On Thu, Jan 8, 2009 at 10:34 AM, Nicolas Fabris
wrote:
>
> Hi Folks, Can some1 help me?
>
> I have no "adduser" command on 1.2-RELEASE
>
> Can I downlad some port to fix this problem?
>
No, you cannot add users (even if you had the adduser binary, they
would be overwritten). 1.2.x is single user
On Thu, Jan 8, 2009 at 3:10 PM, Christopher Iarocci wrote:
> That being said, does ANYONE have a clue why my PPTP server is suddenly
> broken after the 1.2.1 upgrade? BTW, doing more testing, I tried
> eliminating the Radius server and used local authentication. The same exact
> errors appear, s
2009/1/8 Curtis LaMasters :
> Sounds like a NAT issue. Manually configure our outbound NAT or tell it not
> to NAT.
Not necessary. Traffic between internal interfaces isn't NATed unless
you enable AON and configure it to do so.
The firewall rules on the DMZ interface don't allow pings most likel
On Thu, Jan 8, 2009 at 8:46 PM, JJB wrote:
> So does OpenVPN on pfsense have a known vulnerability,
Maybe. This:
http://security.freebsd.org/advisories/FreeBSD-SA-09:02.openssl.asc
---
III. Impact
For applications using OpenSSL for SSL connections, an invalid SSL
certificate may be interpre
see http://blog.pfsense.org/?p=351
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci wrote:
> I also noticed that when I save the config, it shows the PPTP server address
> as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that
> field.
There's at least one problem, that has to be an IP on your LAN,
assumin
On Wed, Jan 7, 2009 at 7:11 AM, Paul Mansfield
wrote:
> http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71
>
> the link to mail-archive doesn't work for the support or discussion lists
>
Fixed, thanks for the heads up.
--
On Fri, Jan 9, 2009 at 8:55 AM, Pete Boyd wrote:
> After upgrading 1.2.1 to 1.2.2, /system_firmware_check.php says:
>
> "A new version is now available
>
> New version: 1.2.1
> Current version: 1.2.2
> Update source: http://updates.pfSense.com/_updaters";
That didn't get updated yet, Scott
On Fri, Jan 9, 2009 at 3:15 AM, Peter Todorov wrote:
> Curtus, I am no so familiar with pfsense architecture to do SSh login and
> manual rewriting conf files. I have NAT yes it is AON because I have dual
> WAN configuration.
That's not necessary. There is very old, outdated documentation
somewhe
On Fri, Jan 9, 2009 at 4:14 AM, Veiko Kukk wrote:
>
> Please, somebody confirm this bug or help me solve possible
> misconfiguration, I really need to have wan failover.
>
It's not a bug. you have something configured wrong, and not nearly
enough info for anybody to tell what.
-
On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci wrote:
> Chris,
>
> Does it matter which IP address on my LAN it is? Should it be the LAN IP of
> the PFSense box, or something other than that?
>
Just pick an unused IP on your LAN.
> Does the radius server see requests coming from the IP ad
On Fri, Jan 9, 2009 at 11:24 AM, Dave Warren
wrote:
> FWIW, I just switched to the Chrome developer channel, SVG graphs
> started working in 1.2.1.
>
Interesting. I believe it was a Chrome bug, but we were able to work around it.
--
On Fri, Jan 9, 2009 at 4:48 PM, Volker Kuhlmann wrote:
> On Sun 28 Dec 2008 15:35:47 NZDT +1300, Chris Buechler wrote:
>
>> http://blog.pfsense.org/?p=284
>>
>> I added that info to the 1.2.1 release announcement as well.
>
> Maybe it would be a good idea to also
On Sun, Jan 11, 2009 at 11:22 AM, Karl Fife wrote:
> Just upgraded to 1.2.2 this morning
>
> 1
> Tested SVG Graphing on both IE 6 & 7 works on HTTP, but not HTTPS. Nice
> work. As documented, I understand the non-support for IE on https if it's
> not conforming to de-facto or canonical standards
On Sun, Jan 11, 2009 at 9:22 AM, Dominik Schips wrote:
> Hello,
>
> I use a Soekris net5501-70 (4 eth interfaces with auto MDIX) with a
> lan1641 (4 eth interfaces). So I have 8 interfaces in this nice box.
>
> My LAN zone are the 4 auto MDIX eth ports brideged together and the
> other 4 are used
On Sun, Jan 11, 2009 at 1:23 PM, William Bulley wrote:
> Here is the graphic:
>
> +-+ +--+ +-+
> | | | | | ~
> | ISP | <-> | m0n0wall | <-> | LAN ~
> | | | | | ~
> +-+ +--+ +-+
> 10.0.0.1
On Sun, Jan 11, 2009 at 6:02 PM, Karl Fife wrote:
>
> So to clarify, that would be to say auth IS sent in clear text across the
> network, when using HTTP web admin ?
>
It's base 64 encoded, which is easily reversible without SSL. More info:
http://en.wikipedia.org/wiki/Basic_access_authenticatio
On Sun, Jan 11, 2009 at 8:20 PM, Sterling Windmill wrote:
> Wouldn't the LAN and OPT2 interfaces have to be bridged on his soekris in
> order to achieve what he wants? Otherwise they are on the same subnet and
> won't route, correct?
>
Right. From his description, it sounds like that's what he's
Veiko Kukk wrote:
Hi!
I have tried everything i can imagine with no luck - upgraded to 1.2.1
(1.2.0 didnt work), made clean install and new configuration manually,
reading every dual wan document from wiki and forums, configured only
one router wih no carp interfaces...
Dual wan failover is j
On Mon, Jan 12, 2009 at 8:36 AM, William Bulley wrote:
>
> First, thanks very much for the reply.
>
> Second, I have one question:
>
> "How does one set (and save) a default route (as in "route add default
> 10.0.0.1")
> from within pfSense?"
>
On the WAN. The WAN interface needs to be the o
William Bulley wrote:
Is this behaviour essential to pfSense? It doesn't seem like it would
be a FreeBSD requirement. Maybe a future enhancement to pfSense may make
multiple interfaces more "interchangeable" or "clone-like". What if my
sis0 interface on my 4801 died (unlikely, to be sure). I
On Tue, Jan 13, 2009 at 6:24 AM, Chris Bagnall wrote:
> Greetings list,
>
> I have a number of multi-wan sites where the 2 connections are provided by
> different service providers, each of whom has different DNS servers. My usual
> practice has been to use one from each provider on the general
On Tue, Jan 13, 2009 at 5:10 AM, Peter Todorov wrote:
> Hello again,
> After many tryouts for upgrading and fresh installing the 1.2.2 and 1.2.1 I
> got same error when system boots: ,,hptrr: no controller detected". I
> understand that comes with FreeBSD 7, but I cant find how to workaround it.
>
On Tue, Jan 13, 2009 at 5:39 AM, Dominik Schips wrote:
>
> Here is my output from ifconfig:
>
The bridge looks fine. The interfaces that are plugged in are
forwarding, the ones that don't have link are discarding.
Which interface wasn't working when you ran that?
---
On Wed, Jan 14, 2009 at 2:50 PM, Christopher Iarocci wrote:
> I'd love to use OpenVPN, but the end users have to set it up themselves, and
> honestly, it's not easy enough for an end user to do.
You can build an installer file that has no prompts for the user to
click and auto installs the config
On Wed, Jan 14, 2009 at 4:22 AM, Dominik Schips wrote:
>
> vr1 isn't working to update the IP.
>
> vr0 = LAN
> vr1 = LAN1 (bridged to LAN)
>
> I have this rule for LAN1 (vr1).
>
> * LAN net * * * *
>
> I also tried
>
> * LAN1 net* * *
On Fri, Jan 16, 2009 at 12:50 PM, Lee Verberne wrote:
>
> I'm having issues with dnsmasq being unable to contact an overridden
> nameserver because they're not being sourced from an interface that has an
> ipsec policy.
http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP%2C_use_syslog%2C_NT
On Mon, Jan 19, 2009 at 4:07 AM, Veiko Kukk wrote:
>
> If the WAN connection is up, I'm able to get packages list and ping from
> command line.
>
Traffic from the firewall itself, like the packages list, follows its
default route which is on WAN and will never switch automatically to
another inte
On Mon, Jan 19, 2009 at 9:01 PM, k_o_l wrote:
> Is it possible to reset the captive portal page contents back to default?
>
Backup your config, manually remove that portion and save, then
restore. Or upload the default, you can find the HTML in
/etc/inc/captiveportal.inc.
---
On Wed, Jan 21, 2009 at 7:42 PM, k_o_l wrote:
> All defaults the only thing I configured is timeouts and local auth
>
Using time based rules or multi-WAN?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional
What do you see when you run 'ipfw show' from Diagnostics -> Command?
And what is the IP and MAC address of the system that's getting
through without authentication?
On Wed, Jan 21, 2009 at 7:47 PM, k_o_l wrote:
> no
>
> -Original Message-
> From:
On Thu, Jan 22, 2009 at 12:36 PM, Dominik Schips wrote:
> Hello,
>
> Am Mittwoch, den 21.01.2009, 19:49 +0100 schrieb Dominik Schips:
>> Hi,
>>
>> Am Mittwoch, den 14.01.2009, 23:06 -0500 schrieb Chris Buechler:
>> > On Wed, Jan 14, 2009 at 4:22 AM, Dominik S
On Thu, Jan 22, 2009 at 10:10 PM, Chuck Mariotti wrote:
> I posted asking about Atom processors last week and ended up taking the
> advice of going with the Alix 6B2 kit (not Atom). Just unpacked it, installed
> embedded onto the flash, booted it up and it's up and running. Very nice
> solution
On Thu, Jan 22, 2009 at 10:13 PM, Morgan Reed wrote:
>
> From a shell;
> echo pfSense > /etc/platform
> reboot
>
> Install packages
>
> From a shell;
> echo embedded > /etc/platform
> reboot
>
> Done.
>
That will work for some packages, but not all. Embedded runs ro on
mounts that some packages n
On Thu, Jan 22, 2009 at 10:18 PM, Morgan Reed wrote:
>
> Wear leveling is your friend. If your CF card is significantly larger
> than the data stored on it you'll get longer life out of it.
>
Definitely seems to be the case, even when using half the CF.
> Catch is getting it installed on the 4G
On Thu, Jan 22, 2009 at 10:29 PM, Chuck Mariotti wrote:
> And to clarify, when people are saying "full install", do they mean the
> regular CD-ROM (pfSense-1.2.2-LiveCD-Installer.iso).
>
> As well, my CF card is 512MB, does a base install work on something this
> size? (I'd hate to blow more mon
On Fri, Jan 23, 2009 at 5:23 PM, k_o_l wrote:
> Is it possible to create an alias for Qualified Domain Name?
>
Yes. http://doc.pfsense.org/index.php/Using_FQDNs_in_Aliases
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.co
On Sun, Jan 25, 2009 at 1:32 AM, Paul wrote:
> Not real familiar on how to accomplish this. Is there an easy way to isolate
> network traffic so that any computer connected can only pass traffic to the
> router and internet but not any other computer on the network.
> i.e. Infected computers canno
On Sun, Jan 25, 2009 at 9:55 AM, apiase...@midatlanticbb.com
wrote:
> We had this requirement without using vlans. pfSense is somewhat feature
> limited when using vlans.
>
How? You can do anything with VLANs you can with physical interfaces.
On Sun, Jan 25, 2009 at 1:53 PM, apiase...@midatlanticbb.com
wrote:
> I thought captive portal was limited to one interface, and every vlan being
> a interface.
>
> I need captive portal to run on every vlan, if i used it.
>
You should be able to bridge them all together and use it that way.
---
On Mon, Jan 26, 2009 at 10:37 AM, Nick Smith wrote:
> I have one site with a Netgear FVS124G firewall that the documentation
> mentions it has
> PKI support.
PKI isn't the same as OpenVPN, I'm sure the Netgear doesn't support
OpenVPN. It should be possible to connect it using IPsec.
On Tue, Jan 27, 2009 at 2:41 PM, Nick Smith wrote:
> On Tue, Jan 27, 2009 at 1:39 PM, Chris Buechler wrote:
>> On Mon, Jan 26, 2009 at 10:37 AM, Nick Smith wrote:
>>> I have one site with a Netgear FVS124G firewall that the documentation
>>> mentions it has
>>&
On Tue, Jan 27, 2009 at 2:58 PM, Paul Cockings wrote:
> Fresh install of 1.2.2 (LiveCD installed to HDD)
>
> System > Advanced > Enable filtering bridge
> There is no checkbox to enable this option.
>
Read what it says there - "This setting no longer exists as it is
unnecessary. Filtering occurs
On Thu, Jan 29, 2009 at 11:45 PM, Curtis LaMasters
wrote:
> At my company we host a large number of dotnet sites and have now been
> plagued with an issue in our hosting environment. Nearly all of our sites
> are now report periodic disconnects where users viewing the sites who have
> sessions on
On Fri, Jan 30, 2009 at 7:21 AM, Paul Mansfield
wrote:
> Chris Buechler wrote:
>> If it were a firewall problem, it would be pages not loading at all,
>> or page loads not completing, things of that nature - network
>> connectivity problems. Getting kicked out of a se
On Fri, Jan 30, 2009 at 12:53 PM, LJ Rand wrote:
>
> I have an old mailserver outside the firewall relaying mail to new
> mailserver behind firewall. After the 1.2.2 upgrade, fw1 continues to relay
> okay, until someone sends a large-ish attachment that needs to be relayed
> between the two mails
On Sat, Jan 31, 2009 at 3:15 PM, Chris Bagnall wrote:
>> Thanks for your thoughts on this one. For me, it ended up being a dotnet
>> application pool issue on the server set to 60 minutes instead of a specific
>> time
>> or 24 hours :).
>
> Just to confirm, are you saying that 1.2.2 has definite
On Sun, Feb 1, 2009 at 10:44 PM, Raymond Norton wrote:
> I switched from IPCop to Pfsense because I needed multiple wan interfaces.
> Everything is working fine, including my first openvpn server. With IPCop it
> I had a great gui to monitor the status of all connections. I am not seeing
> a simil
On Sun, Feb 1, 2009 at 11:25 PM, Chris Buechler wrote:
> On Sun, Feb 1, 2009 at 10:44 PM, Raymond Norton wrote:
>> I switched from IPCop to Pfsense because I needed multiple wan interfaces.
>> Everything is working fine, including my first openvpn server. With IPCop it
>>
On Sun, Feb 1, 2009 at 5:09 PM, Joseph Hardeman wrote:
> Hi Everyone,
>
> I have a question that I am hoping someone will be able to help me with.
>
> I am about to migrate to a network that has two circuits to the same
> provider with BGP on each circuit so if one circuit goes down we will be
> a
On Mon, Feb 2, 2009 at 8:31 AM, Joseph Hardeman wrote:
>
> What sort of code change would I make to get STP operating properly? Can
> you send me an example or where I could look to figure it out? I will be
> installing the new pfSense firewall this week so I can set that up then,
> once I move
On Mon, Feb 2, 2009 at 6:54 PM, JJB wrote:
> Ermal Luçi wrote:
>>
>> look at this http://forum.pfsense.org/index.php/topic,13847.0.html
>>
>
> Just out of sheer curiosity - what the heck does this do, why does solve his
> problems, and what makes those particular values the correct ones to put
> t
On Wed, Feb 4, 2009 at 5:42 AM, Paul Cockings wrote:
> PfSense 1.2.2
>
> If I use firewall>aliases and create an aliases:
>
> Name: WebDevels
> Type: Port(s)
> Port: 80 - http
> Port: 3306 - mysql
> Port: 21 - ftp
> Port: 22 - ssh
>
>
> Then use firewall > rules > Add
>
> Should I be able to selec
On Thu, Feb 5, 2009 at 11:39 AM, k_o_l wrote:
> Since you can't specify the transport protocol, then the assumption is that
> both UDP and TCP are open for that port, is that correct?
Rules specify the protocol. Aliases are strictly ports.
Auto-completion is caps sensitive at this time.
---
On Sat, Feb 7, 2009 at 2:31 PM, Pete Boyd wrote:
> The captive portal has the following option:
> "MAC filtering - Disable MAC filtering
> If this option is set, no attempts will be made to ensure that the MAC
> address of clients stays the same while they're logged in. This is
> required when the
On Sat, Feb 7, 2009 at 10:47 AM, Tim Nelson wrote:
> I have to admit it took me a bit to find it as well. For whatever reason,
> when looking by category, it assumes you want to edit the category. I simply
> had to change the url from
> http://doc.pfsense.org/index.php?title=Category:Load_balan
On Fri, Jan 30, 2009 at 12:53 PM, LJ Rand wrote:
>
> I think this may be related, or another 1.2.2 upgrade woe to add to your
> list:
>
> I have 2 firewalls that were running 1.2, carped together with fw1 (master)
> syncing to fw2.
>
This was resolved offlist, the cause being an incorrect default
On Mon, Feb 9, 2009 at 5:43 PM, Tim Nelson wrote:
> - "Bill Marquette" wrote:
>>
>> The MTA needs to not be on the same network as you are redirecting.
>> ie. You can't send LAN traffic back to LAN, it MUST go to a
>> different
>> interface (say a DMZ). There are ways around the issue Tim
>
On Mon, Feb 9, 2009 at 5:09 AM, Agi Subagio wrote:
> I want to make VPN box with pfSense.
>
> I have two office LAN:
> LAN-1: 172.16.4.0/24
> LAN-2: 172.16.1.0/24
>
> and roadwarrior vpn client use 172.16.100.0/24.
>
> In pfSense's LAN interface I use 172.16.4.252/24 and I can ping vpn client
> fr
On Mon, Feb 9, 2009 at 7:59 PM, Leon Strong wrote:
> I'd have thought the proxyarp method would have been cleaner, i suppose in
> that instance you dont get automatic failover though do you? would be
> interesting to hear how your going to be doing it with 1.3
>
That's not an appropriate way to h
On Mon, Feb 9, 2009 at 10:05 PM, Jeremy Bennett wrote:
> RB,
>
> Thank you for review. I typically use PPTP cause it is quick and easy, and
> supported natively by Mac OS X and Windows.
>
> Do you have a favorite OpenVPN client for OS X?
>
I use http://code.google.com/p/tunnelblick/
Works great.
On Fri, Feb 6, 2009 at 12:25 PM, Tim Nelson wrote:
> Replying to myself here. In the current version of pfSense, I do not believe
> it is possible to firewall/filter traffic on your OpenVPN
> interfaces.
>
Not anymore. :) A change in 1.2.3 allows this, and you can do it
with a 5 line code chan
On Wed, Feb 11, 2009 at 8:39 AM, Rainer Duffner wrote:
>
> pfSense doesn't implement a full DNS (AFAIK). It's mainly a resolver-cache.
Not built in, there is a DNS server package available.
> The firewall is certainly *not* an ideal place to put the (internal)
> DNS, though.
>
That's not unive
On Wed, Feb 11, 2009 at 9:39 AM, Jonathan Wanak wrote:
> When I use my Windows XP VPN client behind my pfSense firewall, I am able to
> connect to the VPN server and access services via TCP/IP address. However,
> all DNS requests are processed by the pfSense box, preventing me from using
> ser
On Wed, Feb 11, 2009 at 2:09 PM, Jeremy Bennett wrote:
> Thanks for all of the suggestions. Tunnelblick and Viscosity look like good
> options.
>
> Here is another VPN related question: I've been using PPTP to date since it
> is dead simple to setup. If I need to connect to another site via PPTP,
On Wed, Feb 11, 2009 at 5:01 PM, Brian-Paul Carline wrote:
> Salutations,
>
> I'm writing to ask of anybody else has experienced the inability to use PAT
> through to a DMZ server(s) with a PPPoE configured WAN interface.
>
Works fine, you're misconfiguring something. See
http://doc.pfsense.org/i
On Thu, Feb 12, 2009 at 2:05 PM, Atkins, Dwane P wrote:
> We upgraded to pfSense version 1.2.2 today around 0530. It seems to have
> upgraded just fine and personnel started logging into the CaptivePortal and
> I tested it as well and it worked as expected. However, around 11:30 when I
> was doi
On Thu, Feb 12, 2009 at 2:38 PM, Tim Nelson wrote:
> While some of us are on an 'unlimited' connection, I'm sure some users in
> addition to the mail server do not have this freedom. In the future, please
> post your logs somewhere that can be accessed on demand instead of pushing
> nearly 1MB
On Sun, Feb 15, 2009 at 8:09 PM, Paul wrote:
>
> PFSense Firewall Rule::
> Proto: UDP
> Source: Any
> Port 1194
> Destination Any
> Port Any
> GW Any
>
Destination port is 1194, not source.
-
To unsubscribe, e-mail: support-unsu
On Sun, Feb 15, 2009 at 9:33 PM, Paul wrote:
>
> That was it.. thank you.
> Do I need to create a custom route table.? Its connected but can't pass
> traffic or ping
>
Depends on how you have OpenVPN configured, it can add routes for you,
or you can add them manually.
---
On Mon, Feb 16, 2009 at 11:42 AM, Scott Ullrich wrote:
> On Mon, Feb 16, 2009 at 9:57 AM, Federico Konig wrote:
>> Nobody answer?
>>
>> 2009/2/12 Federico Konig
>>>
>>> I setup multiwan with 4 links, and i have a proxy service. Then, the
>>> machines on lan navigate trough the proxy. The proxy
On Wed, Feb 18, 2009 at 10:14 AM, Paul Mansfield
wrote:
> I'm rehoming a monitoring box to a new address and I was checking our
> various pfSense firewalls would continue to work, and I noticed that
> there's no rule allowing access to UDP:161 for the LAN interface, in
> fact none of the interface
On Thu, Feb 19, 2009 at 9:44 AM, Mikel Jimenez wrote:
> More tecnically reason?
>
> Referring to states, tracking, tcp/udp...
There's a reason you aren't getting the responses you want on the
OpenBSD list where you asked the exact same question and here. For
one, you're not likely to find any Lin
On Thu, Feb 19, 2009 at 12:45 PM, Larry Sampas wrote:
> Has anyone bridged interfaces in embedded pfSense? I was wondering if
> support for bridging is compiled in the kernel.
>
Yes.
> I am running an Alix 2d3 board, and I can't run snort locally. Being
> too cheap and lazy to purchase or build
On Sat, Feb 21, 2009 at 2:24 AM, Glenn Kelley wrote:
> While PFSense is inline (transparent mode)
> any mail traffic to an exim server has issues receiving the handshake.
>
> (please see tcpdump below)
>
> interesting as everything is in DMZ - firewall set to allow all traffic.
>
> Now - when I re
On Sat, Feb 21, 2009 at 1:31 PM, Max Cristin wrote:
> At the office I just replaced an old Sonicwall with a pfSense box.
> Everything has been working great but I'm having issues with the PPTP
> server. Here is the situation:
>
> http://forum.pfsense.org/index.php/topic,14456.msg76525.html#msg765
On Fri, Feb 20, 2009 at 3:20 PM, apiase...@midatlanticbb.com
wrote:
> I guess my real goal is that anywhere a IP address can be used in pfSense, a
> MAC address could be used also, but the MAC address would simply be replaced
> with whatever it's IP is in the arp table. Of course some things like
On Thu, Feb 26, 2009 at 10:58 AM, Paul Mansfield
wrote:
> Chris Buechler wrote:
>> On Wed, Feb 18, 2009 at 10:14 AM, Paul Mansfield
>> wrote:
>>> I'm rehoming a monitoring box to a new address and I was checking our
>>> various pfSense firewalls woul
On Thu, Feb 26, 2009 at 4:57 PM, Curtis LaMasters
wrote:
> Try the scripts that Scott has published on the forums.
>
That's not going to work, unless you want to do it on pfSense itself.
Better to do it on another box. The stock easyrsa will work fine with
any OS using a bash shell. That's the on
On Sun, Mar 1, 2009 at 12:17 AM, Raleigh Guevarra wrote:
> Hi,
>
>
>
> I am currently doing the migration from ISA to pfSense firewall and I have a
> webserver hosting different sites, when trying to duplicate the rules of
> ISA, I noticed the FQDN of the sites was declared in the firewall rules
On Wed, Mar 4, 2009 at 11:05 AM, Christian Krützfeldt
wrote:
> I have 4 interfaces on my firewall LAN1, LAN2, WAN, DMZ plus IPSEC.
> And everything works as it should, I'm just confused about why certain rules
> need to be on certain interfaces.
>
> For example I want to allow traffic from one ho
On Wed, Mar 4, 2009 at 1:50 PM, Chris Bagnall wrote:
> Greetings list,
>
> Anyone know if there's an archive somewhere of historical versions?
http://files.pfsense.org/mirror/downloads/old/
-
To unsubscribe, e-mail: support-unsu
On Wed, Mar 4, 2009 at 11:22 AM, Raleigh Guevarra wrote:
> With no disrespect to the community, I just need to know the facts after
> reading about firewalls esp packet filtering types of firewall.
> Is it safe and secured to use pfSense infront of a web server in production,
> hosting dozens of w
On Wed, Mar 4, 2009 at 5:17 PM, Stefanos E. Tsorakis wrote:
> Hi all,
>
> I am a new pfsense user. Was using ipcop for years then turned to endian and
> then pfsense. I do have 2 WAN interfaces, a T1 and an ADSL. I would like to
> route all traffic from/to internal network via the ADSL and all tra
On Fri, Mar 6, 2009 at 11:23 AM, Borowicz, Paul
wrote:
> I'm in the process of transitioning the subnet of my datacenter, I only have
> a dozen or so servers. Everything is currently on a nonstandard subnet
> (192.0.1.0/24) due to a previous network admin.
>
> I want to move everything to 10.97.0
On Tue, Mar 3, 2009 at 5:17 AM, Simon Gerber wrote:
> Why are IGMP Packets recognized as ESP (Encapsulated Security Payload)
> in GUI?
>
Looks like a log decoding bug. I opened a ticket to see if I can
verify at some point.
-
To
On Sun, Mar 8, 2009 at 6:57 AM, Lenny wrote:
> Guys,
>
> I'm really desperate:(
> Last week I replaced the Intel Dual NIC with a new one of the same kind
> (82546GB).
> For a week of low load (6kpps on average) I never saw a single error on the
> interfaces, but yesterday came the high load and it
On Sun, Mar 8, 2009 at 1:32 PM, Lenny wrote:
> Hi,
> thanks for answering,
>
> I'm using 1.2.2 ( it scares me a bit to use a non-stable version in
> production).
>
It's stable. See:
http://blog.pfsense.org/?p=377
> I do realize it might be a problem with FreeBSD rather than pfSense,
> especial
On Sun, Mar 8, 2009 at 2:04 PM, RB wrote:
>
> I don't know why, but I don't see anyone in this thread (including
> myself) suggesting enabling device polling. That generally seems to
> be the interweb solution to taskq lock with high PPS.
>
Based on what I've seen in the FreeBSD list threads des
On Sun, Mar 8, 2009 at 5:16 PM, Michael Schmitt wrote:
> hello list,
>
> i have the same problem with pfsense box. Version 1.2.2
>
> WAN: vr2, dhcp
> LAN: vr0 -- 10.0.0.1
> OPT1: ath0 -- no ip, bridged with LAN.
>
> everything is working fine. Just when i want to connect to my wireless
> networ
On Mon, Mar 9, 2009 at 9:18 AM, Tim Nelson wrote:
> OpenVPN works very well for site-to-site VPNs. However, until the pfSense
> 2.x version is out, there isn't any filtering capabilities on those links.
You can filter OpenVPN on 1.2.3, just assign the tun interface as an
OPT. For IP, enter "none"
On Sat, Mar 7, 2009 at 6:38 PM, Tim Dressel wrote:
> We just migrated a few of our firewalls from m0n0wall to PFsense (cool
> that that config files work btw devs!!!)
>
> Anyways, now I can't PPTP out to another firewall from behind one of
> the new PF boxes (this was not a problem with m0n0wall).
On Tue, Mar 10, 2009 at 1:31 AM, Joshua Schmidlkofer wrote:
> Is there any known / supported way with pfSense to use an old fashion
> modem? I have a customer with a large number of 56K Frame Relay
> lines. He is moving most of them to DSL and pfSense + IPsec. His one
> request was regarding
On Wed, Mar 11, 2009 at 12:40 AM, Joshua Schmidlkofer
wrote:
> Chris,
>
> Do you have any idea of the value in $$ of the bounty? I will
> pitch my client, he may do it, because he likes pfsense but is looking
> at an expensive Cisco Solution for this.
>
Part of this is there, and parts of it r
On Thu, Mar 12, 2009 at 2:15 AM, Ask Bjørn Hansen wrote:
>
> I looked up this old thread when I was trying to figure out the state of
> IPv6 support in pfSense.
>
There is an IPv6 branch in git where work has started, but it's a
*long* way from being complete. Personally I would really like to se
On Thu, Mar 12, 2009 at 9:48 PM, Bennett Lee wrote:
> I have pfSense with several subnets on separate interfaces at my home office
> and many of my clients have the same. I have IPSEC to these clients so I
> can admin remotely. The problem I have is that I have not found a way to
> route the sub
On Thu, Mar 12, 2009 at 1:16 PM, Pete Boyd wrote:
> THE SETUP:
> A pfSense 1.2.2 box, the 'firewall', is providing a gateway to the
> Internet and DNS forwarder. LAN is 192.168.254.0/24.
>
> An additional pfSense 1.2.0 box, the 'printer router', is on the LAN,
> routing to a shared network on its
On Fri, Mar 13, 2009 at 8:49 PM, rakthum_r_Network&Telecom_IP#1
wrote:
>> To Pfsense project teams
>>
>>
>> I don't know it is a bug or not. First, I use your product and I =
>> have 4 LAN cards then
>> I want to bridge LAN interface with WAN interface and want to bridge =
>> OPT1 With OPT2 in
On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette wrote:
>
> I've ran into another problem...when I change the LAN ip address, it appears
> that the firewall rule for the LAN has to be changed. The default rule that
> exists there, LAN Net to any, doesn't work anymore and has to changed to
> reflect
On Mon, Mar 16, 2009 at 7:14 AM, Lenny wrote:
> So I went through it and I saw this:
>
> em0
>
>
>
> 100
> Mb
>
>
> X.X.X.X
> 28
> Y.Y.Y.Y
>
>
> Is th
801 - 900 of 1699 matches
Mail list logo