Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - JKnott

Pages: [1] 2 3 4 5 ... 85
There is nothing in pfSense (or any other DHCP server) that would cause that.  Do you have VLANs configured for those phones and APs?  If so, you'd need to enable the DHCP server on the VLAN.

Are the computers sharing one subnet?  Or do they have separate tunnels?

General Questions / Re: Block Devices from Accessing My Network
« on: Yesterday at 01:57:26 pm »
PfSense can't filter on MAC addresses, but there is a work around.  You can map IP addresses to MAC addresses and only allow those IP addresses through.  You can also allow only specified MAC addresses to get an IP address.  Since these methods are done with the DHCP server, they will have no effect on performance.

Normally, you'd use a VLAN for the 2nd SSID.  Start simple and get the AP working first.  Once you've done that, you can create a VLAN on both the AP, for the 2nd SSID, and on pfSense.  You will also need to create another network on pfSense, with the VLAN as the interface.

If they are on the same switch, they should be "connected", unless it's a managed switch that has been configured with VLANs etc.  A switch is normally transparent.  Is it a true AP?  Or just a router connected as one?  If the latter, make sure you're connected to the LAN side of it, not WAN.  Of course, there's always the possibility of bad patch cords etc.  Do you see the link lights when those devices are connected?

From the 2nd link you provided:
the annoying work-around would be to add the route to every box on the LAN, in which case step 3 above would work.

This is exactly what I said, when I said to add specific routes to each device.

I don't think you understood me. I put a static route in pfsense, which is the default gateway for everything on my local LAN. It should see that traffic and send it to the VPN.


So, if a device on the LAN wants to send a packet to the other end of the VPN, it sends it to pfSense, which is supposed to route it back out the interface it came in on, to get to the VPN elsewhere on the local LAN?  That's not the way routers work.  You'll need to add the specific route to all the devices that want to send traffic to the VPN.

Unless I'm missing something, that should be easy to do.  Once you set up the VPN, it's just normal routing.  I assume you've got something running OpenVPN at the remote site.

Windows uses broadcasts or multicast to announce shares.  Those are not normally passed by routers.

OpenVPN / Re: How to route single client through openvpn tunnel
« on: March 15, 2018, 03:55:31 pm »
Normally, only the traffic for the VPN client will be passed through the VPN.  Other traffic will not be passed through it.  That's just the way IP works in general.  That client should have an IP address in a subnet that's different from the main LAN and that is how routing is determined.

General Questions / Re: MTU confusion
« on: March 15, 2018, 09:34:32 am »
Where do you see 1442?  I don't see it in that info you included.  Also, when you ping, specifying the size, it's the payload size you're setting, not packet.  So, out of 1492, you lose the IP and ICMP headers, for a total of 28 bytes on IPv4.  On IPv6, it would be 48 bytes.

Fire up Wireshark, to see what's really on the wire.  It will show Ethernet frame size, as well as the various header sizes.

General Questions / Re: Gateway keep going offline after one minute
« on: March 13, 2018, 01:34:37 pm »
As impossible as it should be, I've seen 2 NICs with the same MAC.

While supposedly unique, some manufactures have been known to recycle MAC addresses.  There's also the possibility of locally assigned MACs and many consumer routers can clone a MAC.  However, as long as they're not on the same local network, duplicate MACs are not a problem.

Firewalling / Re: Blocking DNS on specific interfaces
« on: March 12, 2018, 10:52:55 am »
Sorry, I'm a real network newb. All I know is I am unable to go on Netflix whenever I have my VPN DNS server as my only lookup.

I expect your problem is you're using a VPN.  Netflix blocks VPN users.

Firewalling / Re: Blocking DNS on specific interfaces
« on: March 12, 2018, 09:54:35 am »
Netflix only allows google dns to resolve its name


That's not likely.  If it were true, it would break the way DNS works and people using cell phones etc., would be unable to access Netflix using the DNS their carrier provides their phone.  I suspect most people use the DNS provided by their ISP.  If they were blocked Netflix would lose a lot of business.

Also, there's no way for them to know what DNS server you used, as all connections are via IP address, not host name.

IPv6 / Re: Logged, but not formatted
« on: March 11, 2018, 04:07:07 pm »
The only LL packets that pfSense can see are those that pass through a pfSense interface.  I know about the multicast packets for things such as router advertisements etc..  However, MLD is used to discover which devices on a local LAN want to receive specific multicasts from elsewhere, not those originating on the local LAN.  For example, if your computer wants to listen to some multicast out on the net, the routers (and possibly switches) listens for the request and then arranges to get that multicast from the source and pass it on to the requesting device(es).  There is no need to do this on the local network.  Also, multicasts are not received by every node on the network.  They are filtered by multicast MAC address in the NIC, so that if a node is not interested in a particular multicast, it doesn't hear it.  This differs from IPv4 broadcasts that all devices receive.  The only thing that's comparable in IPv6 is the all nodes multicast, which is received by all nodes and used for things like router advertisements.  Also, that "2" in ff02 refers to the scope, in this case link local.  That means a router will ignore it, as it doesn't have anything to do.

BTW, RFC 3810 has been superseded by RFC 4604.

Pages: [1] 2 3 4 5 ... 85