RE: [pfSense Support] Advanced NAT Port forwarding
To be quite honest with you, there have been so many fixes since beta 1 we can no longer really keep track. We can but its not worth the time for me to go search cvstrac. Upgrade to beta2. I'm starting a BETA2 trial. I do some php and web design so the feature I want to add is throughput graphs with history (like my current smoothwall box). I have a FreeBSD 6 box to CSVup Regards Rob On 3/16/06, Robert Mortimer [EMAIL PROTECTED] wrote: I have a network with three internal sub-nets and a pfsense gateway. I have added the require routes and NAT entries to allow the sub nets to see the internet. However now I can not port forward to our internal mail server from the external LAN (Using the port forward tab under NAT tick yes to make rule). I am running BETA 1 Is this a known Beta 1 problem If yes Is this fixed under Beta 2 [Test sub net]- net 1 | |-[Router]-[main LAN]-[pfSense]-WWW net 2 | net 3 [EMC sub net]-- Thanks in advance Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ssh access and pppoe
In the advanced tab of the web gui then restart your pfsense Box -Original Message-rt yur pfsense box From: Paul W [mailto:[EMAIL PROTECTED] Sent: 16 March 2006 21:53 To: support@pfsense.com Subject: [pfSense Support] ssh access and pppoe 2 questions 1. I changed admin access to paul/mypassword (just for your info :) ) I can't figure out how too enabled ssh ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] ssh [EMAIL PROTECTED] all fail I've tried passwords: pfsense pfSense mypassword I also can't find where to load rsa or dsa keys (that would solve my problem :) ) 2. I want to setup WAN as pppoe, but the fields are disabled. What have I missed? Obviously I'm a pfSense n00b :) BTW: I'm using embedded BETA2 Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Changing settings vpn.inc so clients don't disconnect
After 30 minutes my vpn tunnel is disconnected and the client does not automaticly reconnect Can anyone tell me what to change in the vpn.inc so there is no time-out, and no auto disconnect of the client? Found these lines in the vpn.inc:set iface idle 1800 (30 minutes) and set link keep-alive 10 60 What do they both mean and doand how does the keep-alive works? Regards, Edward
[pfSense Support] permissions on config.xml
New user so bear with me. I've installed on 2 boxes, gotten pfsync/carp working with VLANs and all, thanks for this great piece of work. However, I am wondering why the permissions on config.xml file are so open (world-read, and the backup/config*xml files are world-writable!). Given that they contain passwords in plain text, I worry. What should permissions properly be, and why does it not come that way to begin with? JR __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] permissions on config.xml
You are absolutely right. These are the reasons for betas! At any rate, the files should be u+rw ... This is now fixed in CVS. Thanks! On 3/17/06, LJ Rand [EMAIL PROTECTED] wrote: New user so bear with me. I've installed on 2 boxes, gotten pfsync/carp working with VLANs and all, thanks for this great piece of work. However, I am wondering why the permissions on config.xml file are so open (world-read, and the backup/config*xml files are world-writable!). Given that they contain passwords in plain text, I worry. What should permissions properly be, and why does it not come that way to begin with? JR __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Creating a PPTP connection from behind pfsense
It was a long shot, but worth taking a look at. Thanks for running the test! Scott On 3/17/06, Lawrence Farr [EMAIL PROTECTED] wrote: Please try to set this from a shell on any pfSense installations and try again: sysctl net.inet.tcp.blackhole=0 sysctl net.inet.udp.blackhole=0 Scott I tried this at this end first, then at both ends and unfortunately it still fails on password verification. One end is TESTING-SNAPSHOT-02-19-06-pfSense the other is 1.0-PREBETA2-BUG-VALIDATION-EDITION5-pfSense if it makes a difference? I cant upgrade one of them for a few days unfortunately. # sysctl net.inet.tcp.blackhole=0 net.inet.tcp.blackhole: 2 - 0 sysctl net.inet.udp.blackhole=0 # sysctl net.inet.udp.blackhole=0 net.inet.udp.blackhole: 1 - 0 # - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Changing settings vpn.inc so clients don't disconnect
Try changing set iface idle 1800 to: set iface idle 0 On 3/17/06, Edward van Berkum [EMAIL PROTECTED] wrote: After 30 minutes my vpn tunnel is disconnected and the client does not automaticly reconnect Can anyone tell me what to change in the vpn.inc so there is no time-out, and no auto disconnect of the client? Found these lines in the vpn.inc: set iface idle 1800 (30 minutes) and set link keep-alive 10 60 What do they both mean and do and how does the keep-alive works? Regards, Edward - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Syslog Setup
Wrong list. You are better suited on a linux list. On 3/17/06, Chris May [EMAIL PROTECTED] wrote: Hi, Im new to setting up a syslog server and I think that I got it all setup except that i don't know what facilities to log for the router. Right now my log looks like this... local0.*;local1.*;local2.*;local3.*;local4.*;local5.*;local6.*;local7.* /var/log/router.log and i don't think that that is correct. Please help. My syslog server is running fedora core 4 if that helps. THX, Chris May - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Changing settings vpn.inc so clients don't disconnect
Thnx Scott it did the job, And what does set link keep-alive 10 60 mean, or actualy I think its an icmp echo, but what do the numbers mean? if no reply for for 10 seconds after trying 60 times, the vpn is dropped? Regards, Edward From: Scott Ullrich [mailto:[EMAIL PROTECTED]To: support@pfsense.comSent: Fri, 17 Mar 2006 19:23:07 +0100Subject: Re: [pfSense Support] Changing settings vpn.inc so clients don't disconnectTry changing set iface idle 1800 to:set iface idle 0On 3/17/06, Edward van Berkum [EMAIL PROTECTED] wrote: After 30 minutes my vpn tunnel is disconnected and the client does not automaticly reconnect Can anyone tell me what to change in the vpn.inc so there is no time-out, and no auto disconnect of the client? Found these lines in the vpn.inc: set iface idle 1800 (30 minutes) and set link keep-alive 10 60 What do they both mean and do and how does the keep-alive works? Regards, Edward-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Port 80 State Issues
After about 10 minutes port 80 just stops working. This is a new issue ever since I updated to Beta 2 from Beta 1. Every other port operates normally, (Nothing noticeable) Bittorrent works, as does FTP yet port 80 (WEB) just stops loading pages. I have made no changes to my config and the only way I have found to temperarly solve this issue is to flush the States. This gives me about 10 minutes before port 80 stops working again. Please help. I have attached my NAT rules in hopes that that can help debug. There is nothin gin my logs that looks like it could be releated in any way. Please Help, Chris May nat ipsecpassthru enable/ /ipsecpassthru rule protocoltcp/udp/protocol external-port9025-9026/external-port target192.168.100.8/target local-port9025/local-port interfacewan/interface descrAzureus/descr /rule rule protocoltcp/protocol external-port80/external-port target192.168.100.6/target local-port80/local-port interfacewan/interface descrWeb/descr /rule rule protocoltcp/udp/protocol external-port20-21/external-port target192.168.100.4/target local-port20/local-port interfacewan/interface descrFTP/descr /rule rule protocoltcp/protocol external-port81/external-port target192.168.100.1/target local-port443/local-port interfacewan/interface descrExternal admin/descr /rule rule protocoltcp/protocol external-port22/external-port target192.168.100.6/target local-port22/local-port interfacewan/interface descrSSH/descr /rule rule protocoltcp/udp/protocol external-port7055-7056/external-port target192.168.100.11/target local-port7055/local-port interfacewan/interface descrRES AZUREUS/descr /rule rule protocoltcp/udp/protocol external-port6593/external-port target192.168.100.8/target local-port6593/local-port interfacewan/interface descrAres 2/descr /rule rule protocoltcp/protocol external-port1/external-port target192.168.100.6/target local-port1/local-port interfacewan/interface descrWebmin/descr /rule /nat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Port 80 State Issues
I found with a lot of torrents running it can fill up the default state table pretty quickly (especially big torrents with lots of peers). Moving it to like 3 seemed to resolve this for me. Thanks John -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 11:09 PM To: support@pfsense.com Subject: [pfSense Support] Port 80 State Issues After about 10 minutes port 80 just stops working. This is a new issue ever since I updated to Beta 2 from Beta 1. Every other port operates normally, (Nothing noticeable) Bittorrent works, as does FTP yet port 80 (WEB) just stops loading pages. I have made no changes to my config and the only way I have found to temperarly solve this issue is to flush the States. This gives me about 10 minutes before port 80 stops working again. Please help. I have attached my NAT rules in hopes that that can help debug. There is nothin gin my logs that looks like it could be releated in any way. Please Help, Chris May - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Port 80 State Issues
Yes, if you run out of states it will also include the web interface. I'll see about overriding the states on the web lockout menu. Not sure if that would count against the master state count or not Anyone know? On 3/18/06, John Cianfarani [EMAIL PROTECTED] wrote: I found with a lot of torrents running it can fill up the default state table pretty quickly (especially big torrents with lots of peers). Moving it to like 3 seemed to resolve this for me. Thanks John -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Friday, March 17, 2006 11:09 PM To: support@pfsense.com Subject: [pfSense Support] Port 80 State Issues After about 10 minutes port 80 just stops working. This is a new issue ever since I updated to Beta 2 from Beta 1. Every other port operates normally, (Nothing noticeable) Bittorrent works, as does FTP yet port 80 (WEB) just stops loading pages. I have made no changes to my config and the only way I have found to temperarly solve this issue is to flush the States. This gives me about 10 minutes before port 80 stops working again. Please help. I have attached my NAT rules in hopes that that can help debug. There is nothin gin my logs that looks like it could be releated in any way. Please Help, Chris May - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]