Re: [pfSense Support] Creating packages for pfsense
Scott Ullrich wrote: We depend on FreeBSD style packages and simply wrap a XML layer around. Going through the master package manifest package namesquid/name descrHigh performance Web proxy cache/descr websitehttp://www.squid-cache.org//website categoryNetwork Management/category depends_on_package_base_urlhttp://www.pfsense.com/packages/All/depends_on_package_base_url depends_on_packagesquid-2.5.11_3.tbz/depends_on_package version2.5.11_3/version status*NOT WORKING*/status config_filehttp://www.pfsense.com/packages/config/squid_ng.xml/config_file configurationfilesquid.xml/configurationfile /package What does depends_on_package_base_url mean? Also I assume depends_on_package means the freebsd .tbz created by make package. Also how can I create my own package repository for testing? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Big Thanks for RSS
Which ones do you speak of? The RSS feeds from CVSTRAC? Scott On 10/25/05, Siju George [EMAIL PROTECTED] wrote: Hi Chris and others, Just want to say a Million Thanks for the RSS feeds :-) Good Luck Kind Regards Siju - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Big Thanks for RSS
AHA. See it pays to read the wiki, which I have not in a few days. Scott On 10/25/05, Chris Buechler [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Which ones do you speak of? The RSS feeds from CVSTRAC? I'd imagine any/all from this: http://pfsense.blogspot.com/2005/10/keeping-up-with-project-using-rss.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multiplan WAN IPs on same interface via DHCP
Thats pretty promising. Sounds like we have a prospect for 1.1! Scott On 10/25/05, Thomas [EMAIL PROTECTED] wrote: Just to let you know, I'm still working on this but am findinc precious little time to do so. Your update for today is: Succeeded in cloning the interfaces on my WRAP box and was able to obtain different IP addresses through dhclient (all this with pf disabled, but so far so good! Thomas - Depending on what interface names the eiface interfaces come up as try adding: pass on $eiface any somewhere above the fallthru deny in /tmp/rules.debug and then do a pfctl -f /tmp/rules.debug to reload it. Alternately if you don't mind losing filtering for the purpose of testing to make sure it's not pf (and just not getting logged) try: pfctl -d which will disable filtering pfctl -e will re-enable when done. The fact that this does work in FreeSBIE makes me suspect pfctl. Also, o...thought just came to mind, the traffic might be getting NAT'd to the physical IPs address - all the more reason to disable PF for the test :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Default SSH Config?
That seems to be the workaorund now for SecureCRT, however my other SSH client has no such option. PfSense is the only box it doesnt work with, so there is defnitely something going on here. Dan Swartzendruber [EMAIL PROTECTED] 10/24/2005 05:08 PM Please respond to support To support@pfsense.com cc Subject Re: [pfSense Support] Default SSH Config? At 05:05 PM 10/24/2005, you wrote: Ryan Neily wrote: I'm still seing problems with both SSH clients I am using. On one, I get a repated login attempt. With SecureCRT on Windows I get a Unknown Authentication Method unless I check the box that says keyboard interactive only??? I am not sure what is going on here? I think this is a SecureCRT problem. My boss also uses it and he can't login to my 5.4-boxes either. so check keyboard interactive instead of password. i use securecrt and did the same. works fine now. ??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Default SSH Config?
From looking at this post: http://lists.freebsd.org/pipermail/freebsd-hackers/2004-October/008679.html it seems that there were changes to OpenSSH if pam is enabled by default. Specificly: /usr/src/UPDATING: 20040226: Some sshd configuration defaults have changed: protocol version 1 is no longer enabled by default, and password authentication is disabled by default if PAM is enabled (which it is by default). OpenSSH clients should not be affected by this; other clients may have to be reconfigured, upgraded or replaced. I would think that me adding both ChallengeResponseAuthentication no and PasswordAuthentication yes would solve the problem, but it seems that nothing has changed. Maybe I'll try a reboot :) Scott Ullrich [EMAIL PROTECTED] 10/25/2005 01:48 PM Please respond to support To support@pfsense.com cc Subject Re: [pfSense Support] Default SSH Config? We use a stock OpenSSH from FreeBSD. I have not seen any mention of issues on the FreeBSD lists. Scott On 10/25/05, Ryan Neily [EMAIL PROTECTED] wrote: That seems to be the workaorund now for SecureCRT, however my other SSH client has no such option. PfSense is the only box it doesnt work with, so there is defnitely something going on here. Dan Swartzendruber [EMAIL PROTECTED] 10/24/2005 05:08 PM Please respond to support To support@pfsense.com cc Subject Re: [pfSense Support] Default SSH Config? At 05:05 PM 10/24/2005, you wrote: Ryan Neily wrote: I'm still seing problems with both SSH clients I am using. On one, I get a repated login attempt. With SecureCRT on Windows I get a Unknown Authentication Method unless I check the box that says keyboard interactive only??? I am not sure what is going on here? I think this is a SecureCRT problem. My boss also uses it and he can't login to my 5.4-boxes either. so check keyboard interactive instead of password. i use securecrt and did the same. works fine now. ??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dyndns and PPPoE Test... Reloaded!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 25 Oct 2005 15:37:02 -0400 Scott Ullrich [EMAIL PROTECTED] wrote: update_file.sh /etc/inc/dyndns.class Hi Scott, THANKS!!! For me this fixed it! Best regards Imre - -- This is Linux Land. In silent nights you can hear the windows machines rebooting -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDXovqvsGnUwd60IIRAgrhAJ4yOHjVZq3HQqTYVb1qitpyocz5wACgjuuy Wz6m/Gc0AZ8078q45xl7pF4= =QJxn -END PGP SIGNATURE-
[pfSense Support] I just got a page fault while in kernel :)
I'm pretty new to pfSense and I was messing with the WLAN trying to figure out how things work. I clicked save button on the OPT2(WLAN) interface page where I just changed a few things. On the routers screen it came with some kind og error message and it rebooted. I didn't really get a good look at it before it rebooted. I found two files it created while rebooting: usr/savecore/info.0 usr/savecore/vmcore.0 - looks like a complete memory dump # less info.0 Dump header from device /dev/ad0s1d Architecture: i386 Architecture Version: 2 Dump Length: 66715648B (63 MB) Blocksize: 512 Dumptime: Tue Oct 25 19:42:09 2005 Hostname: pfsense.cybersite.dk Magic: FreeBSD Kernel Dump Version String: FreeBSD 6.0-RC1 #0: Thu Oct 20 02:22:50 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense.6 Panic String: page fault Dump Parity: 3097141785 Bounds: 0 Dump Status: good I'm not really sure what I should expect as reply on this mail, but HEY I made it crash ;) I think pfSense is really cool it is just a little hard to figure out the ton of options and settings. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Traffic shaping
Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Moved Question from the FAQ to Support List: Has anybody configured bigpond successfully yet?
Hi JD, I moved your question to the support list. It get's much bigger audience there and also belongs there. You should subscribe to the list if you are not already subscribed. -paste follows- Configuration: has anyone successfully got bigpond cable working with pfsense? i seem to be unable to authenticate. a ping will resolve the address, but no traffic will get through. there are a lot of reccomendations to unplug modems for hours before plugging the router in, but without knowing the settings are going to work, my trial-and-error process is taking forever! please help, i am more than willing to provide my answers, and would love to hear from someone who *actually* has it working, rather than lots of people who know how it *should* be working :) thanks heaps in advance Jd -end of paste--- As nobody of the devs can test this configuration and this basically only is imported from m0n0 I hope we get some reports from our list. Maybe we can make a FAQ-Entry of this later. I'll delete it from the FAQ for now. Holger Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Transparent Squid proxy in DMZ?
Hey, so I have a Squid box running Dansguardian on my DMZ interface, and I want to be able to direct (transparently of course) any HTTP/HTTPs traffic destined for the internet to my Squid server in my DMZ. Currently, I just use the manual proxy config (which is a PITA). Is there a way to do this? -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
SSH has been covered 3 times in the last week. Please search the archives. On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
http://faq.pfsense.com/index.php?sid=3552lang=enaction=artikelcat=10id=56artlang=enhighlight=ssh%20traffic%20shaper On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
On Tue, 2005-10-25 at 23:50 -0400, Scott Ullrich wrote: http://faq.pfsense.com/index.php?sid=3552〈=enaction=artikelcat=10id=56artlang=enhighlight=ssh%20traffic%20shaper Scott, I've actually read this (as all FAQ but later forgot, sorry) Actually this FAQ raises more questions than it provides answers: It already is, a SSH key is an ACK. If you put ssh in, then bulk will kill all other ssh traffic (interactive). Last update: 2005-10-18 17:29 Author: Matt Bailey It is not clear - Why SSH key is ACK is it stands for something ? Why is not it named SSH ? To be honest I would think ACK corresponds to IP packets with ACK flag. - So SSH is not in ? (If you put ssh in...) - What is bulk - Why it would kill all other ssh traffic and what it suppose to mean ? On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
SSH interactive is keystrokes. Bulk is SCP and friends. Feel free to spice up the article if you can make it better. On 10/26/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 23:50 -0400, Scott Ullrich wrote: http://faq.pfsense.com/index.php?sid=3552〈=enaction=artikelcat=10id=56artlang=enhighlight=ssh%20traffic%20shaper Scott, I've actually read this (as all FAQ but later forgot, sorry) Actually this FAQ raises more questions than it provides answers: It already is, a SSH key is an ACK. If you put ssh in, then bulk will kill all other ssh traffic (interactive). Last update: 2005-10-18 17:29 Author: Matt Bailey It is not clear - Why SSH key is ACK is it stands for something ? Why is not it named SSH ? To be honest I would think ACK corresponds to IP packets with ACK flag. - So SSH is not in ? (If you put ssh in...) - What is bulk - Why it would kill all other ssh traffic and what it suppose to mean ? On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
On Wed, 2005-10-26 at 00:28 -0400, Scott Ullrich wrote: SSH interactive is keystrokes. Bulk is SCP and friends. Feel free to spice up the article if you can make it better. Thanks. Let me check if I get it right - SSH interactive forces some socket option set which pushes packets as soon as possible. This is detected as ACK flag in IP packets and such packets are routed with high priority ? Does it mean however any application which does same socket set up will obey the same rule ? On 10/26/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 23:50 -0400, Scott Ullrich wrote: http://faq.pfsense.com/index.php?sid=3552〈=enaction=artikelcat=10id=56artlang=enhighlight=ssh%20traffic%20shaper Scott, I've actually read this (as all FAQ but later forgot, sorry) Actually this FAQ raises more questions than it provides answers: It already is, a SSH key is an ACK. If you put ssh in, then bulk will kill all other ssh traffic (interactive). Last update: 2005-10-18 17:29 Author: Matt Bailey It is not clear - Why SSH key is ACK is it stands for something ? Why is not it named SSH ? To be honest I would think ACK corresponds to IP packets with ACK flag. - So SSH is not in ? (If you put ssh in...) - What is bulk - Why it would kill all other ssh traffic and what it suppose to mean ? On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote: Any 'altq on' lines? I'll try and duplicate this tonight (or not, it's already 8PM and I'm still at work). Thanks. It does not seems like there are any. I actually repeated the wizard and now selected one of the traffic shaping features. It looks like you can't simply continue with Wizard to the end without setting any shaping - it will create wrong rules. Also in remote access services I did not find SSH - very surprising omission for FreeBSD based product. There is VNC, RDP but not SSH. --Bill On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote: Hi, I'm running 0.89.6 I tried to experiment with traffic shaping today. I'm to use it for collocation so my goal is to avoid long traffic spikes, as this is what I'll need to pay for. So lets say I have 100MB connection and I want to cap it at 15Mbit or something. Anyway at this point I just went via EZ Shaper wizard and only set bandwidth leaving all default as rest. The following rules were generated: queue qWANRoot bandwidth 10Kb priority 6 hfsc { qWANdef, qWANacks } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 10Kb priority 6 hfsc { qLANdef, qLANacks } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) I get the error loading these rules, basically in every line: hp: /wizard.php: There were error(s) loading the rules: /tmp/rules.debug:17: queue qWANRoot has no parent /tmp/rules.debug:17: errors in queue definition /tmp/rules.debug:18: queue qWANdef has no parent /tmp/rules.debug:18: errors in queue definition /tmp/rules.debug:19: queue qLANRoot has no parent /tmp/rules.debug:19: errors in queue definition /tmp/rules.debug:20: queue qLANdef has no parent /tmp/rules.debug:20: errors in queue definition /tmp/rules.debug:21: queue qLANacks has no parent /tmp/rul Any help with these ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
At 12:45 AM 10/26/2005, you wrote: Not likely. This should be a ticket. If someone can open a ticket I can look at easily unsetting the shaper at the end of the wizard of no options where checked. done. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic shaping
Thanks! On 10/26/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: At 12:45 AM 10/26/2005, you wrote: Not likely. This should be a ticket. If someone can open a ticket I can look at easily unsetting the shaper at the end of the wizard of no options where checked. done. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]