Re: [pfSense Support] NAT'ing on an openVPN interface
Graham Beneke wrote: Hi I have an openVPN connection to a VPN server and i have a single IP from the server. I need to NAT my local subnet before putting the traffic over the VPN. I'm not so clued up on custom config files but it looks like I can do everything that I need to in the advanced NAT gui - except for the fact that the VPN interface is not available as an interface to NAT to. Any suggestions as to how I could achieve this. can you not simply add routes on the vpn server to the network behind the client - there's an option for this. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Wally Mono wrote: Wally Mono wrote: I am continuously getting these: kernel: pid # (rrdtool), uid 0: exited on signal 11 (core dumped) about 1 a minute. Any ideas why? More importantly how do I make it stop? I'm running: 1.2-RC2 built on Fri Aug 17 17:46:06 EDT 2007multi-wan. 1 static, 1 DHCP router provides DHCP 128 meg of ram @ 42% usage I really don't need rrdtool. How do I just disable it for now? Is this a problem? Seems like it would take up space at the least. Any insight would be appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] After researching a little further I find a bug (http://cvstrac.pfsense.com/tktview?tn=898) that might apply; I DID change the name of OPT1 to ATT. I changed it back and while I am still getting kernel: pid # (rrdtool), uid 0: exited on signal 11 there is no longer an accompanying core dump. Does this help? I would sure like to turn off this noise in my logs, as I am sure that it is eating up memory and slowing performance. Adding more memory is not a fix to the underlying problem unless that is what is causing the rrdtool to fail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I realize this is bad form, but how do I actually get someone to respond to an apparent problem? I tried the contact on the web page and was referred here. What other hoops must I jump through to get someone to give me what probably amounts to a very simple answer? All due respect, gratitude and adulation for the software is explicitly implied in this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Wally Mono wrote: I realize this is bad form, but how do I actually get someone to respond to an apparent problem? I tried the contact on the web page and was referred here. What other hoops must I jump through to get someone to give me what probably amounts to a very simple answer? All due respect, gratitude and adulation for the software is explicitly implied in this message. No offense taken. You probably don't want to hear that but: could you backup your config and re-install? cheers, Rainer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Watchguard X series platform
-Original Message- From: Andrew Cotter [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 16, 2007 3:12 PM To: support@pfsense.com Subject: [pfSense Support] Watchguard X series platform Hello, I have seen a number of posts both here and on the M0n0wall list about the older Watchguard Firebox I/II series boxes and the ability to use them. Does anyone have any experience on the Watchguard Core X500/X700/X1000 series boxes? I am looking for a platform that is a little more powerful than the WRAP/ALIX or Sokeris 5501 systems, but would prefer to stay away from full blown servers. Thanks for any input! Andrew Well I got no response so I went out and picked a Watchguard X500 up off of ebay. I am happy to report that once you crack the thing open there is a nice little onboard slot for a CF. Mine had a 64MB card in it which I quickly swapped out with a freshly imaged M0n0all CF. I powered it up, consoled into it, and it saw all 6 adapters. Have not tried pfsense yet, but I will be trying that out sometime over the next week or so. For those of you out there that prefer certain cards, the 6 ports are Realtek chips which may be a drawback. Needless to say, I am happy a the gamble I took and will probably be putting this box into full time service fairly soon. Andrew -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Watchguard X series platform
On Mon, Oct 29, 2007 at 10:34:20AM -0400, Andrew Cotter wrote: Well I got no response so I went out and picked a Watchguard X500 up off of You got at least a response from me. From the look of it, how is it better than ALIX? ebay. I am happy to report that once you crack the thing open there is a nice little onboard slot for a CF. Mine had a 64MB card in it which I quickly swapped out with a freshly imaged M0n0all CF. I powered it up, consoled into it, and it saw all 6 adapters. Have not tried pfsense yet, but I will be trying that out sometime over the next week or so. For those of you out there that prefer certain cards, the 6 ports are Realtek chips which may be a drawback. Needless to say, I am happy a the gamble I took and will probably be putting this box into full time service fairly soon. I'm going to remove the CFs from my twin mini-ITXen, and substitute them with http://delock.com/produkte/gruppen/flash+speicher/IDE_Flash_Modul_40Pin_4GB_Vertical_54114.html tomorrow. With a full pfsense install instead of embedded I hope to see less problematic (bricks, or broken rules) upgrades. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
On 10/29/07, Wally Mono [EMAIL PROTECTED] wrote: I realize this is bad form, but how do I actually get someone to respond to an apparent problem? I tried the contact on the web page and was referred here. What other hoops must I jump through to get someone to give me what probably amounts to a very simple answer? All due respect, gratitude and adulation for the software is explicitly implied in this message. How can you expect someone to reply over the weekend immediately? Believe it or not developers do have a life outside of their keyboards. Either way we will look into the problem. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Watchguard X series platform
On Oct 29, 2007, at 11:37 AM, Eugen Leitl wrote: I'm going to remove the CFs from my twin mini-ITXen, and substitute them I just replaced the CF adapter thingy from my mini-ITX box and replaced it with one of these, so upgrade are trivial -- just swap CF cards from the back of the box. http://www.e-itx.com/ide-cf-adapter-rear-bracket.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Watchguard X series platform
On Mon, Oct 29, 2007 at 12:36:48PM -0400, Vivek Khera wrote: I just replaced the CF adapter thingy from my mini-ITX box and I have something like that, hotglued inside the cases. It's not really a hassle. replaced it with one of these, so upgrade are trivial -- just swap CF cards from the back of the box. http://www.e-itx.com/ide-cf-adapter-rear-bracket.html But this still leaves me with vanilla CF without wear levelling algorithms, so one is prone to get a lot less (like 6 months?) than 3 Mh MTBF than even the cheap SSDs have -- assuming you run full pfSense install, and not the embedded, of course. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Watchguard X series platform
I am in kind of the same boat. If you can get the Watchguard appliance to work with pfsense that would be pretty cool, but I bet it will drive up the cost of the units on Ebay :)I have been looking at the machines on hacom.net as well. They have some pretty good candidate machines for installing pfsense on. Keep us informed of your efforts. On 10/29/07, Andrew Cotter [EMAIL PROTECTED] wrote: -Original Message- From: Andrew Cotter [mailto: [EMAIL PROTECTED] Sent: Tuesday, October 16, 2007 3:12 PM To: support@pfsense.com Subject: [pfSense Support] Watchguard X series platform Hello, I have seen a number of posts both here and on the M0n0wall list about the older Watchguard Firebox I/II series boxes and the ability to use them. Does anyone have any experience on the Watchguard Core X500/X700/X1000 series boxes? I am looking for a platform that is a little more powerful than the WRAP/ALIX or Sokeris 5501 systems, but would prefer to stay away from full blown servers. Thanks for any input! Andrew Well I got no response so I went out and picked a Watchguard X500 up off of ebay. I am happy to report that once you crack the thing open there is a nice little onboard slot for a CF. Mine had a 64MB card in it which I quickly swapped out with a freshly imaged M0n0all CF. I powered it up, consoled into it, and it saw all 6 adapters. Have not tried pfsense yet, but I will be trying that out sometime over the next week or so. For those of you out there that prefer certain cards, the 6 ports are Realtek chips which may be a drawback. Needless to say, I am happy a the gamble I took and will probably be putting this box into full time service fairly soon. Andrew I am in kind of the same boat. If you can get Watchguard appliance to work with pfsense that would be pretty cool, but I bet it will drive up the cost of the units on Ebay :)I have been looking at the machines on hacom.net as well. They have some pretty good candiate machines for installing pfsense on. Keep us informed of your efforts.
RE: [pfSense Support] Watchguard X series platform
Im a couple months off from trying this http://www.abmx.com/1u-12inch-deep-mini-server-p-287.html Im debating on whether to throw a 4 NIC intel in the PCI slot or try the 3 NIC card they can add (that doesnt use up the PCI slot either) Itll use the re driver (its a Realtek RTL8110S) - and in the past I've stayed away from realtek -Tim --- From: Charles Alvis [mailto:[EMAIL PROTECTED] Sent: Monday, October 29, 2007 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] Watchguard X series platform I am in kind of the same boat. If you can get the Watchguard appliance to work with pfsense that would be pretty cool, but I bet it will drive up the cost of the units on Ebay :) I have been looking at the machines on hacom.net as well. They have some pretty good candidate machines for installing pfsense on. Keep us informed of your efforts. On 10/29/07, Andrew Cotter [EMAIL PROTECTED] wrote: -Original Message- From: Andrew Cotter [mailto: [EMAIL PROTECTED] Sent: Tuesday, October 16, 2007 3:12 PM To: support@pfsense.com Subject: [pfSense Support] Watchguard X series platform Hello, I have seen a number of posts both here and on the M0n0wall list about the older Watchguard Firebox I/II series boxes and the ability to use them. Does anyone have any experience on the Watchguard Core X500/X700/X1000 series boxes? I am looking for a platform that is a little more powerful than the WRAP/ALIX or Sokeris 5501 systems, but would prefer to stay away from full blown servers. Thanks for any input! Andrew Well I got no response so I went out and picked a Watchguard X500 up off of ebay. I am happy to report that once you crack the thing open there is a nice little onboard slot for a CF. Mine had a 64MB card in it which I quickly swapped out with a freshly imaged M0n0all CF. I powered it up, consoled into it, and it saw all 6 adapters. Have not tried pfsense yet, but I will be trying that out sometime over the next week or so. For those of you out there that prefer certain cards, the 6 ports are Realtek chips which may be a drawback. Needless to say, I am happy a the gamble I took and will probably be putting this box into full time service fairly soon. Andrew I am in kind of the same boat. If you can get Watchguard appliance to work with pfsense that would be pretty cool, but I bet it will drive up the cost of the units on Ebay :) I have been looking at the machines on hacom.net as well. They have some pretty good candiate machines for installing pfsense on. Keep us informed of your efforts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Rainer Duffner wrote: Wally Mono wrote: I realize this is bad form, but how do I actually get someone to respond to an apparent problem? I tried the contact on the web page and was referred here. What other hoops must I jump through to get someone to give me what probably amounts to a very simple answer? All due respect, gratitude and adulation for the software is explicitly implied in this message. No offense taken. You probably don't want to hear that but: could you backup your config and re-install? cheers, Rainer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Rainer, Thanks so much for your response. To be clear, I am running the live cd version, so there is nothing to re-install. Are you saying just reconfigure from scratch? Would this imply some sort of corruption in the configuration file? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Am 30.10.2007 um 00:39 schrieb Wally Mono: Rainer, Thanks so much for your response. To be clear, I am running the live cd version, so there is nothing to re-install. Are you saying just reconfigure from scratch? Would this imply some sort of corruption in the configuration file? Ah. Can't you just try a newer snapshot? (Yours said to be from August) Just to be sure it isn't fixed already. I know that the devs don't like to debug problems with months-old snapshots I just checked - I'm running an August 8th snapshot on a WRAP and I don't have this problem. I'm too lazy to update regularly (I've got to dismantle the WRAP completely and I don't like to do that too often) cheers, Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]