Re: [pfSense] Android apps block

[A Mohan Rao]

For blocking i m using urlblocklist.com. Also i do the same deny chats but
still users can able to chat with gtalk whatsapp facebook apps etc.
On Mar 25, 2014 1:54 AM, "Chris Bagnall"  wrote:

>
> On 24 Mar 2014, at 19:19, A Mohan Rao  wrote:
> > I need to block whatsapp facebook etc android apps of pfsense users.
>
> Given that you seem to want to block everything under the sun (though I
> still don't understand why), how about doing it the other way round? Why
> not decide what you *do* want your users to be allowed to do, permit that,
> then deny everything else?
>
> I can understand blocking things to keep bandwidth requirements down when
> you have a limited amount to go around, as Ryan's trying to do, but I can't
> see why you'd block something like Whatsapp, which seems to be (admittedly,
> I don't use it, so I could be mistaken) a text chat tool - its bandwidth
> usage is going to be negligible.
>
> Kind regards,
>
> Chris
> --
> This email is made from 100% recycled electrons
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[Brian Henson]

Sounds like a good job for free radius and something like dialupadmin
(mixed with captive portal)


On Mon, Mar 24, 2014 at 3:38 PM, A Mohan Rao  wrote:

> Actually my question is there any option for if any user cross the
> download limit like 500 mb user will automatically block.
> On Mar 25, 2014 1:04 AM, "Jopoy Solano"  wrote:
>
>> This may also help:
>>
>> https://forum.pfsense.org/index.php?topic=68762.0
>>
>>  Jopoy
>>
>> On Mar 24, 2014, at 8:22 AM, Walter Parker  wrote:
>>
>> From the status menu, select System Logs
>> From the system logs page, click on Settings
>> Scroll down to Remote logging Options
>>
>> Enable Remote logging
>> For the remote Syslog Servers, enter the address of your syslog server
>> (any Linux or FreeBSD server running a copy of syslog that will take
>> outside logging).
>> It will send all of the system logs to the syslog host.
>>
>> Note, squid is an application/package and its log files will not be
>> included. Either the squid config will have to be changed, or you could try
>> using rsync to copy the logs.
>>
>>
>> Walter
>>
>>
>>
>> On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao wrote:
>>
>>> Please guide me how u do this on pfsense firewall
>>>
>>> . We've already managed to block one user who lives in close proximity
>>> for stealing internet (500MB of Youtube videos in less than 3 hours during
>>> a very busy time of day*)
>>>
>>> Thnx
>>> Mohan
>>> On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:
>>>
 Now that I have the network stable (thank you so much!) I have another
 task I need/want to accomplish:

 Does anyone have recommendations or suggestions for off-loading log
 files at the end of the day to another server? Specifically I'm wanting the
 system log and the squid logs sent out and rotated afterwards. We've
 already managed to block one user who lives in close proximity for stealing
 internet (500MB of Youtube videos in less than 3 hours during a very busy
 time of day*) but I would like to set up something that crawls through the
 raw files automatically every night and report back via email.

 I can write the script to crawl the data - that's not a problem - it's
 just that the ALIX board is not powerful enough to handle the needs I have.

 Thanks again,
 Ryan

 * I still have a few stages to hit on the deployment but that user will
 eventually be unblocked. We had to rollback the throttling configuration
 while we were having stability issues. Right now we're at 60 hours and
 counting and I plan to re-implement that limiter tomorrow morning.

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>>
>>
>> --
>> The greatest dangers to liberty lurk in insidious encroachment by men of
>> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

[Matthias May]

Am 24.03.2014 14:18, schrieb Chris Bagnall:

Greetings list,

I appreciate this is something of a blast from the past, but I'm 
hoping some of you will still have 1.2 systems in use and might be 
able to shed some light on this.


Recently, one of our clients sublet part of their building to another 
company, and asked me to split their LAN into separate VLANs so the 
new tenant didn't have access to their LAN. They had decent HP managed 
switches already, so that bit was easy. I created VLAN 200 on the 
pfSense, tagged that port on the switches, and assigned the new 
tenant's ports to use that PVID (untagged). All well and good.


However, the new tenant found that performance was erratic - certain 
websites loaded instantly, but others wouldn't load at all. This 
normally screams classic MTU problems, in my experience, but I 
normally see these on weird WAN connections, not on the LAN.


Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs 
on ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3 
might fix it? This is old hardware with only 128MB RAM, so jumping to 
2.x is optimistic.


The site in question is a couple of hundred miles away from me, so 
'try it and see' isn't really an option in this case. :-)


Thanks in advance.

Kind regards,

Chris

I've had to debug a similar setup which was running for 4 years.
I don't know why it suddenly stopped working.
The problem was that with 1.2.3 the MRU was set to the same value as the 
MTU which dropped received frames with a size of 1514 (1510 +4 vlan tag).
The whole setup should not have worked in the first place. My solution 
was to upgrade everything to 2.1 but that was on the ALIX board with 
256MB ram.


Regards
Matthias
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Android apps block

[Ryan Coleman]

Mohan, 

You might be better suited giving certain IP ranges (VLANs) a higher QoS/CoS 
rating and those other things that are a lower priority a lower rating.

—
Ryan


On Mar 24, 2014, at 3:24 PM, Chris Bagnall  wrote:

> 
> On 24 Mar 2014, at 19:19, A Mohan Rao  wrote:
>> I need to block whatsapp facebook etc android apps of pfsense users.
> 
> Given that you seem to want to block everything under the sun (though I still 
> don't understand why), how about doing it the other way round? Why not decide 
> what you *do* want your users to be allowed to do, permit that, then deny 
> everything else?
> 
> I can understand blocking things to keep bandwidth requirements down when you 
> have a limited amount to go around, as Ryan's trying to do, but I can't see 
> why you'd block something like Whatsapp, which seems to be (admittedly, I 
> don't use it, so I could be mistaken) a text chat tool - its bandwidth usage 
> is going to be negligible.
> 
> Kind regards,
> 
> Chris
> -- 
> This email is made from 100% recycled electrons
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Android apps block

[Chris Bagnall]

On 24 Mar 2014, at 19:19, A Mohan Rao  wrote:
> I need to block whatsapp facebook etc android apps of pfsense users.

Given that you seem to want to block everything under the sun (though I still 
don't understand why), how about doing it the other way round? Why not decide 
what you *do* want your users to be allowed to do, permit that, then deny 
everything else?

I can understand blocking things to keep bandwidth requirements down when you 
have a limited amount to go around, as Ryan's trying to do, but I can't see why 
you'd block something like Whatsapp, which seems to be (admittedly, I don't use 
it, so I could be mistaken) a text chat tool - its bandwidth usage is going to 
be negligible.

Kind regards,

Chris
-- 
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[Ryan Coleman]

Mohan,

Yes, I think so but there are some downloads that don’t report size (like 
streaming videos).

As best I remember the process…

I installed Squid3 and set up a transparent proxy, with logging.

Then I installed SARG and set it up to generate logs every hour, rotating the 
logs afterwards and restarting the proxy service. This is important as you only 
have a certain amount of space in the flash storage of the appliance.

Then you look at the logs - you can see what users are using the most data 
(please keep in mind that if you have the default 2-hour lease time you will 
not have a lot of time to ID the user)… I got the IP and then went to the DHCP 
Leases page to ID the user.

Then, in the Squid settings I told it to block the assigned IP address for the 
user.

Then I went back to the DHCP Leases page to force this device (by MAC address) 
to a new IP that is inside the subnet but outside the scope (I am using a 
22-bit subnet for this network - so we have up to 1024 possible IPs).

Then I went back into Squid to block the new IP as well.

After your lease time is up you can safely (and should) remove the originally 
assigned IP from Squid.

Now the user will resolve an IP and authenticate but they cannot do anything.

You get a message from Squid saying your access is denied, that the user should 
contact the administrator and then displays the email address you have listed 
in Squid. It’s a very basic page.

I happened to be there when it was happening and I had the Traffic Graph up and 
running in the Index page.

—
Ryan


On Mar 24, 2014, at 2:38 PM, A Mohan Rao  wrote:

> Actually my question is there any option for if any user cross the download 
> limit like 500 mb user will automatically block.
> 
> On Mar 25, 2014 1:04 AM, "Jopoy Solano"  wrote:
> This may also help:
> 
> https://forum.pfsense.org/index.php?topic=68762.0
> 
> Jopoy 
> 
> On Mar 24, 2014, at 8:22 AM, Walter Parker  wrote:
> 
>> From the status menu, select System Logs
>> From the system logs page, click on Settings
>> Scroll down to Remote logging Options
>> 
>> Enable Remote logging 
>> For the remote Syslog Servers, enter the address of your syslog server (any 
>> Linux or FreeBSD server running a copy of syslog that will take outside 
>> logging).
>> It will send all of the system logs to the syslog host.
>> 
>> Note, squid is an application/package and its log files will not be 
>> included. Either the squid config will have to be changed, or you could try 
>> using rsync to copy the logs.
>> 
>> 
>> Walter
>> 
>> 
>> 
>> On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao  wrote:
>> Please guide me how u do this on pfsense firewall
>> 
>> 
>> . We’ve already managed to block one user who lives in close proximity for 
>> stealing internet (500MB of Youtube videos in less than 3 hours during a 
>> very busy time of day*)
>> 
>> Thnx
>> Mohan
>> 
>> On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:
>> Now that I have the network stable (thank you so much!) I have another task 
>> I need/want to accomplish:
>> 
>> Does anyone have recommendations or suggestions for off-loading log files at 
>> the end of the day to another server? Specifically I’m wanting the system 
>> log and the squid logs sent out and rotated afterwards. We’ve already 
>> managed to block one user who lives in close proximity for stealing internet 
>> (500MB of Youtube videos in less than 3 hours during a very busy time of 
>> day*) but I would like to set up something that crawls through the raw files 
>> automatically every night and report back via email.
>> 
>> I can write the script to crawl the data - that’s not a problem - it’s just 
>> that the ALIX board is not powerful enough to handle the needs I have.
>> 
>> Thanks again,
>> Ryan
>> 
>> * I still have a few stages to hit on the deployment but that user will 
>> eventually be unblocked. We had to rollback the throttling configuration 
>> while we were having stability issues. Right now we’re at 60 hours and 
>> counting and I plan to re-implement that limiter tomorrow morning.
>> 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>> 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>> 
>> 
>> 
>> -- 
>> The greatest dangers to liberty lurk in insidious encroachment by men of 
>> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
> 
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[A Mohan Rao]

Actually my question is there any option for if any user cross the download
limit like 500 mb user will automatically block.
On Mar 25, 2014 1:04 AM, "Jopoy Solano"  wrote:

> This may also help:
>
> https://forum.pfsense.org/index.php?topic=68762.0
>
> Jopoy
>
> On Mar 24, 2014, at 8:22 AM, Walter Parker  wrote:
>
> From the status menu, select System Logs
> From the system logs page, click on Settings
> Scroll down to Remote logging Options
>
> Enable Remote logging
> For the remote Syslog Servers, enter the address of your syslog server
> (any Linux or FreeBSD server running a copy of syslog that will take
> outside logging).
> It will send all of the system logs to the syslog host.
>
> Note, squid is an application/package and its log files will not be
> included. Either the squid config will have to be changed, or you could try
> using rsync to copy the logs.
>
>
> Walter
>
>
>
> On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao wrote:
>
>> Please guide me how u do this on pfsense firewall
>>
>> . We've already managed to block one user who lives in close proximity
>> for stealing internet (500MB of Youtube videos in less than 3 hours during
>> a very busy time of day*)
>>
>> Thnx
>> Mohan
>> On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:
>>
>>> Now that I have the network stable (thank you so much!) I have another
>>> task I need/want to accomplish:
>>>
>>> Does anyone have recommendations or suggestions for off-loading log
>>> files at the end of the day to another server? Specifically I'm wanting the
>>> system log and the squid logs sent out and rotated afterwards. We've
>>> already managed to block one user who lives in close proximity for stealing
>>> internet (500MB of Youtube videos in less than 3 hours during a very busy
>>> time of day*) but I would like to set up something that crawls through the
>>> raw files automatically every night and report back via email.
>>>
>>> I can write the script to crawl the data - that's not a problem - it's
>>> just that the ALIX board is not powerful enough to handle the needs I have.
>>>
>>> Thanks again,
>>> Ryan
>>>
>>> * I still have a few stages to hit on the deployment but that user will
>>> eventually be unblocked. We had to rollback the throttling configuration
>>> while we were having stability issues. Right now we're at 60 hours and
>>> counting and I plan to re-implement that limiter tomorrow morning.
>>>
>>> ___
>>> List mailing list
>>> List@lists.pfsense.org
>>> https://lists.pfsense.org/mailman/listinfo/list
>>>
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
>
>
> --
> The greatest dangers to liberty lurk in insidious encroachment by men of
> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[Jopoy Solano]

This may also help:

https://forum.pfsense.org/index.php?topic=68762.0

Jopoy 

On Mar 24, 2014, at 8:22 AM, Walter Parker  wrote:

> From the status menu, select System Logs
> From the system logs page, click on Settings
> Scroll down to Remote logging Options
> 
> Enable Remote logging 
> For the remote Syslog Servers, enter the address of your syslog server (any 
> Linux or FreeBSD server running a copy of syslog that will take outside 
> logging).
> It will send all of the system logs to the syslog host.
> 
> Note, squid is an application/package and its log files will not be included. 
> Either the squid config will have to be changed, or you could try using rsync 
> to copy the logs.
> 
> 
> Walter
> 
> 
> 
> On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao  wrote:
> Please guide me how u do this on pfsense firewall
> 
> 
> . We’ve already managed to block one user who lives in close proximity for 
> stealing internet (500MB of Youtube videos in less than 3 hours during a very 
> busy time of day*)
> 
> Thnx
> Mohan
> 
> On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:
> Now that I have the network stable (thank you so much!) I have another task I 
> need/want to accomplish:
> 
> Does anyone have recommendations or suggestions for off-loading log files at 
> the end of the day to another server? Specifically I’m wanting the system log 
> and the squid logs sent out and rotated afterwards. We’ve already managed to 
> block one user who lives in close proximity for stealing internet (500MB of 
> Youtube videos in less than 3 hours during a very busy time of day*) but I 
> would like to set up something that crawls through the raw files 
> automatically every night and report back via email.
> 
> I can write the script to crawl the data - that’s not a problem - it’s just 
> that the ALIX board is not powerful enough to handle the needs I have.
> 
> Thanks again,
> Ryan
> 
> * I still have a few stages to hit on the deployment but that user will 
> eventually be unblocked. We had to rollback the throttling configuration 
> while we were having stability issues. Right now we’re at 60 hours and 
> counting and I plan to re-implement that limiter tomorrow morning.
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
> 
> 
> 
> -- 
> The greatest dangers to liberty lurk in insidious encroachment by men of 
> zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[Walter Parker]

>From the status menu, select System Logs
>From the system logs page, click on Settings
Scroll down to Remote logging Options

Enable Remote logging
For the remote Syslog Servers, enter the address of your syslog server (any
Linux or FreeBSD server running a copy of syslog that will take outside
logging).
It will send all of the system logs to the syslog host.

Note, squid is an application/package and its log files will not be
included. Either the squid config will have to be changed, or you could try
using rsync to copy the logs.


Walter



On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao  wrote:

> Please guide me how u do this on pfsense firewall
>
> . We've already managed to block one user who lives in close proximity for
> stealing internet (500MB of Youtube videos in less than 3 hours during a
> very busy time of day*)
>
> Thnx
> Mohan
> On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:
>
>> Now that I have the network stable (thank you so much!) I have another
>> task I need/want to accomplish:
>>
>> Does anyone have recommendations or suggestions for off-loading log files
>> at the end of the day to another server? Specifically I'm wanting the
>> system log and the squid logs sent out and rotated afterwards. We've
>> already managed to block one user who lives in close proximity for stealing
>> internet (500MB of Youtube videos in less than 3 hours during a very busy
>> time of day*) but I would like to set up something that crawls through the
>> raw files automatically every night and report back via email.
>>
>> I can write the script to crawl the data - that's not a problem - it's
>> just that the ALIX board is not powerful enough to handle the needs I have.
>>
>> Thanks again,
>> Ryan
>>
>> * I still have a few stages to hit on the deployment but that user will
>> eventually be unblocked. We had to rollback the throttling configuration
>> while we were having stability issues. Right now we're at 60 hours and
>> counting and I plan to re-implement that limiter tomorrow morning.
>>
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Android apps block

[A Mohan Rao]

I need to block whatsapp facebook etc android apps of pfsense users.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Sending logs to external server

[A Mohan Rao]

Please guide me how u do this on pfsense firewall
. We've already managed to block one user who lives in close proximity for
stealing internet (500MB of Youtube videos in less than 3 hours during a
very busy time of day*)

Thnx
Mohan
On Mar 25, 2014 12:14 AM, "Ryan Coleman"  wrote:

> Now that I have the network stable (thank you so much!) I have another
> task I need/want to accomplish:
>
> Does anyone have recommendations or suggestions for off-loading log files
> at the end of the day to another server? Specifically I'm wanting the
> system log and the squid logs sent out and rotated afterwards. We've
> already managed to block one user who lives in close proximity for stealing
> internet (500MB of Youtube videos in less than 3 hours during a very busy
> time of day*) but I would like to set up something that crawls through the
> raw files automatically every night and report back via email.
>
> I can write the script to crawl the data - that's not a problem - it's
> just that the ALIX board is not powerful enough to handle the needs I have.
>
> Thanks again,
> Ryan
>
> * I still have a few stages to hit on the deployment but that user will
> eventually be unblocked. We had to rollback the throttling configuration
> while we were having stability issues. Right now we're at 60 hours and
> counting and I plan to re-implement that limiter tomorrow morning.
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Sending logs to external server

[Ryan Coleman]

Now that I have the network stable (thank you so much!) I have another task I 
need/want to accomplish:

Does anyone have recommendations or suggestions for off-loading log files at 
the end of the day to another server? Specifically I’m wanting the system log 
and the squid logs sent out and rotated afterwards. We’ve already managed to 
block one user who lives in close proximity for stealing internet (500MB of 
Youtube videos in less than 3 hours during a very busy time of day*) but I 
would like to set up something that crawls through the raw files automatically 
every night and report back via email.

I can write the script to crawl the data - that’s not a problem - it’s just 
that the ALIX board is not powerful enough to handle the needs I have.

Thanks again,
Ryan

* I still have a few stages to hit on the deployment but that user will 
eventually be unblocked. We had to rollback the throttling configuration while 
we were having stability issues. Right now we’re at 60 hours and counting and I 
plan to re-implement that limiter tomorrow morning.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Polycom doens't work behind Pfsense box

[Alan Worstell]

Hi Felipe,
You would want to turn on Manual Outbound NAT (Firewall: NAT: Outbound) 
and in your outbound NAT rule, check the "Static-port" checkbox.


Regards,

Alan Worstell
A1 Networks - Systems Administrator
VTSP, VCA-DCV, dCAA, LPIC-1, Linux+, CLA, DCTS
(707)570-2021 x204
For support issues please email supp...@a-1networks.com or call 707-703-1050

On 3/21/14, 7:57 PM, Felipe Izaguirre wrote:

Hi Giles, here we go.
I'm not using ISDN, so I just configured my internal IP in LAN 
settings with my internal DNS and the public google DNS.
Also I have configured the advanced settings with selecting "system is 
behind a nat" with my external IP.


As a could see searching on the internet, PfSense rewrites non common 
TCP and UDP ports in a NAT to protect against atacks, but Polycom uses 
this ports for audio and video.



/Felipe Izaguirre
e-Core Desenvolvimento de Software
Tel: +55 (51) 2103-9147
www.ecore.com.br 
NY Office: e-Core IT Solutions
Phone: +1 (914) 682-2009
www.ecoreinternational.com /


2014-03-21 11:51 GMT-03:00 Giles Coochey >:


On 21/03/2014 14:34, Felipe Izaguirre wrote:

Hi guys, have anyone had a problem with Polycom ViewStation
behind a PfSense NAT.
I have setup a NAT 1:1 to my Polycom ViewStation and no
restrictions in any ports.
The problem is that, when I make or receive a call, it enters
in the room but the screen gets blue and there is no sound.
Testing Polycom conected directly in the router without
Pfsense, everything works fine.

Any idea about this problem?


Page 147


http://support.polycom.com/global/documents/support/setup_maintenance/products/video/viewstation_sp_user_guide.pdf

What are your settings?



-- 
Regards,


Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677 
+44 (0) 7983 877438 
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net 



___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list




___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

[Jim Thompson]

What's your time worth?

-- Jim

> On Mar 24, 2014, at 9:03, Stefan Baur  wrote:
> 
> Am 24.03.2014 14:18, schrieb Chris Bagnall:
>> However, the new tenant found that performance was erratic - certain
>> websites loaded instantly, but others wouldn't load at all. This
>> normally screams classic MTU problems, in my experience, but I normally
>> see these on weird WAN connections, not on the LAN.
>> 
>> Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs on
>> ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3
>> might fix it? This is old hardware with only 128MB RAM, so jumping to
>> 2.x is optimistic.
>> 
>> The site in question is a couple of hundred miles away from me, so 'try
>> it and see' isn't really an option in this case. :-)
> 
> While I do have to admint that I don't have experience with the
> particular ethernet driver you mention, I know that there are several
> Unix Operating Systems where not all ethernet drivers are capable of
> dealing with the added bytes that a VLAN tag brings with it.
> 
> IIRC, VLAN needs four bytes, so instead of upgrading to 1.3 you could
> first try to set the MTU to 1496 instead of the usual 1500.
> 
> -Stefan
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

[Stefan Baur]

Am 24.03.2014 14:18, schrieb Chris Bagnall:
> However, the new tenant found that performance was erratic - certain
> websites loaded instantly, but others wouldn't load at all. This
> normally screams classic MTU problems, in my experience, but I normally
> see these on weird WAN connections, not on the LAN.
> 
> Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs on
> ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3
> might fix it? This is old hardware with only 128MB RAM, so jumping to
> 2.x is optimistic.
> 
> The site in question is a couple of hundred miles away from me, so 'try
> it and see' isn't really an option in this case. :-)

While I do have to admint that I don't have experience with the
particular ethernet driver you mention, I know that there are several
Unix Operating Systems where not all ethernet drivers are capable of
dealing with the added bytes that a VLAN tag brings with it.

IIRC, VLAN needs four bytes, so instead of upgrading to 1.3 you could
first try to set the MTU to 1496 instead of the usual 1500.

-Stefan
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] pkg_tester.php throws error

[Peter Allgeyer]

Hi!

I'm getting this error, when running pkg_tester.php the first time after
cloning the package repositories:

Fatal error: Call to a member function kindOf() on a non-object in
/var/www/git/pfSense/xmlrpc_client.inc on line 1856

I do know about commenting out line 394 in xmlrpc_server.inc, but the
error is still the same. Any help on this? Any recommendation of
debugging that error? Webserver tells me:

[Mon Mar 24 14:35:58 2014] [error] [client 1.2.3.4] XML error at line 1,
check URL

Best regards
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Add item to Alias from console

[Bryant Zimmerman]

I am trying to add an item to my ban Alias list from the ssh console on my 
PFSense box.
  
 How would I add an IP from the console and kill it from the state tables.
 I am trying to automate this so I can ban IP's that are abusing my primary 
server.
  
 Any pointers or links to how I would do this are appreciated.
  
 Thanks

Bryant

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

[Chris Bagnall]

Greetings list,

I appreciate this is something of a blast from the past, but I'm hoping 
some of you will still have 1.2 systems in use and might be able to shed 
some light on this.


Recently, one of our clients sublet part of their building to another 
company, and asked me to split their LAN into separate VLANs so the new 
tenant didn't have access to their LAN. They had decent HP managed 
switches already, so that bit was easy. I created VLAN 200 on the 
pfSense, tagged that port on the switches, and assigned the new tenant's 
ports to use that PVID (untagged). All well and good.


However, the new tenant found that performance was erratic - certain 
websites loaded instantly, but others wouldn't load at all. This 
normally screams classic MTU problems, in my experience, but I normally 
see these on weird WAN connections, not on the LAN.


Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs on 
ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3 
might fix it? This is old hardware with only 128MB RAM, so jumping to 
2.x is optimistic.


The site in question is a couple of hundred miles away from me, so 'try 
it and see' isn't really an option in this case. :-)


Thanks in advance.

Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list