[pfSense Support] Multi Link Router instead of Firewall
Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multi Link Router instead of Firewall
So, it would still load Balance/Failover as a router in that case I assume. Thanks for the information. -- Heath Henderson [EMAIL PROTECTED] -- From: Sean Cavanaugh [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 30 Oct 2007 16:08:06 -0400 To: support@pfsense.com Subject: RE: [pfSense Support] Multi Link Router instead of Firewall Date: Tue, 30 Oct 2007 14:07:13 -0500 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Multi Link Router instead of Firewall Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] -- it will run as a router only if you want it to just fine. only difference is a Pass all rule thats generated. Help yourself to FREE treats served up daily at the Messenger Café. Stop by today! http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctW Ltagline
[pfSense Support] Post results to mysql DB?
Hello, I am working on a project where I can test our internet connection (a few ping tests to various servers). I welcome any suggestions someone might have regarding the design of this project. I have the results being written to variables currently (which is fine for the local machine, but I would like to be able to write this information to a mysql DB, as I have other hosts which need to get information from these scripts. I can scp or sftp in and pickup the results files, but I was looking for a little more centralized way of posting the results for the boss to be able to watch the results in real time via a local web page. Currently, I have a script running to count1=$(ping -c $count $pihostin | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }' ) if [ $count1 -eq 0 ]; then echo 100% failure on $pihostin time-dns or time might be down fi Ultimately, I am trying to create a fail over system which I can still ping out to the internet via the pf sense WAN interface but disable the internal LAN so my failover will switch on the internal router to use the Failover route (2nd pf sense system). This way, I can switch it on my schedule. WAN1 faster but less stable than WAN2. But, if WAN1 goes down, switch to WAN2 until midnight then when everyone is off the system, switch back to WAN1 (so as not to disturb users). If I can't post the results to a DB, I will need to disable the local LAN using Scott's php script from the archives. ?php require(functions.inc); require(config.inc); /* to get the wan interface, use this: */ $if = get_real_wan_interface(); /* *OR* to get the LAN interface, use this: $if = convert_friendly_interface_to_real_interface_name(LAN); /* echo out the interface that we found for this assignment */ echo $if; /* or you could do something like this: exec(/sbin/ifconfig {$if} down); */ ? -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Port Forward Question
What are the steps to setup a working port forward? I have been successful in getting this access established over a PPTP VPN connection, but I need to setup access to a specific port for our Filemaker Service to be accessed by some individuals. I need to get port 5003 (TCP/UDP) Filemaker setup to forward to internally to our Filemaker server. I have created the Port Forward rule and Autocreated the Firewall Rule. It all looks good, BUT What I am seeing is random connections from several ports from the Client end to port 5003 on my Port Forward end. Ranging from 61000-64000 but I don't know if that is all the range there is. But, how is this specified in the rules to allow from any port to a specific port? -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port Forward Question
I answered my own question. Sometimes you have to delete all rules and just reset. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Heath Henderson [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Thu, 21 Sep 2006 11:23:28 -0500 To: support@pfsense.com support@pfsense.com Conversation: Port Forward Question Subject: [pfSense Support] Port Forward Question What are the steps to setup a working port forward? I have been successful in getting this access established over a PPTP VPN connection, but I need to setup access to a specific port for our Filemaker Service to be accessed by some individuals. I need to get port 5003 (TCP/UDP) Filemaker setup to forward to internally to our Filemaker server. I have created the Port Forward rule and Autocreated the Firewall Rule. It all looks good, BUT What I am seeing is random connections from several ports from the Client end to port 5003 on my Port Forward end. Ranging from 61000-64000 but I don't know if that is all the range there is. But, how is this specified in the rules to allow from any port to a specific port? -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Thanks -- Heath Henderson -- From: Scott Ullrich [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 01:38:10 -0400 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
Thanks, I will plan this for end of day then. I have a hdd install so I should be ok. Thanks again. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Holger Bauer [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 16:59:30 +0200 To: support@pfsense.com Conversation: [pfSense Support] Load balancer problem Subject: RE: [pfSense Support] Load balancer problem If you run off a hdd full installation upload the full update file at systemfirmware. It will apply the update and reboot after that. You won't lose your configuration, just a downtime for the reboot. If you run from a cf-card and used the embedded image to start with you have to reflash the card. The version you are running doesn't support updates. Updates for embedded builds was introduced some versions ago. The new version however will now be upgradable. Please note that the new image has a size of 128 mb so you need at least a 128 mb cf-card. This was needed to support updates for these platforms. If you run this kind of install the future upgradeprocess will be the same like for the full install but you have to upload the mini update file. Holger -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 19, 2006 3:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Thanks -- Heath Henderson -- From: Scott Ullrich [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 01:38:10 -0400 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
Thanks, I couldn't get the readme to open. I did however get the snapshot files downloaded earlier so I am good to go now. Thanks for the suggestion though. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Bill Marquette [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 10:55:53 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem On 9/19/06, Heath Henderson [EMAIL PROTECTED] wrote: This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Hmm, there is a README in the same directory that explains quite a bit. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dynamic Rule
I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
This sounds like a better route. I wondered though, I know SSH access is setup internally, but I assume I must create a rule to allow access to it from the outside? Can I setup access from another port than 22 on the external interface or in the SSH config file? A little new here to setting these types of rules up. Thanks In Advance. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Rob Terhaar [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Mon, 18 Sep 2006 10:50:34 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Dynamic Rule why don't you just setup an ssh tunnel and give him psuedo vpn via that? On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
Thanks, I am going to go the SSH route first. I will have access to setup VPN in about 2 months. I just don't have the time currently, and this person's system is in California and I am not. I haven't setup the ssh tunnel before, so if anyone has any pointers. I want to make this as secure as possible on my end. He only has to get into our Filemaker server so limited remote access is where I will be going. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Bill Marquette [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Mon, 18 Sep 2006 11:40:02 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Dynamic Rule On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- You could always try OpenVPN. I know of at least one person using pfSense using it with OSX. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] SSH access?
Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] SSH access?
Thanks, I have done everything but the logs. I haven't had time to get to them. I was sure it should be something simple, but for the life of me I couldn't get a connection. So, I will watch the logs this weekend and see what gives. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Craig FALCONER [EMAIL PROTECTED] Organization: Craig FALCONER Reply-To: support@pfsense.com Date: Fri, 25 Aug 2006 08:30:56 +1200 To: support@pfsense.com Subject: RE: [pfSense Support] SSH access? Shouldn't be anything special - make sure SSH is turned on in the advanced page, and give the machine time to generate ssh keys etc. (you'll get a message at the top of your window when that is done) Also confirm you're using the right port (22) Check out the firewall logs page as well, just after you try sshing to the box... Often that points you in the right direction. -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Friday, 25 August 2006 5:51 a.m. To: support@pfsense.com Subject: [pfSense Support] SSH access? Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] New Pfsense setup question?
Hello all, new to the list and pfsense. What we are wanting to do is setup a bridge basically. We like IPCOP as a managed Firewall option, but for redundancy reasons, have had to add a DSL and Cable Broadband connection to our Network. Previously we only had a DSL connection from verizon. It has issues more often than not. We have added now the cable connection. The IPCOP setup is work very nicely as a single DSL firewall, but obviously we want to have load balancing or at least failover setup between the two broadband connections. This can't be done easily if at all on IPCOP. OK, that is what is going on. Now, the setup we want to do is Use the pfsense box as a load balancer/failover point to bring the two Broadband connections into. It would handle these and route them to one internal connection (The RED zone) on the ipcop. We would then use IPCOP as the firewall between our network and the rest of the world. I assume this is possible? Will the pfsense box be secure? Do we need to setup special routing on it. Is there a documented setup for this. Being new, I found some howto pdfs, but wasn't sure if it would apply here. Anyway help or suggestions would be welcome. Thanks -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Pfsense Bridge/Router 2WANs
What we are wanting to do is setup a bridge basically. We like IPCOP as a managed Firewall option, but for redundancy reasons, have had to add a DSL and Cable Broadband connection to our Network. Previously we only had a DSL connection from verizon. It has issues more often than not. We have added now the cable connection. The IPCOP setup is work very nicely as a single DSL firewall, but obviously we want to have load balancing or at least failover setup between the two broadband connections. This can't be done easily if at all on IPCOP. OK, that is what is going on. Now, the setup we want to do is Use the pfsense box as a load balancer/failover point to bring the two Broadband connections into. It would handle these and route them to one internal connection (The RED zone) on the ipcop. We would then use IPCOP as the firewall between our network and the rest of the world. I assume this is possible? Will the pfsense box be secure? Do we need to setup special routing on it. Is there a documented setup for this. Being new, I found some howto pdfs, but wasn't sure if it would apply here. Anyway help or suggestions would be welcome. Thanks Heath - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]