Forum Topic

Unified PFSense Users

  • clerrific on 11 Feb 16 @ 08:45 PM #

    ^ need nga kase ng whitelist. Part yan ng mechanism ng squid proxy. May whitelist at blacklist. Ganyan yan ginawa as web dictionary base blocker.

  • clerrific on 11 Feb 16 @ 08:46 PM #

    if you don't understand its behavior. Google is your friend.

  • krisgettin on 11 Feb 16 @ 09:00 PM #

    blacklist uploaded was shallas black list from squidguard

  • ZLite on 13 Feb 16 @ 06:20 PM #

    @krisgettin

    Sa Target rule mo Sir, naka Denied ba?

  • j0mar on 15 Feb 16 @ 01:17 PM #

    ask ko lang may nkapag setup na ba dito ng double wan ppoe sa pfsense? nagdagdag kasi kami ng isang line pldt 1 static IP(ppoe) e my previos kami connection parang hindi gumagana parehas kasi ng gateway ;(

  • ZLite on 15 Feb 16 @ 04:13 PM #

    @j0mer

    ask ko lang may nkapag setup na ba dito ng double wan ppoe sa pfsense?


    Marami ditto ang naka multi WAN setup. Just like you, naka 1 dynamic ako, plus, 1 static IP. Naka-stand-alone po ba kayo? Be sure po na working ang bawat connection nyo. Stand-alone pnyo po muna isa isa. Kapag na-detect na ok naman at stable na ang connection per ISP, puwede nyo na pong ikabit sa PFSense box. Ano po ba ang plan na setup nyo? Conbine or separate browsing at gaming?

    -- edited by ZLite on Feb 15 2016, 04:18 PM

  • j0mar on 16 Feb 16 @ 07:59 AM #

    Marami ditto ang naka multi WAN setup. Just like you, naka 1 dynamic ako, plus, 1 static IP. Naka-stand-alone po ba kayo? Be sure po na working ang bawat connection nyo. Stand-alone pnyo po muna isa isa. Kapag na-detect na ok naman at stable na ang connection per ISP, puwede nyo na pong ikabit sa PFSense box. Ano po ba ang plan na setup nyo? Conbine or separate browsing at gaming?


    naka multi wan ako sir 3 internet(1leased line 2DSL) yung kakabit ko ngayon is pang apat but since yung isang wan ko already ppoe na kapag kinabit ko yung bagong line ppoe din and automatic yung gateway nun so nagkakaparehas ayun hindi ko tuloy maialagay kay pfsense yung bagong dsl. .

  • ZLite on 16 Feb 16 @ 06:26 PM #

    @j0mer

    Ah, kaya pala, hindi talaga puwede sir kapag parehas ang gateway. Yong sa akin, nag apply pa ako ng static IP para makapag load balance. Sir, gumagamit ka pa ba ng limiter para sa bandwidth management?

  • polka on 16 Feb 16 @ 06:51 PM #

    that's weird, dapat gagana yan kahit magkakaparehas ang Gateway IP kada WAN interface, or maybe just a plain FreeBSD issue since it doesnt use iptables as their firewall, hence walang iptables ang pfsense which is a bohoo for me.

    Sa case ko kasi naka multiwan ako using OpenWRT x86 and it works naman kahit magkakaparehas pa yung mga IP sa Gateway wag lang sa WAN IP nila. To be honest mas maganda pa yung multiwan ng OpenWRT kesa sa pfsense, napaka flexible din sa mga rules na gusto mong ma implement and it uses iptables (that a plus for me).

    Pero ok pa rin naman ang pfsense lalo na kung gagamitin mo sya as UTM at maraming packages/addons na pwede magamit.

  • jaolo on 17 Feb 16 @ 08:11 AM #

    guys may nakapag try na ba dito na padaanin sa squid yung mga OpenVPN users for web filter?

  • clerrific on 17 Feb 16 @ 01:17 PM #

    ^ pwede naman basta kaya mong i-webfilter yung port 443 eh

    much better kung naka AD ka para di ka mahirapan sa gusto mo mangyare with squid

    -- edited by clerrific on Feb 17 2016, 01:17 PM

  • jaolo on 17 Feb 16 @ 04:42 PM #

    ^ pwede naman basta kaya mong i-webfilter yung port 443 eh


    na eecounter ko kasi hindi nag reredirect yung traffic to squid (transparent mode)
    ganto ang nangyayari
    vpn >>vpn server >> internet

    instead na ganto
    VPN >> vpn server >> proxy >> internet

    base sa logs ko hindi na reredirect sa proxy ko ung mga http at https request ng client UNLESS assign ko yung ip ng proxy sa web browser -_-

    at wala rin naman sa list ng Interface under ng Service > Proxy Server yung interface ni OpenVPN

    -- edited by jaolo on Feb 17 2016, 04:46 PM

  • elmosystems on 17 Feb 16 @ 11:47 PM #

    guys ask lang kung gagana ba ang portforwading kung naka residetial acct ng globe? do i need to subscribe pa ng static?

  • whoami01 on 18 Feb 16 @ 04:35 AM #

    guys ask lang kung gagana ba ang portforwading kung naka residetial acct ng globe? do i need to subscribe pa ng static?


    Not necessary naka static, as long as naka Public IP Address gagana ang port forwarding kahit DCHP.

  • subsistence on 18 Feb 16 @ 12:12 PM #

    Hi sirs,

    Nagawa nyo nang mag block ng torrent using pfSense? sinusundan ko yung mga guides na nasa internet yung L7. Kaso wala pa din. :(

  • elmosystems on 18 Feb 16 @ 01:34 PM #

    guys ask lang kung gagana ba ang portforwading kung naka residetial acct ng globe? do i need to subscribe pa ng static?


    Not necessary naka static, as long as naka Public IP Address gagana ang port forwarding kahit DCHP.


    My pfsense LAN ip address is 10.10.1.1 with 255.255.255.0 subnet
    Class A private Address
    with Class C Subnet which makes it a Class C network...

    a port testing site gives my IP as 180.191.146.83 which indeed fall under Public Ip..taa po ba?

    Hindi ko lang talaga alam bakit parang walang effect ang ginagawa ko portforward...

  • polka on 18 Feb 16 @ 02:08 PM #

    ^ uh huh

    youre confusing me, why a Class C subnet becomes a Class A? Is it because 10.x.x.x sya?

    IP classing is defined by its subnet

    255.0.0.0 - Class A
    255.255.0.0 - Class B
    255.255.255.0 - Class C

    These are reserved IP address for Private use.
    10.0.0.0 - 10.255.255.255
    172.16.0.0 -172.16.255.255
    192.168.0.0 - 192.168.255.255

  • ZLite on 18 Feb 16 @ 07:20 PM #

    @polka

    Hello Sir Polka, regarding sa multi WAN, PFSense, puwede po ba ako makahingi ng hints regarding sa separating ng browsing at gaming? ISP1 and ISP2. Nakapag-Load balance na, pero kapag hiniwalay ko na between Browsing and Gaming, hindi nag-take effect Sir.

  • polka on 18 Feb 16 @ 08:39 PM #

    gawa ka lang ng failover gateway group

    lets assume WAN1 is browsing/download and WAN2 is gaming

    all you have to do is assign WAN2 as priority and WAN1 as backup (in case na mag down si WAN2, makakapag online pa rin sila)

    once done, create a firewall rule that will assign on that gateway group you created. eg I wan DOTA2 and CS:GO go to WAN2. All I have to do is set the protocol to UDP and set the port range to 27000 - 27030 then set the gateway to the failover gateway group you created. Save and whoala. sa WAN2 na diretso ng mga yan DOTA2 at CSGO players. Repeat the steps with other online games as well and this requires you to debug/monitor what IP address of the Game Server uses, or maybe PORT (assuming they using a static port for their game server, pero mas maganda kung IP based since sure ball yan walang lusot yung ibang traffic).

    Check ULOP site for list of IP Addresses/Port that online game uses.

  • elmosystems on 19 Feb 16 @ 01:30 AM #

    @polca

    tama ka sir...sabi ko nga class C IP ko because of my subnet...

    pero sir pano ko ba maoopen ang ports?

  • clerrific on 19 Feb 16 @ 11:10 AM #

    jaolo Send Message View User Items on February 17, 2016 04:42 PM #
    ^ pwede naman basta kaya mong i-webfilter yung port 443 eh


    na eecounter ko kasi hindi nag reredirect yung traffic to squid (transparent mode)
    ganto ang nangyayari
    vpn >>vpn server >> internet

    instead na ganto
    VPN >> vpn server >> proxy >> internet

    base sa logs ko hindi na reredirect sa proxy ko ung mga http at https request ng client UNLESS assign ko yung ip ng proxy sa web browser -_-

    at wala rin naman sa list ng Interface under ng Service > Proxy Server yung interface ni OpenVPN


    san ba na-connect vpn users mo ba? at ano sinet mong IP na makukuha nila once mka-connect sa vpn server mo? Medyo kinukumplikado mo yung problem mo. Gawin nating simple

    Kung under ni transparent proxy mo yung subnet na pinagkukuhaan ng ip ng vpn users mo wala kang problem

    vpn users -> vpn server/transparent proxy/gateway->privatelan

    Kung yung tinutukoy mo eh yung openvpn na subnet, well di nya yan mahahawakan. Ang importante dyan yung kung san si vpn server kumonek na subnet.

    Kung sinet mo si vpn user na wala dun sa may transparent mo na network eh di nga yan mahuhule.

  • jaolo on 19 Feb 16 @ 11:54 AM #

    san ba na-connect vpn users mo ba? at ano sinet mong IP na makukuha nila once mka-connect sa vpn server mo?

    May sariling interface yung OpenVPN ko with 20.20.20.0/24 subnet, regarding naman assigning of IP address, i used Client Override under Advance Configuration (via push)

    Kung under ni transparent proxy mo yung subnet na pinagkukuhaan ng ip ng vpn users mo wala kang problem

    mejo na nawala ako dito ha hehe.. meaning ba boss pede ko I set si OpenVPN sa LAN interface? kasi db automatic na magccreate ng sariling interface si OpenVPN once na na create?

    Kung yung tinutukoy mo eh yung openvpn na subnet, well di nya yan mahahawakan. Ang importante dyan yung kung san si vpn server kumonek na subnet.


    yes sir e2 yung gusto ko mangyari sana.


    Kung sinet mo si vpn user na wala dun sa may transparent mo na network eh di nga yan mahuhule.

    paano ko macoconnect si vpn as part ng LAN interface ko para ma detect ni proxy?

    Thanks sa reply sir.

  • clerrific on 19 Feb 16 @ 04:41 PM #

    bigyan mo nga ako ng diagram mo para malinawan ka. Baka di tayo nagkakaintindihan nasagot ko na yung tanong mo.

  • subsistence on 19 Feb 16 @ 05:26 PM #

    Hi sirs,

    Nagawa nyo nang mag block ng torrent using pfSense? sinusundan ko yung mga guides na nasa internet yung L7. Kaso wala pa din. :(

  • polka on 19 Feb 16 @ 06:52 PM #

    ^torrent traffic now a days are now set to forced encryption be default, so L7 filtering will not work, kahit anong magic pa yan.

    the only trick for it is to slow it down, you can set all ports above port 1000-65525 on destination side to slow down the downloads and uploads by applying speed limit, while leaving anything unaffected (eg 443. 80, 21, 8080)

  • whoami01 on 19 Feb 16 @ 08:14 PM #

    @elmosystem

    a port testing site gives my IP as 180.191.146.83 which indeed fall under Public Ip..taa po ba?


    Pwde mo maconfirm External IP mo kung public or private by comparing IP na binibigay ng site like whatismyipaddress.com at WAN IP from your provider (which is sa WAN ng modem or router)

    Kung same sila capable yan for port forwarding. Kung hindi pareho, hindi talaga gagana yan.

    -- edited by whoami01 on Feb 19 2016, 08:15 PM

  • mhugsy on 20 Feb 16 @ 02:14 PM #

    Mga master patulong naman po..ayaw kasi mag start ng squid at squidguard ko sa pfsense.. im running 2.2.6 san po ba pwede i-check? kahit irestart ko ayaw pa din eh....TIA

  • bongkoy on 22 Feb 16 @ 08:36 AM #

    Mga sir, paano po ang gagawin sa VBox (running pfsense) pag more than 6 NICs ang gagamitin ko?

  • explorer32 on 24 Feb 16 @ 02:43 PM #

    mga master pa help po.

    dual wan po ako isa sana for gaming and yung isa for web browsing.
    pareho ko silang kinuha as DHCP. but yung pfsense box ko is 192.168.10.1 configured as static.
    nka auto failover n silang dalawa.

    ano po ba step by step for this?

    TIA

  • elmosystems on 24 Feb 16 @ 11:48 PM #

    whoami01

    Kung same sila capable yan for port forwarding. Kung hindi pareho, hindi talaga gagana yan.


    Sir hindi nga sya pareho... ano po dapat kong gawin?

    -- edited by elmosystems on Feb 24 2016, 11:49 PM