Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - ashima

Pages: [1] 2 3
General Questions / Cloning pfsense 2.4.2 harddisk
« on: December 29, 2017, 12:50:42 am »
Hi everyone,

      I have recently moved to pfsense 2.4.2. There are lot of packages installed on this box and also this box does an openvpn site to site connection with the head office. I was trying to clone the harddisk so in case of 1st hard disk failure, the user can just connect the secondary hard disk and it is up.

In earlier version of pfsense 2.3.2, I was able to clone the hardisk using acronis but now it clones the second hardisk but doen't boot from the there. Any suggestion on how to clone pfsense 2.4.2 .


General Questions / 2.4.2 not getting install on Intel 945 motherboard
« on: December 14, 2017, 06:15:09 am »


    I have an old Intel 945 motherboard. I am trying to install pfsense 2.4.2 using usb mem stick. But it says Boot record not found.
The same pen drive is working on other systems.

I also tried installing  pfsense 2.4.2 through an iso installer (cd ) but again says No boot record found. However pfsense 2.3.2 through cd is installing perfectly on this board.

Is there any special BIOS setting required on this board for pfsense 2.4.2.

Any pointers ? It's slightly urgent...



Routing and Multi WAN / 3 WAN with load balancing n failover
« on: November 28, 2017, 12:50:43 am »

    I have 3 leased lines (11 Mbps, 9 Mbps, 5Mbps). I want to do following setup :

1) Load Balance WAN A + WAN B
2) Failover between WAN A and (Load balance between WAN B + WAN C with 2:1 weight) ie if WAN A fails traffic should load balance         between Wan B and Wan C.
3) Failover between WAN B and WAN C

To do so I have created Gateway group

1) WanAWanB   

         WanA    WanB
   Tier      1        1
Weight    1        1

2) WanAUP

          WanA     WanB    WanC
   Tier        1        2       2
Weight      1        2       1

3) WanBUp
            WanB     WanC
Tier          1        2

In Firewall LAN Rules

Allow all LAN Traffic through WanAWanB
Allow all LAN Traffic Through WanAUP
Allow all LAN Traffic through WanBUP

Is my setup correct. Any Suggestions

General Questions / Fixing Ip Address of client connected through openvpn
« on: October 16, 2017, 02:56:28 am »
Hello everyone,

      I have Static Ip at Head Office connected to branches through Openvpn via pfsense firewalls at both ends. The branches doesn't have static Ip. There is an application on one of the server at the head office which allows connection from allowed ip addresses.

I am confused what Ip Address a client at branch office would get connected to Head office Server.

The Static Ip at Head Office is :

The Lan Network at Head office :

The Lan Network  at branch office is :

The tunnel Network is :

The branch offices uses 4G dongle to get connected to Head Office.

Can I assign a fix Ip Addresses for clients from particular branch office when get connected to head office.

I am not sure whether I have made the situation clear.

Thank you,

General Questions / Certain sites only work on IE8
« on: September 26, 2017, 07:19:41 am »
Dear All,

       I am sorry if its off the topic.... but our company need to excess certain DMS sites which work only on IE 8 . As a result we are struck to Win XP.

All these desktops are behind pfsense firewall 2.3.2. running squid. Is it possible to do certain settings on the firewall so that when they access these sites they seem to come from IE8 not IE11.

I am completely clueless.
Any Pointers ?


OpenVPN / Site 2 Site OpenVPN with dual WAN
« on: September 18, 2017, 02:02:39 am »

     I  have all my branches connecting to head Office through OpenVPN. Few of the branches  have pfsense boxes and others have cisco  e900 with ddwrt flashed. They are all working fine.

      The head office is getting another Internet line.

      I have gone through the article

      I have configured the Server by setting the OpenVPN interface as localhost and port forwarding.    I have few questions :

      1) At the client site how should I configure so that if  WAN1 of headoffice goes down, it should automatically connect through WAN2 of headoffice.

     2) Do I have to distribute the certificates to the branches again after dual WAN change in the server. ( For road warriors I had to again download the certificates from the OpenVPN export client utility and reinstall it at the client side)

     3) In ddwrt, can I just give 2nd wan IP and port in the additional config ?

Any Pointers ?


Hello everyone,

          I am just struck at a very strange situation. This may not be the right place to ask but If anyone can help me out...

My Scenario :

Pfsense 2.3.2 box with vlan 101 (  on Lan (

 Netgear managed swicth GS108E connected to lan port. The first port is connected to firewall. Ports 2-6 are doing a vlan tagging for vlan 101. All my devices are connected to port7 and port 8 which are on LAN.

 I am able to ping from vlan101 network to Device on LAN network and vice versa. For mDNS I have enabled IGMP snooping in Netgear switch. So any device on vlan 101 are able to discover devices on lan (Port 7 & 8).

The problem arises when I connect a wifi access point to port 2-6 on Netgear switch. The IPAD get IP address in 101 series and it is  able to ping any device on LAN network ( but mDNS is not working ie it is not able to automatic discover devices connected to LAN network. I think the access point is causing the issue. Can any one point where am I going wrong.

Thank You,

Packages / Trouble Configuring Avahi
« on: July 05, 2017, 06:25:00 am »
Hello Everyone,

I need to do a simple home network.

The setup is as follows :

  pfsense router ----> unmanaged switch ------> all wifi devices + 2 managed switch (Netgear GS108E)

Pfsense 2.2.3 with vlan 101 on Lan port.

The last 3 ports of the managed switch are configured to tag vlanid 101. All my devices ( amplifier, streamer ... ) are connected to these ports.

The firewall rules allow any communication between the LAN port and VLAN101.

Avahi is installed for mDNS. But my Airport Utility installed on a pc connected to lan port is unable to communicate to Airport Extreme Base Station on VLAN101 Port. I have tried all kind of setting but I am not able to detect the device. If the laptop and airport are on same port (untagged LAN or Tagged VLAN101) they are able to communicate.

Can anyone help where am I going wrong.

Thank You


   Hello everyone,

                I am having a production box at one of the remote location. So I need to be very sure before I implement any changes. Here's my setup :

PFsense version 2.2.3. Three WAN connections :

WAN A  ---- primary default WAN  (static IP)
WAN B ------ backup WAN     (static IP)
WAN C ------ connected to other branch through a fiber cable. Traffic to should only pass through this. It has it's own dns (10.x.x.x) server. The normal internet traffic should never go through this.

This is how I am planning to do the setup :

Step 1 :  In System--Routing---Gateway group

        a)   AUp
              WAN A   ----    Tier 1
              WAN B   ----    Tier 2
              WAN C    ----   Never

     Trigger when  ---  Member down

         b)  BUp
              WAN A  ---- Tier 2
              WAN B  ----- Tier 1
              WAN C ----- Never
       Trigger when   -----   Member down

  Step 2 :   System---Routing----Static Route

                 Destination : 
                 Gateway     : WAN C

Step 3  :  Firewall ---- LAN Rule

                   Rule 1

                  destination : WAN C net
                   Gateway    : WAN C Gateway

                  Rule 2
                  destination  : any
                   Gateway : AUp

                   Rule 3
                    Destination : any
                    Gateway : BUp

Step 4 : System----ADvanced---- Miscellaneous

               Tick switch default gateway

                Tick  reset states                   ( I read in the forum this is  required when WAN A comes back live after a failover. )

Step 5 : System ----- General

              DNS 1        WANA DNS
              DNS 2         WANB DNS

Is there any thing else I need to take care. Please suggest. I need to make these changes ASAP.

Thank You,


Hello everyone,

      I have done lot of reading about setting up OpenVPN. I am bit confused.
Here's my requirement :

All Branch Offices (15)  should be able to connect to Main Office. No communication required between Branch Offices.
Also there are few road warriors who should be able to connect to Main Office.

MY Settings:

Main Office Local LAN :
Branch Offices Local LAN : 192.168.[1-15].0/24

Steps @ Main Office PFSense box running 2.3.2:

Created a CA VPNServerCA
Created a user with cert with VPNServerCA (For Road warriors)

Used OpenVPN wizard to setup server.
Here are the details:

Server Mode      : SSL/TLS with user auth     
Protocol             : UDP
Device Mode      : tun
Tunnel Network :
Local Network    :

Using Client Export I have downloaded the client installer and it is working perfect for Road Warriors.

Now to connect the Branch Offices,  the same OpenVPN Server Instance will work or I have to create a new OpenVPN Instance @ Server at Main office ?

Do I have to use

Server Mode as Peer to Peer SSL/TLS    or    Peer to Peer Shared Key (I have 15 branches)
Tunnel Network as   
Local LAN as

Do I have to setup remote LAN as ( I am confused here).

Do I have  to do some other custom settings or client override settings.

Please Help.


Cache/Proxy / How to add header request in squid.conf
« on: January 10, 2017, 11:06:51 am »


      I am using pfsense 2.2.6 with squid and squidguard with SSL bumping.

I am would like to block community gmail access. The user can only access gmail of

After some googling I found that I need to add following code to squid.conf

request_header_add X-GoogApps-Allowed-Domains "" all

Now where I do insert this code.

Any help
Thank You

Firewalling / Urgent File Server behind Firewall got hacked
« on: December 22, 2016, 11:37:40 am »


    I am using pfsense 2.2.6 and I have a file server behind it. The file server is generally accessed locally but for some administrative purpose it is some time accessed remotely.

    The port 3389 (win rdp) is kept open so that system administrator can rdp remotely.

Teamviewer is also installed in the system.

Today when the adminstrator logged in using teamviewer to the server.... someone opened a notepad and wrote this

    "Your File Server is hacked ... Change your password .... Ha ha ha"

On checking the States in firewall... we found a rdp was established from an ip address not familiar to us.

We immediately closed port forwarding in firewall. My question is

1) How to we trace any other info about that ip in the firewall logs ?

2) How to we prevent any such attack in future ?

3) How safe is MS rdp... Is it possible to get administrator password hacked remotely. ( FYI although the port 3389 is opened in firewall, the file server is never accessed through rdp. It is generally accessed using teamviewer )

4) How safe is teamviewer or logmein.

I'll be grateful for any kind of help or pointer.



 Hello Everyone,

      I am using pfsense 2.2.6 with captive portal and freeradius 2. I would like to limit certain users with limited number of devices.

Say user1 can connect at the most with 2 devices ( laptop & mobile) simultaneously.
user2 can connect at the most with 3 devices simultaneously.

Is it possible to do so ? How do I do that.

I read it in forum... someone trying with mysql. But I don't want to install mysql... Is it possible.

Thank you,

Captive Portal / Logout Option with captive portal + free radius
« on: December 16, 2016, 01:19:27 am »


      I am using pfsense 2.2.6 with Captive portal with freeradius authentication and https webgui. I would like to provide users with logout option. As I read in the forum enabling logout option doesn't work if popups are blocked in browser. So what is the best way to achieve this. I have a mixed bag of devices connecting to my network.... apple, windows, androids..... its a coworking space.

Some time back there was a discussion in the forum... but it's all confusing me.

Can any one help me in this.

Thank you

Routing and Multi WAN / MultiWan with Squid + Squidguard
« on: December 10, 2016, 03:12:33 pm »

        I am using pfsense 2.2.6 with 3 WAN connections from 3 different ISPs, I would like to to install squid + squidguard on this box.

1) Can I have load balancing and proxy running on same box or I'll need two boxes ( one load balancer and another as proxy server).

2) Will the proxy server able to load balance between the three gateways. What extra command do I need to provide.

Thank you

Pages: [1] 2 3