Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - SLIMaxPower

Pages: [1]
pfBlockerNG / Blocked website help
« on: July 25, 2017, 10:19:39 pm »
I have a nzb website that I can't access when I have pfBlocker enabled. I have whitelisted the IP and website domain but it is still blocked.

Pressing f12 in firefox just shows the site has timed out.

Firewall log shows that my auto allow rule is allowed on port 443.

This is happening on both wired and wireless clients. I can disable wifi on my phone and it gets straight through.

I can ping and tracert on both a machine on the network and the pfsense box.

I have snort running only in alert mode and it has ET POLICY Lets Encrypt Free SSL Cert Observed.

I have followed most of the guidelines for blocking and allowing certain ports etc.

I have tried grep the ip and website addresss in /var/db/* and not getting any results. Not sure where else to try.

pfBlockerNG / dnsbl is partial blocking ios games
« on: June 11, 2017, 01:33:38 am »
I have multiple feeds setup as per the thread.

My wife plays alot of IOS games and has to tap in some games to earn rewards.  These are getting blocked. I have tried to add these domains to the whitelist from the dnsbl alerts window but aren't having much luck.

pfBlockerNG / PHP Stack trace error
« on: May 26, 2017, 07:41:36 pm »
Not sure whats going on here

[27-May-2017 07:01:47 Australia/Perth] PHP Stack trace:
[27-May-2017 07:01:47 Australia/Perth] PHP   1. {main}() /usr/local/www/pfblockerng/pfblockerng.php:0
[27-May-2017 07:01:47 Australia/Perth] PHP   2. pfblockerng_sync_cron() /usr/local/www/pfblockerng/pfblockerng.php:71
[27-May-2017 07:01:47 Australia/Perth] PHP   3. sync_package_pfblockerng() /usr/local/www/pfblockerng/pfblockerng.php:393
[27-May-2017 08:01:52 Australia/Perth] PHP Fatal error:  Cannot unset string offsets in /usr/local/pkg/pfblockerng/ on line 3205

IDS/IPS / Categories Rulesets - home net help
« on: May 23, 2017, 12:22:00 am »
Slowly working through getting my pfsense setup for a home network.  Its a N36L 16gb ecc (ex freenas setup) 500gb hd, 2 x dual intel nics with one wan + one lan currently.

On my WAN interface I have 4 rulesets.

Snort GPLv2 Community Rules (VRT certified) - Enabled

ET Open Rules - All Enabled/ticked (some rules within unticked as per bmeeks and jflsakfja)

Snort OpenAppi - All Enabled/ticked (some rules within unticked)

Snort Text Rules - All Unabled/unticked

Snort SO Rules - All Unabled/unticked

The last 2 rulesets don't allow me to tick any of them. When I try I get a red stop sign on the mouse cursor.  Do I need to disable snort on the wan interface first ?

I did have IPS on WAN set at connectivity but changed to balance. ?

I am using AC-BNFA-NQ for both WAN and LAN.

Recommendations please...

IDS/IPS / Snort failing to start on WAN
« on: May 22, 2017, 08:13:14 pm »
I am fairly new and have been following guides on setting up snort on wan and lan. I had an issue with subscription rules not updating which is now resolved.

Now I am getting Snort won't restart on wan.

System Logs show:

FATAL ERROR: /usr/local/etc/snort/snort_65265_em0/rules/snort.rules(427) Unknown rule option: 'sd_pattern'.

After rebooting pfsense I get his as well:

/snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 65265 -D -q --suppress-config-log -l /var/log/snort/snort_em065265 --pid-path /var/run --nolock-pidfile -G 65265 -c /usr/local/etc/snort/snort_65265_em0/snort.conf -i em0' returned exit code '1', the output was ''

General Questions / cant get config.xml off dead system
« on: March 12, 2017, 11:46:05 pm »
I was in the middle of doing an appliance updated when it crashed. Long story short I could not get the system working again and I don't have a recent backup.

I have put the hard drive in another pfsense system I have and am trying to mount it so I cant get the config.

ls /dev/ada*


/dev/ada0       /dev/ada0s1a       /dev/ada0a1        /dev/ada0s1b        <<<<---- this is the system I put the crashed system hd into

/dev/ada1      /dev/ada1s1       /dev/ada1s1          /dev/ada1s1b          <<<<<<---- hd i want to mount to get the config file

mount /dev/ada1sib  /mnt/s2


Invalid Arguement

mount /dev/ada1 /mnt/config


Invalid Arguement

mount /dev/ada1s1a /mnt/con2


lost+found dir.

Need help in getting the config file off this drive.

Routing and Multi WAN / Multiple Subnets not browseable
« on: November 15, 2016, 09:18:54 pm »
This is my setup.

Modem (WAN)--- Network Appliance (PFSense)

                                                 |                               |                   |                         |
                                               LAN1                         LAN2             LAN3                 LAN4

                                                 |                                |                  |                          |
                            subnet 192.168.2.* /24        192.168.1.*/24    unused                 unused

                                                 |                                 |
                                         unmanaged switch      unmanaged switch

Both subnets can browse the internet.

I can ssh from 192.168.1.* into servers on 192.168.2.*

I can't browse network shares on 192.168.2.* from 192.168.1.* on Windows PC's and vice-versa.

Both LAN interfaces don't have an Upstream Gateway set.

Both LAN interfaces don't block Reserved Networks.

First Firewall Rule for 192.168.2.* passes any protocol from 192.168.2.* LAN net to 192.168.1.* LAN net

Allow IP options are passed due to running multicast traffic for DMX\Pixel controllers running.

First Firewall Rule for 192.168.1.* passes any protocol from 192.168.1.* LAN net to 192.168.2.* LAN net.

What do I need to do to allow network shares visible on 192.168.1.*

I will be adding another subnet soon and replacing the switches with managed switches, so things will get a little more complicated.



Firewalling / *Allow* IOS Facetime/iMessage Home Network
« on: May 07, 2015, 05:29:13 am »
I can't get Facetime/iMessage working on the internal network or public.

I have made 2 Aliases for IOS Ports. UDP Ports 16384:16387 16393:16402 3478:2497 TCP 5223

I have made several Firewall changes.

Any help would be appreciated to get it working.

Firewalling / Schedule Firewall Rules Blocking all LAN
« on: April 24, 2015, 03:08:42 am »
I made 4 rules to block my childrens wifi and computer time (currently at the bottom of the rules list)

When I put these rules at the top of the rules list all devices/pcs on the network are blocked.

First I made alias for their computer's ip's and wifi ips.

Second I made schedules.

Third I made 4 Firewall rules as can be seen at the bottom of the firewall rules.

Need some help.

Firewalling / firewall/openvpn blocking some traffic
« on: April 12, 2015, 12:26:48 am »
I have pfsense on a dedicated machine up and running fine. All devices connect via wired or wireless can access what they did before. They have static ip's set.

Got my openvpn client setup yesterday. web-browsing email etc are fine.

I have allowed some game ip's to bypass the vpn rule in firewall which work fine.

freenas jails including usenet/sickrage/etc all work through vpn.

facebook games on ipods and mini's wont load.


I have tried to allow 443 through vpn by firewall rule:

source: lan net  dest: * Port 443 gateway vpnv4

This is one device from firewall log

Source:       Dest:      Proto: TCP:FPA


General Questions / <solved > No Internet
« on: April 08, 2015, 10:51:24 pm »
Hi. Pfsense n00b needing some help. Can't get net access for starters.

My modem ( half bridged mode ) IP is set as / ( I tried / to allow only 2 ip's but modem wouldn't accept that) The second IP was going to be used to allow access to the modem webgui from the plan - can't do that either.

PFsense box:

wan ip modem

lan ip to switch

I can ping from diagnostics, but can't ping outside.

Edit. Ping gives me 100% packet loss.

Tried giving wan IP, left wangw as

I have been searching and trying other solutions I have read.

My modem is a modem/router with voip. It apparently runs in half-bridge mode. I have disabled nat, dhcp etc and only let it connect to the net and voip server.

Default any lan source to any destination in firewall/lan
also added lan net to wan net.

Probably missed something simple.

OpenVPN / pfsesne + openvpn (running my own vpn)
« on: March 21, 2015, 11:45:58 am »
I am new to pfsense. Be gentle :)

I have played around with clarkconnect and similar distros years ago but never put anything into "real world use"

Our household internet usage is quite large, and with the metadata laws passing here I want to secure/encrypt the connection.


I have a N54L + 16th ecc ram with 3 nics - 2 Intel and 1 on board ( would use the on board for bridged modem )

I want to use pfsense and openvpn to secure the whole connection, bandwidth control wireless clients (kids) etc etc

I want pfsense to control my home connection (adsl2+ via bridged modem) as well as other pfsense duties.

My cat5e home network consists of 7+ wired pc's, 1 wired htpc, 2 wired Freenas servers - one with jails running sab, sick rage, own cloud etc...around 10 wifi tablets/phones and a wired media player, All devices have STATIC IP's

Is it possible to run my own VPN server to encrypt all traffic - I don't want to have to setup each PC with clients to connect to the VPN - I want it controlled at the N54L.

For PC gaming what would I need to do to allow them to bypass openVPN if it affects ping/playability, but everything else on the PC to go through openVPN ?

Below is what my network would look like.

modem/router in bridge mode (ISP give dynamic ip's)


N54L ( pfsense + openvpn)



|---- 7 wired pc's

|--- switch to mancave
       |--- PC
       |--- router (router mode to extend wireless)
|--- switch

        |--- HTPC
        |--- Freenas 1 (Jails)
        |--- Freenas 2 (Backup)
        |--- 360
        | -- router (router mode to extend wireless)

thanks in advance

Pages: [1]