Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - timmiet

Pages: [1]
I haven't really used VLANS much.

I want 3 main networks.

1. General (UnTagged)(192.168.11.x)
2. Accounting (VLAN or new Nic?  2016 Server Essentials runs from Hyper-v)(192.168.10.x)
3. Ubiquiti  (VLAN10 on HyperV)(192.168.100.x)

I would like to setup so
General can access Ubiquiti and net.
Accounting can access General, and net.
Ubiquiti (VLAN10)can only access the net.
This seems ok with my current setup.

I have a PF Sense router with 3 nics  Wan, Lan and Opt(only 10/100 and not currently used).  The lan goes to 24 port managed switch via Trunk.  Connected to the switch via another trunk line I have a Hyper-V core server.  On my Hyper-v server I have 4 untagged servers running and one VLAN10 running for a Linux based Ubiquiti Server(For APs).  Also connected to  the switch is a very very old sonicwall router(192.168.10.x) for our accounting pc's.  I would like to remove the sonicwall and only have one router.

As is, I have 2 24 port Managed switches and a handful of unmanaged switches.  I have unmanaged switches behind the sonicwall and behind the managed switches.

I'm thinking it might be better to just use another nic in the router and also in the hyper-v server, then I could use all the other existing equipment other than the sonicwall.

If anyone makes it this far thanks for the help.
As a side note I tried to setup another VLan for my server2016 on the hyper-v and when I enabled dhcp on the VLan it stopped my untagged DHCP server from working.  Is it bad form to have tagged and untagged on the same virtual switch?

pfBlockerNG / vip 80, 8081 work but 443 and 8444 won't
« on: September 09, 2017, 04:42:31 am »
I'm not really sure where to start.     sorry it's so long.
internet is very slow, I can load and get a dot. won't load.
I have snort running but it has no alerts, or blocks.
I'm using openDns FamilyShield for my DNS server, under general
I'm using dns resolver with google safesearch list in custom options.

server: include: /var/unbound/safesearch.conf
server: include: /var/unbound/pfb_dnsbl.conf

I have NAT Port Forward to force any dns request to use pfsense.
on my lan/firewall I have ipv6 dns blocked, because it would allow safe search to be turned off on android phone...   better way?
I have tried it with "lan default allow" on, but it didn't help.
Host overrides are set to make Bing and Youtube use safesearch.  Duckduckgo and yahoo are set to
vip is setup for 8081 8444
pfsense is
I can't see anything blocking it in the logs.
sockstat -4 had this {root   lighttpd_p 91002 6  tcp4   *:8444 *:*}   seems correct?

I'm not sure if it would matter but in the past I did have squid and squidguard installed, but they have since been removed.

just for fun I tried  and that will load.   ( not sure that matters  )

IPv6 / 6rd Gateway always shows offline.
« on: June 08, 2017, 08:01:05 pm »
Is it normal for my 6rd gateway to be offline.
I followed this guide

I now get ipv6 address on my computers and can ping via ipv6 from computers, but under gateway 6rd shows offline and 100% loss shows 10/10

thanks for the help. :)

IPv6 / comcast modem/router not in bridge mode. How can I make tcpip6 work?
« on: December 14, 2016, 05:23:48 pm »
here is my full setup.
comcast modem/router (DNS and DHCP on)-> pfsense 2.2.4 (DNS and DHCP off) -> Server 2012r2 (DNS and DHCP on)
server has a static IPV4 but IP6 is Obtain automatically.
from pfsense I can ping tcpip6 from server I can not.

comcast router IP
PFSense IP
Windows Server

I'm very very very very TCPIPV6 stupid please help.

So I have pfsense server 2.3.2-RELEASE-p1
it has openvpn server
clients can connect to server and they can ping lan side
but I can't ping the vpn clients from the lan side.   From I can't ping
From pfsense diag I can ping

I feel like I would just need to add a route  from lan to openvpn, but I really don't know.
thanks for the help.

I have a fortigate router that I can't replace.
It is setup in a building with one owner and 2 companies.
We want then to be a separate as possible for as cheap as possible.
fortigate is
I would like to setup a cheap router to seperate  so... wan would be and lan would be

I would then like to setup pfsense/openVpn to run in hyper-v on a v-switch and keep it all on the local subnet. 
internetIP>>>>>> wan side on hyper-v switch) >> to full internal subnet access.

this might be a very stupid way to go about it, but I really like the openVpn interface on pfsense, and thought if it could just sit on the lan side and only route openVpn traffic to the local lan that would be cool.

I've gone through what I thought might work but hit a wall.
This by the way is for 1 to 5 road warriors.

On a side note would I be better to just install OpenVpn on the server direct (w/tap driver)
Thanks reading my rant and for any help.


Pages: [1]