Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - xbipin

Pages: [1] 2 3 4 5 ... 16
2.4 Development Snapshots / 6to4 tunnel lan dhcp static mapping confusion
« on: October 30, 2017, 11:58:27 pm »
my isp started using 6to4 tunnel over ipv4 pppoe so i wanted to try this in pfsense, being a beginner in ipv6 i fail to understand one thing or maybe something i have configured something wrong.

my isp gives out the below ip, at least thats what the interface page says (xxxx = masked bits)
Code: [Select]
IPv6 Address - 2002:xxxx:b185::
Subnet mask IPv6 - 16
Gateway IPv6 - 2002:xxxx:6301::

the wan interface ipv6 config type is set to 6to4 tunnel and the lan set to track wan interface with prefix id 0, so far this is all fine, im able to ping firewall from outside using ipv6 and some firewall rules. Problem is the DHCPv6 Server and RA. i have the set the below in dhcp server

Code: [Select]
Subnet - Prefix Delegation
Subnet Mask - 64 bits
Available Range - :: to ::ffff:ffff:ffff:ffff
From - ::0:0:0:0
To - ::0:0:0:ffff

the lan clients get proper ipv6 using dhcp and they r able to surf ipv6 sites also but suppose i want to add static dhcp mappings then suppose if the wan disconnects and reconnects and gets a new ipv6 ip then the lan clients ip dont get modified with the  new Prefix Delegation subnet appended at the start.

does this mean i need to use a dhcp pool only for lan clients and cant set static ip mappings or is it that the ipv6 address needs to be typed in a special format so the network id etc get auto added when it changes?

i just updated to 2.4.1 on the apu2 and now cant connect to wan at all which is pppoe over vlan

2.4 Development Snapshots / remove vidconsole from console settings for apu2
« on: September 26, 2017, 11:44:27 am »
can some1 patch the pfsense code such that the /boot/loader.conf sets console="comconsole" as default for apu2 board rather than console="comconsole,vidconsole" coz when vidconsole is present in that string then the welcome message on serial console comes broken making it impossible to boot into single user mode

Hardware / [SOLVED] apu2 internal TTL com port
« on: September 12, 2017, 09:58:39 am »
the apu2 and older alix boards have a com2 port header which works on 3.3V TTL logic, i have a usb to ttl adapter and i tried plugging in tx and rx pins to the apu2 but i just see garbage on all baud rates, has any1 tried this or does it need to be enabled somewhere in the pfsense kernel to be able to use this.

the below works flawless though
usb to ttl adapter ---> ttl to serial ---> apu2 serial port

i setup a new sg-1000 for a remote client, he has just one openvpn tunnel running and no packages installed, just yesterday i configured traffic shaping for him and it seems to crash and reboot when there is heavy traffic through it, his internet speed is around 70mbps down and 19mbps up.

it has crashed almost 3 times so far in 24 hours and being used remotely im not able to get any crash logs also, any1 else having this issue?

General Questions / rpi zero usb ethernet to pfsense
« on: July 16, 2017, 07:00:40 am »
raspberry pi zero has a USB otg port and if configured properly can work as a RNDISEthernet Gadget when the module is loaded, my question is i have connected it to pfsense and it displays as a usb Ethernet gadget and i can assign that in interfaces also and that works fine but my aim is to configure it such that pfsense sees it as a workstation so can get a ip from dhcp on the lan nic but the only difference is this rpi wont connect using a Ethernet jack but using usb directly to pfsense so is this possible?

like how we can share the internet connection from windows machine to this USB Ethernet adapter can we do the same in pfsense coz i find usb Ethernet speeds to be much better than connecting a wifi dongle to the rpi zero

im a beginner in ipv6, just now i noticed my isp defaults to ipv4 but started using teredo at their end for ipv6 so what do we need to configure in pfsense so lan clients can access ipv6 sites.
i currently use ipv4 on lan and NAT.
do we need to configure pfsense differently when isp uses teredo or only when they start using ipv6 natively?

2.4 Development Snapshots / sg-1000 issue
« on: June 21, 2017, 06:44:32 am »
i keep getting the below almost everyday, checked all the rules and aliases but cant seem to figure out whats causing this

Code: [Select]

    PF was wedged/busy and has been reset. @ 2017-06-20 06:22:43
    PF was wedged/busy and has been reset. @ 2017-06-21 12:20:21

Filter Reload

    There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: @ 2017-06-20 06:22:44
    There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: @ 2017-06-21 12:20:22

on 2.3 and lower i had a set of rules in floating rules tab with match action which used to put traffic to queues so just today i noticed everything goes in the p2p default queue, is traffic shaping broken or has any changes been made that all of my rules stopped working in 2.4?

my queues r as below

Code: [Select]
pfTop: Up Queue 1-14/14, View: queue, Cache: 10000                      19:50:05

root_pppoe1      3500K hfsc  0     0     0      0      0    0             0    0
 qInternet       3500K hfsc        0     0      0      0    0             0    0
  qACK            700K hfsc        0     0      0      0    0             0    0
  qOthersDefault  700K hfsc        0     0      0      0    0             0    0
  qP2P            175K hfsc    24363 2761K      0      0    0           110 9198
  qVoIP           945K hfsc        0     0      0      0    0             0    0
  qOthersHigh     980K hfsc        0     0      0      0    0             0    0
root_igb0          12M hfsc  0     0     0      0      0    0             0    0
 qInternet         12M hfsc        0     0      0      0    0             0    0
  qACK           1800K hfsc        0     0      0      0    0             0    0
  qOthersDefault 4800K hfsc        0     0      0      0    0             0    0
  qP2P           1200K hfsc    26985   23M      0      0    0           193 264K
  qVoIP          1200K hfsc        0     0      0      0    0             0    0
  qOthersHigh    3000K hfsc        0     0      0      0    0             0    0

2.4 Development Snapshots / apu2 led control?
« on: May 06, 2017, 10:44:20 am »
on older alix i could turn off the front leds, is there any way to do the same for apu2?

i have been running a alix nanobsd 32 bit, i just got a apu2c4 so first i tried to backup alix config, rename the vr0/vr1 to igb0/igb1 in the config so on restoring interfaces dont mess up, then installed 2.4 64bit full serial on the msata of the apu2c4 and then after first boot restored the alix config.

After this i see the wan and vpn etc all connected and even the lan ip as i had in the alix in the serial console but i just cant open pfsense gui, nor any of the lan PCs have internet access, it seems dhcp server get messed up so stops giving out ips but even setting a manual ip in PC i cant access pfsense or the internet.

i also tried 2.3.4 but its same on that also, the config restores but there is something different on 64bit compared to the 32bit nanobsd.

any1 come across this issue?

2.4 Development Snapshots / sg-1000 squid cache on sd card?
« on: January 17, 2017, 02:21:50 am »
i just got myself a sg-1000 and works fine in production off the emmc, what i wanted to know is if its possible to use a sd card to store the squid cache rather than the inbuilt emmc as i dont want to wear out the emmc

General Questions / 2.3 firewall rule state entry bug
« on: April 15, 2016, 08:57:34 am »
in 2.3 when u try to add max state value for match rules u get a php error, the part where it says u cant do that for match rules is fine

Code: [Select]
The following input errors were detected:

    The maximum state entries (advanced option) can only be specified for Pass type rules.

Warning: explode() expects parameter 2 to be string, array given in /usr/local/www/firewall_rules_edit.php on line 1208 Call Stack: 0.0013 133980 1. {main}() /usr/local/www/firewall_rules_edit.php:0 0.9376 1183020 2. explode() /usr/local/www/firewall_rules_edit.php:1208

one of my full install boxes had a broken HDD so replaced it with an SSD, now the problem is the motherboard doesnt have AHCI mode in the bios so not able to enable TRIM in pfsense, is there any way to TRIM it manually using cron jobs or something like that?

i tried setting the ahci load in loader.conf and alos trim set but that doesnt seem to work

Code: [Select]
tunefs: POSIX.1e ACLs: (-a)                                disabled
tunefs: NFSv4 ACLs: (-N)                                   disabled
tunefs: MAC multilabel: (-l)                               disabled
tunefs: soft updates: (-n)                                 enabled
tunefs: soft update journaling: (-j)                       enabled
tunefs: gjournal: (-J)                                     disabled
tunefs: trim: (-t)                                         disabled
tunefs: maximum blocks per file in a cylinder group: (-e)  4096
tunefs: average file size: (-f)                            16384
tunefs: average number of files in a directory: (-s)       64
tunefs: minimum percentage of free space: (-m)             8%
tunefs: space to hold for metadata blocks: (-k)            6408
tunefs: optimization preference: (-o)                      time
tunefs: volume label: (-L)

i just enabled RRD graphs on a full install on 2.3 and when i open graphs i get this error

Code: [Select]
/status_rrd_graph_img.php: Failed to create graph with error code 1, the error is: ERROR: the instance of rrdtool has been compiled without graphics/usr/bin/nice -n20 /usr/local/bin/rrdtool graph '/tmp/wan-traffic.rrd-quarter.png' --start 1449211258 --end 1457160058 --step 86400 --vertical-label "bits/sec" --color SHADEA#eeeeee --color SHADEB#eeeeee --title " - WAN2_HATHWAY :: Traffic - 3 months - 1 day average" --height 200 --width 620 DEF:wan-in_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass:AVERAGE:step=86400 DEF:wan-out_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass:AVERAGE:step=86400 DEF:wan-in_bytes_block=/var/db/rrd/wan-traffic.rrd:inblock:AVERAGE:step=86400 DEF:wan-out_bytes_block=/var/db/rrd/wan-traffic.rrd:outblock:AVERAGE:step=86400 DEF:wan-in6_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass6:AVERAGE:step=86400 DEF:wan-out6_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass6:AVERAGE:step=86400 DEF:wan-in6_bytes_block=/var/db/rrd/wan-traffic.rrd:inbl

Pages: [1] 2 3 4 5 ... 16