The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - JKnott

Pages: [1] 2 3 4 5 ... 65
1
OpenVPN / Re: OpenVPN Statistics for charging
« on: Today at 09:00:09 am »
I thought charging by time went out with dial up modems.  These days, data connections are either flat rate or by amount of traffic.

2
OpenVPN / Re: PFSense OpenVPN server behind OpenWRT router
« on: Today at 05:59:52 am »
This is where something like Wireshark comes in handy, but pfSense has packet capture which can also be used.  Using one of those, can you see the VPN traffic leaving pfSense?  Can you see it leaving the host computer?  Without a bit more info, we're just guessing.

3
Firewalling / Re: Issue with routing and emails
« on: Today at 05:53:57 am »
Quote
when i change gateway of user from 192.168.1.1 to 192.168.1.2 then emails works fine, but internet stops.

You can't have more than one device on the same IP address.  Also, how do the users know how to reach the mail server?  That would need a specific route to it.

4
General Questions / Re: Allow access to Apple IPs?
« on: Today at 05:50:22 am »
You want to allow unrestricted access to Apple?  Ever hear of address spoofing?  Why do you need to even allow them access?  Are they going to be logging into your systems to do what?

5
OpenVPN / Re: PFSense OpenVPN server behind OpenWRT router
« on: Yesterday at 08:55:16 pm »
Why do you have another router ahead of pfSense?

6
Firewalling / Re: MAC Filtering on PF
« on: Yesterday at 03:19:39 pm »
^^^^
For the most part????  I'd say not at all.  The lower 24 bits are simply a serial number.  The upper 24 are mostly assigned to a manufacturer, with a couple of bits reserved for unicast/multicast and locally assigned address.

7
General Questions / Re: Help to add a DMARC record
« on: Yesterday at 03:16:24 pm »
I assume you mean your Internet connection is failing intermittently.  When I had that problem, I wrote a shell script that pinged my ISP's gateway address every minute and recorded the time of failures.

8
One thing about shielded cables.  They're supposed to be grounded at one and only one point.  If they're not grounded, the shield is ineffective.  If grounded at more than one point, ground loops may occur.
However, given that just moving the cable causes failure, it's likely a poor connection somewhere.

Rule of thumb, when something fails, cables and connectors are the likely suspects.

9
Firewalling / Re: Block by "Default deny rule IPv4"
« on: Yesterday at 10:58:24 am »
Quote
I can't connect from 192.168.88.9 to 10.10.2.3 (rounting works fine - I cant pinging this host).

PC1 will have a default route that points to ISP 1.  If it tries to send a packet to anything other than 192.168.88.0 /24, it will forward it to it's default route.  This means packets intended for the 10.0.0.0 /8 network will never get there.

10
Firewalling / Re: MAC Filtering on PF
« on: Yesterday at 05:59:48 am »
Quote
You would see an IP address not a MAC if your talking inbound from the WAN.

The only MAC address you'll see on the WAN port is your ISP's router.  If you block that, you will disconnect yourself from the Internet.  A MAC address is the hardware address for a device and is valid on the local LAN only.  When a packet is received a router or any other device, the MAC address is discarded.  A router will then forward the IP packet as approptiate and create a new Ethernet frame, with a new MAC to forward it on.  You will NEVER see a MAC address for any device that's not directly connected to your firewall.

11
General Questions / Re: What is my PFSense FQDN and How to Change it?
« on: December 11, 2017, 09:59:37 pm »
The FQDN is the combination of host name and domain name.  So, if both are properly set up, then you won't have the problem.  Also, make sure the host name is configured in your DNS server.

12
Quote
Pretty interesting discussion but I'm not really sure it's related to my problem.

With VLANs, you have 2 choices, individual access ports, each configured on a single VLAN or a trunk port,which carries tagged VLANs.  Otherwise, you have no way to separate the VLANs.  It doesn't make any difference what equipment you use, that's the way VLANs work.

13
You might try the cable first.

14
OpenVPN / Re: OpenVPN connecting fine, but only http or ping
« on: December 08, 2017, 09:38:50 pm »
Quote
You may have meant to say something else, but this statement as written is not entirely accurate.  Pings are used to verify basic IP communication between endpoints, however, pings by themselves can't prove or disprove a DNS issue.   

I said if you can ping via host name.  That implies DNS is working.  Otherwise you couldn't ping by host name.


15
OpenVPN / Re: OpenVPN connecting fine, but only http or ping
« on: December 08, 2017, 09:19:09 am »
^^^^
Once again.  If he can ping or use HTTP via host name, it's not a DNS issue.  There are not different DNSs for different protocols.  A DNS maps a host name to IP, no matter what protocol it's going to be used for.

I recall reading about NetBIOS name resolution, about 20 years ago, when I was at IBM.  There were, IIRC, four methods for resolving a NetBIOS name to IP address.  These were WINS, DNS, /etc/hosts and LMHosts.  Unless they're using different names for NetBIOS vs everything else, normal DNS will work fine.  In fact, given that IP is used for everything, I don't see how relying solely on DNS would fail, if it works for other protocols.

Prior to IP, NetBIOS was essentially placed in an Ethernet (802.2/802.3) or other frame (we had Token Ring at IBM) and sent out without using a routed protocol, though NetBIOS/IPX may have been used back then.


Pages: [1] 2 3 4 5 ... 65