Re: [pfSense] GUI Auto Update updates to image with wrong console type
To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade. On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote: On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote: Has anyone else observed that the serial console stops working after a WebGUI update? On my ALIX home office router, the serial console disappeared until I did a second reboot. On my higher-end routers running on real computers there was no problem with the serial port consoles. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] GUI Auto Update updates to image with wrong console type
On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote: Has anyone else observed that the serial console stops working after a WebGUI update? On my ALIX home office router, the serial console disappeared until I did a second reboot. On my higher-end routers running on real computers there was no problem with the serial port consoles. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] questions about carp/xmlrpc
hi, i'm currently migrating a dual wan setup from a custom linux active/standby dual fw setup to pfsense with pfsync, xmlrpc carp. the first problem i'm facing is that for some reason the backup node always tries to assign the some virtual ip's to the wrong interfaces (with the result beeing an error message). while it works if i correct it manually, is there a way to influence which VIP's are assigned to which interface when using xmlrpc sync? the second question is also related to virtual ip's: is there a way to configure a failover for the second wan interface, if there is only one ip assigned to me by the isp? thx regards, albert signature.asc Description: Digital signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] questions about carp/xmlrpc
On 9 Sep 2014, at 14:01, Albert Dengg alb...@fsfe.org wrote: the second question is also related to virtual ip's: is there a way to configure a failover for the second wan interface, if there is only one ip assigned to me by the isp? My understanding (and this isn’t limited to pfSense - I’ve seen the same thing using linux-ha, heartbeat, CARP, etc.) is that you need a minimum of 3 (usable) IPs to achieve what you’re looking for, so in effect you’ll need your service provider to offer you a /29 range (assuming their gateway is assigned one of those IPs). I suppose you could fake it by running NAT on whatever equipment your ISP provides, but then you’ll end up with a double NAT situation, and that’s horrible :-) Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] questions about carp/xmlrpc
On 9 Sep 2014, at 14:46, Albert Dengg alb...@fsfe.org wrote: that however still leaves with the problem of the interface mixups for my internal networks, where the sync tries to assignt the virtual ip's to the wrong interfaces…. Is your hardware (and interface names) identical across both your primary and secondary members? Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Flutterling WAN in dual wan setup
Hi All, Its a very stormy day today and one of my WAN conenctions in a dual WAN setup is fluttering on and off. I have it set up in a priority group with the WAN that is fluttering first and the other second, and I have it set to fail over on packet loss. My issue is that I will get loss for a few seconds and then it comes back online. The PFsense box seems to only switch to the back up while the other wan is actually having loss, with no timer afterward. My question, is can I set it so if packet loss is detected it stays on the backup line for say an hour and then switches back over? Or better yet each packet loss event starts a timer and it doesn't switch back until an hour after the last event? Thanks! -Jon -- Jonathan Munford Director of Technology New London School District New London, IA 52645 Office: (319) 367-0512 x102 jon.munf...@nlcsd.org jomun...@new-london.k12.ia.us http://www.new-london.k12.ia.us -- Confidentiality Statement: This message is intended only for the use of the Addressee and may contain information that is PRIVILEGED and CONFIDENTIAL. If you are not the intended recipient, dissemination of this communication is prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify the sender immediately. Thank you. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Triple WAN
Chris Bagnall wrote: I tend to work on the principle of sending your ‘I care about latency’ traffic down one connection: SIP, mail, SSH and various streaming protocols are the ones I normally separate - you may have others to consider. I then create a gateway group for the other two connections in a standard round robin load balance. Would you mind giving a few examples how you do this exactly? I have absolutely no control over the clients on one of my LANs (open hostel wifi), and people tend to saturate my 4 WANs If you can easily separate your clients out on the LAN side, you can go a step further: in one of the offices we supply, floor 1 is balanced across WANs 1 and 3; floor 2 is balanced across WANs 2 and 4. These methods are all to prevent one single client saturating the connectivity into a building. You’ll have to do some experimentation to find out what works best in your environment. One final word of advice: send HTTPS connections down a single WAN. Many ‘secure’ sites will expire sessions if connections come from different IPs and your clients will get upset very quickly if they’re having to re-login to online services every few minutes. That's the only part I figured out myself, all https is from 3 different LANs is going down one WAN connection. Thanks a lot! Ben ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] GUI Auto Update updates to image with wrong console type
Two things would be helpful, did the system start as a clean 2.1.4 or was it upgraded from a previous version, if so what versions? I've seen a couple of odd cases, but usually where a system was upgraded several times. There might have been an issue around 2.03(p1) or so. We haven't been able to replicate the problem in the lab, so its possible there is a specific upgrade path that errors. On 9/9/2014 7:21 AM, Vick Khera wrote: To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade. On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote: On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote: Has anyone else observed that the serial console stops working after a WebGUI update? On my ALIX home office router, the serial console disappeared until I did a second reboot. On my higher-end routers running on real computers there was no problem with the serial port consoles. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Port forward with a schedule
Hello Is there a way to put a schedule onto a port forward rule like you can with a filter rule? If I give a port forward's associated filter rule a schedule then the port forward still applies even when the schedule disables the filter rule. Thanks ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Port forward with a schedule
On Tue, Sep 9, 2014 at 1:46 PM, Peter Henning peter.henn...@gmail.com wrote: Hello Is there a way to put a schedule onto a port forward rule like you can with a filter rule? If I give a port forward's associated filter rule a schedule then the port forward still applies even when the schedule disables the filter rule. Thanks Peter, It's probably not the most elegant of solutions, but you could try putting in a *deny* rule for the times that you do not want to allow access. Just make sure that it is higher up in the rules list than the allow rule is. Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Any experience with http://www.aliexpress.com/store/product/Compact-1U-router-server-firewall-server-with-MINI-ITX-Six-Gigabit-LANs-motherboard/908909_583033075.html
I am looking to build another gigabit router/firewall and I saw this [1] platform. Has anyone run pfSense on it? -Jason 1: http://www.aliexpress.com/store/product/Compact-1U-router-server-firewall-server-with-MINI-ITX-Six-Gigabit-LANs-motherboard/908909_583033075.html -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Upgrade to 2.1.5 looses packages
Hi all, I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the packages are not reinstalled. This certanly does not mean that the project is not growing better than one could expect. Thank you again! -- Odette Nsaka ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Cannot go to HTTPS sites using WAN interface
Yes, check to make sure that the WebConsole interface (on 443) is not conflicting with with your other rules. Check for allow/deny rules in both Squid and pfSense to make sure that you don't have a conflict. On Tue, Sep 9, 2014 at 1:34 PM, Satvinder Singh satvinder.si...@nc4worldwide.com wrote: Hi, In my setup I am using WAN interface as a DMZ. I have Squid3 and SquidGuard3 installed for proxy. When I try to access a https site using LAN interface IP as proxy address it works. But if I try to access a HTTPS site using DMZ IP (WAN IP) I am not able to access HTTPS sites. The same site responds fine in http but not in https. I have Squid servicing the DMZ interface, the Rule is in place in the firewall. Anything I am overlooking? Thanks Satvinder Singh Security Systems Engineer satvinder.si...@nc4worldwide.com 804.744.9630 x273 direct 703.989.8030 cell www.NC4worldwide.com http://www.linkedin.com/company/nc4 Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] GUI Auto Update updates to image with wrong console type
That's partly consistent with our observations so far. The configurations of ALL the previously cited installs followed upgrade paths through 2.0.3. However we can confirm for at least two of the migrated configurations that the serial ports were working properly on v 2.1.3 when their configurations were first moved TO the Lanner FW5741D platform from 1. Soekris 5501, and 2. VMX-9 on ESXi. So in our case, while all passed through 2.0.3, the 2.1.3-2.1.4 Auto-update was perfectly correlated with onset. In our observation: 2.1.4-2.1.5 auto-update did not remedy the issue in any cases, 2.1.4-2.1.5 (manual) remedied the issue 2.1.5-2.1.5 (manual) remedied the issue -K On 9/9/2014 11:04 AM, Jeremy Porter wrote: Two things would be helpful, did the system start as a clean 2.1.4 or was it upgraded from a previous version, if so what versions? I've seen a couple of odd cases, but usually where a system was upgraded several times. There might have been an issue around 2.03(p1) or so. We haven't been able to replicate the problem in the lab, so its possible there is a specific upgrade path that errors. On 9/9/2014 7:21 AM, Vick Khera wrote: To be clear, this only happened to me on the 2.1.4 - 2.1.5 upgrade. On Tue, Sep 9, 2014 at 8:20 AM, Vick Khera vi...@khera.org wrote: On Mon, Sep 8, 2014 at 8:05 PM, Karl Fife karlf...@gmail.com wrote: Has anyone else observed that the serial console stops working after a WebGUI update? On my ALIX home office router, the serial console disappeared until I did a second reboot. On my higher-end routers running on real computers there was no problem with the serial port consoles. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] NAT with dual WAN (fwd)
Hi, I have one machine on the DMZ that listens to two different private ips. Let's say 192.168.0.10 and 192.168.0.20. I have a dual wan setup and would like to 1:1 NAT in to those two ips from the two different WAN subnets (say 192.168.10.0/24 and 192.168.20.0/24). So: A) Packets coming in from WAN1 for 192.168.10.10 should go to 192.168.0.10 B) Packets coming in from WAN2 for 192.168.20.20 should go to 192.168.0.20 I have A) above working fine using 1:1 NAT and a Carp Virtual IP. However, when I try the same thing with WAN2 it does not work. I have the virtual IPs and 1:1 NAT setup the same for both. Any thoughts? Is this possible? (Pfsense 1.2.3) Thanks in advance... -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e35661M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Upgrade to 2.1.5 looses packages
I suspect it might be your specific configuration - all 8 of mine automatically patched the packages. What specific ALIX hardware are you using? On Sep 9, 2014, at 16:10, Odette Nsaka odette.ns...@libero.it wrote: Hi all, I've found that on all the ALIXs I'm upgrading from 2.1.4 to 2.1.5, the packages are not reinstalled. This certanly does not mean that the project is not growing better than one could expect. Thank you again! -- Odette Nsaka ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Develop Applications for pfseu
Hi Tom! You would be better suited contacting Electric Sheep Fencing (http://www.electricsheepfencing.com/) directly for your how-to but you can start with a few basic concepts: 1) This system is running FreeBSD 8.3 at present (future systems may be running FreeBSD 9 or 10) 2) Your best option would be SQLite and PHP - why? because I’ve been developing in PHP since 2.3 days (current deployment is 5.5 but I am not sure what version is installed and supported on the system) and it’s pretty darn user friendly. 3) I would steer clear of C for one specific reason: it’s a royal pain in the butt and most of your needs should be capable with PHP. Something to take note of is that not all installations are the same. Most of my clients run on AMD Geode processors. My two firewalls at home are running on Xeon 6-core VMs in VMWare ESXi, some people are running on dual and quad core CPUs. RAM ranges from a minimum of 256MB on those supported ALIX boards (I’m sure someone will correct me if I am wrong on this) up beyond 4GB (on the new APU boards and VMs and other systems). Others have installed the software on different desktop PCs running as dedicated systems - I have one such that is running on an old Dell P4 with Hyper Threading. What experience do you have in application development - both desktop and web? — Ryan Publisher, d3photography.com On Sep 9, 2014, at 22:39, Tom Mody bug29...@gmail.com wrote: Hi, I have worked on pfsense this summer and I am really interested in developing apps for packet analysing , I have pfsense apps source code from github but didn't get how to work with it Please help me , how can I start writing apps for pfsense ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list