Re: [pfSense Support] Virtual Ips

2007-12-26 Thread Bill Marquette 
On Dec 26, 2007 3:11 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> So do you suggest I use PPPoE at the pfSense firewall and just bridge the
> modem?  Right now I have the modem dialed to the account(DSL) for PPPoA and
> the modem is carrying a static gateway IP on its outside port and the inside

Yes, that's what I'd suggest.  Plus it gives you an extra address :)
No more losing the gateway address to the modem!

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Virtual Ips

2007-12-26 Thread Curtis LaMasters 
If possible the modem should be nothing more than a delivery mechanism for
network transport.  No IP address, no routing, no configuration really.

Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
So do you suggest I use PPPoE at the pfSense firewall and just bridge
the modem?  Right now I have the modem dialed to the account(DSL) for
PPPoA and the modem is carrying a static gateway IP on its outside port
and the inside port is a static IP from the block of IPs I am allowed.
Then on the WAN port of pfSense is another user IP from the -block.
 
 
 
James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 
 
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 12:50 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips
 
On Dec 26, 2007 1:30 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> Or I can bridge the modem and connect using the firewall on PPPoE.
 
With PPPoE and pfSense terminating the connection, 'other' is the
option you want for virtual IPs.
 
--Bill
 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Setting up No-IP services

2007-12-26 Thread Tim Nelson 
Hello Bill- 

I use the pfSense dynamic dns currently on a few boxes and have never had any 
problems with it. I know it's quite unbelievable... but you just configure, go, 
and forget about it! It's nice that one item can be like that in the myriad of 
network/system stuff that always needs attention... :-) 

Tim Nelson 
Systems/Network Support 
Rockbochs Inc. 
(218)727-4332 

- Original Message - 
From: "Bill Roth" <[EMAIL PROTECTED]> 
To: support@pfsense.com 
Sent: Wednesday, December 26, 2007 2:12:44 PM (GMT-0600) America/Chicago 
Subject: [pfSense Support] Setting up No-IP services 



Just going through the set up for No-IP Dyn DNS services and wanted to know if 
the service will work with the pfsense DDNS service? Is there anything special 
I need to do to get this to work? It looks pretty straightforward, but you 
never know. 

Thanks, Bill

Re: [pfSense Support] Virtual Ips

2007-12-26 Thread Bill Marquette 
On Dec 26, 2007 1:30 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> Or I can bridge the modem and connect using the firewall on PPPoE.

With PPPoE and pfSense terminating the connection, 'other' is the
option you want for virtual IPs.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Setting up No-IP services

2007-12-26 Thread Bill Roth 
Just going through the set up for No-IP Dyn DNS services and wanted to
know if the service will work with the pfsense DDNS service?  Is there
anything special I need to do to get this to work?  It looks pretty
straightforward, but you never know.
 
Thanks, Bill

RE: [pfSense Support] Squid running, squidguard blocking all traffic??

2007-12-26 Thread Christopher Iarocci 
Squid is running.  The filter service is stopped.  When I start the filter
service all http traffic is blocked.  Any ideas on how to configure it to
allow traffic?  The GUI looks pretty straight forward but I can't seem to
get it to work.  I was even able to upload a filter set from the web through
it and it loaded ok.  But the second I switch it on, even if I leave default
settings, bam, no more http traffic.

 

Chris

 

 

From: Curtis LaMasters [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 9:32 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Squid running, squidguard blocking all
traffic??

 

First check under the Services page under the status drop down menu.  Squid
should be in there.

Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
Same as before.  I cannot access through my firewall/NAT rules.  This
time I used Proxy ARP when setting up virtual IP's.

James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 

-Original Message-
From: James Kusler 
Sent: Wednesday, December 26, 2007 11:32 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips

I have just installed to hard drive the latest version (1.2-RC3).

So I am starting with a fresh system.  We'll see what happens.

Again, thanks to everyone for the continuing comments, information,
advice and assistance.

I will keep you posted on what happens.

James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 11:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

On Dec 26, 2007 12:13 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
> changed in the newer version that may help.

If it truly says "Web Proxy", you didn't get an official release from
us!  It should read, CARP, Proxy ARP, and Other.

I've explained the differences before, but I'll do it again here.

CARP is primarily used for high availability when you have multiple
firewalls in a cluster.  With that said I recommend it over proxy arp
as if you ever go to a cluster config you'll have to convert anyway.

Proxy ARP is primarily for when you have a single firewall and
multiple addresses that need to be NAT'd through it.

"Other" is for when you have a subnet routed to your firewall - ie.
not the same subnet the firewall is on usually (although with PPPoE it
may be).  The IPs are always seen at your firewall and you just need
pfSense to recognize that it should allow you to do something with
them.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
I have just installed to hard drive the latest version (1.2-RC3).

So I am starting with a fresh system.  We'll see what happens.

Again, thanks to everyone for the continuing comments, information,
advice and assistance.

I will keep you posted on what happens.

James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 11:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

On Dec 26, 2007 12:13 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
> changed in the newer version that may help.

If it truly says "Web Proxy", you didn't get an official release from
us!  It should read, CARP, Proxy ARP, and Other.

I've explained the differences before, but I'll do it again here.

CARP is primarily used for high availability when you have multiple
firewalls in a cluster.  With that said I recommend it over proxy arp
as if you ever go to a cluster config you'll have to convert anyway.

Proxy ARP is primarily for when you have a single firewall and
multiple addresses that need to be NAT'd through it.

"Other" is for when you have a subnet routed to your firewall - ie.
not the same subnet the firewall is on usually (although with PPPoE it
may be).  The IPs are always seen at your firewall and you just need
pfSense to recognize that it should allow you to do something with
them.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
Also, so everyone knows, there are two ways to set up this connection
using a separate firewall.

I can either put the modem on PPPoA and then put the firewall inside of
the modem with static IPs (WAN on external IP addr. And LAN on my
internal net)\

Or I can bridge the modem and connect using the firewall on PPPoE.

I have done both and they both work as far as pinging the IPs and going
through it from inside to outside on the Internet.

Each time I try to come in from the outside through my designated
rules/ports/address I get denied.

Could it be because I am not using Proxy ARP?

James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 11:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

On Dec 26, 2007 12:13 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
> changed in the newer version that may help.

If it truly says "Web Proxy", you didn't get an official release from
us!  It should read, CARP, Proxy ARP, and Other.

I've explained the differences before, but I'll do it again here.

CARP is primarily used for high availability when you have multiple
firewalls in a cluster.  With that said I recommend it over proxy arp
as if you ever go to a cluster config you'll have to convert anyway.

Proxy ARP is primarily for when you have a single firewall and
multiple addresses that need to be NAT'd through it.

"Other" is for when you have a subnet routed to your firewall - ie.
not the same subnet the firewall is on usually (although with PPPoE it
may be).  The IPs are always seen at your firewall and you just need
pfSense to recognize that it should allow you to do something with
them.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
Okay, it does Proxy ARP.  My error.  I have multiple addresses I need to
NAT through this.

It is a block of 8 IPs from Qwest and I can use 5 for me and one is the
gateway.  The others are the network and the b-cast as usual.

I have tried CARP and before that 'Other'.

I only have the one pfSense firewall.

James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 11:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

On Dec 26, 2007 12:13 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
> changed in the newer version that may help.

If it truly says "Web Proxy", you didn't get an official release from
us!  It should read, CARP, Proxy ARP, and Other.

I've explained the differences before, but I'll do it again here.

CARP is primarily used for high availability when you have multiple
firewalls in a cluster.  With that said I recommend it over proxy arp
as if you ever go to a cluster config you'll have to convert anyway.

Proxy ARP is primarily for when you have a single firewall and
multiple addresses that need to be NAT'd through it.

"Other" is for when you have a subnet routed to your firewall - ie.
not the same subnet the firewall is on usually (although with PPPoE it
may be).  The IPs are always seen at your firewall and you just need
pfSense to recognize that it should allow you to do something with
them.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Virtual Ips

2007-12-26 Thread Bill Marquette 
On Dec 26, 2007 12:13 PM, James Kusler <[EMAIL PROTECTED]> wrote:
> It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
> changed in the newer version that may help.

If it truly says "Web Proxy", you didn't get an official release from
us!  It should read, CARP, Proxy ARP, and Other.

I've explained the differences before, but I'll do it again here.

CARP is primarily used for high availability when you have multiple
firewalls in a cluster.  With that said I recommend it over proxy arp
as if you ever go to a cluster config you'll have to convert anyway.

Proxy ARP is primarily for when you have a single firewall and
multiple addresses that need to be NAT'd through it.

"Other" is for when you have a subnet routed to your firewall - ie.
not the same subnet the firewall is on usually (although with PPPoE it
may be).  The IPs are always seen at your firewall and you just need
pfSense to recognize that it should allow you to do something with
them.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Tim Dickson 
And in your firewall logs do you have show blocked by default rule?

If so check the logs and see if you can find anything stopping it.

 

Also check out your states you can watch active connections by throwing
192.168.1.10 in your filter.

If you see connections coming through on those states it may be a
misconfiguration on the server itself.

-Tim

 

From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 11:05 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips

 

Sorry.  I forgot to let you know.  I do have the correct IP address assigned
by my isp.  To answer your other question,  the 

wan rule is pass protocol:any port:any source:any  destination:192.168.1.10
gateway:default

this rule is at the top of the list. (first processed)

i figured id go for simple and the block what i don't need after.

-Original Message-
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:19 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips

What are the rules you are using on the WAN for traffic.

Keep in mind when you are defining the destination address it should be the
PRIVATE IP not the PUBLIC one

If you are getting the correct address on whatismyip then the NAT mapping is
fine. it is firewall rules that are messing you up.

-Tim

 

From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 10:27 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips

 

I have it setup as Proxy ARP

 

I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask

 

on the WAN interface it is setup as x.x.x.74  /29

 

I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100

 

I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask? 

Curtis 



__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue 
Sorry.  I forgot to let you know.  I do have the correct IP address assigned
by my isp.  To answer your other question,  the
wan rule is pass protocol:any port:any source:any  destination:192.168.1.10
gateway:default
this rule is at the top of the list. (first processed)
i figured id go for simple and the block what i don't need after.

-Original Message-
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:19 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



What are the rules you are using on the WAN for traffic.

Keep in mind when you are defining the destination address it should be the
PRIVATE IP not the PUBLIC one

If you are getting the correct address on whatismyip then the NAT mapping is
fine. it is firewall rules that are messing you up.

-Tim



From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 10:27 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



I have it setup as Proxy ARP



I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask



on the WAN interface it is setup as x.x.x.74  /29



I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100



I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis



__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

[pfSense Support] pptp vpn server

2007-12-26 Thread Víctor Hugo Pasten Varas 
Hi guys, I have a problem with pptp vpn.


The VPN log display the next error:

Last 50 firewall log entries
Act Time If Source Destination Proto
Dec 25 08:48:20 NG1 192.168.100.192:1036 193.0.0.236:53 UDP
  Dec 25 08:48:20 NG1 192.168.100.192:1036 192.0.34.126:53 UDP
  Dec 25 08:48:20 NG1 192.168.100.192:1036 193.0.0.236:53 UDP
  Dec 25 08:48:21 NG1 192.168.100.192:1029 192.168.1.4:53 UDP
  Dec 25 08:48:21 NG1 192.168.100.192:1029 192.168.1.10:53 UDP
  Dec 25 08:48:21 NG1 192.168.100.192 192.168.1.1 ICMP
  Dec 25 08:48:22 NG1 192.168.100.192:4603 192.168.1.4:53 UDP
  Dec 25 08:48:24 NG1 192.168.100.192:4603 192.168.1.10:53 UDP
  Dec 25 08:48:24 NG1 192.168.100.192:1036 204.74.113.1:53 UDP
  Dec 25 08:48:25 NG1 192.168.100.192:4603 192.168.1.10:53 UDP
  Dec 25 08:48:25 NG1 192.168.100.192:1029 192.168.1.4:53 UDP
  Dec 25 08:48:26 NG1 192.168.100.192:1029 192.168.1.10:53 UDP
  Dec 25 08:48:26 NG1 192.168.100.192:4603 192.168.1.4:53 UDP
  Dec 25 08:48:26 NG1 192.168.100.192:4603 192.168.1.10:53 UDP
  Dec 25 08:48:27 NG1 192.168.100.192 192.168.1.1 ICMP
  Dec 25 08:48:27 NG1 192.168.100.192:1029 192.168.1.10:53 UDP
  Dec 25 08:48:28 NG1 192.168.0.253:53 172.16.30.2:50703 UDP
  Dec 25 08:48:29 NG1 192.168.100.192:1029 192.168.1.4:53 UDP
  Dec 25 08:48:29 NG1 192.168.100.192:1029 192.168.1.10:53 UDP
  Dec 25 08:48:30 NG1 192.168.100.192:4603 192.168.1.4:53 UDP
  Dec 25 08:48:31 NG1 192.168.100.192:4603 192.168.1.10:53 UDP
  Dec 25 08:48:32 NG1 192.168.100.192 192.168.1.1 ICMP
  Dec 25 08:48:33 NG1 192.168.100.192:1029 192.168.1.4:53 UDP
  Dec 25 08:48:33 NG1 192.168.100.192:1029 192.168.1.10:53 UDP


how i do permit traffic from pptp_client on NG iface???



Víctor Pasten V.
Redes y Servidores
[EMAIL PROTECTED]


This message was sent using IMP, the Internet Messaging Program.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Tim Dickson 
What are the rules you are using on the WAN for traffic.

Keep in mind when you are defining the destination address it should be the
PRIVATE IP not the PUBLIC one

If you are getting the correct address on whatismyip then the NAT mapping is
fine. it is firewall rules that are messing you up.

-Tim

 

From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 10:27 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips

 

I have it setup as Proxy ARP

 

I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask

 

on the WAN interface it is setup as x.x.x.74  /29

 

I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100

 

I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask? 

Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue 
I have it setup as Proxy ARP

I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask

on the WAN interface it is setup as x.x.x.74  /29

I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100

I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips


Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
I will be upgrading, that's fur sure.  I have everything else set.
Also, in the virtual IP section, I did not have the choice of selecting
'IP'.
 
It gave the choices 'CARP', 'Web Proxy', and 'Other'.  So if that has
changed in the newer version that may help.
 
Thanks for all the help and info, and I will let you all know what
happens.
 
James Kusler, Information Technology Manager - Sound Telecom
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED]   |
www.sound-tele.com   | www.solaxis.com
  


From: Curtis LaMasters [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 10:00 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips
 
Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to
use 1:1 NAT, go ahead and do so for that specific IP address, then under
the firewall rules add in a rule to match the traffic you would like to
permit. It should be that simple.  Additionally, the IP's 73 and 72 are
within your given range correct?  Are you using the correct subnet mask?


Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
I am using CARP.   Originally I used 'other'.  Also, when I define the
public IP should I use the /29 subnet mask for that address from Qwest,
or should I just use /32 since it is a single IP address?
 
The dialogues in the web GUI suggest that if you use a single IP you use
the /32 snm.
 
James Kusler, Information Technology Manager - Sound Telecom
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED]   |
www.sound-tele.com   | www.solaxis.com
  


From: Curtis LaMasters [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 10:00 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips
 
Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to
use 1:1 NAT, go ahead and do so for that specific IP address, then under
the firewall rules add in a rule to match the traffic you would like to
permit. It should be that simple.  Additionally, the IP's 73 and 72 are
within your given range correct?  Are you using the correct subnet mask?


Curtis

Re: [pfSense Support] Virtual Ips

2007-12-26 Thread Curtis LaMasters 
Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis

Re: [pfSense Support] sort of new PFSense user... WAN to LAN question...

2007-12-26 Thread Curtis LaMasters 
A question on hardware; you do have this installed to HD or flash correct?
What version of pfSense are you running.  On my 1.2RC2 at home, under Status
--> Services I have Squid Listed.  Try uninstalling and reinstalling the
package.

Curtis

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue 
sorry.  i mistyped.  I am at 1.2RC3

-Original Message-
From: Sean Cavanaugh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:41 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


First step, upgrade to latest release, 1.2-RC3 as there have been MANY fixes
put in since 1.0.1

-Sean



  _


> Date: Wed, 26 Dec 2007 09:17:45 -0800
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: RE: [pfSense Support] Virtual Ips
>
> I am having the same problem. I have an external IP from Qwest which is
> part of an 8-IP address block. That IP is the "gateway" and the others
> are for my use. SO I am trying to assign them to devices on my local
> net.
>
> I set up mine in virtual IP, and created a NAT rule with the option
> selected to also create an associated firewall rule.
>
> I can surf out to the internet just fine but I can not access the device
> through the IP I designated, from the outside going in.
>
> I don't know about you, but I am using pfSense 1.01 and no extra
> services like Squid. One person suggested that Squid was installed and
> was block the entrance from the outside. But that was not the case
> because it is not installed.
>
> So I am in the same boat you are.
>
>
> James Kusler, Information Technology Manager
> PHONE| 509.624.1613 or 800.822.4456 FAX| 509.624.1604
> [EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com
> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 26, 2007 9:19 AM
> To: support@pfsense.com
> Subject: [pfSense Support] Virtual Ips
>
> I have a stupid question.. I am trying to set up 2 servers with a
> seperate
> external IP adresses. My wan IP is x.x.x.74 I want to use x.x.x.73 for
> server 1 and x.x.x.72 for server 2. Server 1 is 192.168.1.10 and server
> 2
> is 192.168.1.11. I think i have to set this up in 1:1 nat, Firewall
> rules,
> and also in Virtual IPs. Is there anywhere else i need to set this up,
> It
> doesn't seem to be working. Maybe I have this way off or something
> else.
> Thanks for your help.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>



  _

The best games are on Xbox 360. Click here for a special offer on an Xbox
360 Console. Get it now! 

__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue 
OK.  Im stranded, but at least im not alone.  I am using pfsense 1.3RC3.  I
upgraded before i posted the question in hopes that would work.  It didn't.
I feel like I have to be missing something.

-Original Message-
From: James Kusler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:18 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


I am having the same problem.  I have an external IP from Qwest which is
part of an 8-IP address block.  That IP is the "gateway" and the others
are for my use.  SO I am trying to assign them to devices on my local
net.

I set up mine in virtual IP, and created a NAT rule with the option
selected to also create an associated firewall rule.

I can surf out to the internet just fine but I can not access the device
through the IP I designated, from the outside going in.

I don't know about you, but I am using pfSense 1.01 and no extra
services like Squid.  One person suggested that Squid was installed and
was block the entrance from the outside.  But that was not the case
because it is not installed.

So I am in the same boat you are.


James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 
-Original Message-
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 9:19 AM
To: support@pfsense.com
Subject: [pfSense Support] Virtual Ips

I have a stupid question.. I am trying to set up 2 servers with a
seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server
2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall
rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up,
It
doesn't seem to be working.  Maybe I have this way off or something
else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Sean Cavanaugh 
First step, upgrade to latest release, 1.2-RC3 as there have been MANY fixes 
put in since 1.0.1
 
-Sean



> Date: Wed, 26 Dec 2007 09:17:45 -0800> From: [EMAIL PROTECTED]> To: 
> support@pfsense.com> Subject: RE: [pfSense Support] Virtual Ips> > I am 
> having the same problem. I have an external IP from Qwest which is> part of 
> an 8-IP address block. That IP is the "gateway" and the others> are for my 
> use. SO I am trying to assign them to devices on my local> net.> > I set up 
> mine in virtual IP, and created a NAT rule with the option> selected to also 
> create an associated firewall rule.> > I can surf out to the internet just 
> fine but I can not access the device> through the IP I designated, from the 
> outside going in.> > I don't know about you, but I am using pfSense 1.01 and 
> no extra> services like Squid. One person suggested that Squid was installed 
> and> was block the entrance from the outside. But that was not the case> 
> because it is not installed.> > So I am in the same boat you are.> > > James 
> Kusler, Information Technology Manager > PHONE| 509.624.1613 or 800.822.4456 
> FAX| 509.624.1604> [EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com > 
> -Original Message-> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] > 
> Sent: Wednesday, December 26, 2007 9:19 AM> To: support@pfsense.com> Subject: 
> [pfSense Support] Virtual Ips> > I have a stupid question.. I am trying to 
> set up 2 servers with a> seperate> external IP adresses. My wan IP is 
> x.x.x.74 I want to use x.x.x.73 for> server 1 and x.x.x.72 for server 2. 
> Server 1 is 192.168.1.10 and server> 2> is 192.168.1.11. I think i have to 
> set this up in 1:1 nat, Firewall> rules,> and also in Virtual IPs. Is there 
> anywhere else i need to set this up,> It> doesn't seem to be working. Maybe I 
> have this way off or something> else.> Thanks for your help.> > > 
> -> To 
> unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: 
> [EMAIL PROTECTED]> > > 
> -> To 
> unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: 
> [EMAIL PROTECTED]> 
_
The best games are on Xbox 360.  Click here for a special offer on an Xbox 360 
Console.
http://www.xbox.com/en-US/hardware/wheretobuy/

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread James Kusler 
I am having the same problem.  I have an external IP from Qwest which is
part of an 8-IP address block.  That IP is the "gateway" and the others
are for my use.  SO I am trying to assign them to devices on my local
net.

I set up mine in virtual IP, and created a NAT rule with the option
selected to also create an associated firewall rule.

I can surf out to the internet just fine but I can not access the device
through the IP I designated, from the outside going in.

I don't know about you, but I am using pfSense 1.01 and no extra
services like Squid.  One person suggested that Squid was installed and
was block the entrance from the outside.  But that was not the case
because it is not installed.

So I am in the same boat you are.


James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 
-Original Message-
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 9:19 AM
To: support@pfsense.com
Subject: [pfSense Support] Virtual Ips

I have a stupid question.. I am trying to set up 2 servers with a
seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server
2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall
rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up,
It
doesn't seem to be working.  Maybe I have this way off or something
else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue 
I have a stupid question.. I am trying to set up 2 servers with a seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server 2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up, It
doesn't seem to be working.  Maybe I have this way off or something else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] sort of new PFSense user... WAN to LAN question...

2007-12-26 Thread James Kusler 
My IP address comes back as the WAN port of my pfSense firewall.  SO I
guess that's good.
 
I do not have any Services listed.  Squid is not in there.
 
James Kusler, Information Technology Manager - Sound Telecom
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED]   |
www.sound-tele.com   | www.solaxis.com
  


From: Curtis LaMasters [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 7:03 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] sort of new PFSense user... WAN to LAN
question...
 
Do you have anything in your firewall logs?  Try to make an additional
IP address through Virtual IP's menu (use carp) and then assign that to
your NAT rule for the outside IP address to be used and see if that
works.  Additionally, from a computer behind pfSense, go to
http://www.whatismyip.com and verify that this is the IP address that
you think it should be. What pfSense version are you running?

Curtis

RE: [pfSense Support] Squid running, squidguard blocking all traffic??

2007-12-26 Thread James Kusler 
I got yourother email as well.  I will check both of these out.  I had no idea 
Squid was there by default.
 
Thanks!  I will let you know how it turns out.
 
James Kusler, I.T. Manager
Sound Telecom
(509) 624-1613



From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wed 12/26/2007 6:31 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Squid running, squidguard blocking all traffic??


First check under the Services page under the status drop down menu.  Squid 
should be in there.

Curtis 
<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] sort of new PFSense user... WAN to LAN question...

2007-12-26 Thread Curtis LaMasters 
Do you have anything in your firewall logs?  Try to make an additional IP
address through Virtual IP's menu (use carp) and then assign that to your
NAT rule for the outside IP address to be used and see if that works.
Additionally, from a computer behind pfSense, go to
http://www.whatismyip.com and verify that this is the IP address that you
think it should be. What pfSense version are you running?

Curtis

Re: [pfSense Support] Squid running, squidguard blocking all traffic??

2007-12-26 Thread Curtis LaMasters 
First check under the Services page under the status drop down menu.  Squid
should be in there.

Curtis