Unified PFSense users... Pasok!!!!
Mga master, tanong ko lang.. Ano ba mas advisable for implementation? and why?
1. DHCP ni PfSense
2. DHCP ni Windows Server
Depends, if you run a AD on your windows server then yes, but afai pfsense has a ad integration.
yup, basta may AD ka, auth DHCP mu dapat si AD, PFsense for gateway and internet.
disable dhcp sa pfsense.
@polka and rayback
Pwede po bang malaman sir, kung bakit sir?
dahil po ba sa DNS? If yes, pwede ko po ba malaman kung anong ibang nagagawa ni DNS except sa required sya to implement AD.
Alam ko po purpose ni DNS (Domain Name System) over the internet. kaya lang medyo nalilito ako pagdating sa intranet. gusto ko maliwanagan ng maayos kung anong nagagawa ng DNS kay AD.
May mga nabasa na din po ako sa google, pero medyo nalilito parin ako. sana may makapag-bigay ng medyo maliwanag na explanation..
Salamat ng marami.
kung naka AD/DC ka nga,
yung DB and resources ng users and computers nyo dapat nasa centralized location (which is yung AD).
kaya need na yung DNS settings nyu din is yung ip ni AD/DC.
internal communication ng mga client pc nyu nakadepende sa AD/DC.
you dont need to disable DHCP on pfsense for AD (well you need it for computers hostnames) you just need to forward the hostnames to windows servers (if you configured it to act as a slave mode / failover) for DNS, it can be worked around, in my case kasi I use nxfilter and then connect nxfilter to resolve local hostnames to your AD and everything else to your preferred root DNS servers, which worked great for years now.
unfortunately, unbound doesnt work great with AD so yeah, disable the DNS servers on your pfsense and have the DHCP server configured for hostname forwarding and DNS server assigned on your AD's IP.
@rayback and polka,
thank you sa info sir..
Yes sir I am using AD,.. gets ko na yung point sir, kaya lang medyo may confusion pa..
Kasi ginagamit ko din naman yung DHCP ni PfSense at yung DNS is configured on PfSense using IP ng DC. so far wala ako masyadong na-oobserve na difference, except don sa kailangan maging centralized.
Pasensya na sir kung medyo makulit.. hehe
see to it na nakaset as authoritative si AD as dhcp.
mga sir help po stuck po ako sa setting up sa detecting sa WAN and LAN sa final installing ng pfsense,
sa build in LAN detected po cya bat sa 1isang NIC d-link lan card. hindi po cya detected pero may ilaw cya sa lan bat not blinking. sbi po sa ibang forum kapag realtek po karamihan not supported by pfsense. mahal po mga sir ung INTEL nic card. salamat
using pfsense 2.3.4 version
-- edited by nabz on Nov 11 2017, 06:17 PM
already install pfsense mga wan ip ko is 192.168.8.102 dhcp and sa LAN ko is 192.168.1.1
my internet na sa ibang client bat pag papasok na ako sa GUI ni pfsense frst time, wizard. defult lahat na nawawala na ung internet connection nya ano kaya problem ko. LAN IP ni pfsense 192.168.1.1 help po
^make sure to uncheck the "block bogons network" on your wan interface.
^feedback po ako sir kapag ok na, ty po
-- edited by nabz on Nov 13 2017, 01:27 PM
help gurus ano po mas okey gamitin na version ni pfsense. my rig atlon x2 ,2gbDDR2. ram, 500gb
1smart lte connection. and baka sakaling mag Loadbance and caching. my mga version po ako ni pfsense dito v1.2.3,v2.0,v2.3.5 and lastest version 2.4.1. my read po ako sa forum na for caching is masmalaki ung RAM much better for caching. sir salamat
-- edited by nabz on Nov 13 2017, 02:00 PM
-- edited by nabz on Nov 13 2017, 10:49 PM
-- edited by nabz on Nov 13 2017, 10:49 PM
All I-Cafe Owners, this seminar is for you.
What: Lag-Less Computer Shop using PFSense Workshop
- Eliminate LAG in your network ;
- Improve the performance of your workstations and network ;
- Implement Port Prioritization;
- Separating Browsing and Gaming ;
- Implement Load-Balancing and Fail-Over;
- Implement Per-Traffic Rule ;
- Prevent customer from downloading;
- Attract customers for having stable and lag-less network.
When: November 30 to December 1, 2017
Day 1: Discussion and Live Installation Demo (9am to 5pm)
Room 202 FMSG Bldg., E. Rodriguez Sr. Ave, Cubao, Quezon City
Day 2: Actual Installation and Configuration (9am to 5pm)
Shop of Attendee (TBA)
First-Come-First-Serve Basis (Maximum of 16 participants only)
Workshop Fee: Php 2800 (Including Lunch, Snacks, Coffee, Training Handout, Certificate)
Registration and Inquiries
Register here: http://bit.ly/2A029q7
Payment instruction will be send thru email.
Module 1 PFSENSE OVERVIEW AND INTRODUCTION
• System Requirements
• Download Resource
• Deployment Options
• Identifying Installation Requirements
• Citing various Real-World Installation Scenarios
Module 2 INSTALLATION
• Downloading and Preparing PFSense 2.3.4 Installer
• Preparing Virtual Networks
• Installing Oracle Virtual Box
• Creating Virtual Machines for Virtualized Environment
Module 3 POST-INSTALLATION CONFIGURATION
• LAN and WAN Configuration
• Populating the Dashboard
• Familiarization of Dashboard and Set of Menus
Module 4 BASIC FUNCTIONS (CONFIGURE & ACTIVATE FEATURES)
• Domain Name Services (DNS)
• Dynamic Host Configuration Protocol (DHCP)
• Network Time Protocol (NTP)
• System Logs
• Network Address Translation (NAT)
• Port Forwarding
Module 5 CONFIGURING PFSENSE AS PROXY SERVER
• Squid3 Overview
• Installing Squid3
• Configuring Essentials Settings of Squid3
• Enabling Squid3
Module 6 CONFIGURING PFSENSE AS PROXY FILTER
• Squidguard Overview
• Installing Squidguard
• Initial Configuration
• Downloading Signature
• Enabling Squidguard
Module 7 CONFIGURING MULTI-WAN FUNCTIONS
• Load Balance
• Per Traffic-based Routing
Module 8 CONFIGURING ADVANCED FIREWALL RULES
• Firewall rule Overview
• RULES: Allow/Deny/Drop
Thank you TPC
salamat mga gurus working na din si pfsense, pina gamit saken ni pfsense is ung latest version nito kz hindi pa download si squid dahil sa major update ni pfsense. updated working na sawakas, sa mag setup din i suggest mag-back read po tayo nan jan lahat ng katanugan sa sagot nyo.
500gb. ipon mode pra sa 2tb. pra sa caching
Pfsense newbie here, I installed just got pfsense working and installed squid proxy. Mukhang working naman lahat except sa chat ng isang mobile game ko. For some reason kung nakaturn on yung proxy hindi ako makasend and receive ng chat sa loob ng game (nakakalaro ako nung game with no problem.) Any ideas on where to look for the problem?
^pero pag naka off yung squid ok naman?
if yes then it might be a certificate issue, I assume yung chat server ng game is under port 443 so there's no way you can intercept.
to make it work again, you have to know what is the IP address of that chat server on that game and add that to exclusion list. There's no point caching a chat conversation anyway.
Yes, gumagana pagnakaoff yung squid. Instantly gagana siya kung inoff ko tapos pag on ko naman instantly hindi na ako agad makapagsend ng message.
How do I find the ip of the chat server? Can you point me towards how I can find it out?
meron akong 80 mac address na gusto kong i deny sa network. pano ang easiest way para ma achieve ko to?
well you can use wireshark to sniffout what IP addresses that your game connects through, you can also use pfsense to do that but with additional software and perform under terminal.
set a static arp entry on each mac address to a define IP range
then add those ips on your alias
define that alias to block all traffic
patulong naman po mga sir, naka dual wan po kasi ako separate browsing and gaming, bakit po kaya may nakakalusot na website na filter port 80 at 443 (http,https) , example po yung gostream.is (https) dun po sya kumukuha ng connection sa gaming kaya lag tuloy sa naglalaro, thanks in advance po sa sasagot.
another question. say meron akong mga mac address na allowed. right now ang ginagawa ko is mano mano pag me nakita akong rogue device nilalagay ok sa mac deny. nag attempt din ako before na gumawa ng sariling dhcp pool yung mga phones with their mac sa MAC Allow. pero di naman sya gumana. hindi nya nakuha yung ip address na dinefine ko.
also possible bang regardless kung anong dns server ang specified nila sa mga devices nila eh si pfsense pa ren ang mamimili kung sang dns server ko sila gustong mag resolve ng domains?
-- edited by Jay2 on Dec 15 2017, 03:14 AM
I dont know why you created another DHCP pool for that, not unless you plan to separate those device on their own subnet, which is kind of impossible in wireless network, not unless you have to two or more SSID that is connected to its own respective subnet.
if you only had 1 SSID in your network, all you can do is have a certain IP range that you want to restrict, for example 192.168.1.0/24 subnet you want to allow all connections to internet from IP 192.168.1.2-192.168.1.100 and anything above that is restricted. So all you have to do is set a static DHCP lease on those mac address and tick the arp bind option, so if they attempt to set their own IP on their devices (which they can) pfsense would just block that connection not unless that device use the IP address that is assigned for it.
of course if you want to outright block those devices to your network, you can just kick them out using your AP. If you use a Ubiquity AP, then there's a option for that.
for DNS redirection, well there's a way, use the port forwading. for more info read here: <click here for link>
-- edited by polka on Dec 15 2017, 07:48 AM
-- edited by polka on Dec 15 2017, 07:51 AM
thanks! will read that link that you gave.
with regard to arp bind, do I need to do it one by one? any easier way to bind them all
^nope manual work yan.
sa case ko kasi lahat ng wifi connected device is greeted with a login. naka radius server kasi yung wifi network namin. so there's a common credentials for employees and higheups, each credentials defines their own network rules and restrictions.
if you want to go with this option, better take some lesson over youtube or something.
yeah eventually yan din yung route na pupuntahan ko. right now kasi kung ano lang yung meron hanggang don lang ako. next year pa ang budget para sa pag bili ng mga equipments. :)