Forum Topic

Unified PFSense users... Pasok!!!!

  • Mga master, tanong ko lang.. Ano ba mas advisable for implementation? and why?

    1. DHCP ni PfSense
    2. DHCP ni Windows Server

    Thanks,
  • Depends, if you run a AD on your windows server then yes, but afai pfsense has a ad integration.
  • ^
    yup, basta may AD ka, auth DHCP mu dapat si AD, PFsense for gateway and internet.
    disable dhcp sa pfsense.
  • @polka and rayback

    Pwede po bang malaman sir, kung bakit sir?

    dahil po ba sa DNS? If yes, pwede ko po ba malaman kung anong ibang nagagawa ni DNS except sa required sya to implement AD.

    Alam ko po purpose ni DNS (Domain Name System) over the internet. kaya lang medyo nalilito ako pagdating sa intranet. gusto ko maliwanagan ng maayos kung anong nagagawa ng DNS kay AD.

    May mga nabasa na din po ako sa google, pero medyo nalilito parin ako. sana may makapag-bigay ng medyo maliwanag na explanation..

    Salamat ng marami.
  • simple lang,

    kung naka AD/DC ka nga,

    yung DB and resources ng users and computers nyo dapat nasa centralized location (which is yung AD).

    kaya need na yung DNS settings nyu din is yung ip ni AD/DC.

    internal communication ng mga client pc nyu nakadepende sa AD/DC.
  • you dont need to disable DHCP on pfsense for AD (well you need it for computers hostnames) you just need to forward the hostnames to windows servers (if you configured it to act as a slave mode / failover) for DNS, it can be worked around, in my case kasi I use nxfilter and then connect nxfilter to resolve local hostnames to your AD and everything else to your preferred root DNS servers, which worked great for years now.

    unfortunately, unbound doesnt work great with AD so yeah, disable the DNS servers on your pfsense and have the DHCP server configured for hostname forwarding and DNS server assigned on your AD's IP.
  • @rayback and polka,

    thank you sa info sir..

    Yes sir I am using AD,.. gets ko na yung point sir, kaya lang medyo may confusion pa..

    Kasi ginagamit ko din naman yung DHCP ni PfSense at yung DNS is configured on PfSense using IP ng DC. so far wala ako masyadong na-oobserve na difference, except don sa kailangan maging centralized.

    Pasensya na sir kung medyo makulit.. hehe
  • see to it na nakaset as authoritative si AD as dhcp.

    ...
  • mga sir help po stuck po ako sa setting up sa detecting sa WAN and LAN sa final installing ng pfsense,
    sa build in LAN detected po cya bat sa 1isang NIC d-link lan card. hindi po cya detected pero may ilaw cya sa lan bat not blinking. sbi po sa ibang forum kapag realtek po karamihan not supported by pfsense. mahal po mga sir ung INTEL nic card. salamat
    using pfsense 2.3.4 version

    -- edited by nabz on Nov 11 2017, 06:17 PM
  • already install pfsense mga wan ip ko is 192.168.8.102 dhcp and sa LAN ko is 192.168.1.1
    my internet na sa ibang client bat pag papasok na ako sa GUI ni pfsense frst time, wizard. defult lahat na nawawala na ung internet connection nya ano kaya problem ko. LAN IP ni pfsense 192.168.1.1 help po
  • ^make sure to uncheck the "block bogons network" on your wan interface.
  • ^feedback po ako sir kapag ok na, ty po

    -- edited by nabz on Nov 13 2017, 01:27 PM
  • help gurus ano po mas okey gamitin na version ni pfsense. my rig atlon x2 ,2gbDDR2. ram, 500gb
    1smart lte connection. and baka sakaling mag Loadbance and caching. my mga version po ako ni pfsense dito v1.2.3,v2.0,v2.3.5 and lastest version 2.4.1. my read po ako sa forum na for caching is masmalaki ung RAM much better for caching. sir salamat

    -- edited by nabz on Nov 13 2017, 02:00 PM

    -- edited by nabz on Nov 13 2017, 10:49 PM

    -- edited by nabz on Nov 13 2017, 10:49 PM
  • All I-Cafe Owners, this seminar is for you.

    What: Lag-Less Computer Shop using PFSense Workshop

    Workshop Objective:
    - Eliminate LAG in your network ;
    - Improve the performance of your workstations and network ;
    - Implement Port Prioritization;
    - Separating Browsing and Gaming ;
    - Implement Load-Balancing and Fail-Over;
    - Implement Per-Traffic Rule ;
    - Prevent customer from downloading;
    - Attract customers for having stable and lag-less network.

    When: November 30 to December 1, 2017

    Where:
    Day 1: Discussion and Live Installation Demo (9am to 5pm)
    Room 202 FMSG Bldg., E. Rodriguez Sr. Ave, Cubao, Quezon City
    Day 2: Actual Installation and Configuration (9am to 5pm)
    Shop of Attendee (TBA)
    First-Come-First-Serve Basis (Maximum of 16 participants only)

    Workshop Fee: Php 2800 (Including Lunch, Snacks, Coffee, Training Handout, Certificate)

    Registration and Inquiries
    +63905-6227262
    [email protected]

    Register here: http://bit.ly/2A029q7
    Payment instruction will be send thru email.

    WORKSHOP OUTLINE

    Module 1 PFSENSE OVERVIEW AND INTRODUCTION
    • System Requirements
    • Download Resource
    • Deployment Options
    • Identifying Installation Requirements
    • Citing various Real-World Installation Scenarios

    Module 2 INSTALLATION
    • Downloading and Preparing PFSense 2.3.4 Installer
    • Preparing Virtual Networks
    • Installing Oracle Virtual Box
    • Creating Virtual Machines for Virtualized Environment

    Module 3 POST-INSTALLATION CONFIGURATION
    • LAN and WAN Configuration
    • Populating the Dashboard
    • Familiarization of Dashboard and Set of Menus

    Module 4 BASIC FUNCTIONS (CONFIGURE & ACTIVATE FEATURES)
    • Domain Name Services (DNS)
    • Dynamic Host Configuration Protocol (DHCP)
    • Network Time Protocol (NTP)
    • System Logs
    • Network Address Translation (NAT)
    • Port Forwarding

    Module 5 CONFIGURING PFSENSE AS PROXY SERVER
    • Squid3 Overview
    • Installing Squid3
    • Configuring Essentials Settings of Squid3
    • Enabling Squid3

    Module 6 CONFIGURING PFSENSE AS PROXY FILTER
    • Squidguard Overview
    • Installing Squidguard
    • Initial Configuration
    • Downloading Signature
    • Enabling Squidguard

    Module 7 CONFIGURING MULTI-WAN FUNCTIONS
    • Load Balance
    • Fail-Over
    • Per Traffic-based Routing

    Module 8 CONFIGURING ADVANCED FIREWALL RULES
    • Firewall rule Overview
    • LAN
    • WAN
    • Floating
    • RULES: Allow/Deny/Drop

    Thank you TPC
  • salamat mga gurus working na din si pfsense, pina gamit saken ni pfsense is ung latest version nito kz hindi pa download si squid dahil sa major update ni pfsense. updated working na sawakas, sa mag setup din i suggest mag-back read po tayo nan jan lahat ng katanugan sa sagot nyo.
    rig
    atlon x2
    2gb ddr2
    500gb. ipon mode pra sa 2tb. pra sa caching
    1isp
  • Pfsense newbie here, I installed just got pfsense working and installed squid proxy. Mukhang working naman lahat except sa chat ng isang mobile game ko. For some reason kung nakaturn on yung proxy hindi ako makasend and receive ng chat sa loob ng game (nakakalaro ako nung game with no problem.) Any ideas on where to look for the problem?
  • ^pero pag naka off yung squid ok naman?

    if yes then it might be a certificate issue, I assume yung chat server ng game is under port 443 so there's no way you can intercept.

    to make it work again, you have to know what is the IP address of that chat server on that game and add that to exclusion list. There's no point caching a chat conversation anyway.
  • @polka

    Yes, gumagana pagnakaoff yung squid. Instantly gagana siya kung inoff ko tapos pag on ko naman instantly hindi na ako agad makapagsend ng message.

    How do I find the ip of the chat server? Can you point me towards how I can find it out?
  • meron akong 80 mac address na gusto kong i deny sa network. pano ang easiest way para ma achieve ko to?
  • @icet

    well you can use wireshark to sniffout what IP addresses that your game connects through, you can also use pfsense to do that but with additional software and perform under terminal.

    @jay2

    set a static arp entry on each mac address to a define IP range
    then add those ips on your alias
    define that alias to block all traffic
  • patulong naman po mga sir, naka dual wan po kasi ako separate browsing and gaming, bakit po kaya may nakakalusot na website na filter port 80 at 443 (http,https) , example po yung gostream.is (https) dun po sya kumukuha ng connection sa gaming kaya lag tuloy sa naglalaro, thanks in advance po sa sasagot.
  • @polka,

    thank you.

    another question. say meron akong mga mac address na allowed. right now ang ginagawa ko is mano mano pag me nakita akong rogue device nilalagay ok sa mac deny. nag attempt din ako before na gumawa ng sariling dhcp pool yung mga phones with their mac sa MAC Allow. pero di naman sya gumana. hindi nya nakuha yung ip address na dinefine ko.

    ideas?

    also possible bang regardless kung anong dns server ang specified nila sa mga devices nila eh si pfsense pa ren ang mamimili kung sang dns server ko sila gustong mag resolve ng domains?

    -- edited by Jay2 on Dec 15 2017, 03:14 AM
  • ^

    I dont know why you created another DHCP pool for that, not unless you plan to separate those device on their own subnet, which is kind of impossible in wireless network, not unless you have to two or more SSID that is connected to its own respective subnet.

    if you only had 1 SSID in your network, all you can do is have a certain IP range that you want to restrict, for example 192.168.1.0/24 subnet you want to allow all connections to internet from IP 192.168.1.2-192.168.1.100 and anything above that is restricted. So all you have to do is set a static DHCP lease on those mac address and tick the arp bind option, so if they attempt to set their own IP on their devices (which they can) pfsense would just block that connection not unless that device use the IP address that is assigned for it.

    of course if you want to outright block those devices to your network, you can just kick them out using your AP. If you use a Ubiquity AP, then there's a option for that.

    for DNS redirection, well there's a way, use the port forwading. for more info read here: <click here for link>

    -- edited by polka on Dec 15 2017, 07:48 AM

    -- edited by polka on Dec 15 2017, 07:51 AM
  • thanks! will read that link that you gave.

    with regard to arp bind, do I need to do it one by one? any easier way to bind them all
  • ^nope manual work yan.

    sa case ko kasi lahat ng wifi connected device is greeted with a login. naka radius server kasi yung wifi network namin. so there's a common credentials for employees and higheups, each credentials defines their own network rules and restrictions.

    if you want to go with this option, better take some lesson over youtube or something.
  • yeah eventually yan din yung route na pupuntahan ko. right now kasi kung ano lang yung meron hanggang don lang ako. next year pa ang budget para sa pag bili ng mga equipments. :)