Re: [pfSense] Gateway failures, how to access everything behind it still so that I can debug?
1 - 2nd provider is the preferred method 2 - straighttalk Sim / USB dongle 3 - good ole dialup modem terminal server -> serial On Jun 18, 2015 12:15 PM, Chuck Mariotti wrote: > > I have a datacenter, with a reliable connection. > > If there is a gateway failure, how are people getting into their networks to > admin stuff still? I was thinking a basic laptop with Teamviewer and maybe a > 4G/LTE stick... but is that the correct way to go? > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] blocking torrents and web based https proxies
Procera Packet Logic works very well, also the IPOQUE Pace engine is good at blocking as well. Inside vpns though? Not going to happen, even with a very good DPI engine. On March 27, 2015 1:56:26 AM AKDT, Ivo Tonev wrote: >You can block torrents with suricata. Works 100%. Install the package >and >activate all p2p rules. > >For web proxies you can use squid+(squidguard with >http://www.urlblacklist.com/ ) and force everyone to use your proxy. > >On Thu, Mar 26, 2015 at 11:44 PM, Sean wrote: > >> Torrent traffic: maybe with a good L7 filter (not tried this myself). >> But HTTPS proxies and SSL VPN's forget about it. >> It's a game of whack-a-mole. As soon as you squash one, three more >will >> pop-up. >> You can't block SSL. You'd need to get a real web filtering solution >and >> by that I mean a service that constantly updates with new content and >> category definitions. >> Barracuda, Iron Port, Websense, to name a few companies. It's still >a >> game of whack-a-mole but you're paying them to do it. It still won't >get >> them all but it will get you hopefully into the 99% range. >> >> There would likely still be outliers, SSH tunnels and people clever >enough >> to setup tunnels on non-standard ports and protocols that wouldn't be >> monitored. >> >> I'd be happy to be wrong and welcome a correction from someone who >knows >> more about it on this list (there are plenty of them). >> >> On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed > >> wrote: >> >>> Hi Guys, >>> >>> >>> >>> I am managing a 1000+ university network. pfsense is working fine. >The >>> only problem I have is that the students bypass all the security >with web >>> vpn’s and free https proxies. So I would like to know that if there >is an >>> effective way to block https web proxies, web based VPN and >encrypted >>> torrent traffic? >>> >>> >>> >>> Regards, >>> >>> Riz >>> >>> ___ >>> pfSense mailing list >>> https://lists.pfsense.org/mailman/listinfo/list >>> Support the project with Gold! https://pfsense.org/gold >>> >> >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > > > >-- >Ivo R. Tonev >+55 61 8409-2642 >i...@tonev.com.br > > > > >___ >pfSense mailing list >https://lists.pfsense.org/mailman/listinfo/list >Support the project with Gold! https://pfsense.org/gold -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] More ports
A 260GS will do vlans just fine. Mikrotik does have weird firmware bugs, consider every software release "beta". It's simply learning the difference between what's broken in one version vs another version. The hardware is decent though, and it will do the trick for what you want to do. josh reynolds :: chief information officer spitwspots :: www.spitwspots.com On 12/13/2014 05:31 PM, Bob Gustafson wrote: This is even cheaper: 5 G ports for $36. It is 'managed' but you need to dig deep into the configuration. A manual is available on-line -> http://wiki.mikrotik.com/wiki/SwOS http://www.balticnetworks.com/mikrotik-routerboard-rb-260gs-complete-with-enclosure-and-power-supply-fiber-enabled.html I have one, but haven't dug very deep. Don't know if it will do your VLAN Bob G On 12/13/2014 08:06 PM, Chris Bagnall wrote: On 14/12/14 1:56 am, Brian Caouette wrote: I believe this apu4 has 3 gig ports. I'm curious if i can plug one into and old hub i have to give me more. More physical ports, yes. More interfaces in pfSense, no. If you want the latter, you'll need a VLAN-capable switch. But things like the HP 1810-8G (gigabit on all 8 ports) are so cheap these days you might prefer just to buy new. Also if the hub is 100 meg will it bring down the lan port or just affect this one port and everything on the old hub? Only everything attached to it - the other ports on the APU wouldn't be affected. But see above, I don't think it's going to give you what you want (more interfaces to configure, I presume). In the future I'd like to get a gig switch and pull cat 5 thru the house to complement the wireless. Is there an advantage to a managed switch? I'm not sure what I'd gain with it? VLAN capability and ability to enable/disable ports remotely are the obvious ones in a small network. In larger networks, things like span ports (for IDS), 802.11x port authentication (to stop people plugging dodgy things into your network), LACP (bonding links between switches), flow control, etc. etc. make managed switches worth their weight in gold. As above, though, the cost difference between a decent (light-) managed switch and an unmanaged switch is pretty negligible these days, so there's only a very marginal cost saving to be made, and you never know when those management features come in really handy. I use an HP 2510-24G at home, which is probably an overkill. The cheaper 1810-24G has the basic management capabilities listed above, and is fanless, which makes it a good choice for a home or small office environment. (I've listed HP models because that's what I've experience with, no doubt other manufacturers have similar models. Just watch out for some of the cheap Netgears that claim to be 'managed' (model beginning J I think) - they have a horrible Adobe Air management app that only works from a Windows PC, and only on the subnet the device is connected to) Kind regards, Chris ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] APU and SSD: full install or NanoBSD
Every data I've seen on "them sucking" has to do specifically with NTFS, which the newly released firmware update is supposed to fix. We are using 840Evo's in all of our storage arrays, and haven't seen any issues(EXT4/ZFS). Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/30/2014 07:33 AM, Jim Thompson wrote: On Oct 30, 2014, at 9:28 AM, Jeppe Øland <mailto:jol...@gmail.com>> wrote: 3 year old Kingston SSDs are not like new Kingston SSDs. Agreed. On the other hand, I tend to distrust manufacturers that shipped completely unreliable drives without any thought. Kingston/OCZ/Crucial are all in this boat for me. I’m sure I’ve been burned at least as badly by these, and others, and I still buy from them. Samsung 840s are the darling of the “cheap, fast SSD” and they turn out to suck, too: http://www.pcper.com/news/Storage/Samsung-Germany-acknowledges-840-Basic-performance-slow-down-promises-fix As for Nano, I thought it mounted almost everything as RO and only changed settings to write down settings changes, and RRD databases etc on reboots? I think I’ve already responded to this. nano is a > 10 year old “solution” to the problems that existed at the time. http://markmail.org/message/rxe4xfpmdwva7q3e That doesn’t mean it’s a bad solution, but though it’s author is a brilliant individual, he obviously didn’t envision SSD in 2004. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
It's not your "fault", it's "my fault". I made an apparently poor assumption that the info might be useful to people on this list in a small-blurb format. Useful or not, it caused extra background noise. I'd perfer to let this /offtopic end, if you will. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/24/2014 03:07 PM, Ryan Coleman wrote: I did ask the reply to be off-list… On Oct 24, 2014, at 17:57, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: "You said it, man. Nobody fucks with the Jesus." Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 02:54 PM, Jim Thompson wrote: Josh, First, did you not read the part where I said, "(At least not until we make pfSense available on Ubiquiti platforms.)” ?? Note that I’ve *always* said that pfSense software on the ERL will occur *after* (emphasis: **AFTER**) the regular 2.2 release. WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART? I just want to be clear. A-F-T-E-R Now, since you asked, There is currently an upstream problem with the (MIPS) toolchain. Once we have that sorted, the effort will resume. We’re also in a (much) deeper relationship with Cavium now, so there is a possibility that we can put some of the acceleration bits in with time. Frankly, there is an internal build of pfSense software for the Beaglebone Black, too. Not that we’re planning on selling BBB (though Netgate will be selling same) with pfSense software pre-loaded, but it does allow us to work out the kinks in the process to support architectures other than i386 and amd64. But this is all still very back-burner compared to the effort to get pfSense 2.2 to a RELEASEd status. The lizard has spoken. Jim On Oct 24, 2014, at 5:37 PM, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: Shouldn't the EdgeRouter lite support pfsense with the 2.2 release? Your own post: "When what I'm trying to do is make pfSense available on an inexpensive platform. It should perform better than an Alix, even without the private-SDK stunts. Jim" from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 10:14 AM, Jim Thompson wrote: This list is not about Ubiquiti. (At least not until we make pfSense available on Ubiquiti platforms.) Please take the discussion elsewhere. jim On Oct 24, 2014, at 12:38 PM, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: I am the CIO of a WISP who uses their products, and does a lot of alpha/beta testing for them and other vendors... I may be a little biased. The M series gear is pretty good kit for point to point or point to multi point applications. AirFiber is great for ~10 mile or less shots, with bandwidth a little over 765Mbps full duplex on short range shots with the AF24. The new UniFi products are looking good, basically localor remote "cloud" managed routers, switches, access points, and phones, with plans to fold the unifi-video line directly in, as well as the mFi sensor line into the same interface. The camera hardware is getting better, but the native camera feature set needs work... I can't seem to get it pounded into peoples heads that RTSP and cookieless jpg snapshots should be native on the cameras themselves. 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like to see more work done on the HA front- I need more than VRRP. The QoS engine and firewall engines could both stand to be rebuilt, and might be in the fairly near future. The standard 8 port edgerouter and edgerouter pro models are pretty nice. I'm excited to see how the "carrier" and other future models turn out. There-- that's a quick writeup that should be useful for people on this list. Did Thompson molt yet? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 05:53 AM, Ryan Coleman wrote: I presume UBNT is Ubiquiti? I'm probably going to start testing their hardware for other applications (I work in the video surveillance industry as well as high capacity wifi) and I'd be curious to get some pros/cons from those who know... so please email me off list (so as not to offend the other Thompson on the list... he might molt on me anyway). Sliante! On 10/24/2014 4:03 AM, Adam Thompson wrote: [One public correction, nothing to do with Godwin's law! -Adam] On 14-10-23 08:36 PM, Jim Thompson wrote: Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I wrote that. I could also use
Re: [pfSense] pfsense h/w
"You said it, man. Nobody fucks with the Jesus." Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/24/2014 02:54 PM, Jim Thompson wrote: Josh, First, did you not read the part where I said, "(At least not until we make pfSense available on Ubiquiti platforms.)” ?? Note that I’ve *always* said that pfSense software on the ERL will occur *after* (emphasis: **AFTER**) the regular 2.2 release. WAIT, BACK UP. DID YOU READ THE */_AFTER_/* PART? I just want to be clear. A-F-T-E-R Now, since you asked, There is currently an upstream problem with the (MIPS) toolchain. Once we have that sorted, the effort will resume. We’re also in a (much) deeper relationship with Cavium now, so there is a possibility that we can put some of the acceleration bits in with time. Frankly, there is an internal build of pfSense software for the Beaglebone Black, too. Not that we’re planning on selling BBB (though Netgate will be selling same) with pfSense software pre-loaded, but it does allow us to work out the kinks in the process to support architectures other than i386 and amd64. But this is all still very back-burner compared to the effort to get pfSense 2.2 to a RELEASEd status. The lizard has spoken. Jim On Oct 24, 2014, at 5:37 PM, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: Shouldn't the EdgeRouter lite support pfsense with the 2.2 release? Your own post: "When what I'm trying to do is make pfSense available on an inexpensive platform. It should perform better than an Alix, even without the private-SDK stunts. Jim" from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 10:14 AM, Jim Thompson wrote: This list is not about Ubiquiti. (At least not until we make pfSense available on Ubiquiti platforms.) Please take the discussion elsewhere. jim On Oct 24, 2014, at 12:38 PM, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: I am the CIO of a WISP who uses their products, and does a lot of alpha/beta testing for them and other vendors... I may be a little biased. The M series gear is pretty good kit for point to point or point to multi point applications. AirFiber is great for ~10 mile or less shots, with bandwidth a little over 765Mbps full duplex on short range shots with the AF24. The new UniFi products are looking good, basically localor remote "cloud" managed routers, switches, access points, and phones, with plans to fold the unifi-video line directly in, as well as the mFi sensor line into the same interface. The camera hardware is getting better, but the native camera feature set needs work... I can't seem to get it pounded into peoples heads that RTSP and cookieless jpg snapshots should be native on the cameras themselves. 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like to see more work done on the HA front- I need more than VRRP. The QoS engine and firewall engines could both stand to be rebuilt, and might be in the fairly near future. The standard 8 port edgerouter and edgerouter pro models are pretty nice. I'm excited to see how the "carrier" and other future models turn out. There-- that's a quick writeup that should be useful for people on this list. Did Thompson molt yet? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 05:53 AM, Ryan Coleman wrote: I presume UBNT is Ubiquiti? I'm probably going to start testing their hardware for other applications (I work in the video surveillance industry as well as high capacity wifi) and I'd be curious to get some pros/cons from those who know... so please email me off list (so as not to offend the other Thompson on the list... he might molt on me anyway). Sliante! On 10/24/2014 4:03 AM, Adam Thompson wrote: [One public correction, nothing to do with Godwin's law! -Adam] On 14-10-23 08:36 PM, Jim Thompson wrote: Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I wrote that. I could also use UBNT's competitor, MikroTik, as a good example of how to build decent products the wrong way, but Brocade was my target here. You're a paragon of open-source stewardship in comparison! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list ___ List mail
Re: [pfSense] pfsense h/w
Shouldn't the EdgeRouter lite support pfsense with the 2.2 release? Your own post: "When what I'm trying to do is make pfSense available on an inexpensive platform. It should perform better than an Alix, even without the private-SDK stunts. Jim" from: http://lists.pfsense.org/pipermail/dev/2013-November/000448.html Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/24/2014 10:14 AM, Jim Thompson wrote: This list is not about Ubiquiti. (At least not until we make pfSense available on Ubiquiti platforms.) Please take the discussion elsewhere. jim On Oct 24, 2014, at 12:38 PM, Josh Reynolds <mailto:j...@spitwspots.com>> wrote: I am the CIO of a WISP who uses their products, and does a lot of alpha/beta testing for them and other vendors... I may be a little biased. The M series gear is pretty good kit for point to point or point to multi point applications. AirFiber is great for ~10 mile or less shots, with bandwidth a little over 765Mbps full duplex on short range shots with the AF24. The new UniFi products are looking good, basically localor remote "cloud" managed routers, switches, access points, and phones, with plans to fold the unifi-video line directly in, as well as the mFi sensor line into the same interface. The camera hardware is getting better, but the native camera feature set needs work... I can't seem to get it pounded into peoples heads that RTSP and cookieless jpg snapshots should be native on the cameras themselves. 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like to see more work done on the HA front- I need more than VRRP. The QoS engine and firewall engines could both stand to be rebuilt, and might be in the fairly near future. The standard 8 port edgerouter and edgerouter pro models are pretty nice. I'm excited to see how the "carrier" and other future models turn out. There-- that's a quick writeup that should be useful for people on this list. Did Thompson molt yet? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com/> On 10/24/2014 05:53 AM, Ryan Coleman wrote: I presume UBNT is Ubiquiti? I'm probably going to start testing their hardware for other applications (I work in the video surveillance industry as well as high capacity wifi) and I'd be curious to get some pros/cons from those who know... so please email me off list (so as not to offend the other Thompson on the list... he might molt on me anyway). Sliante! On 10/24/2014 4:03 AM, Adam Thompson wrote: [One public correction, nothing to do with Godwin's law! -Adam] On 14-10-23 08:36 PM, Jim Thompson wrote: Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I wrote that. I could also use UBNT's competitor, MikroTik, as a good example of how to build decent products the wrong way, but Brocade was my target here. You're a paragon of open-source stewardship in comparison! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
I am the CIO of a WISP who uses their products, and does a lot of alpha/beta testing for them and other vendors... I may be a little biased. The M series gear is pretty good kit for point to point or point to multi point applications. AirFiber is great for ~10 mile or less shots, with bandwidth a little over 765Mbps full duplex on short range shots with the AF24. The new UniFi products are looking good, basically localor remote "cloud" managed routers, switches, access points, and phones, with plans to fold the unifi-video line directly in, as well as the mFi sensor line into the same interface. The camera hardware is getting better, but the native camera feature set needs work... I can't seem to get it pounded into peoples heads that RTSP and cookieless jpg snapshots should be native on the cameras themselves. 1M pps routing for $99 on an edgerouter-lite ain't a bad gig. I'd still like to see more work done on the HA front- I need more than VRRP. The QoS engine and firewall engines could both stand to be rebuilt, and might be in the fairly near future. The standard 8 port edgerouter and edgerouter pro models are pretty nice. I'm excited to see how the "carrier" and other future models turn out. There-- that's a quick writeup that should be useful for people on this list. Did Thompson molt yet? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/24/2014 05:53 AM, Ryan Coleman wrote: I presume UBNT is Ubiquiti? I'm probably going to start testing their hardware for other applications (I work in the video surveillance industry as well as high capacity wifi) and I'd be curious to get some pros/cons from those who know... so please email me off list (so as not to offend the other Thompson on the list... he might molt on me anyway). Sliante! On 10/24/2014 4:03 AM, Adam Thompson wrote: [One public correction, nothing to do with Godwin's law! -Adam] On 14-10-23 08:36 PM, Jim Thompson wrote: Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. That wasn't a dig at you or ESF or NG - I was thinking of Brocade when I wrote that. I could also use UBNT's competitor, MikroTik, as a good example of how to build decent products the wrong way, but Brocade was my target here. You're a paragon of open-source stewardship in comparison! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense h/w
I'm very intrigued as to what happened with UBNThere, as Robert, Stig, and An-Cheng's phone numbers are all in my contact list. I've called them out on concerns over their gpl tarball and (fairly recent) lack of SDK as well, but then again, I've also called out MikroTik... which they've ignored. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/23/2014 05:36 PM, Jim Thompson wrote: On Oct 23, 2014, at 7:48 PM, Adam Thompson wrote: [Hmm... half of this doesn't need to be on-list. Sorry if I'm polluting. -Adam] On 14-10-23 05:57 PM, Jim Thompson wrote: I get that Jim rubs a lot of people the wrong way (myself included), Darn, you’d think that sharing a last name would count for something... Sorry, no. ;-) Kind of in the same way Theo de Raadt rubs people the wrong way. Wow. You just compared me to Theo. I’m done. Anyone want to buy a firewall company? It’s either that, or I invoke Godwin’s law. (Or its corollary, “Thompson’s Law”: That the thread is over once someone compares one of the participants to Mr. de Raadt.) (It’s left to you to decide who gets the eponymous glory.) Mostly just idiots & newbies take offense. And it's mostly driven, I think, by having your lifetime supply of tolerance for people who speak first and think second be long-since exhausted. So as long as you don't start saying incorrect or technically-invalid things, your audience sticks around. See closing comments, below. I think some people are waiting for “the other shoe to drop”. For us to take the pfSense project in a direction similar to what happened with Vyatta. Yeah... it's a possibility. OTOH, I'll point out that UBNT essentially forked Vyatta (and renamed it "EdgeOS", IIRC) when Brocade started to close it all up. Not that UBNT is a paragon of openness, either, “either”? Wow. Strike 2. You probably don’t want to know that Jamie and I nearly bought Ubiquiti from Mr. Pera, or that we let the company live when he owed us a pile of cash. I’m not going into details, but Ubiquiti did violate Vyatta’s license, got called on it, and had to reverse direction for a bit. but that's the benefit of the appropriate license - everyone can feel free to copy (or fork!) pfSense from any of the multitude of places it lives online right now, and feel free to burn it to archival WORM media Just In Case Something Bad Happens To The Project. As Jim pointed out, however, when you resurrect it (and somehow replace all the infrastructure and developers in one fell swoop, *ahem*), you can't call your new project pfSense. You can have an FAQ entry explaining how it used to be pfSense, you can even leave the GIT, or SVN, or even SCCS repository up as-is with the pfSense name throughout it, but as soon as you create a derivative work: new project. ... pfSense is going closed source, Technically, this could happen, but realistically, someone will probably fork it. And that project will likely die out or remove itself from public participation, as these things tend to do. For that matter, remember that pfSense is (sort of) a fork of m0n0wall from a decade ago in the first place. For different reasons, but nonetheless. As if I didn’t know, had forgotten, or wish people would forget. Just in-case you have forgotten, Netgate originally shipped m0n0wall on WRAP boards, then cut-over to pfSense quite early after the fork. and Jim Thompson is actually a blood thirsty, extra-terrestrial, shapeshifting reptile. Well, that explains a few things! It explains everything, actually. Finally, I think there is still a segment of the community who views me with distrust because I put a license agreement and contributor agreement in front of access to the source code for the pfSense project. We didn’t articulate the reasons for doing this very well, and the execution when we did it wasn’t … optimal. I wasn't affected by that, and - AFAIK - neither were most of the people who whine and cadge about a commercial entity being involved. I don't recall what the license used to be, but clearly the current one is a custom license that doesn't even attempt to follow the UCB/BSD license. As long as ESF covered all their legal bases properly, they can do whatever the f*** they want with the license. I can see how old contributors might not like the new CLA, though. And I don't know of any project that has ever pivoted on a license change this way ... optimally. There is an agreement that allows access to the pfsense-tools repo. As pre-requisite to that agreement, a contributor agreement must be in-place. Once you have the code, you’ll find the license in the individual files to be the same as it always was (mostly BSD 3 clause, but there are a smattering of other files.) Doesn’t matter, you already agreed to the
Re: [pfSense] HAVP and Netflix
silverlight? Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 10/12/2014 06:46 PM, Brian Caouette wrote: What would cause Netflix to fail when HAVP is active? The box to check streaming is not checked. Sent from my iPad ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OT: Good network switch for 10 machines?
interesting note: web documentation is actually built into the guiusing the "?" in the upper right for each page you are on (edgeswitch) Ubiquiti isn't big on documentation, mainly because they change software feature-sets/versions so quickly. I'm not saying that's good or bad, just saying how things are :) Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 09/25/2014 10:53 AM, Mathieu Simon (Lists) wrote: Am 25.09.2014 um 12:50 schrieb Josh Reynolds: EdgeRouters offer great performance and a good featureset, although for hardcore business/commercial use, there's still some things missing (features similar to carp/pfsync, HA, needs redundant power supply options, etc.). Just as reminder: EdgeOS, the OS on Ubiquiti routers (a Ubiquiti-internal Vyatta fork) is NOT what runs EdgeSwitches. I remember reading on their forums that we can assume (strong CLI similarity w. Netgear) that they run a branded Broadcom FastPath switching software. Netgear managed switches definitely run on FastPath (do an snmpwalk). FastPath itself often runs on top of an embededded Linux. For Ubiquiti's wireless stuff, I agree, they don't do everything as good as other big players, but at the price tey offer their devices, they offer a lot bang for the buck with ease of management. I've given a look at the EdgeSwitches but the following downsides made me a bit hesitant: - Almost no documentation, no CLI reference manual (yet). Cisco, HP, even Netgear have such documents, they are not only handy, but quite essential to look up i.e. default behaviour. Not all mentioned do top-notch documentation, but at least it's there. - No console port current shipping models, though I've seen they strongly considered adding one in future revisions. On a managed switch with CLI, it's quite a must (at least for me) - Fan control seems ot be absent, they tend to run quite noisy They are incredibly fast though, and Dave Taht (cero-wrt fame, bufferbloat project) has been working with the directly to get fq_codel added in. For the EdgeOS yes, they seem to be loosely tracking and sometimes even contributing back to the open source Vyatta fork VyOS (by looking at the VyOS release notes). -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OT: Good network switch for 10 machines?
EdgeRouters offer great performance and a good featureset, although for hardcore business/commercial use, there's still some things missing (features similar to carp/pfsync, HA, needs redundant power supply options, etc.). They are incredibly fast though, and Dave Taht (cero-wrt fame, bufferbloat project) has been working with the directly to get fq_codel added in. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 09/25/2014 02:37 AM, David White wrote: PS... I have never used the Ubiquiti switches, but FWIW, I absolutely love their wireless APs. On Sep 25, 2014 6:35 AM, "David White" <mailto:dwr...@gmail.com>> wrote: The Cisco SG series is decent for semi-managed switches. I have installed a number of the SG-200 series for various clients. They support QoS, VLANs, etc... If you want Layer 3 capability, though, I am pretty sure you need to get a 300 or better. I know the 200s don't support it. On Sep 24, 2014 1:28 AM, "Kenward Vaughan" mailto:kay_...@earthlink.net>> wrote: On 09/23/2014 12:33 PM, Kurt Buff wrote: BTW - forgot to make some specific recommendations - I like this switch a lot: http://www.provantage.com/hewlett-packard-hp-j9803a-aba~7HEWN2JW.htm <http://www.provantage.com/hewlett-packard-hp-j9803a-aba%7E7HEWN2JW.htm> Oh - don't forget to get the firmware current on anything you get... Kurt It'd be odd to list 11(+) people here, but I have a gold mine of information / references for this thanks to the numerous folks who spoke up. I really appreciate everyone's input. This is a good group. Thank you! Kenward On Tue, Sep 23, 2014 at 10:28 AM, Kenward Vaughan mailto:kay_...@earthlink.net>> wrote: Sorry about the topic, but when I had asked a question before about trying to tie into a wireless network through a pfSense box, your answers to what turned out to be another OT question actually led our IS group to give me full VPN access to the outside world. I will be putting a pfSense box on our end of that connection. Thanks again for that help! As was apparent in that post I am pretty ignorant of networking details, but do know that sometime in the near future I will be looking for a decent network switch to tie 10-11 dual cpu machines together into a cluster. Would anyone have a thought as to a good switch for this? The machines will have the Intel i210 Dual Port Gigabit Ethernet controller, if that makes any difference. Appreciate any thoughts! Thanks! Kenward -- In a completely rational society, the best of us would aspire to be *teachers* and the rest of us would have to settle for something less, because passing civilization along from one generation to the next ought to be the highest honor and the highest responsibility anyone could have. - Lee Iacocca ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list -- In a completely rational society, the best of us would aspire to be *teachers* and the rest of us would have to settle for something less, because passing civilization along from one generation to the next ought to be the highest honor and the highest responsibility anyone could have. - Lee Iacocca ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OT: Good network switch for 10 machines?
Interesting that I would see Ubiquiti pop up on this list. I am Josh_SPITwSPOTS on that forum... http://community.ubnt.com/t5/user/viewprofilepage/user-id/108998 TheGUI and CLI are a mess. Thatsaid, they are stable, but if you don't need 24vpassive POE, and/or 802.3at/af, then the HP has better management options and a fully supported SNMP stack. I'm sure the edgeswich line will get there, but I wouldn't recommended it outside of WISP use (or needed lots of POE) just yet. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 09/23/2014 10:26 AM, Michael Bubb wrote: I agree with the point that managed vs nonmanaged price difference is negligible so why not managed... Ubiquiti is worth a look for this application. The OS is nice to work with and has both CLI and GUI http://www.ubnt.com/edgemax/edgeswitch/ On Tue, Sep 23, 2014 at 2:04 PM, Adam Thompson <mailto:athom...@athompso.net>> wrote: +1 for HP ProCurve, except for the stuff they inherited from 3Com... I've also had reasonably good luck with Netgear and D-Link managed switches. The Cisco SMB stuff seems OK hardware-wise, but the software is questionable. Note that all three of these options come with lifetime, free, firmware updates. -Adam On September 23, 2014 12:56:00 PM CDT, Chris Bagnall mailto:pfse...@lists.minotaur.cc>> wrote: On 23/9/14 6:46 pm, RB wrote: I'd suggest at least a managed switch that can do LACP. This. Given how small the price difference often is between unmanaged and semi-managed (aka 'smart') switches these days, it just doesn't make sense to buy unmanaged any more. You never know when things like VLANs, LLDP and LACP might just come in handy, and even if you never use them, a managed switch will also allow you to do other interesting things like graph per-port (and sometimes per-port-VLAN) usage, which can be useful for detecting misbehaving network hardware elsewhere. I've had decent results with the Linksys/Cisco SMB switches and the ZyXel GS1900 range. One of our clients uses the Zyxel switches to good effect. Their 24 port PoE versions are certainly competitively priced. I tend to use HP where possible. At the lower cost end of the market, something like the 1810-24G (web managed) is a good bet, or move up to the 2510/2520 if you need more management functionality and/or a CLI. I've avoided the 1910 range; AIUI they're basically rebadged 3Com units after the HP/3Com buyout. Kind regards, Chris -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ List mailing list List@lists.pfsense.org <mailto:List@lists.pfsense.org> https://lists.pfsense.org/mailman/listinfo/list -- Michael Bubb +1.646.783.8769 | KD2DTY Resume - http://mbubb.github.io/res/resume.html *noli timere* ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] OT: Good network switch for 10 machines?
The 1910's ARE rebranded 3com, but I found them to be very reliable. We are having good luck with the 2530's right now. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 09/23/2014 09:56 AM, Chris Bagnall wrote: On 23/9/14 6:46 pm, RB wrote: I'd suggest at least a managed switch that can do LACP. This. Given how small the price difference often is between unmanaged and semi-managed (aka 'smart') switches these days, it just doesn't make sense to buy unmanaged any more. You never know when things like VLANs, LLDP and LACP might just come in handy, and even if you never use them, a managed switch will also allow you to do other interesting things like graph per-port (and sometimes per-port-VLAN) usage, which can be useful for detecting misbehaving network hardware elsewhere. I've had decent results with the Linksys/Cisco SMB switches and the ZyXel GS1900 range. One of our clients uses the Zyxel switches to good effect. Their 24 port PoE versions are certainly competitively priced. I tend to use HP where possible. At the lower cost end of the market, something like the 1810-24G (web managed) is a good bet, or move up to the 2510/2520 if you need more management functionality and/or a CLI. I've avoided the 1910 range; AIUI they're basically rebadged 3Com units after the HP/3Com buyout. Kind regards, Chris ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] menu bar in safari on 2.1.5
Having the same issue here, had to use the old sidebar theme. Josh Reynolds, Chief Information Officer SPITwSPOTS, www.spitwspots.com <http://www.spitwspots.com> On 09/10/2014 04:09 AM, Toni Garcia wrote: Hello, I'm facing this exact problem using this theme with latest Firefox, Chrome and Chromium. After clearing the cache I'm unable to see the complete menu bar in one line, and System menu is really hard to access. It's me or it's a bug? Regards *De: *"Vick Khera" *Para: *"pfSense Support and Discussion Mailing List" *Enviados: *Viernes, 29 de Agosto 2014 17:24:43 *Asunto: *Re: [pfSense] menu bar in safari on 2.1.5 On Fri, Aug 29, 2014 at 11:17 AM, Jim Thompson <mailto:j...@netgate.com>> wrote: Have you reloaded (the CSS changed) and/or cleared the browser cache? Yeah, just did that and it cleared up. Sorry for the noise. My failovers are all upgraded... waiting for later in the night to do the primaries. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Toni Garcia Técnico de Sistemas Oracle Linux 6 Certified Implementation Specialist Oracle Certified Professional Solaris 10 System Administrator Oracle Certified Associate Solaris 11 System Administrator SISTEL Servicios Informáticos de Software y Telecomunicaciones Avd. Los Jarales, 4 (03010) ALICANTE TLF 965930080 - FAX 901021558 www.sistel.es <http://www.sistel.es/> Por favor recuerda tu responsabilidad medioambiental antes de imprimir este e-mail. / Please consider your environmental responsibility before printing this e-mail. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] ZFS warning message on local console during boot
Sounds like the mikrotik metarouter feature. Josh Reynolds, CIO SPITwSPOTS www.spitwspots.com On 07/30/2014 01:34 PM, Jim Thompson wrote: On Jul 30, 2014, at 3:21 PM, Stefan Baur wrote: Am 30.07.2014 um 22:09 schrieb Espen Johansen: ZFS = FS+LVM. Its efficient in many ways. Its highly resillient to things like silent data corruption ( disk FW bugs, power spikes). It has on the fly checking and repair. Copy on write, snapshoting, NFSv4 native acls and a few more nice things. I dont understand the bashing? This is a firewall, not a fileserver, where such features do indeed make sense. And no bashing, just saying "I don't care what filesystem pfSense uses under the hood, as long as it works". The fact that it spits out a warning seems to indicate that it does not work and there's something wrong, so I came here to ask. tl;dr: I wouldn’t run ZFS… yet. I didn’t see the error message, you’re barking up a tree attempting to use it right now. That said, there are certain advantages to ZFS, and there are internal experiments underway looking to use it for a future (64-bit only) release of pfSense. The data integrity and resiliency (due to COW semantics & checksumming) (etc) is one thing. I’ve had pretty good results turning on LZJB compression and ‘copies=2”, which is nearly as good as a nanobsd image with 2 separate slices, and, since you have a live filesystem, has NONE of the drawbacks of the nanobsd approach. One could even ‘checkpoint’ (snapshot) the zvol prior to any change (pkg install, config change, etc), and, of course "zfs send | ssh foo; zfs receive” makes it entirely trivial to keep your entire firewall backed up, rather than (just) the config file. People who say, “I can’t fathom a sensible use care for using ZFS on pfSense” or “why use it to replace nanobsd?” are (likely) stuck in a system admin mindset/mentality(*). I get the same pushback about bhyve (“why would you use that on a firewall?”) from people stuck in the same headspace. I’m not going to reveal everything here, because it’s going to be post-2.2 before any of this comes about, and I’m keeping the focus on 2.2. In short: ZFS is not just about building a NAS. Jim (*) If there isn’t an O’Reilly book out about it, it seems to not exist to these people. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list