Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - border

Pages: [1] 2
Installation and Upgrades / Re: migration to SG-3100
« on: March 07, 2018, 06:54:09 am »
Hi all,

I followed the suggested approach (removing packages on old system, create config backup on old system, restore config backup on new system, reinstall packages on new system). All worked fine but I overlooked one thing... Thanks to a prompt reply fro Netgate support I managed to resolve this.

The issue was that the network card configuration (the network interface naming in the config backup was not compatible with the new system) and the device got stuck in the console waiting for network card assignment. Connecting through a serial connection with the console I could select interfaces and proceed.

Thanks for the support!


Installation and Upgrades / migration to SG-3100
« on: March 05, 2018, 11:40:39 am »

I just ordered the SG-3100 and have a question on the migration from my current pfSense configuration.
The expected path would be: backup complete from current system, unplug current system, plugin SG-3100, restore backup. However, there are a few things I would like to check:
* will packages be automatically installed based on the restore of the configuration? If not, do I manually (one-by-one) install them? If so, before/after the restore of the profile? On the backup/restore page there is an option to reinstall the packages. Is that a better option to install them on the new system or is that only for reinstalling already installed packages?
* when doing the install on the new system I will need to (of course) unplug the old system (or we will have an IP conflict) but is the new system not "unprotected" between plugging it in and restoring the profile from the old system?

Perhaps these are non-issues but I want to be sure to not have a bad start with the new system.


OpenVPN / Re: OpenVPN accessing LAN systems
« on: May 28, 2017, 02:37:25 am »

Thanks for the reply.

You are correct: it does work out of the box. T

he probleem seems to be just ONE system (and that happened to be the one I was using as a reference to check if it works) that cannot be reached. I will further investigate the problem with this one system but it is probably not of interest to the community what the problem is so we can close this thread.


OpenVPN / OpenVPN accessing LAN systems
« on: May 27, 2017, 06:27:19 am »

Many discussions on this topic (how to access LAN systems through OpenVPN) but no clear step-by-step guide. Unfortunately none of the discussions provides a solution.

What I would like to achieve is that my pfSense box runs an OpenVPN server through which road warriors can connect and have access to the LAN systems. While setting up the OpenVPN server works and accessing the pfSense box is possible, none of the LAN systems can be reached.

Current settings:
* OpenVPN is running (tun device) on tunnel network
* IPv4 Local network is set to (the LAN)
* custom option: push "route"

In the Firewall -> NAT -> Outbound:
* WAN   *   *   500   WAN address   *      Auto created rule for ISAKMP
* WAN   *   *   *   WAN address   *      Auto created rule

Would be great to get this working so if anybody has a pointer to a step-by-step guide that would be very helpful!

Packages / Reverse proxy: how to set X-forwarder
« on: April 01, 2014, 01:51:31 pm »

I would like to set X-forwarder but there is no GUI option for that.
How can I change it? The squid.conf file indicates that it should not be changed directly (using vi)...

DHCP and DNS / Re: DNS forward: remote IP address
« on: April 01, 2014, 11:16:19 am »
Yes, I assumed so.
However there is no option for that in the GUI so I will have to go into some config file? When opening the squid.conf file (not sure if that is the correct one but there is no squid3.conf) it informs that the file should not be changed directly. Would you know in which file I can set this parameter? I did search the pfSense forum on the parameter but there was no info on how to set it...

DHCP and DNS / Re: DNS forward: remote IP address
« on: March 31, 2014, 03:09:35 pm »

I am using Squid3 for the reverse proxy.
Searching the internet I think I need to set X-forward_on but this is not an option presented in the gui...


DHCP and DNS / DNS forward: remote IP address
« on: March 31, 2014, 11:30:39 am »

I have configured DNS forward on my pfSense box to an internal Apache server.
This works great.

However, in the Apache log file there is always the IP address of the pfSense box as this is the one forwarding the call. Is there a possibility to have the DNS forward pass on the remote IP address to the internal Apache server? The reason is that I have fail2ban installed on the Apache server but when there are a number of invalid login attempts the pfSense box is blacklisted and not the remote IP address...


Packages / DNS forward: including ports
« on: February 08, 2014, 01:55:16 am »

I am running an email server behind pfSense. The email server has webmail (say and pop/imap.
Accessing the email server from external works all fine but there is a problem from within the LAN.

An email client on a laptop is set to access the server from the outside but cannot access from the inside. So I used DNS forward to forward an internal request for to the LAN address of the email server. This works fine for port 80 but not for others like 110. Of course I can access the other ports using the LAN address but that would require reconfiguring the email client every time.

Is there a way to also forward other ports?

OpenVPN / Re: cannot access LAN through OpenVPN
« on: February 03, 2014, 10:32:37 pm »
The pfSense machine is the gateway for any device in the LAN.
So the NAS knows the IP address of the pfSense machine.

The rule "Default allow LAN to any rule" should be enough I assume?
Let me know if you need an overview of specific settings.

OpenVPN / Re: openvpn cannot access to lan
« on: February 02, 2014, 01:47:22 am »

I just opened the same question (cannot access LAN) so I cannot provide the answer to this question...
But: the firewall rule for OpenVPN is created automatically when configuring OpenVPN (with description OpenVPN wizard).

OpenVPN / Re: cannot access LAN through OpenVPN
« on: February 02, 2014, 01:44:07 am »

From remote I can login and connect to the network.
Once connected I can surf the Internet and access the gateway but none of the other LAN machines. For example, one LAN machine is a NAS with a web interface. I cannot access the web interface nor ping the NAS.

OpenVPN / cannot access LAN through OpenVPN
« on: February 01, 2014, 04:45:13 am »

Although I assumed it would be a typical problem I could not find the solution so hence the question...

I configured OpenVPN and am able to login from outside the network. After connecting I can browse the internet but I cannot access any LAN computers other than the pfSense machine. S I assumed it would be a routing problem. After searching for a solution I added some commands (under Advanced Configuration):

push "route";
push "redirect-gateway";
push "dhcp-option DNS";

The pfSense gateway is on the network while the VPN clients are on
But even with these commands the road warrior cannot connect to other LAN computers.

Any help is appreciated!

Packages / Re: Squid3 disappeared
« on: December 25, 2013, 04:30:31 am »
Hi Robert,

I am amazed that there are not more reactions to this issues.
It seems like a serious bug to me...


Packages / Re: Squid3 disappeared
« on: December 24, 2013, 08:07:23 am »
No, I did not change anything on the setup (unless an automated update?)...
I did not have to restore but simply reinstall the package. All settings were still there.

It would be reassuring to know the reason behind this weird behavior of pfsense.

Pages: [1] 2