Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - SammyWoo

Pages: [1] 2 3 4 5 6
Hardware / Re: IBM x3650 M3
« on: March 19, 2018, 10:46:22 pm »
IBM, like HP (a.k.a. Compaq) are weird boxes. Am guessing reason why they can be cheap. Believe or not, pFsense install fine on generic PC boxes, but give them a super-duper big brand name server gear... hope ur patience and tenacious.

Power-wise like others say, you would be running a Ferrari on a 2-lane island.

General Questions / Re: Bridging WAN to Modem via laptop
« on: March 19, 2018, 10:31:43 pm »
This sounds more like a Windows config issue than pFsense.

Are you able to Internet from the laptop?

Is entirely possible the "modem" is running on /2 mask and you must make laptop .2?

Is this a dorm?  Some uni fixed assign you a number of IPs even though they maybe DHCP-delivered.

Here is a blob about can't ICS while using WIFI?

Your Windows ICS is not configured correctly or your site "modem" is imposing restrictions on you.

General Questions / Re: Block Devices from Accessing My Network
« on: March 19, 2018, 04:20:55 pm »
SammyWoo, are you saying building a pfSense server with better hardware will not resolve the through put issue I have?

Just the opposite.

General Questions / Re: pfSense with external Wireless Access Point
« on: March 19, 2018, 02:26:21 pm »
An ethernet switch is mostly transparent but sounds like u need to studied up on VLAN.  Technical term for external wireless is (surprisingly) GUESTS wireless. :)

General Questions / Re: Block Devices from Accessing My Network
« on: March 19, 2018, 02:19:13 pm »
Consumer boxes like the Netgear tend to have (not upgradable) weak cpu but friendlier management. Pfsense is a more generic solution with lots of possibilities but requires more expertise on your part on management and configuration, but just throw a better cpu at it if current hardware ain't cutting.

Firewalling / Re: Static ip error
« on: March 19, 2018, 12:54:29 pm »
Assuming a standard /24 mask, you have two separate subnets.  POOLS are only significant as far as DHCP is concerned, you still have to make statics BELONG to its subnet.  You cannot shove a x.x.1.x static into a x.x.2.0 subnet and vice versa.

Hardware / Re: pfsense on 1 network/ethernet port PC using VLANS
« on: March 19, 2018, 12:34:05 pm »
I see you like the minisys-4, what do you use the last 2 ports in the minisys to?

I have read ppl having trouble using a USB-NIC dongle but if that works for you, great.

Extra ports on my minisys port is currently unused, I didn't buy the 4 for the extra ports but the 2 ports version CPU didn't cut it for me, or doesn't have hardware AES. One use for those ports is if you want to create discrete separate subnets, but I see ppl here are big into VLANs which can mimic the same thing.

Hardware / Re: Off the shelf recommendations
« on: March 18, 2018, 12:33:08 pm »
Celeron E3865U

Atom E3845


Which one would  be better?

Dude, those 3 are a big step-down from the I5 recommended.  I say you can get away with an I3.  E3845 may not have enough wiggling room for gigabit.

Hardware / Re: pfsense on 1 network/ethernet port PC using VLANS
« on: March 17, 2018, 02:55:53 pm »
I favor the minisys-4 'cuz simpler with discrete NIC ports + fanless/silent.  am betting that 1-port thingy is noisy fan'ed and/or runs hot.

Unless u are running an embedded box and it's hard to add another NIC, they are relatively inexpensive, why go into the complication of doing VLAN if u don't have to I say. Plus ur 1 gig NIC is gonna share bandwidth between the VLANs.

# These are the things to do to configure apcupsd to a legacy APC UPS using a 940-0024C Smart Serial Cable,
# to a MiniSys (ProtectLi) computer with a RJ45 COM port.
# 1. Must install pFsense VGA, single COM port will be dedicated to UPS.
# 2. Minisys BIOS = Disable COM redirection. In Addition I set mine for 2400,n,8,1 or whatever speed ur UPS is currently set.
# 3. Install apcupsd pkg and configure with params below.
# 4. Build and use cable as shown below.
# /usr/local/etc/apcupsd/apcupsd.conf
# This Doc created 3/14/2018. pFsense 2.4.2. FreeBSD 11.1.
# Name your UPS
# Legacy APC serial port
UPSCABLE 940-0024C
# Smart Signalling
UPSTYPE apcsmart
DEVICE /dev/cuau0
# Leave the rest of params at default or customize to suit your need.
# Now you must build and use this custom cable, pinout as follows:
# Short pins 1 - 8.
#     RJ45    DB9-M
# +-- 1
# |
# +-- 8
#       3 ----- 1
#       6 ----- 2
#       5 ----- 9
# Here's one:

UPDATE: Even Simpler. Use an USB-Serial dongle like the popular Prolific PL2303 which FreeBSD 11 has built-in driver, coupled with 094-0024c will do it. Then u save the 1 com port for console use. Mine came up as port cuaU0 (uppercase U) when hooked up to the USB3. So config DEVICE /dev/cuaU0.

No... Anything connected up to opt1, should have gateway=IP of opt1.  Anything connected up to opt2 should have gateway=IP of opt2.

A gateway is always an IP on the SAME SUBNET as you are in.  Think of opt1 as a room, and you have multiple doors, and that's all you can see, most of those doors are other clients but one of them is, as mentioned, the door to the Internet and that is opt1 IP.

I haven't done this myself under pfsense but you may have to run multiple instances of the DHCP server in order to dish out the different gateways, and on top of that am not sure if there is any advantage to run opt1/opt2 on the same subnet as LAN or better run separate subnets.

Not a fan of HP boxes... they always have some kind of unnecessary, time-wasting proprietary add-ons. But if u got the time, hey.

This typically signals an absence of the GATEWAY parameter.

GATEWAY (literally) = This is the door to the Internet.

General Questions / Re: What's the point?
« on: March 13, 2018, 01:23:05 pm »
People are running IDPS just to be fashionable?

Firewall is that guy by the head of the security line, checks your passport, valid blah-blah, check your boarding pass, blah-blah let you through.

IDPS are those guy by the scanning machine who now want to pat you, take out your metals blah-blah.

Multi-layer security.

Pages: [1] 2 3 4 5 6