Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - kcallis

Pages: [1] 2
Traffic Shaping / Multi-WAN and traffic shaping
« on: February 16, 2018, 01:34:32 pm »
Currently, I have a DSL connection providing my WAN connection. I also created  three WAN interfaces for my VPN connections (VPN1_WAN, VPN2_WAN, and VPN3_WAN). On the other side of the equation, I have my LAN and 9 VLANs (although at this time I am only utilizing 5 VLANs). Using the Traffic Shaper Wizard I set up using 4 WAN interfaces and 10 LAN interfaces, when I get to the first part when asked what the upload/download speeds are for the WAN devices, I am at a loss.

My speed in theory is 20Mbps/5Mbps, and after many speed tests, I come up with my numbers (minus 10%) for the first WAN interface. Now should I use the same numbers for the other WAN interfaces or should I just use a single WAN interface when I use the wizard. Because my thinking is that if I use the 4 WAN devices and plug in the up/down speeds, I would assume (assume can be dangerous at times) that pfsense will believe that I have 20Mbps/5Mbps * 4 (or 80Mbps/20Mbps, and just using the advertised speed as opposed to the real speed) rather than just the 20Mbps/5Mbps shared among 4 WAN interfaces.

Since I am on this issues with the Multi-WAN/Multi_LAN, if I make use of (for instance) VOIP, and want to make use of UDP ports 19302-19309, I am assuming that everything ends up as a floating rule and will be handles across the board on all interfaces? I have yet to tackle the traffic issue because of the numerous interfaces, but I am now having issues with things like VOIP, etc, so would like to resolve this.

Any pointer would be greatly appreciated! 

Captive Portal / APs, VLANs and no access, oh my!!!
« on: January 21, 2018, 04:21:52 am »
I have setup my AP (TL WA901ND) with multiple SSIDs in which my GUEST is tagged and accessible on my GUEST VLAN interface. If I do not enable to CP zone, my guests are able to access the internet just fine. The moment that I enable the CP, although my guest clients are able to associate with the Access Point, there is no connection with the portal page.

I currently have my GUEST interface with no access to my other interfaces expect the WAN interface, and uses public DNS servers only (so no use of the Resolver or Forwarder). I have attached my rules down below. I am assuming that I will need to use the DNS Forwarding or Resolver, but currently I use the forwarder for my interface (basically my LAN) and the rest (excluding the guest interface) uses the resolver.

General Questions / No access through interfaces
« on: January 18, 2018, 08:43:44 am »
This morning, in a moment of inspiration, I thought I would get tor working. So I configured polipo as well as tor and decided that it wasn't working for me. I removed the packages and find that I could no longer access the internet. I checked to make sure all of the packages were gone. From the dashboard, I am able to resolve and ping via the WAN interface, but am not able to do so from myLAN and OPT interfaces.

I did not make any changes on rules or any other changes, since I more interested in configuration with the proxy at the command line and playing with my browser. So what am I missing?

General Questions / Proper setup of switches
« on: January 01, 2018, 07:39:18 pm »
I am using a Netgate APU with three interfaces:

WAN (re1) -- DHCP
LAN (re2) --
OPT (re0) --  VLAN05 (re0.5)    -->
                    VLAN10 (re0.10)  -->
                    VLAN15  (re0.15) -->
                    VLAN20  (re0.20) -->

I have used the baseline guide along with nguvu's guide to making use of the Netgear GS108E switch (although, I am actually using a Tl-Link SG108E), but somewhere I am blowing it, since after I reboot, I am not able to access any of the interfaces and I have to do a factory reset.

I have connected my LAN interface as well as my OPT interface on the switch and have set the address to (which is my MGMT VLAN05). I also have my Ubiquiti NanoStation connected to the switch ( I have tagged port 2 on the switch with my VLANS 5-20 as well as port 3 as well (which is connected to the Ubiquiti NanoStation with the VLANs configured on the NS). If I am clear then the remaining ports should be untagged. But once I reboot the APU, I am not able to connect to any port.

I have a second switch, the Netgear GS108E. I am wondering if since I have the first switch set to the but I have the LAN interface, plugged into the same switch, is that what might me causing the fact that my LAN interface is conflicting with the OPT interface on the same switch? Maybe I need to plug the LAN interface into the second switch?

Any pointers would be appreciated!

Traffic Shaping / Is there any real benefit with a 12Mbit/1Mbit connection?
« on: December 15, 2017, 12:12:27 pm »
I have been relegated to a DSL connection that is 12Mbit down and 1Mbit up. I set the download to 10.5Mbit and 0.9Mbit up and the results are not decent. I am trying to make use of VOIP as well as trying to maintain decent speed on my video streaming (using Kodi). I thought that if I used a 400k for hangout audio, that I would at least have a decent conversation, but no go. The same is true when I am using Kodi. Sometimes, (at SD quality) I have decent playback, but should it fall to 720, playback it just drops. So is it worth my time to make use of TS with such a low bandwidth allocation?

General Questions / How to make use of VLANs
« on: December 14, 2017, 05:16:00 am »
I am using a Netgate APU with both the LAN and OPT1 interface connected to a Netgear GS108E. Also connected to the switch is connected a TL-Link WA901ND Access Point which I setup with 4 separate SSID and VLAN tagging. For the most part, I use only wireless at the house so I thought I would setup my wireless AP using the layout found at, but seemed to be setup with a wired deployment. Reading only added more confusion to the issue.

Under my pfsense configuration, I created 4 VLAN interfaces using the re0 as parent. I have setup DHCP servers for all of the interfaces, and started working for rules, etc. On the TL-Link AP, I have setup 4 SSID and tagged each with a VLAN tag. I have setup under the GS108 I have setup VLANs 1, 20, 50, 100 on port 2 where the AP is connected, with VLAN 1 untagged, and 20, 50, 100 tagged. So do I need to setup port 1 on the switch to also be setup like port 2 (with VLANs 1, 20, 50 and 100) since I have port 1 connected to the OPT1 port or should I just connect the AP to OPT1? But if I plug the AP into the OPT1, would I be able to use the other ports to access the VLANs that I created?

Wireless / How to use an external access point with 2.3.5
« on: November 06, 2017, 03:25:19 pm »
I am connected to a DSL connection out in the wilderness. I am using a netgate APU which of course has 3 NICs with the DSL modem connected to the WAN port. All of my devices are wireless, and prior to using the Netgate APU, I was using a Netgear R7000 (running Tomato) for the two wireless devices and using wireless for everything else. I would like to plug my R7000 into the APU and make use of the ports and definitely the wireless portion and have pfsense manage accordingly.

I know that I can setup a wired VLAN on the R7000 and then plug into the LAN port on the APU. But I am lost on how to use the wireless portion. So how is the correct way to setup pfsense so that it will utilize the R7000 at my LAN with it assigning DHCP address, QOS, etc? Any pointers would greatly appreciated!

*** I was reading the pfsense book and thought I had some clarity. I disable the DHCP server under tomato, and plugged into the LAN port. Now I am confused on what I need to change on the tomato?

Captive Portal / Is anyone using the add-on Captive Portal Plus
« on: March 25, 2015, 07:24:47 am »
I have installed Captive Portal Plus and have been somewhat excited about the ability to print out voucher cards. The only issue is that the author make use of A4 size and I am looking for Letter size. If any one had made use of this add-on and using US Letter size (8.5x11), would you be so kind as to share the configuration for that.

Captive Portal / Is there a "CP for DumME Guide"?
« on: March 16, 2015, 10:56:10 am »
I have been banging away with a Watchguard 700 and pfSense 2.2. So far everything is rock solid, so time to move on. I have placed Ubiquiti Bullets all through a RV Park, and need to setup up a hotspot for the users. In my mind, I want to provide a login page allowing a person to enter in their lot space (for instance, 07) and then plug in a voucher that will work either for one day, 7 days or 30 days (I just figured I would print out batches for the duration), and away they go.

From an administrative way, I thought that by the person logging in, that would create a dhcp entry (helped with a nice little php script) and allow me to better monitor. I thought I would follow the guides, but after I created a zone, people were still able to access the AP without going through the CP. Also, I have been trying to understand how to allow certain machines to be exempted from having to even log in through the CP (specifically, my alias for my admin machines).

Would anyone give a little guidance on how to get this properly working?


Captive Portal / Multi devices with vouchers
« on: February 27, 2015, 10:56:28 pm »
I am trying to setup a captive portal with vouchers as a RV Part. I was trying to see if there way for a client to have to more devices with a voucher. Most clients will definitely have a laptop or even a desktop pc. But the same client might want to have his/her phone/tablet/ipod touch., etc on our WiFi. What I would like to do is allow a client to get their voucher and then allow for the client to be able to authenticate several devices, but limit the numbers of devices per a voucher.

Packages / OPIE for the 2.1.5
« on: September 16, 2014, 12:49:13 pm »
Ok, so I am sort of old school. I was wondering if I can install the OPIE package on my box? I always felt a little more secure one I actually had to have a copy of my 4 or 5 tokens that I need to plug in to get into my router. Hell if I could get away with it, I would throw that into web logins as well. I know that years ago there was an OPIE package, but I don't see it in the packages now.

NAT / 1:1 NAT not going to correct server
« on: September 05, 2014, 11:55:35 pm »
I have learned to correctly setup a VIP and get 1:1 somewhat working. I have a Camera NVR and several cameras installed that I want to access remotely. I placed the NVR and cameras on my DMZ interface, then created a VIP and 1:1 pointing to my NVR ( When I connect to my external address, I end up at (one of the cameras). I have double check all my entries on pfsense, and the entries pointing to NVR are correct. Does anyone one have a thought as to why I can't get to the correct host?

webGUI / Issues with webGUI
« on: September 05, 2014, 05:02:24 pm »
For some reason the help menu is located right below the system menu, and I am not able to access any of the option under system. I have tried that on both chrome and firefox. Is there anyway way for me to fix it. Running 2.1.5

CARP/VIPs / Help understanding VIP
« on: September 05, 2014, 04:56:15 pm »
I am running version 2.1.5 on a Watchguard X700 Firebox. Since we have changed providers, I now have 5 IP addresses as opposed to the 1 that I had previously. I have been trying to set up a virtual IP address for my DMZ, but I have been failing non stop. What I attempted to do was first create a VIP:

Firewall|Virtual IPs

Type: IP Alias
Interface: WAN
IP Address:

Next I tried my hand at doing a 1:1 NAT (Attachment #3)

Firewall: NAT: 1:1

Interface: WAN
External subnet IP:
Internal IP: DMZ Net (
Destination: Single Host -
NAT reflection: use system defaults

I have generic rules for the WAN and the DMZ (see attachments #1 and #2). I am able to ping the first external address just fine, but absolutely nothing for So where am I going wrong?

General Questions / VLANS, Cisco, configuring oh my!
« on: August 18, 2014, 05:34:39 am »
I have been running pfsense 2.1.4-RELEASE  on a Watchguard Firebox for awhile and have now run into the wall of my lack of knowledge. I have 4 interfaces active which is my LAN, Wifi (connected to Ubiquiti equipment), Phone (courtesy of Asterisk), and recently cameras. All of the end devices have been connected to individual unmanaged switches with a connect from the switch connected to the pfsense interface. This is getting a little too unwieldy, so I thought I would connect all of the devices to my cisco catalyst 2950. This has  been very unsuccessful.

I created VLANS on the Cisco called VLAN 5 (LAN), VLAN 10 (DMZ, although not used at this time), VLAN 120 (Wifi), VLAN 130 (Phones) and VLAN 140 (cameras). Of course there is the default VLAN 1. I assigned the various ports (4 to a VLAN group) and thought I was ready for prime-time. Needless to say, one I started things, nothing was going through the internet, and I was lucky that I hadn't written the configuration or else I wouldn't be able to post.

If someone is will willing, can you show the correct way to setup this Cisco switch. I am thinking that every thing failed because I didn't set up VLANs on the pfsense side, but I could be wrong. My thought was that I was suppose to set up the Cisco with the various VLANS, then come and create VLANS on the pfsense side, and everything would mesh properly. I use Cisco stuff infrequently, and the last time I really used any cisco eq was about 10 years ago.

Any pointers would be greatly appreciated!

Pages: [1] 2