Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Derelict

Pages: 1 [2] 3 4 5 6 ... 650
16
Virtualization installations and techniques / Re: Azure setup
« on: February 13, 2018, 12:52:04 pm »
You want LAN public IPs to be routed from the outside to the inside VMs on the pfSense inside interface?

Does Azure even support routing like that? Without NAT, they would have to know to route the traffic to those addresses to the pfSense WAN address.

17
Hardware / Re: WAN port gets reassigned to add-on NIC
« on: February 13, 2018, 01:14:44 am »
em0 is em0. If the add-on card enumerates first then you either need to just patch the WAN to the new em0 or reassign to, I would expect, em4, which is where the onboard NIC that used to be em0 should now be.

I would just go to Interfaces > Assignments and reassign WAN to em4 or patch WAN to the new em0. Your choice.

18
Installation and Upgrades / Re: pkg.pfsense.org has no A DNS record
« on: February 12, 2018, 11:58:50 pm »
That is not the problem. pkg.pfsense.org uses a SRV record.

$ dig +short _https._tcp.pkg.pfsense.org SRV
10 10 443 files00.netgate.com.
10 10 443 files01.netgate.com.


Really should put a CNAME on pkg.pfsense.org that resolves to there-is-no-a-record-it-uses-srv-records.netgate.com.

What is the Branch set to in System > Update? If it is anything other than Latest stable version (2.4.x) change it to that and try again.

19
Routing and Multi WAN / MOVED: Auto Throttle on 2nd WAN
« on: February 12, 2018, 09:20:43 pm »

20
Traffic Shaping / Re: Auto Throttle on 2nd WAN
« on: February 12, 2018, 09:20:29 pm »
As long as you are running a current version (that doesn't stop processing traffic when limiters are enabled on interfaces with NAT), you could put a limiter on the second WAN.

You would likely have to use a technique such as marking the traffic then matching it with a floating rule to get the limiter to only apply when one WAN is in use. Search for NO_WAN_EGRESS for an idea of that technique.

If you wanted to use altq you could set something like a PRIQ on WAN with a bandwidth lower than the upload speed and set that queue using the same technique. But then you'd have to set a default queue. But if you set a default queue to just under the upload speed at a higher priority then put the NAS traffic at a lower priority that might fix your issues while allowing full upload speed from the NAS when there wasn't any other traffic.

21
General Questions / Re: Added limiter resulted in spontaneous reboots
« on: February 12, 2018, 05:45:30 pm »
Long-standing bug. Fixed in 2.4.3.

https://redmine.pfsense.org/issues/4310

22
I am pretty limited to what I can do after this. Everything looks fine on the pfSense side.

Maybe try to ping something on the 192.168.2.0/24 network from Diagnostics > Ping. That should put the pfSense MAC address in the switch's table. If not you need to figure out why not.

That switch certainly supports mirroring. Mirror that port to something else and wireshark it.

You are fortunately/unfortunately dealing with a 10G SFP+ port or I'd suggest putting a laptop interface on vlan 10 and plugging in directly.

Assign OPT1 to a gig-e port and try that?

23
That looks fine.

You need to look closer at layer 2.

What mac addresses are on VLAN 10?

Probably something similar to show mac-address-table

24
OK then something connected to an access port on VLAN 10 on the switch should get an IP address.

If not you have to figure out why not.

I have found looking at the mac address table on the switch for that VLAN is a good place to start.

You could also send the output of these commands entered into Diagnostics > Command Prompt (or run from the shell)

ifconfig cxgb0

ifconfig cxgb0.10

25
OK and a DHCP server is configured on the OPT1 interface in pfSense? Can you post that?

26
General Questions / Re: How To Remotely Access Router WebGUI ?
« on: February 12, 2018, 12:07:51 pm »
You could also set up a VPN into your management location then put a firewall rule on the client firewall that only allows connections from that location. So you VPN into one location and use that to access the clients' systems.

I have found that a VPN to my office and remote desktop into my workstation is far easier than maintaining/syncing all the tools I might need on my laptop.

27
Routing and Multi WAN / Re: Static route between 2 pfSense
« on: February 12, 2018, 12:01:28 pm »
Sorry. No idea what "DNS isn't passing down" means. Need to know where the DNS clients are, what their configured name servers are, and what is not working to be able to have a chance at helping.

28
Please post the switch port configuration for the port connected to cxgb0.

29
Firewalling / Re: Networking two subnets together
« on: February 12, 2018, 12:50:25 am »
Honestly it looks like you should be asking how to set a static route on an OpenWRT forum.

Setting a target and a gateway to the same address is pretty much never right (if you can directly access the gateway, you don't need the route) but I have never used OpenWRT.

30
Please post a current screenshot of Interfaces > Assignments

Pages: 1 [2] 3 4 5 6 ... 650