Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - bpb21

Pages: [1]
I've got pfSense configured and running on Pentium(R) Dual-Core CPU E5300 @ 2.60GHz 2 CPUs: 1 package(s) x 2 core(s) hardware, using the onboard NIC for the WAN connection and an add-in PCI NIC for the LAN.  Everything is configured like I want it, except I want to add a DMZ physical interface.  So, I tried installing a PCI-e NIC card (the only empty expansion slot on the motherboard) and the pfSense configuration essentially reset itself to the initial setup - the NICs reverted to being unconfigured.

I just removed the PCI-e NIC card and restored from a backup I had done prior to this.

I had the same thing happen on similar hardware at a different site.

My question is: is this normal when adding in another physical NIC to a pfSense installation?  I would have expected the settings to remain the same and to just have one new and unconfigured physical NIC in the menu (both webgui and terminal).  Instead, the addition of another NIC seems to reset the entire config.  Is that normal behavior when adding another NIC - specifically a NIC that won't be an additional WAN connection?

If so, if I were to install the NIC card, then configure just enough so I could revert to the good backup of the pfSense system just prior to installing the NIC, would that produce the desired result?  (The desired result is the exact same configuration, plus one new and unconfigured network interface in pfSense.)

Please excuse my basic question; I've been reading on the forums and such about the bsnmpd implementation in pfSense.  If I'm understanding correctly, the MIBs/OIDs returned from snmpwalk are in part dependent upon what hardware you've got pfSense installed on.  Is that correct?
Example: when I run snmpwalk on a pfSense install I get a lot of SNMPv2-SMI::enterprises values, which I presume I'd need the MIBs from the hardware manufacturer to decipher.
So there's only so much generic data you can get from pfSense via SNMP without knowing the MIBs/OIDs of the hardware it's installed on, right?
Or is it more to do with the version of FreeBSD pfSense is running/compiled with, as per

OpenVPN / CentOS 7 client to VPN on pfSense firewall for network monitoring
« on: December 06, 2016, 05:18:07 pm »
Here's my situation; I've been way overthinking this and I'm stumped at the moment.

I've got one network with a pfSense firewall/DHCP/DNS box handling it.  Behind this pfSense box there are multiple access points.  I'd like to monitor these using SNMP/Nagios (covered elsewhere).  This will be network 1.

I've got a totally separate network, also managed/firewalled by pfSense, whereon resides my CentOS 7 headless server on which I've configured Nagios.  Let's say this is network 2.

There are other clients/users on both networks.  I don't want them to intermingle.

What I need is for the CentOS 7 server, on network 2, to be able to have an always on VPN connection to network 1, to be able to securely query the access points on network 1.  I don't want this connection to allow any other traffic from network 1 to network 2, but if the CentOS 7 server is the only client then I can handle that via firewall rules.

But, how should I go about setting up an appropriate VPN?  I've got an OpenVPN server set up on pfSense on network 1 to allow me to remote connect in from a different machine on network 2 and manage the access points.  However, I'd like this CentOS 7 server to be able to automatically query their status.

I could join the two pfSense firewalls, I suppose.  But, I don't want always on site to site connectivity between both networks; just that one CentOS 7 server on network 2 and the pfSense network 1.

I'm not sure that made any sense, reading back over it.  But, one client on a physically separate network always VPN'd to a different network.  Best options?

I'm reading up, but I'm going round and round and confusing myself in the process!  Any pointers are helpful!

I've also read over here and here and several forum posts brain is curning through all this.

I hope that description is clear!  I've poured over this question, off and on, for several weeks and I'm rather stumped.  Please pardon my basic level of understanding.

Scenario: my pfSense setup has a static, external IP (let's say for example) on the WAN interface and my domain, testing.123, points to  I'm hosting a website on my network behind pfSense, on machine (again, fictitious, local IP), and I have a NAT rule in pfSense to forward all incoming http requests to port 80 on  This setup works great - from anywhere else in the world.  Going to testing.123 in your browser takes you right to the website.

Trying to access testing.123 website from a computer on the same network, let's say my laptop at, doesn't work.  (I've reset my pfSense web interface to a non-standard port, so it wouldn't be looking for the web interface instead of the website.)  That's probably obvious to all of you DNS experts reading this (who I hope are reading this!).  If I go to in a browser at home, the site will load but it's pretty slow.  It runs quite speedily when accessed from an external IP.

Now, let's say I wanted to host something like ownCloud (or Nextcloud) at home, and be able to access it both at home and away from my home network.  I have that on with a NAT rule forwarding https to and it works fine when I'm not at home, but when on the home network the domain can't be resolved.  I'd have to change testing.123 to in the client every time I change locations.

Is this a situation where I need some redirect rules on the LAN side of the firewall or is this a DNS issue? 

With my basic cable modem as the only firewall between these servers and the internet at large, I just pointed the domain name records at my static IP and everything worked fine, at home or away.  With a basic pfSense setup in the middle, I'm no longer able to get to these sites.  I know if my basic home modem/router combo can do it, pfSense can do it.  But what am I missing?

A few more details, as I know that's not much to go on.  I've got one WAN interface, configured with the static IP, and one LAN interface which assigns DCHP addresses.  The webserver has a static IP.  NAT incoming connections to port 80 redirected to and the only plugin I've installed is pfBlocker.  The rest is just the out of the box configuration of pfSense 2.3.2.

Any tips/pointers in the right direction are appreciated!

Pages: [1]