Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Rango

Pages: [1]
Guys i think i found good solution for openvpn throughput. Check it out and let me know if anyone tested any of those CPU. I'm targeting 300Mbps or more on openvpn. For $300 i would like to future proof it a bit as i got burned with Zotac box N3510 that can't do more then 120Mbps on openvpn. I am also attaching original 2 yr old throughput thread for reference.

The once that look interesting are CAPA500 & CAPA312 with N3350 with CAPA500 obviously slaying it. I can't find the pricing for it tho. Let me know if anyone tested some of those processors throughput.
I have attached few other sources that seem interesting. If anyone has any other hardware suggestions please post some links. Thank you.,%20CAPA318&C=3.5-inch%20Embedded%20Board,searchweb201602_3_10152_10151_10065_10344_10130_10068_10324_10547_10342_10325_10546_10343_10340_10548_10341_10545_10084_10083_10618_10307_10313_10059_10534_100031_10103_10627_10626_10624_10623_10622_10621_10620,searchweb201603_25,ppcSwitch_2&algo_expid=d2d0b89b-f7eb-4358-bcf8-506b622a23ff-1&algo_pvid=d2d0b89b-f7eb-4358-bcf8-506b622a23ff&priceBeautifyAB=0

pfBlockerNG / pfBlockerNG torrents and blocking countries
« on: March 06, 2018, 07:23:57 pm »
Guys. Help me understand from veterans perspective. I do torrents and as well know some of those p2p connections will come from different countries.

I would like to block hacker countries like russian, china etc but i don't want to block download from those countries while using torrents. I'm assuming firewall/IDS can do that or pfblocker can?

Same thing for android apk hosting sites. How can that be done in pfblockerNG? I will eventually have openvpn client as well. Currently i am using google chrome pfblocker and it works well.

Other reservation i have i think this dns service pfblockerng slows down dns requests on unbound dns service correct based on what i see in threads here?

If so anyway of keeping and not increasing dns requests times. Thanks in advance.

Guys. So i've read a lot of posts here of resolver vs dns forwarder. Help me understand one thing with my testings. I'm a newbie so if i'm asking something obvious to you please school me.

Why is dns resolver SO slow 1 sec but in real time it takes 10 seconds to display NEW full page that heasn't been visted before but when i enable DNS Query Forwarding pfsense is fastest then.

DISABLED(UNCHECKED) DNS Query Forwarding pffire is 1000 ms  10 seconds to display full page with rest of the content

VS DNS Query Forwarding enabled (CHECKED) which is now displays my pfsense being fastest. Why is unchecked forwarding SO slow. Isn't that preffered way of dns resolution. It simply does not work for

me in any configuration i tried. I'm newbie so help me understand what i'm not understanting here, why unless checked it's so freaking slow??? There will be plenty of newly visited sites.

I don't wanna wait 10 seconds for each. It's a turtle. Also notice queries improve by half from 60ms to 30ms not that it's much difference but 1000ms or 3500ms vs 35m-60ms is huge difference

especially with other html content that needs to be pulled down as well. Also look at the max 200ms vs 3500ms ...that's huge. Version of pfsense is 2.4.2-RELEASE-p1 (amd64)

Is this something to do with the way pfsense settings are setup or is this caused by ISP Comcast/Xfinity in my case? 

With dns query forwarding those dns A records are still being cached on in pfsense dns resolver server correct?

And check this out. The fastest server now slows down, not that it matters as my pfsense is fastest now but it says it shares cache with pfsense box, good but why is it slow?

Guys my pfsense keeps defaulting to as primary dns server buy that server is NOT in dns server list and hasn't been in a while.

On workstation i already clearned dns cache ipconfig /flushdns so pfsense is looking up some localhost file?

I want L3 server to be primary as it's always the fastest for me yet pfsense keep defaulting to which is 50% slower.

This is my 3rd thread. No one responded to other threads either. Not sure what's going on here. What's the point of forum if no one is willing to help out. Please help. Thank you in advance.

Hi guys. Why does a lot of host name resolutions show hijacked or incorrect dns after running performance test threw namebench. Thoughts?

Hell guys. So i wanted to change comcast default dns server on wan interface to other google dns or opendns. So i went to general setup and dns server settings and i put in for dns server.
For gateway i tried both none and wan default ip address.

Then i go to DNS server Override and i uncheck allow dns server list to be overrriden by dhcp on wan (comcast dns)

I save which applies settings and i go to and and it still list comcast dns server as resolving dns.

So then i rebooted pfsense to see if maybe it needs reboot to take affect. No luck still comcast dns. I'm on lastest 2.4.2 release.

I also did ipconfig /flushdns and relunch browser on to make sure it's not cached version and it isn't

Any thoughts guys. On my asus router which is now AP this was never an issue and it works like a charm. Thank you in adance.

Hell guys. What is rough estimated due date for production release of 2.3 version. I couldn't find this information here.
You know like Linux has time lines approximate for release. I'm not rushing anyone but even rough estimate would be helpful even if it's down the road. :)
Thank you in advance.

Help guys. I can't figure this out. I followed pia openvpn tutorial and my OPT1 interface is down but openvpn tunnel is up with ip address but OPT1 no IP.

Setup pia vpn. PIA tunnel goes up, stays up, interface shows down, doesn't get ip address in interfaces. Openvpn has PIA ip address in openvpn status. Logs show connected and disconnected. Can't browse internet as no ip on interface i assume. Basically looks like my routing NAT is not working or pia won't assign ip address or ?

Guide i used and followed.

General Questions / Can't ping any internet ip from pfsense box. Gatway
« on: February 19, 2016, 06:12:18 pm »
Hello guys. I couldn't get ip from wan so i spoofed my physical card mac in pfsense wan mac spoof. Now i can get on internet and wan int has comcast public ip number.

However i can not ping any public ip ex from pfsense box therefore i can not also setup vpn sevice as it's host is also not reachable.

I changed gateway in pfsense and it's listed correct comcast gateway ip but its down not up and restarting the service won't bring it up. Any ideas please?

DHCP and DNS / Wan interface won't recieve ip address from ISP Comcast
« on: February 18, 2016, 10:50:24 pm »
Hi guys. I would not post the question as this is step one but no matter what i do i can't get wan ip address assigned from isp to pfsense installed on vm box. I did check wan int is my physical nic card from my desktop that matches virtual mac in oracle vm box setup. If i spoof mac in wan i can get on internet then but then dns won't resolve external host like my vpn host name so i can setup and activate vpn.

I have no issue with my router, my pc nic card but not with pfsense.

My setup is as follows 2 physical nic card in desktop windows 7 running oracle vm box, installed pfsense, I also want to integrate my router as AP for wifi. So i run modem cable to my desktop integrated nic1 then nic2 cable to AP in AP mode.
I leave my ap as .1 and set gateway as my .2 which is my pfsense web interface number. I reserve .1 as static in dhcp reservation in pfsense for AP. Exclude .1 as dhcp range. Sometimes i can't connect to pfsense web interface too.

Nics are correcly assigned. Problem is my console won't show wan's blank..

I'm trying to setup open vpn client on it and do other stuff later. I've tried for 3 days and i'm out of ideas so i'm asking for help here. Is it possible that comcast is blocking pfsense somehow?

Pages: [1]