Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - razblack

Pages: [1]
1
Feedback / A+ for new Traffic Graph
« on: June 30, 2017, 02:14:14 am »
 :)

I really like the new Traffic Graph...  just wanted to say that.  It looks and works great.

2
is there a way to provide the RRD graph for quality on the dashboard like we are able to do traffic graphs?


3
I've tried using just the webgui to execute the date command, and also using SSH under root and get the same message.

in SSH, it says setting local time... however, the system time does not change.

time zone is configured correctly...  NTP would "appear" to be right; however, the time is consistantly 15 minutes off....  :(

any ideas?

4
Packages / ntop error
« on: June 20, 2014, 02:35:36 pm »
versions:  pfsense(2.1.3-RELEASE (amd64) ), ntop (BETA 5.0.1 v2.5 platform: 2.0 )

I updated yesterday to 2.1.3, ,and also updated ntop (removed previous package and upgraded to this version)... while ntop overall feels more "snappy", I now am faced with this problem when I drill down into traffic (e.g.:  local to remote ) and select a client.


ntop[37803]: **ERROR** Buffer too short @ report.c:3905 (increase to at least 1037) [<TR onMouseOver="this.bgColor = '#EDF3FE'" onMouseOut ="this.bgColor = '#FFFFFF'" ><th align="left" nowrap width="250"> <a title="Windows 2000" class=tooltip href="/157.56.96.208.html" ><IMG width=16 height=16 SRC="http://www.google.com/s2/favicons?domain=client.wns.windows.com" BORDER=0>client.wns.windows.com[/url] <img class=tooltip alt="OS: Windows" title="OS: Windows" align="middle" src="/statsicons/os/windows.gif">&nbsp;<img class=tooltip src="/web.gif" border="0" alt="HTTP Server" title="HTTP Server"> <A class=external href="#" title="Physical Host Location" onclick="window.open('http://www.geoiptool.com/en/?host=client.wns.windows.com&IP=157.56.96.208', 'Host Map', 'height=530, width=750,toolbar=nodirectories=no,status=no,menubar=no,scrollbars=no,resizable=no'); return false;"><IMG SRC=/marker.png border=0>[/url] &nbsp;&nbsp;&nbsp;</th> <TD ALIGN=RIGHT>157.56.96.208</TD></TD><TD ALIGN=RIGHT>4.9&nbs


Is there a particular preference setting I need to adjust in ntop to increase this buffer?

5
Traffic Shaping / traffic shapping effect on lan smb traffic
« on: February 27, 2014, 07:38:00 pm »
after applying the default traffic shaping wizard, the throughput between lan segments for SMB traffic is extremely low (~350KB/s) on GB lan links.

pfsense is setup with a single WAN adapter (192.168.0.1) and has 4 other adapters configured (192.168.1.1, 192.168.2.1, 192.168.3.1, 192.168.4.1).  Tranfer speeds within segements are fine (full throughput), just traffic passing between segments (and the pfsense device) is sluggish.  traffic from each segment out the wan is also pretty good (up to 60Mb/s).

so, just looking at the floating rules, there is one for SMB 445 and by default gets assigned the qACK/qOtherDefault  (unless I change during wizard setup), but seems to have zero effect between lan segments.

I've tried disabling the floating rule, which seemed to have no impact.  I had setup a default allow rule for each segment similar as follows:

protocol: IPv4*
source: LAN net
port: *
destination: *
port: *
gateway: *
queue: none

which I thought would simply put zero queue/restrictions on the segment.   However, do I need to create a specific rule for this protocol in each segment?  and is the floating rule overriding the other rules in this case?

[edit]

note, the WAN DL/UL is 60Mb/4Mb, so the 355KB/s seems to align with the 9.5% qOtherDefault bandwidth limit.  How do I work around this for LAN segments to provide a much higher Bandwidth limit between each other?

6
Traffic Shaping / limit bandwidth from websites using Limiter and CIDR?
« on: January 24, 2014, 07:11:38 pm »
I would like to be able to limit the amount of bandwidth streamed into my network by setting up limiters and applying firewall rules for a set of identified CIDR values.

How would I go about doing this correctly?  I've created the limiters in Traffic Shaper for bandwidth and burst in Kbps (one for each IN/OUT).. then applied the two to the In/Out settings in Advanced Properties of the rule, with the CIDR value of the Source as type Network and Address for their class range (199.9.248.0/21).  This is applied to the WAN interface; however, I am seeing no change in either burst or sustained traffic control from this video streaming website.

I also tried just creating floating rules this way as a general "catch all" for all interfaces, but this did not seem to work either (which I would have preferred to do this way like other traffic shaper rules).

I can confirm that Traffic Shaper does work... quite good for general HTTP, games, P2P, but I just can not seem to get this to work for specific CIDR sources.

Is there a better way to do this?

7
NAT / how to properly setup rules for Akamai download managers
« on: June 04, 2013, 11:56:01 am »
i'm pretty new to pfsense, and I thought I should ask how to do this prior to just adding a bunch of rules that I'm not so sure of...

I have client computers using the Adobe Application Manager which installs their softwares and updates.  it checks the adobe servers for the license and versions, and if detects an update or the user requests an install, the updates are sent via Akamai network via UDP.

by default, it looks like pfsense is blocking these inbound streams:




so, how should I handle configuring NAT to permit this type of connection back to the client computers?

I looked at the status:interfaces and they're definitely getting dropped at the WAN.

The odd thing it seems to me, is that the source address looks like private ones, so could it be that pfsense is modifying that or is that something that Akamai is doing?

when I run Process Monitor on a client computer, I can clearly see that outbound from the client workstation is communicating ok with their systems:

10:54:48.1476864 AM   PDapp.exe   4888   TCP Connect   workstation00:3538 -> a96-17-202-177.deploy.akamaitechnologies.com:http   SUCCESS   Length: 0, mss: 1460, sackopt: 1, tsopt: 0, wsopt: 1, rcvwin: 65700, rcvwinscale: 8, sndwinscale: 7, seqnum: 0, connid: 0
10:54:48.1479511 AM   PDapp.exe   4888   TCP Send   workstation00:3538 -> a96-17-202-177.deploy.akamaitechnologies.com:http   SUCCESS   Length: 229, startime: 94189, endtime: 94189, seqnum: 0, connid: 0
10:54:48.1758005 AM   PDapp.exe   4888   TCP Receive   workstation00:3538 -> a96-17-202-177.deploy.akamaitechnologies.com:http   SUCCESS   Length: 378, seqnum: 0, connid: 0
10:54:48.1760687 AM   PDapp.exe   4888   TCP Receive   workstation00:3538 -> a96-17-202-177.deploy.akamaitechnologies.com:http   SUCCESS   Length: 0, seqnum: 0, connid: 0
10:54:48.1760797 AM   PDapp.exe   4888   TCP Disconnect   workstation00:3538 -> a96-17-202-177.deploy.akamaitechnologies.com:http   SUCCESS   Length: 0, seqnum: 0, connid: 0

perhaps some kind of handshaking over HTTP (maybe two left hands).... :-\

Pages: [1]