Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Mr.Si

Pages: [1]
Yes there is that... I just will have to check if I can get hold of a config.

Yes the console works.

However, I feel as though if an update is made available as a release and is reported as successfully updated, then the thing should work. Or is that too much to ask?

Hi all,

I upgraded from 2.3.1 to 2.3.3 and then re ran the update check and found that there was a further update so did that to 2.4.2_1 but after a couple of reboot the ui is not responding to mouse clicks. I can get terminal access but not sure what best to do. At least itís passing traffic outbound so staff should not notice a problem.

Would a roll back be necessary and if so how does one do that?

I am not in the office now until Friday but only for the morning.

Cache/Proxy / Re: https filtering
« on: December 23, 2016, 05:46:45 pm »
yes you need to install a CA certificate on machines you wish to filter. No, there isn't a way to do that automatically on guest systems you do not control.

out of interest, because i am thinking of doing this on my home network (want to really properly block porn type sites inc using google images which is https) then if a kosher cert was bought, would this still need to be done or will it automatically trust the fw because it's got a cert from an already trusted location?


Firewalling / Re: Trying to create an inbound FTP rule
« on: June 12, 2016, 03:48:05 pm »
Can you elaborate more as to what "isn't working properly" means?

The fact that the destination host of the firewall rule has to be the "Real IP" address of the server is in every port forwarding document ever.

I've always done port forwarding via nat ookicy not firewall ruling but as I said, sonicwalls are different.

Anyway, the ftp is actually just a problem with my server vsftpd not set up for passive mode so that is just something I need to change, not anything wrong with pfsense. I used to use port 21 for connection and port 20 for data but that doesn't seem to work for me now.

I do love this firewall though.

Firewalling / Re: Trying to create an inbound FTP rule
« on: June 11, 2016, 05:25:38 pm »
Sorry, I may have not explained it properly, but I've now got conenction as apparently in the Destination of the Firewall Rule, I needed to use the LAN IP of the server, not the assigned Public IP.

So it's a different way of doing it than I'm used to.

I just need to find out why the FTP isn't working properly over the wan now!

Firewalling / Trying to create an inbound FTP rule
« on: June 11, 2016, 04:44:33 pm »
Hi All,

So I come from a background in Sonicwall configuration so pfsense is possibly very different in ways of doing things...

I'm trying to create an inbound firewall rule to allow FTP to my server but it doesn't seem to work when I test it.

I have a public IP for the server and have a 1:1 NAT policy for any port to go to its private IP and intend to control what is allowed in by use of firewall rules.

In the rule above the alias in destination is the Public IP of the server.

But it's timing out when I'm trying to connect.

I am on a site-site VPN at the same time, would that matter?

Hi there,

I'm trying to change a newly installed pfsense 2.3 (amd64) so that webadmin access is via a custom HTTPS port rather than the default HTTP port 80 port.

I've made the changes and they go through fine but then a minute later it seems to revert and I cannot understand why.

I go to the system - > advanced -> click on HTTPS and then assign port 4433. It redirects me and I log in.
Then I try and continue my web administration and it times out. I try port 80 just in case over HTTP and it lets me in, but it doesn't let me in on HTTPS on port 4433.

Does anyone have any ideas why this change is not sticking?

Thanks in advance,


Just to say, this was actually solved by simply a reboot, now I have a transparent squidguard proxy blocking dodgy HTTP stuff without the speed issues.


Hi all,

[edit: mods, please can this be moved to the squid sub forum of packages, I've just found the section following posting this]

Being new (1 - 2 days only) to pfsense and all things lovely, I have been trying to set up squidguard so I can filter categories of website for my company, but when enabled, browsing is so slow I am wondering if there is a guide on how to correctly configure things so that the users don't complain. I'm using it as a transparent proxy on HTTP so that I don't have to re-configure all users' computers internet connection settings.

pfsense 2.3
intel core 2 duo e6600 processor
quad port intel pro/1000 vt NIC


IPsec / user passwords for l2tp/ipsec
« on: April 28, 2016, 01:55:07 am »
Hi all,

I've been setting up l2tp with ipsec following the guidance in the documentation provided on the pfsense site, for my installation of 2.3

what I'm confused about is actually just the password characters allowed - it doesn't seem to let me use special characters such as ! or [

I'm migrating from a draytek 2850 with dial-in users set up, to leaving that as the modem element and using the pfsense box as the hw firewall.

Is there a list somewhere which shows which character sets are allowed in vpn user passwords?


Happy news...

a new (to me) 4 port adapter arrived and all 4 ports are now being picked up!

I shall mark this as solved.

I've checked the POST and it's only detecting 2 ports in that too, so I won't bother with the pciconf -l command as I am thinking that it is half dead and I have contacted the ebay seller.

Hiya, yes it's an intel pro/1000 vt. I bought it from eBay and this is the link to the exact item...

Hope this helps.

It is plugged in to a gigabyte ga-g31mx-s2 motherboard, (rev 1.0) which was the only socket 775 micro etc board with a pic-e x4 slot on it.

I checked the bios (award) but can't see anything in it relating to it.

Thanks, I shall try that, but I think that it will only give 2. I have an onboard nice too, which is detected but that's a realtek device which I would rather not use.

I should say that dmesg only lists igb0 and igb1 which leads me to think it is hardware related.

I may have to resort to getting a pair of dual port nics rather than a quad port if a reinstall doesn't detect the 4 ports.


I replaced the two old PCI Linksys NICs on my pfsense box with an Intel Pro 1000 4 port NIC, but it only detects 2 of the ports.

Is this because when I originally installed it, I only had 2 ports and so it's only looking for 2 and I'd need to re-install the OS?

In the web interface, it doesn't show any other NIC ports, I only have igb0 and igb1 (but I'd expect to see igb2 and igb3 also).

Thanks in advance,


Pages: [1]