Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Trel

Pages: [1] 2 3 4 5
1
Firewalling / Question on when a rule would trigger
« on: July 14, 2016, 11:14:24 am »
I've seen it mention that in a case of

1. Allow Lan subnet->Lan subnet
2. Allow any -> This firewall
3. Block RFC1918
4. Allow Any

Rule #1 should never trigger
I've always included it anyway

Looking at my rules, I see it has fired off a few times.  Any idea what specific traffic could trigger it?

2
General Questions / Question on custom patches on upgrade
« on: May 12, 2016, 09:03:38 am »
When you upgrade versions, do patches automatically get disabled or is this something I would need to manually do prior to upgrading?
I have a patch installed the moment 2.3 for something that's fixed in 2.3.1.


3
Cache/Proxy / Can Haproxy and Squid co-exist?
« on: May 09, 2016, 04:21:56 pm »
Can both of these be installed (2.3) provided Haproxy is used as a reverse proxy only and squid is not?

4
webGUI / Where did the clear log button go?
« on: May 03, 2016, 12:34:36 pm »
I feel like an idiot, but I can't seem to find the clear log button.
I see the reset all log files button in the settings, but I can't seem to find any soft of clear log button on the individual log pages anymore.

5
General Questions / Any way to install Nano on 2.3?
« on: April 21, 2016, 10:36:34 am »
I feel trapped every time I have to type "vi" or "vim" and then have to fumble for my cheatsheet.
Is there any way to install Nano?

6
webGUI / View full version on mobile
« on: April 13, 2016, 12:08:54 pm »
No matter which Mobile browser I use on Android (Dolphin, Chrome, or whatever the build in is on ASOP 4.3), toggling desktop mode and mobile mode makes no difference to if I get the mobile version of the WebGUI.  Is there any setting I can change internally to not serve the mobile version when it requests the desktop site?

7
DHCP and DNS / @ Symbol For NameCheap Dynamic DNS
« on: April 13, 2016, 08:24:30 am »
In 2.3 I can't seem to put the @ symbol for the hostname section of a dynamic DNS entry.
It tells me that there's invalid characters.

I already opened a bug report, but in the mean time is there any workaround?

8
General Discussion / Can anyone help me pick a new switch?
« on: March 02, 2016, 02:52:11 pm »
I'm looking to upgrade my current switch (it's old, very old).
I'm hoping to find something used, 24+ gigabit ports, and managed (preferable with CLI access (over SSH, not only serial) not just web).
(An extra bonus if it's passively cooled).

I'm fine with something used on Ebay.  Does such a switch exist?

9
Cache/Proxy / [Solved] Can't get ACL to match on Haproxy
« on: February 01, 2016, 01:31:49 pm »
I'm have an issue getting an ACL to work.

I've tried using Host Matches and Host Contains

The domain I'm testing with is: http://psho.co:8080/ (or http://psho.co:8080/radio/) and I have a second domain also pointed at that server which shows the same page.
Both show 503.

I'm attaching a screenshot of the settings

Now, if I check the "NOT" box to invert the match on the ACL, http://psho.co:8080/ shows the intended page, however, do does the completely different domain I also have pointed to it.

I can't figure out what I'm doing wrong here.

Addititionally, I ran a packet capture to verify that the host is set correctly in the requests and it's requesting
Code: [Select]
GET /radio/ HTTP/1.1
Host: psho.co:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0

So I'm not sure what I'm doing wrong.

(I'm using the Devel package which says it's actually 1.6 stable)

10
DHCP and DNS / Question on Static ARP
« on: December 22, 2015, 11:00:33 am »
The info text under the entry in DHCP says

"This option persists even if DHCP server is disabled. Only the machines listed below will be able to communicate with the firewall on this NIC."

I have multiple VLANs of the same NIC.
Does this affect other vlan interfaces on the same physical NIC, or should that say "on this interface" rather than "on this NIC"?

11
OpenVPN / Optional tunnel all for mobile clients
« on: December 02, 2015, 12:04:22 pm »
Is there any way I can have it that mobile clients by default do not tunnel all, but the client can enable it if necessary?
(PFSense is the server, various machines (Windows, Linux, Android) are the clients)

12
NAT / Assistance with an internal port forward
« on: November 01, 2015, 02:46:30 pm »
I'm trying to get an internal port forward to work.

I have a domain pointed (internally) to my firewall.

What I'm trying to make is a NAT rule that directs a port to another internal IP

So if I try to hit my firewall at port 10060, it directs it to the specific server at 10060

The rule I made was

Interface: LAN
Source: Any
Destination: 10.9.0.1 <-- Firewall
Destination Port: 10060
Target: 10.9.0.10 <--- Internal server 
Target Port: 10060

This doesn't work

However, if I change Destination from 10.9.0.1 to ANY, it works, so I'm not sure why that is, but I don't want to globally override that port.

Can anyone help?

13
DHCP and DNS / Do additional DHCP pools receive priority over "Deny Unknown Clients" in main?
« on: October 28, 2015, 08:55:42 am »
If I have "Deny Unknown Clients" enabled in the first DHCP pool, and then in a secondary pool do not, will connecting devices be able to receive an address from the secondary pool?

Also, if there are two additional pools both of which would allow a client, how is which pool is used determined?

14
Firewalling / Question about rules when redirecting DNS to firewall
« on: October 25, 2015, 01:15:34 pm »
I was looking at this: https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

It said "If DNS requests to other DNS servers are blocked, such as in the Blocking DNS queries to external resolvers example, ensure the rule to pass DNS to 127.0.0.1 is above any rule that blocks DNS. "

My question is if my DNS block rule blocks DNS requests to destinations which are "NOT This Firewall", then that line would not apply, correct?

15
Installation and Upgrades / How to set up with no WAN
« on: October 14, 2015, 08:54:51 am »
I'm installing on a spare laptop to test a few things.
I only want a LAN interface, but I can't see any way to set nothing for the WAN, if I choose em0 for the WAN, I'm unable to select anything but the wireless card for the LAN and vice versa.

Is there anything I can do to bypass setting up a WAN interface?

Pages: [1] 2 3 4 5