Re: [pfSense Support] Re: pfsense and soekris 5501
On Feb 2, 2008, at 7:34 PM, Ugo Bellavance wrote: Has nyone had any issues with a NET5501 and pfsense? Either with a HD or CF install? Anyone has benchmarks about NET55xx or Alix boards? I'm currently using a regular PC for a firewall for a 30-40 mbps link (burstable to 100mbps) and I'm looking to change it eventually. You should be fine. We don't have that much regular traffic, but I can easily push 100Mbit through our Alix and Net5501 based boxes running FreeBSD (NanoBSD based; I had too much trouble getting CARP and VLANs playing nicely with pfsense). - ask -- http://develooper.com/ - http://askask.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] syslogd parameters in /etc/inc/system.inc
can the system script be modified, please to tell syslogd to only bind
to localhost?
# diff system.inc.orig system.inc
412c412
$retval = mwexec(/usr/sbin/syslogd -s -f
{$g['varetc_path']}/syslog.conf);
---
$retval = mwexec(/usr/sbin/syslogd -b 127.0.0.1 -s -f
{$g['varetc_path']}/syslog.conf);
415c415
$retval = mwexec(/usr/sbin/syslogd -ss);
---
$retval = mwexec(/usr/sbin/syslogd -b 127.0.0.1 -ss);
thanks!
Paul
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] bug report - missing network device still listed as up
Ermal Luçi wrote: Can you please open a ticket for this! done http://cvstrac.pfsense.com/tktview?tn=1652,6 On Thu, Feb 14, 2008 at 5:03 PM, Paul M [EMAIL PROTECTED] wrote: Is this a known bug? when you remove a network device from a working configured pfsense 1.2rc4 machine, it still boots up, and the web UI interface summary says the device is up, but has no details (no mac, no IP, etc) we discovered this when one of our firewall servers died, and problem was the PCIX twin-port NIC. luckily we are able to do without that NIC, so we booted the machine without it, using the motherboard's intel twin giga ports for wan lan, and intel e100 for sync. so, devices BGE0 and BGE1 disappeared completely, but the webui still lists interface we called DMZ as being up! Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Basics of connecting 2 or more WAN ports
On 2/18/08, Mike Lever [EMAIL PROTECTED] wrote: Lastly what is the difference between setting up firewall rules under the LAN tab vs the WAN tab ? LAN tab is for packets coming into the firewall from the LAN interface. WAN tab is for packets coming into the firewall from the WAN interface. If you are loadbalancing for users in the LAN then you just need to worry about the LAN interface rules, the WAN rules are not needed. sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Basics of connecting 2 or more WAN ports
Mike, Item 1 is a FAQ. The answer is that pfSense only supports PPPoE on the primary WAN interface. All other OPT interfaces treated as WANs must use a device in front of them to negotiate the PPPoE connection and provide a static IP address. Load balancing is configured in the Load Balancing dialog inside the pfSense webGUI. Consult the pfSense documentation on setting up outbound load balancing. A common mistake people make when configuring outbound load balancing is that they neglect to set up static routes to the DNS servers belonging to a particular WAN connection. -Gary Mike Lever wrote: Hi, I have been searching high and low but I cannot seem to find anywhere a manual or instructions on how to setup multiple WAN ports only, no DMZ, SMTP , HTTPS etc separation. All I want to do is correctly balance my 5 DSL lines using PFsense 1.2RC4 My questions are as follows: 1. How can I setup multiple PPPoe sessions ? I can see the one WAN port where it allows me to but on the option cards all I can select is static and DHCP. If I use DHCP how do I set the firewall to allow an internal IP address access to the router ? 2. How does the firewall work ? Where do I set load balancing rules ? on the LAN / on each WAN port or both ? 3. What else do I need to set ? 4. how would I set DNS if I have a separate DHCP server ? I understand these may be basic questions but seem to be pulling my hair out over this combination that works very intermittently. Any feedback would gladly be appreciated ! Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com *CONFIDENTIALITY CAUTION*: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Basics of connecting 2 or more WAN ports
Hi Gary, Firstly thanks for the prompt response ! I have finally found some documentation, I will go about that shortly. I think one of my problems is DNS and handling those requests. Please confirm how I go about setting up static routes to the DNS servers belonging to a particular WAN connection. Lastly what is the difference between setting up firewall rules under the LAN tab vs the WAN tab ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 18 Feb 2008 05:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] Basics of connecting 2 or more WAN ports Mike, Item 1 is a FAQ. The answer is that pfSense only supports PPPoE on the primary WAN interface. All other OPT interfaces treated as WANs must use a device in front of them to negotiate the PPPoE connection and provide a static IP address. Load balancing is configured in the Load Balancing dialog inside the pfSense webGUI. Consult the pfSense documentation on setting up outbound load balancing. A common mistake people make when configuring outbound load balancing is that they neglect to set up static routes to the DNS servers belonging to a particular WAN connection. -Gary Mike Lever wrote: Hi, I have been searching high and low but I cannot seem to find anywhere a manual or instructions on how to setup multiple WAN ports only, no DMZ, SMTP , HTTPS etc separation. All I want to do is correctly balance my 5 DSL lines using PFsense 1.2RC4 My questions are as follows: 1. How can I setup multiple PPPoe sessions ? I can see the one WAN port where it allows me to but on the option cards all I can select is static and DHCP. If I use DHCP how do I set the firewall to allow an internal IP address access to the router ? 2. How does the firewall work ? Where do I set load balancing rules ? on the LAN / on each WAN port or both ? 3. What else do I need to set ? 4. how would I set DNS if I have a separate DHCP server ? I understand these may be basic questions but seem to be pulling my hair out over this combination that works very intermittently. Any feedback would gladly be appreciated ! Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com *CONFIDENTIALITY CAUTION*: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] syslogd parameters in /etc/inc/system.inc
On Feb 18, 2008 6:18 AM, Paul M [EMAIL PROTECTED] wrote:
can the system script be modified, please to tell syslogd to only bind
to localhost?
# diff system.inc.orig system.inc
412c412
$retval = mwexec(/usr/sbin/syslogd -s -f
{$g['varetc_path']}/syslog.conf);
---
$retval = mwexec(/usr/sbin/syslogd -b 127.0.0.1 -s -f
{$g['varetc_path']}/syslog.conf);
415c415
$retval = mwexec(/usr/sbin/syslogd -ss);
---
$retval = mwexec(/usr/sbin/syslogd -b 127.0.0.1 -ss);
I will look into it. In the future, please see this for submitting
patches: http://devwiki.pfsense.org/SubmittingPatches
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] syslogd parameters in /etc/inc/system.inc
Scott Ullrich wrote: I will look into it. In the future, please see this for submitting patches: http://devwiki.pfsense.org/SubmittingPatches sorry I stand corrected - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Example configuration for PC Engines board
Hello, I am trying to avoid getting out a serial cable. I need a working example for a PC Engines board. I have manually changed the interface names to vr0/vr1/vr2 but I'm still not getting activity. Can somebody please show me concrete examples of config.xml that are working for you? -Galen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Accessing my routers
Mike, You should simply need to point your web browser to the IP address of your LAN interface, or use SSL if you enabled that. On a typical install http://192.168.1.1 will get you there, or https://192.168.1.1 -Gary Mike Lever wrote: Hi , I seem to be getting somewhere. Just one more question. I now cant access my routers from the LAN. What do I need to configure to allow access ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com *CONFIDENTIALITY CAUTION*: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Example configuration for PC Engines board
[EMAIL PROTECTED] wrote: I am trying to avoid getting out a serial cable. I need a working example for a PC Engines board. I have manually changed the interface names to vr0/vr1/vr2 but I'm still not getting activity. Can somebody please show me concrete examples of config.xml that are working for you? Hi Galen Is it a very new one? If yes, and it doen't have the latest firmware on it (v0.99), namely a v0.98 version, the current image (RC4) will hang during boot. To make sure you have to get your serial (null-modem) cable up and running. The one shipped to me a couple of weeks ago had 0.98 on it and therefore did not complete booting up. Oliver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPSEC and Traffic Shaping
Please forgive me if I've missed any release notes recently... Does traffic shaping currently work on IPSEC tunnels? In the past, I remember it did NOT work. Also, is there an ETA for the 1.2-FINAL version? Thank you! Tim Nelson Systems/Network Support Rockbochs Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC and Traffic Shaping
On Feb 18, 2008 5:09 PM, Tim Nelson [EMAIL PROTECTED] wrote: Please forgive me if I've missed any release notes recently... Does traffic shaping currently work on IPSEC tunnels? In the past, I remember it did NOT work. Only on 1.3. Also, is there an ETA for the 1.2-FINAL version? Soon is all I can say. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Example configuration for PC Engines board
Galen, I'm frugal, but I'm also all about easy. I bought a serial cable just to make everything go smooth. Having done that, I upgraded the firmware on my Alix board, put RC4 on there, and it booted right up. Set my interfaces up, and was ready to go. I don't know if this approach is easier than editing .XML files, but it was pretty cool to see everything working as advertised, and it speaks to the quality of the available tutorials. Aloha, Jeremy On Feb 18, 2008, at 11:52 AM, Oliver von Bueren wrote: [EMAIL PROTECTED] wrote: I am trying to avoid getting out a serial cable. I need a working example for a PC Engines board. I have manually changed the interface names to vr0/vr1/vr2 but I'm still not getting activity. Can somebody please show me concrete examples of config.xml that are working for you? Hi Galen Is it a very new one? If yes, and it doen't have the latest firmware on it (v0.99), namely a v0.98 version, the current image (RC4) will hang during boot. To make sure you have to get your serial (null-modem) cable up and running. The one shipped to me a couple of weeks ago had 0.98 on it and therefore did not complete booting up. Oliver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC and Traffic Shaping
On 2/18/08, Tim Nelson [EMAIL PROTECTED] wrote: Thank you for the update. I just found a post on the forum over at: http://forum.pfsense.org/index.php?topic=2718.msg44515#msg44515 Is that post incorrect regarding IPSEC traffic shaping? It is correct. Did you read the thread? Those features will not appear until 1.3. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC and Traffic Shaping
Thank you for the update. I just found a post on the forum over at: http://forum.pfsense.org/index.php?topic=2718.msg44515#msg44515 Is that post incorrect regarding IPSEC traffic shaping? Tim Nelson Systems/Network Support Rockbochs Inc. - Original Message - From: Scott Ullrich [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, February 18, 2008 4:32:09 PM (GMT-0600) America/Chicago Subject: Re: [pfSense Support] IPSEC and Traffic Shaping On Feb 18, 2008 5:09 PM, Tim Nelson [EMAIL PROTECTED] wrote: Please forgive me if I've missed any release notes recently... Does traffic shaping currently work on IPSEC tunnels? In the past, I remember it did NOT work. Only on 1.3. Also, is there an ETA for the 1.2-FINAL version? Soon is all I can say. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC and Traffic Shaping
Am 18.02.2008 um 23:09 schrieb Tim Nelson: Please forgive me if I've missed any release notes recently... Does traffic shaping currently work on IPSEC tunnels? In the past, I remember it did NOT work. Also, is there an ETA for the 1.2-FINAL version? I think I read a couple of days in one of my RSS-feeds from the pfsense-site today. cheers, Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
