Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - chpalmer

Pages: [1] 2 3 4 5 ... 128
1
NAT / Re: Does NAT + real bonding work ?
« on: Yesterday at 10:41:55 am »

Are you sure they are not talking about bonding using your modem to bond the circuits?     Centurylink does that here in the states.  We have a circuit at one of our locations using a Technicolor C2000 bonding circuits in front of our pfsense router there..

Funny though-  Seemed like everyone in Canada could get an MLPPP circuit while we had to beg for ISP's here to do it.. Usually they would not.



 

2
DHCP and DNS / Re: DNS resolution fails
« on: February 21, 2018, 08:04:34 pm »

What model of cablemodem?

Not one on this list is it?    http://badmodems.com/Forum/app.php/badmodems

This is a common issue with systems behind these modems. 

3
NAT / Re: Issue with ClearSIP
« on: February 12, 2018, 11:20:25 am »

I generally tell people to put everything back to default (no port forwards/ no static ports..)

Instead make inbound firewall rules from the SIP server to the phones behind the firewall.   You will also want firewall rules that allow the RTP streams from whichever server(s) provide those streams inbound..

Also- if your phones are going out for a provisioning files then make sure you have /system_advanced_firewall.php   TFTP proxy set for your phone interface.
I can provide some screenshots of some of my sites here if you need..


4
Hardware / Re: WatchGuard XTM 5 pfSense 2.4
« on: February 02, 2018, 09:53:50 am »

No issues whatsoever on my XTM5 box here.   I use all 7 interfaces and have 8 site to site VPN's active on it.


5
Hardware / Re: Throughput Firebox X550E
« on: January 30, 2018, 11:00:34 am »
Quote
Is there a setting within pfsense that caps the throughput of the device?

No.  Watchguard did that in their software however. But that does not affect you now. Im not sure how you could get 380 running their stuff.

The ports are on a PCI bus so your limited to the speed of that bus.  Ive maxed mine out routing locally so I know they are capable of a bit faster than you are seeing.

Its been years so I don't remember the details but it was much faster than 100mbps.

6
NAT / Re: SIP issue - NAT or Siproxd ?
« on: January 21, 2018, 08:36:44 pm »

From scratch:

Do not do anything with NAT.

Simply make a firewall rule on your WAN with your PBX as the source and your ATA devices as the destination.

You can do it with two rules to single destination (one for each ATA) or one rule with your devices within the same range. 

8
Routing and Multi WAN / Re: How to setup a second LAN?
« on: January 11, 2018, 09:51:38 pm »
Enable it,
Done.

Mirror the "LAN" firewall "Allow all" rules on "OPT1".

Ive found that I have to go to "outbound NAT" and at least click "save".   YMMV.   (maybe a reboot will do.)

9
NAT / Re: NAT port forward - What am I doing wrong?
« on: January 11, 2018, 11:35:37 am »

Firewall on webserver?


10
Hardware / Re: Box with built in VDSL Modem?
« on: January 07, 2018, 11:33:52 pm »
This product is now EOL (discontinued)

Well..  it was nice while it lasted.
http://www.draytek.co.uk/products/business/vigornic-132



11
General Questions / Re: rack setup
« on: January 06, 2018, 06:52:06 pm »

https://www.netgate.com/solutions/pfsense/sg-4860.html       ;)

or equivalent.

Quote
but here is were it gets crazy i was wondering if i could have several different dhcp's

Yes. One for every LAN you have if desired.

Quote
no it gets complicated i would also like to access my cctv via a vpn to use anywhere

Yes. Many do this.


12
Draw a picture of how you have this set up and talk about your ultimate goals. 


13
Hardware / Re: Hardware for a region with lot of power outages
« on: January 01, 2018, 07:00:24 pm »

I just did a build using a 12vdc capable device using a 24vdc to 12vdc regulator (Samlex) with a seriously big battery and charger (24Vdc) and its done us well so far. 

But even with the long outages the system has come back up fine.

 

14
You converted your WAN to LAB interface?

You have to disable all outbound NAT.


15
Installation and Upgrades / Re: New semi-working setup.
« on: December 31, 2017, 07:41:28 pm »
https://ipinfo.io/AS1668/172.168.0.0/16-172.168.0.0/23

172.168.0.140 belongs to AOL.   I know you probably do not want to hear it but until you fix your "LAN" problem your probably going to continue to have intermittent problems based on the fact that certain programs can be hard coded for the standards.

Easy- drop the 8 and make it 172.16.0.0/24

Pages: [1] 2 3 4 5 ... 128