Not to take anything away from pfSense. Because
pfSense rocks at
layer 2 & 3.
But you might look at IPcop w/ L7-filter.
http://l7-filter.sourceforge.net/
http://www.ipcop.org/index.php?module=pnWikka&tag=IPCopAddons
In fact we use pfSense with this very same
add-on(s) (IPcop &
L7-Filter) at sev
So let's see if I am getting this
If the "intermediate router" sees the "destination
address" as part of its "connected network" then
it passes the packet to the destination directly.
Then the destination host sees its "default
gateway" as the pfSense box and passes the return
traffic to it
I did as you'd said below and found no difference,
but one thing I did notice is that when doing the
upgrade that ("I thought") broke reflective
routing appears to have "unchecked" the option
under the advanced section about bypassing rules
for networks that share the same interface.
I have always
It looks like it is getting hung up on the way
back out of the virtual (test) environment
Nov 27 21:41:55 LAN 192.168.22.22:5900
192.168.1.2:33150 TCP
The rule that triggered this action is:
@62 block drop in log quick all label "Default
deny rule"
And I have the
, LLC
- Original Message -
Subject: Re: [pfSense Support] Reflective routing
broken in newest 1.2.1-RC2 SNAP
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-27-2008 7:37 pm
> On Thu, Nov 27, 2008 at 11:57 AM, DLStrout
<[EMAIL PROTECTED]> wrote:
> > If I back
/SA keep state label
"FTP PROXY: Allow traffic to localhost"
pass in quick on le1 inet proto tcp from any port
= ftp-data to (le1) port > 49000 flags S/SA keep
state label "FTP PROXY: PASV mode data connection"
anchor "imspector" all
anchor "miniupnpd" all
blo
nything else.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] Reflective routing
broken in newest 1.2.1-RC2 SNAP
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-27-2008 2:01 pm
> On Thu, Nov 27, 2008 at 11:57 AM, DLStro
If I back down (using the console UG method - 13)
to the image below (from mirror) and restore the
backed-up configuration (interfaces portion only)
... all seems to work as before.
pfSense-Full-Update-1.2.1-RC2.tgz 19-Nov-2008
21:5439M
--
David L. Strout
Engineering Systems Plus, LLC
;
# enable ftp-proxy
# IMSpector
anchor "imspector"
# uPnPd
anchor "miniupnpd"
#---
# default deny rules
#---
block in log quick all
As a follow up to this post ... here is the ticket
that fixed this issue earlier in the 1.2.1 testing
SNAP
http://cvstrac.pfsense.org/chngview?cn=26056
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: [pfSense Support] Reflective routing
broken in newest 1.2
I just updated our 1.2.1-RC2 to the newest SNAP:
1.2.1-RC2
built on Thu Nov 27 13:35:44 EST 2008
I had been having issues w/ reflective routing in
past 1.2.1 SNAPs but it got resolved back a couple
weeks ago with a new SNAP.
After this morning update I see that it is broken
again. I preform th
Turn off automatic NAT and check your NAT rules w/
status.php page.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: [pfSense Support] Routed Subnet
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-23-2008 11:46 am
> Hi All,
>
> I'm trying to confi
Absolutely NOT disappointed at all, just pointing
out an issue ... quite the contrary in fact, and I
am as anxious as any to see some of the fantastic
new features of 2.0 in a STABLE release. Really
just try to provide some input into 2.0 from our
prospective.
So just so I have this straight .. (
--
On Tue, Nov 11, 2008 at 8:31 PM, DLStrout <[EMAIL
PROTECTED]> wrote:
> Excellent .. is this change committed to both
1.2.1 and 2.0 versions?
>
Yes.
--
David L. Strout
Engineering Syste
PM, DLStrout wrote:
> I've notice in recent releases that reflective
routing is broken.
Most
> notably all releases > 1.2 STABLE.
>
Fixed.
http://cvstrac.pfsense.org/chngview?cn=26056
-
To unsubscribe, e-mail:
I've notice in recent releases that reflective
routing is broken.
Most notably all releases > 1.2 STABLE.
The most notable is having multiple routers on one
network and being
able to default gateeways the host of that network
and place static
routes on the gateway (pfSense) and have it
reflect th
ct you've all put forth,
and for those among us that use this setup and
know it
IMHO .. as always!
- Original Message -
Subject: Re: Re: [pfSense Support] Force
Speed/Duplex on NIC
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-06-2008 9:53 pm
> On Thu, Nov 6, 2008
I've been running CP on a 1.2 install for about 6
months now and we now are noticing that there is
no authentication happening.
Thing we've tried:
> Moving the CP to another interface (ie WLAN (WAP
connected ethernet)).
> Starting and restarting the CP service (fails
the webConfigurator when we r
I wonder why/how to code this into the
weConfigurator??
After all this is pretty industry standard/best
practice (hard coding speed/duplex on edge
devices/routers/firewalls).
Can this be added to the "wish list" for 1.3/2.0?
> I had a similar issue. Edit /conf/config.xml and
restart the firewall
al Message -
Subject: Re: [pfSense Support] config.xml decrytp
???
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 10-26-2008 10:54 am
> On Sun, Oct 26, 2008 at 9:54 AM, DLStrout
<[EMAIL PROTECTED]> wrote:
> > Is there a "default" password to decrypt the
config.xml file
Is there a "default" password to decrypt the
config.xml file in the
latest 1.3AA?
I recently updated 1.3Ax2 and now get prompted for
a password to
decrypt the config.xml and if I CTRL-C out the box
will only come up
in "single user mode".
Any insight is great appreciated
Is there a special list/forum for 1.3 Alpha/Alpha
questions ... just
don't want to muddy the water here with alpha
testing questions.
Thanks!
Just a small this time through on ...
pfSense-20080803-1138.iso.gz
/libexec/ld-elf.so.1:
/usr/local/lib/php/20060613/xml.so: Undefined
symbol "XML_ParseCreate_MM"
Just wanted to keep up with testing.
--
David L. Strout
Engineering Systems Plus, LLC
:26 PM, DLStrout wrote:
> Bill, Anyone,
>
> Would it be possible to get notified when you
all feel this issue
is
> resolved and ready for -re-testing??
>
> I'd welcome the opportunity to dive into 1.3
A2X, but unfortunately
we are
> short on standalone server hardware ... s
I was just wondering if there was something
drastically broke in the
past "latest" release? Why the removal (just to
far out of date?)
I uninstalled on a test box and I can't even get
it back in its "old"
version/state ... is there a reason that the older
version wasn't left
available? Seem that
Bill, Anyone,
Would it be possible to get notified when you all
feel this issue is
resolved and ready for -re-testing??
I'd welcome the opportunity to dive into 1.3 A2X,
but unfortunately
we are short on standalone server hardware ... so
VM is my only
option now.
--
David L. Strout
Engineering Sy
40 PM, DLStrout wrote:
> et al,
>
> So I was inspired to dig into the newest Alpha2X
1.3 today and
fired up the
> VM and was pleasantly greeted w/ an XML error:
>
> "XML error: no pfSense object found!"
>
> Any thoughts anyone???
> --
> Da
et al,
So I was inspired to dig into the newest Alpha2X
1.3 today and fired
up the VM and was pleasantly greeted w/ an XML
error:
"XML error: no pfSense object found!"
Any thoughts anyone???
--
David L. Strout
Engineering Systems Plus, LLC
deploy 1.3 given it's
state of development (i.e. alpha-alpha).
SIDE NOTE:
Anyone having issues running 1.3 on VMware w/
Ubuntu 6.06LTS as the
"host". I can start a seperate thread if there is
cause to.
Thanks again ALL !!!
DLStrout- Original Message -
SU
I have been tinkering w/ the Shrew Soft VPN
client and was wondering
if there is anyway (maybe I'm missing it) to setup
IPsec clients to be
"dhcp over IPsec" or "IKE config pull/push"
clients? I see in the
Shrew docs that this method is supported by the
client, but I don't
see any option
I've watched the stream all afternoon and just
wanted to offer my .02
worth on the matter as we have a rather large
multi-VPN deployment
with a mix of solutioning to fit the appropriate
needs.
Point I:
I agree whole-heartedly that if you are in control
of the
workstations/laptops "abroad" and the
I am running the latest 1.2 and have had snort installed since back in the
1.2SNAP days (a good 6-8 months). After to upgrading to 1.2 STABLE, I get
the following error every time I go to the Snort update rules page.
Warning: file_get_contents(http://www.snort.org/pub-bin/downloads.cgi):
failed t
t the purpose I suspect.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] CP broken ??
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 01-04-2008 6:33 pm
> DLStrout wrote:
> > I upgraded a pfS box over vacation to SNAP:
&
Another complexity seems to be that when I restart
or stop/start the lighttpd service it chokes the
webConfigurator (ie. no web management service)
and I have to restart the webConfigurator with the
shell option 11.
Just an added FYI.
--
David L. Strout
Engineering Systems Plus, LLC
- Origi
I upgraded a pfS box over vacation to SNAP:
1.2-RC3
built on Sat Dec 29 09:06:06 EST 2007
and I have several users that are complaining
(well not complaining .. cheering actually) that
they never get challenged for UN/PW. I just
confirmed this with my WiFi laptop and sure enough
... no UN/PW pro
Forks Office Products, Inc.
> 631-727-3354 X107
>
>
>
> -----Original Message-
> From: DLStrout [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 02, 2008 8:18 AM
> To: support@pfsense.com; support@pfsense.com
> Subject: Re: RE: [pfSense Support] Squidguard
blocks
I have found the same to be true. I have been
tinkering with it for weeks trying to get it to
properly write the config file and police traffic
based on the ACL/rules settings, but have had very
little luck.
I found that it somewhat temperamental about
writing the config file and that seems (at l
Are URL aliases dead?
I have several users that I would like to restrict
to several web sites ONLY and also apply a
schedule (using the GREAT scheduler feature) to
restrict their online time.
--
David L. Strout
Engineering Systems Plus, LLC
Good evening all
Just wondering if there are any plans for URL
aliases? I see that it was planned or has been
introduced into the HEAD build but I am
running 1.2 RC3.
I have several users that I would like to restrict
to several web sites ONLY and also apply a
schedule (using the GREAT
Just wondering if there is a difference between
1.2RC3 & 1.3. If so then where might one find a
feature list or change log. I looked on the
CVStrack "timeline", and could see anything there
is the release.
Thanks.
--
David L. Strout
Engineering Systems Plus, LLC
-
Just wondering if this is a known issue or is
there anyone who might lend some advice?
Should I submit a ticket on this issue? Has
anyone been able to reproduce? Should I upgrade
"again" to a more current build?
Thoughts, suggestions, feedback ?
- Original Message -
Has anyone exp
Has anyone experienced VIP/NAT issues w/ the
current rel?
1.2-RC3 > built on Wed Oct 10 05:44:26 EDT 2007
=== HERE'S THE SETUP ===
OPT1-[host=10.0.0.100]
|
LAN--[net=192.168.1.0/24][pfSense=192.168.1.1/VIP=192.168.1.200]
|
WAN--[net=x.x.x.x]
=== HERE'S THE VIP SETUP ===
oth
Nice .. THANKS
--
--> David L. Strout
--> ENGINEERING SYSTEMS PLUS, LLC
--> [EMAIL PROTECTED]
--
-Original Message-
From: Fuchs, Martin [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 19, 2007 12:23 PM
To: support@pfsense.com
Subject: AW: [pfSense Support] Squid package ?
Use t
-01/msg00035.html
-Original Message-
From: DLStrout [mailto:[EMAIL PROTECTED]
Sent: Monday, July 16, 2007 4:41 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] spoke and hub ipsec vpn?
This and other mail-list issues related to this NAT/routing/IPSec question
begs the question
This and other mail-list issues related to this NAT/routing/IPSec question
begs the question is/are there any plans to integrate NAT-T into
pfSense? I see there has been some brief chatter on this in the past, but I
was more looking for an update (if any) on what has been, or is being, done
t
Interesting I have tried opening up the IPsec policy to ANY <> ANY on
both the pfS1/2 boxes. I still see the traceroute (ICMP) packets heading to
INET from NET1 when tracing to a NET4 address.
Maybe a combo of IPsec policys and static routes??? Not quite sure, not
having any luck in trying
Hope this gif image is a better rep of what I was trying to convey ...
-Original Message-
From: David Strout [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 03, 2005 7:57 AM
To: support@pfsense.com
Subject: [pfSense Support] multi gateway LAN routing
When setting up a pfS on a lan w/
Is there a running archive of builds for pfSense?
Where are the older ISOs and update tgz files located?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
NOTE:
I wouldn't recommend trying to edit either of these 2 files through the
[webConfigurator: Diagnostics: Edit File] screen. I ssh'd to the
pfSense box and entered the shell and made the edits the old fashion way
w/ 'vi'.
Would it be possible to fix the following to files in the next up
Would it be possible to fix the following to files in the next update?
/usr/local/www/diag_ipsec_sad.php
/usr/local/www/diag_ipsec_spd.php
Here is what I came up with ... let me know if I am wrong.
==
TYPE: File Modification
FILE: /usr/local/www/diag
Scott Ullrich wrote:
Please try 0.79.4 and report back if you have had problems with
previous LiveCD's.
I have just done update (0.79.2 > 0.79.4), and the first thing I noticed
is that you lose all states in the table after the update & reboot (ie:
all connections broken - http, IPSec, ect.
I too do not believe that it is a handware issue, as I just installed
the old tried and true "Slackie" and no errors on disk
check/format/partitioning/installing been up and running strong
(exact same hardware - Dell GX260) since 2pm EST.
I will try the tools, but I suspect F/BSD als
I am running 0.74.8 - had a little issue w/ the rules in porting the
config backup, but all-in-all everything is stable.
alan walters wrote:
Have no probs with ipsec on 0.74.6
-Original Message-
From: David Strout [mailto:[EMAIL PROTECTED]
Sent: 15 August 2005 18:55
To: [EMAIL PROTE
And then finally I get this in the system log
racoon: ERROR: x.x.x.x give up to get IPsec-SA due to time up to wait.
I get these errors when trying to nail up a tunnel:
racoon: ERROR: pfkey ADD failed: Invalid argument
racoon: ERROR: pfkey ADD failed: Invalid argument
racoon: ERROR: pfke
I get these errors when trying to nail up a tunnel:
racoon: ERROR: pfkey ADD failed: Invalid argument
racoon: ERROR: pfkey ADD failed: Invalid argument
racoon: ERROR: pfkey UPDATE failed: Invalid argument
kernel: WARNING: pseudo-random number generator used for IPsec processing
racoon: INFO: ini
Subject correction ... apologies.
FYI,
I just tried the 0.76.2.tgz update on a 0.74.8 (been working GREAT)
system. I get the same as the past three updates (75, 75.2, 76)
Firmware image missing or other error, please try again.
I have also tried a fresh ISO (0.76) on a AMD system that has
FYI,
I just tried the 0.76.2.tgz update on a 0.74.8 (been working GREAT)
system. I get the same as the past three updates (75, 75.2, 76)
Firmware image missing or other error, please try again.
I have also tried a fresh ISO (0.76) on a AMD system that has the
following "known/suggested" har
What is the best encryption to use to fully utilize the accelerators
under pfSense?
Scott Ullrich wrote:
On 8/13/05, DLStrout <[EMAIL PROTECTED]> wrote:
Does the current pfSense kernel support the Soekris vpn1201 & vpn1401
PCI boards?
Yes, it should.
Scott
---
avast!
Does the current pfSense kernel support the Soekris vpn1201 & vpn1401
PCI boards?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Is ther a fix or a plan for a fix?...and has anyone considered a
RRDTools replacement such as ifGraph as an alternative to SVG?
Bill Marquette wrote:
Yup. IE 6 apparently doesn't love us.
--Bill
On 8/12/05, David Strout <[EMAIL PROTECTED]> wrote:
Yes, I am running the WebGUI in http
/usr/local/bin/lua50c51 /usr/local/share/dfuibe_lua/main.lua
dir.root=/FreeSBIE/ option.booted_from_install_media=true
[Fri Aug 12 15:50:31 2005]
Loading configuration file '/usr/local/share/dfuibe_lua/conf/uinavctl.lua'...
BSD Installer started
Loading configuration file '/usr/local/share/dfuib
function to add more addresses to any interface,
including WAN.
Scott
On 8/1/05, DLStrout <[EMAIL PROTECTED]> wrote:
>
>
>
> Are there any plans for assigning "multiple" IP addresses to the WAN
> interface?
Are there any plans for assigning “multiple” IP
addresses to the WAN interface?
TED]
Cc: alan walters; support@pfsense.com
Subject: Re: [pfSense Support] vpn ipsec
On 8/1/05, DLStrout <[EMAIL PROTECTED]> wrote:
> Also GREAT rating from this site ... I have 7 nailed up tunnels, a LAN of
67
> heavy internet users and a DMZ with two heavily utilized servers with no
Also GREAT rating from this site ... I have 7 nailed up tunnels, a LAN of 67
heavy internet users and a DMZ with two heavily utilized servers with no
issues.
The only thing I do notice is that when I have all eight tunnels up and
roaring I show a very minor "interface error increment" ... somethin
I noticed that the DHCP Leases page now displays the link “graphic”
to “add a static mapping for this address” but upon selecting the
button you are linked to the DHCP server page and not into the “edit”
mode.
Tested it on IE6 & FF1.0.6
Another 2 cents.
logs clear and then you will notice
that you are on the "system" tab and viola ... all "system" logs are
gone too.
Just my 2 cents ......
-Original Message-
From: DLStrout [mailto:[EMAIL PROTECTED]
Sent: Monday, August 01, 2005 3:00 PM
To: support@pfsense.com
As per the BLOG you want to know about any bugs uncovered in
testing the current “ALPHA” version (0.73.0).
I reported this in an earlier post … but the issue
remains:
On the IPSec SPD page the delete and arrows still do not
show up in either IE6 or FireFox 1.0.6
Just thought you
Will changing the "installed/default" password . will this break any
services, startup routines, etc. that depend on these accounts.
Scott Ullrich wrote:
SSH: root / pfsense
WEB: admin / pfsense
On 7/29/05, DLStrout <[EMAIL PROTECTED]> wrote:
Everyone,
I am sure
.
sshd[791]: error: PAM: authentication error for root from 192.168.1.xxx
(OPT/WLAN segment)
sshd[791]: error: PAM: authentication error for root from
192.168.100.xxx (LAN segmant)
Scott Ullrich wrote:
SSH: root / pfsense
WEB: admin / pfsense
On 7/29/05, DLStrout <[EMAIL PROTECTED]> wro
Everyone,
I am sure this ? has been asked before, but I can't seem to find any
reference in the mail-archive or the discussion-archive.
What are the "fresh-install" passwords for the root and toor accounts?
-
To unsubscribe,
71 matches
Mail list logo
