[pfSense Support] developer editions
Just wondering weather the freesbie2 cvs is available again. Would really like to make an embedded build on rc1
[pfSense Support] pptp lan address
In the monowall docs on pptp it suggests that you can assign a range of ip addresses to the pptp clients that is not part of the lan ip network range, however if you do this that you cant route the address range to the wan is there a way around this i.e can you put this range into the static routes and add whatever rules are required? (Reason being historically the lan address range I have inherited is 192.168.0.0/24 which I know is going to conflict with every 2nd xp client users home broadband home la nip address range.) TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
RE: [pfSense Support] errors that im receiving
the uplink to the pfSense goes into one of the lan ports of the wifirouter. the wan ports will not be used of this router. Holger -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, July 02, 2006 6:55 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving So my Pfsense LAN side had a 0.1 addy the wireless access my linksys should get a static ip with in the .100-254 and will that go into the WAN or the LAN of the router and turn off dhcp.As long as I static the Ip's one the lan side of that switch I should have no issues correct?? Thanks all for helpSteve -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 12:09 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Assign it a static IP inside your LAN subnet as you probably need to configure it for wireless settings from time to time. Make sure this IP is not conflicting with the DHCP-Server-Range you have configured at the pfSense. Holger -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 6:02 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Yeah I have tried once. Seems to conflict. DO I need to assign the router an IP? set to static or DHCP? Or just to obtain an IP AUTO...I'm trying to get the WIFI to a higher ground so that the WIFI has a larger range. Seems to work better that way. Also do you think that I should get a new modem? If that will stop my collisions I think that I should. I would think as much $ as I pay my ISP that they should give me a 100mbit modem. We will see. Thanks you have went out of your way to try and help me...Thanks once again..Steve -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 11:38 PM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving You can use a wireless router as switch/AP. Just make sure it has a non conflicting IP, DHCP is turned off and only connect stations to the LAN side. Leave the WAN unplugged (pfSense uplink goes into LAN of the wifirouter, not WAN). Holger -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 5:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving I have a broadband connection, Super fast. That is one of the issues. You think that this is normal. Then connection is used all day. Torrents, email, webserver. For pc's..Also this has nothing to do with pfsense .does anyone know about using a wireless router as a switch and using it for the wireless?? If anyone can help I would love any info. I just want to thank you all for helping me with these issues..yeah that is what I was thinking that the collisions are still a little high..thanks.Steve -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 8:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] errors that im receiving Depends on how much he's using the link :) If he's full throttle p2p on a decent bandwidth broadband connection a 10mbit half duplex interface will quickly build up a LOT of collisions. --Bill On 6/24/06, Holger Bauer [EMAIL PROTECTED] wrote: Actually that sounds too high for my taste ;-) -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 1:49 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Hey Yeah I understand what you are saying and right my uptime id 1 day, 08:04...the 10baseT/UTP wan side has 152710 collisions .Don't really slow down the network. I just don't like it. Thanks for all the help. Steve -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 7:32 PM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Collisions are usually not a problem unless they start to freak out. As collisions are detected the package will be resent. As you have 10 mbit/s between your pfsense and the modem and might most likely have a less bandwidth from ysour modem to your ISP there is enough room to resend a broken package. Unless you are having issues you don't need to switch the modem. You also have to see that the collisioncounter counts since the uptime and is nothing that shows collisions per timeinterval. You can calculate how many collisions actually happen this way
RE: [pfSense Support] pptp lan address
You can have the pptp users in a seperate subnet but it won't solve your conflict as you then would still have the lan client in the same subnet and the remote destination you now have to route to still will conflict. You can't add a route to a remote subnet that is identical with your local subnet. I guess you simply need to change your 192.168.0.0/24 to something more uncommon. Holger -Original Message-From: Craig Silva [mailto:[EMAIL PROTECTED]Sent: Sunday, July 02, 2006 1:47 PMTo: support@pfsense.comSubject: [pfSense Support] pptp lan address In the monowall docs on pptp it suggests that you can assign a range of ip addresses to the pptp clients that is not part of the lan ip network range, however if you do this that you cant route the address range to the wan is there a way around this i.e can you put this range into the static routes and add whatever rules are required? (Reason being historically the lan address range I have inherited is 192.168.0.0/24 which I know is going to conflict with every 2nd xp client users home broadband home la nip address range.) TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit
[pfSense Support] Linux - pfsense questions
I have in the past used iptables on Debian. I have recently aquired a wrap with pfsense on it. Just trying to come to terms with the differences. So if someone could help with some answers to questions I havent been able to glean from the docs (references to parts of the docs with relevant info also appreciated): Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall? iptables tracks the attributes new, established and related in relation to connections does pfsense do this automatically? I only had a brief look at pf documentation as it was at the command line level and I couldnt map to the GUI rules is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense? Related to the first question do you need a rule to allow return traffic from an established connection? TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
RE: [pfSense Support] Linux - pfsense questions
The default firewall configuration of pfSense is: - LAN is allowed to go anywhere - WAN everyting blocked - OPTx everything blocked When creating firewallrules you always allow traffic incoming at an interface. This will create 2 states for the connection (in, out) which then both will be allowed. If you want to look on the pf configuration the webgui creates go to diagnosticsedit file in the webgui and open /tmp/rules.debug. There is no example ruleset or restrictive ruleset for any of the situations (DMZ, restrictive LAN, ...). You have to decide yourself what your DMZ should do or not and set it up. Holger -Original Message- From: Craig Silva [mailto:[EMAIL PROTECTED] Sent: Sunday, July 02, 2006 1:17 PM To: support@pfsense.com Subject: [pfSense Support] Linux - pfsense questions I have in the past used iptables on Debian. I have recently aquired a wrap with pfsense on it. Just trying to come to terms with the differences. So if someone could help with some answers to questions I haven't been able to glean from the docs (references to parts of the docs with relevant info also appreciated): Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall? iptables tracks the attributes new, established and related in relation to connections - does pfsense do this automatically? I only had a brief look at pf documentation as it was at the command line level and I couldn't map to the GUI rules - is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense? Related to the first question - do you need a rule to allow return traffic from an established connection? TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Linux - pfsense questions
On 7/2/06, Craig Silva [EMAIL PROTECTED] wrote: Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall? That's certainly something we'd hoped people would do :) At this time, I'm not aware of any example rulesets. iptables tracks the attributes new, established and related in relation to connections – does pfsense do this automatically? I'm not sure what related does, but we certainly do keep state on traffic. A state entry is created for the SYN in a tcp packet that is allowed, all further packets in that flow are passed if they follow the RFCs and don't muck with sequence numbers, window sizes...etc I only had a brief look at pf documentation as it was at the command line level and I couldn't map to the GUI rules – is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense? The rules are in /tmp/rules.debug - there's a large number of system generated rules, but you can see the set options we use and the user generated rules towards the bottom of the ruleset. Related to the first question – do you need a rule to allow return traffic from an established connection? Nope...state tables keep track of it all :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking p2p
On Sat, 1 Jul 2006 04:38:52 -0400, you wrote: On 7/1/06, dny [EMAIL PROTECTED] wrote: can this applied into pfsense? http://jazzz1s.blogspot.com/2006/05/blocking-p2p-protocols-with-openbsd.html Yes it appears so. I didn't spend a lot of time on this so please don't quote me, I am just telling you that this would be a good project for a package, etc. And why must all of these sites insist that BSD code is linux related?! Scott Rhetorical question? Linux does have a catchy pronunciation but I understand the frustration. The description of how snort is used to block p2p (Kazaa in this case) looks identical to the recent reports on how China's firewall works with an auxiliary system sending RST TCP commands to the source and destination. The reported work around was to block incoming RST packets (accepting the side affects) on both sides but I find it unlikely many Kazaa users will be quite that sophisticated. This does make for another step in a continuing arms race. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ntop running after uninstalling
We had ntop installed butto some reasons weuninstalled it. Now the questionwhy is Ntop still generating logsand running as a process (see below)? thanks!! Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread starting [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread starting [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Started thread for throughput data collection Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Started thread for throughput data collection Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4) Jul 3 07:08:59 ntop[977]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4) Jul 3 07:08:59 ntop[977]: Note: Reporting device initally set to 0 [rl0] Jul 3 07:08:59 ntop[977]: Note: Reporting device initally set to 0 [rl0] Jul 3 07:08:59 ntop[977]: INIT: Created pid file (/var/run/ntop.pid) Jul 3 07:08:59 ntop[977]: INIT: Created pid file (/var/run/ntop.pid) Jul 3 07:08:59 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread starting [p977] Jul 3 07:08:59 ntop[977]: Now running as requested user 'root' (0:0) Jul 3 07:08:59 ntop[977]: Now running as requested user 'root' (0:0) Jul 3 07:08:59 ntop[977]: THREADMGMT: RRD: Started thread (t160064512) for data collection Jul 3 07:08:59 ntop[977]: THREADMGMT: RRD: Started thread (t160064512) for data collection Jul 3 07:08:59 ntop[977]: RRD: Mask for new files is 0066 Jul 3 07:08:59 ntop[977]: RRD: Mask for new files is 0066 Jul 3 07:08:59 ntop[977]: RRD: Mask for new directories is 0700 Jul 3 07:08:59 ntop[977]: RRD: Mask for new directories is 0700 Jul 3 07:08:59 ntop[977]: RRD: Welcome to the RRD plugin Jul 3 07:08:59 ntop[977]: RRD: Welcome to the RRD plugin Jul 3 07:08:59 ntop[977]: Calling plugin start functions (if any) Jul 3 07:08:59 ntop[977]: Calling plugin start functions (if any) Jul 3 07:08:59 ntop[977]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss Jul 3 07:08:59 ntop[977]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss Jul 3 07:08:59 ntop[977]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina Jul 3 07:08:59 ntop[977]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina Jul 3 07:08:59 ntop[977]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Jul 3 07:08:59 ntop[977]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
Re: [pfSense Support] ntop running after uninstalling
On 7/3/06, Tunge2 [EMAIL PROTECTED] wrote: We had ntop installed butto some reasons weuninstalled it. Now the questionwhy is Ntop still generating logsand running as a process (see below)? thanks!! Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread starting [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Throughput data collection: Thread starting [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread running [p977] Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Started thread for throughput data collection Jul 3 07:09:09 ntop[977]: THREADMGMT[t161820672]: RRD: Started thread for throughput data collection Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2,rl1): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1,rl0): pcapDispatch thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065536]: NPS(2): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t160065024]: NPS(1): Started thread for network packet sniffing Jul 3 07:08:59 ntop[977]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4) Jul 3 07:08:59 ntop[977]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4) Jul 3 07:08:59 ntop[977]: Note: Reporting device initally set to 0 [rl0] Jul 3 07:08:59 ntop[977]: Note: Reporting device initally set to 0 [rl0] Jul 3 07:08:59 ntop[977]: INIT: Created pid file (/var/run/ntop.pid) Jul 3 07:08:59 ntop[977]: INIT: Created pid file (/var/run/ntop.pid) Jul 3 07:08:59 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread starting [p977] Jul 3 07:08:59 ntop[977]: THREADMGMT[t160064512]: RRD: Data collection thread starting [p977] Jul 3 07:08:59 ntop[977]: Now running as requested user 'root' (0:0) Jul 3 07:08:59 ntop[977]: Now running as requested user 'root' (0:0) Jul 3 07:08:59 ntop[977]: THREADMGMT: RRD: Started thread (t160064512) for data collection Jul 3 07:08:59 ntop[977]: THREADMGMT: RRD: Started thread (t160064512) for data collection Jul 3 07:08:59 ntop[977]: RRD: Mask for new files is 0066 Jul 3 07:08:59 ntop[977]: RRD: Mask for new files is 0066 Jul 3 07:08:59 ntop[977]: RRD: Mask for new directories is 0700 Jul 3 07:08:59 ntop[977]: RRD: Mask for new directories is 0700 Jul 3 07:08:59 ntop[977]: RRD: Welcome to the RRD plugin Jul 3 07:08:59 ntop[977]: RRD: Welcome to the RRD plugin Jul 3 07:08:59 ntop[977]: Calling plugin start functions (if any) Jul 3 07:08:59 ntop[977]: Calling plugin start functions (if any) Jul 3 07:08:59 ntop[977]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss Jul 3 07:08:59 ntop[977]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss Jul 3 07:08:59 ntop[977]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina Jul 3 07:08:59 ntop[977]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina Jul 3 07:08:59 ntop[977]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Jul 3 07:08:59 ntop[977]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri Run from a shell:pkg_delete -r `pkg_info | grep ntop | cut -f1 -d ` killall ntopScott