Re: [pfSense] Block HTTPS by Range/IP
I tested the e2guardian service in my virtual machines, actually it works perfect. No need to install certificate to clients for SSL filtering. Now I will install pfsense to real hardware and then configure it for my network, after that 20+ clients will be going over pfsense and test the e2guardian with high traffic. If it works stabil with high traffic, squidguard, manuel proxy, dns based block, layer 7 will be over, nobody will use it for block ssl, web filtering :) -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Thu, May 3, 2018 at 2:15 AM, Capa Carvalho <capacarvalho.li...@gmail.com> wrote: > Hello, > > > I have been looking a solution for my project that it is block sites > through IP address, block HTTPS and without needs to install certificate in > all devices then I have found this tutorial and I would like to share with > you, this helps me a lot and it can help you too. > > > > https://www.youtube.com/watch?v=V4Md4Ja1pMg= > PLvmt6ceZVIhOG1pbmJUy1XUAxsJaIdSN- > > > > Regards. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] The same voucher in some devices.
Well also I just want to say that if you don't have a router or another device between your pfsense and users like below scenario just leave it blank :) ISP > pfSense > Users -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar <ucribra...@gmail.com> wrote: > *I have never used ...* > > > > > -- > > *İbrahim UÇAR* > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar <ucribra...@gmail.com> > wrote: > >> I really don't know how works Mac filtering options. I have ever used >> before this option. If someone knows what really do this option then they >> can tell you via mail. >> >> Just leave it blank if you don't need it. Usually this option not using. >> >> >> >> >> -- >> >> *İbrahim UÇAR* >> >> Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> >> >> On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote: >> >>> Ibrahim, >>> >>> & How to Macc Filtering, whether to check on or leave blank? Thank's. >>> >>> Regards, >>> Cyclop >>> >>> On Wed, Nov 22, 2017 at 23:29 ibrahim uçar <ucribra...@gmail.com> wrote: >>> >>> > Yes, This option mostly comes disable at captive portal. So you need to >>> > enable it by clicking on it. >>> > >>> > >>> > >>> > >>> > -- >>> > >>> > *İbrahim UÇAR* >>> > >>> > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> >>> > >>> > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote: >>> > >>> > > Hii All, >>> > > >>> > > Thank You for informastion? >>> > > >>> > > Question: >>> > > Does it have to be checked? on Concurrent users logins?, >>> > > >>> > > Regards >>> > > cyclop >>> > > >>> > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho <kleb.li...@gmail.com> >>> > > wrote: >>> > > >>> > > > Thanks Ibrahim >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > Regards. >>> > > > >>> > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar < >>> ucribra...@gmail.com> >>> > > > wrote: >>> > > > >>> > > > > No sir, I only know this solution to solve that problem, I hope >>> > someone >>> > > > > knows another solution to help you :) >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > -- >>> > > > > >>> > > > > *İbrahim UÇAR* >>> > > > > >>> > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> >>> > > > > >>> > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho < >>> > kleb.li...@gmail.com >>> > > > >>> > > > > wrote: >>> > > > > >>> > > > > > Thanks Ibrahim... >>> > > > > > >>> > > > > > Do you know if this is only way to do this ? >>> > > > > > Because this option "Disable Concurrent user logins" it is >>> fine but >>> > > I'd >>> > > > > > like that the first one had the "voucher+mac" and nobody can't >>> > > connect >>> > > > > > after. >>> > > > > > >>> > > > > > >>> > > > > > Thanks again. >>> > > > > > >>> > > > > > >>> > > > > > Regards. >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > >>> > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar < >>> > ucribra...@gmail.com >>> > > > >>> > > &g
Re: [pfSense] The same voucher in some devices.
*I have never used ...* -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Wed, Nov 22, 2017 at 6:47 PM, ibrahim uçar <ucribra...@gmail.com> wrote: > I really don't know how works Mac filtering options. I have ever used > before this option. If someone knows what really do this option then they > can tell you via mail. > > Just leave it blank if you don't need it. Usually this option not using. > > > > > -- > > *İbrahim UÇAR* > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote: > >> Ibrahim, >> >> & How to Macc Filtering, whether to check on or leave blank? Thank's. >> >> Regards, >> Cyclop >> >> On Wed, Nov 22, 2017 at 23:29 ibrahim uçar <ucribra...@gmail.com> wrote: >> >> > Yes, This option mostly comes disable at captive portal. So you need to >> > enable it by clicking on it. >> > >> > >> > >> > >> > -- >> > >> > *İbrahim UÇAR* >> > >> > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> >> > >> > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote: >> > >> > > Hii All, >> > > >> > > Thank You for informastion? >> > > >> > > Question: >> > > Does it have to be checked? on Concurrent users logins?, >> > > >> > > Regards >> > > cyclop >> > > >> > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho <kleb.li...@gmail.com> >> > > wrote: >> > > >> > > > Thanks Ibrahim >> > > > >> > > > >> > > > >> > > > >> > > > Regards. >> > > > >> > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar <ucribra...@gmail.com >> > >> > > > wrote: >> > > > >> > > > > No sir, I only know this solution to solve that problem, I hope >> > someone >> > > > > knows another solution to help you :) >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > -- >> > > > > >> > > > > *İbrahim UÇAR* >> > > > > >> > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> >> > > > > >> > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho < >> > kleb.li...@gmail.com >> > > > >> > > > > wrote: >> > > > > >> > > > > > Thanks Ibrahim... >> > > > > > >> > > > > > Do you know if this is only way to do this ? >> > > > > > Because this option "Disable Concurrent user logins" it is fine >> but >> > > I'd >> > > > > > like that the first one had the "voucher+mac" and nobody can't >> > > connect >> > > > > > after. >> > > > > > >> > > > > > >> > > > > > Thanks again. >> > > > > > >> > > > > > >> > > > > > Regards. >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > >> > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar < >> > ucribra...@gmail.com >> > > > >> > > > > > wrote: >> > > > > > >> > > > > > > If you don't want to many users login with the same same >> voucher >> > or >> > > > > > > username and password, you should enable the "Concurrent users >> > > > logins" >> > > > > > > option. After that everyone will login captive portal with >> their >> > > own >> > > > > > > voucher or username and password. >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > >> > > > > > > -- >> > > > > > > >> > > > > > > *İbrahim UÇAR* >> > > > > > &g
Re: [pfSense] The same voucher in some devices.
I really don't know how works Mac filtering options. I have ever used before this option. If someone knows what really do this option then they can tell you via mail. Just leave it blank if you don't need it. Usually this option not using. -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Wed, Nov 22, 2017 at 5:52 PM, 3y3lop <3y3...@gmail.com> wrote: > Ibrahim, > > & How to Macc Filtering, whether to check on or leave blank? Thank's. > > Regards, > Cyclop > > On Wed, Nov 22, 2017 at 23:29 ibrahim uçar <ucribra...@gmail.com> wrote: > > > Yes, This option mostly comes disable at captive portal. So you need to > > enable it by clicking on it. > > > > > > > > > > -- > > > > *İbrahim UÇAR* > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > > > On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote: > > > > > Hii All, > > > > > > Thank You for informastion? > > > > > > Question: > > > Does it have to be checked? on Concurrent users logins?, > > > > > > Regards > > > cyclop > > > > > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho <kleb.li...@gmail.com> > > > wrote: > > > > > > > Thanks Ibrahim > > > > > > > > > > > > > > > > > > > > Regards. > > > > > > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar <ucribra...@gmail.com> > > > > wrote: > > > > > > > > > No sir, I only know this solution to solve that problem, I hope > > someone > > > > > knows another solution to help you :) > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > *İbrahim UÇAR* > > > > > > > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > > > > > > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho < > > kleb.li...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > Thanks Ibrahim... > > > > > > > > > > > > Do you know if this is only way to do this ? > > > > > > Because this option "Disable Concurrent user logins" it is fine > but > > > I'd > > > > > > like that the first one had the "voucher+mac" and nobody can't > > > connect > > > > > > after. > > > > > > > > > > > > > > > > > > Thanks again. > > > > > > > > > > > > > > > > > > Regards. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar < > > ucribra...@gmail.com > > > > > > > > > > wrote: > > > > > > > > > > > > > If you don't want to many users login with the same same > voucher > > or > > > > > > > username and password, you should enable the "Concurrent users > > > > logins" > > > > > > > option. After that everyone will login captive portal with > their > > > own > > > > > > > voucher or username and password. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > *İbrahim UÇAR* > > > > > > > > > > > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com > > > > > > > > > > > > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho < > > > > kleb.li...@gmail.com > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > Hello, > > > > > > > > > > > > > > > > > > > > > > > > In my Captive Portal I have many people share the > same > > > > > > > voucher... > > > > > > > > Any idea to r
Re: [pfSense] The same voucher in some devices.
Yes, This option mostly comes disable at captive portal. So you need to enable it by clicking on it. -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Wed, Nov 22, 2017 at 5:13 PM, 3y3lop <3y3...@gmail.com> wrote: > Hii All, > > Thank You for informastion? > > Question: > Does it have to be checked? on Concurrent users logins?, > > Regards > cyclop > > On Fri, Nov 17, 2017 at 22:10 Kleber Carvalho <kleb.li...@gmail.com> > wrote: > > > Thanks Ibrahim > > > > > > > > > > Regards. > > > > On Fri, Nov 17, 2017 at 2:02 PM, ibrahim uçar <ucribra...@gmail.com> > > wrote: > > > > > No sir, I only know this solution to solve that problem, I hope someone > > > knows another solution to help you :) > > > > > > > > > > > > > > > -- > > > > > > *İbrahim UÇAR* > > > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > > > > > On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <kleb.li...@gmail.com > > > > > wrote: > > > > > > > Thanks Ibrahim... > > > > > > > > Do you know if this is only way to do this ? > > > > Because this option "Disable Concurrent user logins" it is fine but > I'd > > > > like that the first one had the "voucher+mac" and nobody can't > connect > > > > after. > > > > > > > > > > > > Thanks again. > > > > > > > > > > > > Regards. > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <ucribra...@gmail.com > > > > > > wrote: > > > > > > > > > If you don't want to many users login with the same same voucher or > > > > > username and password, you should enable the "Concurrent users > > logins" > > > > > option. After that everyone will login captive portal with their > own > > > > > voucher or username and password. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > *İbrahim UÇAR* > > > > > > > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > > > > > > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho < > > kleb.li...@gmail.com > > > > > > > > > wrote: > > > > > > > > > > > Hello, > > > > > > > > > > > > > > > > > > In my Captive Portal I have many people share the same > > > > > voucher... > > > > > > Any idea to resolve this case ? > > > > > > > > > > > > Big problem for us > > > > > > > > > > > > > > > > > > Best Regards > > > > > > -- > > > > > > > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.* > > > > > > *CCNA R** | **CCNA Security | **CCNP Security | > **LPIC-1 | > > > > > > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * > > > *|* * > > > > > > Novell > > > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > > > > > > ___ > > > > > > pfSense mailing list > > > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > ___ > > > > > pfSense mailing list > > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.* > > > > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > > > > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * > *|* * > > > > Novell > > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > > > > ___ > > > > pfSense mailing list > > > > https://lists.pfsense.org/mailman/listinfo/list > > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > > > > > > > > -- > > > > *Kleber da Silva CarvalhoProfissional Certificado.* > > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * *|* * > > Novell > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > -- > cyclop > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] The same voucher in some devices.
No sir, I only know this solution to solve that problem, I hope someone knows another solution to help you :) -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Fri, Nov 17, 2017 at 3:47 PM, Kleber Carvalho <kleb.li...@gmail.com> wrote: > Thanks Ibrahim... > > Do you know if this is only way to do this ? > Because this option "Disable Concurrent user logins" it is fine but I'd > like that the first one had the "voucher+mac" and nobody can't connect > after. > > > Thanks again. > > > Regards. > > > > > > > On Fri, Nov 17, 2017 at 12:14 PM, ibrahim uçar <ucribra...@gmail.com> > wrote: > > > If you don't want to many users login with the same same voucher or > > username and password, you should enable the "Concurrent users logins" > > option. After that everyone will login captive portal with their own > > voucher or username and password. > > > > > > > > > > > > > > -- > > > > *İbrahim UÇAR* > > > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > > > On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <kleb.li...@gmail.com> > > wrote: > > > > > Hello, > > > > > > > > > In my Captive Portal I have many people share the same > > voucher... > > > Any idea to resolve this case ? > > > > > > Big problem for us > > > > > > > > > Best Regards > > > -- > > > > > > *Kleber da Silva CarvalhoProfissional Certificado.* > > > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > > > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * *|* * > > > Novell > > > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > > > ___ > > > pfSense mailing list > > > https://lists.pfsense.org/mailman/listinfo/list > > > Support the project with Gold! https://pfsense.org/gold > > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > > > -- > > *Kleber da Silva CarvalhoProfissional Certificado.* > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * *|* * > Novell > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] The same voucher in some devices.
If you don't want to many users login with the same same voucher or username and password, you should enable the "Concurrent users logins" option. After that everyone will login captive portal with their own voucher or username and password. -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Fri, Nov 17, 2017 at 2:06 PM, Kleber Carvalho <kleb.li...@gmail.com> wrote: > Hello, > > > In my Captive Portal I have many people share the same voucher... > Any idea to resolve this case ? > > Big problem for us > > > Best Regards > -- > > *Kleber da Silva CarvalhoProfissional Certificado.* > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * *|* * > Novell > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Block Install/Update APPs [android / apple].
Block the "updatesites" for your guest and then try to update, see if it's works. -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Mon, Oct 30, 2017 at 4:46 PM, Kleber Carvalho <kleb.li...@gmail.com> wrote: > Hello, > > > I have a guest network and this moment I need to block all access > to Install and Update of APPs Android and Apple, I am using squid + > squidguard in my proxy. > > Any idea about that ? > > > > Best Regards. > > -- > > *Kleber da Silva CarvalhoProfissional Certificado.* > *CCNA R** | **CCNA Security | **CCNP Security | **LPIC-1 | > LPIC-2 * *|* *LPIC-3 * *| * *LPIC-3 303 * *| **Novell CLA 11 * *|* * > Novell > DCTS * *|* * ITIL v3 * *|* * COBIT 4.1* > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] problems with lagg interfaces?
Also did you create a pass rule in lagg0 interface which is from Firewall > Rules > lagg0? -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Tue, Oct 17, 2017 at 4:36 PM, Eero Volotinen <eero.voloti...@iki.fi> wrote: > Hi All, > > Tried to configure lagg0 interface with vlans. Looks like traffic is not > passing in the interface. > > Any ideas? It works fine, if I just configure interface with vlan, but not > with lagg interface > > Setup is like this: > > -> Lagg0 with two interfaces in failover mode and vlan tagging top of that. > -> Both switches are configured to pass traffic with vlan tags to firewall. > > -- > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] ICMP Rate Limit
Well, If I were you, I would draw my network schema and then I try to think why there are some packet loss on my network, maybe because of long cables, internet speed, packet jumps ( router devices ), big network traffic, firewall state tables, other things you know. Also it effects how many devices do you use in your network. For example when a package try to goes to internet, how many routers is this packet going through? For example 2 devices, 4 or 10? :) Well my friend many things can effects for packet loss. Your questions which is about pfSense ICMP limitations. I think, the problem is not about pfSense or ICMP limitations. I will make a check list that you can might be solved the problem after you looked this things. - State tables => Diagnostics > States ( Is it full? ) - RAM usage (dashboard) - CPU usage (dashboard) - TOP command for processes of services. => Diagnostics > System Activity - Traffic usage => Diagnostics > Traffic Graph Send here a picture of your gateways status please. Status > Gateways I hope, you can solve the problem. Well, These are my thoughts, I wish I could help you. -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Tue, Oct 17, 2017 at 3:35 PM, Daniel <dan...@linux-nerd.de> wrote: > Hi, > > not sure. Problem is - I have in my network packetloss and we started to > change everything. > Cabling, Switches and so on. On the thing what we didn’t changed was the > firewalls. > > So I installed Smokeping on a Server which is behind the firewall. I > configured to monitor WAN und LAN interface with ICMP and here I see some > loss. > All other internal Hosts has no loss just both Firewalls. Traffic which is > routed thought the Firewall is just few Mbits – So not overloaded or so. > > I thing, or my opinion is that pfSense has some ICMP limitations which > shows me loss but this is just a case of some limitations. > But more funny is – I see the same loss on both Firewalls. > > > Am 17.10.17, 14:25 schrieb "List im Auftrag von ibrahim uçar" < > list-boun...@lists.pfsense.org im Auftrag von ucribra...@gmail.com>: > > Hi Daniel, > > I hope that I did understand you :). You should go to System > > Advanced > > Firewall & NAT > at the bottom of this tab, you will see state > timeouts. > There is ICMP timeout. If it's not that you're talking about, let me > know. > > > > > -- > > *İbrahim UÇAR* > > Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> > > On Tue, Oct 17, 2017 at 3:22 PM, Daniel <dan...@linux-nerd.de> wrote: > > > Hi there again, > > > > > > > > just wanted to know if pfSense has per default any ICMP rate > Limitations > > installed? > > > > Problem is I see some small loss in WAN/LAN interface but actually I > have > > a any/any rules. > > > > I see this on both firewalls I have installed. > > > > > > > > Cheers > > > > > > > > Daniel > > > > > > > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Multi-WAN and HA. Established connections through a not default gateway are broken when I disable CARP in the master unit.
Hi guys, It is too long to write how you can setup CARP. Well, I wrote an article about CARP but not in English language, in my native language which is Turkish. If you want to see you can go to my website, here : https://lifeoverlinux.com/pfsense-2-2-carp-common-address-redundancy-konfigurasyonu/ -- *İbrahim UÇAR* Blogger | https://lifeoverlinux.com <http://lifeoverlinux.com> On Wed, Sep 27, 2017 at 10:43 PM, dayer <day...@gmail.com> wrote: > 2017-09-27 20:29 GMT+02:00 Steve Yates <st...@teamits.com>: > > I'm not sure if I am following you correctly, but the WAN CARP > IP has to be the same on both routers. So router1 has a WAN of a.a.a.a and > CARP of a.a.a.b, and router2 has a WAN of a.a.a.c and CARP of a.a.a.b. > Same thing with the LAN IPs. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > >> If I had to guess: Are you using a CARP address for outbound NAT? If > >> not then the connections *will* break on failover. > > > > > > Thanks for your reply, Jon :) > > > > Yes, I'm using CARP addresses from each WAN for outbound NAT: > > - WLAN1 CARP, for WLAN1 > > - WLAN2 CARP, for WLAN2 > > > > In addition, when the *new* master unit routes the established > > traffic, it continues doing the previous NAT according to the state > > synchronised from the previous master. So it continues doing outbound > > NAT with the WLAN2 CARP address, but trying to route through WLAN1. > > This proves that the new master unit has the synchronised states, but > > it try to route the established connections according to routing table > > and not to firewall rules. > > Hi Steve! Exactly. It doesn't matter, I know this behavior is some > difficult to explain. > > In my example, according to the diagram from [1]: > > PC: > - LAN: 192.168.2.1 > - GW: 192.168.2.10 > > Pfsense1: > - LAN: 192.168.2.11 > - LAN CARP: 192.168.2.10 > - WAN1: 192.168.56.11 > - WAN1 CARP: 192.168.56.10 > - GW1: 192.168.56.1 (default) > - WAN2: 192.168.57.11 > - WAN2 CARP: 192.168.57.10 > - GW2: 192.168.57.1 > > Pfsense2: > - LAN: 192.168.2.12 > - LAN CARP: 192.168.2.10 > - WAN1: 192.168.56.12 > - WAN1 CARP: 192.168.56.10 > - GW1: 192.168.56.1 (default) > - WAN2: 192.168.57.12 > - WAN2 CARP: 192.168.57.10 > - GW2: 192.168.57.1 > > Outbound NAT settings, something like: > - LAN→WAN1→WAN1 CARP > - LAN→WAN2→WAN2 CARP > > Initially (Pfsense1 master; Pfsense2 backup; Traffic from LAN is > routing through GW2 according to a firewall rule): > SSH from PC → LAN → WAN2 (NAT with WAN2 CARP) → GW2 > > If I disable CARP in Pfsense1, Pfsense2 is the new master and: > - The *established* connections do this path (wrong): > PC → LAN → WAN1 (WAN2 CARP) → GW1 > - The *new* connections do this path (right): > PC → LAN → WAN2 (WAN2 CARP) → GW2 > > > Regards, > > > [1]: https://forum.pfsense.org/index.php?topic=136739.msg749477#msg749477 > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bulk update of multiple aliases & rules
+1 export config file and import to another pfsense. "Diagnostics > Backup/restore" -- *İbrahim UÇAR* Blogger | http://lifeoverlinux.com On Fri, Jun 30, 2017 at 1:48 AM, Jim Spaloss <jspal...@gmail.com> wrote: > Or export config, copy/paste the rules in an editor and import again. > > On Jun 29, 2017 5:42 PM, "Steve Yates" <st...@teamits.com> wrote: > > > On the off chance they're coming from another pfSense, perhaps export the > > configs and copy/paste. > > > > -- > > > > Steve Yates > > ITS, Inc. > > > > -Original Message- > > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Lee > Damon > > Sent: Thursday, June 29, 2017 4:17 PM > > To: list@lists.pfsense.org > > Subject: [pfSense] bulk update of multiple aliases & rules > > > > I need to add roughly 200 aliases and 100 rules to a new (redundant) > > firewall set. > > > > They're currently set up so any alias or rule added to one via the GUI > > shows up on the other one automagically. > > > > However, instead of sitting there and manually creating every alias and > > every rule I would really like to do a bulk update. I'm reasonably sure > > the alias-url option is "one alias with lots of entries" as opposed to > > "lots of aliases" so I'm looking for alternatives. > > > > Any suggestions on easy and reliable methods of doing mass updates like > > this? > > > > thanks, > > nomad > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] How to Block Malicious Address by Using Feed Service?
Hi all, I have wrote an article which is about how to block malicious websites by using pfBlockerng and I wanted to share with you guys. Well, you can access this article from my blog or slideshare. Blog : http://lifeoverlinux.com/how-to-block-malicious-address-by-using-feed-service/ <http://lifeoverlinux.com/how-to-block-malicious-address-by-using-feed-service/> Slideshare : https://www.slideshare.net/ibrahimucar39545464/how-to-block-malicious-address-by-using-feed-service Thank you. -- *İbrahim UÇAR* Blogger | http://lifeoverlinux.com ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
