Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - marcvb

Pages: [1]
1
Firewalling / Url Table - force update
« on: March 06, 2018, 06:33:59 am »
Hello,

We want to force an update of the url table each 5 minutes.

We have changed the cron job /usr/bin/nice -n20 /etc/rc.update_urltables to: */5   *   *   *   *
But it seems there is also an age check of the file.

Bellow is inside the rc.update_urltables, is it posible to always force?
Maybe something like /usr/bin/nice -n20 /etc/rc.update_urltables forceupdate


// Set whether or not to force the table update before it's time.
   if (!empty($argv[2]) && ($argv[2] == "forceupdate")) {
      $forceupdate = true;
   } else {
      $forceupdate = false;
   }

2
Firewalling / Url Table - view current content
« on: March 05, 2018, 09:23:16 am »
Hello,

We would like to know if it is possible to view the content of an url table ?
We are not sure if the url table is updating each day.

3
webGUI / Auto login with link
« on: January 16, 2018, 08:12:28 am »
Hello,

Al of our pfsense we manage with a single dashboard but we want to create a link for each firewall containing the username and password.
Is there a way to pass the username and password to the firewall within the url to auto login without having to type the password ?

4
General Questions / Clear source tracking
« on: September 27, 2017, 01:38:09 pm »
Hello we are looking for a way to clear the source tracking each evening because we set the sticky connections to 24 hours and dont want them to expire during the day.
I think it has to do something with DIOCCLRSRCNODES.
We cant do a reboot because there is a carp with loadbalancing and 12 iis servers behind it.

We are planning to move to haproxy but it takes time to test it with the webapplication.

We need the sticky session because some reports are saved in memmory w3wp and not in the session state, yes i know that is stupid.  :o

5
General Questions / pfDash central management
« on: September 04, 2017, 03:29:16 am »
Hello everyone,

We are looking for a central management tool for pfsense.
Until now we are unable to find a satisfying one.
At the moment we have around 50+ pfsense firewalls, most of them are on hardware, some are on vmware.

What we are doing right now is building a portal/dashboard.
We are thinking for publishing it on github.
The project will have a service witch will collect data on interval and will save it in a mysql database.
Currently its on the fly, when this has been build it will be publish.

I would like to know if someone is willing to help us with this project.

The application will connect over ssh to the firewall.
So every commandline command will be posible.

What can it do right now:
1. Get pfsense version number
2. Get Memory status
3. Get the uptime
4. Get the tempature (not vmware)
5. Get the system model
6. Automatic deployment of management scripts and update
7. Firewall restart
8. Firewall update
9. Config download/backup
10. Let the system speaker make a sound
11. Get amount of states

6
NAT / Nat port with dynamic source
« on: August 09, 2017, 09:19:28 am »
Wat are we trying:

We want to give us the option to be able to open a port for the public ip where we are at the moment.
We can use VPN but that is to much overhead.

What have i tried.

I created a nat rule with a alias as source.
This alias is filled from a webserver, created a desktop application to update the webserver.
Only the alias updates each 24 hours, not instant or each minute.
I can change the script for pfsense to get it each minuten, but i fear it will put to much stress on the firewall.

Maybe you guys have a better idea.

7
IPsec / Ipsec with dual pfsense
« on: February 24, 2017, 01:37:38 pm »
Hellow fellow pfsense lovers.

We changed our main firewall for a pfsense (without Nat).
This pfsense is our main router/firewall because we have our own subnet.
Behind our subnet there are multiple pfsense firewalls witch have there own public ip in our own subnet.

The pfsense firewalls behind our main pfsense (without Nat) have ipsec vpn to other remote sites.
But the thing is with the new main pfsense (without Nat) in front of the pfsense the transfer over vpn are very slow en will stop most of the time.
We have tested this with SMB and FTP.

Maybe we have to do some performance tuning in the main firewall.
In the attachment is the specs of our new main firewall/router


With our old firewall/router this was not the case.

8
Traffic Shaping / Limiters view usage
« on: November 04, 2016, 03:54:01 pm »
Hello everyone,

I was wondering if it is possible to view how much is used from the limiters.
I know this page exist but i cannot find what belongs tot what limiter: Diagnostics -> Limiter Info
Maybe there is a plugin of page i haven't found yet.

9
webGUI / Order limiters by name
« on: August 20, 2016, 10:09:24 am »
I do not think it is possible by default to order the Limiters by name.
Does someone know if this is possible and how?

I think i have to edit the firewall_shaper_vinterface.php.
The reason i want to order the limiters by name is because i have limiters for all my DMZ ip's

Example
17-In
17-Out
2-In
2-Out
6-In
6-Out



If i create new ones they will be put on the last position.
Not a big deal but it would make it a bit easy to look them up, now i use the browser lookup function.

10
Routing and Multi WAN / PFsense as Router for public subnet
« on: August 19, 2016, 08:29:24 am »
We want to change our main firewall/router with a pfsense.

Our current firewall/router is setup with a wan ip from the isp for example 213.167.104.47.
The lan is our public subnet, for example 213.167.186.1, behind the router we can use 213.167.186.1 to 213.167.186.254.

In the router we have rules in the “Pass through section” for example

Incoming: Accept any to 213.167.186.50 with service 80,443 : trafficshaping 20Mbit
Outgoing: Accept 213.167.186.50 to any with service any : trafficshaping 20Mbit

What is the best way to be able to do this with a pfsense box?


11
General Questions / Pfsense Gold, back-up download
« on: July 09, 2016, 08:57:50 am »
Hello we setup our pfsense gold account with some of our firewalls.
We where wondering if there is a portal available where we can download al the back-ups instead of on the firewall it self.

Thank you.

12
IPsec / [Solved] Cant access pfsense https over IPSec
« on: July 06, 2016, 03:26:51 pm »
We got this realy strange problem.
We worked with 3 senior it employees on this problem and we cant find the solution.

We got an IPSec connection between 2 sites.
We can ping from both sides the internal lan ip of the pfsense.
But from site 1 we are unable to open https sites on site 2 on the lan ip.
From site 2 to site 1 this isn't a problem.
We changed the firewalls on both sides for pfsense still the same problem.
Strange thing is we can't connect to the pfsense lan over https and also a Linux web server is giving the same problem, what is even more strange is that we can access a Windows iis webserver over the same vpn.

We tried changing ip ranges and rebuild the firewalls on both sides. We even connected a third site over vpn. This site has no problem what so ever.

Hope you can help us out.
We are planning to restart the switches at site 1 to see if that solves the problem

13
General Questions / State Timeout
« on: June 01, 2016, 02:01:43 am »
Hello pfsense enthousiast,

I would like to know how i can keep the connection open for a single ip adres.
I edit the State Timeouts, but the states are growing very big in size as expected.
They are getting to big, so i am planning to revert them back to default.
But i want to keep the connection open for a single ip.

14
Routing and Multi WAN / Diffrent Wan gateway adres for port 80 en 443
« on: April 09, 2015, 04:55:43 am »
Hello Frends,

We want to be able to reroute internet port 80 and 443 over a difrent gateway.
We now have 2 nics in the pfsens

WAN nic:
IP: 213.178.196.24
Gateway: 213.178.196.1 (default)
Second Gateway: 213.178.196.2

LAN nic:
IP: 192.168.1.254

We made rules for port 80 and 443 to go over the gateway 213.178.196.2 , but this does not work.
It seems to be only working with lan addresses, to test I created a second pfsense with lan 192.168.1.253 and a wan with 212.178.196.23 and as gateway 213.178.196.2. I set the rules to use 192.168.1.253 for port 80 and 443. This works but i don't want the extra pfsense. is there a way to get this working with 1 pfsense ?

15
General Discussion / Multicast website not working
« on: November 26, 2014, 01:22:40 am »
Hello we are new to pfsense,

We started with a new firewall with pfsense, only our nlb Microsoft cluter cannot be contacted (iis website).
the following error is shown in pfsense: kernel: arp: 03:bf:d4:b2:c4:73 is multicast

Our internal lan is: 192.168.1.1
Our wan is: 222.187.186.18
Our wan router is (wan gateway) : 222.187.186.1

We do not have this error with other firewalls, the nlb has a wan ip 222.187.186.100 and al the cluster servers also have wan addresses.
Its a Microsoft nlb multicast.

Pages: [1]