Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Peter847

Pages: [1]
General Questions / UPS PfSense Shutdown
« on: January 03, 2018, 08:00:41 am »
I run a small small office LAN through PfSense and am looking for advice on how I manage my UPS.

The UPS supplies PfSense and a couple of Windows machines.  Its main purpose is to ride through the relatively frequent power drop outs that last a few seconds, real outages (greater than a minute) are rare.  It does not look easy to get one UPS management suite that will gracefully shutdown all the machines so I am thinking about letting PfSense just run out of power.

PfSense runs on a passively cooled Atom system with an SSD, will I damage anything if I just let the power on the UPS run out and restart PfSense when the power returns?

Routing and Multi WAN / Bridged OpenVPN
« on: June 25, 2017, 05:31:20 am »
I want to bridge two remote LANís into one logical LAN and would like to make sure Iím thinking the right way before I start reading up on the details.
I currently have two physically distant networks both running pfSense and connected together through an OpenVPN tun interface.  I want end up with one logical LAN with two gateways, one in each physical location.  Each device is assigned a default gateway typically the one in the same location as the device and, additionally, outgoing packets are routed to a specific gateway according to their destination.
Here is how I think I should set this up.
  • Change the OpenVPN to a tap interface.
  • Assign fixed IPís to both the pfSense LAN interfaces in the new subnet address space.
  • Disable one of the DHCP servers and use the remaining DHCP server to set the default gateway according to where the device is located.
  • Add routing rules in each pfSense to redirect any packets to the WAN interface nearest their destination.
Before I start reading up on all of this, am I thinking along the right lines?

IPsec / Mobile Client + Site to Site Tunnel
« on: December 09, 2016, 11:01:46 pm »
I need some general advice on setting up multiple IPsec tunnels.

First I need to admit I am very much a beginner and I have looked through the PfSense book & the Wiki.  I have set up a mobile client by following the instructions in the book and it works well.  I would now like to setup a site to site connection from the Pfsense box running the mobile client to another Pfsense box in a remote location.   Do I create a new phase 1 entry, add a phase 2 entry to the existing phase 1 for the mobile client or something else?

Many thanks for any advice.

General Questions / NAT Port Forward vs Firewall Rule
« on: July 31, 2016, 03:46:24 am »
Could someone help me improve my understanding of PfSense?

I have a device on my network that has its DNS servers hard coded so I use a NAT port forward rule to catch everything it sends on port 53 and redirect it to the DNS server of my choice.  I copied the setup from one of the posts in this forum.  Is there any reason why I should use the NAT rule, can I just achieve the same thing with a standalone Firewall rule and dispense the linked NAT rule?


Firewalling / Openvpn Firewall Rules
« on: July 14, 2015, 09:12:19 pm »
I have a standard 2 port LAN/WAN pfsense box and need some help from the experts setting up the firewall rules for my vpn.

I have setup an openvpn client, I select which packets go through the vpn using the firewall rules on the LAN interface and directing them to the vpn gateway.  I presume I can control all my outgoing packets by creating the appropriate pass rules but I am not sure how I secure the incoming traffic.  On the firewall rules page I have five tabs, Floating, LAN, WAN, VPNGateway & Openvpn which of the last two tabs needs the pass rules on it to filter inbound packets coming out of the vpn?

I have a similar question on the traffic shaper.  All of my vpn traffic has the same priority so I intend to shape everything on the LAN/WAN interfaces.  In the shaper wizard I see rules to match PPTP & IPSec traffic but nothing for openvpn, do I just prioritize all traffic on port 443?  How do I differentiate between openvpn traffic and other SSL traffic - or am I way out of my depth here?

Many thanks in anticipation!

PPTP / PPTP Security
« on: September 29, 2012, 10:10:07 pm »
I have setup my pfSense box as a PPTP server and all works well . . . but I have a security question.  I have only one remote user that has a random 16 character userID and password, which I would have thought was fairly secure.  However could some bad guy just keep trying multiple to log in attempts and eventually find the right combination, or is the chance of hitting it correct just so small it is not worth worrying about?

Traffic Shaping / Newbie question on wizard setup
« on: July 30, 2012, 09:39:33 pm »
First the Newbie disclaimer:  This is my first post & I have bought (and read) the pfSense book, searched through the Wiki and the forum but am still stuck!

I have run the shaper wizard on a single WAN/LAN system using the simple priority queue scheduler and here is what I see:

1. In the wizard, if I use an alias for my VOIP hosts I do not get a VOIP rule and nothing goes in the queue; a single host IP does generate a rule.  Should I be able to use an alias?

2. I do not see any rule for the ACK's and on a large download nothing goes in the ACK queue, it looks like it is all in the default queue.  Do I have to create the rules manually?

3. There is no bandwidth limit on the LAN queue even though I put a value in the wizard.  Does this matter?

It looks like others have seen point 2 but the thread ends with no real resolution.  I guess I'm just missing something here - could someone give me pointers on how I should set this up.

Pages: [1]