Re: [pfSense] GUI Auto Update updates to image with wrong console type

[Vick Khera]

To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade.

On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote:
 On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote:
 Has anyone else observed that the serial console stops working after a
 WebGUI update?

 On my ALIX home office router, the serial console disappeared until I
 did a second reboot. On my higher-end routers running on real
 computers there was no problem with the serial port consoles.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] GUI Auto Update updates to image with wrong console type

[Vick Khera]

On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote:
 Has anyone else observed that the serial console stops working after a
 WebGUI update?

On my ALIX home office router, the serial console disappeared until I
did a second reboot. On my higher-end routers running on real
computers there was no problem with the serial port consoles.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] questions about carp/xmlrpc

[Albert Dengg]

hi,

i'm currently migrating a dual wan setup from a custom linux
active/standby dual fw setup to pfsense with pfsync, xmlrpc  carp.

the first problem i'm facing is that for some reason the backup node
always tries to assign the some virtual ip's to the wrong interfaces
(with the result beeing an error message). while it works if i
correct it manually, is there a way to influence which VIP's are
assigned to which interface when using xmlrpc sync?

the second question is also related to virtual ip's:
is there a way to configure a failover for the second wan interface,
if there is only one ip assigned to me by the isp?

thx

regards,
albert


signature.asc
Description: Digital signature
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] questions about carp/xmlrpc

[Chris Bagnall]

On 9 Sep 2014, at 14:01, Albert Dengg alb...@fsfe.org wrote:
 the second question is also related to virtual ip's:
 is there a way to configure a failover for the second wan interface,
 if there is only one ip assigned to me by the isp?

My understanding (and this isn’t limited to pfSense - I’ve seen the same thing 
using linux-ha, heartbeat, CARP, etc.) is that you need a minimum of 3 (usable) 
IPs to achieve what you’re looking for, so in effect you’ll need your service 
provider to offer you a /29 range (assuming their gateway is assigned one of 
those IPs).

I suppose you could fake it by running NAT on whatever equipment your ISP 
provides, but then you’ll end up with a double NAT situation, and that’s 
horrible :-)

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] questions about carp/xmlrpc

[Chris Bagnall]

On 9 Sep 2014, at 14:46, Albert Dengg alb...@fsfe.org wrote:
 that however still leaves with the problem of the interface mixups
 for my internal networks, where the sync tries to assignt the
 virtual ip's to the wrong interfaces….

Is your hardware (and interface names) identical across both your primary and 
secondary members?

Kind regards,

Chris
-- 
C.M. Bagnall
This email is made from 100% recycled electrons

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Flutterling WAN in dual wan setup

[Jon Munford]

Hi All,

Its a very stormy day today and one of my WAN conenctions in a dual WAN
setup is fluttering on and off.  I have it set up in a priority group with
the WAN that is fluttering first and the other second, and I have it set to
fail over on packet loss.  My issue is that I will get loss for a few
seconds and then it comes back online.  The PFsense box seems to only
switch to the back up while the other wan is actually having loss, with no
timer afterward.

My question, is can I set it so if packet loss is detected it stays on the
backup line for say an hour and then switches back over?  Or better yet
each packet loss event starts a timer and it doesn't switch back until an
hour after the last event?

Thanks!
-Jon

-- 
Jonathan Munford
Director of Technology
New London School District
New London, IA  52645
Office:  (319) 367-0512  x102
jon.munf...@nlcsd.org jomun...@new-london.k12.ia.us
http://www.new-london.k12.ia.us

-- 
Confidentiality Statement: This message is intended only for the use of the 
Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. 
If you are not the intended recipient, dissemination of this communication 
is prohibited. If you have received this communication in error, please 
erase all copies of the message and its attachments and notify the sender 
immediately. Thank you.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Triple WAN

[Benjamin Swatek]

Chris Bagnall wrote:

I tend to work on the principle of sending your ‘I care about latency’ traffic 
down one connection: SIP, mail, SSH and various streaming protocols are the 
ones I normally separate - you may have others to consider. I then create a 
gateway group for the other two connections in a standard round robin load 
balance.

Would you mind giving a few examples how you do this exactly?
I have absolutely no control over the clients on one of my LANs (open 
hostel wifi), and people tend to saturate my 4 WANs

If you can easily separate your clients out on the LAN side, you can go a step 
further: in one of the offices we supply, floor 1 is balanced across WANs 1 and 
3; floor 2 is balanced across WANs 2 and 4.

These methods are all to prevent one single client saturating the connectivity 
into a building. You’ll have to do some experimentation to find out what works 
best in your environment.

One final word of advice: send HTTPS connections down a single WAN. Many 
‘secure’ sites will expire sessions if connections come from different IPs and 
your clients will get upset very quickly if they’re having to re-login to 
online services every few minutes.
That's the only part I figured out myself, all https is from 3 different 
LANs is going down one WAN connection.


Thanks a lot!

Ben

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] GUI Auto Update updates to image with wrong console type

[Jeremy Porter]

Two things would be helpful, did the system start as a clean 2.1.4 or
was it upgraded from a previous version, if so what versions?
I've seen a couple of odd cases, but usually where a system was upgraded
several times.  There might have been an issue around 2.03(p1) or so. 
We haven't been able to replicate the problem in the lab, so its
possible there is a specific upgrade path that errors.


On 9/9/2014 7:21 AM, Vick Khera wrote:
 To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade.

 On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote:
 On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote:
 Has anyone else observed that the serial console stops working after a
 WebGUI update?
 On my ALIX home office router, the serial console disappeared until I
 did a second reboot. On my higher-end routers running on real
 computers there was no problem with the serial port consoles.
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Port forward with a schedule

[Peter Henning]

Hello

Is there a way to put a schedule onto a port forward rule like you can
with a filter rule?

If I give a port forward's associated filter rule a schedule then the
port forward still applies even when the schedule disables the filter
rule.

Thanks
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Port forward with a schedule

[Moshe Katz]

On Tue, Sep 9, 2014 at 1:46 PM, Peter Henning peter.henn...@gmail.com
wrote:

 Hello

 Is there a way to put a schedule onto a port forward rule like you can
 with a filter rule?

 If I give a port forward's associated filter rule a schedule then the
 port forward still applies even when the schedule disables the filter
 rule.

 Thanks


Peter,

It's probably not the most elegant of solutions, but you could try putting
in a *deny* rule for the times that you do not want to allow access.  Just
make sure that it is higher up in the rules list than the allow rule is.

Moshe

--
Moshe Katz
-- mo...@ymkatz.net
-- +1(301)867-3732
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Any experience with http://www.aliexpress.com/store/product/Compact-1U-router-server-firewall-server-with-MINI-ITX-Six-Gigabit-LANs-motherboard/908909_583033075.html

[Jason Pyeron]

I am looking to build another gigabit router/firewall and I saw this [1] 
platform.

Has anyone run pfSense on it?

-Jason

1: 
http://www.aliexpress.com/store/product/Compact-1U-router-server-firewall-server-with-MINI-ITX-Six-Gigabit-LANs-motherboard/908909_583033075.html

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Upgrade to 2.1.5 looses packages

[Odette Nsaka]

Hi all,

  I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the 
packages are not reinstalled.

This certanly does not mean that the project is not growing better than one 
could expect.

Thank you again! 

-- 
Odette Nsaka
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Cannot go to HTTPS sites using WAN interface

[Walter Parker]

Yes, check to make sure that the WebConsole interface (on 443) is not
conflicting with with your other rules.


Check for allow/deny rules in both Squid and pfSense to make sure that you
don't have a conflict.

On Tue, Sep 9, 2014 at 1:34 PM, Satvinder Singh 
satvinder.si...@nc4worldwide.com wrote:

  Hi,

  In my setup I am using WAN interface as a DMZ. I have Squid3 and
 SquidGuard3 installed for proxy. When I try to access a https site using
 LAN interface IP as proxy address it works. But if I try to access a HTTPS
 site using DMZ IP (WAN IP) I am not able to access HTTPS sites. The same
 site responds fine in http but not in https. I have Squid servicing the DMZ
 interface, the Rule is in place in the firewall. Anything I am overlooking?

  Thanks
Satvinder Singh
 Security Systems Engineer
 satvinder.si...@nc4worldwide.com
 804.744.9630 x273 direct
 703.989.8030 cell
 www.NC4worldwide.com

  http://www.linkedin.com/company/nc4
 Disclaimer: This message is intended only for the use of the individual or
 entity to which it is addressed and may contain information which is
 privileged, confidential, proprietary, or exempt from disclosure under
 applicable law. If you are not the intended recipient or the person
 responsible for delivering the message to the intended recipient, you are
 strictly prohibited from disclosing, distributing, copying, or in any way
 using this message. If you have received this communication in error,
 please notify the sender and destroy and delete any copies you may have
 received.

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list




-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] GUI Auto Update updates to image with wrong console type

[Karl Fife]

That's partly consistent with our observations so far.  The 
configurations of ALL the previously cited installs followed upgrade 
paths through 2.0.3.  However we can confirm for at least two of the 
migrated configurations that the serial ports were working properly on v 
2.1.3 when their configurations were first moved TO the Lanner FW5741D 
platform from 1. Soekris 5501, and 2. VMX-9 on ESXi.


So in our case, while all passed through 2.0.3, the 2.1.3-2.1.4 
Auto-update was perfectly correlated with onset.


In our observation:
2.1.4-2.1.5 auto-update did not remedy the issue in any cases,
2.1.4-2.1.5 (manual) remedied the issue
2.1.5-2.1.5 (manual) remedied the issue

-K

On 9/9/2014 11:04 AM, Jeremy Porter wrote:

Two things would be helpful, did the system start as a clean 2.1.4 or
was it upgraded from a previous version, if so what versions?
I've seen a couple of odd cases, but usually where a system was upgraded
several times.  There might have been an issue around 2.03(p1) or so.
We haven't been able to replicate the problem in the lab, so its
possible there is a specific upgrade path that errors.


On 9/9/2014 7:21 AM, Vick Khera wrote:

To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade.

On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote:

On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote:

Has anyone else observed that the serial console stops working after a
WebGUI update?

On my ALIX home office router, the serial console disappeared until I
did a second reboot. On my higher-end routers running on real
computers there was no problem with the serial port consoles.

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] NAT with dual WAN (fwd)

[Joe Laffey]

Hi,

I have one machine on the DMZ that listens to two different private ips. Let's 
say 192.168.0.10 and 192.168.0.20.


I have a dual wan setup and would like to 1:1 NAT in to those two ips from the 
two different  WAN subnets (say 192.168.10.0/24 and 192.168.20.0/24).


So:

A) Packets coming in from WAN1 for 192.168.10.10 should go to 192.168.0.10

B) Packets coming in from WAN2 for 192.168.20.20 should go to 192.168.0.20


I have A) above working fine using 1:1 NAT and a Carp Virtual IP. However, when 
I try the same thing with WAN2 it does not work.


I have the virtual IPs and 1:1 NAT setup the same for both.

Any thoughts? Is this possible? (Pfsense 1.2.3)

Thanks in advance...


--
Joe Laffey
The Stable
Visual Effects
http://TheStable.tv/?e35661M/
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Upgrade to 2.1.5 looses packages

[Ryan Coleman]

I suspect it might be your specific configuration - all 8 of mine automatically 
patched the packages.

What specific ALIX hardware are you using?


On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote:

 Hi all,
 
  I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the 
 packages are not reinstalled.
 
 This certanly does not mean that the project is not growing better than one 
 could expect.
 
 Thank you again! 
 
 -- 
 Odette Nsaka
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Develop Applications for pfseu

[Ryan Coleman]

Hi Tom!

You would be better suited contacting Electric Sheep Fencing 
(http://www.electricsheepfencing.com/) directly for your how-to but you can 
start with a few basic concepts:
1) This system is running FreeBSD 8.3 at present (future systems may be running 
FreeBSD 9 or 10)
2) Your best option would be SQLite and PHP - why? because I’ve been developing 
in PHP since 2.3 days (current deployment is 5.5 but I am not sure what version 
is installed and supported on the system)  and it’s pretty darn user friendly.
3) I would steer clear of C for one specific reason: it’s a royal pain in the 
butt and most of your needs should be capable with PHP.

Something to take note of is that not all installations are the same. Most of 
my clients run on AMD Geode processors. My two firewalls at home are running on 
Xeon 6-core VMs in VMWare ESXi, some people are running on dual and quad core 
CPUs. RAM ranges from a minimum of 256MB on those supported ALIX boards (I’m 
sure someone will correct me if I am wrong on this) up beyond 4GB (on the new 
APU boards and VMs and other systems). Others have installed the software on 
different desktop PCs running as dedicated systems - I have one such that is 
running on an old Dell P4 with Hyper Threading.

What experience do you have in application development - both desktop and web?

—
Ryan
Publisher, d3photography.com



On Sep 9, 2014, at 22:39, Tom Mody bug29...@gmail.com wrote:

 Hi,
 I have worked on pfsense this summer and I am really interested in developing 
 apps for packet analysing , 
 I have pfsense apps source code from github but didn't get how to work with it
 Please help me , how can I start writing apps for pfsense 
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list