Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pfsense]

pfsense is a customized FreeBSD+pf distribution designed for use as a firewall. It wraps many of the features of the pf firewall code in an easy-to-use web interface.

pfSense is an open-source firewall product built on top of FreeBSD and the OpenBSD pf firewall.
It provides a graphical (web-based) interface for configuring and managing firewall rules, as well as viewing traffic and firewall decisions (accept/reject).

pfsense is available as a pre-built applicance (such as OPNSense or StrongBochs) or as installable software directly from the pfSense project's site.

pfsense is similar in concept to m0n0wall, however as of this writing m0n0wall uses the ipfilter packet filter.

811 questions
5
votes
1 answer

pfsense bridge of vlan interfaces

Hardware Setup AMD E1-2100 Mini-ITX Motherboard with Onboard Gigabit (re0) Intel PCI Express (x4) 4-port Gigabit Adapter (igb[0123]) Software Setup pfSense v2.3 I'm trying to replicate my OpenWRT router, which is setup as a simple router + VLAN…
sl33nyc
  • 51
  • 1
  • 2
5
votes
0 answers

IPSec bandwidth between two Pfsense hosts has predictable, variable bandwidth

I have a IPSec tunnel between two Pfsense machines. Both machines are connected to a 100mbps symmetrical connection. The latency between the two routers is ~70ms. I'm using AES-GCM-128 and SHA1, both machines support hardware acceleration of AES and…
ensnare
  • 2,132
  • 6
  • 23
  • 39
5
votes
1 answer

Why is pfSense blocking multicast traffic when it is explicitly enabled?

I have a pair of pfSense firewall/routers set up in CARP/XML Config cluster. On the LAN side, the switch also has a pair of servers running corosync/pacemaker/drbd. These are on a different ip network, but still generate multicast packets. For the…
Bryan Agee
  • 1,179
  • 2
  • 10
  • 27
5
votes
2 answers

Blocking a network device from communicating with another device on the LAN

I have been working with the firewall/router distribution Pfsense for a while now and I have been trying to figure out how to "isolate" a server on my LAN from other computers on my LAN by using deny/reject LAN rules. I have tried adding a rule…
user99545
  • 253
  • 1
  • 4
  • 6
5
votes
3 answers

Pfsense mbuf full, what to do?

I noticed today that the MBUF usage has hit its limit. Apparently the site I'm running under pfsense is having some troubles too, I'd like to know if it would be safe to just sysctl kern.ipc.nmbclusters=65536 I wouldn't like to reboot the server,…
sathia
  • 155
  • 1
  • 1
  • 7
5
votes
2 answers

NAT Reflection, or Split DNS?

I'm working on a network restructure that has three geographical locations, but will share some services. Two of the locations have workstations, and one has only servers (in a CoLo facility). We will be running PfSense firewalls, and several hosts…
Bryan Agee
  • 1,179
  • 2
  • 10
  • 27
5
votes
1 answer

pfsense 2.0 traffic priority - set full priority for single host

I have a network with several computers all on the same network and since I have very limited bandwidth I would like to prioritize traffic almost like a CPU scheduler prioritize processes. Example: Computer A: Used for webstuff: youtube, downloads,…
Waxhead
  • 791
  • 8
  • 15
5
votes
3 answers

How to collect figures of traffic used per-host, broken up by time and destination?

We have a relatively small network, all PSs in one subnet. One PC with two NICs and pfSense installed works as a firewall/router. There is an OpenVPN tunnel to a remote location, created as a site-to-site connection to another pfSense box there. I…
Seishun
  • 196
  • 1
  • 2
  • 8
5
votes
3 answers

*nix CARP or VMWare Fault Tolerance?

We're experimenting with what VMWare called a "Fully Collapsed DMZ" on blade centre. Basically our DMZ goes straight into a vSwitch and all the security appliances are virtualised. I've spent days reading up about why this is a good idea and why…
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
4
votes
2 answers

Setting up authorative DNS nameserver with PfSense?

I am trying to run point a domain at my pfsense server and have it run a DNS server which is authorative. So I installed TinyDNS. Ok, so I setup a rule in pf. The rule is TCP/UDP. Source interface is WAN, source address is *, destination address is…
Earlz
  • 969
  • 5
  • 12
  • 28
4
votes
1 answer

Datacenter to Azure Migration - Am I On the Right Path?

Some quick background. We are a small company (13 employees, 6 of which or IT/developers). Everyone works remotely and there is no central office. Our datacenter is only used for development and production environments. We do not use it for any…
KevinN
  • 41
  • 2
4
votes
1 answer

How to add custom xinetd Service in pfSense

On a pfSense 2.4, I installed a custom xinetd service. I appended the necessary line to the list in /etc/services and wrote a stanza in /var/etc/xinetd.conf. After reloading xinetd, the service runs successfully. However, the file…
rexkogitans
  • 324
  • 1
  • 2
  • 20
4
votes
1 answer

Subnet B can hit A, but not vice versa

I'm trying to create a multisite network using pfsense linked together with Tinc VPN. This is my current topology: Router A Router B **************** **************** * * * * * 10.0.0.1/16 …
bkvaluemeal
  • 43
  • 6
4
votes
1 answer

Add an alias to a pfSense interface?

Note: maybe the "Background" and "Plan" are not really necessary; feel free to skip to the "Problem" immediately... Background We have recently migrated a bunch of servers from one subnet into another. They used to have the IP addresses…
AnoE
  • 163
  • 1
  • 7
4
votes
1 answer

How to disable NetBIOS over TCP/IP on pfSense via DHCP

I have a pfSense applicance running version 2.x. I want to disable NetBios over TCP/IP via the DHCP Server so it is not activated on Windows clients. It's possible to do it with a Windows server but I can't find a way to do it properly on pfSense.…
Florent
  • 43
  • 1
  • 7
1 2
3
54 55