Re: [pfSense Support] DNS Issues with 1.2 RC2
On Sat 27 Oct 2007 05:00:21 NZDT +1300, Paul M wrote: > surely it's easier to simply run your own caching resolvers? that way > you can force a cache flush if you're changing your own DNS. Nope, not enough. I run pfsense in 2 places (1.0.1 and 1.2beta-some), with caching dns enabled. Several times a day browsers just give a bogus "domain doesn't exist". With a particular banking website I have yet to see a name resolution first time; as it's blowing up in <<1s I conclude something, somewhere, doesn't even *try* to resolve. An immediate browser reload is always successful. This with various ISPs' nameservers. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problem with RDP and VNC Streams
On 10/26/07, Ronny Forberger <[EMAIL PROTECTED]> wrote: > > > I can see my setting on the GUI but not on ifconfig when doing so. It is defined in PF. See /tmp/rules.debug. This is also a FAQ. Search the lists archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problem with RDP and VNC Streams
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Ullrich schrieb: > On 10/26/07, Ronny Forberger <[EMAIL PROTECTED]> wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Thanks, I think the wrong MTU caused it. Great! >> >> I found how to set the MTU via the GUI. But ng0 device will remain >> having the wrong old MTU. :( >> >> When I do >> >> $ ifconfig ng0 mtu 1492 >> >> it'a gonna be set and the problem is gone. But not via the WebGUI. >> >> Can you tell me why it's not being applied to the interface via the >> WebGUI? > > Set the MTU in Interfaces -> WAN. > > Scott > I can see my setting on the GUI but not on ifconfig when doing so. - - Ronny > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - -- Ronny Forberger Systemadministration & IT-Support elego Software Solutions GmbH Gustav-Meyer-Allee 25 Gebäude 12, Raum 227 D-13355 Berlin Tel. +49 30 23 45 86 96 ronny.forberger at elegosoft.com Fax +49 30 23 45 86 95 http://www.elegosoft.com Geschäftsführer: Olaf Wagner, Sitz Berlin Amtsgericht Berlin-Charlottenburg, HRB 77719, USt-IdNr: DE163214194 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHIj5OXa9RCz+1wnMRAprJAJ49OjuIExRvhcrK5flhv+QNJ3jvPgCeP8y4 JEzYKrUmjld5L95bA7w1S48= =FgTs -END PGP SIGNATURE-
Re: [pfSense Support] Problem with RDP and VNC Streams
On 10/26/07, Ronny Forberger <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Thanks, I think the wrong MTU caused it. Great! > > I found how to set the MTU via the GUI. But ng0 device will remain > having the wrong old MTU. :( > > When I do > > $ ifconfig ng0 mtu 1492 > > it'a gonna be set and the problem is gone. But not via the WebGUI. > > Can you tell me why it's not being applied to the interface via the > WebGUI? Set the MTU in Interfaces -> WAN. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DNS Issues with 1.2 RC2
I try and stay away from ISP's that do that kind of stuff as much as possible (even though I use comcast which got nailed for throttling BitTorrent traffic). I know some areas don't have an alternative ISP to dump to. If you are using this for a business service then that is something you might be able to get a Service Level Agreement worked out with them to unrestrict the ports. Home users will pretty much always be boned on that front though. -Sean > Date: Fri, 26 Oct 2007 17:00:21 +0100> From: [EMAIL PROTECTED]> To: > support@pfsense.com> Subject: Re: [pfSense Support] DNS Issues with 1.2 RC2> > > Sean Cavanaugh wrote:> > I personally use OpenDNS for everything since > theyre outside of what the> > ISP handles.> > surely it's easier to simply > run your own caching resolvers? that way> you can force a cache flush if > you're changing your own DNS.> > the only time either your or my strategy > fails is when you have an ISP> like NTL in the UK who do udp:53 hijacking > (just like they force all web> traffic through their proxies, they do similar > with DNS!). the only way> I found round that was to put my own resolver on a > public lan at work on> a different port and hack my local bind9 config to > resolve off it! > > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Peek-a-boo FREE Tricks & Treats for You! http://www.reallivemoms.com?ocid=TXT_TAGHM&loc=us
Re: [pfSense Support] DNS Issues with 1.2 RC2
Sean Cavanaugh wrote: > I personally use OpenDNS for everything since theyre outside of what the > ISP handles. surely it's easier to simply run your own caching resolvers? that way you can force a cache flush if you're changing your own DNS. the only time either your or my strategy fails is when you have an ISP like NTL in the UK who do udp:53 hijacking (just like they force all web traffic through their proxies, they do similar with DNS!). the only way I found round that was to put my own resolver on a public lan at work on a different port and hack my local bind9 config to resolve off it! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Custom startup scripts
On 10/26/07, Chris Daniel <[EMAIL PROTECTED]> wrote: > You can't make init scripts in the XML config file, no. I don't think > it's quite within the scope of a configuration file to store scripts, > anyway. But if you have something you want to be run on boot, use > and . Don't forget it's XML and needs to have html entities escaped (> become >) else you'll blow up your config file rather spectacularly. rm /tmp/config.cache after editing also, else you'll likely get your changes overwritten from cache. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Custom startup scripts
You can't make init scripts in the XML config file, no. I don't think it's quite within the scope of a configuration file to store scripts, anyway. But if you have something you want to be run on boot, use and . Tortise wrote: Can this be done via the xml to be truly portable? Kind regards David - Original Message - From: "Joe Laffey" <[EMAIL PROTECTED]> To: Sent: Thursday, October 25, 2007 7:35 AM Subject: Re: [pfSense Support] Custom startup scripts On Wed, 24 Oct 2007, Scott Ullrich wrote: On 10/24/07, Joe Laffey <[EMAIL PROTECTED]> wrote: Where is a safe place to put custom startup script that can be run at boot time, and will not be wiped by future updates to pfsense? Create a script in /usr/local/etc/rc.d/ Example: /usr/local/etc/rc.d/startup.sh Be sure the script is a+x and that it ends in .sh to run. I shall give it a shot. Thanks! -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e07514 USA | - . |-*- Digital Fusion Plugins -*- -- Mail here will be rejected --> "Real Trap" <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DNS Issues with 1.2 RC2
I personally use OpenDNS for everything since theyre outside of what the ISP handles. only "downside" is that if it cannot resolve a domain for HTTP, it pulls up their search page instead. -Sean > From: [EMAIL PROTECTED]> To: support@pfsense.com> Date: Fri, 26 Oct 2007 > 09:20:52 -0400> Subject: Re: [pfSense Support] DNS Issues with 1.2 RC2> > I > will try this later to see what the result is. Scott's suggestion of using > > a static route worked perfectly. The trouble seemed to come from using OPT1 > > and OPT2 DNS servers as the default. The pfsense machine was trying to > > resolve with those DNS servers using the WAN interface. I added entries for > > the LAN section of the firewall rules. This set the correct outbound > > interface for machines on the LAN but did not seem to help the pfsense > > machine itself. If the ISP used on the WAN interface did not has lousy DNS > > servers, I would never have noticed this issue. > > Robert> > On Friday 26 > October 2007 05:36, Paul M wrote:> > Robert Goley wrote:> > > based routing. > DNS refuses to work. This is because the pfsense machine> > > can> >> > I > have no answer for you, but an idea to try.> >> > run "tcpdump -l -n -i xxx > udp and port 53" on the firewall for each> > interface xxx in turn whilst > trying to resolve and see if any packets> > are seen.> >> >> >> >> > > -> > To > unsubscribe, e-mail: [EMAIL PROTECTED]> > For additional commands, e-mail: > [EMAIL PROTECTED]> > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
Re: [pfSense Support] DNS Issues with 1.2 RC2
I will try this later to see what the result is. Scott's suggestion of using a static route worked perfectly. The trouble seemed to come from using OPT1 and OPT2 DNS servers as the default. The pfsense machine was trying to resolve with those DNS servers using the WAN interface. I added entries for the LAN section of the firewall rules. This set the correct outbound interface for machines on the LAN but did not seem to help the pfsense machine itself. If the ISP used on the WAN interface did not has lousy DNS servers, I would never have noticed this issue. Robert On Friday 26 October 2007 05:36, Paul M wrote: > Robert Goley wrote: > > based routing. DNS refuses to work. This is because the pfsense machine > > can > > I have no answer for you, but an idea to try. > > run "tcpdump -l -n -i xxx udp and port 53" on the firewall for each > interface xxx in turn whilst trying to resolve and see if any packets > are seen. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problem with RDP and VNC Streams
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thanks, I think the wrong MTU caused it. Great! I found how to set the MTU via the GUI. But ng0 device will remain having the wrong old MTU. :( When I do $ ifconfig ng0 mtu 1492 it'a gonna be set and the problem is gone. But not via the WebGUI. Can you tell me why it's not being applied to the interface via the WebGUI? - - Ronny Ronny Forberger schrieb: > The MTU of my ng0 (PPPoE) device is 1454. I think it should be > 1492. > > Can I set this somewhere? > > Cheers, > > Ronny > > Raylund Lai schrieb: >> May be checking your MTU. -Raylund > >> Ronny Forberger wrote: >>> Hi List, >>> >>> first of all let me say pfsense is an awesome idea to provide a >>> router platform. >>> >>> But I'm getting a strange problem and can't resolve it: >>> >>> All my VNC and RDP connections via being tunneled both throght >>> an SSL VPN (openvpn) and OpenSSH tunnels after a while will >>> hang. Then sometimes it turns back working but most of the time >>> I have to reconnect vnc / rdp. I seems pakets are being dropped >>> but I cant figure out where. >>> >>> This is very strange, since I was using this szenario before >>> with the same tunnels but another router. (Same external PPPoE >>> connection even). >>> >>> I do not have any traffic shaping rules enabled - I am stuck on >>> finding glues what the problem could be. >>> >>> Can you maybe give me hints? >>> >>> Cheers, >>> > >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] For >> additional commands, e-mail: [EMAIL PROTECTED] > > > - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - -- Ronny Forberger Systemadministration & IT-Support elego Software Solutions GmbH Gustav-Meyer-Allee 25 Gebäude 12, Raum 227 D-13355 Berlin Tel. +49 30 23 45 86 96 ronny.forberger at elegosoft.com Fax +49 30 23 45 86 95 http://www.elegosoft.com Geschäftsführer: Olaf Wagner, Sitz Berlin Amtsgericht Berlin-Charlottenburg, HRB 77719, USt-IdNr: DE163214194 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHIcMHXa9RCz+1wnMRAvWpAKCTVN3DlKLgxkrS2tN4T8iygqEwLgCgrZgZ DdPaeWpqb/9dmNIZxxZpK0o= =dgEG -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Bridge hw failover question
Hi, i am having some problems with running two pfsense firewalls as bridges, the switches in fron and behind both support STP but it is not activated. I have ipadresses both on the external interfaces (fo management) and the internal (just for fun) and i have a external carp interface.. dont think i need it but the rules/states seemd to sync better.. When i activate the filtering bridge and bridge the interface it works for a while then the traffic going in to the servers start going rely slow.. But no errors on the switches.. If i disabe one of the bridges the problem fixes it self.. Any toughts ? maby activating STP on the ports the firewalls are on on the switches ? Bytheway.. the hardware we are using NA-820 from www.axiomtek.com, some interrupt storms but oher then that it works great.. pfsense version: pfSense-1.2-RC2-Embedded.img.gz Mvh Daniel Rapp Incabus Systems AB Mobil: + 46 708 31 80 75 Växel: + 46 8 556 964 60 [EMAIL PROTECTED] http://www.incabus.com smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] DNS Issues with 1.2 RC2
Robert Goley wrote: > based routing. DNS refuses to work. This is because the pfsense machine can I have no answer for you, but an idea to try. run "tcpdump -l -n -i xxx udp and port 53" on the firewall for each interface xxx in turn whilst trying to resolve and see if any packets are seen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Custom startup scripts
Can this be done via the xml to be truly portable? Kind regards David - Original Message - From: "Joe Laffey" <[EMAIL PROTECTED]> To: Sent: Thursday, October 25, 2007 7:35 AM Subject: Re: [pfSense Support] Custom startup scripts On Wed, 24 Oct 2007, Scott Ullrich wrote: > On 10/24/07, Joe Laffey <[EMAIL PROTECTED]> wrote: >> Where is a safe place to put custom startup script that can be run at boot >> time, and will not be wiped by future updates to pfsense? > > Create a script in /usr/local/etc/rc.d/ > > Example: > > /usr/local/etc/rc.d/startup.sh > > Be sure the script is a+x and that it ends in .sh to run. I shall give it a shot. Thanks! -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e07514 USA | - . |-*- Digital Fusion Plugins -*- -- Mail here will be rejected --> "Real Trap" <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problem with RDP and VNC Streams
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The MTU of my ng0 (PPPoE) device is 1454. I think it should be 1492. Can I set this somewhere? Cheers, Ronny Raylund Lai schrieb: > May be checking your MTU. -Raylund > > Ronny Forberger wrote: >> Hi List, >> >> first of all let me say pfsense is an awesome idea to provide a >> router platform. >> >> But I'm getting a strange problem and can't resolve it: >> >> All my VNC and RDP connections via being tunneled both throght an >> SSL VPN (openvpn) and OpenSSH tunnels after a while will hang. Then >> sometimes it turns back working but most of the time I have to >> reconnect vnc / rdp. I seems pakets are being dropped but I cant >> figure out where. >> >> This is very strange, since I was using this szenario before with >> the same tunnels but another router. (Same external PPPoE >> connection even). >> >> I do not have any traffic shaping rules enabled - I am stuck on >> finding glues what the problem could be. >> >> Can you maybe give me hints? >> >> Cheers, >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - -- Ronny Forberger Systemadministration & IT-Support elego Software Solutions GmbH Gustav-Meyer-Allee 25 Gebäude 12, Raum 227 D-13355 Berlin Tel. +49 30 23 45 86 96 ronny.forberger at elegosoft.com Fax +49 30 23 45 86 95 http://www.elegosoft.com Geschäftsführer: Olaf Wagner, Sitz Berlin Amtsgericht Berlin-Charlottenburg, HRB 77719, USt-IdNr: DE163214194 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHIZT9Xa9RCz+1wnMRAgpAAJoDuKyKaW/1IjEflfq41Du4+ai8xQCfTWdI MVuN1E5z2EqhDKuZgrm6COk= =b7zL -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
