Forum Topic

Unified PFSense Users

  • dawinsm on 17 Jan 17 @ 04:46 PM #

    ^well that's what we are paid for, pero after that, usually 90% of our worktime is naka tunganga na lang. xD

    like ko ito hahaha, kaya tambay tayo ng kung ano anong forum ^_^

  • phdot_com on 18 Jan 17 @ 03:41 PM #

    The Top Firewalls of the Year Based on Real User Reviews

    <click here for link>

    <click here for link>

  • scozans on 31 Jan 17 @ 01:12 PM #

    hi mga masters!

    Two years ago ng masira intel atom-based pfsense ko sa bahay hindi na ulit ako bumuo. Pero ng may nakita ako nakatambak lang na pc at napagana ko pa nag-decide ako na bumuo ulit! YES at may pfSense na ulit sa bahay!!!

    HW Specs ko:

    Intel Core 2 Duo 1.8GHz
    2GB RAM
    80GB HDD
    1 built-in NIC (I think sya yung Gigabit LAN)
    1 TP-Link PCI 10/100 Lan

    May konti lang ako tanong mga masters (hindi na ko nakapag-back read baka naitanong na din previously, sana may sumagot pa din):

    1. May magiging improvement ba kung higher or newer CPU ang gamit ko? (may time na 100% sya for sometime kapag dami naka-connect)
    2. May magiging improvement din ba kung gagawin kong 4GB or 8GB ang RAM ko? (sa abserbasyon ko for the last 3 days up to 36% lang inaabot ng memory usage)
    3. May magiging improvement kaya kung gagawin kong gigabit LAN parehas (PCI or PCIE, single or dual port)?
    4. Mas recommended ba na ang NIC ay Intel or Intel-based?

    So far kahit papano wala pa naman ako nagiging problem at satisfied naman sa net/internet performance mga tao dito sa bahay. Sa ngayon Firewall and Squid pa lang ang naka-set up, siguro this coming weekend ayusin ko na Traffic Shaper, Captive Portal, etc.

    Any reccomendations or constructive criticism po ay welcome.

    Thanks po.

  • st_anger_711 on 31 Jan 17 @ 03:43 PM #

    1. depende kasi ito sa LAN speed ng network, dami ng user at services na i-run mu kay PF. hindi ka naman siguro lalagpas sa 20-30users.

    2. kung may balak ka lagyan ng proxy mas maganda na malake ang RAM, so far yung ang alam ko kaya dapat maraming RAM at isa pa rin pala yung "states" kung mag expect ka ng more than 200k states ata yun kailangan mu ng mas maraming RAM.

    3. sa WAN side kahit 100mbps lang wala pa naman commercially available na 1gbps internet sa atin. sa LAN side mas maganda talaga yung 1gbps verify mu na lang muna sa mobo mu kung anu ang mas mabilis na interface kung yung on-board or pci-e or pci, hindi kasi lahat ng scenario na mabilis ang kalabasan kung bottleneck yung interfacing.

    4. kung bibili lang din naman go ka na sa intel pro.

  • scozans on 31 Jan 17 @ 09:06 PM #

    ^ Thanks a lot boss sa mabilis na reply.

    Actually, ang maximum possible connected devices siguro hangang 15 tapos mostly caching ang gamit at firewall.

    Siguro okay na ko sa 2GB dahil di naman umaabot sa 50% ang usage.

    Kailangan ko i-verify kung saan naka-connect yung LAN, sa 100 ba o sa 1000 mbps. Good tip yang nabanggit mo sir.

    Yung sa NIC pinagiisipan ko e, mejo namamahalan lang kasi ako sa Intel Pro. Baka may alam kayo kahit 2nd hand lang.

    Thanks ulit.

  • palevelmode on 01 Feb 17 @ 07:48 PM #

    sino gumagamit ng snort package ng pfsense dito? can you share your "default" rules na ginagamit. I mean how you basically tweak and lessen "noise" ng snort nyo?

  • st_anger_711 on 01 Feb 17 @ 07:52 PM #

    Yung sa NIC pinagiisipan ko e, mejo namamahalan lang kasi ako sa Intel Pro. Baka may alam kayo kahit 2nd hand lang.


    dito lang search ka maraming nag bebenta dyan.

  • bernierei on 01 Feb 17 @ 10:48 PM #

    Instead na time ang mag-expire, pede po bang thru amount of data like 1GB/day? Salamat po

  • st_anger_711 on 02 Feb 17 @ 06:44 AM #

    ^

    gamit ng RADIUS server.

  • polka on 02 Feb 17 @ 07:21 AM #

    if youre interested for used intel nics, marami sa ebay doon lang ako bumibili, in my case bali 4pieces quad port gigabit intel nic yung binili ko at 4 pieces quad port gigabit broadcom nic (all pci-e) for about $140. Galing sa china yung nakuha ko (which is expected). And all of them working naman.

    kung compare mo yung price ng intel quad port gigabit nic na nabili ko sa ebay vs dito sa tpc, the price difference is around 2-3k (which is absurd for a used item), price comparison from ebay with total cost (all cost including shipping and tax).

  • kotken on 02 Feb 17 @ 12:17 PM #

    tanong ko lng bakit sa pfsense 2.3.2... walng package na lumalabas.... hindi ko 2loy ma install ung squid... mga boss pa2ro nmn po...

    TIA..

  • scozans on 02 Feb 17 @ 12:50 PM #

    @polka

    Thanks sa reply mo boss.

    Yes regular ebay buyer din ako. Actually, the other night bumili na ko ng dual port (Intel-based NIC din naman) galing China, and since may nagpatunay na working din naman may mataas na ngayon confidence level ko na yung darating na NIC ko ay gagana din ng maayos (hopefully, cross-fingers!)

  • scozans on 02 Feb 17 @ 12:55 PM #

    @kotken

    kung walang packages na lumalabas most probably wala kang internet connection sa WAN port mo. check mo yung sa Interfaces mo kung yung WAN mo merong green arrow na going up.

    nangyari din sakin yan hindi pala nabigyan ng IP address ng internet router ko si pfsense kaya naka-down at wala ako makitang packages.

  • scozans on 02 Feb 17 @ 12:55 PM #

    @kotken

    kung walang packages na lumalabas most probably wala kang internet connection sa WAN port mo. check mo yung sa Interfaces mo kung yung WAN mo merong green arrow na going up.

    nangyari din sakin yan hindi pala nabigyan ng IP address ng internet router ko si pfsense kaya naka-down at wala ako makitang packages.

  • kotken on 02 Feb 17 @ 03:43 PM #

    @scozan

    thanks po mabilis na reply... meron nmn po akong internet working nmn po si pfsense.. ang problem ko lng po ung mga package... wlang lumbas sa available package "Unable to retrieve package information" yan po ung nakalagay dun.. kaya hindi ko makita ung lalagay kong squid at squid guard....

    TIA

  • scozans on 03 Feb 17 @ 11:20 AM #

    --observation with pfsense/squid/caching and facebook (videos)--

    di ko alam kung may mali o kulang lang sa squid set up ko o talagang may problema sa facebook video caching ang pfsense/squid, dahil kapag youtube wala ako problem sa caching, kapag napanood na at may nanood ulit wala na o halos wala na buffering pero sa facebook parang hindi ganun nangyayari. Ilang araw ko ng naoobserbahan na kapag facebook parang hindi naii-cache, buffering tuloy ng buffering kapag nanonood ng mga videos sa fb.

    baka meron po dito mga boss na may ganun experience/observation at baka meron kayo maii-suggest sakin.

    Thanks mga boss.

  • dawinsm on 03 Feb 17 @ 03:45 PM #

    may naka pag install na ba sa inyo sa skylake intel i3 4gb ram

    naka 2 installation image na ako ayaw parin,

    na i install sya, pero sa bootup pag press mo ng f1 mag re restart lang yung PC

  • polka on 03 Feb 17 @ 06:09 PM #

    ^set mo sa legacy mode yung BIOS/UEFI mode mo.

  • bernierei on 06 Feb 17 @ 10:45 AM #

    Mga sir baka po meron sa inyo na may idea kung pedeng gawin ito: magke-create ng log-in/registration using html and php na magli-link sa database (intenal ng pfsense or external db) then gagamitin yung credentials to log-in sa pfsense where enabled ang captive portal and radius server (for bandwidth management). salamat

  • kotken on 07 Feb 17 @ 06:33 AM #

    mga sir...

    bkit ung new install ko pfsense 2.0.3 ayaw mag display ung lusca sa package... ehhh nilagay ko nmn ung code sa command prompt.. pki sagot nmn po..

    TIA

  • scozans on 08 Feb 17 @ 12:19 PM #

    --another observation--

    disabled muna ang Squid (lalo ang Squidguard!), napuna ko kasi wala na halos pinlulusot si squid na kahit anong "uncommon sites" kahit mga legit o mga maayos na sites naman, tulad ng mga company sites - kahit nga ebay blocked nya na din. Ang gusto ko lang sana sa Squid (at Squidguard) unang una caching at pangalawa yung filtering lalo sa mga porn, gambling, and other similar sites. kaya lang nagsa-suffer naman kami sa pag-browse ng mga simpleng sites, kahit fb bagal na mag-load kapag activated ang squid.

    Ano suggestion mga boss kung ano magandang gawin. Thanks.

    Pahabol: Bakit kasi wala na ang Lusca sa bagong version e, okay na okay yung dati para sa caching!

  • st_anger_711 on 08 Feb 17 @ 12:24 PM #

    Pahabol: Bakit kasi wala na ang Lusca sa bagong version e, okay na okay yung dati para sa caching!


    hindi pu kasi officially supported si Lusca kay pfsense.

    disabled muna ang Squid (lalo ang Squidguard!), napuna ko kasi wala na halos pinlulusot si squid na kahit anong "uncommon sites" kahit mga legit o mga maayos na sites naman, tulad ng mga company sites - kahit nga ebay blocked nya na din. Ang gusto ko lang sana sa Squid (at Squidguard) unang una caching at pangalawa yung filtering lalo sa mga porn, gambling, and other similar sites. kaya lang nagsa-suffer naman kami sa pag-browse ng mga simpleng sites, kahit fb bagal na mag-load kapag activated ang squid.


    mga https site ba madalas yung nag babagal? yan kasi experience ko before kaya din hindi ko na ginagamit si Squid! alternative ko ay filter thur DNS (opendns) as for caching wala ako alternative.

  • polka on 08 Feb 17 @ 12:49 PM #

    for domain blocking specially porn, I just use Shalla's repository for domain blacklist, then both use the IP and domain listing with pfblockerng. Works great for me. Although you need a lot of ram on this one mines already have 4GB of RAM and during blackilst compilation ng pfblockerng, it consumes about 2.5gig-ish memory (no swap).

    But due to new law sa pinas, almost like 20+ top porn sites were already blocked (cannot be bypassed by a simple DNS change which is a good idea than having a alternative DNS block or intercept any DNS traffic to be routed on local ISP DNS cache serer).

    -- edited by polka on Feb 08 2017, 12:51 PM

  • pips on 08 Feb 17 @ 02:42 PM #

    Mga Sirs, pwede po ba magtanong, nagpapraktis kasi ako mag pfsense openvpn site to site. ito po ung scenario ng setup ko:

    Internet connection Sky Bro

    VPN Site to Site Shared Key

    laptop1 = VPN Server
    VMware workstation
    windowsxp => NIC1 = internal = IP 10.0.30.10
    pfsense => (NIC1 = internal) IP 10.0.30.1 + (NIC2 = NAT or Bridge Network) IP DHCP

    laptop2 = VPN Client
    VBox
    windows8 => internal = IP 192.168.1.100
    pfsense => (NIC1 = internal) IP 192.168.1.1 + (NIC2 = NAT or Bridge Network) IP DHCP

    pero ang talagang tanong ko po is possible bang pagkitain ang dalawang network ng vmware at vbox gamit ang isang skybro public ip na naka NAT or Bridge Network lang? Tama naman po ung configuration and firewall rules ko pero di nag oonline ung VPN Server pero running naman ung service ng openvpn.

    TIA

  • kotken on 09 Feb 17 @ 07:51 AM #

    mga sir...

    cnu po sa inyo ung gumagana pa ung lusca..?? pwede po ba copy ko nlng ung HDD nyo..?? gagana kaya yan sakin..??

    kung pwede magbabayad nlng ako ng copy to HDD to HDD..

  • dawinsm on 09 Feb 17 @ 01:16 PM #

    kaya ba i block ni pfsense ang https? like FB and youtube? then pwede ba akong mag add ng IP address na allow gumamit ng FB, youtube?

    pinag iisipan ko kasi ito , anong pipiliin nyo sa 2?

    1. pfsense lang for firewall and web filtering
    or
    2. pfsense for firewall, bandwidth management, cache + untangle for web filtering.

  • polka on 09 Feb 17 @ 01:58 PM #

    ^gamitin mo yung alias, then put a address there like www.facebook.com

    then add ka sa firewall rule under LAN make sure to set it to block and set the destication to Alias you created earlier, after that block na yan.

    you dont have to worry about facebook ip range since automacally nag re-fresh yung domain with new assign IP address.

  • dawinsm on 09 Feb 17 @ 02:51 PM #

    ^ Thanks sir polka

    paano naman kung allow naman mag FB yung ibang user ? i allow ko lang ip address nila?

  • palevelmode on 12 Feb 17 @ 05:35 PM #

    ^ Thanks a lot boss sa mabilis na reply.

    Actually, ang maximum possible connected devices siguro hangang 15 tapos mostly caching ang gamit at firewall.

    Siguro okay na ko sa 2GB dahil di naman umaabot sa 50% ang usage.

    Kailangan ko i-verify kung saan naka-connect yung LAN, sa 100 ba o sa 1000 mbps. Good tip yang nabanggit mo sir.

    Yung sa NIC pinagiisipan ko e, mejo namamahalan lang kasi ako sa Intel Pro. Baka may alam kayo kahit 2nd hand lang.

    Thanks ulit.


    kumusta naman sa kuryente? 24/7 ba naka-on pfsense mo?

  • polka on 12 Feb 17 @ 06:40 PM #

    ^I can assume it consumes around 50-90watts depende sa load ng unit,

    if you pair a J1900 board with dual nic on it, it can safely sit around 10-15watts using pico psu as power source and HDD is using a SSD or 2.5inch HDD or just a plain USB thumb drive if you dont plan using a caching like squid.

    currently im using Asrock uBox-110 <click here for link>
    got tired finding a suitable ITX board for my pfsense needs, with that, it has all the things that I need, it has 2x gigabit intel NIC and a quadcore 2ghz celeron, slap in my spare 8GB SODIMM 1333mhz ram on it, and a cheap 32GB SSD inside. Power consumption wise, it consumes 6-9watts under 7days smart power monitoring, it average around 7watts. So not bad for my needs. I spent around $230 on this unit + the ssd, since im using a 100mbit symetric connection, i might as well invest on this unit since well, it has the same price of a high end routers like a r8000 or ac88u

    -- edited by polka on Feb 12 2017, 06:43 PM