Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - johnpoz

Pages: [1] 2 3 4 5 ... 1012
Packages / Re: LLDP daemon package
« on: Today at 11:07:55 am »
I don't think its any sort of "issue"... But would be slicker looking if was broken out into the subtype line vs listed on the port id is all..

NAT / Re: NAT with unassigned destination IP
« on: Today at 11:02:38 am »
Yup viragomann hit it right on the head and beat me to the punch ;)

Nice drawing btw - see how easy and clear now everyone understands how you had it setup and makes more sense.

But to be honest why could you not just use the IP that pfsense has on its wan as the dest, or create a vip in that transit network between the router and pfsense.

Packages / Re: LLDP daemon package
« on: Today at 10:43:23 am »
what do you mean you can not see it.. its right here in your output

"Port Subtype = Interface name, Id: gi1"

subtype is interface name or ifname ;)

webGUI / Re: No access to webGUI on fresh install
« on: Today at 10:41:11 am »
Does your pc get its IP from dhcp on pfsense?  If not then you have a basic connectivity problem.

If your getting dhcp from pfsense but just can not get to the webgui..

You can sniff on your pc do you see the arp go out for the IP?  Get an answer, and then send Syn to correct IP and mac when you try and connect to the webgui on your browser.  Could be like your browser is trying to use a proxy that it can not get to.

If you do not have control of the upstream router and its routes, and nat functions and firewall rules then yes you would have to nat at pfsense to use it..

As to getting to stuff behind pfsense from stuff on the wan network you would need to port forward and hit the pfsense wan IP to get forwarded to the stuff behind pfsense.

Why not just replace whatever is at the edge with pfsense?  And let pfsense handle all your networks and the nat to the public, etc.  Then you would not need to nat between your network and could just firewall.

Worse case is just move everything behind pfsense and live with the double nat to the internet, etc.  You would just need a AP to put behind pfsense if you can not just use that sg306 device as AP and need it to be your modem/gateway to the internet.

While your at it get a smart switch so you can do vlans and AP that can do vlans and now you would be cooking with gas! ;)

Packages / Re: LLDP daemon package
« on: Today at 09:51:35 am »
I am seeing that as well... But is it just showing you subtype along with the ID?

Packages / Re: LLDP daemon package
« on: Today at 09:41:19 am »
Grabbing it now ;)

General Questions / Re: VLAN for my wireless
« on: Today at 09:37:46 am »
And you could do all that with a nat as well..

General Questions / Re: Some websites are just non-navigable
« on: Today at 09:37:03 am »
heeheh - pretty sure kpa posted an answer in the wrong thread ;)  But the Nomad meme is great!

Sites that come up like that normally are due to the css file not loading.  This could be a dns related problem.. But I have no issues with those sites... I would suggest you use a browser tool to see what aspect of the page is not loading - it should show you the fqdn of where the css is trying to be loaded from.. From there you could troubleshoot why, etc. be it dns not resolving it - you just can not get there, its being blocked by some browser addon? etc..

General Discussion / Re: NTPD on VLAN sub-interface
« on: Today at 08:23:43 am »
I have ntpd on multiple vlans without any issues.

[2.4.2-RELEASE][root@sg4860.local.lan]/root: grep interface /var/etc/ntpd.conf
interface ignore all
interface ignore wildcard
interface listen igb0
interface listen igb2
interface listen igb2.200
interface listen igb2.100
interface listen igb2.300
interface listen igb2.500
interface listen igb3

You need to figure out why ntpd can not get to ntp servers your using..

No from your drawing that devices knows about 192.168.3.. So sure any device that is on a 192.168.3 would be able to get out..  Does that device or the devices if any above it know about 10.0.99

Do they have settings to nat that network to whatever the actual public IP is, do that sg306 or whatever above it know how to get to 10.0.99 do they allow it out even if they nat it..

When you have pfsense natting then the network above pfsense thinks its just some 192.168.3 device, which it knows about... If you turn off nat on pfsense then your network above pfsense need to know about 10.0.99

If want to just use pfsense as a downstream router from your network - then it should be connected to your upstream router via a transit network, and the upstream router has to be configured to allow or nat this downstream network and know to there it needs to know to route to the pfsense IP in the transit network to get to the downstream networks of pfsense.

If you do not use a transit network then  you run into a whole asymmetrical routing mess when downstream networks are wanting to talk to IP that are in this 192.168.3 network or those devices want to talk to devices downstream of pfsense when their gateway is 192.168.3.x etc..

NAT / Re: NAT/Port Forwarding not working
« on: Today at 07:28:54 am »
"the traffic does not seem to be hitting the WAN IP address for some reason."

Then the block is upstream.. Pfsense can not forward what it does not see, end of story. Get with your ISP on why traffic on on port X does not get to you. 

NAT / Re: Does NAT + real bonding work ?
« on: Today at 07:26:53 am »
Lagg would not be an option either way because lagg is just 1 and 1, it does not = 2..  Its not going to send packet A down 1 and then packet B of the same stream down path 2..

Well if you turn off nat at pfsense than that device SG306 you have label would have to nat your downstream networks, and it would also have to know how to get to the downstream networks.  And its firewall would have to allow the downstream networks out.

Pages: [1] 2 3 4 5 ... 1012