Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - RyanM

Pages: [1]
Thanks marjohh, I will try this. Does this output to the logs somewhere? I would like to see that it is working...

As Gertjan has said, this can happen when pfsense boots quicker than the modem.

There is a pretty easy fix, you run a script that monitors the WAN connection by pinging an external address. If the ping fails to respond at all in given period then one of two things happens, firstly it will set the WAN port Down and then back UP again, this is often enough to re-trigger the DHCP process and everything will kick back into life. If that fails, the ping failure timeout will then trigger a reboot of pfSense.

Here's the script. extract and copy it to usr/local/bin, make sure it's set to executable ( 755 )

Now create a Cron event, install the Cron GUI if you wish to make it easy.

I don't think this is an issue with the modem as it is on a battery backup UPS. I have fiber optic internet service from Montana Opticom.

Also, I would need to test to confirm, but I am pretty sure I have seen this behavior after updating pfSense. I currently have 2.4.2 and 2.4.2_1 is available. I may try to update today and see if I can replicate.

I have noticed this a couple of times. I think it is happening when my pfSense is rebooted, but I noticed it the other day when the power went out at my house.

After the power came back up, I had my local network, but did not appear to have internet access. So I pulled up pfSense WebGUI and noticed the WAN interface was "up" but didn't have an IP. When I opened the Status > Interfaces page, I noticed that the IP of WAN was So I clicked the Release/Renew button and my public IP showed up and I could access the internet.

How can I get pfSense to automatically fix this? I travel frequently and use services hosted at home (particularly Plex).

I did see Auto DHCP Renew not working on WAN (How to fix it). Is that the appropriate fix?

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 17, 2017, 03:20:04 pm »
"I needed to setup my Outbound NAT."

You would only have to do that if you had changed the outbound nat from automatic.  Any time you give pfsense an address on an interface, be it a physical interface (wired or wireless) or a vlan.. It would auto create the outbound nat rule for you.

I think I had done that as part of setting up OpenVPN. I don't recall if it was for configuring my client or server instance of OpenVPN. I don't know if this is/was required, but it was in the guide I found and followed.

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 17, 2017, 11:05:35 am »
For anyone that runs into this problem in the future, I found the issue. I needed to setup my Outbound NAT. Once I did that and added a firewall rule to block traffic to "LAN net" I had what I wanted. Connections to the WLAN can access the internet (the Outbound NAT fixed this) and could not access my local network (firewall rule to block "LAN net" fixed this).

This was not a hardware problem, and really wasn't a Wireless issue. I was able to find the troubleshooting guide below once I viewed my WLAN as LAN since it is just another interface/NIC on my pfSense device.

This guide was extremely helpful:

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 16, 2017, 07:44:38 pm »
Derelict, you could say the same thing in a much nicer (less rude) way. pfSense is open source software, and it is very common for open source software to have a community where users can post questions and get them answered, often by other users.

I do not believe the problem is with the hardware, but rather a configuration issue in pfSense itself. Which is why I came to this community for assistance rather than contacting the vendor.

I would rather not mess with an external access point & a managed switch with a VLAN. At the time it felt like a simpler and more cost effective solution to just use an on-board wireless adapter.

I'm just wondering why you give them money then post here looking for free support.

You will find that I am fairly opposed to trying to use the wifi stack in FreeBSD/pfSense and that you should just use an external access point like everyone else.

If you want to use an internal wifi adapter, ask Protectli for assistance.

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 16, 2017, 06:48:04 pm »
I don't know. Are you sure this is a hardware issue? I think this is a firewall/rule issue because I can reach network resources.

Also, I had originally configured this with my LAN & WLAN bridged, and set the 'bridge' port to the 'interface' that had a static IP and DHCP server associated to it. When I did this, I could connect to the wireless and reach the internet as well as the local lan.

Wireless / Guest Wi-Fi using on-board adapter
« on: November 16, 2017, 12:48:34 pm »
I looked around on the forum, but couldn't find a previous post in the last year that answers this question.

I have a mini-pc from Protectli ( running pfSense 2.4.1-RELEASE (amd64). I added a mini PCIe wireless card ( to the machine.

The box boots fine, recognized the hardware, and I was able to add the wireless interface/network port (run0_wlan0) from the Interfaces > Wireless page.

I then assigned run0_wlan0 to an interface named "WLAN", gave it a static IP and setup a DHCP server. I can connect to the SSID broadcast by this interface and I am assigned an IP in the range configured by the DHCP server for that interface.

I also created a firewall rule in Firewall > Rules > WLAN that allows 'any' source to 'WLAN address' and 'WLAN address' to 'any' destination.

The problem I am facing is even though I can connect to the wireless network and am assigned an IP, I can't seem to reach the internet. I do seem to be able to access servers on my LAN interface though.

What I would like to do is:
1. Allow traffic on the "WLAN" interface to get to the internet
2. Block all other traffic on the "WLAN" interface

Pages: [1]