Messages

1

Tutorials and FAQs / Re: [HowTo] - PPPoE, VLAN & RFC4638

« on: January 03, 2024, 09:46:09 pm »

The exact message when trying to apply the patch is: 'hunks' - 4 out of 5 hunks failed, see attached image.

It was at this point, it occurred to me that the patch might only apply to 23.7.3 & not 23.7.10_1..

2

Tutorials and FAQs / Re: [HowTo] - PPPoE, VLAN & RFC4638

« on: January 03, 2024, 04:30:25 am »

Does this patch apply to '23.7.10_1-amd64' - I seem to be getting something like 4 out of 5 failed block messages.

3

23.7 Legacy Series / Re: Upgrade to 23.7 - NAT Port Forward rules no longer working

« on: August 03, 2023, 12:09:02 pm »

***Quick Update***

Hope this helps someone who may be experiencing the same issue I was.

The issue I had with NAT seemed to present itself post 23.7 upgrade, in particular 'Port Forward'.

Original configuration 23.1.11:
Under NAT / Port Forward, I had a rule specific for DNS (port 53), redirected to a group, i.e. VPN DNS ip's. This group has the ip addresses added pertaining to the VPN's dns servers.

POST 23.7 upgrade, this rule failed & I stumbled across a fix by changing an attribute in the port forward rule.

Current configuration 23.7:
Under NAT / Port Forward, I've now used the specific VLAN interface my host is attached to (instead of the group I had previously) and it seems to work, i.e. my VP provider is showing 'no leaks'.

Strange thing is, under NAT / Outbound, the interface I have listed here is the same group mentioned above that does not work for port forward.

All good now....

4

23.7 Legacy Series / Firewall groups not showing under 'Interfaces' with multiple members

« on: August 03, 2023, 01:37:30 am »

Just notinced after 23.7 upgrade, all my firewall groups are not showing under 'Interfaces' section anymore. After tinkering with this for a bit, I noticed the groups will show IF only one member is selected.
When multiple members are selected, the interface disappears, but it still present in form under RULES section - this didn't happen in 23.1.11.

I've checked the '(no) GUI groups' option - it's not ticked, but doesn't matter anyway as it's no longer honouring this check mark.

5

23.7 Legacy Series / Upgrade to 23.7 - NAT Port Forward rules no longer working

« on: August 03, 2023, 01:31:11 am »

It appears post 23.1.11 - 23.7 upgrade, all my port forward rules are no longer honoured.

NAT outbound rules seem fine & routing properly. DNS port forward rule doesn't seem to be using the gateway I selected and instead is using the default gateway.

6

23.1 Legacy Series / Re: WireGuard Selective Routing to External VPN Endpoint

« on: April 20, 2023, 12:58:03 am »

If you've followed the  wireguard guide meticulously, create another rule without the "NO_WAN_EGRESS" tag for the pc's in question. This way, you'll have fallback to ISP without kill-switch for those PC's.

7

Hardware and Performance / Re: noob wanting to do first install on a SG115

« on: April 20, 2023, 12:28:16 am »

I have a similar setup utilising Sophos units.
Simply download the image, burn to USB. Insert USB into spare port on Sophos box - boot up.
(Make sure you have external monitor/kb plugged it to see the boot process).
Wait for boot menu and follow the bouncing ball - easy.

8

22.7 Legacy Series / Shaper rules not working as expected - when VLAN selected as secondary interface

« on: December 28, 2022, 10:03:19 am »

Hi all -

Having issues with the Shaper, in particular when using VLANs.
Under Firewall - Shaper - Rules I have a rule for one of my VLANS whereby I have selected WAN as the primary interface & (VLANx) as the secondary interface. I use this rule to catch traffic on this VLAN to give it certain priority - works well.

IF however, I setup an additional rule underneath this VLAN rule (next sequence number), and select WAN as the primary interface with nothing in the secondary - the two rules conflict and the shaper seems to share the bandwidth between the two rules. This rule is used as a 'catch all' for all other traffic - other than the VLAN in the previous rule.
 
The result is that the total throughput flow is reduced by a small margin.

To get around this, I deleted the vlan from Interface2 & used source/destination IP subnets that correspond to the VLAN - with this setup the rules/flows/traffic is spot on....


Any thoughts?