> Once more
Command Once not recognised.
> I am running the latest snapshot of today.
Command I not recognised.
> I do use the old pptp adsl way to make connection with our provider.
Command I not recognised.
> It works for us a really long time very well.
Command It not recognised.
> This works great on all versions of monowall and pfsense 1.2.3 and before.
Command This not recognised.
> But now with pfsense 2.0 i can not get traffic over the line.
Command But not recognised.
> At least no real data.
Command At not recognised.
> I can ping, but websites do not load or part of it, but most will not.
Command I not recognised.
> I am struggling with this for about 2 months now.
Command I not recognised.
> The thing is i see a lot of dropped packages on the vr1 interface.
Command The not recognised.
> This is the interface my modem is connected to and it runs on a 5501
Command This not recognised.
> soekris board.
Command soekris not recognised.
> these drops looks like i have disabled the block rule of private networks
Command these not recognised.
> vr1 10.0.0.138 10.0.0.100 GRE
Command vr1 not recognised.
> vr1 10.0.0.138 10.0.0.100 GRE
Command vr1 not recognised.
> 10.0.0.138 is the modem
Command 10.0.0.138 not recognised.
> 10.0.0.100 is my WAN addres.
Command 10.0.0.100 not recognised.
> i have disabled the block rule of private networks
Command i not recognised.
> also tried all kinds of mtu settings.
Command also not recognised.
> On the 2.0 version if i look at the /tmp/rules.debug file i see the WAN
Command On not recognised.
> interface WAN = "{ pptp1 }"
Command interface not recognised.
> Also i see the pass rule for this GRE traffic on my WAN interface
Command Also not recognised.
> pass in on $WAN proto gre from any to any keep state label "allow PPTP
Command pass not recognised.
> client on WAN"
Command client not recognised.
> But here it goes wrong in my understanding!
Command But not recognised.
> The firewall log tells me it drops them on vr1 and the pass rule is for
Command The not recognised.
> pptp1 hence WAN = "{ pptp1 }"
Command pptp1 not recognised.
> On the old pfsence 1.2.3 i see wan = "{ vr1 ng0 }"
Command On not recognised.
> And also the pass rule.
Command And not recognised.
> # PPTPd rules
Command # not recognised.
> anchor "pptp"
Command anchor not recognised.
> pass in quick on $wan proto gre from any to 213.84.84.84 keep state
Command pass not recognised.
> label "allow gre pptpd"
Command label not recognised.
> pass in quick on $wan proto tcp from any to 213.84.84.84 port = 1723
Command pass not recognised.
> modulate state label "allow pptpd xxx.xxx.xxx.xxx"
Command modulate not recognised.
> So in the old version it also passes these GRE packages on the vr1
Command So not recognised.
> interface and the ng0 interface.
Command interface not recognised.
> So would it be wise to set WAN = "{ vr1 pptp1}" on 2.0
Command So not recognised.
> And how can i do that for a test.
Command And not recognised.
> regards
Command regards not recognised.
> Johan Hendriks
Command Johan not recognised.
> Below are my /tmp/rules.debug files
Command Below not recognised.
> The version 2.0 is from a cleanly installed sytem.
Command The not recognised.
> The version from 1.2.3 is from the working one, and i deleted some of
Command The not recognised.
> the rules that are not important as far as i know.
Command the not recognised.
> This is the output of /tmp/rules.debug (V2.0)
Command This not recognised.
> ############### V 2.0 #################
Command ############### not recognised.
> #System aliases
Command #System not recognised.
> loopback = "{ lo0 }"
Command loopback not recognised.
> WAN = "{ pptp1 }"
Command WAN not recognised.
> LAN = "{ vr0 }"
Command LAN not recognised.
> #SSH Lockout Table
Command #SSH not recognised.
> table <sshlockout> persist
Command table not recognised.
> table <webConfiguratorlockout> persist
Command table not recognised.
> #pfSnortSam tables
Command #pfSnortSam not recognised.
> table <snort2c>
Command table not recognised.
> table <virusprot>
Command table not recognised.
> # User Aliases
Command # not recognised.
> # Gateways
Command # not recognised.
> GWWAN = " route-to ( pptp1 xxx.190.242.xxx ) "
Command GWWAN not recognised.
> set loginterface vr0
Command set not recognised.
> set optimization normal
Command set not recognised.
> set limit states 48000
Command set not recognised.
> set limit src-nodes 48000
Command set not recognised.
> set skip on pfsync0
Command set not recognised.
> scrub in on $WAN all fragment reassemble
Command scrub not recognised.
> scrub in on $LAN all fragment reassemble
Command scrub not recognised.
> nat-anchor "natearly/*"
Command nat-anchor not recognised.
> nat-anchor "natrules/*"
Command nat-anchor not recognised.
> # Outbound NAT rules
Command # not recognised.
> # Subnets to NAT
Command # not recognised.
> tonatsubnets = "{ 192.168.1.0/24 127.0.0.0/8 }"
Command tonatsubnets not recognised.
> nat on $WAN from $tonatsubnets port 500 to any port 500 ->
Command nat not recognised.
> xxx.xxx.xxx.xxx/32 port 500
Command xxx.xxx.xxx.xxx/32 not recognised.
> nat on $WAN from $tonatsubnets to any -> xxx.xxx.xxx.xxx/32 port
Command nat not recognised.
> 1024:65535
Command 1024:65535 not recognised.
> # Load balancing anchor
Command # not recognised.
> rdr-anchor "relayd/*"
Command rdr-anchor not recognised.
> # TFTP proxy
Command # not recognised.
> rdr-anchor "tftp-proxy/*"
Command rdr-anchor not recognised.
> table <direct_networks> { xxx.xxx.xxx.xxx/32 192.168.1.0/24 }
Command table not recognised.
> # UPnPd rdr anchor
Command # not recognised.
> rdr-anchor "miniupnpd"
Command rdr-anchor not recognised.
> anchor "relayd/*"
Command anchor not recognised.
> #---------------------------------------------------------------------------
Command
#---------------------------------------------------------------------------
not recognised.
> # default deny rules
Command # not recognised.
> #---------------------------------------------------------------------------
Command
#---------------------------------------------------------------------------
not recognised.
> block in log all label "Default deny rule"
Command block not recognised.
> block out log all label "Default deny rule"
Command block not recognised.
> # We use the mighty pf, we cannot be fooled.
Command # not recognised.
> block quick proto { tcp, udp } from any port = 0 to any
Command block not recognised.
> block quick proto { tcp, udp } from any to any port = 0
Command block not recognised.
> # Block all IPv6
Command # not recognised.
> block in quick inet6 all
Command block not recognised.
> block out quick inet6 all
Command block not recognised.
> # pfSnortSam
Command # not recognised.
> block quick from <snort2c> to any label "Block snort2c hosts"
Command block not recognised.
> block quick from any to <snort2c> label "Block snort2c hosts"
Command block not recognised.
> block quick from <pfSnortSamout> to any label "Block pfSnortSamOut hosts"
Command block not recognised.
> block quick from any to <pfSnortSamin> label "Block pfSnortSamIn hosts"
Command block not recognised.
> # SSH lockout
Command # not recognised.
> block in log quick proto tcp from <sshlockout> to any port 22 label
Command block not recognised.
> "sshlockout"
Command "sshlockout" not recognised.
> # webConfigurator lockout
Command # not recognised.
> block in log quick proto tcp from <webConfiguratorlockout> to any port
Command block not recognised.
> 443 label "webConfiguratorlockout"
Command 443 not recognised.
> block in quick from <virusprot> to any label "virusprot overload table"
Command block not recognised.
> antispoof for pptp1
Command antispoof not recognised.
> # allow PPTP client
Command # not recognised.
> pass in on $WAN proto tcp from any to any port = 1723 flags S/SA
Command pass not recognised.
> modulate state label "allow PPTP client on WAN"
Command modulate not recognised.
> pass in on $WAN proto gre from any to any keep state label "allow PPTP
Command pass not recognised.
> client on WAN"
Command client not recognised.
> antispoof for vr0
Command antispoof not recognised.
> # loopback
Command # not recognised.
> pass in on $loopback all label "pass loopback"
Command pass not recognised.
> pass out on $loopback all label "pass loopback"
Command pass not recognised.
> # let out anything from the firewall host itself and decrypted IPsec traffic
Command # not recognised.
> pass out all keep state allow-opts label "let out anything from firewall
Command pass not recognised.
> host itself"
Command host not recognised.
> pass out route-to ( pptp1 xxx.190.242.xxx ) from xxx.xxx.xxx.xxx to
Command pass not recognised.
> !xxx.xxx.xxx.xxx/32 keep state allow-opts label "let out anything from
Command !xxx.xxx.xxx.xxx/32 not recognised.
> firewall host itself"
Command firewall not recognised.
> # make sure the user cannot lock himself out of the webConfigurator or SSH
Command # not recognised.
> pass in quick on vr0 proto tcp from any to (vr0) port { 80 443 22 }
Command pass not recognised.
> keep state label "anti-lockout rule"
Command keep not recognised.
> # User-defined rules follow
Command # not recognised.
> anchor "userrules/*"
Command anchor not recognised.
> pass in quick on $WAN reply-to ( pptp1 xxx.190.242.xxx ) from any to
Command pass not recognised.
> any keep state label "USER_RULE"
Command any not recognised.
> pass in quick on $LAN from 192.168.1.0/24 to any keep state label
Command pass not recognised.
> "USER_RULE: Default allow LAN to any rule"
Command "USER_RULE: not recognised.
> # VPN Rules
Command # not recognised.
> anchor "tftp-proxy/*"
Command anchor not recognised.
> ############### END V 2.0 #################
Command ############### not recognised.
> ############### V 1.2.3 #################
Command ############### not recognised.
> This is /tmp.rules.debug on the working 1.2.3 system (relevant part for
Command This not recognised.
> as far i know)
Command as not recognised.
> # System Aliases
Command # not recognised.
> loopback = "{ lo0 }"
Command loopback not recognised.
> lan = "{ vr0 }"
Command lan not recognised.
> ng0 = "{ vr1 ng0 }"
Command ng0 not recognised.
> wan = "{ vr1 ng0 }"
Command wan not recognised.
> enc0 = "{ enc0 }"
Command enc0 not recognised.
> pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14
Command pptp not recognised.
> ng15 ng16 }"
Command ng15 not recognised.
> # User Aliases
Command # not recognised.
> set loginterface vr1
Command set not recognised.
> set loginterface vr0
Command set not recognised.
> set loginterface vr2
Command set not recognised.
> set optimization normal
Command set not recognised.
> set skip on pfsync0
Command set not recognised.
> scrub all random-id fragment reassemble
Command scrub not recognised.
> nat-anchor "pftpx/*"
Command nat-anchor not recognised.
> nat-anchor "natearly/*"
Command nat-anchor not recognised.
> nat-anchor "natrules/*"
Command nat-anchor not recognised.
> # FTP proxy
Command # not recognised.
> rdr-anchor "pftpx/*"
Command rdr-anchor not recognised.
> # Outbound NAT rules
Command # not recognised.
> nat on $ng0 from 192.168.1.0/24 port 500 to any port 500 -> (ng0) port 500
Command nat not recognised.
> nat on $ng0 from 192.168.1.0/24 port 5060 to any port 5060 -> (ng0) port
Command nat not recognised.
> 5060
Command 5060 not recognised.
> nat on $ng0 from 192.168.1.0/24 to any -> (ng0) port 1024:65535
Command nat not recognised.
> nat on $ng0 from 192.168.1.208/28 port 500 to any port 500 -> (ng0) port 500
Command nat not recognised.
> nat on $ng0 from 192.168.1.208/28 port 5060 to any port 5060 -> (ng0)
Command nat not recognised.
> port 5060
Command port not recognised.
> nat on $ng0 from 192.168.1.208/28 to any -> (ng0) port 1024:65535
Command nat not recognised.
> #SSH Lockout Table
Command #SSH not recognised.
> table <sshlockout> persist
Command table not recognised.
> # Load balancing anchor - slbd updates
Command # not recognised.
> rdr-anchor "slb"
Command rdr-anchor not recognised.
> # FTP Proxy/helper
Command # not recognised.
> table <vpns> { }
Command table not recognised.
> no rdr on vr0 proto tcp from any to <vpns> port 21
Command no not recognised.
> rdr on vr0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021
Command rdr not recognised.
> no rdr on vr2 proto tcp from any to <vpns> port 21
Command no not recognised.
> rdr on vr2 proto tcp from any to any port 21 -> 127.0.0.1 port 8022
Command rdr not recognised.
> # NAT Inbound Redirects
Command # not recognised.
> # IMSpector rdr anchor
Command # not recognised.
> rdr-anchor "imspector"
Command rdr-anchor not recognised.
> # UPnPd rdr anchor
Command # not recognised.
> rdr-anchor "miniupnpd"
Command rdr-anchor not recognised.
> anchor "ftpsesame/*"
Command anchor not recognised.
> anchor "firewallrules"
Command anchor not recognised.
> # We use the mighty pf, we cannot be fooled.
Command # not recognised.
> block quick proto { tcp, udp } from any port = 0 to any
Command block not recognised.
> block quick proto { tcp, udp } from any to any port = 0
Command block not recognised.
> # snort2c
Command # not recognised.
> table <snort2c> persist
Command table not recognised.
> block quick from <snort2c> to any label "Block snort2c hosts"
Command block not recognised.
> block quick from any to <snort2c> label "Block snort2c hosts"
Command block not recognised.
> # Block all IPv6
Command # not recognised.
> block in quick inet6 all
Command block not recognised.
> block out quick inet6 all
Command block not recognised.
> # loopback
Command # not recognised.
> anchor "loopback"
Command anchor not recognised.
> pass in quick on $loopback all label "pass loopback"
Command pass not recognised.
> pass out quick on $loopback all label "pass loopback"
Command pass not recognised.
> # package manager early specific hook
Command # not recognised.
> anchor "packageearly"
Command anchor not recognised.
> # carp
Command # not recognised.
> anchor "carp"
Command anchor not recognised.
> # permit wan interface to ping out (ping_hosts.sh)
Command # not recognised.
> pass quick proto icmp from xxx.xxx.xxx.xxx to any keep state
Command pass not recognised.
> # NAT Reflection rules
Command # not recognised.
> # allow PPTP client
Command # not recognised.
> anchor "pptpclient"
Command anchor not recognised.
> pass in quick on $wan proto gre from any to any modulate state label
Command pass not recognised.
> "allow PPTP client"
Command "allow not recognised.
> pass in quick on $wan proto gre from any to any modulate state label
Command pass not recognised.
> "allow PPTP client"
Command "allow not recognised.
> pass in quick on $wan proto tcp from any port = 1723 to any flags S/SA
Command pass not recognised.
> modulate state label "allow PPTP client"
Command modulate not recognised.
> pass in quick on $wan proto tcp from any to any port = 1723 flags S/SA
Command pass not recognised.
> modulate state label "allow PPTP client"
Command modulate not recognised.
> block in log quick on $wan proto udp from any port = 67 to
Command block not recognised.
> 192.168.1.0/24 port = 68 label "block dhcp client out wan"
Command 192.168.1.0/24 not recognised.
> # LAN/OPT spoof check (needs to be after DHCP because of broadcast
Command # not recognised.
> addresses)
Command addresses) not recognised.
> antispoof for vr0
Command antispoof not recognised.
> antispoof for vr2
Command antispoof not recognised.
> anchor "spoofing"
Command anchor not recognised.
> # Support for allow limiting of TCP connections by establishment rate
Command # not recognised.
> anchor "limitingesr"
Command anchor not recognised.
> table <virusprot>
Command table not recognised.
> block in quick from <virusprot> to any label "virusprot overload table"
Command block not recognised.
> # block bogon networks
Command # not recognised.
> # http://www.cymru.com/Documents/bogon-bn-nonagg.txt
Command # not recognised.
> anchor "wanbogons"
Command anchor not recognised.
> table <bogons> persist file "/etc/bogons"
Command table not recognised.
> block in log quick on $wan from <bogons> to any label "block bogon
Command block not recognised.
> networks from wan"
Command networks not recognised.
> # let out anything from the firewall host itself and decrypted IPsec traffic
Command # not recognised.
> pass out quick on $lan proto icmp keep state label "let out anything
Command pass not recognised.
> from firewall host itself"
Command from not recognised.
> pass out quick on $wan proto icmp keep state label "let out anything
Command pass not recognised.
> from firewall host itself"
Command from not recognised.
> # tcp.closed 5 is a workaround for load balancing, squid and a few other
Command # not recognised.
> issues.
Command issues. not recognised.
> # ticket (FEN-857512) in centipede tracker.
Command # not recognised.
> pass out quick on ng0 all keep state ( tcp.closed 5 ) label "let out
Command pass not recognised.
> anything from firewall host itself"
Command anything not recognised.
> # pass traffic from firewall -> out
Command # not recognised.
> anchor "firewallout"
Command anchor not recognised.
> pass out quick on vr1 all keep state label "let out anything from
Command pass not recognised.
> firewall host itself"
Command firewall not recognised.
> pass out quick on vr0 all keep state label "let out anything from
Command pass not recognised.
> firewall host itself"
Command firewall not recognised.
> pass out quick on vr2 all keep state label "let out anything from
Command pass not recognised.
> firewall host itself"
Command firewall not recognised.
> pass out quick on $pptp all keep state label "let out anything from
Command pass not recognised.
> firewall host itself pptp"
Command firewall not recognised.
> pass out quick on $enc0 keep state label "IPSEC internal host to host"
Command pass not recognised.
> # let out anything from the firewall host itself and decrypted IPsec traffic
Command # not recognised.
> pass out quick on vr2 proto icmp keep state ( tcp.closed 5 ) label "let
Command pass not recognised.
> out anything from firewall host itself"
Command out not recognised.
> pass out quick on $WLAN all keep state ( tcp.closed 5 ) label "let out
Command pass not recognised.
> anything from firewall host itself"
Command anything not recognised.
> # make sure the user cannot lock himself out of the webGUI or SSH
Command # not recognised.
> anchor "anti-lockout"
Command anchor not recognised.
> pass in quick on vr0 from any to 192.168.1.250 keep state label
Command pass not recognised.
> "anti-lockout web rule"
Command "anti-lockout not recognised.
> # PPTPd rules
Command # not recognised.
> anchor "pptp"
Command anchor not recognised.
> pass in quick on $wan proto gre from any to xxx.xxx.xxx.xxx keep state
Command pass not recognised.
> label "allow gre pptpd"
Command label not recognised.
> pass in quick on $wan proto tcp from any to xxx.xxx.xxx.xxx port = 1723
Command pass not recognised.
> modulate state label "allow pptpd xxx.xxx.xxx.xxx"
Command modulate not recognised.
> # SSH lockout
Command # not recognised.
> block in log quick proto tcp from <sshlockout> to any port 22 label
Command block not recognised.
> "sshlockout"
Command "sshlockout" not recognised.
> anchor "ftpproxy"
Command anchor not recognised.
> anchor "pftpx/*"
Command anchor not recognised.
> # IMSpector
Command # not recognised.
> anchor "imspector"
Command anchor not recognised.
> # uPnPd
Command # not recognised.
> anchor "miniupnpd"
Command anchor not recognised.
> #---------------------------------------------------------------------------
Command
#---------------------------------------------------------------------------
not recognised.
> # default deny rules
Command # not recognised.
> #---------------------------------------------------------------------------
Command
#---------------------------------------------------------------------------
not recognised.
> block in log quick all label "Default deny rule"
Command block not recognised.
> block out log quick all label "Default deny rule"
Command block not recognised.
> ############### END V 1.2.3 #################
Command ############### not recognised.
> _______________________________________________
Command _______________________________________________ not recognised.
> List mailing list
Command List not recognised.
> [email protected]
Command [email protected] not recognised.
> http://lists.pfsense.org/mailman/listinfo/list
Command http://lists.pfsense.org/mailman/listinfo/list not recognised.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
