Re: [pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
Added to table. Quoth Gil Freund: Looks Ok. I tried (all Atheros 5212): Make 0.880.900.93 === === === Askey Problem OK OK Gigabyte GN-WIAG02Problem Problem OK Philips (IBM OEM) OK OK OK TP-Link TL-WN660G Problem Problem OK TP-Link TL-WN560G Problem Problem OK -- ---MAV Marc A. Volovic [EMAIL PROTECTED] Swiftouch, LTD +972-544-676764 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
My update: Make0.880.900.93 === === === Askey Problem OK OK Gigabyte GN-WIAG02 Problem Problem OK Philips (IBM OEM) OK OK OK TP-Link TL-WN660G Problem Problem OK TP-Link TL-WN560G Problem Problem OK D-LINK G520 B2 - OK OK (no turbo in 11g) MICRONET SP906GL- OK OK (no turbo in 11g / HAL 0.9.16.3) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
Marc A. Volovic wrote: Added to table. Quoth Gil Freund: Looks Ok. I tried (all Atheros 5212): Make 0.880.900.93 === === === Askey Problem OK OK Gigabyte GN-WIAG02Problem Problem OK Spoken too soon See attached dmesg output. This is on a 0.90 upgraded to 0.93. Seems OK on a full 0.93 install. Philips (IBM OEM) OK OK OK TP-Link TL-WN660G Problem Problem OK TP-Link TL-WN560G Problem Problem OK P.S. Hardware is PC-Engine Wrap Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-RC1 #1: Sun Oct 30 20:41:50 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense_wrap.6 Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Geode(TM) Integrated Processor by National Semi (266.65-MHz 586-class CPU) Origin = Geode by NSC Id = 0x540 Stepping = 0 Features=0x808131FPU,TSC,MSR,CX8,CMOV,MMX real memory = 134217728 (128 MB) avail memory = 121913344 (116 MB) wlan: mac acl policy registered ath_hal: 0.9.16.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413, DFS) npx0: [FAST] npx0: math processor on motherboard npx0: INT 16 interface cpu0 on motherboard pcib0: Host to PCI bridge pcibus 0 on motherboard pci0: PCI bus on pcib0 pci0: network, ethernet at device 13.0 (no driver attached) pci0: simple comms, UART at device 13.1 (no driver attached) pci0: old, non-VGA display device at device 13.2 (no driver attached) pci0: old, non-VGA display device at device 13.3 (no driver attached) pci0: old, non-VGA display device at device 13.4 (no driver attached) pci0: old, non-VGA display device at device 13.5 (no driver attached) pci0: old, non-VGA display device at device 13.6 (no driver attached) pci0: old, non-VGA display device at device 13.7 (no driver attached) sis0: NatSemi DP8381[56] 10/100BaseTX port 0x1400-0x14ff mem 0x8008-0x80080fff irq 10 at device 14.0 on pci0 sis0: Silicon Revision: DP83816A miibus0: MII bus on sis0 ukphy0: Generic IEEE 802.3u media interface on miibus0 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis0: Ethernet address: 00:0d:b9:02:c4:98 sis1: NatSemi DP8381[56] 10/100BaseTX port 0x1800-0x18ff mem 0x800c-0x800c0fff irq 9 at device 15.0 on pci0 sis1: Silicon Revision: DP83816A miibus1: MII bus on sis1 ukphy1: Generic IEEE 802.3u media interface on miibus1 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis1: Ethernet address: 00:0d:b9:02:c4:99 sis2: NatSemi DP8381[56] 10/100BaseTX port 0x1c00-0x1cff mem 0x8010-0x80100fff irq 11 at device 16.0 on pci0 sis2: Silicon Revision: DP83816A miibus2: MII bus on sis2 ukphy2: Generic IEEE 802.3u media interface on miibus2 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto sis2: Ethernet address: 00:0d:b9:02:c4:9a Geode GPIO@ = f400 Geode PC Engines WRAP.1C/1D/1E v1.tinyBIOS V1.4a (C)1997-2005 isab0: PCI-ISA bridge port 0xf400-0xf43f,0xf600-0xf63f at device 18.0 on pci0 isa0: ISA bus on isab0 pci0: bridge at device 18.1 (no driver attached) atapci0: National Geode SC1100 ATA33 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xfc00-0xfc0f at device 18.2 on pci0 ata0: ATA channel 0 on atapci0 ata1: ATA channel 1 on atapci0 pci0: multimedia, audio at device 18.3 (no driver attached) Geode CBA@ 0x9000 Geode rev: 06 03 Timecounter Geode frequency 2700 Hz quality 1000 pci0: bridge at device 18.5 (no driver attached) pmtimer0 on isa0 orm0: ISA Option ROM at iomem 0xe-0xe7fff on isa0 ppc0: parallel port not found. sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A, console sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled RTC BIOS diagnostic error 80clock_battery Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. ad0: FAILURE - SETFEATURES SET TRANSFER MODE status=51READY,DSC,ERROR error=4ABORTED ad0: 244MB Hitachi XX.V.3.4.0.0 Rev 0.00 at ata0-master BIOSPIO Trying to mount root from ufs:/dev/ad0a sis0: link state changed to UP sis1: link state changed to DOWN sis2: link state changed to DOWN bridge0: Ethernet address: ac:de:48:e7:86:13 pflog0: promiscuous mode enabled pfSense# - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WiKi question
its a requirement , you must mount in the jail for the deveice, see man jail. the wiki is missing some stuff fdescfs on /usr/jails/pfsense/dev/fd (fdescfs) procfs on /usr/jails/pfsense/proc (procfs, local) devfs on /usr/jails/freesbie/dev (devfs, local, multilabel) On Sat, 2005-11-12 at 10:50 +0300, Michael Lednev wrote: openpty - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WiKi question
D=/here/is/the/jail cd /usr/src mkdir -p $D make world DESTDIR=$D make distribution DESTDIR=$D mount_devfs devfs $D/dev is a more correct way to build your environment prpoerly also look at /etc/defaults/rc.conf | grep jail for autostarting a proper jail environment _MY rc.conf___ jail_enable=YES# Set to YES to disable starting of any jails jail_list=pfsense# Space separated list of names of jails jail_set_hostname_allow=YES # Allow root user in a jail to change its hostname jail_socket_unixiproute_only=YES # Route only TCP/IP within a jail jail_sysvipc_allow=YES # Allow SystemV IPC use from within a jail jail_pfsense_rootdir=/usr/jails/pfsense jail_pfsense_hostname=pfsense.devel.optimlabs.com jail_pfsense_ip=192.168.2.13 jail_pfsense_devfs_enable=YES jail_pfsense_mount_enable=YES jail_pfsense_exec_start=/bin/sh /etc/rc jail_pfsense_exec_stop=/bin/sh /etc/rc.shutdown jail_pfsense_fdescfs_enable=YES # mount fdescfs in the jail jail_pfsense_flags=-l -U root# flags for jail(8) jail_pfsense_procfs_enable=YES# mount procfs in jail On Sat, 2005-11-12 at 10:50 +0300, Michael Lednev wrote: Hello, Scott. On 12 ноября 2005 г., 10:03:24 you wrote: SU Remove the rsync lines from the script. One of the steps in the wiki SU replaces htis. And what about this situation? Phase 0 Phase 1 Welcome to FreeSBIE (Free System Burned In Economy) Generating FreeSBIE filesystem... Please wait ./dist missing (created) ./scripts missing (created) ./uzip missing (created) [DONE] Phase 2 Copying /etc files... script: openpty: No such file or directory After this it just stops and waiting. Maybe this because I'm building under screen or what? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] captive portal - Is this possible?
Niether the ARP nor the IP is in my DHCP list (static arp entries are enabled, which actually don't seem to work, so i suppose it's from there). I have the 'anti-lockout rule' disabled too. On 11/12/05, jonathan gonzalez [EMAIL PROTECTED] wrote: spoofed ip/arp ;) ?? Szasz Revai Endre wrote: Hello, Today I noticed a user time out using the captive portal: Oct 30 10:20:18 logportalauth[56054]: TIMEOUT: shimon, 00:07:95:d3:d2:97, 192.168.11.100 http://192.168.11.100 It is using an ip from the class of the lan. The problem is, that I assign ip addresses to all the users of the LAN, with static arp entries. This user is not in the list (not the ip, nor mac address). How is that possible that he logged on from that ip? He shouldn't even be seeing the pfsense gateway if I have static arp entries, right? Any wild guesses? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] failover ipsec
Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
[pfSense Support] laster sullrich 0.93 and carp
This carp init thing does not seem to be such and issue on this version. Looks like it is nearly licked. I did not see much change in the cvstrac though so not sure what was done. Present testing shows the carp to come up fine on the wan but it is a little slow. Will report more on this over the weekend
[pfSense Support] new reflection nat rules
Just a note that these do not seem to work all that well. Maybe new Feaures should be disabled by default. Rather than enabled. I get a pile of rdr errors Regards alan
[pfSense Support] saving ipsec when tunnels active
If there is a negoitation in ipsec tunnels and you change an ipsec setting or add a new tunnel. Ipsec seems to report errors about being unable to bind to the addresses on the box.
RE: [pfSense Support] failover ipsec
On further review of this the issue seems to lie in the fact that the tunnel end of the ipsec is running A via padlock chipset. If I replace the tunnel end with the same config.xml file and a wrap board the tunnel works perfectly. From: alan walters Sent: Saturday, November 12, 2005 10:47 AM To: support@pfsense.com Subject: [pfSense Support] failover ipsec Enable yes Interface (selected public carp address that I want to use 192.168.5.100) Failover ip (same address as above 192.168.5.100) Peerip (used the carp sync real ip address of the other carp in my array 192.168.10.2) Shared key (used a 16 byte aes key) This end is a mobile client. The other end is the tunnel. When the tunnel establishes the moble client end shows the SAD correct. But the tunnel end shows the error DEBUG: get pfkey ADD message ERROR: pfkey UPDATE failed: Invaild argument. And there is no SAD at the tunnel end.
Re: [pfSense Support] Re: [pfSense 0.88/0.90] Atheros card not bound to driver
On 11/12/05, Gil Freund [EMAIL PROTECTED] wrote: Spoken too soon See attached dmesg output. This is on a 0.90 upgraded to 0.93. Seems OK on a full 0.93 install. Philips (IBM OEM) OK OK OK TP-Link TL-WN660G Problem Problem OK TP-Link TL-WN560G Problem Problem OK P.S. Hardware is PC-Engine Wrap Due to how the upgrades work (storing the update in memory while it's being uploaded), WRAP/Soekris mini-update files only update PHP (and a few other misc items I believe) and not the kernel, modules, or other binaries. When we move to binary diff upgrades and get that system fully working, this limitation should go away as update sizes should shrink. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: pfsense 0.90 in VMware
Scott Ullrich schrieb: You need both cables plugged in so it can fetch the package manifest from our site. Ok, got it up with this hint... but then the next show-stopper came up: squid 2.5.irgendwas not working ah...mhh, aha... with regards Andreas Bahr (an ordinary m0n0wall user) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] squid package 0.90
Hello list, today got the pfsense up but I was astonished to see, that the squid package was labeled as Not working. So I'm currently in a need to install an external *SMALL* proxy outside the firewall and the internal http-proxy. The internal proxy is a McAfee Webshield, which allows a so called hand-off host to sent http-requests to. Are there any works going on? What to use in the meantime? fli4l? Any suggestions welcome... with regards Andreas Bahr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] new reflection nat rules
Maybe you should wait for official versions. Please, I don't want a handfull of emails on test versions when I wake up. It's not fun. On 11/12/05, alan walters [EMAIL PROTECTED] wrote: Just a note that these do not seem to work all that well. Maybe new Feaures should be disabled by default. Rather than enabled. I get a pile of rdr errors Regards alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] squid package 0.90
On 11/12/05, Andreas Bahr [EMAIL PROTECTED] wrote: Hello list, today got the pfsense up but I was astonished to see, that the squid package was labeled as Not working. Astonished to see this on a Alpha project? So I'm currently in a need to install an external *SMALL* proxy outside the firewall and the internal http-proxy. The internal proxy is a McAfee Webshield, which allows a so called hand-off host to sent http-requests to. Are there any works going on? What to use in the meantime? fli4l? Any suggestions welcome... with regards Andreas Bahr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: pfsense 0.90 in VMware
On the packages page, in the version column for squid, it says *NOT WORKING*. On 11/12/05, Andreas Bahr [EMAIL PROTECTED] wrote: Scott Ullrich schrieb: You need both cables plugged in so it can fetch the package manifest from our site. Ok, got it up with this hint... but then the next show-stopper came up: squid 2.5.irgendwas not working ah...mhh, aha... with regards Andreas Bahr (an ordinary m0n0wall user) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] saving ipsec when tunnels active
Fixed. On 11/12/05, alan walters [EMAIL PROTECTED] wrote: If there is a negoitation in ipsec tunnels and you change an ipsec setting or add a new tunnel. Ipsec seems to report errors about being unable to bind to the addresses on the box. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
