it killed my dhcp server on my untagged network( stopped working ).  (maybe just need to isolate with firewall rules)
Thank you both for the help, and sorry for the late response.

I haven't really used VLANS much.

I want 3 main networks.

1. General (UnTagged)(192.168.11.x)
2. Accounting (VLAN or new Nic?  2016 Server Essentials runs from Hyper-v)(192.168.10.x)
3. Ubiquiti  (VLAN10 on HyperV)(192.168.100.x)

I would like to setup so
General can access Ubiquiti and net.
Accounting can access General, and net.
Ubiquiti (VLAN10)can only access the net.
This seems ok with my current setup.

I have a PF Sense router with 3 nics  Wan, Lan and Opt(only 10/100 and not currently used).  The lan goes to 24 port managed switch via Trunk.  Connected to the switch via another trunk line I have a Hyper-V core server.  On my Hyper-v server I have 4 untagged servers running and one VLAN10 running for a Linux based Ubiquiti Server(For APs).  Also connected to  the switch is a very very old sonicwall router(192.168.10.x) for our accounting pc's.  I would like to remove the sonicwall and only have one router.

As is, I have 2 24 port Managed switches and a handful of unmanaged switches.  I have unmanaged switches behind the sonicwall and behind the managed switches.

I'm thinking it might be better to just use another nic in the router and also in the hyper-v server, then I could use all the other existing equipment other than the sonicwall.

If anyone makes it this far thanks for the help.
As a side note I tried to setup another VLan for my server2016 on the hyper-v and when I enabled dhcp on the VLan it stopped my untagged DHCP server from working.  Is it bad form to have tagged and untagged on the same virtual switch?

I have the same problem.  If you get it working I would love to see how :)
I too am running out of hair.

pfBlockerNG / Re: vip 80, 8081 work but 443 and 8444 won't
« on: September 10, 2017, 03:59:08 am »
I turned off IPV6 on the lan, and all my speed problems went away.  I still can't go to vip:443 like I thought was how you test.
I'm not sure why ipv6 is giving me issues, maybe because its 6RD?
Anyhow thanks for everyone that took a look.

pfBlockerNG / vip 80, 8081 work but 443 and 8444 won't
« on: September 09, 2017, 04:42:31 am »
I'm not really sure where to start.     sorry it's so long.
internet is very slow, I can load and get a dot. won't load.
I have snort running but it has no alerts, or blocks.
I'm using openDns FamilyShield for my DNS server, under general
I'm using dns resolver with google safesearch list in custom options.

server: include: /var/unbound/safesearch.conf
server: include: /var/unbound/pfb_dnsbl.conf

I have NAT Port Forward to force any dns request to use pfsense.
on my lan/firewall I have ipv6 dns blocked, because it would allow safe search to be turned off on android phone...   better way?
I have tried it with "lan default allow" on, but it didn't help.
Host overrides are set to make Bing and Youtube use safesearch.  Duckduckgo and yahoo are set to
vip is setup for 8081 8444
pfsense is
I can't see anything blocking it in the logs.
sockstat -4 had this {root   lighttpd_p 91002 6  tcp4   *:8444 *:*}   seems correct?

I'm not sure if it would matter but in the past I did have squid and squidguard installed, but they have since been removed.

just for fun I tried  and that will load.   ( not sure that matters  )

IPv6 / Re: 6rd Gateway always shows offline.
« on: July 10, 2017, 06:47:52 pm »
That worked for me thanks for the help :)

IPv6 / 6rd Gateway always shows offline.
« on: June 08, 2017, 08:01:05 pm »
Is it normal for my 6rd gateway to be offline.
I followed this guide

I now get ipv6 address on my computers and can ping via ipv6 from computers, but under gateway 6rd shows offline and 100% loss shows 10/10

thanks for the help. :)

IPv6 / Re: Centurylink IPv6 issues
« on: March 30, 2017, 05:04:46 pm »
I have the same issue on CL with 6rd enabled WAN_6RD is offline.  I can ping ipv6 addresses, and shows 10 of 10, but some sites like won't load.  I have static ipv4 with PPPOE.  IPv6 Wan is set to 6rd and lan IPv6 is set to Track Interface. My IPv6 Prfix ID  on Wan and Lan are both set to 0.

IPv6 / comcast modem/router not in bridge mode. How can I make tcpip6 work?
« on: December 14, 2016, 05:23:48 pm »
here is my full setup.
comcast modem/router (DNS and DHCP on)-> pfsense 2.2.4 (DNS and DHCP off) -> Server 2012r2 (DNS and DHCP on)
server has a static IPV4 but IP6 is Obtain automatically.
from pfsense I can ping tcpip6 from server I can not.

comcast router IP
PFSense IP
Windows Server

I'm very very very very TCPIPV6 stupid please help.

I made a firewall rule to allow in windows firewall.
That works, but it would be better If I could get it to show private, and not have all traffic go through the vpn.

I feel silly but it was windows firewall.

Openvpn is detected as public network // unidentified network.
I don't have a default gateway set in openvpn. I think that is why.

how do I set one that does not route all traffic, but is set so it can be a private network.
Thanks for the quick reply.

So I have pfsense server 2.3.2-RELEASE-p1
it has openvpn server
clients can connect to server and they can ping lan side
but I can't ping the vpn clients from the lan side.   From I can't ping
From pfsense diag I can ping

I feel like I would just need to add a route  from lan to openvpn, but I really don't know.
thanks for the help.

I guess what I really wanted to do was be able to add a pfsense vm without nat, dns, or dhcp to an existing network and use it just as an openvpn appliance with the old router (or in this case fortigate and cheap router ) just port forward to pfsense on the lan side with static ip.
Thanks for the help.

the point of the cheap router is for the nat.   To prevent the IT team who controls the fortigate from having access to our network.  So yes that would be as I understand it a double nat.
I know instead of a cheap router I could just setup a small pc to run pfsense with openvpn on it, but I was hoping to run pfsense from hyper-v to kinda use it like (openvpn access server).
I guess I might just install openvpn direct on the server, or build a small pc with pfsense to replace the cheap router.
thanks for the help  :)

I have a fortigate router that I can't replace.
It is setup in a building with one owner and 2 companies.
We want then to be a separate as possible for as cheap as possible.
fortigate is
I would like to setup a cheap router to seperate  so... wan would be and lan would be

I would then like to setup pfsense/openVpn to run in hyper-v on a v-switch and keep it all on the local subnet. 
internetIP>>>>>> wan side on hyper-v switch) >> to full internal subnet access.

this might be a very stupid way to go about it, but I really like the openVpn interface on pfsense, and thought if it could just sit on the lan side and only route openVpn traffic to the local lan that would be cool.

I've gone through what I thought might work but hit a wall.
This by the way is for 1 to 5 road warriors.

On a side note would I be better to just install OpenVpn on the server direct (w/tap driver)
Thanks reading my rant and for any help.


Pages: [1]