[pfSense Support] clamav RC2
I have a fresh install of RC2 on a new firewall and when i try to install clamav it instantly says installation complete without downloading anything and i cant start or run the clamav service or freshclam via the web interface. Is there a problem with the clamav package or is it a problem on my end? TIA Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] clamav RC2
There are only a few packages working atm. I think ClamAV is not finished yet. We'll have to review packages before pfSense 1.0 is released and divide them in known working packages and alpha/beta packages. Holger > -Original Message- > From: Nick Smith [mailto:[EMAIL PROTECTED] > Sent: Friday, August 04, 2006 9:52 AM > To: support@pfsense.com > Subject: [pfSense Support] clamav RC2 > > > I have a fresh install of RC2 on a new firewall and when i try to > install clamav it instantly says installation complete without > downloading anything and i cant start or run the clamav service or > freshclam via the web interface. Is there a problem with the clamav > package or is it a problem on my end? > > TIA > > Nick > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Trouble accessing console via serial connection
On 8/3/06, Jonathan Wanak <[EMAIL PROTECTED]> wrote: Hi, I'm trying to get the serial console to work. I'm running pfSense RC2, on the hard drive on a PII Dell Optiplex, connected to my Windows XP machine with a null modem cable. Connection settings are 9600/8/N/1/HW handshaking. I have verified 2-way communication between the firewall box and the XP machine ('echo "xx" > ttyxx' appears in HT; 'more ttyxx' displays text typed into HT), and disconnected the keyboard, mouse, and monitor from the router. Here's my problem: I see the pfSense boot-up and shut-down messages in HyperTerminal. However, once I get to the line "Bootup complete" I can't seem to do anything. I was expecting to see the main console screen at this point, but nothing further appears. When I reboot via the web configurator, I see the shutdown messages in HyperTerminal. I've tried TTY, VT100, ANSI, and auto emulation modes. I've also tried playing around with the flow control settings, but haven't seen any difference. I'm guessing I have some kind of terminal misconfiguration, but don't know where to go from here. Any help would be greatly appreciated. Interesting, didn't know the PC image would display anything on serial during boot. In the System->Advanced menu, there's an option to spawn the console on serial. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] clamav RC2
Holger Bauer wrote: There are only a few packages working atm. I think ClamAV is not finished yet. We'll have to review packages before pfSense 1.0 is released and divide them in known working packages and alpha/beta packages. Holger Is there a list of the few that are working? Were they working with RC1? Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] clamav RC2
If they're broken now, they were broken then. No packages have suffered any regression (at least not yet). ClamAV and HAVP are both known to be broken at this time. There are reports that Scott's recent patches have brought Squid to a working state. SpamD works great! Nick Smith wrote: Holger Bauer wrote: There are only a few packages working atm. I think ClamAV is not finished yet. We'll have to review packages before pfSense 1.0 is released and divide them in known working packages and alpha/beta packages. Holger Is there a list of the few that are working? Were they working with RC1? Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] clamav RC2
Read the packagedescription at the packagemanager page. Some are marked broken or have som ekind of information about their current state. Holger > -Original Message- > From: Gary Buckmaster [mailto:[EMAIL PROTECTED] > Sent: Friday, August 04, 2006 3:14 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] clamav RC2 > > > If they're broken now, they were broken then. No packages > have suffered > any regression (at least not yet). ClamAV and HAVP are both > known to be > broken at this time. There are reports that Scott's recent > patches have > brought Squid to a working state. SpamD works great! > > Nick Smith wrote: > > Holger Bauer wrote: > >> There are only a few packages working atm. I think ClamAV is not > >> finished yet. We'll have to review packages before pfSense 1.0 is > >> released and divide them in known working packages and alpha/beta > >> packages. > >> > >> Holger > >> > > Is there a list of the few that are working? Were they > working with RC1? > > > > Nick > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridged Multi-Wan Load Balancing Failover
Gary Buckmaster wrote: Scott Ullrich wrote: On 8/3/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote: Aren't those Opteron based? If so, then you're out of luck, because pfSense is currently not an x64 platform. Opterons will run just fine on 32 bit as well as 64 bit. One of our builder servers is a dual Opteron. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] My mistake. String me up. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] What about a sparc64? like a sun u2? will it run on that? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridged Multi-Wan Load Balancing Failover
On 8/4/06, Nick Smith <[EMAIL PROTECTED]> wrote: What about a sparc64? like a sun u2? will it run on that? No, I am affraid not. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Can't get basic routing to work.
I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridged Multi-Wan Load Balancing Failover
On 8/4/06, Nick Smith <[EMAIL PROTECTED]> wrote: Gary Buckmaster wrote: > Scott Ullrich wrote: >> On 8/3/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote: >>> Aren't those Opteron based? If so, then you're out of luck, because >>> pfSense is currently not an x64 platform. >> >> Opterons will run just fine on 32 bit as well as 64 bit. One of our >> builder servers is a dual Opteron. >> >> Scott >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > My mistake. String me up. > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > What about a sparc64? like a sun u2? will it run on that? Wrong architecture. FreeBSD does run on these machines though, feel free to attempt to bootstrap our build (you'll need to recompile the binaries we have in our CVS tree for sparc64 of course). No reason it can't run on there, we're just not going to provide a build for it. Besides, you'll save enough in power costs by not running that Ultra2 in a year or two to buy a decent low VIA based machine. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Marvell Chipset
Anyone have luck running the Marvell Yukon Chipset, the sun servers I am looking at purchasing use this chipset and I don’t see them listed under the Hardware section on the website. Regards There are 10 types of people in this world, those who can read binary, and those who cannot. DISCLAIMER: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person without the consent of the sender. Unless expressly stated herein to the contrary, only agreements in writing, signed by an authorized officer of the Company, may be enforced against it.
Re: [pfSense Support] Marvell Chipset
On 8/4/06, Scott Williamson <[EMAIL PROTECTED]> wrote: Anyone have luck running the Marvell Yukon Chipset, the sun servers I am looking at purchasing use this chipset and I don't see them listed under the Hardware section on the website. I believe that they work now in 6.1 but you may want to visit the FreeBSD hardware compatibility guide at FreeBSD.org for an updated version. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Trouble accessing console via serial connection
Changing the appropriate line did the trick. Thank you very much! --Jon - Original Message From: Charles Sprickman <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Friday, August 4, 2006 12:28:48 AM Subject: Re: [pfSense Support] Trouble accessing console via serial connection On Thu, 3 Aug 2006, Jonathan Wanak wrote: > I see the pfSense boot-up and shut-down messages in HyperTerminal. > However, once I get to the line "Bootup complete" I can't seem to do > anything. I was expecting to see the main console screen at this point, > but nothing further appears. When I reboot via the web configurator, I > see the shutdown messages in HyperTerminal. It sounds like the console is being set to the serial port (look in /boot.config), but that no getty is being spawned on the console. To make it "just work" for now, manually edit /etc/ttys and stick something like this on the proper serial line: ttyd0 "/usr/libexec/getty std.9600" vt102 on secure Then "kill -HUP 1" to have the file re-read. Charles > Thanks, > > Jon > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
If bridging is not an option I would recommend setting 1:1 mappings for each public address. It will work beautifully and will also allow you to set up two separate networks. -Tim -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:29 AM To: support@pfsense.com Subject: [pfSense Support] Can't get basic routing to work. I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
I can't set up a 1:1 as the wan interface is on a different subnet than my lan interface From: "Tim Dickson" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 12:13:53 -0700 If bridging is not an option I would recommend setting 1:1 mappings for each public address. It will work beautifully and will also allow you to set up two separate networks. -Tim -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:29 AM To: support@pfsense.com Subject: [pfSense Support] Can't get basic routing to work. I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
oh, and the computers also need to have public IPs not private IPs routing is exactly what I need and it should be the simplest thing possible to do any clue what could be causing the issue? From: "Tim Dickson" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 12:13:53 -0700 If bridging is not an option I would recommend setting 1:1 mappings for each public address. It will work beautifully and will also allow you to set up two separate networks. -Tim -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:29 AM To: support@pfsense.com Subject: [pfSense Support] Can't get basic routing to work. I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
That's the whole point. Please read the documentation, and research 1:1 NAT to see why it will work for this purpose. A. Jones wrote: I can't set up a 1:1 as the wan interface is on a different subnet than my lan interface From: "Tim Dickson" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 12:13:53 -0700 If bridging is not an option I would recommend setting 1:1 mappings for each public address. It will work beautifully and will also allow you to set up two separate networks. -Tim -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:29 AM To: support@pfsense.com Subject: [pfSense Support] Can't get basic routing to work. I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
Just curios, how many ip's do you have? Have you tried setting this up in an isolated network just to see if it works? I had a problem with bellsouth not really assigning all of the ip addresses they claim they did. The first two in the range were reserved, yet they reported them. When i assigned my router to one nothing worked at all. I am just wondering if this may be part of the problem. I will set up a few boxes this weekend without nat just to make sure, but i am pretty sure it does work. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 3:15 PM To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. That's the whole point. Please read the documentation, and research 1:1 NAT to see why it will work for this purpose. A. Jones wrote: > I can't set up a 1:1 as the wan interface is on a different subnet > than my lan interface > > >> From: "Tim Dickson" <[EMAIL PROTECTED]> >> Reply-To: support@pfsense.com >> To: >> Subject: RE: [pfSense Support] Can't get basic routing to work. >> Date: Fri, 4 Aug 2006 12:13:53 -0700 >> >> If bridging is not an option I would recommend setting 1:1 mappings for >> each public address. It will work beautifully and will also allow you >> to set up two separate networks. >> -Tim >> >> -Original Message- >> From: A. Jones [mailto:[EMAIL PROTECTED] >> Sent: Friday, August 04, 2006 7:29 AM >> To: support@pfsense.com >> Subject: [pfSense Support] Can't get basic routing to work. >> >> I can't get the most basic of basic routing to work. >> >> Here's my network setup >> >> Intel computer with 512 ram and new xeon. >> Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E >> ports. >> >> DSL Modem (Subnet A) >> | >> pfSense WAN (Subnet A) >> | >> PfSense LAN (Subnet B) >> | >> Computers with static public IPs (Subnet B) >> >> Bridging is not an option as in the near future I want to cut subnet B >> into two subnets and put each half subnet onto different interfaces. >> >> I've tried going to advanced NAT and deleting all the rules while having >> subnet B on LAN. >> Deleting all the NAT rules while having subnet B on OPT1. >> DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. >> >> I just can't get packets to get through. >> The joke is that it all works fine when I use the default rule created >> for NAT. >> But I don't want or need NAT for this setup. >> I MUST have public, static IPs on the computers =o/ >> >> Please help >> >> _ >> Express yourself instantly with MSN Messenger! Download today - it's >> FREE! >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional >> commands, e-mail: [EMAIL PROTECTED] >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > _ > Express yourself instantly with MSN Messenger! Download today - it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
I have a whole subnet, routing is what I need. The computers also MUST have public IP addresses assigned to their interfaces. That will also screw me over when one of the subnets needs to talk to the other subnet using public IPs http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en I also would have to get my ISP to change the routing to my network as the routing currently is xxx.xxx.xx1.001 modem xxx.xxx.xx1.002 WAN xxx.xxx.xx2.001 LAN xxx.xxx.xx2.002 Computer xxx.xxx.xx2.003 Computer xxx.xxx.xx2.004 Computer xxx.xxx.xx2.005 Computer and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 so there are no "extra" IPs on the outside with which to do 1:1 to begin with. I just want simple, simple, simple, basic, routing! Packet goes in one interface, firewall rules executed, packet goes out other interface with destination unaltered... =o( From: Gary Buckmaster <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 04 Aug 2006 15:14:53 -0500 That's the whole point. Please read the documentation, and research 1:1 NAT to see why it will work for this purpose. A. Jones wrote: I can't set up a 1:1 as the wan interface is on a different subnet than my lan interface From: "Tim Dickson" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 12:13:53 -0700 If bridging is not an option I would recommend setting 1:1 mappings for each public address. It will work beautifully and will also allow you to set up two separate networks. -Tim -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 7:29 AM To: support@pfsense.com Subject: [pfSense Support] Can't get basic routing to work. I can't get the most basic of basic routing to work. Here's my network setup Intel computer with 512 ram and new xeon. Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E ports. DSL Modem (Subnet A) | pfSense WAN (Subnet A) | PfSense LAN (Subnet B) | Computers with static public IPs (Subnet B) Bridging is not an option as in the near future I want to cut subnet B into two subnets and put each half subnet onto different interfaces. I've tried going to advanced NAT and deleting all the rules while having subnet B on LAN. Deleting all the NAT rules while having subnet B on OPT1. DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. I just can't get packets to get through. The joke is that it all works fine when I use the default rule created for NAT. But I don't want or need NAT for this setup. I MUST have public, static IPs on the computers =o/ Please help _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I have a whole subnet, routing is what I need. The computers also MUST have public IP addresses assigned to their interfaces. That will also screw me over when one of the subnets needs to talk to the other subnet using public IPs http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en I also would have to get my ISP to change the routing to my network as the routing currently is xxx.xxx.xx1.001 modem xxx.xxx.xx1.002 WAN xxx.xxx.xx2.001 LAN xxx.xxx.xx2.002 Computer xxx.xxx.xx2.003 Computer xxx.xxx.xx2.004 Computer xxx.xxx.xx2.005 Computer and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 so there are no "extra" IPs on the outside with which to do 1:1 to begin with. I just want simple, simple, simple, basic, routing! Packet goes in one interface, firewall rules executed, packet goes out other interface with destination unaltered... You have two options. #1 - Visit Firewall -> NAT -> Advanced outbound nat. Enable. Now remove all of the auto created rules, save.. This will give you a Filtering / Routing platform. #2 - Visit System -> Advanced -> Disable Firewall - This will disable NAT and Filtering leaving a routing only platform. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
traces to any part of my subnet from random systems on the net all get to the WAN interface and then they start getting dropped (even with the firewall completely turned off). So I know that the IPs are properly routed to me. Thanks for a reasonable response. It's much appreciated. P.S. the reserved IPs you are probably talking about are the "network" IP (the first address of your subnet) and the router/modem IP. There is also the "broadcast" ip, which is the last IP of your subnet. The network and broadcast IPs are part of the IP standard and if your modem is on the same subnet as your LAN, then the first usable IP is almost always assigned to the modem/router. The e-mail they sent you probably wasn't accounting for the "usable" address range which is why you generally need to subtract 3 IPs from the amount you are "assigned". e.g. a /29 which has 8 IPs only has six usable IPs (#0 is the network address, #1-#7 are usable, #8 is the broadcast address). Then the router/modem takes up #1 leaving you with five IPs #2-#7 Thanks again! From: "Ryan Rodrigue" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 15:33:23 -0500 Just curios, how many ip's do you have? Have you tried setting this up in an isolated network just to see if it works? I had a problem with bellsouth not really assigning all of the ip addresses they claim they did. The first two in the range were reserved, yet they reported them. When i assigned my router to one nothing worked at all. I am just wondering if this may be part of the problem. I will set up a few boxes this weekend without nat just to make sure, but i am pretty sure it does work. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: Friday, August 04, 2006 3:15 PM To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. That's the whole point. Please read the documentation, and research 1:1 NAT to see why it will work for this purpose. A. Jones wrote: > I can't set up a 1:1 as the wan interface is on a different subnet > than my lan interface > > >> From: "Tim Dickson" <[EMAIL PROTECTED]> >> Reply-To: support@pfsense.com >> To: >> Subject: RE: [pfSense Support] Can't get basic routing to work. >> Date: Fri, 4 Aug 2006 12:13:53 -0700 >> >> If bridging is not an option I would recommend setting 1:1 mappings for >> each public address. It will work beautifully and will also allow you >> to set up two separate networks. >> -Tim >> >> -Original Message- >> From: A. Jones [mailto:[EMAIL PROTECTED] >> Sent: Friday, August 04, 2006 7:29 AM >> To: support@pfsense.com >> Subject: [pfSense Support] Can't get basic routing to work. >> >> I can't get the most basic of basic routing to work. >> >> Here's my network setup >> >> Intel computer with 512 ram and new xeon. >> Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E >> ports. >> >> DSL Modem (Subnet A) >> | >> pfSense WAN (Subnet A) >> | >> PfSense LAN (Subnet B) >> | >> Computers with static public IPs (Subnet B) >> >> Bridging is not an option as in the near future I want to cut subnet B >> into two subnets and put each half subnet onto different interfaces. >> >> I've tried going to advanced NAT and deleting all the rules while having >> subnet B on LAN. >> Deleting all the NAT rules while having subnet B on OPT1. >> DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1. >> >> I just can't get packets to get through. >> The joke is that it all works fine when I use the default rule created >> for NAT. >> But I don't want or need NAT for this setup. >> I MUST have public, static IPs on the computers =o/ >> >> Please help >> >> _ >> Express yourself instantly with MSN Messenger! Download today - it's >> FREE! >> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional >> commands, e-mail: [EMAIL PROTECTED] >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > _ > Express yourself instantly with MSN Messenger! Download today - it's > FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --
Re: [pfSense Support] Can't get basic routing to work.
I tried both and no dice. That's why I'm completely vexed and why I posted to the mailing list... =o/ The odd thing is that it works with NAT enabled. Any other guesses as to what could possibly be going on? Thanks. From: "Scott Ullrich" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 16:29:50 -0400 On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I have a whole subnet, routing is what I need. The computers also MUST have public IP addresses assigned to their interfaces. That will also screw me over when one of the subnets needs to talk to the other subnet using public IPs http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en I also would have to get my ISP to change the routing to my network as the routing currently is xxx.xxx.xx1.001 modem xxx.xxx.xx1.002 WAN xxx.xxx.xx2.001 LAN xxx.xxx.xx2.002 Computer xxx.xxx.xx2.003 Computer xxx.xxx.xx2.004 Computer xxx.xxx.xx2.005 Computer and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 so there are no "extra" IPs on the outside with which to do 1:1 to begin with. I just want simple, simple, simple, basic, routing! Packet goes in one interface, firewall rules executed, packet goes out other interface with destination unaltered... You have two options. #1 - Visit Firewall -> NAT -> Advanced outbound nat. Enable. Now remove all of the auto created rules, save.. This will give you a Filtering / Routing platform. #2 - Visit System -> Advanced -> Disable Firewall - This will disable NAT and Filtering leaving a routing only platform. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I tried both and no dice. That's why I'm completely vexed and why I posted to the mailing list... =o/ The odd thing is that it works with NAT enabled. Any other guesses as to what could possibly be going on? Nope. The two methods I mentioned absolutely work so I have no idea where your hitting a snag. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
This is why I'm so confused... There is no reason why it should not work. Is there a way for me to see what the system is doing to the individual packets? From: "Scott Ullrich" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 16:43:03 -0400 On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I tried both and no dice. That's why I'm completely vexed and why I posted to the mailing list... =o/ The odd thing is that it works with NAT enabled. Any other guesses as to what could possibly be going on? Nope. The two methods I mentioned absolutely work so I have no idea where your hitting a snag. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: This is why I'm so confused... There is no reason why it should not work. Is there a way for me to see what the system is doing to the individual packets? tcpdump. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
Thanks. I'll see what I can figure out when everyone is off the network in half an hour. From: "Scott Ullrich" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 16:48:40 -0400 On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: This is why I'm so confused... There is no reason why it should not work. Is there a way for me to see what the system is doing to the individual packets? tcpdump. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
A. Jones wrote: This is why I'm so confused... There is no reason why it should not work. Is there a way for me to see what the system is doing to the individual packets? The scenario, exactly as you described, works for me very well without NAT-ing the public IP-s behind the firewall. Do as Scott told you to do. Enable Advanced Oubound NAT rules and delete the one, used for your public network and/or add correct incoming rules on wan interface to accept the traffic. On the other hand, you can always use this: /usr/sbin/tcpdump -n -e -ttt -i pflog0 This will give you pretty clear idea, what's wrong. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I have a whole subnet, routing is what I need. The computers also MUST have public IP addresses assigned to their interfaces. That will also screw me over when one of the subnets needs to talk to the other subnet using public IPs http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en I also would have to get my ISP to change the routing to my network as the routing currently is xxx.xxx.xx1.001 modem xxx.xxx.xx1.002 WAN xxx.xxx.xx2.001 LAN xxx.xxx.xx2.002 Computer xxx.xxx.xx2.003 Computer xxx.xxx.xx2.004 Computer xxx.xxx.xx2.005 Computer and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 so there are no "extra" IPs on the outside with which to do 1:1 to begin with. Actually, for this you use the "other" virtual IP type. But that's beside the point since you have a requirement for public IPs on the actual machines. Enabling advanced outbound nat, then deleting the rules _should_ be the way you need this to work. I assume you put rules in on the WAN interface to allow the traffic?? :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
The original rule on the firewall is already good for that. From: "Bill Marquette" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 16:32:28 -0500 On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: I have a whole subnet, routing is what I need. The computers also MUST have public IP addresses assigned to their interfaces. That will also screw me over when one of the subnets needs to talk to the other subnet using public IPs http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en I also would have to get my ISP to change the routing to my network as the routing currently is xxx.xxx.xx1.001 modem xxx.xxx.xx1.002 WAN xxx.xxx.xx2.001 LAN xxx.xxx.xx2.002 Computer xxx.xxx.xx2.003 Computer xxx.xxx.xx2.004 Computer xxx.xxx.xx2.005 Computer and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 so there are no "extra" IPs on the outside with which to do 1:1 to begin with. Actually, for this you use the "other" virtual IP type. But that's beside the point since you have a requirement for public IPs on the actual machines. Enabling advanced outbound nat, then deleting the rules _should_ be the way you need this to work. I assume you put rules in on the WAN interface to allow the traffic?? :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
I already tried those. I have a feeling I know what is going wrong, I'll keep you all posted when I verify/disprove myself. Thanks everyone. From: Jan Zorz <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 04 Aug 2006 23:04:40 +0200 A. Jones wrote: This is why I'm so confused... There is no reason why it should not work. Is there a way for me to see what the system is doing to the individual packets? The scenario, exactly as you described, works for me very well without NAT-ing the public IP-s behind the firewall. Do as Scott told you to do. Enable Advanced Oubound NAT rules and delete the one, used for your public network and/or add correct incoming rules on wan interface to accept the traffic. On the other hand, you can always use this: /usr/sbin/tcpdump -n -e -ttt -i pflog0 This will give you pretty clear idea, what's wrong. /jan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
Not for inbound traffic it isn't. --Bill On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: The original rule on the firewall is already good for that. >From: "Bill Marquette" <[EMAIL PROTECTED]> >Reply-To: support@pfsense.com >To: support@pfsense.com >Subject: Re: [pfSense Support] Can't get basic routing to work. >Date: Fri, 4 Aug 2006 16:32:28 -0500 > >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >>I have a whole subnet, routing is what I need. >>The computers also MUST have public IP addresses assigned to their >>interfaces. >>That will also screw me over when one of the subnets needs to talk to the >>other subnet using public IPs >>http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en >> >>I also would have to get my ISP to change the routing to my network as the >>routing currently is >> >>xxx.xxx.xx1.001 modem >>xxx.xxx.xx1.002 WAN >> >>xxx.xxx.xx2.001 LAN >>xxx.xxx.xx2.002 Computer >>xxx.xxx.xx2.003 Computer >>xxx.xxx.xx2.004 Computer >>xxx.xxx.xx2.005 Computer >> >>and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 >>so there are no "extra" IPs on the outside with which to do 1:1 to begin >>with. > >Actually, for this you use the "other" virtual IP type. But that's >beside the point since you have a requirement for public IPs on the >actual machines. Enabling advanced outbound nat, then deleting the >rules _should_ be the way you need this to work. I assume you put >rules in on the WAN interface to allow the traffic?? :) > >--Bill > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
When you send (initiate) a packet out on port abc, and it is allowed through, the firewall opens up a "hole" (which is stored in the state table) that allows a response from the IP the packet was sent to on the return port specified in the packet. You use inbound rules (WAN->LAN) when you want to allow sessions to be initiated from the internet/untrusted interface. As long as the default "allow all" outbound rule is in place, you can do things like ping and browse the web with no problem from the LAN side. I appreciate the help though. The nice/not so nice thing is this... I did some testing and confirmed my suspicions. pfSense works beautifully... lol, my ISP configured the LAN subnet of the dsl modem/router correctly. The static route to my WAN port on their main routers correctly correctly. But it seems they screwed up a line somewhere on my DSL modem/router and any packet that is not originating from the same subnet as the DSL modem's LAN side on the dsl modem's LAN side is being sent into the ether... Since, NATed packet originate from the pfSense's WAN subnet which is the same subnet as the modem's LAN subnet they get through. But when I turn off NAT, the packets originate from my LAN subnet and the packets go for a wild ride into nothingness AIYA Hopefully, I'll have this fixed by tomorrow morning Thanks for everyone's help!!! It was much appreciated!!! From: "Bill Marquette" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 22:28:20 -0500 Not for inbound traffic it isn't. --Bill On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: The original rule on the firewall is already good for that. >From: "Bill Marquette" <[EMAIL PROTECTED]> >Reply-To: support@pfsense.com >To: support@pfsense.com >Subject: Re: [pfSense Support] Can't get basic routing to work. >Date: Fri, 4 Aug 2006 16:32:28 -0500 > >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >>I have a whole subnet, routing is what I need. >>The computers also MUST have public IP addresses assigned to their >>interfaces. >>That will also screw me over when one of the subnets needs to talk to the >>other subnet using public IPs >>http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en >> >>I also would have to get my ISP to change the routing to my network as the >>routing currently is >> >>xxx.xxx.xx1.001 modem >>xxx.xxx.xx1.002 WAN >> >>xxx.xxx.xx2.001 LAN >>xxx.xxx.xx2.002 Computer >>xxx.xxx.xx2.003 Computer >>xxx.xxx.xx2.004 Computer >>xxx.xxx.xx2.005 Computer >> >>and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 >>so there are no "extra" IPs on the outside with which to do 1:1 to begin >>with. > >Actually, for this you use the "other" virtual IP type. But that's >beside the point since you have a requirement for public IPs on the >actual machines. Enabling advanced outbound nat, then deleting the >rules _should_ be the way you need this to work. I assume you put >rules in on the WAN interface to allow the traffic?? :) > >--Bill > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't get basic routing to work.
On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: When you send (initiate) a packet out on port abc, and it is allowed through, the firewall opens up a "hole" (which is stored in the state table) that allows a response from the IP the packet was sent to on the return port specified in the packet. You use inbound rules (WAN->LAN) when you want to allow sessions to be initiated from the internet/untrusted interface. As long as the default "allow all" outbound rule is in place, you can do things like ping and browse the web with no problem from the LAN side. Considering I'm one of the developers, I certainly hope I understand the concepts of a stateful inspection firewall. :) The only example I saw of what was broken was an outside in traceroute. I think it's fair for me to assume that you may not have had rules allowing it into your network. But when I turn off NAT, the packets originate from my LAN subnet and the packets go for a wild ride into nothingness AIYA Hopefully, I'll have this fixed by tomorrow morning Thanks for everyone's help!!! It was much appreciated!!! Glad to hear it was upstream. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Intel PWLA8494MT support
Is Intel PWLA8494MT supported with the current build (1.0RC2)? I have installed this card on a system with 2 Gb Intel port on the mother board and the system does not appear to recognize it. Any idea? Thanks Pierre - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
Just a thought .. I have seen ISPs that give out silly IP addresses that can't be routed and require NAT. You wouldn't happen to have one of those? Ivan. -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: 05 August 2006 06:16 AM To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. When you send (initiate) a packet out on port abc, and it is allowed through, the firewall opens up a "hole" (which is stored in the state table) that allows a response from the IP the packet was sent to on the return port specified in the packet. You use inbound rules (WAN->LAN) when you want to allow sessions to be initiated from the internet/untrusted interface. As long as the default "allow all" outbound rule is in place, you can do things like ping and browse the web with no problem from the LAN side. I appreciate the help though. The nice/not so nice thing is this... I did some testing and confirmed my suspicions. pfSense works beautifully... lol, my ISP configured the LAN subnet of the dsl modem/router correctly. The static route to my WAN port on their main routers correctly correctly. But it seems they screwed up a line somewhere on my DSL modem/router and any packet that is not originating from the same subnet as the DSL modem's LAN side on the dsl modem's LAN side is being sent into the ether... Since, NATed packet originate from the pfSense's WAN subnet which is the same subnet as the modem's LAN subnet they get through. But when I turn off NAT, the packets originate from my LAN subnet and the packets go for a wild ride into nothingness AIYA Hopefully, I'll have this fixed by tomorrow morning Thanks for everyone's help!!! It was much appreciated!!! >From: "Bill Marquette" <[EMAIL PROTECTED]> >Reply-To: support@pfsense.com >To: support@pfsense.com >Subject: Re: [pfSense Support] Can't get basic routing to work. >Date: Fri, 4 Aug 2006 22:28:20 -0500 > >Not for inbound traffic it isn't. > >--Bill > >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >>The original rule on the firewall is already good for that. >> >> >From: "Bill Marquette" <[EMAIL PROTECTED]> >> >Reply-To: support@pfsense.com >> >To: support@pfsense.com >> >Subject: Re: [pfSense Support] Can't get basic routing to work. >> >Date: Fri, 4 Aug 2006 16:32:28 -0500 >> > >> >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >> >>I have a whole subnet, routing is what I need. >> >>The computers also MUST have public IP addresses assigned to their >> >>interfaces. >> >>That will also screw me over when one of the subnets needs to talk to >>the >> >>other subnet using public IPs >> >>http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en >> >> >> >>I also would have to get my ISP to change the routing to my network as >>the >> >>routing currently is >> >> >> >>xxx.xxx.xx1.001 modem >> >>xxx.xxx.xx1.002 WAN >> >> >> >>xxx.xxx.xx2.001 LAN >> >>xxx.xxx.xx2.002 Computer >> >>xxx.xxx.xx2.003 Computer >> >>xxx.xxx.xx2.004 Computer >> >>xxx.xxx.xx2.005 Computer >> >> >> >>and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 >> >>so there are no "extra" IPs on the outside with which to do 1:1 to >>begin >> >>with. >> > >> >Actually, for this you use the "other" virtual IP type. But that's >> >beside the point since you have a requirement for public IPs on the >> >actual machines. Enabling advanced outbound nat, then deleting the >> >rules _should_ be the way you need this to work. I assume you put >> >rules in on the WAN interface to allow the traffic?? :) >> > >> >--Bill >> > >> >- >> >To unsubscribe, e-mail: [EMAIL PROTECTED] >> >For additional commands, e-mail: [EMAIL PROTECTED] >> > >> >>_ >>Express yourself instantly with MSN Messenger! Download today - it's FREE! >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Can't get basic routing to work.
lol, nope, is not a reserved range. Is definitely a misconfiged modem. From: "Frimmel, Ivan (ISS Sales)" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: Subject: RE: [pfSense Support] Can't get basic routing to work. Date: Sat, 5 Aug 2006 08:05:24 +0200 Just a thought .. I have seen ISPs that give out silly IP addresses that can't be routed and require NAT. You wouldn't happen to have one of those? Ivan. -Original Message- From: A. Jones [mailto:[EMAIL PROTECTED] Sent: 05 August 2006 06:16 AM To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. When you send (initiate) a packet out on port abc, and it is allowed through, the firewall opens up a "hole" (which is stored in the state table) that allows a response from the IP the packet was sent to on the return port specified in the packet. You use inbound rules (WAN->LAN) when you want to allow sessions to be initiated from the internet/untrusted interface. As long as the default "allow all" outbound rule is in place, you can do things like ping and browse the web with no problem from the LAN side. I appreciate the help though. The nice/not so nice thing is this... I did some testing and confirmed my suspicions. pfSense works beautifully... lol, my ISP configured the LAN subnet of the dsl modem/router correctly. The static route to my WAN port on their main routers correctly correctly. But it seems they screwed up a line somewhere on my DSL modem/router and any packet that is not originating from the same subnet as the DSL modem's LAN side on the dsl modem's LAN side is being sent into the ether... Since, NATed packet originate from the pfSense's WAN subnet which is the same subnet as the modem's LAN subnet they get through. But when I turn off NAT, the packets originate from my LAN subnet and the packets go for a wild ride into nothingness AIYA Hopefully, I'll have this fixed by tomorrow morning Thanks for everyone's help!!! It was much appreciated!!! >From: "Bill Marquette" <[EMAIL PROTECTED]> >Reply-To: support@pfsense.com >To: support@pfsense.com >Subject: Re: [pfSense Support] Can't get basic routing to work. >Date: Fri, 4 Aug 2006 22:28:20 -0500 > >Not for inbound traffic it isn't. > >--Bill > >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >>The original rule on the firewall is already good for that. >> >> >From: "Bill Marquette" <[EMAIL PROTECTED]> >> >Reply-To: support@pfsense.com >> >To: support@pfsense.com >> >Subject: Re: [pfSense Support] Can't get basic routing to work. >> >Date: Fri, 4 Aug 2006 16:32:28 -0500 >> > >> >On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: >> >>I have a whole subnet, routing is what I need. >> >>The computers also MUST have public IP addresses assigned to their >> >>interfaces. >> >>That will also screw me over when one of the subnets needs to talk to >>the >> >>other subnet using public IPs >> >>http://faq.pfsense.com/index.php?action=artikel&cat=8&id=29&artlang=en >> >> >> >>I also would have to get my ISP to change the routing to my network as >>the >> >>routing currently is >> >> >> >>xxx.xxx.xx1.001 modem >> >>xxx.xxx.xx1.002 WAN >> >> >> >>xxx.xxx.xx2.001 LAN >> >>xxx.xxx.xx2.002 Computer >> >>xxx.xxx.xx2.003 Computer >> >>xxx.xxx.xx2.004 Computer >> >>xxx.xxx.xx2.005 Computer >> >> >> >>and the static route is xxx.xxx.xx2.xxx/26 xxx.xxx.xx1.002 >> >>so there are no "extra" IPs on the outside with which to do 1:1 to >>begin >> >>with. >> > >> >Actually, for this you use the "other" virtual IP type. But that's >> >beside the point since you have a requirement for public IPs on the >> >actual machines. Enabling advanced outbound nat, then deleting the >> >rules _should_ be the way you need this to work. I assume you put >> >rules in on the WAN interface to allow the traffic?? :) >> > >> >--Bill >> > >> >- >> >To unsubscribe, e-mail: [EMAIL PROTECTED] >> >For additional commands, e-mail: [EMAIL PROTECTED] >> > >> >>_ >>Express yourself instantly with MSN Messenger! Download today - it's FREE! >>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > _ Don't just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -
Re: [pfSense Support] Can't get basic routing to work.
Shoulda been tipped off when I said I completely disabled the firewall then, ;o) hehe, sorry for the assumption. I figured you were making a random pot shot considering the response I got. mea culpa. From: "Bill Marquette" <[EMAIL PROTECTED]> Reply-To: support@pfsense.com To: support@pfsense.com Subject: Re: [pfSense Support] Can't get basic routing to work. Date: Fri, 4 Aug 2006 23:45:22 -0500 On 8/4/06, A. Jones <[EMAIL PROTECTED]> wrote: When you send (initiate) a packet out on port abc, and it is allowed through, the firewall opens up a "hole" (which is stored in the state table) that allows a response from the IP the packet was sent to on the return port specified in the packet. You use inbound rules (WAN->LAN) when you want to allow sessions to be initiated from the internet/untrusted interface. As long as the default "allow all" outbound rule is in place, you can do things like ping and browse the web with no problem from the LAN side. Considering I'm one of the developers, I certainly hope I understand the concepts of a stateful inspection firewall. :) The only example I saw of what was broken was an outside in traceroute. I think it's fair for me to assume that you may not have had rules allowing it into your network. But when I turn off NAT, the packets originate from my LAN subnet and the packets go for a wild ride into nothingness AIYA Hopefully, I'll have this fixed by tomorrow morning Thanks for everyone's help!!! It was much appreciated!!! Glad to hear it was upstream. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]