[pfSense Support] live CD booting and loading config.xml
Is it possible to boot to a liveCD image of pfsense, and specify a location to load config.xml from? I did a trial run of pfSense, and saved my config to a usb stick. I've just tried a second trial run, and I realised I don't know how to get the config loaded. If I wait until the web interface to restore the config pfSense does a reboot (which of course doesn't work in this scenario). The boot/loader.4th and boot/support.4th files on the liveCD iso seem to indicate this is possible, but I don't know how to work it out from them. -- Geoff Crompton Debian System Administrator http://www.strategicdata.com.au Phone: +61 3 9340 9000 Fax: +61 3 9348 2015 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Rainer Duffner wrote: Am 30.10.2007 um 00:39 schrieb Wally Mono: Rainer, Thanks so much for your response. To be clear, I am running the live cd version, so there is nothing to re-install. Are you saying just reconfigure from scratch? Would this imply some sort of corruption in the configuration file? Ah. Can't you just try a newer snapshot? (Yours said to be from August) Just to be sure it isn't fixed already. I know that the devs don't like to debug problems with months-old snapshots I just checked - I'm running an August 8th snapshot on a WRAP and I don't have this problem. I'm too lazy to update regularly (I've got to dismantle the WRAP completely and I don't like to do that too often) cheers, Rainer So if I understand you correctly, the pfSense-1.2-RC2-Embedded.img.gz on http://pfsense.untouchable.net/downloads/pfSense-1.2-RC2-Embedded.img.gz on the download site today is not the same as the one I downloaded in August? That seems a little problematic. Perhaps I COULD contribute something to this project in the way of version control advice; put a build # on the release! It could be yy.mm.dd. I'm not sure this is actually how they are released, but I have always been a little annoyed and leery of the fact that the timestamp on the files in the download area always have the current date. If indeed the current RC2 is actually a silently rolling version, some indication needs to be place either on it (my preference) or, at the very least, in a readme file called something like AA_VERSION.txt I will try burning a new copy this weekend. FWIW I have another box running the identical version, but not using OPT1(multiwan) and I do not have this same problem of the rrdtool crashing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Problems with DHCP leases
Hello, I've got a problem with the dhcpd service of pfsense: I don't get a IP over DHCP. According the status page, the dhcpd is up and running, the DHCP log also shows no activity. I also tried to capture the network activity with WireShark: I only got my own DHCP discover requests, but no other DHCP related packages. The only hints I got were from the System Logs: Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Oct 30 11:19:14 dhcpd: All rights reserved. Oct 30 11:19:14 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 30 11:19:14 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Could you please help me to fix this problem? Any hints are welcome. Regards, bc
Re: [pfSense Support] Problems with DHCP leases
Add a little info like the version you run, how did you uppgrade (i assume you did a upgrade since you are missing the group). From what version to what version etc. -lsf On 10/30/07, bRokEnCHaRacTer [EMAIL PROTECTED] wrote: Hello, I've got a problem with the dhcpd service of pfsense: I don't get a IP over DHCP. According the status page, the dhcpd is up and running, the DHCP log also shows no activity. I also tried to capture the network activity with WireShark: I only got my own DHCP discover requests, but no other DHCP related packages. The only hints I got were from the System Logs: Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Oct 30 11:19:14 dhcpd: All rights reserved. Oct 30 11:19:14 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 30 11:19:14 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Could you please help me to fix this problem? Any hints are welcome. Regards, bc
Re: [pfSense Support] Problems with DHCP leases
Hello, I am running the version 1.2 RC2. As far as I know (or have been told), the previous version was either 1.0.2 or a Beta-Version of 1.2 (I can give you more detailed information when the guy who originally set it up returns). bc On 10/30/07, Espen Johansen [EMAIL PROTECTED] wrote: Add a little info like the version you run, how did you uppgrade (i assume you did a upgrade since you are missing the group). From what version to what version etc. -lsf On 10/30/07, bRokEnCHaRacTer [EMAIL PROTECTED] wrote: Hello, I've got a problem with the dhcpd service of pfsense: I don't get a IP over DHCP. According the status page, the dhcpd is up and running, the DHCP log also shows no activity. I also tried to capture the network activity with WireShark: I only got my own DHCP discover requests, but no other DHCP related packages. The only hints I got were from the System Logs: Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Oct 30 11:19:14 dhcpd: All rights reserved. Oct 30 11:19:14 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 30 11:19:14 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Could you please help me to fix this problem? Any hints are welcome. Regards, bc
[pfSense Support] Multi Link Router instead of Firewall
Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] rrdtool core dump
Date: Tue, 30 Oct 2007 06:42:09 -0500 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: Re: [pfSense Support] rrdtool core dump Rainer Duffner wrote: Am 30.10.2007 um 00:39 schrieb Wally Mono: Rainer, Thanks so much for your response. To be clear, I am running the live cd version, so there is nothing to re-install. Are you saying just reconfigure from scratch? Would this imply some sort of corruption in the configuration file? Ah. Can't you just try a newer snapshot? (Yours said to be from August) Just to be sure it isn't fixed already. I know that the devs don't like to debug problems with months-old snapshots I just checked - I'm running an August 8th snapshot on a WRAP and I don't have this problem. I'm too lazy to update regularly (I've got to dismantle the WRAP completely and I don't like to do that too often) cheers, Rainer So if I understand you correctly, the pfSense-1.2-RC2-Embedded.img.gz on http://pfsense.untouchable.net/downloads/pfSense-1.2-RC2-Embedded.img.gz on the download site today is not the same as the one I downloaded in August? That seems a little problematic. Perhaps I COULD contribute something to this project in the way of version control advice; put a build # on the release! It could be yy.mm.dd. I'm not sure this is actually how they are released, but I have always been a little annoyed and leery of the fact that the timestamp on the files in the download area always have the current date. If indeed the current RC2 is actually a silently rolling version, some indication needs to be place either on it (my preference) or, at the very least, in a readme file called something like AA_VERSION.txt I will try burning a new copy this weekend. FWIW I have another box running the identical version, but not using OPT1(multiwan) and I do not have this same problem of the rrdtool crashing. The build server rebuilds the image every 2 hours incorporating CVS changes that are going on. after 1.2 release they are already looking at incorporating a build version into the image nameto be able to discern whether your version is actually out of date. its an issue with the build server that they are treating as a low priority until the next full release. to actually see what changes are currently incorporated, check the CVStrac website at http://cvstrac.pfsense.com/timeline so in essence, build version issue is old news and will be fixed eventually. until then, the image on the snapshots server will always be the latest and greatest even if version name doesnt change. -Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
RE: [pfSense Support] Multi Link Router instead of Firewall
Date: Tue, 30 Oct 2007 14:07:13 -0500 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Multi Link Router instead of Firewall Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] -- it will run as a router only if you want it to just fine. only difference is a Pass all rule thats generated. _ Help yourself to FREE treats served up daily at the Messenger Café. Stop by today. http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline
Re: [pfSense Support] Multi Link Router instead of Firewall
So, it would still load Balance/Failover as a router in that case I assume. Thanks for the information. -- Heath Henderson [EMAIL PROTECTED] -- From: Sean Cavanaugh [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 30 Oct 2007 16:08:06 -0400 To: support@pfsense.com Subject: RE: [pfSense Support] Multi Link Router instead of Firewall Date: Tue, 30 Oct 2007 14:07:13 -0500 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Multi Link Router instead of Firewall Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] -- it will run as a router only if you want it to just fine. only difference is a Pass all rule thats generated. Help yourself to FREE treats served up daily at the Messenger Café. Stop by today! http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctW Ltagline
RE: [pfSense Support] Multi Link Router instead of Firewall
it should. in simplest terms, a router passes all, a firewall blocks all. same actual packet routing occurs. Date: Tue, 30 Oct 2007 15:25:42 -0500From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Re: [pfSense Support] Multi Link Router instead of Firewall So, it would still load Balance/Failover as a router in that case I assume. Thanks for the information.-- Heath [EMAIL PROTECTED] From: Sean Cavanaugh [EMAIL PROTECTED]Reply-To: support@pfsense.comDate: Tue, 30 Oct 2007 16:08:06 -0400To: support@pfsense.comSubject: RE: [pfSense Support] Multi Link Router instead of Firewall Date: Tue, 30 Oct 2007 14:07:13 -0500 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Multi Link Router instead of Firewall Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Will it still function the same way? Thanks -- Heath Henderson [EMAIL PROTECTED] --it will run as a router only if you want it to just fine. only difference is a Pass all rule thats generated. Help yourself to FREE treats served up daily at the Messenger Café. Stop by today! http://www.cafemessenger.com/info/info_sweetstuff2.html?ocid=TXT_TAGLM_OctWLtagline _ Climb to the top of the charts! Play Star Shuffle: the word scramble challenge with star power. http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_oct
[pfSense Support] Upgrading To RC2 on Embedded Platforms
Is it possible to upgrade to RC2 on the Embedded platforms without having to reflash the image? -- - Thank you, - Jared B. Griffith - Farheap Solutions, Inc. - Lead Systems Administrator - California IT Department - Email - [EMAIL PROTECTED] - Phone - 949.417.1500 ext. 266 - Cell Phone - 949.910.6542
Re: [pfSense Support] rrdtool core dump
Wally Mono wrote: So if I understand you correctly, the pfSense-1.2-RC2-Embedded.img.gz on http://pfsense.untouchable.net/downloads/pfSense-1.2-RC2-Embedded.img.gz on the download site today is not the same as the one I downloaded in August? No. RC2 is still RC2. Snapshots is what the previous person was referring to, which are not found on the mirrors. There haven't been many, if any rrdtool changes so I doubt if using a snapshot would change anything. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multi Link Router instead of Firewall
Heath Henderson wrote: Is it possible to setup a Multi WAN (Failover/Load Balance) configuration and bypass the Firewall? Basically setting the pf box up as a router and using another firewall behind the Pf box to act as a filter? I noticed an option in the pF interface to do such a thing, but figured I better check before I get into it too deep. Multi-WAN requires policy routing. Policy routing requires pf. If you disable the filter, you won't be able to policy route, so multi-WAN won't function. Unless you implement static routing to do what you desire, or use RIP or the BGP package. Still won't allow policy routing, but either will give you options to use multi-WAN without pf's policy routing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rrdtool core dump
Chris Buechler wrote: Wally Mono wrote: So if I understand you correctly, the pfSense-1.2-RC2-Embedded.img.gz on http://pfsense.untouchable.net/downloads/pfSense-1.2-RC2-Embedded.img.gz on the download site today is not the same as the one I downloaded in August? No. RC2 is still RC2. Snapshots is what the previous person was referring to, which are not found on the mirrors. There haven't been many, if any rrdtool changes so I doubt if using a snapshot would change anything. sorry to reply to myself, I forgot one thing - do you have a reliable way to replicate the core dump? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problems with DHCP leases
bRokEnCHaRacTer wrote: Hello, I am running the version 1.2 RC2. As far as I know (or have been told), the previous version was either 1.0.2 or a Beta-Version of 1.2 (I can give you more detailed information when the guy who originally set it up returns). Definitely a bug in the upgrade, let us know which version you upgraded from. To fix it, SSH in and run vipw. Add the following line if not already there: _dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin also add the following line to /etc/group _dhcp:*:65: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] live CD booting and loading config.xml
Geoff Crompton wrote: Is it possible to boot to a liveCD image of pfsense, and specify a location to load config.xml from? It automatically attempts to get the config from any USB drives and floppy drives. It needs to be FAT formatted, and the config.xml file in a conf folder. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] live CD booting and loading config.xml
Chris Buechler wrote: Geoff Crompton wrote: Is it possible to boot to a liveCD image of pfsense, and specify a location to load config.xml from? It automatically attempts to get the config from any USB drives and floppy drives. It needs to be FAT formatted, and the config.xml file in a conf folder. Thanks Chris, we've got it working now. -- Geoff Crompton Debian System Administrator http://www.strategicdata.com.au Phone: +61 3 9340 9000 Fax: +61 3 9348 2015 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Traffic shaper, asterisk and IAX (port 4569)
Hi, I use asterisk behind PfSense, and I configured the traffic shaper accordingly. I can see that it prioritizes SIP and RTP traffic. Is there a reason why IAX traffic (UDP/4569) is not included in there? Regards, Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Traffic shaper, asterisk and IAX (port 4569)
The *wizard* doesn't include IAX traffic, but pfSense will still do what you want. All that you have to do is add rules to put the traffic into the appropriate queues on the shaper rules page. Dimitri Rodis Integrita Systems LLC -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Ugo Bellavance Sent: Tuesday, October 30, 2007 7:55 PM To: support@pfsense.com Subject: [pfSense Support] Traffic shaper, asterisk and IAX (port 4569) Hi, I use asterisk behind PfSense, and I configured the traffic shaper accordingly. I can see that it prioritizes SIP and RTP traffic. Is there a reason why IAX traffic (UDP/4569) is not included in there? Regards, Ugo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]