Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - johnpoz

Pages: [1] 2 3 4 5 ... 1011
1
DHCP and DNS / Re: DNS Forwarder Host Overrides
« on: Yesterday at 03:41:28 pm »
Do you need it? No you don't there is zero resources that I am aware of that are only available via ipv6 other than maybe some darkweb or p0rn sites..

As you saw my windows box is clean - but I can click 1 button and then it has IPv6 and I can test stuff via IPv6 if I want, etc..

Here I enabled ipv6 on its lan and bing bang zoom I can talk IPv6 to internet, etc..


2
Routing and Multi WAN / Re: Routing Issue
« on: Yesterday at 03:13:19 pm »
So where are you rules on your lan?  And sorry but pfsense would have to have routes showing that it needs to go down the vpn to get to those remote sites or lan2 would never be able to get there.

My guess is your forcing your lan out your wan gateway via rule on lan interface.

3
No sorry you wouldn't be able to get anywhere on this client connected to opt5.. Not with those rules

Did you clear the state.. 

if you ping 8.8.8.8 from device on opt5 side.. And then put in a block rule, until that state goes away then that device would still be able to ping 8.8.8.8

Also how do you have devices connect to opt4 and opt5?  Is this connected to same switch?  How is the sonos setup - they can be notorious for creating a loop if running their wifi network and wired, etc.

4
General Questions / Re: VLAN for my wireless
« on: Yesterday at 03:05:00 pm »
Why do you not just connect pfsense wan to your current network... Then pfsense lan to this network your AP is on for your other SSID..

Now if pfsense is off or blows up or you pull it only thing gone is the 2nd SSID.

I don't see any reason to bridge anything on pfsense from what you have explained.

5
DHCP and DNS / Re: DNS Forwarder Host Overrides
« on: Yesterday at 02:49:45 pm »
"how do I resolve external addresses when surfing the web?"

Pfsense would forward them to your opendns if that is where your forwarding

How would you expect your host overrides to work if your not even asking pfsense for anything.. 

BTW why are you running teredo if you have native dual stack running?  I would clean up your ipv6..

6
Routing and Multi WAN / Re: Routing Issue
« on: Yesterday at 02:48:16 pm »
nic2, 3 and 4 are all in the same segment?? 192.168.0/24  WTF???  Makes ZERO sense!!  and pfsense wouldn't even let you set that up..


And your networks at your remote sites are all the same 192.168.0/24

Yeah that is clearly not correct...

7
Routing and Multi WAN / Re: Routing Issue
« on: Yesterday at 01:30:25 pm »
Well then not going to work, how would 2lan be getting there then???  And your saying these remote sites use public IP space inside their network?

8
General Questions / Re: Scheduled block of MAC address
« on: Yesterday at 01:27:54 pm »
So you wouldn't do it via mac address, unless these are wireless devices and you did that on your wireless AP..

With pfsense you would set this mac to always get an IP.. This is done with a dhcp reservation or static dhcp as some call it.. So this device with mac 18-03-73-B1-0D-D3 for example always gets 192.168.1.100

This as simple as looking in the current dhcp leases finding the device in question and clicking the little + box that says static mapping when you hover over it.

Now once your device always is 192.168.1.X you can setup a firewall rule per a schedule that allows them to only use the internet when you want.  You will need to make sure the states are reset when you do this or any current connections they have open would continue to work until that state expired on its own or they closed the connection..

Can show an example of this if need be...

Now onto that medical advice... I have this mole on my johnson where should I send pic so you could take a look? ;) HEHEHEHEH ROFL!!!!  Sorry couldn't help myself heheehhe

9
Routing and Multi WAN / Re: Routing Issue
« on: Yesterday at 01:18:15 pm »
Well what does your routing table look like in pfsense?

Are you forcing lan out a gateway - what does the lan rules look like?  What are the 2lan rules?

10
So this has been an issue since June of 2017, and your just not coming back to bump? 

If from the wan ios can connect, but not a windows 10 machine then how and the hell would have anything to do with pfsense?  Not like pfsense can say oh way that is a win 10 machine trying to hit port X... Yeah F that guy not going to forward the ports like told too..

11
DHCP and DNS / Re: DNS Forwarder Host Overrides
« on: Yesterday at 01:12:19 pm »
Well there you go see its working just fine... Now you just need to make sure your clients are actually asking pfsense for dns..

From your previous test since it defaults to open then no its never going to work... Your clients should be pointing at only 1 DNS and that is pfsense IP..

In pfsense dhcp the dns should be blank so it hands out pfsense IP as the dns server... What does your client show for dns with ipconfig /all?


12
DHCP and DNS / Re: DNS Forwarder Host Overrides
« on: Yesterday at 12:42:11 pm »
So you don't know how to use nslookup is problem 1 ;)

if pfsense is on 192.168.1.1 then set your server to that in your nslookup command..

Here are some examples...

So do this

nslookup [-opt ...] host server # just look up 'host' using 'server'

nslookup intranet.udll.lan 192.168.1.1

see I ask my pihole that is running for another box on my network  where i5-win.local.lan is the host I am looking for and 192.168.3.10 is the nameserver I am asking.

> nslookup i5-win.local.lan 192.168.3.10
Server:  pi-hole.local.lan
Address:  192.168.3.10

Name:    i5-win.local.lan
Address:  192.168.9.100

Or you can do it this way..

Where I run nslookup it shows the default server its using, and then change it with the server command, then ask it what I am looking for.

> nslookup
Default Server:  sg4860.local.lan
Address:  192.168.9.253

> server 192.168.3.10
Default Server:  pi3-2.local.lan
Address:  192.168.3.10

> i5-win.local.lan
Server:  pi3-2.local.lan
Address:  192.168.3.10

Non-authoritative answer:
Name:    i5-win.local.lan
Address:  192.168.9.100

13
DHCP and DNS / Re: DNS Forwarder Host Overrides
« on: Yesterday at 12:23:00 pm »
Well as you see your client is asking 208.67.220.220

On your nslookup command set server to pfsense IP address.

14
Routing and Multi WAN / Re: Routing Issue
« on: Yesterday at 12:20:27 pm »
That makes no sense..

Draw a picture I am stupid ;)  What do you mean by termination to 2lan?

You have this?

So you advertise 192.168.2 and 192.168.1 to the left side, and right side knows that 192.168.0/24 is down the tunnel?

15
NAT / Re: NAT/Port Forwarding not working
« on: Yesterday at 12:08:06 pm »
Yeah lots noise on the net..

Pfsense can not forward what it does not see..

A simple way to if traffic can get to your public IP on a tcp port is canyouseeme.org

If your sending traffic to your IP and port and its not getting there, then something in front of pfsense is blocking it.  ISP?  ISP device in front of pfsense, etc.

edit: if your changing the router connected I assume your getting a different public IP.. Maybe that port is blocked that IP, try changing mac on pfsense to mimic mac on your old router so you get the same IP, etc.

But again pfsense can not forward what it does not see.

You sure your not getting a nat reflection when you use the old router?  Ie your cellphone on your wireless network.. If your going to test with phones you need to validate they are non on your local wifi network.

Pages: [1] 2 3 4 5 ... 1011