Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - keefe007

Pages: [1] 2
Hardware / Re: Looking for 1u appliance
« on: September 14, 2008, 02:13:47 am »
What manufacturer/oem makes the hardware Rockboch is using?

DHCP and DNS / Re: DHCP Option 66 (Boot Server Address)
« on: June 12, 2006, 06:27:47 pm »
It appears this is possible...

Completed Bounties / Re: $50 for tftp-server-name DHCP option
« on: June 12, 2006, 06:27:09 pm »
I think many many people would use a feature such as this.  IP phones are becoming more and more popular and the easiest way to configure a network of them is with the tftp DHCP option.  I know this option would be used more than some of the other more specialized options that are already in pfsense.  I truely hope more people voice their need for this feature and you reconsider adding it to the gui.

Completed Bounties / Re: $50 for tftp-server-name DHCP option
« on: June 12, 2006, 05:43:33 pm »
Is this going to be in the next GUI too?

DHCP and DNS / DHCP Option 66 (Boot Server Address)
« on: June 12, 2006, 05:40:21 pm »
Is there any way to do DHCP Option 66 (Boot Server Address) with pfsense?

I haven't seen the option anywhere.


Feedback / Forum link on site nav bar
« on: June 12, 2006, 05:37:02 pm »
I have a small suggestion to the site owner.

I think a lot more people would take advantage of the forum if there was a direct link on the main page.  Right now its rather hard to find the forum link.  I visited the main site many times before I eventually found the forum link.

Just my 2 cents.

CARP/VIPs / Re: NAT redirect on Proxy ARP VIP
« on: June 10, 2006, 10:13:04 pm »
Will there be a fix/workaround for this?

I have to use 1:1 because I run a SIP server behind NAT and the normal NAT in pfsense uses symmetric nat while 1:1 uses cone.  SIP doesn't work well, if at all, with symmetric NAT.

CARP/VIPs / Re: NAT redirect on Proxy ARP VIP
« on: June 10, 2006, 10:05:24 pm »
I think I did try it with carp as well, but I'll make sure to try that again.

There is a notice on one of the pages the mentions reflection does not work with large port ranges.  Does 1:1 Nat also effect the functionality of reflection?

Here's a little more detail about what I have setup...

WAN Interface: 12.X.X.3/32

Virtual IP: 12.X.X.4/32 using Proxy Arp.

1:1 NAT 12.X.X.4 ->

Users inside the LAN can access 12.X.X.3 via its public IP.  Users inside the LAN cannot access 12.X.X.4 via its public ip.

From the outside everything is working fine.

CARP/VIPs / Re: NAT redirect on Proxy ARP VIP
« on: June 10, 2006, 09:47:17 pm »
I have it on...which is why it works on the first IP.  It just doesn't work on the virtual IP.

CARP/VIPs / NAT redirect on Proxy ARP VIP
« on: June 10, 2006, 04:58:06 am »

Here's my issue...

I have a box with two IPs.  The second IP is set as a VIP using proxy arp.  I can access everything from the outside just fine on both IPs.  The problem I'm having is that I can't access the second public VIP from the internal network.  I can, however, access the first public IP from the internal network (I'm assuming through the use of nat redirect).  Is there something special I have to do on this VIP to get nat redirect to work?


NAT / Re: Strange problem with VoIP adapter
« on: February 02, 2006, 06:40:01 pm »
Newer testing versions are available at:

Look for "TESTING" dirs.

What does this version have do make SIP work better?

Will it support multiple SIP devices connecting through the router?  Such as multiple ATAs with multiple VoIP lines.

NAT / Switch from symmetric NAT to cone NAT
« on: February 01, 2006, 10:12:56 pm »
I've noticed that SIP doesn't work through Pfsense but it does work great through m0n0wall.  I read it is because pfsense, for whatever reason, uses symmetric NAT instead of cone NAT.

Is there any way for me to switch it back to cone NAT?  Why does pfsense use symmetric while m0n0 uses cone?  With the popularity of VoIP i'd imagine that this is going to cause a lot of problems.


NAT / Re: Strange problem with VoIP adapter
« on: January 03, 2006, 02:12:49 pm »
I was able to get my asterisk SIP server working behind the pfsense firewall by using 1:1 NAT for that box.

It looks like regular NAT is symmetric while 1:1 uses cone NAT, which is what SIP needs.

Captive Portal / Re: No Captive Portal
« on: January 03, 2006, 02:10:37 pm »
Wow, it worked after reboot ;)

Captive Portal / No Captive Portal
« on: January 02, 2006, 09:37:41 pm »
I have an interface which I call PUBLIC and have an access point connected directly to this interface.

DHCP is running on this interface and is handing out 192.168.10.X addresses.  The PUBLIC interface has an address of

I enabled the captive portal, uploaded a simple HTML page, and tried to test it.  I'm not getting any redirect happening at all.  It seems like I have full access to port 80, but every other port doesn't work (mail, ping, telnet, etc).  Did I do something wrong here?



Pages: [1] 2