[pfSense Support] Minor traffic shaper ?
OK, haven't run into this before. WAN is a 1.5meg DSL, OPT1 is a 10 meg cable connection. The 10 meg connection supports a VPN connection for backups and such. So I have a rule that says any traffic to x.x.x.x goes out OPT1, everything else out the WAN. The traffic shaper is taking all that traffic, and merrily shaping it, even though the traffic is to/from OPT1. What's the best solutino for me? Either traffic on OPT1 (to and from) it, needs to bypass the shaper completely, or somehow I need to specify that whiel for most connections, the WAN speed is 1.5meg, for this one host, it's the 10 meg... How do I make this right? (I've just started re-using the shaper, before OPT1 was antoher 1.5meg DSL, and to be honest, I don't think I noticed that problem, although it was most likely happening. THanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Quick comments on 1.2 beta2 on soekris 4801
Add support for prioritizing ssh traffic on port 22, and an easy way to specify a specific port for BT traffic, since the default isn't always used. Anyway, 1.2 beta 2 is working pretty well for me. I think the php process is using less memory for HTTP sessions, which is helping. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multiple WANs
You do not need Advanced Outbound NAT. In your firewall rules , on the LAN interface change the default rule so that the gateway is your pool. This will load balance your traffic. Take a look at http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing - this is a recently updated doc and will help. sai On 7/5/07, William Smith [EMAIL PROTECTED] wrote: Hi, I have 3 WANS. Each has a static ip assigned by the ISP based on login. I have the router/modems set to login and give each of my WAN interfaces an IP. 192.168.2.10, 192.168.1.10 and 192.168.0.10. (I also DMZed those IPs in the router/modems so that I can do NAT with pfsense) I setup a pool in load balancer to point to the ips of the router/modems, 192.168.2.1, 192.168.1.1 and 192.168.0.1. These show up as online in the load balace status. Now this is where I am stuck. I enable advanced outbound nat, and at this point I need some definitive instruction. I have read the load balace pdf but I must be missing something. I know I need rules but I am totally confused. Thanks in advance for any help or pointers. Oh, in addition my LAN is 10.20.100.0/24 and as long as I leave advanced outbound nat off, I get traffic through one of the WANS. And by the way, we could never afford the appliance to do this, pfsense is great for non profit orgs like our library, keep up the EXCELLENT work. This thing is awsome. Best Regards, Bill [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Latest build - IPSec broken
Same problem here L Von: David L. Strout [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 8. Juli 2007 20:38 An: pfSense Support Betreff: [pfSense Support] Latest build - IPSec broken I have been running 1.2-BETA-2 since early last week and all seems great. I just upgraded two test boxes (with pre-configured working IPSec tunnels) to the latest 1.2-BETA-2 SNAP and it severely broke IPSec. racoon.conf: path pre_shared_key /var/etc/psk.txt; path certificate /var/etc; remote 63.63.63.63{ exchange_mode main; my_identifier address 63.63.63.64; peers_identifier address 63.63.63.63; initial_contact on; support_proxy on; proposal_check obey; proposal { encryption_algorithm rijndael 256; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 5; lifetime time 28800 secs; } lifetime time 28800 secs; } sainfo address 192.168.168.0/24 any address 10.10.10.0/24any { encryption_algorithm rijndael 256; authentication_algorithm hmac_sha1; compression_algorithm deflate; pfs_group 5; lifetime time 3600 secs; } I have recently switched my test tunnels to rijndael 256 w/ SHA1 everythings works great when I downgraded back to the original 1.2-BETA-2.
Re: AW: [pfSense Support] Latest build - IPSec broken
On 7/8/07, Heiko Garbe [EMAIL PROTECTED] wrote: also, same problem Try a snapshot later today or run this command and reboot: chmod a+rx /usr/local/bin/*.sh Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: [pfSense Support] Latest build - IPSec broken
Hmmm, did so... but ping tells me that destination host is unreachable... -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 8. Juli 2007 21:47 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] Latest build - IPSec broken On 7/8/07, Heiko Garbe [EMAIL PROTECTED] wrote: also, same problem Try a snapshot later today or run this command and reboot: chmod a+rx /usr/local/bin/*.sh Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Latest build - IPSec broken
On 7/8/07, Fuchs, Martin [EMAIL PROTECTED] wrote: Hmmm, did so... but ping tells me that destination host is unreachable... Try a snapshot 2 hours from now. Seth commited a fix just now. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Latest build - IPSec broken
All is working as expected great fix thanks Scott and pfS dev team! - Original Message - Subject: Re: AW: [pfSense Support] Latest build - IPSec broken From: Scott Ullrich To: support@pfsense.com Date: 08-07-2007 5:11 pm On 7/8/07, Fuchs, Martin wrote: Hmmm, did so... but ping tells me that destination host is unreachable... Try a snapshot 2 hours from now. Seth commited a fix just now. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Latest build 1.2-BETA-2-SNAP
Just a few observations . In upgrading to the new 1.2-BETA-2-TESTING-SNAP (built on Sun Jul 8 19:46:55 EDT 2007 ), I noticed a few things .. 1. The webConfigurator is so much faster, especially on the log filter/NAT/rules screens. 2. I noticed you abandoned the dynamic filter view (although a little skewed and not formatted) ... it might be helpful for those who don't understand the tcpdump CLI option in the future. 3. IPSec seems to be super fast at establishing tunnels . great speed on the nail-up!! All in all another fine step in the pfS eveloution once again, thanks Scott and devs great SNAP! - Original Message - Subject: Re: AW: [pfSense Support] Latest build - IPSec broken From: Scott Ullrich To: support@pfsense.com Date: 08-07-2007 5:11 pm On 7/8/07, Fuchs, Martin wrote: Hmmm, did so... but ping tells me that destination host is unreachable... Try a snapshot 2 hours from now. Seth commited a fix just now. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]