Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - masterd01

Pages: [1]
Captive Portal / Save "Session details" for Traffic-Volumen
« on: June 21, 2017, 01:26:03 am »

the new Feature "Session details" is really great! So i could see the Volume of each user.
But how could i save this?

In the Syslog i only see the clear login (without traffic-information etc.)

Jun 21 08:22:54    logportalauth    96785    Zone: hotspot_01 - ACCEPT: unauthenticated, ,

How could i log the Traffic-Volumen or the great Session details?
To Syslog, TXT or DB would be okay for me.

Thanks a lot!

Captive Portal / Don't see new CP-Portal under Monitoring
« on: June 18, 2017, 07:16:21 am »

i have had about 10 CPs for different VLANs. It work really great. But this week i add a new CP and it issn't shown on the Monitoring-Page. All others are shown correctly. Under Traffic the Interface is shown also correctly.
What should i do to make the "hidden" users visble?

Thanks a lot,



i tryed to make PFSense Bootup over PXE.

- I configured the DHCP-Server
- I've build the pxelinux.cfg/default

Code: [Select]
DISPLAY welcome.msg
label local
             LOCALBOOT 0

label 1
             kernel memdisk
             append initrd=pfsense_2.3.2_64/pfSense-CE-memstick-2.3.2-RELEASE-amd64.img raw
label 2
             kernel memdisk
             append initrd=pfsense_2.3.2_i386/pfSense-CE-memstick-2.3.2-RELEASE-i386.img raw
label 3
             kernel openSuSE_13.2_64/linux
             append initrd=openSuSE_13.2_64/initrd

label 4
             kernel openSuSE_13.2_i386/linux
             append initrd=openSuSE_13.2_i386/initrd

- I also tryed to Boot directly from the ISO:

Code: [Select]
label 2
             kernel memdisk
             append iso initrd=pfsense_2.3.2_i386/pfSense-CE-2.3.2-RELEASE-i386.iso cdrom raw

The Error-Message is still "Mounting from cd9660:/dev/iso9660/PFSENSE failed with error 19."


- And also via direct PXE-Path

Code: [Select]
label 1
             pxe pfsense/pxeboot

Than i have seen, that the Image tryed to be loaded from NFS. Thats okay for me, but it failed also to load the "kernel" (see attachment)
(Yes, i set the Root-Path in the DHCP-Server)

So what is the correct way to Boot equal i386 or 64 Bit directly via PXE?
My openSuSE works great.

I read in some entrys that i had to load the "pxeboot" from the /boot/. Where should this been enterd?
Does anybody have had some sample-files for me?

Thanks a lot


we have 7 WiFi-Zones. I could not add the 8 one and got in the Log the Message:

still could not bind - Address already in use

Screenshots attached.

I've got the Problem with the 2.3.1-p1

Any Ideas?



General Questions / 2.3 - LAGG, VLAN, Carp - after Update no route
« on: April 28, 2016, 01:39:00 am »


we have many PFSense-Installations and updated a lot of them up to 2.3. On two
Servers we got really big problems. An importent on :)
The network there:

2x IBM Server x3650 (6x Network-IF, Two OnBoard, 4x on network cards) --> LAGG
(Failover) --> VLAN --> CARP --> HASync and Config --> HaProxy/Loadbalancing

The Problem:
After Update the PFSense from 2.2.6 to 2.3 everything was fine. After Reboot the
Master-Server the Failover goes to the Second. Everything is still fine. If the
Master comes back, the Carp switches again but no traffic is routed between the
Networks behind the PF. Ping to both PFs + Carp from all IFs are okay. From PF i
could ping everything. But not over the PF.
If i boot the Second one - there i got the Problem also. No network-connection over
the PFSense. Sometimes it helps to open some Gateway-Settings (equal one) and safe
it again.
But this is not often a solution.

What i've tested:
- Reboot
- Disable Carp
- Default-Config PFSense (with Backup from mine)
- PFSense 2.3.1
- HAProxy reinstalled (with bugs, look attached)
- HAProxy Dev
- Add VLANs directly on one Network IF (disable LAGG, attached)
- Delete LAGG and make it new (with a failure - look attached)
- Delete all network-config and make it new (also attached)

Nothing helps.

On the 2.2.6 this config is okay. No Problems are known.

Another Problem at these both Servers:
The GUI is really slow. Sometimes i could only do one change, click safe and the GUI
wait. And wait. Than i got Gateway-Timeout (look attached). I could resolv it with
restart PHP-FPM (16) and Restarting WebConfigurator (11).

Bevor i do a Rollback to 2.2.6. i ask you for help. Have i missed something?

Thats for your time and help!


Deutsch / Deutsche Schulung
« on: July 14, 2015, 06:53:11 am »

Hallo zusammen,

mein Chef hat mich beauftragt für die Kollegen einen deutschen und deutschsprachigen Schulungsanbieter für PFSense herauszusuchen. Im Netz habe ich jedoch nichts brauchbares gefunden.
Ich selbst würde mich jetzt nicht als absoluten Bit-und Byte-Crack bezeichnen, aber schon auf sehr professioneller und tieferer Ebene.
Für meine Kollegen würde ich folgende Schulungsinhalte aussuchen:

- PFSense Aufbau
- Einrichten von Netzwerk-IFs
- Carp / HA
- Firewallregeln
- Captive Portal
- Toubleshooting (intensiv)
- Optional: Snort, Squid, Squidguard

Die Schulung sollte zwei Tage gehen - maximal drei.
Schulungsteilnehmer 3-5.
Kennt ihr Anbieter, die so etwas im Portfolio haben oder so etwas anbieten könnten?



Guys, i have a big problem after Update from 2.2 to 2.2.1 with the Carp. First of all: The Carp before the Update work's great with about 20 Interfaces. IPv4 and IPv6 - thats importend to know. The two Servers (i386) work in HA-Service. The first one replicate to the second one. Config and States. Again: No probs at all

After Update from 2.2. to 2.2.1 the Carp has a Problem with two IPv6 Interfaces. But only on the Backup-Unit. The Master has the virtual IP active. On the Backup-Server the IP-Adresses are shown as slave - IPv4 and IPv6. But only two IPv6 Interfaces has NO (!) Status. Not Active and not Backup. Nothing. These Interfaces does a job i don't unterstand. They are on the way to be Split Brains. The Traffic issn't transport correctly from the master. That state is reproduceble after a short time of activation. Switchover is also working, than the unknown-state-Ifs go to up.
Deactivation Carp or Maintainance-Mode aren't working for that Problem! - Only to shutdown the Server completly is still my solution.
I deleted the "Problem-IFs" on the Master so it was also deleted on the slave. After adding it again the Mysterium start's again.
summarized: to ipv6 stays in a unknown state and i don't know how to make it right. the others are okay.

Should it be a bug?

Any Ideas?

Thanks a lot

Installation and Upgrades / NTP GPS-Problem II
« on: February 25, 2015, 03:52:16 am »

i've posted this Problem in the old-topic.

The Problem is still existing and confusing me.
I changed the Fudge time 2 to "0.323". Than the GPS-Time is for a long Time stable. It start's at 3 AM every Night that the GPS Source is used as stable:

Feb 25 03:05:53    ntpd[45400]: GPS_NMEA(0) 911a 8a sys_peer

But after about 6 till 12 Hours or erlier the Time falls Back to the NTP-Internet-Source. After that the GPS is toggling between NTP-Internet-Source and Satellite.

Feb 25 09:36:43    ntpd[45400]: GPS_NMEA(0) 911a 8a sys_peer
Feb 25 09:36:00    ntpd[45400]: 941a 8a sys_peer
Feb 25 09:35:14    ntpd[45400]: GPS_NMEA(0) 911a 8a sys_peer
Feb 25 09:34:58    ntpd[45400]: 941a 8a sys_peer
Feb 25 09:32:24    ntpd[45400]: GPS_NMEA(0) 911a 8a sys_peer
Feb 25 09:31:57    ntpd[45400]: 941a 8a sys_peer

and so on ...
It happen every night. On 3 AM the Time get's syncted and stay. Not always on the same time ...
What's wrong with my config and why does it always gets stable on the night and after a day it fall again?

Thanks a lot for your great support,


2.2 Snapshot Feedback and Problems - RETIRED / NTP GPS Problem
« on: January 12, 2015, 06:16:14 am »

i've a Problem with the NTP Daemon. On the COM-IF I use a Trimble Acutime 2000 with GPS Time. Over the WAN-Side i got the Timeservers of the PTB in Germany (,, as fallbacl. After a long time of tuning i found a config (Fudge time 2 - 0.400) i got the the GPS working (Screenshot attached). But after some time all Pears go to "False Ticker" and the NTP-Daemon is restarting. Does anybody had the same Problem? Or any ideas to got this working correctly?
On the 2.1.5 there was no way to make the GPS working.




i've had two Server with the latest 2.2 Version. I've added "High Availability Sync" and two Carp-Interfaces. One IPv4 IF - One IPv6. If i set on the Master the Persistent-Mode the Floating IP Adress will we transfered to the secord server. This is working great.
But if i disable Carp with "Temporarily Disable CARP" the V6 Interface stays up - the V4 is going down. The State of the Master-Server is "Disabled" for both IFs. In the Slave-Server the State is für the IPv4-Adress on Master and on IPv6 on Slave.
This should be a Bug?

Kind regards,


Deutsch / CARP/Virtuelle Interface ohne echte IP in dem Netz
« on: September 02, 2013, 04:44:14 am »
Hallo zusammen,

ich würde gerne virtuelle CARP-IP-Adressen außerhalb des Netzes einstellen, in dem sich das reale IF befindet.
Aktuell ist das ja nur möglich, wenn ich vorher eine feste Adresse aus dem Netz darauf als IP Alias einstelle.
Das ist jedoch blöd, wenn man nur ein 8er Subnetz und letztendlich dafür bei zwei PFSense-Systemen schon drei Adressen verbraten muss.
Gibt es da eine einfachere Lösung ein CARP-IF anzulegen, ohne dafür der einzelnen Maschine eine echte Adresse aus dem Netz zu geben.

Gruß und Danke,


2.1 Snapshot Feedback and Problems - RETIRED / VIP as Default Gateway
« on: April 03, 2013, 02:28:06 am »


i use the latest Snapshot from yesterday and i had a Problem with the Default-Gateway. I want to use the Virtual-IP for the Outgoing-Connections. I had configured this in the System --> Gateways (Screenshot).
But if i use the PFsense as Gateway there is always shown the Real-IP-Adress (in my Example the Adress 123, instead the 124).
Is this a Bug or do i had to edit the config on another page?

Kind regards,


Pages: [1]