Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Gentle Joe

Pages: [1] 2 3
1
Traffic Shaping / Queues show NaN values, why?
« on: February 11, 2018, 04:03:31 pm »
I'm using traffic shaping.

I have used a few different types, PRIQ works well for voip, but i'm looking to understand and use HFSC more.

In both of these queue schedulers, I see NaN (not a number) in the queue status.

Any idea why? See screen captures enclosed.

2
Traffic Shaping / Re: Monitoring Not Showing Queue Traffic?
« on: February 09, 2018, 01:48:34 am »
When adding queues, it is a good idea to reset the firewall state table, as existing connections won't be tagged yet, only new connections.

3
General Questions / Re: How To Remotely Access Router WebGUI ?
« on: February 08, 2018, 11:26:45 pm »
Most people don't recommend opening the WebGUI up to the internet.

Setup the OpenVPN server, then connect via this VPN, much safer.

4
webGUI / Re: Error editing or adding PPP
« on: February 07, 2018, 09:57:08 pm »
Tested, all fixed. Good show Steve.

5
webGUI / Error editing or adding PPP
« on: February 06, 2018, 10:13:25 pm »
I get this error when editing or adding a PPP interface.

I haven't edited a PPP interface in a long time. Maybe this is a known issue, I did see a similar bug listed.

"Warning: array_merge(): Argument #2 is not an array in /etc/inc/interfaces.inc on line 6664 Catchable fatal error: Argument 4 passed to Form_Select::__construct() must be of the type array, null given, called in /usr/local/www/interfaces_ppps_edit.php on line 507 and defined in /usr/local/www/classes/Form/Select.class.php on line 29 PHP ERROR: Type: 4096, File: /usr/local/www/classes/Form/Select.class.php, Line: 29, Message: Argument 4 passed to Form_Select::__construct() must be of the type array, null given, called in /usr/local/www/interfaces_ppps_edit.php on line 507 and defined"


2.4.3-DEVELOPMENT (amd64)
built on Tue Feb 06 17:39:35 CST 2018
FreeBSD 11.1-RELEASE-p6

6
Posting how I got it working, incase it helps someone else in the future.

It was my error of course. When I enabled the traffic shaper and the rules, I just needed to reset the state table of all current connections.

I could either reset all states [ http://192.168.X.X/diag_resetstate.php ], or just the states that applied to the devices on my LAN using the filter [ http://192.168.X.X/diag_dump_states.php ].
Both worked.

I created an alias call VoipHosts that included the IP address for both T-Mobile devices.

I edited the floating rule that was created by the wizard, changed it to include all protocols instead of the default UDP only protocol.
At least the LineLink uses both UDP and TCP.


This site here really helped. http://pfsensesetup.com/category/setup-guides/

That says this:

Traffic shaping should now be activated for all new conections. However, existing connections will not have traffic shaping applied to them, only new connections. In order for traffic shaping to be fully active on all connections, you must clear the states. In order to do this, navigate to Diagnostics -> States. Then click the Reset States tab, check the Firewall state table check box (if it is not already checked), and press the Reset button.

7
I have a T-Mobile femtocell as well as a T-Mobile LineLink on my LAN that I want to give priority.

The femtocell is a small low power cell site that allows cell calls, text and data over the internet using the standard cell phone.
The LineLink is like a voip adapter that has a POTS socket and connects over the internet, creates a home phone connection.

I tried to use the wizard - Multiple Lan/Wan, using all defaults and I used the local IP address of the femtocell 192.168.1.101 for now.
I created an alias for both IP address, after I get a single IP working.

I changed it to 'any' protocol. I tried it with any source and also with the source as WAN net, WAN address, and with them as the destination too. See the images.

With my cell phone connected to the femtocell (with the phone's Wifi disabled), I did a speedtest.

I looked on the queues, I saw no Voip traffic at all.   On this page: http://192.168.1.1/status_queues.php

Using PRIQ.


Any tips for me, for what I'm going wrong?


I did do other tests where I used Low/normal/High  for application/protocols using PRIQ, they seemed to work ok and I saw those going into the correct queues.

8
General Questions / Re: New, lost, hacked!
« on: January 17, 2018, 03:29:10 am »
For now, I would stop using pfsense and use your Eero system.

With Eero, you can pay extra for smart detection on your network, there is a free trial.

Not to sound rude, I have seen threads like this before, and this will sound odd to you.
Make sure you have a working carbon monoxide detector in your home.
Carbon monoxide does mess with your mind.

9
DHCP and DNS / Re: DNS Server Override Question
« on: January 16, 2018, 08:55:44 pm »
I have issues with this too. I never got it working correctly.

Perhaps it has to do with the pfsense DNS server that the clients use. The clients would use 192.168.1.1, if they use the pfsense DHCP server and that if the pfsense address.

10
Installation and Upgrades / Re: PFsense & Unifi USG working togeather
« on: January 15, 2018, 10:10:45 pm »
I have a few unifi AP as well.. I had a usg for a bit... wow did it suck compared to pfsense... As soon as my hardware got here it was back to pfsense, the usg is sitting on the shelf.. Have zero use for it..


Same for me. I look at the USG occasionally [I take it off my shelf], it isn't very capable, it is dumbed down.

11
OpenVPN / Re: Failed to Config OpenVPN on Android
« on: January 15, 2018, 09:45:09 pm »
I have always used OpenVPN Connect without issue, happy to try another app - But what makes it superior?

Open source, gives a LOT more detail about the connection with graphing.

12
OpenVPN / Re: Cannot access my hosts within LAN (VPN)
« on: January 15, 2018, 09:35:38 pm »
Can you ping hosts by IP address at all? or just not by name?

Make sure that -   Inter-client communication - Allow communication between clients connected to this server, is checked on the OPenVPN server.

If by IP address works and by name does not work, then make sure - DNS Server enable - Provide a DNS server list to clients, is checked, and that your main pfsense dns server is listed at the top.

Also make sure that the Firewall\Rules\OpenVPN and Firewall\Rules\WAN rules are in place to pass all OpenVPN traffic to LAN.

13
I see cores in the logs.

14
Firewalling / Re: Reject | block What's the difference ?
« on: January 08, 2018, 06:03:34 pm »
Thanks

I'll use block on WAN and reject on LAN.

15
Firewalling / Re: Reject | block What's the difference ?
« on: January 07, 2018, 11:48:23 pm »
For local blocking on the LAN is it best to use reject or block?

Since reject sends a rejection message back to the sender, wouldn't that be better?

I'm using the reject/drop to stop chromecasts and Vizio TVs from using the google DNS.

Pages: [1] 2 3