RE: [pfSense Support] PPPoE On OPT interface.
Is it so difficult to add this feature? We have the same problem (missing pppoe on OPT port) But the rest of Pfsense (IPSec, openvpn, features, stability) are much better then the rest of the crap in Internet-router-land -Oorspronkelijk bericht- Van: Scott Ullrich [mailto:[EMAIL PROTECTED] Verzonden: woensdag 23 augustus 2006 21:52 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] PPPoE On OPT interface. On 8/23/06, Ryan Rodrigue [EMAIL PROTECTED] wrote: I seem to remember work was once being done to make OPT interfaces work with PPPoE. Can someone tell me how to do this of if it can be done. I am using a Linksys box just for this purpose right now, but would like to get away from this. No, there was no work going on for 1.0 in this regard. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] dhclient exiting
Is there something changed in the dhclient version/configuration in Pfsense version RC2?? We had many problems with a exiting dhclient in RC1 and the versions before RC1. But in RC2 the problem is fully disappeared? Keep up the good work!!! -Oorspronkelijk bericht- Van: Scott Ullrich [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 11 juli 2006 18:34 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] dhclient exiting (downgrading) Unless this snapshot helps: http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT-07-09-2006/ then there is nothing we can do. We already use dhclient from head. It is only certain isp's that send bogus options that are an issue. If the above doesn't work you will need to call your isp and beg that they fix their dhcp server. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPPoE On OPT interface.
On 8/24/06, Tunge2 [EMAIL PROTECTED] wrote: Is it so difficult to add this feature? We have the same problem (missing pppoe on OPT port) But the rest of Pfsense (IPSec, openvpn, features, stability) are much better then the rest of the crap in Internet-router-land It will be added in a future version but not for 1.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] dhclient exiting
A few weeks back I found a problem with dhclient, or much rather with /etc/rc and /etc/rc.newwanip. The problem was impacting the (Australia) Bigpond WAN connection. The dhclient-script has exit hooks which trigger /etc/rc.newwanip to be executed. The later not only (re)starts Bigpond WAN connections, but also updates IPsec tunnels, DNS, etc. It is very likely that my fixes may have solved your problem too! Regards, G. -Original Message- From: Tunge2 [mailto:[EMAIL PROTECTED] Sent: Thursday, 24 August 2006 17:16 To: support@pfsense.com Subject: [pfSense Support] dhclient exiting Is there something changed in the dhclient version/configuration in Pfsense version RC2?? We had many problems with a exiting dhclient in RC1 and the versions before RC1. But in RC2 the problem is fully disappeared? Keep up the good work!!! -Oorspronkelijk bericht- Van: Scott Ullrich [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 11 juli 2006 18:34 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] dhclient exiting (downgrading) Unless this snapshot helps: http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT-07-09-2006/ then there is nothing we can do. We already use dhclient from head. It is only certain isp's that send bogus options that are an issue. If the above doesn't work you will need to call your isp and beg that they fix their dhcp server. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] CARP Load balance
I have 2 ADSL lines each with it's own pfsense box. I have set up CARP to provide a common LAN address shared between the two boxes Should this configuration load balance? At the moment the traffic graphs seem to have all traffic going out of the master address until fail over --Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CARP Load balance
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote: I have 2 ADSL lines each with it's own pfsense box. I have set up CARP to provide a common LAN address shared between the two boxes Should this configuration load balance? At the moment the traffic graphs seem to have all traffic going out of the master address until fail over CARP load balancing is not supported in 1.0. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CARP Load balance
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote: I have 2 ADSL lines each with it's own pfsense box. I have set up CARP to provide a common LAN address shared between the two boxes Should this configuration load balance? At the moment the traffic graphs seem to have all traffic going out of the master address until fail over CARP load balancing is not supported in 1.0. No problem. Is it in Head or are you looking for volunteers? I'm still moving on with DDNS for the local DHCP server but I am away to the wilds of Wales (sans computer) for a while so it will be two weeks before I have results. --Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Higher than normal CPU usage
I posted this to the forum, but I know a lot of people are more active on the mailing list, so I figured I'd repost here, in hopes of some more help :) I've noticed since moving to RC2, that the CPU usage on our PFSense box is higher than it normally is. I'm not sure if this is cause for alarm or not, but it has stopped responding 3 times in 3 weeks (each time was almost _exactly_ a week apart). I didn't do any debugging, as this is in a production environment, and getting it back up and running ASAP was of the utmost importance. Power cycle, and everything comes back up fine. Little bit about the system - Dell Poweredge 350, P3 850, 512MB RAM, 40GB HDD, HDD install. We currently use it as a filtered bridge for our webhosting company, and it is filtering a consistent 5-10mbit of traffic that is nearly all web/mail traffic. Immediately after a reboot, we see CPU usage in the 15-25% range (as reported by the WebConfigurator). After one day, we are seeing spikes at 60 and 70%, with averages around 30-35%. Memory usage is low, 8-9%, and our state table has been increased to 100k entries, with anywhere from 10-15k states, set to aggressive. Is this something that we need to look in to as a possible hardware problem, or is this something that could have been introduced with RC2? Is this normal with the amount of traffic we are seeing? We've been using m0n0wall as our primary firewall previously, and we had excellent system uptime on the same hardware. We also run an identical system to load balance SpamAssassin requests across a cluster of BSD computers on our network. That system is also configured with RC2, but only receives about .5 -1mbit of sustained traffic. The uptime on that system is at 16 days (since we installed RC2) and prior to that, RC1 ran from the time we installed it, from the time we updated to RC2. Any thoughts or suggestions as to the issues we are seeing would be greatly appreciated. Matt Breitbach - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CARP Load balance
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote: No problem. Is it in Head or are you looking for volunteers? I'm still moving on with DDNS for the local DHCP server but I am away to the wilds of Wales (sans computer) for a while so it will be two weeks before I have results. No, I don't think it is in head either but I haven't looked recently. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] SSH access?
Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CARP Load balance
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote: On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote: I have 2 ADSL lines each with it's own pfsense box. I have set up CARP to provide a common LAN address shared between the two boxes Should this configuration load balance? At the moment the traffic graphs seem to have all traffic going out of the master address until fail over CARP load balancing is not supported in 1.0. No problem. Is it in Head or are you looking for volunteers? I'm still Nope, we removed that functionality because it doesn't work worth a damn. I don't expect to see it in the tree again. You might be better served with a carp cluster with TWO wans, not a carp cluster with one wan on each node. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Redirect Port 80 to Squid/Dans Guardian Box for Filtering
I guess I'm not seeing a way to do this in the GUI. If that's the case, how is it done from the command line? Thanks, Stephan Adding a rule (before the default rules) that takes port 80 from !squidserverip -- and forward it to the squid box should do the trick. -lsf On 8/18/06, stephan peterson [EMAIL PROTECTED] wrote: I'm using pfSense on my home network and it is working great as a firewall for me. I'd like to add content filtering to the mix. I was thinking I would dedicate a box to the task. I'd like to make it transparent to the users though. I don't want to have to configure the browsers to point to the Squid/DG box. I'd rather redirect all outbound HTTP traffic to the Sqiud/DG box and then it would send it out thru the firewall using a firewall rule that would allow it outbound on port 80. Has anyone done this? Is it possible? Poking around I don't see how to make it happen and my searches of the list archive haven't turned up any help. I get the impression though that it's not possible and that's not wanted I wanted to hear. Thanks, Stephan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Redirect Port 80 to Squid/Dans Guardian Box for Filtering
Craig, Thanks for the reply. This is for my home network and I'm using Macs. I can obviously point them to a proxy, but I'd like to avoid that. I like the FW to Filter box to handle everything. The main reason for this transparency is that when I have friends or family over with a wireless laptop I don't have to instruct them on entering proxy info, it just works. As I don't see a way in the GUI to create a redirect rule, I'm guessing I have to do it from the command line. If that's the case, any help doing so would be great. Thanks! Stephan I do it a little differently... There are machines I don't want proxied, like the servers and my workstation. So I tell pfSense to allow port 80 outbound from 192.168.0.0/23 and block it for other ranges. Users get the proxy information entered by their windows domain login script, and don't have permission to change it anyway. -Original Message- From: stephan peterson [mailto:[EMAIL PROTECTED] Sent: Friday, 25 August 2006 7:25 a.m. To: support@pfsense.com Subject: Re: [pfSense Support] Redirect Port 80 to Squid/Dans Guardian Box for Filtering I guess I'm not seeing a way to do this in the GUI. If that's the case, how is it done from the command line? Thanks, Stephan Adding a rule (before the default rules) that takes port 80 from !squidserverip -- and forward it to the squid box should do the trick. -lsf On 8/18/06, stephan peterson [EMAIL PROTECTED] wrote: I'm using pfSense on my home network and it is working great as a firewall for me. I'd like to add content filtering to the mix. I was thinking I would dedicate a box to the task. I'd like to make it transparent to the users though. I don't want to have to configure the browsers to point to the Squid/DG box. I'd rather redirect all outbound HTTP traffic to the Sqiud/DG box and then it would send it out thru the firewall using a firewall rule that would allow it outbound on port 80. Has anyone done this? Is it possible? Poking around I don't see how to make it happen and my searches of the list archive haven't turned up any help. I get the impression though that it's not possible and that's not wanted I wanted to hear. Thanks, Stephan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SSH access?
Shouldn't be anything special - make sure SSH is turned on in the advanced page, and give the machine time to generate ssh keys etc. (you'll get a message at the top of your window when that is done) Also confirm you're using the right port (22) Check out the firewall logs page as well, just after you try sshing to the box... Often that points you in the right direction. -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Friday, 25 August 2006 5:51 a.m. To: support@pfsense.com Subject: [pfSense Support] SSH access? Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] SSH access?
Thanks, I have done everything but the logs. I haven't had time to get to them. I was sure it should be something simple, but for the life of me I couldn't get a connection. So, I will watch the logs this weekend and see what gives. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Craig FALCONER [EMAIL PROTECTED] Organization: Craig FALCONER Reply-To: support@pfsense.com Date: Fri, 25 Aug 2006 08:30:56 +1200 To: support@pfsense.com Subject: RE: [pfSense Support] SSH access? Shouldn't be anything special - make sure SSH is turned on in the advanced page, and give the machine time to generate ssh keys etc. (you'll get a message at the top of your window when that is done) Also confirm you're using the right port (22) Check out the firewall logs page as well, just after you try sshing to the box... Often that points you in the right direction. -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Friday, 25 August 2006 5:51 a.m. To: support@pfsense.com Subject: [pfSense Support] SSH access? Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]