Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - KOM

Pages: [1] 2 3 4 5 ... 7
webGUI / Firewall rule seperator text inconsistentcy
« on: December 01, 2017, 12:54:59 pm »
When you create rules and use separators, they all have black text on top of the colour you select -- except for the blue separator.  Blue separator insists on having a dark blue text.

webGUI / Traffic graph on Firefox Quantum
« on: November 15, 2017, 09:18:56 am »
Just a note to say that the traffic graph looks a little funky on the latest Firefox.  With every update per second, the vertical bars appear and disappear, and the time / interface / bandwidth labels throb between normal and bold.

General Questions / Strange traffic graph output
« on: November 14, 2017, 02:03:51 pm »
Today I am seeing a steady 3 Mbps of traffic from my LAN and my DMZ going into pfSense and going nowhere.  When I adjust the graph settings to see what's happening, it tells me that this traffic is coming from

What is this phantom traffic???

General Discussion / Beware the Windows 10 Fall Creators Update
« on: October 19, 2017, 07:17:18 pm »
My main work system applied the FC update today and when it rebooted, I was greeted with a CRITICAL_PROCESS_DIED error and a frowny BSOD.  I spent the rest of the day trying to recover, to no avail.  My backups were all corrupt so I also need to confirm that our main NAS isn't going bad (we just moved locations over the past week so something may be loose etc).  Tomorrow I get to reinstall Windows and all my work apps, utils, music etc etc etc.

Thanks Microsoft.

General Discussion / VMware Web Client: "Shockwave Flash has crashed."
« on: October 17, 2017, 09:18:28 am »
In case you manage a vSphere environment and have started seeing this Flash crash as of a few days ago, the workaround is below.


Workaround for FireFox:
Click Start > run, type appwiz.cpl and click Run.
Uninstall Adobe Flash Player 27 NPAPI Version
Extract the\27_0_r0_159\flashplayer27_0r0_159_win.msi.
Close FireFox.
Run the extracted flashplayer27_0r0_159_win.msi.
Click Start > run, type services.msc and click Run.
Disable Adobe Flash Player Update Service.
Open the vSphere Web Client in FireFox.
Workaround for Chrome:
Download pepflashplayer.7z available at
Extract the pepflashplayer.dll to the Desktop.
Open C:\Users\%username%\AppData\Local\Google\Chrome\UserData\PepperFlash\\ in File Explorer.
Rename pepflashplayer.dll to pepflashplayer.old.
Copy the pepflashplayer.dll extracted earlier from the desktop toC:\Users\%username%\AppData\Local\Google\Chrome\UserData\PepperFlash\\.
Open the vSphere Web Client in Chrome.

When you install the Traffic Totals package and go to Status - Traffic Totals, the pfSense logo at the top of the page disappears.  The Community Edition text underneath is still visible.  The logo properly appears on every other page.

General Discussion / Another satisfied Let's Encrypt user
« on: July 06, 2017, 08:48:42 am »
I've been running SSL on my dinky website for about 2 years with a cert I got for free from StartCom.  As a lot of you know, StartCom was engaging in shenanigans with "test" certs they were caught issuing for major web domains.  The Big Browsers all stopped trusting StartCom, which made my site generate cert errors in Chrome or FF.

Not good!

While I was aware of Let's Encrypt, I already had a working config and I didn't want to have to disrupt it and learn something new right now just to get what I already had.  After checking out the prices for a simple cert from other vendors, I was back to Let's Encrypt.

After backing up my config, I installed the certbot package, ran it, answered two questions and BAM -- done.  I could not believe how slick and easy it was.  All I had to do to finish up was add a cron job to renew twice per day as recommended.

Very nice and highly recommended.

General Questions / Weird failed connections
« on: June 14, 2017, 01:14:34 pm »
I am trying to audit exactly which ports our server software uses so as to better assist our customers when configuring their own firewalls.  Our developers use high-level RPC function calls to do everything and they don't understand the underlying plumbing going on.  When you try to connect to a server, here is what happens:

On the first server, you select itself and its data disk.  You then specify the remote server and its data disk.  A group of the two is then created.

With both servers on the same subnet, everything works as expected every time.  When I have first server on LAN and second server on OPT1 (both nets have Allow All rule), they can talk but they fail to create a group.  There is nothing in the firewall log.  I thought maybe static ports were the issue and manually added a static port outbound NAT rule for both LAN and OPT1.  No change.

LAN  pfsense @
OPT1  pfsense @

Server1 ip / mask 16 / gw
Server2 ip / mask 24 / gw

I'm sure I'm missing something dumb or got my NAT rule wrong.

AFter upgrade from 2.3.3 to 2.3.4, both vmware-guestd and vmware-kmod refuse to start.  Manually clicking the start button leads to an endless spinner and this in the logs:

May 5 08:37:28   php-fpm   37584   /index.php: The command '/usr/local/etc/rc.d/vmware-kmod status' returned exit code '1', the output was 'Checking vmmemctl kernel module: not loaded Checking vmxnet kernel module: not loaded Checking vmblock kernel module: not loaded'
May 5 08:37:28   php-fpm   37584   /index.php: The command '/usr/local/etc/rc.d/vmware-kmod status' returned exit code '1', the output was 'Checking vmmemctl kernel module: not loaded Checking vmxnet kernel module: not loaded Checking vmblock kernel module: not loaded'
May 5 08:37:28   php-fpm   37584   /index.php: The command '/usr/local/etc/rc.d/vmware-guestd status' returned exit code '1', the output was 'vmware_guestd is not running.'
May 5 08:37:28   php-fpm   37584   /index.php: The command '/usr/local/etc/rc.d/vmware-guestd status' returned exit code '1', the output was 'vmware_guestd is not running.'

General Discussion / ownCloud X Released
« on: April 27, 2017, 09:40:54 am »
I use ownCloud at work as a replacement for an FTP server and I'm quite happy with how it performs.  They just released version 10 today.

NextCloud is a fork of ownCloud where they wanted a faster development pace and no different editions like owCloud's Community vs Enterprise.  I haven't tried it but it looks promising.

2.4 Development Snapshots / Traffic widget crashing WebGUI?
« on: February 28, 2017, 01:02:34 pm »
I run 2.4 on a test node.  It doesn't do much at the moment other than sit there 99% of the time.  I've noticed that after leaving it alone for awhile, I'll check back and see After.png.  Normally it looks like Before.png.  Not much in the System log except a lot of strange cruft:

Code: [Select]
[tt]Feb 28 08:49:47 check_reload_status Linkup starting vmx0
Feb 28 08:49:47 php-cgi rc.bootup: Resyncing OpenVPN instances.
Feb 28 08:49:47 check_reload_status Linkup starting vmx1
Feb 28 08:49:48 kernel .done.
Feb 28 08:49:48 kernel done.
Feb 28 08:49:48 php-cgi rc.bootup: ROUTING: setting default route to
Feb 28 08:49:48 kernel done.
Feb 28 08:49:49 kernel done.
Feb 28 08:49:49 php-cgi rc.bootup: NTPD is starting up.
Feb 28 08:49:49 kernel done.
Feb 28 08:49:50 check_reload_status Updating all dyndns
Feb 28 08:49:50 kernel .done.
Feb 28 08:49:54 php-cgi rc.bootup: Creating rrd update script
Feb 28 08:49:54 syslogd exiting on signal 15
Feb 28 08:49:54 syslogd kernel boot file is /boot/kernel/kernel
Feb 28 08:49:54 kernel done.
Feb 28 08:49:54 php-fpm 379 /rc.start_packages: Restarting/Starting all packages.
Feb 28 08:49:54 kernel done.
Feb 28 03:48:28 login login on ttyv0 as root
Feb 28 03:48:28 kernel done.
Feb 28 03:48:28 sshlockout 59235 sshlockout/webConfigurator v3.0 starting up
Feb 28 04:10:11 php-fpm 68497 /index.php: Successful login for user 'admin' from:
Feb 28 13:51:05 php-fpm 4228 /ifstats.php: Session timed out for user 'admin' from:
Feb 28 13:53:10 php-fpm 47115 /index.php: Successful login for user 'admin' from:[/tt]

None of this appears relevant but it does show that some log messages do not seem to care about the timezone (+5 where I am).

Can someone explain to me the thinking of people that come here for help, deliberately scroll past all of the the actual specific support forums and end up posting their issue here in General Discussion?  Every single day, at least one person does it.

I know I'm fixated, OCD & uptight about this, but I just don't understand how it happens so consistently.  Do they think they won't get help in a support forum?  Do they not bother to read anything until they're halfway down the page?  GAH!!!!

General Discussion / Mastering pfSense
« on: January 18, 2017, 09:52:27 am »

Has anyone seen this book?  No idea it existed until today.

General Discussion / Merry Christmas Everyone!
« on: December 24, 2016, 10:03:58 pm »
Enjoy the holidays and come back fresh in 2017!

Pages: [1] 2 3 4 5 ... 7