[pfSense Support] Re: 0.93 PPPoE Issues
Here are some specifics on the shaper error. When I reach the end of the wizard, I get the following text at the top of the screen: block in log quick on ng0 proto udp from any port = 67 to 192.168.100.0/24 port = 68 label allow dhcp client out wan Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/filter.inc:1431) in /usr/local/www/wizard.php(89) : eval()'d code on line 1 Then, inside the wizard window it says: Either your LAN or WAN interface doesn't support ALTQ. The wizard cannot continue. I apologize for the late response on the 0.93 PPPoE items. I'll do my best to describe my issue when I upgraded. I do not have a ton of specifics, but I'll do my best and fetch anything extra that is needed. When I upgraded t0 0.93, upon reboot, my machine was not connected to the internet and I had an error with the ng0 interface that was not allowing it to connect. I believe the error was that the interface did not exist. To fix this issue, I ended up going in to the configuration of the WAN interface and changing it to DHCP and then back to PPPoE and it then connected and has been working fine. The same thing happened today when I came to the office. I was connected to my network last night from home and the connection was up and all was well. But, today when I came in, the interfaces page showed the connection was up with an IP. I could connect to the LAN side of pfSense no problem, but could not get out of the LAN to the internet from either a PC on the LAN or from pfSense itself (with the ping util). I ended up doing the same thing as the other day and switching my connection to DHCP and then back to PPPoE. I tried to force the PPPoE connection down from the interfaces page and it never seemed to go down. I rebooted my DSL modem and then rebooted pfSense and still nothing. After the reboot, on the interfaces page it showed: Status - Down PPPoE - Up But gave no info about MAC, IP, Subnet, etc. Only Status and PPPoE were showing. This is probably already known, but in case it is not, the shaper does not work with my connection. I get an error saying that ALTQ is not supported on ng0. My intent is not to gripe about shaping on PPPoE, I just wanted to make it known in case there had been work done in this area and it was thought to be working. Since it looks like we can choose the interface to shape on (I left the defaults in there when I ran the wizard), can I shape on the LAN for now and get any shaping until shaping on PPPoE works? Just curious. If you need any log info, etc, just let me know. It should also be known I am on the 0.93 version that came out originally. I believe there was another version created after that. Not sure if the changes between my version and that one matter, but I wanted to note that too. Thanks, Brian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 0.93.2 CARP Failover issues
I have two machines set up with 0.93.2, each with 3 NICS, OPT is bridged to WAN and handles a small DMZ. CARP synchronization happens on the LAN interface. I configured CARP failover as per the tutorial and found that while the rules and configuration changes are synching properly, the backup firewall does not show a CARP Interface or a Status message for either of the virtual IP addresses. Additional to this, machines in my DMZ, sensitive to ARP changes are losing connectivity to the outside world. I know that other people claim to be using CARP in failover mode without drama, so I'm a little confused as to what could be causing this problem. Is there a step not covered in the tutorial I should be doing? Are there any other relevant pieces of information that I can provide which might shed some light onto why this configuration is causing horrible to be spewed across my network? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Squid package error 0.93.2 - Adding cache admin
When attempting to add a cache administrator email address the following error gets puked out: Warning: fopen(/usr/local/etc/squid/advanced/acls/src_subnets.acl): failed to open stream: No such file or directory in /usr/local/pkg/squid_ng.inc on line 487 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 488 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/pkg/squid_ng.inc on line 489 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squid_ng.inc:487) in /usr/local/www/pkg_edit.php on line 183 This appears to be a complaint completely unrelated to the task at hand. Setting an ACL in allowed subnets seems to remove this error. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 0.93.2 CARP Failover issues
My present experience with carp and bridging did not go well 1 GB of multicast traffic in under 5 minutes. All considered I was using vlans so maybe that was my trouble -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 4:43 PM To: support@pfsense.com Subject: [pfSense Support] 0.93.2 CARP Failover issues I have two machines set up with 0.93.2, each with 3 NICS, OPT is bridged to WAN and handles a small DMZ. CARP synchronization happens on the LAN interface. I configured CARP failover as per the tutorial and found that while the rules and configuration changes are synching properly, the backup firewall does not show a CARP Interface or a Status message for either of the virtual IP addresses. Additional to this, machines in my DMZ, sensitive to ARP changes are losing connectivity to the outside world. I know that other people claim to be using CARP in failover mode without drama, so I'm a little confused as to what could be causing this problem. Is there a step not covered in the tutorial I should be doing? Are there any other relevant pieces of information that I can provide which might shed some light onto why this configuration is causing horrible to be spewed across my network? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 0.93.2 CARP Failover issues
No proxy arp is configured, although as I said, OPT1 is bridged to WAN, which you indicated is a very big bad idea. I'm guessing then, that I cannot set up a bridged firewall with failover? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 10:52 AM To: support@pfsense.com Subject: Re: [pfSense Support] 0.93.2 CARP Failover issues You now do not have any proxy arp entries, correct? I run CARP in 5+ locations now with no issues. On 11/17/05, Gary Buckmaster [EMAIL PROTECTED] wrote: I have two machines set up with 0.93.2, each with 3 NICS, OPT is bridged to WAN and handles a small DMZ. CARP synchronization happens on the LAN interface. I configured CARP failover as per the tutorial and found that while the rules and configuration changes are synching properly, the backup firewall does not show a CARP Interface or a Status message for either of the virtual IP addresses. Additional to this, machines in my DMZ, sensitive to ARP changes are losing connectivity to the outside world. I know that other people claim to be using CARP in failover mode without drama, so I'm a little confused as to what could be causing this problem. Is there a step not covered in the tutorial I should be doing? Are there any other relevant pieces of information that I can provide which might shed some light onto why this configuration is causing horrible to be spewed across my network? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 0.93.2 CARP Failover issues
No, bridged firewalls + failover does not work. On 11/17/05, Gary Buckmaster [EMAIL PROTECTED] wrote: No proxy arp is configured, although as I said, OPT1 is bridged to WAN, which you indicated is a very big bad idea. I'm guessing then, that I cannot set up a bridged firewall with failover? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 10:52 AM To: support@pfsense.com Subject: Re: [pfSense Support] 0.93.2 CARP Failover issues You now do not have any proxy arp entries, correct? I run CARP in 5+ locations now with no issues. On 11/17/05, Gary Buckmaster [EMAIL PROTECTED] wrote: I have two machines set up with 0.93.2, each with 3 NICS, OPT is bridged to WAN and handles a small DMZ. CARP synchronization happens on the LAN interface. I configured CARP failover as per the tutorial and found that while the rules and configuration changes are synching properly, the backup firewall does not show a CARP Interface or a Status message for either of the virtual IP addresses. Additional to this, machines in my DMZ, sensitive to ARP changes are losing connectivity to the outside world. I know that other people claim to be using CARP in failover mode without drama, so I'm a little confused as to what could be causing this problem. Is there a step not covered in the tutorial I should be doing? Are there any other relevant pieces of information that I can provide which might shed some light onto why this configuration is causing horrible to be spewed across my network? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 0.93.2 CARP Failover issues
No, bridged firewalls + failover does not work. are there plans to make it work? thanks, -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 0.93.2 CARP Failover issues
Not at this time. Patches accepted, however. On 11/17/05, randall ehren [EMAIL PROTECTED] wrote: No, bridged firewalls + failover does not work. are there plans to make it work? thanks, -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 0.93.2 CARP Failover issues
It would be helpful to understand what's causing the issue here. I'd really like to see about making this work, but a pointer in the right direction would be good. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 1:13 PM To: support@pfsense.com Subject: Re: [pfSense Support] 0.93.2 CARP Failover issues Not at this time. Patches accepted, however. On 11/17/05, randall ehren [EMAIL PROTECTED] wrote: No, bridged firewalls + failover does not work. are there plans to make it work? thanks, -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 0.93.2 CARP Failover issues
http://www.monkey.org/openbsd/archive/tech/0407/msg00102.html http://www.seattlecentral.edu/~dmartin/docs/bridge.html On 11/17/05, Gary Buckmaster [EMAIL PROTECTED] wrote: It would be helpful to understand what's causing the issue here. I'd really like to see about making this work, but a pointer in the right direction would be good. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, November 17, 2005 1:13 PM To: support@pfsense.com Subject: Re: [pfSense Support] 0.93.2 CARP Failover issues Not at this time. Patches accepted, however. On 11/17/05, randall ehren [EMAIL PROTECTED] wrote: No, bridged firewalls + failover does not work. are there plans to make it work? thanks, -randall -- :// randall s. ehren :// voice 805.893.5632 :// systems administrator:// isber|survey|avss.ucsb.edu :// institute for social, behavioral, and economic research - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] vlans and altq
I was under the impression that altq has support for vlans. Is this enabled in pfsense at the moment. Have tried a couple of time but get unsupported interfaces. I know that my fxp and sis cards support it So I guess it must be the vlans that are the issue
Re: [pfSense Support] vlans and altq
On Thu, 17 Nov 2005, alan walters wrote: I was under the impression that altq has support for vlans. Is this enabled in pfsense at the moment. Have tried a couple of time but get unsupported interfaces. I know that my fxp and sis cards support it So I guess it must be the vlans that are the issue what release are you running? i'm using this with fxp and it works fine. i remember it was dodgy for a bit, but bill and scott made some changes... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] vlans and altq
Tried on 0.90 through to non released 0.93.2 With the same troubles. I have vlans on both of the pfsense wan and lan interfaces. Might try again tomorrow. To see if I can isolate it a bit On Thu, 17 Nov 2005, alan walters wrote: I was under the impression that altq has support for vlans. Is this enabled in pfsense at the moment. Have tried a couple of time but get unsupported interfaces. I know that my fxp and sis cards support it So I guess it must be the vlans that are the issue what release are you running? i'm using this with fxp and it works fine. i remember it was dodgy for a bit, but bill and scott made some changes... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPsec Does Auto Establish work?
Does anyone have IPSec tunnels auto establish working? I can only seem to get the tunnels to come up when traffic is passing over them. Also wondering if there is anything special that needs to be done to do traffic shapping through an IPSec tunnel? Thanks John
RE: [pfSense Support] vlans and altq
At 06:04 PM 11/17/2005, you wrote: Tried on 0.90 through to non released 0.93.2 With the same troubles. I have vlans on both of the pfsense wan and lan interfaces. Might try again tomorrow. To see if I can isolate it a bit Hmm, I remember an issue where the vlans didn't have a bandwidth, so the shaper got ticked off. Have you manually set one? Even if not, there's a change I sent in where it would default to 10mb if nothing was detected. Scott also committed a change where vlan was accepted as a valid shaper interface. On Thu, 17 Nov 2005, alan walters wrote: I was under the impression that altq has support for vlans. Is this enabled in pfsense at the moment. Have tried a couple of time but get unsupported interfaces. I know that my fxp and sis cards support it So I guess it must be the vlans that are the issue what release are you running? i'm using this with fxp and it works fine. i remember it was dodgy for a bit, but bill and scott made some changes... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]