[pfSense] NAT from WAN to LAN

2016-08-14 Thread Antonio
Hello, you'll have to forgive my newbie question but that where we are start at some point. I'm really keen to understand more about networking hence my desire to learn through pfSense. This is my setup: OpenWRT Router on the ADSL which has the 195.160.1.0 network on the LAN side and a pfSense

Re: [pfSense] Open ports between subnets

2017-10-06 Thread Antonio
/) for your social networking. Il 02/10/2017 15:53, Steve Yates ha scritto: > Do you have the option to block private networks on both interfaces turned > off? > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfs

[pfSense] Open ports between subnets

2017-09-30 Thread Antonio
ce logging  temperature) that is not having these problems and is getting to the server no problem. I hope you guys can help me work out what is wrong. Thanks Antonio -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (htt

[pfSense] block DNS queries to external resolvers rule

2017-09-30 Thread Antonio
Hi, I tried to add the "block DNS queries to external resolvers" as described here (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers ) to my LAN config and noticed that traffic would not go anywhere on the LAN until I disabled the the two rule below on port 53. With

Re: [pfSense] block DNS queries to external resolvers rule

2017-10-01 Thread Antonio
://joindiaspora.com/) for your social networking. Il 01/10/2017 01:59, Chris L ha scritto: >> On Sep 30, 2017, at 5:38 PM, Antonio <antoniogennar...@gmail.com> wrote: >> >> Hi, >> >> I tried to add the "block DNS queries to external resolvers" as >>

Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN

2018-05-06 Thread Antonio
ha scritto: > Hi, > > On Sun, 6 May 2018 09:47:17 +0100 > Antonio <m...@geotux.it> wrote: > >> I can across that website yesteday and although I have pfSense 2.4.3 >> installed (I believe it ships OpenVPN 2.4.4), I get that the option is >> not supported alt

Re: [pfSense] DNS configurazione under VPN

2018-05-06 Thread Antonio
ata to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 03/05/2018 20:29, Antonio ha scritto: > Hi folks, > > I'm trying to understand why I get DNS leaks. I am connecting to V

[pfSense] Firewall rules on OpenVPN interface

2018-05-06 Thread Antonio
Hi, I was wondering is the "*Block private networks and loopback addresses*" and "*Block bogon networks*" shoudl be ticked for the interface I have created for my OpenVPN client? Do I need to allow incoming requests on that interface? I copied the configuration from the internet to connect to my

Re: [pfSense] Mastering DNS Resolver and tweaking behaviour with VPN

2018-05-06 Thread Antonio
) for your social networking. Il 06/05/2018 09:29, Lorenz Schori ha scritto: > Hi, > > Only covering b). > > On Sun, 6 May 2018 03:30:32 +0100 > Antonio <m...@geotux.it> wrote: > >> b) *OpenVPN Clients* - this seems to be a new option that wasn't >&g

[pfSense] Mastering DNS Resolver and tweaking behaviour with VPN

2018-05-05 Thread Antonio
Hi, I've just come across the excellent tutorial videos of Mark Furneaux on Youtube. I did the DNS video where he covered unbound. There are a couple of things I can't still workout and that are not in the pfSense book: a) *DNS Query

[pfSense] Is this a state of the art DNS Resolver setup?

2018-05-25 Thread Antonio
Hi folks, I come across this post https://airvpn.org/topic/27460-opinion-best-solution-against-dns-leak-on-pfsense/ which provides what I think (although I'm no expert here) is an elegant solution to those that have VPNs setup on pfSense. The reason being that: a) it prevents DNS leaks b) it

[pfSense] Introducing flexibility of traffic routing when VPN is configured

2018-05-24 Thread Antonio
Hi, a while ago I successfully manage to setup a VPN connect on pfSense. I was a great success as it took me a while to get it working. I followed the guide here: https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/#additional. I have a wired network on 192.168.0.0 where

[pfSense] Diagnosing DNS Resolver SERVFAIL issues

2018-05-24 Thread Antonio
Hi, I've been happily using the "Outgoing Network Interfaces" set to my VPN interface to prevent DNS leaks and its been working pretty well until today when all of a sudden it stopped resolving DNS requests. In fact, [fri may25, 03:04 ][user@1:~]nslookup www.google.com Server:

[pfSense] DNS configurazione under VPN

2018-05-03 Thread Antonio
Hi folks, I'm trying to understand why I get DNS leaks. I am connecting to VPN italian server from UK and when I go to www.dnsleaktest.com, the main page says I'm connecting from Italy but then, when I do the advanced or standard tests, these say I'm located in the UK. I have: 2.4.3-RELEASE

Re: [pfSense] Finding the best network setup for pfsense.

2017-12-22 Thread Antonio
switch -> Rest of network > > > >> On Dec 22, 2017, at 6:15 PM, Antonio <m...@geotux.it >> <mailto:m...@geotux.it>> wrote: >> >> Sounds cool but maybe a bit overkill for what i need ... >> >> Cheers >> >> Respect your privacy an

[pfSense] Moving traffic between LAN & OPT1

2017-12-22 Thread Antonio
Hi, I'm not sure how you move traffic between the above interfaces. I was under the impression that all you needed was a "Default allow LAN to any rule" and job done. Yet i'm struggling to get devices of different interfaces to communicate. What am I missing? Thanks -- Respect your

[pfSense] OpenVPN with pfSense and TLS handshake problems

2017-12-23 Thread Antonio
Hi, I've tried to set up a VPN tunnel using the this guide ( https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/#additional ) which covers the setting up of the tunnel and relative firewall rules for ExpressVPN. However, it seems like I was having trouble at the early

[pfSense] Finding the best network setup for pfsense.

2017-12-22 Thread Antonio
Hello, I'm trying to design an optimal network setting for my home and was wondering what people's thoughts were based on my needs: 1) Need a single DHCP, DNSMasq server; 2) want to route traffic through VPNs only on certain parts of my network 3) want to eventually install a proxy somewhere

Re: [pfSense] Finding the best network setup for pfsense.

2017-12-22 Thread Antonio
. Il 22/12/2017 22:35, Eero Volotinen ha scritto: > Well, > > Just plug pfsense to ADSL and buy managed switch and some unifi wlan > aps. You can install proxy on pfsense box also.. > > > Eero > > 22.12.2017 23.57 "Antonio" <m...@geotux.it <mailto:

Re: [pfSense] Open ports with OpenVPN tunnel

2018-01-01 Thread Antonio
Hi, Its the rules that are under the heading "Additional steps to route WAN through tunnel" at the bottom of this page: https://www.expressvpn.com/support/vpn-setup/pfsense-with-expressvpn-openvpn/ Regards Antonio Respect your privacy and that of others, don't give your d

[pfSense] Open ports with OpenVPN tunnel

2018-01-01 Thread Antonio
Hi, I recently managed to get pfSense to run a OpenVPN connection with my VPN provider (ExpressVPN). All traffic is routed through this VPN tunnel via my pfSense device. I randomly use ShieldsUp to test my ports and see if they are dropping requests. All fine when the VPN tunnel is down. I

[pfSense] Access Point config: separating guest from permissible users

2018-03-10 Thread Antonio
Hi pfSense experts, I was hoping you could help me with a config questions. I have pfSense configured as main routed for my network. The WAN is connected to DSL modem, one LAN on a ethernet switch and another LAN port on a Netgear R8000 with dd-wrt installed. One of the cool features of the R8000

Re: [pfSense] Access Point config: separating guest from permissible users

2018-03-10 Thread Antonio
rules correctly or the there could be problems. Is this where jmitchel's answer can help? Thanks for your help both, much appreciated. Antonio -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your

Re: [pfSense] openvpn - how do i nat the vpn segment?

2015-01-20 Thread Antonio Prado
On 1/20/15 4:27 PM, Randy Bush wrote: i do not know how to dump the NAT and firewall rules to text, darn it. randy, backup -- [Firewall Rules | NAT] -- download that's conf to text (xml), not so compact and viewer friendly tho -- antonio ___ pfSense

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-27 Thread Antonio Prado
On 1/22/16 11:02 AM, Seth Mos wrote: >> Is it a bug? > > No, that sounds about right, it advertises itself as the gateway. filed a bug: https://redmine.pfsense.org/issues/5812 fixed in 2.3 -- antonio ___ pfSense mailing list https://lists

[pfSense] 2.2.6 and IPv6 RA

2016-01-21 Thread Antonio Prado
Hi, on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 not configured, pfSense starts advertising itself as IPv6 gateway on LAN using its link-local address (fe80::/64). That's not the correct behavior I guess. Is it a bug? thank you -- antonio

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-22 Thread Antonio Prado
2.2.6 has no IPv6 configured (i.e. no v6 address on interfaces, RA disabled), it advertises itself as IPv6 gw. let me know thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-22 Thread Antonio Prado
> should be, it's in the default config, unless you disable it. it's correctly auto-configured: inet6 fe80::a236:9fff:fe3a:ff5c%lagg1 prefixlen 64 scopeid 0xb but it should not advertise itself as a gw, simply because it's not a gw and therefore it has not be instructed to do so.

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-23 Thread Antonio Prado
2.6 should begin advertising only after having been told to do so, as any other BSD box after all. thank you -- antonio ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-25 Thread Antonio Prado
On 1/22/16 11:02 AM, Seth Mos wrote: > Op 22-1-2016 om 8:53 schreef Antonio Prado: >> Hi, >> >> on a fresh installed box, IPv4 configured on 2 NICs (WAN and LAN), IPv6 >> not configured, pfSense starts advertising itself as IPv6 gateway on LAN >> using

Re: [pfSense] 2.2.6 and IPv6 RA

2016-01-25 Thread Antonio Prado
On 1/25/16 10:15 AM, Antonio Prado wrote: >> No, that sounds about right, it advertises itself as the gateway. > > btw, it has been already reported: > > https://forum.pfsense.org/index.php?topic=101375.msg565424#msg565424 and here: https://forum.pfsense.org/index.php?topic=

[pfSense] Log suppressed lets

2018-05-20 Thread Antonio Leding
Hello pfSense community, Anyone else see value in having suppressed alerts sent to syslog? If so, is it appropriate to send the request to the dev pfSense list or via some other system (i.e. forums, etc.)? ___ pfSense mailing list

[pfSense] Rebuilding confidence

2018-05-20 Thread Antonio Leding
Richard, One thing to take a look at would be Security Onion. I use this in concert with my other security gear as a means by which to analyze all traffic coming in\out of my network. That analysis drives several follow-on activities such as Snort tuning, forensics, etc. Re: wifi, check out

Re: [pfSense] Replacing a Linux router with pfSense

2011-09-21 Thread Tonix (Antonio Nati)
Il 21/09/2011 14:05, Chris Buechler ha scritto: On Wed, Sep 21, 2011 at 7:55 AM, Tonix (Antonio Nati) to...@interazioni.it wrote: I think you should examine how CARP works on your routers and how it works in pfsense. In pre 2.0 version, PFsense CARP has a (fixed) different zone for each

Re: [pfSense] 'direction' of firewall rules for floating rules?

2011-12-15 Thread Tonix (Antonio Nati)
___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it

Re: [pfSense] 'direction' of firewall rules for floating rules?

2011-12-15 Thread Tonix (Antonio Nati)
[mailto:list-boun...@lists.pfsense.org] *On Behalf Of *Tonix (Antonio Nati) tonix-at-interazioni.it *Sent:* 15 December 2011 14:57 *To:* pfSense support and discussion *Subject:* Re: [pfSense] 'direction' of firewall rules for floating rules? If you speak only about WAN

Re: [pfSense] 'direction' of firewall rules for floating rules?

2011-12-15 Thread Tonix (Antonio Nati)
Forgot to add. Small holes (like one interface of ten to be excluded) can be handled putting a deny rule for that specific interface, just before the general rule, as usual. Regards, Tonino Il 15/12/2011 18:09, Tonix (Antonio Nati) ha scritto: Floating rules are useful for complex

Re: [pfSense] IPSec Tunnel Negotiation?

2012-04-03 Thread Antonio Cortes Alhambra (INCATEL)
Whats is your (and your peer) Key Life Time Limit in phase 1 and phase 2 ?? Atte., Antonio Cortés Alhambra -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Adam Piasecki Sent: Tuesday, April 03, 2012 11:11 AM To: pfSense support

Re: [pfSense] IPSec Tunnel Negotiation?

2012-04-03 Thread Antonio Cortes Alhambra (INCATEL)
Yes, but both peers must be have the same lifetimes Check DPD too: Dead Peer Detection: Enable Delay between requesting peer acknowledgement: 10 Seconds Number of consecutive failures allowed before disconnect: 5 retries Are good values for both peers. Atte., Antonio Cortés Alhambra

Re: [pfSense] Recommended DynDns Service for PFsense

2012-04-04 Thread Antonio Cortes Alhambra (INCATEL)
Any way, If only you use dyndns the service will be continue free Atte., Antonio Cortés Alhambra From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of David Miller Sent: Wednesday, April 04, 2012 2:31 PM To: pfSense support and discussion Subject: Re

[pfSense] PFSENSE 2.01 NAT TUNNELING FOR PASIVE FTP

2012-04-04 Thread Antonio Cortes Alhambra (INCATEL)
or dir command, and I can not transfer files. What is the difference? What other settings must be configured manually in version2.0.1? thanks Atte., Antonio Cortés Alhambra ___ List mailing list List@lists.pfsense.org http

Re: [pfSense] pfsense on sun v100 server

2012-05-10 Thread Tonix (Antonio Nati)
://lists.pfsense.org/mailman/listinfo/list -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it

[pfSense] CISCO VPN CLIENT 5.0.07.0410 CONNECTION TO PFSENSE 2.0.1

2012-05-15 Thread Antonio Cortes Alhambra (INCATEL)
someone has found the right combination of parameters settings to achieve the connection from a CISCO VPN CLIENT 5.0.07.0410 and pfSense 2.0.1 Thanks ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] pfSense vs JunOS

2012-07-02 Thread Tonix (Antonio Nati)
. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it

Re: [pfSense] pfSense vs JunOS

2012-07-02 Thread Tonix (Antonio Nati)
Il 02/07/2012 15:00, Giles Coochey ha scritto: On 02/07/2012 13:41, Tonix (Antonio Nati) wrote: I've suggested (both for pfSense and Monowall) to give the possibility to invert the filtering directions. In complex environment, it would be a lot more useful to apply filters to outgoing

Re: [pfSense] pfSense vs JunOS

2012-07-02 Thread Tonix (Antonio Nati)
Il 02/07/2012 15:32, Jim Pingle ha scritto: On 7/2/2012 8:41 AM, Tonix (Antonio Nati) wrote: I've suggested (both for pfSense and Monowall) to give the possibility to invert the filtering directions. Which you can do on floating rules. You can make floating rules in the 'out' direction

Re: [pfSense] pfSense vs JunOS

2012-07-02 Thread Tonix (Antonio Nati)
Il 02/07/2012 15:51, Giles Coochey ha scritto: On 02/07/2012 14:37, Tonix (Antonio Nati) wrote: I would be not so sure about that. When I gave an inside look at PF, some years ago, I had the perception filters are evaluated all together in the same place, despite they are ingoing

Re: [pfSense] pfSense vs JunOS

2012-07-04 Thread Tonix (Antonio Nati)
Il 02/07/2012 15:51, Jim Pingle ha scritto: On 7/2/2012 9:38 AM, Tonix (Antonio Nati) wrote: Too much confusion in keeping filters tables, Switching how the entire firewall operates is also very confusing and not likely to do what people expect -- floating rules would be much easier

Re: [pfSense] pfSense vs JunOS

2012-07-04 Thread Tonix (Antonio Nati)
Il 04/07/2012 11:44, Ermal Luçi ha scritto: On Wed, Jul 4, 2012 at 10:44 AM, Tonix (Antonio Nati) to...@interazioni.it wrote: Il 02/07/2012 15:51, Jim Pingle ha scritto: On 7/2/2012 9:38 AM, Tonix (Antonio Nati) wrote: Too much confusion in keeping filters tables, Switching how the entire

Re: [pfSense] pfSense vs JunOS

2012-07-04 Thread Tonix (Antonio Nati)
___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Inter@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it

Re: [pfSense] pfSense vs JunOS

2012-07-04 Thread Tonix (Antonio Nati)
Il 04/07/2012 15:41, Giles Coochey ha scritto: On 04/07/2012 11:06, Tonix (Antonio Nati) wrote: Il 04/07/2012 11:44, Ermal Luçi ha scritto: On Wed, Jul 4, 2012 at 10:44 AM, Tonix (Antonio Nati) to...@interazioni.it wrote: Il 02/07/2012 15:51, Jim Pingle ha scritto: On 7/2/2012 9:38 AM

[pfSense] This is a bug?

2012-11-16 Thread Rafael Antonio Brizuela Sosa
not get the information from the query. Without proxy all is OK. -- Rafael Antonio Brizuela Sosa Especialista Open Source ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] RRD alternatives

2017-02-17 Thread Antonio Cortes Alhambra
http://www.cacti.net/ Saludos Cordiales 2017-02-17 17:30 GMT-03:00 Cheyenne Deal : > Is there an alternative to what were the rrd graphs in 2.2? > ___ > pfSense mailing list >