Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - andrew867

Pages: [1]
Hardware / Re: EZIO Driver for LCDproc
« on: March 05, 2018, 07:28:17 pm »
OK, I rebuilt this driver with fewer dependencies:

Code: [Select]
$ ldd server/drivers/
server/drivers/ => /lib/ (0x28205000) => /lib/ (0x2806f000)

Code: [Select]
$ file server/drivers/
server/drivers/ ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped

Let me know...

I've got an old IBM security appliance that will only run x86 and I had the same issue with libftdi1 not existing. The recompiled version works perfect, thanks!

I don't think I can since I reverted back to 2.15. However, here are snipets from dmidecode hoping it would help:

System Information
 Product Name: HP Compaq dc5750 Small Form Factor

Base Board Information
 Manufacturer: Hewlett-Packard
 Product Name: 0A64h

Processor Information
 Version: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+

I'm working with the same machine and found that changing the system to 'Native Mode IDE' in the BIOS (Storage->Storage Options->SATA Emulation) and changing /etc/fstab to ada0s1a allows the machine to start working normally again.

Hopefully this helps other people using legacy HP PCs!


I haven't heard of any updates so I ended up using an old Nortel BayStack 420 to do my VLAN and 802.1p tagging for data, left the ActionTec in place for TV. My network now looks like this:

Code: [Select]
ONT -> D-Link 10/100 Switch -> ActionTec (WAN internet turned off) VLAN 34/802.1p VI/4) -> Coax and Ethernet to Motorola Boxes
                      |                                                         ^
                      |                                                         | LAN port
                      |                                                         | OPT1 DHCP (this is for management of the ActionTec,
                      |                                                         | and I should be able to creatively route packets from Motorola boxes on my usual network)
                      |                                                         ^
                      -> BayStack Trunk port -> VLAN 35 untagged port -> pfSense box -> Usual network

And it actually works fine! :D

Forgot to mention I'm using the snapshot from Sept. 23, 2012, I had upgraded from 2.0 stable using the .tgz.

Hey all,

I have BellAliant FibreOP, they stick IPTV, internet, and voice over one fibre. There is an ONT unit that converts the fibre to an FXS voice port and a single gigabit RJ45. BellAliant provides a useless ActionTec router that takes the gigabit connection from the ONT and uses VLAN 35 for internet access (DHCP for IP address) and then uses VLAN 34 for IPTV.

The issue at hand is this, when the IPTV box send its data on VLAN 34 it doesn't attach a 802.1p tag. That is left up to the router to do before it sends the data out on VLAN 34 to the ONT. The BellAliant network will drop/ignore any IPTV VLAN 34 packets that are not tagged with 802.1p priority 4 (video/VI).

I am using two Intel PRO/1000 NICs for the ONT WAN connection and IPTV data, with an onboard Broadcom gigabit for the LAN. I have pfSense working perfectly with the WAN selected as em0_vlan35 with DHCP, but when capturing packets on the WAN VLAN 34 (em0_vlan34) I see that they are always priority 0. I have set firewall rules to allow any traffic in and out of the OPT1 (em0_vlan34) and OPT2 (em1_vlan34) and to set a 802.1p tag as 4 (VI) both ways on both interfaces. So it looks like this:

WAN -> em0_vlan35 (142.163.x.x DHCP)
LAN -> bge0 (
OPT1 -> em0_vlan34 (no IP)
OPT2 -> em1_vlan34 (no IP)
bridge0 -> OPT1, OPT2

Firewall rules for OPT1 and OPT2 are like this:
Any in, any out, anywhere. Any inbound ('none') 802.1p tag, outbound VI (4).

This patch is what lead me onto using 2.1 dev, but there is a slight bug in the code. This is the change I made to allow me to select a different match (input?) priority than the outgoing tag when going back to the page to edit the rule.

Code: [Select]
<td width="22%" valign="top" class="vncell"><?=gettext("802.1p");?></td>
<td width="78%" class="vtable">
<div id="showadvvlanpriobox" <?php if (!empty($pconfig['vlanprio'])) echo "style='display:none'"?>>
<input type="button" onClick="show_advanced_vlanprio()" value="<?=gettext("Advanced"); ?>"></input> - <?=gettext("Show advanced option");?></a>
<div id="showvlanprioadv" <?php if (empty($pconfig['vlanprio'])) echo "style='display:none'"?>>
$vlanprio = array("none""be""bk""ee""ca""vi""vo""ic""nc");
$vlanprioset = array("none""be""bk""ee""ca""vi""vo""ic""nc");
$opts "";
foreach($vlanprio as $vprio) {
if ($vprio == $pconfig['vlanprio'])
$selected " SELECTED";
$selected "";
if ($vprio == "none")
$opts .= "<option value=\"\" {$vprio}>{$vprio}</option>\n";
$opts .= "<option value=\"{$vprio}\" {$selected}>" strtoupper($vprio) . "</option>\n";
$optsset "";
foreach($vlanprioset as $vprioset) {
if ($vprioset == $pconfig['vlanprioset'])
$selected " SELECTED";
$selected "";
if ($vprioset == "none")
$optsset .= "<option value=\"\" {$vprioset}>{$vprioset}</option>\n";
$optsset .= "<option value=\"{$vprioset}\" {$selected}>" strtoupper($vprioset) . "</option>\n";

<select name='vlanprio'>
<?php echo $opts?>
<p><?=gettext("Choose 802.1p priority to match on");?></p>
<select name='vlanprioset'>
<?php echo $optsset?>
<p><?=gettext("Choose 802.1p priority to apply");?></p>

But it seems that the 802.1p firewall rules really don't work, did I do something wrong or is there something else I can try?

Here is a screenshot of the packets captured on the WAN after turning on 802.1p VI in the firewall rules, VLAN is set properly but PRI is still 0 (best effort/BE):

Any help would be appreciated, getting the TV working is the last step to having super awesome 50/30 internet that doesn't crap out when torrenting ;)


Pages: [1]