Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - remlei

Pages: [1] 2 3
1
in the first place, intel wifi chipset is never been seen supporting in AP mode.

so yeah, you will never see a AP mode support on that wifi chipset probably forever.

2
none of your theories make sense.

pfsense uses UFS or ZFS
windows uses NTFS

pfsense doesnt use any other filesystem than those 2 supported filesystem or vice versa.
so your option is

have a flashdrive preinstalled with pfsense.
and the physical drive inside your computer for windows.

the only left thing you need to do is just press the hotkey to initiate the boot selection menu of your motherboard.

3
Wireless / Re: EAPOL Key Timeout
« on: January 18, 2018, 06:54:46 pm »
this is also a issue on openwrt/dd-wrt with atheros drivers. and only affects legacy devices.

the only real fix here is use the official binary drivers from atheros, for wrt to only real fix is to reflash it with oem firmware.

my advice is, just buy a AP, that will save you a lot of headache. not unless your upgrade all your client devices with a newer chipset which also fixes the EAPOL issue.

4
Wireless / Re: cant set wifi interface using pfsense that installed on VM
« on: October 31, 2017, 06:35:24 pm »
Did you add assign interface under wireless tab? since 2.4, you can no longer directly assign interface on Interface tab, you should assign it first on wireless tab then you can assign on on your wifi interface.

5
Wireless / Re: 2.4.1 & KRACK
« on: October 29, 2017, 06:24:48 pm »
so far, all fix on KRACK vunerability on AP side just disables the roaming feature.

unfortunately, we cant do that, so instead we patch the devices and the devices that doesnt receive updates to fix the issue goes to the bin.

luckily my IP Cams are wired up (although they have WiFi capability but I just dont use them) because PoE.

6
NAT / Re: Steam not being blocked!
« on: October 28, 2017, 06:51:32 pm »
well you can just make a default rule that any device other than listed on the alias will restrict their internet access after the specified time. It's not really that hard, no mac spoofing can bypass it, but a VPN can easily bypass it but there's no free VPN service out there that offers lag-free gaming so your kid needs to pay for it or you can just blacklist the possible VPN IPs that he uses, until he rans out of option of free VPN. Just dont block port 80, 443 and 53, you dont want your kid interrupted while doing a legitimate school homework overnight.

your kid might try to spoof your whitelisted mac addresses though

if everything fails, isolate his PC on a entire subnet :P

7
im saying this as a experienced linux user with multi-wan implementations with loadbalancing (round robin connection) or failover. It doesnt matter if you have the same subnet and gateway on each wan interface you had, as long as each wan interface have their own unique IP then you will be fine.

not sure about freebsd (or pfsense if you want to call it with that) im only using my pfsense for a single fiber connection i had, in the past I used to have 3 DSL connections which is actually much cheaper to have instead of getting a speed upgrade and they do all work fine on OpenWRT.

8
I used a Tplink router in the past as my AP and managed switch and it works well with VLAN as my MiniPC only had 1 gigabit port, having that tplink serves as a gigabit managed switch + AP.

of course the tplink router is flashed with OpenWRT back then, you cant do that on stock firmware.

9
I assume it requires additional setting like VLAN to get connect to the internet.

tl;dr contact your ISP, they know better how to solve this than us except without pfsense since you cant even make the thing work even with his own ISP issued router.

10
2.4 Development Snapshots / Re: ZFS vs UFS and power loss
« on: September 21, 2017, 08:13:46 am »
well UFS is bad news when you get a sudden power interruption, filesystem corruption is actually as vulnerable as back then in fat16 filesystem days. that's how fragile UFS is.

i guess ZFS is probably better than UFS since ZFS is at least more tolerant against file corruption on sudden power loss

11
DHCP and DNS / Re: Blocking porn sites
« on: September 21, 2017, 08:04:19 am »
opendns is probably the most accessible way to block porn sites, but not all porn sites are blocked, only the popular ones.

pfblocker can also do the same thing, but in my experience, blocking domains with pfblocker is hit or miss, its really funny that blocking mysitehere.com doesnt block the www.mysitehere.com, back then I ended up adding two lines in each domain just to make it effective.

jahasfilter is probably the easiest way to block porn and other category, just a tick of the box, its blocked. and the domain repository is well updated from time to time.

12
installation is easy enough I guess? I mean there are countless amount of youtube you can watch how to install one.

in terms of update, well if you update pfsense and all goes well, I guess youre fine, but there are random times that updates fail and cause one or more components of pfsense to break (which most of the time, fresh install can fix it) so remember to backup your config first before updating.

13
Wireless / Re: AP with WIFI N and choose mini PCIe card
« on: September 15, 2017, 06:00:45 am »
report back here if you manage to get it work properly.

i have 0% chance making it work on my side, not even 2.4 saves it.

my pfsense console is flooding with beacon errors and wireless reset errors. it just doesnt work well to me.

14
Hardware / Re: Building an 8 port pfsense machine.
« on: September 15, 2017, 05:51:40 am »
im not sure if pfsense supports a hardware level bridging on nics (intel nic to be specific)

but if you ask me, ill just add enough nics to my requirement (eg how many networks youre going to connect to your hardware)

you might as well buy a decent switch with that many ports, the amount of money you will be spending buying a extra quad port nic is enough to buy a 2nd hand gigabit switch that has more than 8 ports.

for wifi, well giveup that plan since freebsd literally suck on it driver wise (since most manufacturers doesnt even bother having oem driver for freebsd, its always only linux, the wireless driver you see is probably re-written by hand some of them are hacked together just to make it work enough in client mode which freebsd mostly focuses on), go buy a dedicated ap you will be saving a lot of headache in the long run.

15
General Questions / Re: pfSense with ARRIS MODEM and Linksys E900 DDWRT
« on: September 14, 2017, 12:33:32 am »
check your IP camera if it has something like a polling task that checks your wan ip every x minutes. if those IP cameras doesnt have that feature, those IP camera probably suck ask the manufacturer to fix that.

and since you paid for DDNS service (I dont know why you would since there's a lot of free DDNS service out there anyway) ask them how to integrate the DDNS service to pfsense.

Pages: [1] 2 3