Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Peter847

Pages: [1] 2
1
General Questions / Re: UPS PfSense Shutdown
« on: January 08, 2018, 01:30:10 am »
Many thanks for all the replies, very helpful.  I did some more digging on the NUT website, the first Windows client I found was unsupported but it appears there are others.  I'll shutdown down the Windows machine using one of these NUT clients and then bring down PfSense.

Thanks again.

2
General Questions / Re: UPS PfSense Shutdown
« on: January 05, 2018, 12:56:46 am »
Many thanks for the replies.  I think I need to give you a few more details.

I currently have NUT installed on my PfSense machine and can see the status of the UPS, I do not think it is compatible with apcupsd.  No doubt I can configure NUT to shutdown this machine but the UPS also powers two Windows machines and it does not look like the Windows port of NUT is actively supported.  I was considering using the UPS manufacturer's Windows software to shutdown the critical Windows machine and just let PfSense and the other Windows machine die when the power runs out.  But that looks like a bad idea?

So it looks like my only solution is to buy another APC compatible UPS?

3
General Questions / UPS PfSense Shutdown
« on: January 03, 2018, 08:00:41 am »
I run a small small office LAN through PfSense and am looking for advice on how I manage my UPS.

The UPS supplies PfSense and a couple of Windows machines.  Its main purpose is to ride through the relatively frequent power drop outs that last a few seconds, real outages (greater than a minute) are rare.  It does not look easy to get one UPS management suite that will gracefully shutdown all the machines so I am thinking about letting PfSense just run out of power.

PfSense runs on a passively cooled Atom system with an SSD, will I damage anything if I just let the power on the UPS run out and restart PfSense when the power returns?

4
Routing and Multi WAN / Bridged OpenVPN
« on: June 25, 2017, 05:31:20 am »
I want to bridge two remote LANís into one logical LAN and would like to make sure Iím thinking the right way before I start reading up on the details.
 
I currently have two physically distant networks both running pfSense and connected together through an OpenVPN tun interface.  I want end up with one logical LAN with two gateways, one in each physical location.  Each device is assigned a default gateway typically the one in the same location as the device and, additionally, outgoing packets are routed to a specific gateway according to their destination.
 
Here is how I think I should set this up.
 
  • Change the OpenVPN to a tap interface.
  • Assign fixed IPís to both the pfSense LAN interfaces in the new subnet address space.
  • Disable one of the DHCP servers and use the remaining DHCP server to set the default gateway according to where the device is located.
  • Add routing rules in each pfSense to redirect any packets to the WAN interface nearest their destination.
Before I start reading up on all of this, am I thinking along the right lines?

5
IPsec / Mobile Client + Site to Site Tunnel
« on: December 09, 2016, 11:01:46 pm »
I need some general advice on setting up multiple IPsec tunnels.

First I need to admit I am very much a beginner and I have looked through the PfSense book & the Wiki.  I have set up a mobile client by following the instructions in the book and it works well.  I would now like to setup a site to site connection from the Pfsense box running the mobile client to another Pfsense box in a remote location.   Do I create a new phase 1 entry, add a phase 2 entry to the existing phase 1 for the mobile client or something else?

Many thanks for any advice.

6
General Questions / Re: NAT Port Forward vs Firewall Rule
« on: July 31, 2016, 04:48:44 pm »
Ah, yes! 

I thought the NAT linked firewall rule was just the same as any other firewall rule but I now see that the "destination" section of the NAT rule is the destination for the redirected packet whereas the destination for a normal firewall rule just selects the packets for Pass/Reject.  Correct?

Peter

7
General Questions / NAT Port Forward vs Firewall Rule
« on: July 31, 2016, 03:46:24 am »
Could someone help me improve my understanding of PfSense?

I have a device on my network that has its DNS servers hard coded so I use a NAT port forward rule to catch everything it sends on port 53 and redirect it to the DNS server of my choice.  I copied the setup from one of the posts in this forum.  Is there any reason why I should use the NAT rule, can I just achieve the same thing with a standalone Firewall rule and dispense the linked NAT rule?

Peter

8
Firewalling / Openvpn Firewall Rules
« on: July 14, 2015, 09:12:19 pm »
I have a standard 2 port LAN/WAN pfsense box and need some help from the experts setting up the firewall rules for my vpn.

I have setup an openvpn client, I select which packets go through the vpn using the firewall rules on the LAN interface and directing them to the vpn gateway.  I presume I can control all my outgoing packets by creating the appropriate pass rules but I am not sure how I secure the incoming traffic.  On the firewall rules page I have five tabs, Floating, LAN, WAN, VPNGateway & Openvpn which of the last two tabs needs the pass rules on it to filter inbound packets coming out of the vpn?

I have a similar question on the traffic shaper.  All of my vpn traffic has the same priority so I intend to shape everything on the LAN/WAN interfaces.  In the shaper wizard I see rules to match PPTP & IPSec traffic but nothing for openvpn, do I just prioritize all traffic on port 443?  How do I differentiate between openvpn traffic and other SSL traffic - or am I way out of my depth here?

Many thanks in anticipation!

9
PPTP / Re: PPTP Security
« on: October 01, 2012, 02:01:25 pm »
Are L2TP or IPSec any better?

10
PPTP / Re: PPTP Security
« on: September 30, 2012, 05:42:05 pm »
Many thanks, I'll disable it!

11
PPTP / PPTP Security
« on: September 29, 2012, 10:10:07 pm »
I have setup my pfSense box as a PPTP server and all works well . . . but I have a security question.  I have only one remote user that has a random 16 character userID and password, which I would have thought was fairly secure.  However could some bad guy just keep trying multiple to log in attempts and eventually find the right combination, or is the chance of hitting it correct just so small it is not worth worrying about?

12
Traffic Shaping / Re: Newbie question on wizard setup
« on: August 03, 2012, 07:50:23 pm »
Many thanks for the help, time for me to play around a little.  If anyone does know where there is a write up on the V2 shaper it would be very helpful!

13
Traffic Shaping / Re: Newbie question on wizard setup
« on: August 02, 2012, 09:31:40 pm »
I have a rule that looks like it puts the games download traffic in a "qACK/qGames" queue but I don't know what this means.  Does it match the games download traffic and put it qGames and automatically match the upload ACK to the Games download traffic & put the ACK packet in the qACK?  Is there anywhere I can see a write up on how to configure the version 2 shaper?

14
Traffic Shaping / Re: Newbie question on wizard setup
« on: August 02, 2012, 02:09:53 pm »
Hi, thanks for the reply.

I'm don't have access to my machine at the moment but I think its version 2.01, in any event it is the latest stable release.

1.  Looking at my queues I think I have my VOIP working now by using a single host, not sure why it wouldn't work with an alias.
2.  I'm looking for the ACK's on a large download not VOIP traffic, I see what looks like the correct amount of bandwidth for the ACK's in the upload but it is all in the default queue.  From the documentation on version 1 it looks like the wizard should automatically add the ACK rule but I don't see one and if its hidden it isn't working.
3. I've seen a number of discussion on the value of shaping on a download.  I think the fundemental argument is that if anyone is going through packets away to keep within the bandwidth limits I would rather do it myself than let my ISP decide what he is going drop.  So I need to limit my download to ensure my ISP isn't dropping anything.

However at the moment I just looking for the version 2 documentation so I can add the rules the wizard has missed - or am I missing something here?

15
Traffic Shaping / Re: Newbie question on wizard setup
« on: August 02, 2012, 07:32:35 am »
Update:  I've searched around the pfSense site and can't find any documentation on the version 2 traffic shaper, everything is written for version 1.  Can somebody point me in the right direction for some documentation on the floating rules used in version 2?

Thanks

Pages: [1] 2