Re: [pfSense Support] block facebook twitter and youtube pfsense
openDNS can help with this as well. 2010/6/4 Kai Lan lk9...@me.com I think the easiest way is over ride the dns. Or make the ips routed to a wrong destination by adding a static route rule. Regards, Kai On 4 Jun 2010, at 15:41, Luis G. Coralle luiscora...@gmail.com wrote: 2010/6/4 Luke Jaeger ad...@pvpa.orgad...@pvpa.org We use squidguard in combination with shallalist (http://www.shallalist.de www.shallalist.de) to block sites by category (malware, porn, gambling, etc). You can also add individual domains to your blacklist by hand. Works great. Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School http://www.pvpa.orgwww.pvpa.org On Jun 4, 2010, at 12:18 AM, justino garcia wrote: How does one go by blocking facebook twitter and youtube also how does one autoblock malicous sites Thanks Justin -- Justin IT-TECH - To unsubscribe, e-mail: support-unsubscr...@pfsense.com support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com support-h...@pfsense.com Commercial support available - https://portal.pfsense.org https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com support-h...@pfsense.com Commercial support available - https://portal.pfsense.org https://portal.pfsense.org Hi, squid no caching https pages. Facebook have https too ( https://www.facebook.com/https://www.facebook.com/ ) To block this you have to add rule like: Destination: Type: Network Address: 66.220.144.0/20 See: - http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses - whois 69.63.189.16 -- Luis G. Coralle Departamento de Informática Facultad de Ciencias Médicas Universidad Nacional del Comahue Av. Luis Toschi y Los Arrayanes Cipolletti - Río Negro Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140 http://medicina.uncoma.edu.ar/http://medicina.uncoma.edu.ar/
[pfSense Support] IPSEC error
I'm getting this trying to set up a tunnel between two fixed IP's. Dec 22 22:59:36 ithcprtr1 racoon: INFO: 68.185.9.206[500] used as isakmp port (fd=20) Dec 22 22:59:36 ithcprtr1 racoon: INFO: unsupported PF_KEY message REGISTER racoon.conf looks OK, but I haven't set up IPSEC in ages... IT's kind of just always worked, and I never have to mess with i. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Facing Problems with IPSec
You could put another pfsense on private IP space at HQ that knows how to forward the packets back out. So the routing decision would be made after it's traversed the tunnel. Should be simple enough. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Split DNS LAN/DMZ
Use split-horizon DNS, and different DNS servers for the LAn/DMZ hosts? On Thu, Nov 22, 2007 at 04:07:18PM +1300, Volker Kuhlmann wrote: When using the DNS forwarder with LAN hosts added, it would be desirable to not make all the same information available to the DMZ hosts. In case of using pfsense as an NTP source, LAN and DMZ hosts would need to see a different IP address for time.localnet.site. I don't see how that can be done atm. Is it a desirable feature? I would find it useful. Thanks, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:4744f4fd678941141013455! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Support in 1.3 for nforce ethernet driver?
It wouldn't be hard to compile it on a different box and add it in on a current install. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP VPN not working consistently
I have had to remove the scrub options for some reason. Customers on ATT's network, it looks like around the country, but not verified, as I don't have customers anywhere, can't pass anything but the smallest datasets to me if the router has the scrub options. If I take that out, the same customers work great. On Wed, Sep 05, 2007 at 08:23:52PM -0700, Sonny Sarai wrote: Hello, I added a post a few weeks back regarding why PPTP VPN connects at times and other times it just hangs but I received no response. This is why I am adding another post. I have pfsense 1.2 RC2. and I have set up PPTP VPN. I can connect about 70% of the time and the other timers I cannot. neither can our staff. I have entered a rule in our firewall to let PPTP clients open access as well as GRE but still nothing. Nothing is added or has been removed from the firewall but still nothing. As our company is growing, VPN is becoming more critical. I have been doing some research in the forums but I did not get anything concrete as to why this happens. Our sister company in Stockholm is running pfsense 1.2 RC2 and I can connect to them. I have mirrored their settings but I still cannot consistently connect. I am looking for pattern such as a specific time in the day or the number of times I connect. Is there a limit to how many times a client can VPN in before they are blocked for some time? Any suggestions would be greatly appreciated. I need to be able to connect to VPN consistently Thank you, Sonny - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:46df73e0369906216912515! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP VPN not working consistently
On Wed, Sep 05, 2007 at 11:34:26PM -0400, Scott Ullrich wrote: On 9/5/07, Jaye Mathisen [EMAIL PROTECTED] wrote: I have had to remove the scrub options for some reason. Customers on ATT's network, it looks like around the country, but not verified, as I don't have customers anywhere, can't pass anything but the smallest datasets to me if the router has the scrub options. If I take that out, the same customers work great. Have you tried to disable scrubbing in System - Advanced? Yeah, that's what I meant by remove, I just couldn't remember the location in all the menus. It appears to be a moderately recent development, as these same customers have been able to use it before, but I can't tie it specifically to a pfsense upgrade, only that starting about the 25th of August, that's what I had to do to get things to work. Hadn't touched the rulesets in ages, just updated to the latest RC... WHat's odd is that tcpdump would show the incoming packet, but the application never saw the connection get completed and handed off, and the kernel never responded. Disable scrub, voila'... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP VPN not working consistently
I don't know if the reload filter actually reloads everything, or just the rules or queues... I don't see how it can hurt to reboot and check. If turning off scrub doesn't help, you definitely want to turn it back on... On Wed, Sep 05, 2007 at 08:57:41PM -0700, Sonny Sarai wrote: Thank you both for replying so quickly. I have disabled scrubbing. Should I wait a while before I can tell if it worked or not? It is not working right now. Do I need to reboot if it does not work. Thanks again, Sonny Scott Ullrich wrote: On 9/5/07, Jaye Mathisen [EMAIL PROTECTED] wrote: I have had to remove the scrub options for some reason. Customers on ATT's network, it looks like around the country, but not verified, as I don't have customers anywhere, can't pass anything but the smallest datasets to me if the router has the scrub options. If I take that out, the same customers work great. Have you tried to disable scrubbing in System - Advanced? Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:46df7bc2373906284142498! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Minor traffic shaper ?
OK, haven't run into this before. WAN is a 1.5meg DSL, OPT1 is a 10 meg cable connection. The 10 meg connection supports a VPN connection for backups and such. So I have a rule that says any traffic to x.x.x.x goes out OPT1, everything else out the WAN. The traffic shaper is taking all that traffic, and merrily shaping it, even though the traffic is to/from OPT1. What's the best solutino for me? Either traffic on OPT1 (to and from) it, needs to bypass the shaper completely, or somehow I need to specify that whiel for most connections, the WAN speed is 1.5meg, for this one host, it's the 10 meg... How do I make this right? (I've just started re-using the shaper, before OPT1 was antoher 1.5meg DSL, and to be honest, I don't think I noticed that problem, although it was most likely happening. THanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Quick comments on 1.2 beta2 on soekris 4801
Add support for prioritizing ssh traffic on port 22, and an easy way to specify a specific port for BT traffic, since the default isn't always used. Anyway, 1.2 beta 2 is working pretty well for me. I think the php process is using less memory for HTTP sessions, which is helping. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancer problems
Try one of the 1.2.1 beta's. Many issues resolved, all around better product. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] shaper
Jump to 1.2 beta, and be happy... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Upgrade question using LiveCD
I upgraded just using the .tar.gz file (not an ISO) on my soekris. It worked fine, except it didn't shutdown/reboot, I had to manually reset it. Since then, it's been working great, and the addition of miniupnpd in the base install as well as the various improvements has been great... YMMV. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] OK, I think this is simple...
Using a soekris 4801 with 1.0.1 of pfsense on a single WAN connection, works just fine. I want to add another WAN connection to OPT1, but I don't want failover, or load balancing, I have 1 application that needs to route traffic out the new connection. I can specify the destination IP for any rules tha tneed to be set, although if it can be donw by port, that's fine too. However, it does need to NAT the outbound connection. currently I'm justing a box doing netcat on the inside/outside ports, and that works fine, but it seems like overkill, wiht this router sitting there. Is it just a matter of configuring OPT1, and then setting somewhere the appropriate next-hop address for traffic to a specific IP via a rule? The OPT1 interface would be DHCP, and I would *not* want to use a default route out OPT1 regardless... THanks in advance... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OK, I think this is simple...
Yeah, I read that. But I don't want load balancing or failover. Logging in via shell shows the routing is set right, in that the default route is still WAN. # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.58.179.174 UGS 0 837 sis0 I created an OPT1 interface, set it to DHCP. Went to firewall rules and added a rule that sent proto:any, source:*, Port*, dest 4.2.2.2, port *, Gateway OPT1. # User-defined rules follow pass in quick on $lan from 192.168.0.0/24 to any keep state label USER_RULE: D efault LAN - any pass in log quick on $lan route-to ( sis2 192.168.100.1 ) from any to { 4.2.2. 2 } keep state label USER_RULE But all traffic is now going out the OPT1 interface, instead of just traffic to 4.2.2.2 Tracing route to pfsense.org [69.64.6.13] over a maximum of 30 hops: 11 ms1 ms1 ms 192.168.0.1 2 *** Request timed out. 338 ms38 ms39 ms 67.42.192.195 436 ms36 ms35 ms 67.42.192.125 535 ms36 ms35 ms 205.171.150.33 What's weirder is that the ISP on OPT1 is allowing the traffic packets with my WAN interface IP to pass through it. It doesn't appear to be nat'd to the OPT1 interface IP either... On Thu, Apr 05, 2007 at 11:38:27PM +0200, Holger Bauer wrote: http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing Holger -Original Message- From: Fuchs, Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 11:13 PM To: support@pfsense.com Subject: AW: [pfSense Support] OK, I think this is simple... I don't have thos config, but i could imagine it works with the gateway option (select a gateway different than default) Perhaps it might be necessary to define a pool or else fort hat... Just try a bit :-) Regards, Martin -Urspr?ngliche Nachricht- Von: Jaye Mathisen [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 5. April 2007 22:53 An: support@pfsense.com Betreff: [pfSense Support] OK, I think this is simple... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dual WAN, but only 1 default route...
I have a DSL connection wiht 32 static IP's, and a cable connection. I have one very specific use for the cable connection and everythign else goes over the DSL. The Cable uses DHCP to assign IP's, and static is not an option for them. My office subnet is NAT'd behind one of the 32 static IP's. I want to continue NAT'ing 99% of the traffic out that interface, and out the cable interface, for the 1 connection to the 1 resource, I want it to be NAT'd, but use the cable for outbound traffic. The catch is, I don't want the cable DHCP info to over-write the default route info that I have configured... Can I do this? Or am I perhaps not asking the question clearly? Probably the latter. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Anyway to just disable NAT?
Is there anyway to just disable the NAT portion, and keep all the cool firewall management interface, and filtering, and all that stuff, but just have the LAN interface IP's be public and not NAT'd? Don't need BGP, or ospf, or anything like that, just a basic router, but with the nice web GUI... Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Intel PWLA8494MT support with latest update of RC2
Well, the ifconfig name parameter is there, probably wouldn't be too difficult to make something up based on mac address, and just key off the name... But yeah, it can be annoying. Too bad interface names can't be hardwired like SCSI disk ID's can be... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]