Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - alex_london

Pages: [1] 2
1
Official pfSense Hardware / Re: SG-3100: How do I assign port(s) to a VLAN
« on: November 22, 2017, 12:01:39 pm »
Thanks, I'll try the GUI once I update to 2.4.2... though from the latest post by jwt, is that referring to a bug and I should avoid using this for now?

I assume the shellcmd approach will continue to work, as long as I don't also use the GUI at the same time...

2
Official pfSense Hardware / Re: SG-3100 expected idle temperature
« on: November 06, 2017, 11:37:51 am »
Ok, so with that in mind, an ambient of around 23 C, and the SG-3100 sitting between above a Netgear switch and a below Speedtouch modem (which does get quite warm in itself), 70 C or so should be expected...

3
Official pfSense Hardware / SG-3100 expected idle temperature
« on: November 06, 2017, 10:02:30 am »
Hi,

My pfSense is reporting an idle temperature of around 70 C, this is with load average of 0.16,0.18,0.17 and CPU of 10-15% (I guess this is being affected by my observation, as I have the web dashboard open which is obviously using up some cycles too).

Is this a "normal" temperature? It seems a little high for me, but I'm not familiar with the hardware...

On a related note - can anybody tell me the SNMP OID to monitor temperature?

Thanks,
-Alex

4
Official pfSense Hardware / Re: SG-3100: How do I assign port(s) to a VLAN
« on: November 03, 2017, 11:17:51 am »
Thanks, I'll give that a shot! Seems straightforward enough... (famous last words  ;) )

-Alex

EDIT: Worked like a charm, thanks!

5
Official pfSense Hardware / Re: SG-3100: How do I assign port(s) to a VLAN
« on: November 03, 2017, 05:45:20 am »
Steve,

Yes some help would be appreciated!

I should add, a few minutes ago I came across this post: https://www.netgate.com/blog/ive-got-99-problems-but-a-switch-aint-one.html. On a hunch, I tried manually browsing to https://<pfSense IP and port>/switch_vlans_edit.php, and the page is there - just no way to browse to it from the GUI.

I haven't tried anything yet, in case this is not working (or even worse actually breaks something).

So I'll await your suggestions.

Thanks!
-Alex

6
SNMP / Re: SNMP reporting incorrect (double?) the bandwidth usage
« on: November 03, 2017, 05:40:35 am »
Ah, ok thanks! I'll await the update then...

-Alex

7
Official pfSense Hardware / SG-3100: How do I assign port(s) to a VLAN
« on: November 02, 2017, 07:51:22 pm »
Hi,

I've been setting up my new SG-3100, and I'm stuck trying to figure out how to properly set up VLANs and allocate port(s) to them.

Here's what I have so far:
  • WAN (mvneta2) - Directly connected to ADSL router 1
  • OPT1 (mvneta0) - Directly connected to ADSL router 2
  • LAN1 (mvneta1) - Connected to unmanaged switch
  • LAN2...4 (mvneta1) - Currently disconnected

Now I have a separate unmanaged switch that would be in my DMZ, and I'd like to assign LAN2 to a separate VLAN and configure an interface in the DMZ on that port (so I can configure WAN-to-DMZ and DMZ-to-LAN rules).

The onboard Marvel 6000 switch seems to not have any configurable options. I have created a VLAN on "mvneta1", but not sure where to go next - I need traffic on the 4 LAN ports (or at least on 1 of them) to be separate from the rest.

EDIT: I should add that I have found the Switch options pages, but these are all read-only; specifically the Interface/Switch/VLANs page, shows 5 groups, all configured as "Default System VLAN", with all 5 ports assigned to all of them (I assume 5 ports as 1 is the internal uplink port of the switch).

How would I go about doing this?

Thanks,
-Alex

8
SNMP / SNMP reporting incorrect (double?) the bandwidth usage
« on: November 01, 2017, 08:53:39 pm »
Hi,

I've just set up a new SG-3100, and using SNMP sensors in PRTG to monitor various statistics, including bandwidth. The reported bandwidth in PRTG seems to be double the actual use - I'm seeing 20Mbps where it should be closer to 10Mbps (I wish it was 20!).

I'm using a Multi-WAN setup, with policy-based routing, so I'm not doing anything fancy with load balancing etc. Both WAN links (WAN/mvneta2 and OPT1/mvneta0) seem to be exhibiting the same behaviour.

The RRD charts in the device itself seem to be correct.

Any thoughts?

Thanks,
-Alex

9
Official pfSense Hardware / Re: SG Series desktop appliances
« on: October 16, 2017, 04:53:04 pm »
Excellent, thanks... I think I'll be placing my order soon enough!

10
Official pfSense Hardware / Re: SG Series desktop appliances
« on: October 16, 2017, 02:45:36 pm »
Each port can be assignable, switch supports VLAN's.

Sorry for the naive follow-up, I haven't used pfSense in ages and have recently been looking to return; does this mean the 4 switched ports can be used as individual ports/networks (e.g. LAN, DMZ1, DMZ2) and traffic can be routed via firewall policies between them?

Also, is the SG-3100 capable of handling synchronous Gigabit traffic? I'm asking about basic NAT/PAT traffic, anything encrypted (IPsec) will be restricted to around 30-40Mbps as that's all the remote side would be capable of.

Thanks,
-Alex

11
DHCP and DNS / Re: DNS forwarder and resolution stopped working?
« on: September 25, 2014, 05:52:29 pm »
WAN1 is a public range, I have a /28 addressable subnet. One of the IPs is statically assigned to the pfSense, one is the modem/router itself (default gateway) and a couple of the remaining ones are assigned to devices sitting "outside" the firewall - these are the ones I tested DNS lookups from whenever I get timeouts from pfSense itself.

WAN2 is slightly different, I get an RFC1918 address, but have a 1:1 NAT set so I can configure port forwarding etc on the pfSense directly. No other devices between that modem/router and the pfSense WAN port.

However, as I mentioned above, I disabled WAN2 altogether last time I saw the issue, and it was still happening after that, all the while DNS queries outside the pfSense were fine.

I'll try your suggestion of running a packet capture on pfSense next time this happens, and will report back...

Thanks.
-Alex

12
DHCP and DNS / Re: DNS forwarder and resolution stopped working?
« on: September 24, 2014, 07:28:21 am »
To add to this, since it's happening again... I've confirmed that pfSense itself cannot connect to the DNS servers at all, even if I explicitly set it in "nslookup" in the shell:

Code: [Select]
[2.1-RELEASE][admin@pfsense.somedomain.local]/root(1): nslookup
> server 8.8.8.8
Default server: 8.8.8.8
Address: 8.8.8.8#53
> www.google.com
;; connection timed out; no servers could be reached
> ^C
[2.1-RELEASE][admin@pfsense.somedomain.local]/root(2): ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=50 time=25.249 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=50 time=25.323 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=50 time=25.262 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 25.249/25.278/25.323/0.032 ms

Though you can see the DNS server is reachable via ping (and traceroute) from the same shell session...

From a server sitting just "outside" the pfSense (directly connected to the ADSL modem, and in the same public subnet as pfSense WAN1), everything is fine. So the problem is definitely with pfSense itself...

For now I have disabled WAN2 altogether, to eliminate that as an issue, but it hasn't changed anything...

-Alex

13
DHCP and DNS / Re: DNS forwarder and resolution stopped working?
« on: September 23, 2014, 05:43:33 pm »
LAN rules are fine, I'm not blocking anything outbound.

I should have mentioned - when DNS resolution works via the pfSense forwarder, it also works if I use external nameservers directly from my LAN too. When it stops working via forwarder, it stops working everywhere...

Strange as usual, everything is working fine again... for the time being!




14
DHCP and DNS / DNS forwarder and resolution stopped working?
« on: September 23, 2014, 11:03:42 am »
Hi all,

I'm running pfSense 2.1-RELEASE with a single LAN and two WANs. I have DNS forwarder enabled on the pfSense and DNS servers configured as follows (in System --> General):
  • ISP1 Primary DNS - Use WAN1 gateway
  • ISP2 Primary DNS - Use WAN2 gateway
  • 8.8.8.8 (Google Primary) - no gateway
  • 8.8.4.4 (Google Secondary) - no gateway


For some reason, DNS resolution in my LAN has stopped working... it was on and off for a while, but now it's completely "broken", and I'm not sure why.

I can reach all 4 DNS servers from both inside the LAN and also from the pfSense itself - i.e. they are responding to ICMP ping.

But any domain lookups, whether from my LAN (using pfSense as the DNS resolver) or from the pfSense itself no longer work. I tried disabling the DNS Forwarder as a DNS server for the firewall (again in System --> General) and this still didn't change anything.

Here's the even stranger thing: Even if I set DNS servers on a PC on the LAN to Google public DNS it still fails with a timeout, as if the pfSense is blocking it!
Code: [Select]
> server 8.8.8.8
DNS request timed out.
    timeout was 2 seconds.
Default Server:  [8.8.8.8]
Address:  8.8.8.8

> www.google.com
Server:  [8.8.8.8]
Address:  8.8.8.8

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to [8.8.8.8] timed-out

Ping to the above IP is fine from inside the LAN, as is access to DNS itself from WAN, as I have checked from a server that is running "outside" the pfSense and connected directly to the ADSL modem/router. This is the case for all 4 DNS servers on both WAN connections.

I of course tried the usual, stop/start DNS forwarder, disable it completely, restarted pfSense etc... also, I checked and I'm not blocking (as far as I can tell) DNS IPs/ports in the firewall rules. Nothing has changed there for quite some time...

I'm stumped, any help would be appreciated!!!

Thanks,
-Alex

15
NAT / Static route & NAT to secondary LAN gateway
« on: September 19, 2014, 06:03:30 pm »
I'm not sure if the subject is accurate for what I'm trying to do, so I'll explain it...

My LAN is on 192.168.2.0/24. I have two WAN interfaces, connected to separate ISPs and pfSense is my default gateway for all devices on the 192.168.2.0/24 subnet.

There are some remote networks I need to reach via PPTP. Since pfSense cannot act as a PPTP client (or maybe I'm too dumb to figure out how to do it!), I have setup a Linux VM which is running pptp client and it does connection sharing and NAT via iptables. The VM is on 192.168.2.253, and one of the remote networks I'm connecting to via PPTP is on 10.20.30.0/24.

I have set a static route on all PCs to send traffic to 10.20.30.0/24 via the 192.168.2.253 gateway, and this is working just fine...


Now, I want to avoid having to configure the route on all LAN devices (there are 3 VPNs currently, so 3 routes per device), so I was wondering if I could do this using the pfSense instead.



So far on pfSense I've been able to:
* Create a gateway on the LAN interface, with IP 192.168.2.253
* Add a static route for 10.20.30.0/24 with the above gateway

I can ping devices on the 10.20.30.0/24 from the pfSense diagnostics page only... doing so from any other device on the LAN doesn't work. I suspect I need to force the pfSense to NAT the traffic to it's inside IP address (192.168.2.254) before routing it via the pptp gateway (192.168.2.253).

The only thing I could think of was to try adding a firewall rule on the LAN interface to do this (i.e. any traffic to 10.20.30.0/24 should use gateway 192.168.2.253), but that didn't work.

Any thoughts?

Once I can get one of the remote networks to connect, I'll just copy the configuration for the other two...

Thanks!

-Alex

Pages: [1] 2