Netgate SG-1000 microFirewall

Recent Posts

Pages: 1 2 3 [4] 5 6 7 8 ... 10
31
General Questions / Re: WI-Fi extender without internet
« Last post by xplozia on Today at 08:40:46 am »
And what about the LAN firewall rules ?

Consider also packet capturing on pfSense on the LAN.
Disconnect / remove all device except one on the extender.
Activate the capturing, see what comes in, and gets out.
UDP port 68 works, as DHCP works.
Do you see the ICMP arrive ?
Other (TCP) ?
Thanks!
I have set "DHCP Static Mappings" for few devices. I changed, IP for my phone, on pfSense, from192.x.x.102 to 192.x.x.111, and after connected my phone, to the wirelsess router I received 192.x.x.111 IP and the same IP when I connected my phone to WI-FI Extender.
I captured traffic for my phone and I have, where 192.168.10.1 is my pfSense:
For wireless router:
192.168.10.1.53:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
172.217.16.110.80:
192.168.10.1.53:
169.60.79.74.5222:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:
185.60.218.170.443:




For Extender:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:
157.240.9.170.443:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
192.168.10.1.53:
157.240.9.170.443:

In my Wi-FI extender you can see only 53 and 443 ports  :(
32
IPv6 / IPv6 prefix delegation to OVPN interfaces
« Last post by rudivd on Today at 08:38:56 am »
Hi all,

I got prefix delegation working for my DSL connection (fritz-> provider (xs4all)). With the setting "follow interface"
I get clear v6 adresses and subnets on my *wired* (ie REAL) interfaces. ipv6 works through these interfaces. Now,
when it comes to OVPN (server) interfaces, I only can set a tunnel network for v6 in the setup. (this is with 2.4.2)

On 2.2.5 I got this working by selecting a subnet within my v6 block, (in the openvpn settings as tunnel subnet)
 but not used by the real interfaces, and not changing anything else (in other settings apart from ovpn).
I had v6 through openvpn with a correct v6 ip address on the client (which was within the selected tunnel
network (as it showed on the internet as well) and had routing to the internet). No problems there.

Getting the same setup working on 2.4.2, I get the idea that the dhcp6 client on WAN just asks and gets subnets for
the wired (real) interfaces, and does not request either the full v6 range or the subnets I select for the OVPN server
in pfsense, as I got outgoing packets from the ovpn client, and can ping6 alle real pfsense interfaces including the WAN
but not the router (fritz) and beyond. Yes, I have allowed ipv6* on the OVPN interface to * in firewall rules.....

Any idea here ?! The weird thing is that it looks that the behaviour (either dhcp6c or openvpnd)  has changed
from 2.2.x -> 2.4.2

Thanks !
Rudi

33
Gaming / Re: Nintendo Switch - Needs static port on its outbound NAT
« Last post by jimp on Today at 08:19:10 am »
I posted this in a different thread by accident ....

having some trouble here - I'm getting the error Nintendo code:

Quote
error code: 2618-0516
NAT traversal process has failed
etc...

I've attached the firewall/nat/outbound screen - have I missed anything?

Looks like your NAT rule is set on the internal (LAN) interface when it should be on the WAN interface. Edit that rule, change it to WAN, Save, Apply.
34
OpenVPN / Re: OpenVPN Default gateway
« Last post by rsloan on Today at 08:19:01 am »
Hi,

I saw the option to choose subnets but not a gateway address. Although I'm able to get a connection to the servers using a tun connection, I need to be able to use tap so homeworkers are able to use there VOIP phones.

Do you have any other ideas on what I could try?

Thank you for your response.

Regards,

Robert.
35
IPsec / Re: IPSec PSK+XAuth Client - How to set XAuth option?
« Last post by jimp on Today at 08:15:57 am »
Yes this is possible.

VPN/IPSEC/MOBILE CLIENTS
Enable IPSEC mobile client support

User database
Local database (selected)

Save

In your p1 entry you should now have the option under p1 proposal.


Make sure when you create your users you go back in and add the XAUTH VPN User dial-in


Hopes this helps!

That's the wrong direction. That sets up an Xauth server. OP wants pfSense to act as an Xauth client to a remote server.
36
Gaming / Re: Nintendo Switch - Needs static port on its outbound NAT
« Last post by c4bcons on Today at 08:15:02 am »
I posted this in a different thread by accident ....

having some trouble here - I'm getting the error Nintendo code:

Quote
error code: 2618-0516
NAT traversal process has failed
etc...

I've attached the firewall/nat/outbound screen - have I missed anything?
37
It wouldn't be included in pfSense yet because that patch is not in a release that pfSense is based on. Eventually once that makes it into a FreeBSD 11.x release, and then pfSense has a release based on that FreeBSD version, it will be included.
38
If it's showing a private IP on the WAN like in that screenshot it's because the ISP supplied modem/router is not passing it through. Instead is it running a dhcp server and giving pfSense a lease from that.

If it's a PPPoE connection you will need to configure the 'modem' to run is modem or bridge mode and then configure the PPPoE connection on the pfSense WAN.

Steve

39
NAT / Re: Outbound NAT (& UPnP) problems
« Last post by jimp on Today at 08:08:53 am »
Are you 100% sure that your switch pulled that IP address? The rules look correct, but if it isn't showing the correct NAT type then something about them must not be matching properly.
40
Installation and Upgrades / Re: Upgraded to 2.4.2_1 But still shows 2.4.2
« Last post by jimp on Today at 08:04:03 am »
What does the output of "pkg info -x pfsense" show?
Pages: 1 2 3 [4] 5 6 7 8 ... 10