Forum Topic

Unified PFSense Users

  • istanbul on 18 Apr 17 @ 12:46 PM #

    gamit mo din yung squidguard?

    sa akin kaya ayaw yung squid kapag may issues sa refresh pattern
    you can try typing squid -z sa terminal or ssh, dun mo makikita kung may issue

    -- edited by istanbul on Apr 18 2017, 12:48 PM

  • Dark_VaderJr on 18 Apr 17 @ 12:51 PM #

    @istanbul
    yun ang una kong setup, squid+squidguad+transparent , hindi gumagana ang transparent ( walang logs kapag hindi naka config proxy sa browser )

    Ang ginawa ko ngayon, nireset ko muna to factory default para back to zero config. ang idea ko is paganahin ko muna transparent proxy bago lagyan ng squidguard.

  • istanbul on 18 Apr 17 @ 02:52 PM #

    ako nag give up sa squidguard kasi may mga binoblock sya na sites kahit naka whitelist na, balak ko try ulit kapag di na busy, ginawa kong router yun pfsense and madami gumagamit ng net sa bahay kaya di ako makapag experiment
    test mo kung squid+transparent muna, suggestion lang kung mag test ka using pc, mag delete ka muna ng local cache sa PC mo

  • istanbul on 19 Apr 17 @ 10:39 AM #

    may way ba for pfsense to access a bridged modem (PLDT). Connected yung modem sa WAN port ni pfsense

  • jyb007 on 23 Apr 17 @ 06:54 PM #

    I'm having problems with the traffic shaping limiter in relation to steam updates. Even though I set it at 3mb download per client and tested it to work via speedtest, but when it comes to steam it just bypass the 3mb limit. Steam seems to just ignore the 3mb limiter I set and eats up all the bandwidth. Everything else except for steam, works fine with the limiter. Pfsense experts, I kindly ask for advice or solution for my problem. I already know the steam settings for download limit, but I'd like the solution via Pfsense side.

    -- edited by jyb007 on Apr 23 2017, 06:56 PM

  • st_anger_711 on 24 Apr 17 @ 05:13 AM #

    I'm having problems with the traffic shaping limiter in relation to steam updates. Even though I set it at 3mb download per client and tested it to work via speedtest, but when it comes to steam it just bypass the 3mb limit. Steam seems to just ignore the 3mb limiter I set and eats up all the bandwidth. Everything else except for steam, works fine with the limiter. Pfsense experts, I kindly ask for advice or solution for my problem. I already know the steam settings for download limit, but I'd like the solution via Pfsense side.


    try to limit the ports that steam uses specifically the update/download port <click here for link>

  • polka on 24 Apr 17 @ 08:27 AM #

    well steam downloads does throttle in my setup, baka may mali lang sa setup mo lalo na yung protocol. baka naka set lang sa TCP.

  • jyb007 on 24 Apr 17 @ 06:59 PM #

    @polka. Rules are set to "any" & the other "tcp&udp".

    @st_anger_711. But aren't the ports you mentioned are already included under "tcp&udp" rules I set?

    I set all the steam ports on the floating rules for traffic shapping, but still ignores them and hogs up all the bandwidth.

    BTW I'm using the latest version of pfsense 233. And I never had this problem with the previous versions. Probably still a buggy version.

    Looks like I have to revert back to an older version 215.

    -- edited by jyb007 on Apr 24 2017, 07:40 PM

    -- edited by jyb007 on Apr 24 2017, 07:41 PM

  • jeffreynr on 26 Apr 17 @ 12:59 PM #

    Kaya po ba mag throttle ng Pfsense Per Wesbsite? Namely, youtube and facebook or other streaming sites as desired?

    -- edited by jeffreynr on Apr 26 2017, 12:59 PM

  • st_anger_711 on 26 Apr 17 @ 06:58 PM #

    ^

    kung http at https ang ibig mu sabihin, then yes kaya.

  • gege on 27 Apr 17 @ 08:33 AM #

    Mga master pwede po bang dalawang pfsense server paganahin sa isang network? parehas po sila sabay gagawing gateway.

  • dawinsm on 27 Apr 17 @ 11:28 AM #

    ^ gege
    anong plan mo sir o bakit mo naisip na 2 pfsense ang gamitin?

  • gege on 28 Apr 17 @ 12:18 AM #

    @dawinsm
    3 kasi ISP namin. yung iinstallan ko ng pfsense 2 lang pcie. bale and setup ko LAN, 3 ISP at wireless.

  • XPC42 on 28 Apr 17 @ 02:53 PM #

    Ano ba mas maganda sa online gaming sa net cafe na dalawa ang ISP, failover o hiwalay (isa sa browsing dedicated, ung isa sa online games lang), kasi di ba me lag pag naDC online game at lilipat sa failover (crossfire di na makakabalik sa match)?

  • st_anger_711 on 28 Apr 17 @ 03:40 PM #

    ^

    para hindi ma disconnect sa OL games if ever mag DC yung gaming ISP?

    ang alam ko ma DDC talaga muna, kasi yung daan pabalik na bago na.

  • ZLite on 05 May 17 @ 08:13 PM #

    @jeffrey
    Kaya po ba mag throttle ng Pfsense Per Wesbsite? Namely, youtube and facebook or other streaming sites as desired?


    yes, you must set the distination IP's also to work.


    @xpc42
    Ano ba mas maganda sa online gaming sa net cafe na dalawa ang ISP, failover o hiwalay (isa sa browsing dedicated, ung isa sa online games lang), kasi di
    ba me lag pag naDC online game at lilipat sa failover (crossfire di na makakabalik sa match)?


    Load Balancing ang sulution. Be sure laht ng ISP ay naka teer1. Then, sa Traffic-shaper create your limit for browsing and gaming. Set to a rule plus ports.

    Hope This Helps

  • polka on 06 May 17 @ 06:18 PM #

    sad news for me and for existing users as well:

    pfsense 2.4 will now be limited to 64bit processor (which is fine)

    but the worst part is

    pfsense 2.5 will only support AES-NI enabled processors, so yeah, prepare your wallet for another expense if you plan to stick with pfsense.

  • pepspeps on 07 May 17 @ 07:36 AM #

    ^ Thanks for the heads up sir.

    Naka-low end Intel processor lang yung pf namin sa office. Mukhang kailangan na ngang planuhin yung processor upgrade. :(

  • jyb007 on 11 May 17 @ 10:32 AM #

    Just figured out on how to fix the problem of why steam downloads can't be controlled by the speed limiter of pfsense. I disabled transparent proxy and manually configured each computer for squid proxy and it worked. BTW, this is for the 2.3.4 version.

    Just letting know others who have the same problem. I hope it will help.

  • XPC42 on 11 May 17 @ 10:41 PM #

    Guys question lang po. Kakasira nung mobo ko now. Yung onboard ko me MAC address yun na naka configure sa PFsense. Pag nakabili ako kapalit same model, pwede ba iedit na lang sa VMware ung MAC address palitan ng MAC address nung bago? Thanks po sa makakatulong.

  • polka on 12 May 17 @ 07:11 AM #

    ^you can change it either in the VM it self or through pfsense, doenst matter which method you choose they work the same anyway.

  • istanbul on 15 May 17 @ 04:09 PM #

    normal ba yung multiple logs coming from differents IPs trying to connect to my IP using ports 22,23,80,16881. I assume na block ng firewall kasi yung log ay "@5(1000000103) block drop in log inet all label "Default deny rule IPv4"

  • polka on 15 May 17 @ 06:13 PM #

    ^kung naka public ip ka, normal lang yan, most of the connection attempts usually originates from china. some of them in russia.

    but i do know that china is very notorious of doing that.

    so as long as it blocking it, your fine.

  • istanbul on 16 May 17 @ 09:06 AM #

    @Polka thanks!

  • phdot_com on 18 May 17 @ 11:23 AM #

    hello all.
    paki validate na lang kung tama experience ko sa set up ko.

    naka set up ako transparent na pfsense, with squid and squidguard, with https blocking, pero wala akong ini install na pf certificate sa client PC and phones.
    oks lang ba yan?
    pf 2.3.4

  • polka on 18 May 17 @ 12:27 PM #

    edit:

    try mo mag visit ng https site, pag naka recieve ka ng HSTS error then yan na yun.

    pag regular port 80 lang kasi yan walang problema.

    -- edited by polka on May 18 2017, 12:29 PM

  • phdot_com on 19 May 17 @ 05:49 PM #

    ok naman mga https site like banks.. naka transact naman smoothly.

  • dawinsm on 19 May 17 @ 05:51 PM #

    sa mga gumagamit ng pfsense sa shop nila,
    paano nyo hinihiway ang browsing, youtube, lol,dota2 at PB?

    thanks

  • polka on 19 May 17 @ 06:12 PM #

    @phdot

    weird, ssl connections doesnt like custom created CA. unless the custom certificates are registered to the devices.

    mas maganda tignan mo na lang yung access.log if it really initiates any ssl connections (port 443 usual). pag wala, meaning hindi naka enable yung transparent proxy on the port 443 side since this is not enabled by default if you enable the transparent proxy option on squid sa pfsense.

    @dawinsm

    know the port and/or IP of the destination traffic and add that to your packet shaper and set what category it comes to (eg, Voip, gaming, downloads/web surfing etc....).

  • jaolo on 20 May 17 @ 11:15 AM #

    Mga sir baka may makatulong sa akin, pano ko ba mareretain yung source IP ng client (VOIP PHONE) once tumawid sya ng IPVPN service ni PLDT at na reach yung requested service (VOIP SERVER). Like sa example ko, client/source IP 10.26.1.100 then makikita ko sa logs ng PF2 ko eh ang source IP na nya eh 20.20.20.11