Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - magrw2066

Pages: [1]
My pfsense hardware problem is the hardware section(sg4680).
But I want to generate dns responses on raspberry pi linux to test my firewall but finding dns response packet dumps(even on serverfault) has become extremely difficult!
***I added the link to generate my desired dns response packets (possibly) ***
Example basic response(raspberry only has host cmd for dns and it says my response is malformed):
+00: <two byte serial id><0x8000:response packet w/ 0 rc>
+04: 0x0001 0x0001 0x0000 0x0000(end of 12 byte header)
+12: byte-length-of-label label byte-length-of-label label 0x00
qtype:0x0001 qclass:0x0001
 byte-length-of-label label byte-length-of-label label 0x00 
qtype:0x0001 qclass:0x0001
unsigned-int: time-to-live
byte-length-of-address(4) 4-byte-internet-address

Thx in advance,


Official pfSense Hardware / Sg4680 won't boot
« on: March 07, 2018, 09:21:28 pm »
My sg4680 is unusable (factory reset won't work) but my console (Intel NUC) won't boot at all live DVD-external DVD reader from linux format)
Thx in advance


What are the consequences on an sg4680, of
zeroing the ufs volume?
Your support contact is more $ than current price of box.
Is there a VPN connection for the update-from-console option? For extra $?
Can you bootp from the update box for a fee?
JC Magras

Official pfSense Hardware / CVE-2017-14493 affects routers
« on: October 05, 2017, 10:50:59 am »
I have found this announcement. Said bug affects android,linux and some routers.
Address space randomization affected.

My 4680 was nearly bricked last nite and now is semi-normal very odd its less than 3 months old.
I WANT A HARDER RESET! Will dd it's next time.

Is there a preferred set of tty options for the console?
JC Magras

UPDATE: system log: arpresolve can't allocate llinfo on igb0.1

|          wan           |
|  wanx gw  |
|    pfsense          |
|                            |
|            lan (subif:        |
|   (udp dns to.    |   
| dnatd by|
|    iptables)        |   
|           client       |
|                            |

Verified iptables dnat: ping -m mark-in-decimal. shows in snort output.

The dig command fails because dns packet does not make it to the wan address in spite of static route defined in the attached files.

JC Magras

PROGRESS: I found snort in 'packet capture' under "Diagnostics".
But my 4680's console connection is often unresponsive (screen /dev/ttyUSB0 115200,ixoff,echook) so logs are difficult to read.
Is refresh of status page tied to console refresh?

JC Magras

Official pfSense Hardware / FIXED:Wan freeze! No return route
« on: September 30, 2017, 02:54:54 pm »
My pfsense hardware suddenly froze at 'configure wan interface' even though the Motorola/att box has all 4 lights on.

 Also have only one directional tracerouting! No reverse !
[FIXED: ok fixing my problem again (sigh), I reset to factory defaults and set WAN to igb0 and LAN to igb1 but after finding the log from some other post, I found a protest over seized mac addresses. Now why would it care?]
JC Magras

This is probably off-topic but if I use console access I can ping wan and lan ip addresses but I can not ping the wan address and Firefox can not load webconfigurator.
The box accessing console via usb cable has ether plugged into lan port directly (no switch).
I have used 'sudo ip addr add dev eth0' and 'sudo ip route add default via'
Ping'ing from terminal to lan address works but not wan address. It used to work. The console shows both addresses correctly.
Thx in advance.
JC Magras

FIX: change my client device ip address. I did a ping on lan address after invoking shell on pfsense box. The pfsense LAN address and client ip address were the same. The fact that this duped address situation worked is appalling. This dup address proves routing debugging tools are still needed.


I have a sg4860 and I have not been able to bring up webconfigurator.
I get to the sg4860 console via 'screen' command from intel nuc/linux.
(Does ANY UBUNTU/FEDORA carry minicom/cu/screen WITHOUT apt?)
My ISP is ATT but their box mostly supplies WIFI. I have a direct line from att
opt port to  the SG4860's wan. BUT
the shell shell from sg4860 console says:
netstat -rn -4
dest                     gateway             link#10           UH    lo0     link #2           U       igb1         link#1             UHS   lo0      link#2            UHS   lo0      0:8:a2:x:y:z   UHS   igb1

I cannot bring up webconfigurator or ping
Note : wan is reported at console as igb1 and lan is reported as igb0
Security: an old zyxel based wifi usb dongle seems to cause crashes of pfsense.

General Questions / need help: pppoe being blocked on hacked redboxhe
« on: October 12, 2014, 08:56:32 am »

My redbox appears hacked because:
A: the status page shows wan green
      arrow but no address
B: I can make a manual pppoe connection
C: system logs fulll of pppoe "failures"
Reset did not work!

Thanks in advance,


OpenVPN / pinging openvpn endpoints
« on: July 18, 2014, 02:26:36 pm »

dsl<===>pfsense redbox<===->fedora 20

I have connected to a commercial vpn.
I can ping the only lan-side host.
I can ping over the dsl modem.

System:gateways goes from 2 green entries
to openvpn being shown with the CORRECT
gateway address but IN RED. (see attachment img 1)

ifconfig reports ovpnc1 with '10.200.5.x->10.200.5.x'
Yes DUPLICATE addresses of the distant endpoint.

Yes, ICMP ping messages are enabled in firewall:rules
see attachments.

How can I make ovpnc1's addresses ping able?

I have some pictures but They seem to be blocking
the post from working (message too big Hint<4meg).
Thanks in advance,



dsl <--->redbox (lan+wan) <---->fedora 20

ifconfig shows openvpn coming up but says things like this:
ovpnc    10.200.n.5  10.200.n.5       <--- no mention of gateway addr 10.200.m.1

system->gateways shows 2 entries
with ovpnc in red with correct gateway address

using 'redirect-gateway' does not work.

Thanks in advance.

Pages: [1]