Questions tagged [pfsense]
pfsense is a customized FreeBSD+pf distribution designed for use as a firewall. It wraps many of the features of the pf firewall code in an easy-to-use web interface.
845
questions
20
votes
6
answers
87k
views
How can I use HAproxy with SSL and get X-Forwarded-For headers AND tell PHP that SSL is in use?
I have the following setup:
(internet) ---> [ pfSense Box ] /-> [ Apache / PHP server ]
[running HAproxy] --+--> [ Apache / PHP server ]
...
- 9,198
16
votes
1
answer
17k
views
Connect to multiple AP with one Wifi adapter under Linux/FreeBSD?
How can I connect to more than one Wifi access point simultaneously using a single wireless adapter?
I'm currently using pfSense as my home router and I want it to connect to multiple APs wirelessly. ...
- 2,123
15
votes
1
answer
3k
views
What would cause SIP traffic to be seen going into a switch but not coming out?
Background
I have been struggling to get my SIP phones to register behind a brand new router and switch in our brand new office. Our PBX is hosted offsite. I have worked with our provider to attempt ...
- 2,850
13
votes
3
answers
13k
views
Is there danger to virtualizing a router?
I had read on a few forums about pfSense that said it was dangerous to virtualize pfSense. The reason that was stated was an attacker could use pfsense as a spring board for an attack on the ...
- 1,975
12
votes
4
answers
63k
views
Where are pfsense log files?
Where can the pfsense log files be located and viewed?
I have searched the documentation and it doesn't indicate the log files location for the various components of pfsense.
- 965
11
votes
6
answers
9k
views
monowall vs pfsense
I'm building a router out of a Mini-ITX pc + compact flash card setup and I'm trying to choose a suitable distro. My criteria are:
Must be able to run from a CF card (so no excessive disk writes)
I'm ...
- 379
10
votes
1
answer
7k
views
How can I get FreeNAS and pfSense to report more using SNMP?
I have two servers which run variants of FreeBSD: One is a pfSense router and one is a FreeNAS 8 server. Both these servers run SNMP, and I am collecting and graphing their information using a third ...
- 9,198
9
votes
8
answers
135k
views
pfsense: how to block internet for one client
I Have a network at home with a PFSense Software firewall. There are about 2 PCs and 3 laptops that connect to the internet through this firewall.
I would like to use the Firewall rules to block ...
- 564
9
votes
1
answer
6k
views
Hurricane Electric Tunnel with Pfsense?
How would I setup a HE net Tunnel to route through PFsense so I can have v6 addresses on my servers? I already have the tunnel setup on their end, but there is no instructions for PFsense.
- 9,214
9
votes
2
answers
14k
views
Pass through public IP addresses to pfSense
I have a server in my datacenter that has multiple publicly routed IP addresses, and I'm now running ESXi to manage it.
Before, I had some VMs running under the host that created a network:
inet
...
- 503
9
votes
1
answer
4k
views
Ubiquiti Wireless Guest Network VLAN w/ pfSense + Cisco Switch
I'm trying to setup a guest wireless network in an environment that has been humming along nicely for quite some time. The wireless runs on Ubiquiti UniFi APs.
I hope this is clear. If its not, feel ...
- 3,461
8
votes
2
answers
6k
views
Virtualized firewall under Hyper-V?
We are currently considering installing an instance of pfSense on our Hyper-V R2 based server to act as a content filter, captive portal and general firewall.
Although it is usually bad practice to ...
- 358
8
votes
2
answers
5k
views
pfSense Firewall or Linksys/Cisco router for small offices
I'm about to start switching some networks around for multiple small offices. Each office has about 10 to 15 users and 10 to 15 computers. Each office has a spread of generic routers and access points....
- 663
8
votes
4
answers
3k
views
OpenBSD/FreeBSD Firewall w/ GUI that is compatible with Intel 82574L Gigabit LAN NICs
I recently purchased a server to run m0n0wall or pfSense but I've learned since then that both of these firewall products are based on versions of FreeBSD which weren't yet compatible with the NICs in ...
- 131
8
votes
1
answer
2k
views
What is the proper way to configure Active Directory and Domain Controllers when only a dynamic (not static) IPv6 prefix is available?
When neither provider-independent address space or an ISP assigned static prefix is available, and a delegated prefix (via DHCPv6) is the only option…
What is the "best practice" for configuring ...
- 2,051
8
votes
2
answers
2k
views
Virtualized pfSense 2.0.1 affecting Hyper-V host connectivity? arp?
The Setup
I have setup pfSense 2.0.1 (64bit-amd image) as a host in Hyper-V. As described in other blogs I had to do the “ifconfig down deX”, “ifconfig up deX” to get the network up and running.
The ...
8
votes
4
answers
1k
views
Wireless AAA for a small, bandwidth-limited hotel
We (the tech I work with and myself) live in a remote northern town where Internet access is somewhat of a luxury, and bandwidth is quite limited. Here, overage charges ranging from few hundreds, to ...
- 295
7
votes
1
answer
4k
views
pfSense not forwarding DNS to concerned VPS
We are running Xenserver hyper-visor and I created 5 VM and 1VM for pfSense so all VMs are in 172.16.0.0/24 range attached to pfSenese LAN interface. pfSense has two interfaces: LAN (172.16.0.100 as a ...
- 71
7
votes
1
answer
40k
views
How do I assign a public IP to a machine behind a pfSense box using 1:1 NAT?
This should be dead simple but for the life of me, I can't get it working. I must be doing something stupid.
I have a PFsense server with a public IP address. Behind it is three LAN segments:
[ ...
- 9,198
7
votes
2
answers
9k
views
public ip resolves externally but not internally
I have a one to one NAT on pfsense that assigns a public IP to an internal IP (running a web server).
When I open the public IP from an internal machine, it will not resolve to the internal IP, ...
- 491
7
votes
4
answers
15k
views
pfsense log file retention
We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this?
pfSense uses clog rather ...
- 1,260
6
votes
1
answer
41k
views
How can I detect a DDoS attack using pfSense so I can tell my ISP who to block? [duplicate]
Last week my network was hit by a DDoS attack which completely saturated our 100 MBps link to the internet and pretty much shut down all the sites and services we host.
I understand (from this ...
- 9,198
6
votes
1
answer
7k
views
How do I configure a second pfSense server for failover?
I have 2 pfSense servers (the new and the old one) which are used as routers, DHCP and DNS servers. I want to configure the old one as a backup of the new one. It means that when all is ok, all the ...
- 223
6
votes
1
answer
2k
views
Designing segmented LAN with fairly shared hi-speed internet access on a tight budget
With another member of the owners' association, I've been tasked with designing and setting up shared, hi-speed, internet access, for our apartment building. We have very little budget and hope to be ...
- 1,698
6
votes
0
answers
1k
views
pfSense Internal Traffic Policy Based Routing
What is the current and correct way to apply policy based routing to pfSense internal traffic (originating from the firewall itself)? Creating a floating rule with the WAN interfaces selected, ...
- 546
6
votes
4
answers
11k
views
IPv6 LAN to IPv4 with PFsense
Is it possible to setup PFsense to do IPv6 to IPv4?
I am setting up an IPv6 LAN for "testing" and also to mess around with and I can't get an IPv6 address from my ISP so I need a way to change IPv6 ...
- 1,975
5
votes
7
answers
6k
views
Multiple devices with one IPv6 to the Internet?
I want to connect several devices (in the LAN) to the Internet via a single public IPv6 address.
Unfortunately I did not find a good way to do this. The only idea I had was to tunnel everything from ...
- 301
5
votes
2
answers
11k
views
Blocking a network device from communicating with another device on the LAN
I have been working with the firewall/router distribution Pfsense for a while now and I have been trying to figure out how to "isolate" a server on my LAN from other computers on my LAN by using deny/...
- 263
5
votes
4
answers
13k
views
Does two pfsense + CARP necessarily require two WAN IP?
I am looking to setup CARP following this guide across two pfSense firewalls.
I have setup CARP before on a WAN link with a big IP space, so allocating a distinct WAN IP per each device (as shown in ...
- 3,250
5
votes
1
answer
28k
views
Why is pfSense blocking multicast traffic when it is explicitly enabled?
I have a pair of pfSense firewall/routers set up in CARP/XML Config cluster. On the LAN side, the switch also has a pair of servers running corosync/pacemaker/drbd. These are on a different ip network,...
- 1,209
5
votes
3
answers
12k
views
Pfsense mbuf full, what to do?
I noticed today that the MBUF usage has hit its limit.
Apparently the site I'm running under pfsense is having some troubles too, I'd like to know if it would be safe to just
sysctl kern.ipc....
- 155
5
votes
3
answers
2k
views
*nix CARP or VMWare Fault Tolerance?
We're experimenting with what VMWare called a "Fully Collapsed DMZ" on blade centre. Basically our DMZ goes straight into a vSwitch and all the security appliances are virtualised.
I've ...
- 69k
5
votes
1
answer
11k
views
pfSense: dynamic DNS does not update automaticaly - it knows it's outdated
I'm using dyndns with pfSense and I have a router connected on the WAN line (DHCP configuration). Every few days my ISP changes my IP but pfsense does not update it automatically.
If I open the WebUI ...
- 1,315
5
votes
2
answers
4k
views
NAT Reflection, or Split DNS?
I'm working on a network restructure that has three geographical locations, but will share some services. Two of the locations have workstations, and one has only servers (in a CoLo facility). We will ...
- 1,209
5
votes
2
answers
4k
views
pfSense + NAT and nginx - real IP not shown in logs
My current setup includes a pfSense firewall which port forwards public WAN traffic to a NAT internal IP.
Example:
104.12.134.12:80 (WAN IP) port forwards all traffic to 192.168.1.104:80
This is ...
- 161
5
votes
1
answer
15k
views
How do I configure pfsense as an outbound VPN client?
We use pfsense as a router/firewall. Because we're based in China, it is useful for us to have VPN access for all our internal clients. Instead of each individual client connecting to a VPN server ...
5
votes
1
answer
62k
views
How do I route between interfaces in PFsense?
I have a PFsense router which divides a single WAN connection into three NAT networks on three interfaces: LAN, OPT1 and OPT2. This allows me to segregate my network so that computers on the OPT1 and ...
- 9,198
5
votes
3
answers
16k
views
How to collect figures of traffic used per-host, broken up by time and destination?
We have a relatively small network, all PSs in one subnet. One PC with two NICs and pfSense installed works as a firewall/router. There is an OpenVPN tunnel to a remote location, created as a site-to-...
- 196
5
votes
2
answers
1k
views
pfSense - IKEv2 with EAP-RADIUS: Any fallback option if the RADIUS server is down?
I'm deploying an IKEv2 VPN authenticating against a RADIUS service within a pfSense 2.3-RELEASE box. But I'm afraid of the complications of this approach when the RADIUS server is down.
Since the ...
- 5,540
5
votes
1
answer
5k
views
pfsense bridge of vlan interfaces
Hardware Setup
AMD E1-2100 Mini-ITX Motherboard with Onboard Gigabit (re0)
Intel PCI Express (x4) 4-port Gigabit Adapter (igb[0123])
Software Setup
pfSense v2.3
I'm trying to replicate my OpenWRT ...
- 51
5
votes
0
answers
1k
views
IPSec bandwidth between two Pfsense hosts has predictable, variable bandwidth
I have a IPSec tunnel between two Pfsense machines. Both machines are connected to a 100mbps symmetrical connection. The latency between the two routers is ~70ms. I'm using AES-GCM-128 and SHA1, both ...
- 2,222
5
votes
1
answer
2k
views
pfsense 2.0 traffic priority - set full priority for single host
I have a network with several computers all on the same network and since I have very limited bandwidth I would like to prioritize traffic almost like a CPU scheduler prioritize processes.
Example:
...
- 801
4
votes
4
answers
6k
views
Forefront TMG vs pfSense
We currently run pfSense with no problems, however we are looking at TMG as it is included in our partner subscription to MS and allows Windows 7 DirectConnect features to our domain for off-site ...
- 557
4
votes
3
answers
7k
views
What are the security risks of using pfsense in a virtualised environment?
I am thinking of using pfsense on my ubuntu server box. I'd virtualise pfsense with virtualbox, and have it route and firewall all traffic both on and destined to my server as well as the the rest of ...
user120729
4
votes
1
answer
25k
views
What do the following mean: TCP:RA, TCP:FA ,TCP:PA, TCP:S, TCP:SEC
I'm specifically looking for a definition of what the following mean: TCP:RA, TCP:FA ,TCP:PA, TCP:S, TCP:SEC
The context is that I'm looking at some pfSense logs which are showing rejected packets by ...
- 173
4
votes
1
answer
12k
views
Add an alias to a pfSense interface?
Note: maybe the "Background" and "Plan" are not really necessary; feel free to skip to the "Problem" immediately...
Background
We have recently migrated a bunch of servers from one subnet into ...
- 163
4
votes
2
answers
17k
views
Can I use pfsense as a DNS server?
If I have a pfsense based firewall in front of my servers, can I use this also for DNS?
Thanks
- 1,628
4
votes
2
answers
17k
views
pfSense Site-toSite VPN with OpenVPN connects but won't route traffic
Using two pfSense routers, I've created a shared-key VPN between 2 sites. Both routers are pfSense 1.2.2. The pfSense box at the client site is the gateway router for that site, but at the server ...
- 5,660
4
votes
2
answers
722
views
Internal DNS server provide response to external requests?
I have a pfSense firewall and a Windows 2008 R2 DNS server. I'd really like my DNS server to respond to external queries for my subdomains. Right now, I'm using a 3rd party service for that.
Is ...
- 195
4
votes
2
answers
13k
views
Create a rule using shell in fresh pfSense installation to open up WAN access to WebConfigurator
I am in a situation where I require WAN access to be opened up to the WebConfigurator through pfSense because I do not have another node connected to the same network to access WebConfigurator from ...
- 3,250