Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Atlantisman

Pages: [1] 2 3 4 5 6
1
That NAT is fine for the primary, but won't work on the system with backup status. That might be OK, though your system with backup status won't have functional Internet connectivity, which means it won't auto-update, time sync, update bogons, etc.

Any idea how i would fix it for the secondary system as well?


Thanks.

2
So i followed the instructions found here:

https://forum.pfsense.org/index.php?topic=88940.msg491787#msg491787

Quote
I was playing around with a test box and was able to do the following:
1) Put a private IP on the WAN interface, left gateway empty.
2) Create a CARP VIP on the WAN with a public IP.
3) Go back to WAN interface, add gateway, put in public gateway IP.
4) Turned on AON, set CARP IP as outbound NAT.
I've yet to put this on a live segment and test failover, but it looks promising.

And i have this working. But i am trying to take it a step further and use gateway groups to bond connections and failover, the problem is that my gateways are reporting as down. If i apply a real public static ip back to the WAN interfaces the gateway reports as up once again.

This is probably because the outbound NAT is not applying to traffic sent from apinger, right? How would i fix this?

Thanks.

EDIT:

Nevermind, i think i figured it out. I just setup an outbound NAT rule that applies to the firewall (self) and NATs it to each of the CARP VIPs (1 rule for each WAN interface)

3
Routing and Multi WAN / Re: Multi-Gateway on same interface
« on: November 24, 2015, 07:34:13 pm »
Just one internet connection that routes through two different data centers and tier 1 providers on the ISPs network.

So not fully redundant, but it's a start.

4
Routing and Multi WAN / Multi-Gateway on same interface
« on: November 24, 2015, 05:58:02 pm »
So,

Our ISP has given us two IP blocks with different paths to route across their network. So i would like to setup both gateways as a fail-over.

Is this possible to setup in pfsense? Is it done the same way with gateway groups with multiple interfaces?

Also, they do not support BGP, so that's not an option, but i am mostly worried about outbound traffic right now anyways.

Thanks.

5
Hello,

I recently upgraded from 2.1.x to 2.2.4 and ever since then i have been unable to establish a passive FTP connection from one LAN subnet to another. Here is how i have everything setup:

LAN1: 192.168.10.x
LAN2: 10.0.10.x

FTP server: 10.0.10.16

IPv4 *   LAN1 net   *   10.0.10.16   *   *   none       


As you can see i have a general allow any traffic rule to that specific server. and i can ping it and etc. I can also open an ftp connection to it, the results are attached.


Additionally, i can confirm it is indeed pfsense that is blocking this because if i move the ftp server to LAN1 i have no issues.

Does anyone know how to fix this? Or why this may be happening?

Thanks in advance!

EDIT: I have tried establishing the same FTP connection on multiple computers on LAN1 as well.

EDIT2: Forgot to clarify that i am needing to use passive mode in windows command line for legacy applications.

6
Hardware / Re: Cheap Quad Port Gigabit NICs that Work With pfSense?
« on: July 31, 2014, 06:37:46 pm »
I have used these in some ESXi builds:

http://www.ebay.com/itm/HP-436431-001-LFF-long-bracket-only-Quad-PORT-PCI-EXPRESS-NIC-NC364T-/271563819719?pt=US_Internal_Network_Cards&hash=item3f3a770ac7

Very awesome, inexpensive cards. They are based on the Intel 82571EB chip.

You can find these surplus in many places(not just ebay), they were in quite a few HP servers a while back so many of the cards are still floating around.

7
Wireless / Re: High volume WAP build.. any NIC advise?
« on: July 25, 2014, 03:32:37 pm »
pfsense has really poor support for wifi, even with 2.2. If you want something that does wifi really well and has AC support try out MikroTik RouterOS, or just buy a stand-alone wireless AP.

8
I have run into this before. It was a bootloader issue for me, all i had to do was go into the bios of the machine and change the SATA type to IDE and pfsense picked up the harddrive again.

9
IPv6 / Re: Native IPV6 with DCHP6
« on: July 24, 2014, 04:16:40 pm »
So i was playing with MikroTik RotuerOS and it picks up and distributes ip6 address right away, only config needed is enabling ip6.

What is different about how RouterOS is requesting the address vs. pfsense?

10
Firewalling / Re: How to bypass VPN for 1 LAN IP?
« on: July 22, 2014, 12:43:27 pm »
I actually do the same exact thing with PIA.

You must use a firewall rule, as you have already.

But you also must use a Outbound NAT rule go to Firewall -> NAT -> Outbound, switch this to manual, add a rule at the top, as shown below:

But instead of a subnet put a single IP address in(your desktop).

11
General Questions / pfsense IGMP issues? Not sure.
« on: July 17, 2014, 09:06:50 pm »
Pictured below is a constant IPTV stream going through pfsense(using IGMP Proxy). The problem is that pfsense seems to drop the stream every-so-often(causing the TV service to cut out), without reason.

This has been going on across multiple hardware platforms that i have loaded pfsense on.

Does anyone have any ideas as to why this could be happening?

12
General Questions / Re: Make pfSense boot faster?
« on: July 03, 2014, 12:40:57 pm »
I also run pfsense on ESXi 5.1 and 5.5. It boots in about a minute.

13
IPsec / IPSec to AWS Problems
« on: July 01, 2014, 05:49:35 pm »
Hello,

I am setting up an IPSec tunnel between Amazon AWS and pfsense so i followed this http://www.seattleit.net/blog/pfsense-ipsec-vpn-gateway-amazon-vpc-bgp-routing/, as i have done in the past without problems, but haven't had online in a while.

Currently i am having a problem with OpenBGP it seems like. The IPSec tunnels come online, but i am unable to route any traffic through it. And i get the following in the OpenBGP status page:

Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
VPC                      7224          6          6     0 Never    Idle

Any suggestions would be great, i am running pfsense 2.1.3 i386


14
IPv6 / Re: Native IPV6 with DCHP6
« on: June 18, 2014, 03:19:16 pm »
Yeah, for a while now i have had my IPTV service split off my main network and still using the Network Box, pfsense appears to be great at handling every besides the IPTV service.


I have tried doing what you said for the IP6 and get the following:

Jun/18/2014 14:18:50: cfdebug_print: <3>end of closure [}] (1)
Jun/18/2014 14:18:50: cfdebug_print: <3>end of sentence [;] (1)
Jun/18/2014 14:18:50: configure_pool: called
Jun/18/2014 14:18:50: clear_poolconf: called
Jun/18/2014 14:18:50: dhcp6_reset_timer: reset a timer on em1, state=INIT, timeo=0, retrans=383
Jun/18/2014 14:18:51: client6_send: a new XID (c4a4bd) is generated
Jun/18/2014 14:18:51: copy_option: set client ID (len 14)
Jun/18/2014 14:18:51: copyout_option: set identity association
Jun/18/2014 14:18:51: copy_option: set rapid commit (len 0)
Jun/18/2014 14:18:51: copy_option: set elapsed time (len 2)
Jun/18/2014 14:18:51: copy_option: set option request (len 4)
Jun/18/2014 14:18:51: copyout_option: set IA_PD
Jun/18/2014 14:18:51: client6_send: send solicit to ff02::1:2%em1
Jun/18/2014 14:18:51: dhcp6_reset_timer: reset a timer on em1, state=SOLICIT, timeo=0, retrans=1088
Jun/18/2014 14:18:51: client6_recv: receive reply from fe80::ea4:2ff:fea8:401%em1 on em1
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option server ID, len 10
Jun/18/2014 14:18:51:   DUID: 00:03:00:01:0c:a4:02:a8:04:01
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option client ID, len 14
Jun/18/2014 14:18:51:   DUID: 00:01:00:01:1a:f4:7b:cf:00:50:56:92:cb:8c
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option rapid commit, len 0
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option identity association, len 40
Jun/18/2014 14:18:51:   IA_NA: ID=0, T1=900, T2=1200
Jun/18/2014 14:18:51: copyin_option: get DHCP option IA address, len 24
Jun/18/2014 14:18:51: copyin_option:   IA_NA address: 2605:a601:fe06:xxxx::1 pltime=1800 vltime=3600
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option IA_PD, len 41
Jun/18/2014 14:18:51:   IA_PD: ID=0, T1=900, T2=1200
Jun/18/2014 14:18:51: copyin_option: get DHCP option IA_PD prefix, len 25
Jun/18/2014 14:18:51: copyin_option:   IA_PD prefix: 2605:a601:606:xxxx::/56 pltime=1800 vltime=3600
Jun/18/2014 14:18:51: dhcp6_get_options: get DHCP option vendor specific info, len 39
Jun/18/2014 14:18:51: dhcp6_get_options: unknown or unexpected DHCP6 option vendor specific info, len 39
Jun/18/2014 14:18:51: client6_recvreply: executes /var/etc/dhcp6c_wan_script.sh
Jun/18/2014 14:18:51: client6_script: script "/var/etc/dhcp6c_wan_script.sh" terminated
Jun/18/2014 14:18:51: get_ia: make an IA: PD-0
Jun/18/2014 14:18:51: update_prefix: create a prefix 2605:a601:606:xxxx::/56 pltime=1800, vltime=3600
Jun/18/2014 14:18:51: ifaddrconf: failed to add an address on em0: Invalid argument
Jun/18/2014 14:18:51: get_ia: make an IA: NA-0
Jun/18/2014 14:18:51: update_address: create an address 2605:a601:fe06:xxx::1 pltime=1800, vltime=3600
Jun/18/2014 14:18:51: ifaddrconf: failed to add an address on em1: Invalid argument
Jun/18/2014 14:18:51: update_ia: failed to update an address 2605:a601:fe06:xxx::1
Jun/18/2014 14:18:51: dhcp6_remove_event: removing an event on em1, state=SOLICIT
Jun/18/2014 14:18:51: client6_recvreply: got an expected reply, sleeping.


It gets an address, but is not able to assign it for some reason.

15
Lol, my bad, forgot to set the outbound NAT rule. Still monday here in the USA. ha

Pages: [1] 2 3 4 5 6