[pfSense Support] ssh access and pppoe
2 questions 1. I changed admin access to paul/mypassword (just for your info :) ) I can't figure out how too enabled ssh ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] all fail I've tried passwords: pfsense pfSense mypassword I also can't find where to load rsa or dsa keys (that would solve my problem :) ) 2. I want to setup WAN as pppoe, but the fields are disabled. What have I missed? Obviously I'm a pfSense n00b :) BTW: I'm using embedded BETA2 Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Creating a PPTP connection from behind pfsense
Please try to set this from a shell on any pfSense installations and try again: sysctl net.inet.tcp.blackhole=0 sysctl net.inet.udp.blackhole=0 Scott On 3/10/06, Lawrence Farr <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: Lawrence Farr [mailto:[EMAIL PROTECTED] > > Sent: 09 March 2006 19:23 > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Creating a PPTP connection > > from behind pfsense > > > > > > > I have two sites, one like this > > > > > > me -> PFSense NAT with external IP -> outside world > > > > > > That works with no issue > > > > > > me -> PFSense NAT with internal IP -> DSL Router with NAT -> > > > outside world > > > > > > doesn't, and fails on the password. Plugging directly > > > into the DSL works as expected. Both PFSense boxes have > > > an allow GRE and port 1723 rule. > > > > I'm setting up another site tomorrow, with an external > > address. I'll report if it works OK, maybe it's something > > to do with PF-> Other NAT box? > > > OK, I've set up the other site, quick layout is > > internet -> PFSense running PPTP 1 -> External IP -> > PFSense running PPTP 2 -> Private LAN. > > I can connect directly to PFSense 2 via PPTP with no > issue and access the private LAN. I can also connect > to PFSense 1 and access the LAN on that one. Cant > connect to any from the other side, so it has nothing > to do with 3rd party NAT routers as far as I can see. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] How to setup this static NAT in my DMZ
Creata a rule at your DMZ subnet to allow traffic to destination IP INT MTA at destination port 25. Make sure that rule is above your block rules. It's routing between DMZ and LAN by default. Then just send over the Mail to the LAN MTA by using the internal LAN IP 172.16.130.4. Holger > -Original Message- > From: Derrick MacPherson [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 16, 2006 9:40 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] How to setup this static NAT in my DMZ > > > On Thu, 2006-03-16 at 12:49 +, Robert Mortimer wrote: > > You can port forward back through a NAT setup > > > > > http://faq.pfsense.org/index.php?action=artikel&cat=10&id=53&a rtlang=en > > > You can 1:1 map DMZ machine addresses to virtual addresses on the WAN > > (see same area of the control panel) > > IF DMZ has no NAT you can just add a rule to the WAN tab of the rules > section I don't think this is quiet what I'm looking for. I already have a number of 1:1 mappings for external addresses to DMZ addresses. What I have is a mail server in the DMZ that currently is setup to send all mail after being scanned to an IP on the DMZ that is routed to an internal mta. Internet / \ DMZ MTA 10.0.0.4INT. MTA 172.16.130.4 1:1 NAT only lets me set on the DMZ or WAN interface, and I believe it would need to be on the LAN. so my goal here is the DMZ MTA sends the scanned mail to 10.0.0.200 that ends up and the INT. MTA. What do I need to do? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] How to setup this static NAT in my DMZ
On Thu, 2006-03-16 at 12:49 +, Robert Mortimer wrote: > You can port forward back through a NAT setup > > http://faq.pfsense.org/index.php?action=artikel&cat=10&id=53&artlang=en > > > You can 1:1 map DMZ machine addresses to virtual addresses on the WAN > > (see same area of the control panel) > > IF DMZ has no NAT you can just add a rule to the WAN tab of the rules > section I don't think this is quiet what I'm looking for. I already have a number of 1:1 mappings for external addresses to DMZ addresses. What I have is a mail server in the DMZ that currently is setup to send all mail after being scanned to an IP on the DMZ that is routed to an internal mta. Internet / \ DMZ MTA 10.0.0.4INT. MTA 172.16.130.4 1:1 NAT only lets me set on the DMZ or WAN interface, and I believe it would need to be on the LAN. so my goal here is the DMZ MTA sends the scanned mail to 10.0.0.200 that ends up and the INT. MTA. What do I need to do? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] lockups continue
I don't have a soekris card but I have the brand 'Dell' in common, maybe your problems are similar to mine I have two new Dell PE 850's, which I can make crash very easily by stuffing around changing IP addresses on interfaces etc. The most common problem seems to be when I set an interface to down change the IP address or something and enable it, the interface simply doesn't come up, or the server crashes. Sometimes if I try and reboot it comes up ok, other times it won't because the config.xml is missing, so it's a bit more complex. Also adding a CARP VIP from a subnet other than the subnet of the interface is a sure way of turning things to custard. However I know now I shouldn't be trying this. We have 2 x Intel PRO/1000 PT PCIe dual port Gigabit NIC's (82571EB controller) in each server - no other unusual cards. I thought it might be the driver, PCIe being quite new and all. Simon. -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Friday, 17 March 2006 4:56 a.m. To: support@pfsense.com Subject: [pfSense Support] lockups continue I'm still observing lockups which appears to happen more often during times when I'm connected to the VPN via mobile user from my Mac laptop. Once it happened at another time. I'm running beta2 on a Dell PE800. It has otherwise been very stable. The only thing I've changed during the entire time I've been running pfsense (since September '05) is to add a soekris vpn1401 card. I'm leaning towards that being the culprit. I don't see them at all on a WRAP box running m0n0wall with the mini- pci version (vpn1411) of the same card. This leads me to believe it is either a bad card or FreeBSD 6.x driver for hifn is faulty. Anyone else seeing lockups with the soekris vpn PCI card? Ideally, I'd like to get an image with either the debugger enabled or the kernel software watchdog so it will just reset itself (presuming it is not totally locked). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Problem with outgoing load balancing
Hi, I try to use the outgoing load balancing with this method http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing&show_comments= 1 But in all case my connection crashed. Can you help me? Regards, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Advanced NAT & Port forwarding
To be quite honest with you, there have been so many fixes since beta 1 we can no longer really keep track. We can but its not worth the time for me to go search cvstrac. Upgrade to beta2. On 3/16/06, Robert Mortimer <[EMAIL PROTECTED]> wrote: > I have a network with three internal sub-nets and a pfsense gateway. I have > added the require routes and NAT entries to allow the sub nets to see the > internet. However now I can not port forward to our internal mail server > from the external LAN (Using the port forward tab under NAT tick yes to make > rule). I am running BETA 1 > > Is this a known Beta 1 problem > If yes > Is this fixed under Beta 2 > > [Test sub net]- > net 1 | >|-[Router]-[main LAN]-[pfSense]-WWW > net 2 | net 3 > [EMC sub net]-- > > > > Thanks in advance Robert > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] lockups continue
Woops, I misread that. I too have the Soekris VPN cards in a pair of SE440BX's and never have lockups Atleast not since the 5.X days. Now wheres that big pile of wood that I need to knock on. On 3/16/06, Bill Marquette <[EMAIL PROTECTED]> wrote: > On 3/16/06, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > Maybe the new card is overpowering the power supply. I have lockups > > as well when I use certain 12v power supplies on my Soekris units... > > He stated this was on a server, not a WRAP/Soekris. :) But I can > second the sentiment on the Soekris supplies - they suck. > > --Bill > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] lockups continue
On 3/16/06, Scott Ullrich <[EMAIL PROTECTED]> wrote: > Maybe the new card is overpowering the power supply. I have lockups > as well when I use certain 12v power supplies on my Soekris units... He stated this was on a server, not a WRAP/Soekris. :) But I can second the sentiment on the Soekris supplies - they suck. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] lockups continue
I remember reading another post in a moonwall thread that someone had the same issues. John -Original Message- From: Vivek Khera [mailto:[EMAIL PROTECTED] Sent: Thursday, March 16, 2006 10:56 AM To: support@pfsense.com Subject: [pfSense Support] lockups continue I'm still observing lockups which appears to happen more often during times when I'm connected to the VPN via mobile user from my Mac laptop. Once it happened at another time. I'm running beta2 on a Dell PE800. It has otherwise been very stable. The only thing I've changed during the entire time I've been running pfsense (since September '05) is to add a soekris vpn1401 card. I'm leaning towards that being the culprit. I don't see them at all on a WRAP box running m0n0wall with the mini- pci version (vpn1411) of the same card. This leads me to believe it is either a bad card or FreeBSD 6.x driver for hifn is faulty. Anyone else seeing lockups with the soekris vpn PCI card? Ideally, I'd like to get an image with either the debugger enabled or the kernel software watchdog so it will just reset itself (presuming it is not totally locked). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] lockups continue
Maybe the new card is overpowering the power supply. I have lockups as well when I use certain 12v power supplies on my Soekris units... On 3/16/06, Vivek Khera <[EMAIL PROTECTED]> wrote: > I'm still observing lockups which appears to happen more often during > times when I'm connected to the VPN via mobile user from my Mac > laptop. Once it happened at another time. > > I'm running beta2 on a Dell PE800. It has otherwise been very > stable. The only thing I've changed during the entire time I've been > running pfsense (since September '05) is to add a soekris vpn1401 > card. I'm leaning towards that being the culprit. > > I don't see them at all on a WRAP box running m0n0wall with the mini- > pci version (vpn1411) of the same card. This leads me to believe it > is either a bad card or FreeBSD 6.x driver for hifn is faulty. > > Anyone else seeing lockups with the soekris vpn PCI card? > > Ideally, I'd like to get an image with either the debugger enabled or > the kernel software watchdog so it will just reset itself (presuming > it is not totally locked). > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] lockups continue
As you have these cards available, can you test vpn throughput? I would be interested especially in results for the wrap. Holger > -Original Message- > From: Vivek Khera [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 16, 2006 4:56 PM > To: support@pfsense.com > Subject: [pfSense Support] lockups continue > > > I'm still observing lockups which appears to happen more > often during > times when I'm connected to the VPN via mobile user from my Mac > laptop. Once it happened at another time. > > I'm running beta2 on a Dell PE800. It has otherwise been very > stable. The only thing I've changed during the entire time > I've been > running pfsense (since September '05) is to add a soekris vpn1401 > card. I'm leaning towards that being the culprit. > > I don't see them at all on a WRAP box running m0n0wall with the mini- > pci version (vpn1411) of the same card. This leads me to believe it > is either a bad card or FreeBSD 6.x driver for hifn is faulty. > > Anyone else seeing lockups with the soekris vpn PCI card? > > Ideally, I'd like to get an image with either the debugger > enabled or > the kernel software watchdog so it will just reset itself (presuming > it is not totally locked). > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] /current in cvsup_current
The file explains why we use current On 3/16/06, Rajkumar S <[EMAIL PROTECTED]> wrote: > Scott Ullrich wrote: > > mkdir /current && cvsup current-supfile should get that fixed. > > Thanks! That fixed it. > > but why use /current/src and /usr/src ? The cvsup_current already does a > cvsup ./stable-supfile. Do you want to get some specific version of patches ? > > raj > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] lockups continue
I'm still observing lockups which appears to happen more often during times when I'm connected to the VPN via mobile user from my Mac laptop. Once it happened at another time. I'm running beta2 on a Dell PE800. It has otherwise been very stable. The only thing I've changed during the entire time I've been running pfsense (since September '05) is to add a soekris vpn1401 card. I'm leaning towards that being the culprit. I don't see them at all on a WRAP box running m0n0wall with the mini- pci version (vpn1411) of the same card. This leads me to believe it is either a bad card or FreeBSD 6.x driver for hifn is faulty. Anyone else seeing lockups with the soekris vpn PCI card? Ideally, I'd like to get an image with either the debugger enabled or the kernel software watchdog so it will just reset itself (presuming it is not totally locked). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] whats the difference between the Proxy arp and other VIP's?
On 3/15/06, Simon O'Sullivan <[EMAIL PROTECTED]> wrote: > And in what cases should each of these virtual IP's be used? CARP would typically be used for a high availability setup. This would be when you either have (or plan to have) two firewalls in a redundant setup and a virtual address floating between them. Proxy ARP is when you just have to let some other device on the same layer 2 network know that the address lives on you (or you know how to get it there at layer 2). Similar usage to CARP (and might disappear some day in favor of CARP or interface aliases). "Other" is useful for when the IP or network is already routed to your box. ie. some other device on the network already knows that your pfSense box can handle it (typically this would be a routing thing - although I can certainly see this being used in a bridge setup). There's yer FAQ, please submit to the FAQ (and maybe make it prettier and put it on the documentation wiki). Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] How to setup this static NAT in my DMZ
You can port forward back through a NAT setup http://faq.pfsense.org/index.php?action=artikel&cat=10&id=53&artlang=en You can 1:1 map DMZ machine addresses to virtual addresses on the WAN (see same area of the control panel) IF DMZ has no NAT you can just add a rule to the WAN tab of the rules section Robert > -Original Message- > From: Derrick MacPherson [mailto:[EMAIL PROTECTED] > Sent: 15 March 2006 23:34 > To: support@pfsense.com > Subject: [pfSense Support] How to setup this static NAT in my DMZ > > > i'm replacing our pix with a couple pfsense boxes, and we have some > internal LAN ip's that are statically mapped to the dmz, e.g. - our DMZ > mail server routes mail to a DMZ address that's mapped to an internal > address > > I'm not sure how to set this up with pfsense, I figure in PF it would be > done with a rdr - suggestions? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Advanced NAT & Port forwarding
I have a network with three internal sub-nets and a pfsense gateway. I have added the require routes and NAT entries to allow the sub nets to see the internet. However now I can not port forward to our internal mail server from the external LAN (Using the port forward tab under NAT tick yes to make rule). I am running BETA 1 Is this a known Beta 1 problem If yes Is this fixed under Beta 2 [Test sub net]- net 1 | |-[Router]-[main LAN]-[pfSense]-WWW net 2 | net 3 [EMC sub net]-- Thanks in advance Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] /current in cvsup_current
Scott Ullrich wrote: mkdir /current && cvsup current-supfile should get that fixed. Thanks! That fixed it. but why use /current/src and /usr/src ? The cvsup_current already does a cvsup ./stable-supfile. Do you want to get some specific version of patches ? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
