Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - KOM

Pages: [1] 2 3 4 5 ... 379
Firewalling / Re: Static ip error
« on: Today at 10:02:47 am »
Interfaces - BLUE would have been more useful.  The Assignments page doesn't say much.

You can attach your images directly here without zipping them btw.

You need to set rotation on your squid logs or they will fill up your drive eventually.  You also might want to edit the X-Forward headers to delete, disable VIA mode and suppress squid version.

Next, show screens for squidguard: Common ACL and Target Categories.

Firewalling / Re: Static ip error
« on: Today at 09:22:11 am »
Post screens of what you've actually done.

Post screens of your config.  Remember that with squidguard, you must go back to the General settings tab and click Save then Apply for changes on any other tab to take effect.

By the way, there is a dedicated forum for squid & squidguard, the Cache/Proxy forum.

Notice my username "coconuts", I am living on a small outcropping of coral which is an island in the Pacific Ocean.

Notice my username "KOM", which means 'frozen wasteland' in some language.  I am living on a small outcropping of ice which is currently freezing my ass.

I hate you already.  ;D

Firewalling / Re: pfSense and NordVPN
« on: March 16, 2018, 02:27:49 pm »
How is pfSense involved in this, and what does it have to do with firewalling?  If this is an issue configuring pfSense with OpenVPN, there is a forum for that.

What are you doing to force your users to use the proxy?  I assume you're blocking 80/443tcp on LAN?

Traffic Shaping / Re: SFTP half speed, have tried both CODELQ & HFSC
« on: March 16, 2018, 08:32:34 am »
You might be incorrectly qualifying some of your traffic, but nobody can tell for sure since you've not posted any details whatsoever about your configuration.

Your life would be a lot easier if you would just add another NIC and install pfSense as the primary OS instead of within virtualbox.  Do you need that Ubuntu instance?

With split DNS, you would create a host override in your DNS forwarder that resolves to the LAN IP address.

You could also try enabling one of the NAT Reflection modes, but I much prefer split DNS myself.

Firewalling / Re: granting certain wanadress acces to local lan
« on: March 15, 2018, 11:28:58 am »
its, to complicated for what i want, the devices that usually connect back home do not have vpn clients build in,

OpenVPN clients are free and available for almost every platform.  Suit yourself.

Firewalling / Re: granting certain wanadress acces to local lan
« on: March 15, 2018, 09:39:13 am »
and i do not want to place a (permanent) vpn client at their house or site.

Why not?  The binary is tiny, and you still need a user:pass to connect.

it would cost me a bunch of routers and vpn tunnels

What?  I don't understand what you mean here.  Why would you need more routers?

before... it worked just the way i liked it

Well, you're going to have to get used to something new.  pfSense does not have this web-ssl type of VPN that your monowall had (I'm assuming it's a web-ssl VPN from your basic description.)

Firewalling / Re: granting certain wanadress acces to local lan
« on: March 15, 2018, 09:00:17 am »
I do not want to use vpn.

Why not?  This is exactly the sort of scenario where a VPN is recommended.

Cache/Proxy / Re: Pfsense - SquidGuard
« on: March 15, 2018, 08:15:01 am »
Yes.  Below is an example.  The first rule under Squid Proxy Rules allows specified clients (the alias ExemptFromProxy) to go out direct without using the proxy.  The next rule allows all clients to access web services from the DMZ.  The last rule blocks all web access which forces all clients (except those exempt) to use the proxy if they want web access.

Your next step will be to either manually configure all your clients to explicitly use the proxy, or configure WPAD so they can auto-discover it on their own.

Pages: [1] 2 3 4 5 ... 379