Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Patrick_

Pages: [1] 2
1
NAT / Double NAT & routing issues
« on: April 05, 2012, 08:46:15 pm »
I'm rebuilding my home lab and usually I haven't run into any issues but for some reason this time I am.

WAN--->Router(192.168.1.1)--->(192.168.1.2)pfsense(192.168.2.1)--->TestSystem(192.168.2.5)

The TestSystem can see 2.1 and 1.2 but cannot see 1.1. From another host on the 192.168.1.1/24 network I can ping the gateway.

2
Routing and Multi WAN / Multi-lan interface failover
« on: March 13, 2010, 10:19:43 am »
I've dug around on the forums and on my pfsense install but I can't seem to find what I'm trying to do. Instead of having dual-wan interfaces, I wanted to setup dual-lan interfaces for either a fail-over scenario or a SMLT (trunking/bonding) configuration. Currently switch1 and switch2 each feed links from my esx installs and allow for in the event of a switch failure or reboot zero downtime. My pfsense install however is a physical box with four interfaces which I'm trying to setup to fail-over in the event one of the switches not available the internet is still available on the other switch.

            --(out of band management)--
           |                                        |
wan---lan-------------------------switch1--------fiber core
           |                                                             |
            --------------------------switch2-----------

3
Firewalling / redirecting on a transparent filtering bridge
« on: February 26, 2009, 04:47:20 pm »
WAN----cable modem-----firewall------switch(and a couple servers)--------[eth0(external)----bridge0----eth1(internal)]-------guest

The filtering bridge is all configured and working but we also want to restrict certain websites to prevent access to some adult websites we wanted to have a rule set to redirect them to a page served up by one of the local web servers. Currently we are flat out discarding the traffic but would rather be redirecting users who attempt to a page reporting that this connection is available for those type of activities, any ideas?

4
Installation and Upgrades / Embedded Image - Enabling Keyboard/Video
« on: January 05, 2008, 08:26:11 pm »
Guess the simple question is where is this disabled?

Second question would be is there a way to re-enable this under windows?

5
General Discussion / IE7 patch 10/9/07 KB939653 breaks web browsing
« on: October 10, 2007, 04:32:36 pm »
Heads up.

We found that KB939653 released yesterday causes Vista machines (confirmed) and XP machines (unconfirmed) with security software to break the install disabling the ability for the computer to browse webpages.

Still working on which exact ones looking like adaware 2007(in service mode) or spysweeper at this point and time.

Fix is to uninstall the patch.


------
Update:
Disabled spysweeper, no effect
Disabled adaware2007, no effect

6
PPTP / advanced split client configuration
« on: October 23, 2006, 06:08:09 pm »
I'm not sure if this is possible but can a pptp client running on a windows xp box be setup so that all traffic except the lan traffic gets tunneled?

7
General Questions / 100% cpu usage with syslogd
« on: July 29, 2006, 01:53:34 am »
Current pfsense machine:
Dell PowerEdge 1550
PIII 733mhz
1gig ram
2x18gig sca2 w/perc (raid 1)
lan link is the onboard intel nic
wan link is a 3com 905c series
running RC1...current build as of 17 days ago

After running for about 15 days of uptime, I noticed some intermitant problems with dropped packets and ping spikes but ignored it at first. About an hour later couldn't get outside the firewall, checked the webGUI and was reporting 100% cpu usage instead of the normal 2%ish. checked top and was reporting syslogd was using 98% cpu usage.

Running with a dozen rules and five port-forwards. PPTP server is running and using radius authentication.
Pretty basic setup.

After restarting the box the cpu usage was fixed but wouldn't browse, repatched the wan link cable to the system and everything is fine now. Anyone else experiance syslogd crashing like this?

8
General Questions / Best way to filter websites
« on: July 16, 2006, 10:13:16 am »
I'm looking for the best way to put a filter on website surfing. The two concerns would be first is the annoying one of blocking a couple of banner sites ;D and secondly would be if any little kids stop over to block them from some non-children related websites.

9
General Discussion / Comcast Customer Service
« on: June 22, 2006, 03:38:55 pm »
Ok, I don't have Comcast but here's a reason why I would avoid it.

http://www.youtube.com/watch?v=CvVp7b5gzqU

10
Installation and Upgrades / beta 4 install - reboot hung
« on: May 11, 2006, 04:00:28 pm »
Installed the upgrade to beta 4 full version on two identical systems, the first went through without a problem....the second however hung when doing the reboot.

Not sure if it is just me or not.

11
General Discussion / Network programming
« on: May 09, 2006, 07:25:15 pm »
I am in the early stages of planning a network file transfer application and am having difficulties deciding on the language to use.

Functionality:
For sake of example say you need to transfer a million files each 1k in size and another time you need to transfer ten files two gigs in size each.

Enviroment: (everything run's windows server 2000/2003.....instructor's sanction)
Hardware: as high end as you'd like
Network Medium: 1000base-sx direct from one server to another on the high end and on the low end a T-1 linking from distant locations.

As for the languages I'm currently familiary with: java, c++, c, pascal (more knowledge to the left and less to the right).

I have heard some horrible stories about java's past performance in this area in terms of throughput and io/second but haven't heard anything recently on the topic and am wondering if some of the problems with earlier versions of java have been solved? or should I stick with c++ because it's been used for this kind of application before?

I'm not trying to start a bashing war as each language has it's benefits, I'm trying to keep the talks to this specialized case in terms of performance and am wondering if anyone has any first-hands experiance with it and which has been better?



12
Hardware / possible hardware vendor
« on: May 05, 2006, 11:50:13 pm »
At work we had some 1U servers providing wireless security awhile back, the company has sense went belly up and so we did what came naturally, mod em! Anyway found out who the original hardware vendor is and they do offer some decent boxes which could be used for pfsense http://www.advantech.com.tw

The boxes we ended up with are 1u's with quad intel 10/100 nics, a celeron 1.2ghz, 256megs of ram, and a compact flash slot:).....modded it a bit and added wireless and usb....the device works perfect!

13
NAT / Gltich with NAT ports (ext. diff from int)
« on: April 27, 2006, 11:52:51 pm »
Tried this a couple of times with the beta 3 embedded....by default when I create a nat rule where the external port is different than the internal port the firewall rule is for the internal port range and not the external port range. I can manually go into the firewall rules and adjust the port range there and it fixes the problem but just a little glitch i noticed.

14
Installation and Upgrades / Install to embedded intel flash chips
« on: April 24, 2006, 01:22:53 pm »
At work we have some older embedded devices and I am wondering if it is possible to install pfsense on it. I am wondering how the general install would work as it has no compact flash, ps/2 ports, ide ports, floppy ports, ect.

Ports available: 2xserial ports, 2x10/100 realtek nics, 1xJDAG diagnostic port.

When booting the device it boots directly to the software where no command line is available vi the console but when using ssh I get a regular command prompt....system appears to currently be a linux 2.4 kernel with busybox and the proprietary software on it.

The medium for storage is a couple of intel flash chips(64meg total) so it should be able to run the embedded firmware I would guess but not sure how to actually load it up.
Oh, I haven't seen any tftp booting options.

The circuit board is the 128meg ram w/64meg flash memory version of the se2580 by cyberguard.

...if i toast the device trying to load the os, it's ok;).....they are paperweights currently as the old company which originally sold the units went belly-up and have since been pulled out of service.

15
General Discussion / Floppy Raid
« on: March 10, 2006, 10:52:07 am »
We had some free time ::)

http://phoenix.cc.edu/MegaFloppy.htm

Pages: [1] 2