Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Gertjan

Pages: [1] 2
Documentation / ipfw changed (again) when using 2.4.x
« on: December 05, 2017, 02:03:24 pm »
Is it me, or Captive Portal Troubleshooting the ipfw command syntax changed again ?
And thus making this page 'out of order' for 2.4.x ?

Installation and Upgrades / 2.3.4-RELEASE-p1 (amd64)
« on: July 21, 2017, 07:05:51 am »
Upgrade went great !
(running on a "retired" Dell Dimension - quad NICs - NUT -Avahi - OpenVPN-client - acme )

webGUI / Bug mineur dans le widget "Captive Portal Status"
« on: March 25, 2016, 05:23:44 am »
When you use the "Captive Portal Status" widget - and you delete an active connection, a strange 'interface' effect will happen.

$showact will be "0" on first call, but after deleting a active connection, $showact will be set as showact=0 and thus
$showact = isset($_GET['showact']) ? 1 : 0;
will be "1" (because 'showact' is "set" (to "0"  ;)))

This works for me:
Code: [Select]
$showact = isset($_GET['showact']) ? ($showact = intval($_GET['showact'],2)) : 0;
Btw : I'm using 2.2.6-RELEASE (amd64) and as far as I could find out, the new 2.3 Beta has the same issue ....
Should I 'redmine' this ?

Installation and Upgrades / Installed (upgrade from 2.2.2 to) 2.2.3
« on: June 25, 2015, 01:30:30 am »
It's looking great !

IPv6 (tunnelbroker ; Ok, came up just fine.
IPv6/IPv4 internal LAN : Ok - I'm posting using IPv6 right now.
Captive Portal : the reboot threw out all connected clients (this is by design ;) - they all reconnected right now (using Local user manager).
I'm using Munin on my pfSense box : (centralized here) : Ok.
NUT Widget (some patches) : Ok.
System logging : no new 'strange' log lines: Ok.

I think we have an epic version coming up here :)
Great work, dev's !!!

webGUI / Widget "Captive Portal Status" small bug
« on: February 05, 2015, 09:04:19 am »
The widget "Captive Portal Status" contains a smal visual bug.

To see the effect:
You should have more then one portal user connected.
Like this:

more users connected will be fine also.

Now, disconnect a user with the "grey cross button" at the left side.

When this button is clicked, someting like this is sent:

&showact will be set ... to 0 (zro).

Now, have a look at line 75:
Code: [Select]
$showact = isset($_GET['showact']) ? 1 : 0;$showwact will be set to "1" because 'showact' 'isset' (and has a value of 0 (zro))   ;D

Result: have a look at your screen: the widget breaks visually because two more columns are shown.

I have tested and propose this for line:
Code: [Select]
$showact = (isset($_GET['showact']) && ($_GET['showact'] == 1)) ? 1 : 0;

Hi all.

When visiting "Status > Captive Portal" you have to select a "zone" from a list, even if you have only one zone.
This seems a time loser to me.
I really couldn't find out why I should select the one and only zone.
And I guess most of us, who use the captive portal, only have ONE zone.

Of course, if you have more then one zone, the selection has to be made as before.

So, I finally:
Created a Fork from 'master'
Edited the file /usr/local/www/status_captiveportal.php

(never used GitHub before so be patient with me  ;))

Is this useful ?
And: what else to do to propose a 'patch' ? I guess I should "Pull request" now ?
Edit: I guess I found it:
Btw: This might be more a WebGUI issue.

Helle all,

I'm running 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:48 EDT 2013 FreeBSD 8.3-RELEASE-p11 on a basic Intel(R) Pentium(R) 4 CPU 3.20GHz2 CPUs: 1 package(s) x 1 core(s) x 2 HTT threads (a Dell Dimension retired desktop system with 3 NIC's).

I have a WAN (pppoe) + LAN (+switch+several Office PC's, printers, NAS, and others) + OPT (Wifi Portal -> switch + 4 AP's Wifi Portal for our clients - we have a hotel).
No packages - accept for NUT for my UPS support.

I used this excellent how-to with a StartSSl certificate:
PFsense 2.1 MultiCP and https with Windows Radius Guide 
User authentication is 'local'.

After activating the 'https' login procedure on the portal interface, I saw these error logs when clients enter the portal:

lighttpd[23135]: (connections.c.305) SSL: 1 error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
lighttpd[89480]: (connections.c.305) SSL: 1 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
lighttpd[23135]: (connections.c.1731) SSL: 1 -1 error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Mostly, they are multiple of each of these lines.

The Captive portal works - clients use it
This is NOT what I mean  Captive Portal https login page stopped working on pfsense 2.1 - all seems to work well for me.

It seems to me that these lighttpd errors happen when clients log in (are getting disconnected). Some SSL noise because the start surfing to (example) and get directed to

Is there a GUI solution to shut down the "lighttpd errors log" (I know it wasn't there before, so we didn't care).

Anyway .... 2.1, I'll keep it. It's ready for production for me.
Thumbs up  :)

General Questions / Adding PHP MSSQL support ... is it possible ?
« on: March 05, 2012, 10:03:23 am »
without blowing the actual PHP 5.2.17 out of the water ?

Hi all,
I'm using pfSense 2.0.1 - plain basic vanilla setup using WAn+LAN+OPT1(= Wifi accs for our hotel clients, using a bunch of AP's).
All is working great- for years now.

My question is: Our (hotel) PMS system is using a Microsoft SQL 2008 R2 database.
This database contains tables with names, room numbers etc.

I'm able to write some SQL scripts so I can use the info from this MSSQL database to grant access to our clients (modifying the existing captive portal PHP code).
But : how do I integrate Microsoft SQL "PHP commands" the the actual PHP 5.2.17 setup that pfSense is using, so I can connect to the R2 2008 database ?

I already tried to pkg_add -r ftp://...... /php5-myssql.tbz but this also upgraded the PHP version to 5.3.2 ... and this isn't NOT what pfSense likes ... the box will not survive a reboot anymore.

Do I need to use FeeTDS + unixodbc ?
Some one has a walk-through for me ?

webGUI / Dashboard with gadgets that have a 'configure' menu
« on: November 12, 2011, 02:01:45 am »
... and, of course, when you use IE8 or IE9 as a browser does show strange effects.
I tried Win XP, 6 and 7 systems.

As soon as I use IE9 (or 8), and I use widgets like "Rss" or "Services status", IEx shows vertical gaps between the gadgets.
The default "System information" is even aborted half way.
The issue shows up as soon as a 'configure' menu is present on shown widget.
I checked with github to see if I use the most recent code (v2.0 Release), which is the case this time  ;)

My question is: do others (you ?!) saw this behavior also ?
If the answer is 'yes', I'll the post solution (the problem concerns nested <form> </form> statements, <head> isn't closed, etc).

Btw: I know: not using 'that' browser makes the errors go away, but there is something new here: IE9 doesn't like 'dirty' html coding, and that's NOT a bad thing.

webGUI / Small bug in system_information.widget.php
« on: November 03, 2011, 08:20:41 am »
File: /usr/local/www/widgets/widgets/system_information.widget.php

Line 96 - position 95 says <php uname ...
May I propose a <?php uname ...

Btw: Is the current code browserable somewhere ?? Couldn't find it.
(this might be a stupid question).

I just upgraded to "latest.tgz 28-Jun-2009 02:42  51M" (1.2.3 RC2)

Over here,
the file latest.tgz.sha256 is a "zero bytes one".

Captive Portal / Scheduling and CP : mutual exclusive ?
« on: June 16, 2009, 05:41:18 am »
Hi all.

Im posting my question in the Captive portal section, I think it belongs here.

Im using pfSense with a WAN, LAN and Opt1 interface.
The LAN is a straight setup with several company PCs (only one fire wall rule : all permitted for going out).
The Opt1 is setup with the captive portal activated. Behind it is a switch with many access points.

This setup works for years now.

Question: When I define a Time Shedule rule, the captive portal stops filtering, it becomes as transparent as my LAN interface: all clients can browse where ever they want to go on the net, no hotspot page isnt show anymore (for me, on
Please mind, just defining a Shedule rule will provoke this behaviour Im not using the schedule in any firewall rule yet.

Is this normal? (I remember that Time Scheduling was 'invented and implemented' but that it didn't work with a Captive portal on the same system)
So, is it still true that Time Scheduling and Captive Portal usage is mutual exclusive?

Or is my setup ready for a re-install - rezconfig ?

Another Captive Portal issue:

Running 1.2.1-RC1 built on Tue Aug 12 10:45:41 EDT 2008

This function
is declared twice, in
and in

Removing one will do just fine.

edit : Yeah, right....
Just decovered that my portal log filled up rapidly with LOCKWARNING messages.
This thread shows exactly what I saw : Re: Captive Portal Stopped working... Lock file.

Anyway, please take this as a notice, as I'd like this to be confirmed by others.

I'll take a latest ISO, and reinstall to the hard disk and report back.

General Questions / Syslogd crazy - CPU goes to 100%
« on: March 20, 2007, 06:27:15 am »
When I use the Clear Log buton on this page : Diagnostics: System logs: DHCP
to empty the list, sylogd process goes crazy.

No more logs are showed on the GUI page ....

Code: [Select]
last pid:  3342;  load averages:  1.99,  1.99,  1.39    up 0+00:17:15  12:22:22
37 processes:  2 running, 35 sleeping
CPU states: 13.2% user,  0.0% nice, 86.8% system,  0.0% interrupt,  0.0% idle
Mem: 45M Active, 9428K Inact, 27M Wired, 14M Buf, 405M Free
Swap: 1024M Total, 1024M Free

  185 root        1 125    0  1468K  1088K RUN     13:22 97.80% syslogd
  402 root        1 100    0  2424K  2052K select   0:02  0.00% inetd
  561 root        1   4    0 23040K 20212K accept   0:02  0.00% php

Version used :
FreeBSD pfsense.kyriadfumel 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #0: Thu Mar 15 19:59:22 EDT 2007  i386

I searched on the forum for recent issues with syslogd - but didn't fiond anything related.

I do use the CP - but no user are connected when this happens...
I just 'click' and see it go sky high ...

General Questions / FTP - no Hell :-) -, but [Solved !!]....
« on: September 12, 2006, 02:50:00 am »
I'm using a PPPoE connection - my ISP resets the connection every 24 hours - No hasle Pfsense, it reconnects on the fly.
I'm running 1.0-SNAPSHOT-09-10-06 - built on Sun Sep 10 19:36:58 UTC 2006 - but I consider it 'hot' from the oven.

The pFsense box has an LAN IP of - I have a FTP server on
When I added a NAT rule to the WAN interface like Port 21 - Port 21 ( everything works great. Two firewall rules weres also created 'by magic'.
The processes that were running:
Code: [Select]
620 ?? Ss 0:00.01 /usr/local/sbin/pftpx -c 8021 -g 8021
 1797 ?? Ss 0:00.01 /usr/local/sbin/pftpx -f -b

During night time, of course, my WAN IP changed.

I use a Dyndns URL to reach my network from the outside. A PC-Anywhere and remote SSH (by PPTP) from 'my place' resolved and worked - I could reach my compagny LAN and the pFsense box as normal.
But I couldn't reach the ftp server anymore....

Checking the processes, I noticed that ...pftpx -f -b was still point to the WAN IP 'before' - the new one was - it has been changed, but somehow the instance of pftpx wasn't informed about it (killed and restared with the new WAN IP ?!).

Simply removing the WAN-NAT rule, Apply, remvoving the firewall rule, Apply, putting back the WAN-NAT rule and all is fine again for a near 24 hours (when ever the WAN IP times out).

Also, if it's important: one's in a while (and always after a reboot like shutdown -r now) the line ...pftpx -f -b x.y.z.w is just missing, but I have 1 or 2 line like this:
x ?? Ss 0:00.01 /usr/local/sbin/pftpx -c 8021 -g 8021
x ?? Ss 0:00.01 /usr/local/sbin/pftpx -c 8021 -g 8021

I found this in the GUI System log:
Sep 12 09:15:44 php: : DynDns: updatedns() starting
Sep 12 09:15:44 php: : DynDns: Running updatedns()
Sep 12 09:15:42 pftpx[1151]: pftpx exiting on signal 0
Sep 12 09:15:42 pftpx[1151]: pftpx exiting on signal 0
Sep 12 09:15:42 pftpx[1151]: event_dispatch error: Operation not supported by device
Sep 12 09:15:42 pftpx[1151]: event_dispatch error: Operation not supported by device
Sep 12 09:15:42 pftpx[1151]: listening on port 21
Sep 12 09:15:42 pftpx[1151]: listening on port 21

Sep 12 09:15:39 php: : Creating rrd graph index
Sep 12 09:15:39 php: : Creating rrd update script
Meaning the end of pftpx after a complete boot & connection sequence.
Simply redoing my NAT-WAN ftp setup puts all up again.
Please note that I have a OPT1 interface (, running the Captive Portale for compagny visitors (running a hotel overhere ;)).
Please note also that after 28 Aug-2006, Dyndns info (log type: is shown in the System logs on the GUI interface. Nothing is present in the syslog remote output. A line like User.Info @192.168.1.x is missing in /var/etc/syslog.conf?

Pages: [1] 2