[pfSense Support] Anti-Spam & Anti-Virus?

[Steve Harman]

Hi!



Could someone update me on where things are (if anywhere!) with AV or AS
provision inside pfSense please?



Is there a 3rd-party package or internal facility under development at
all?



Thanks,



Steve

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

[Tortise]

Thanks Sean

I'd like to update...

I am running wireshark - however the connection has yet to misbehave whilst 
doing so.  (Now I know why I kept those old 100M hubs!)  

Given the data volumes captured (about 100M an hour!) this has proven necessary 
on a relatively capable box - I am now using a P4 3000 with 2G of RAM.  4.5 
hours of data can take 30 mins to load, once capturing all is completed!  

The ISP tell me the Motorola SB5101 is less compatible with some routers than 
the SB5100.  They are swapping these over, however one of my colleagues with 
the same problem was running SB5100 I am therefore sceptical that this will 
fix it.

They also mentioned that they are aware there "some issues" with their network 
which they are planning to address by an upgrade in the coming months, for what 
that is worth  Perhaps the wireshark data might shed some light on these 
"issues"!?

Is the pfSense Diagnostics command Packet Capture of any relevance to me?  I 
presume it will write the results to RAM, which, even at 384M will have a time 
limit that it can storeand then?   (Several hours)  I assume it does not do 
last in first out?  (Which would be preferable for me at least)

I will keep monitoring

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Saturday, August 18, 2007 1:35 AM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M


  I actually turned the "block private networks" off on mine because my ISP 
passes a 192.168.x.x address when i initially apply for a DHCP, but if you get 
a static IP, then its a non-issue. realistically, to truly find the absolute 
reason, you would have to tcpdump on the modem and pfsense at the same time to 
see what its doing/not doing, and I don't see that happening. 
   
  only other thing I can think of is run a hub between the modem and pfsense 
and throw another computer with a packet capture/wireshark on it to see if 
there are any reasons in the packets ("route not found","incorrect MTU", "Need 
fragmentation set", etc.) why its not getting past the modem.
   
  -Sean




Date: Fri, 17 Aug 2007 23:38:58 +1200
From: [EMAIL PROTECTED]
To: support@pfsense.com
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


Hi Sean

>> im really thinking it’s a modem problem or something with the IP that is 
assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config 
page even if internet access is unavailable kind of confirms it. 
It does tend to suggest that maybe pfsense is not the problem, butwhy 
the need to reboot pfsense?   It is almost like a keep alive situation has 
failed...  Incidentally VOIP and a webserver, amongst other things, run behind 
pfsense, it is getting ample traffic to keep alive! 

>>conecting another computer to the modem, I'm taking it, would get a DHCP 
address that is different from pfsense.
No, it is a static address situation, the windows PC's NIC is configured 
with the same static IP, DNS and gateway to connect up, and it does...

>>playing devils advocate. I know that you have reinstalled pfsense freshly 
on the box to try and resolve that. did you rebuild the config from scratch or 
just import it back in. 
Yes have run up multiple versions, using both CD and also embedded version 
on CF media.  Makes it easy to swap scenarios!  I am currently running the 
latest 1.2 RC-1.  Ran up a completely new XML from pfSense (for 1.2 RC1) and 
even did a compare with the previous XML using Winmerge.  There were many 
differences, but none of them seemed like they might be significant, XML is XML 
when its compliantbut...anyway it didn't seem to make any difference.  Same 
problems occurred in the last stable version and 1.00 as well I recall.

>>also is your internet IP static or DHCP.
As above, static!

>>and do you have the "Block private networks" option turned on for the WAN 
interface on your box
Yes, is a default setting I think, not been played with.   Bogons is 
unchecked, I suppose this might be better checked?

I talked with the ISP tonight.  They couldn't confirm what the MTU should 
be, (I was not surprised) so I have to assume default.  The party line is we 
support Windows Hook ups and that's about all.  I have opened a (nother) ticket 
and requested a call from their network engineer, apparently a "senior 
technician" is going to call me.

Many thanks for continuing to work with me on this conundrum!

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Friday, August 17, 2007 11:07 PM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000G

[pfSense Support] jail

[Srdjan]

Hi,

I'm new to BSD so please bear with me if I got some concepts wrong.
I've been running pfSense for some time, and so far I'm very happy with 
it. I cannot remember when was the last time that I installed something 
with no problems whatsoever. Maximum respect.
Now using the whole box just to run firewall/router is bit of a waste in 
my case, so I'd like to host a small web server on it. My initial idea 
is to run it in a jail. I would appreciate greatly if anyone could tell 
me following:

- am i being reasonable with that, ie is that a sane setup?
- is there any provision for setting jails in pfSense, and if yes
- what would be the difference to standard BSD jails?

Many thanks,
Srdjan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] jail

[Rainer Duffner]

Srdjan wrote:
> Hi,
>
>
> Now using the whole box just to run firewall/router is bit of a waste
> in my case, so I'd like to host a small web server on it. My initial
> idea is to run it in a jail. I would appreciate greatly if anyone
> could tell me following:
> - am i being reasonable with that, ie is that a sane setup?

No.

> - is there any provision for setting jails in pfSense,

No.
IIRC, the build-toolchain is missing.


For SOHO-use, use Wrap or Soekris.
Their power-consumption is acceptable.


cheers,
Rainer

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Anti-Spam & Anti-Virus?

[Gary Buckmaster]

Steve Harman wrote:


Hi!

 

Could someone update me on where things are (if anywhere!) with AV or 
AS provision inside pfSense please?


 

Is there a 3^rd -party package or internal facility under development 
at all?


 


Thanks,

 


Steve

 



Centipede Networks has sponsored the creation of a DSPAM package, which 
is currently under development.  There is no set release date, although 
we hope it will be included around pfSense 1.3.  Additionally, 
commercial support for it will be available. 


Best,

Gary

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Issues with system->advanced/certification issues.

[Atkins, Dwane P]

Another question I have as far as certificates go for pfSense, we use a
private IP address for the WAN.  When we create the certificates using
OpenSSL for Windows, we use the IP address as the Common Name (CN).
Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the
IP address OK?

 

Thanks


Dwane

 



From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 20, 2007 4:52 PM
To: support@pfsense.com
Subject: [pfSense Support] Issues with system->advanced/certification
issues.

 

Good afternoon,

 

I just installed 1.2RC2.  I wanted to see if our issue was resolved
concerning when we have self-signed (or self generated certificates),
and we click on System->Advanced, it will conclude every session on the
Captive Portal.  Personnel have to re-authenticate in order to regain
connectivity.  These are the scenarios that I performed today and each
of them came up with the same error about the webConfigurator
certificates have changed.

 

 

Tried with System->General Setup->webGUI protocol set to http,
self-signed certs, System->Advanced-> webGUI SSL, generated from OpenSSL
intalled and I received this error

Tried with System->General Setup->webGUI protocol set to https,
self-signed cert, in System->Advanced-> webGUI SSL,  generated from
OpenSSL installed and still receive the same error.

Tried with System->General Setup->webGUI protocol set to http, no self
signed certs in the System->Advanced-> webGUI SSL certificate/key and it
does not conclude connectivity on the CaptivePortal.  

 

Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress


Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator
certificates have changed. Restarting webConfigurator. 

Aug 20 16:31:50 check_reload_status: reloading filter

 

Is there an issue with creating self-signed certificate using OpenSSL
and pfSense?  Can someone explain the "Create Certificate automatically"
link on the System-Advanced- webGUI SSL certificate/key?

 

Thank you all for your help.

 

 

Dwane

  

 

[pfSense Support] extreme brdiging with pfsense

[[EMAIL PROTECTED]]

Hi,
I would like to use a pfsense virtual appliance to connect
real physical vlans on a catalyst switch with the vmnets
that exists in a vmware server.

The idea is to overcome the limitation on non-esx3 vmware
installations allowing to bridge the virtual machines to
real vlans using a single trunk cable between the switch and
the vmware host.

I would like to know which are the limits involved in
bridging several interfaces in pfsense.

Actually I don't have a switch handy so I tried the
following setup that seemed to work:


realpc--vmnet1--(lan)left_virtual_pfsense(wan on
vlan501)--vmnet5--(wan on
vlan501)right_virtual_pfsense(lan)--vmnet4--virtualpc

The realpc and the virtualpc are on different lans, and the
pfsense will talk to each other like there was a trunk
between them, this was done beacause of the lack of a .1q
switch.


The realpc and the virtualpc were able to see each other at
L2 level.

The question is: will I be able to do it on 8 vlan using 16
nic, 8 on the same interface(wan or other) and the other 8
on each vmnet0-7?

TIA,

Giuseppe Marullo

PS: this thing rocks, dudes

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Issues with system->advanced/certification issues.

[Atkins, Dwane P]

Even using the "Create certificates automatically" on the
System->Advanced Functions tab concludes connectivity via the Captive
Portal.  

 

Any ideas?  Are we the only ones having this issue?  Please be advised
that if you check and it is an issue with your pfSense as well, then
your user could possibly be disconnected.

 

Thank you all again,


Dwane

 



From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, August 21, 2007 9:29 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Issues with
system->advanced/certification issues.

 

Another question I have as far as certificates go for pfSense, we use a
private IP address for the WAN.  When we create the certificates using
OpenSSL for Windows, we use the IP address as the Common Name (CN).
Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the
IP address OK?

 

Thanks


Dwane

 



From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 20, 2007 4:52 PM
To: support@pfsense.com
Subject: [pfSense Support] Issues with system->advanced/certification
issues.

 

Good afternoon,

 

I just installed 1.2RC2.  I wanted to see if our issue was resolved
concerning when we have self-signed (or self generated certificates),
and we click on System->Advanced, it will conclude every session on the
Captive Portal.  Personnel have to re-authenticate in order to regain
connectivity.  These are the scenarios that I performed today and each
of them came up with the same error about the webConfigurator
certificates have changed.

 

 

Tried with System->General Setup->webGUI protocol set to http,
self-signed certs, System->Advanced-> webGUI SSL, generated from OpenSSL
intalled and I received this error

Tried with System->General Setup->webGUI protocol set to https,
self-signed cert, in System->Advanced-> webGUI SSL,  generated from
OpenSSL installed and still receive the same error.

Tried with System->General Setup->webGUI protocol set to http, no self
signed certs in the System->Advanced-> webGUI SSL certificate/key and it
does not conclude connectivity on the CaptivePortal.  

 

Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress


Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator
certificates have changed. Restarting webConfigurator. 

Aug 20 16:31:50 check_reload_status: reloading filter

 

Is there an issue with creating self-signed certificate using OpenSSL
and pfSense?  Can someone explain the "Create Certificate automatically"
link on the System-Advanced- webGUI SSL certificate/key?

 

Thank you all for your help.

 

 

Dwane

  

 

Re: [pfSense Support] Incoming Load Balancing without SNAT?

[Joel Newkirk]

I've got more details on the problem now. Here's the scenario:
Internet->pfsensegateway->pfsenseloadbalancer->mailserver.

If I connect to it directly on the 172.x.x.x IP on the outside of the
load balancer, connection goes through and the source IP is correct. But
if I connect from the internet to a public IP on the gateway which has
SMTP port-forwarded to the same 172.x.x.x IP on the loadbalancer, then I
see the 10.x.x.x IP of the inside of the loadbalancer as sourceIP, and
reply packets outbound from the server never reach the client. Gateway
pfsense is V1.0.1.

No gateway defined there - it's the LAN interface of loadbalancer, and
it behaves the same regardless of advanced outbound NAT.

j


Bill Marquette wrote:
> On 8/20/07, Joel Newkirk <[EMAIL PROTECTED]> wrote:
>> Is there any way I can load-balance incoming SMTP across a pool of mail
>> nodes, but still retain the original source IP on the packets??  I'm
>> unable to find anything in the interface, nor any relevant search
>> results here in the forum or elsewhere. Sad
> 
> Probably because nobody has had this issue.  You must be natting
> outbound on the interface sitting on the same segment as the mail
> servers if you are seeing a source NAT occurring.  pfSense by default
> will NAT on interfaces with gateways set - any chance this is the
> case?  Also, are you making use of advanced outbound NAT?
> 
>> public-accessible services have source IPs logged, for example)  I'm
>> hoping there's something simple (or complex) I've missed that will omit
>> the SNAT.
> 
> More likely, something you accidentally setup.
> 
> --Bill
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

[Vivek Khera]

On Aug 21, 2007, at 7:31 AM, Tortise wrote:

I am running wireshark - however the connection has yet to  
misbehave whilst doing so.  (Now I know why I kept those old 100M  
hubs!)




Well, perhaps your switch and your NIC don't agree with each other?   
I've had that problem before...

[pfSense Support] LiveCD Upgrade question

[Ron Garcia-Vidal]

Poke!  Anyone?  I should point out that I'm new to BSD, but very fluent 
in Linux, so if someone can provide a "It's like ..." explanation, that 
would suffice.  Thanks.


=


I'm running off the LiveCD saving the config to a USB stick.  I just
upraded from 1.2.RC1 to RC2.  When I boot off the new CD it stops at:

GEOM_LABEL: Label for provider da0s1 is msdosfs/ .
Trying to mount root from cd9660:/dev/iso9660/pfSense

and then drops to the mountroot prompt.  Dropping back to RC1, the boot
works just fine.

This also happened when I upgraded from 1.0.1 to RC1, but at the time, I
had nothing significant in my configuration, so I just blew the USB
stick away and started from scratch.

I have searched the mailing list, blog and wiki as well google with any
relevant search terms I can think of and have come up blank.  Any
suggestions?
##
This email is confidential, does not constitute investment advice, is
only for the use of the intended recipient and should not be
redistributed, except with the sender's consent. If you received this
email in error, please notify us immediately by telephone; receipt by
anyone other than the intended recipient is not a waiver of any
work-product or attorney-client privilege. All email to and from
Millburn Ridgefield Corporation and its affiliates is monitored,
stored and made available to regulators if requested.
##

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Change Quality RDD ip without reboot?

[Joe Laffey]

Is there some way to change the ip pinged for the Quality RDD without 
rebooting?


Thanks,

--
Joe Laffey|   Visual Effects for Film and Video
LAFFEY Computer Imaging   | -
St. Louis, MO |   Show Reel http://LAFFEY.tv/?e06684
USA   | -
. |-*- Digital Fusion Plugins -*-
--
Mail here will be rejected --> "Real Trap" <[EMAIL PROTECTED]>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]