Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - border

Pages: [1]
Installation and Upgrades / migration to SG-3100
« on: March 05, 2018, 11:40:39 am »

I just ordered the SG-3100 and have a question on the migration from my current pfSense configuration.
The expected path would be: backup complete from current system, unplug current system, plugin SG-3100, restore backup. However, there are a few things I would like to check:
* will packages be automatically installed based on the restore of the configuration? If not, do I manually (one-by-one) install them? If so, before/after the restore of the profile? On the backup/restore page there is an option to reinstall the packages. Is that a better option to install them on the new system or is that only for reinstalling already installed packages?
* when doing the install on the new system I will need to (of course) unplug the old system (or we will have an IP conflict) but is the new system not "unprotected" between plugging it in and restoring the profile from the old system?

Perhaps these are non-issues but I want to be sure to not have a bad start with the new system.


OpenVPN / OpenVPN accessing LAN systems
« on: May 27, 2017, 06:27:19 am »

Many discussions on this topic (how to access LAN systems through OpenVPN) but no clear step-by-step guide. Unfortunately none of the discussions provides a solution.

What I would like to achieve is that my pfSense box runs an OpenVPN server through which road warriors can connect and have access to the LAN systems. While setting up the OpenVPN server works and accessing the pfSense box is possible, none of the LAN systems can be reached.

Current settings:
* OpenVPN is running (tun device) on tunnel network
* IPv4 Local network is set to (the LAN)
* custom option: push "route"

In the Firewall -> NAT -> Outbound:
* WAN   *   *   500   WAN address   *      Auto created rule for ISAKMP
* WAN   *   *   *   WAN address   *      Auto created rule

Would be great to get this working so if anybody has a pointer to a step-by-step guide that would be very helpful!

Packages / Reverse proxy: how to set X-forwarder
« on: April 01, 2014, 01:51:31 pm »

I would like to set X-forwarder but there is no GUI option for that.
How can I change it? The squid.conf file indicates that it should not be changed directly (using vi)...

DHCP and DNS / DNS forward: remote IP address
« on: March 31, 2014, 11:30:39 am »

I have configured DNS forward on my pfSense box to an internal Apache server.
This works great.

However, in the Apache log file there is always the IP address of the pfSense box as this is the one forwarding the call. Is there a possibility to have the DNS forward pass on the remote IP address to the internal Apache server? The reason is that I have fail2ban installed on the Apache server but when there are a number of invalid login attempts the pfSense box is blacklisted and not the remote IP address...


Packages / DNS forward: including ports
« on: February 08, 2014, 01:55:16 am »

I am running an email server behind pfSense. The email server has webmail (say and pop/imap.
Accessing the email server from external works all fine but there is a problem from within the LAN.

An email client on a laptop is set to access the server from the outside but cannot access from the inside. So I used DNS forward to forward an internal request for to the LAN address of the email server. This works fine for port 80 but not for others like 110. Of course I can access the other ports using the LAN address but that would require reconfiguring the email client every time.

Is there a way to also forward other ports?

OpenVPN / cannot access LAN through OpenVPN
« on: February 01, 2014, 04:45:13 am »

Although I assumed it would be a typical problem I could not find the solution so hence the question...

I configured OpenVPN and am able to login from outside the network. After connecting I can browse the internet but I cannot access any LAN computers other than the pfSense machine. S I assumed it would be a routing problem. After searching for a solution I added some commands (under Advanced Configuration):

push "route";
push "redirect-gateway";
push "dhcp-option DNS";

The pfSense gateway is on the network while the VPN clients are on
But even with these commands the road warrior cannot connect to other LAN computers.

Any help is appreciated!

Packages / Squid3 disappeared
« on: December 21, 2013, 04:08:47 am »

Yesterday I wanted to change a reverse proxy setting but the option was no longer in the menu.
However, Squid3 was still working as the reverse proxy was accepting and redirecting external requests based on URL.

I decided to look at the packages and Squid3 was not in the list of installed packages but was listed as a package available for installation. So I installed it and went into the menu for configuring the reverse proxy. What turned out was that all my reverse proxy settings were still there.

So why did it disappear from the menu and was it in the list of not installed packages?

Pages: [1]