Re: [pfSense Support] System Time
Curtis LaMasters wrote: status.php probably has it somewhere. If not you could issue a command via the GUI in the diagnostic menu. it does. it would probably be useful to have the system time on the index.php system summary page? how would you browse to status.php, there doesn't seem to be a link to it on from the menus? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] System Time
Hey I know the answer to this one! Go to Command menu under Diagnostics and type date, bingo! http://[pfsenseIP]/status.php also gives it! Kewl eh! Kind regards David Hingston - Original Message - From: Paul M [EMAIL PROTECTED] To: support@pfsense.com Sent: Thursday, April 10, 2008 9:33 PM Subject: Re: [pfSense Support] System Time Curtis LaMasters wrote: status.php probably has it somewhere. If not you could issue a command via the GUI in the diagnostic menu. it does. it would probably be useful to have the system time on the index.php system summary page? how would you browse to status.php, there doesn't seem to be a link to it on from the menus? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] System Time
great. I knew there was a simple way to do this. Thanks. Ryan -Original Message- From: Tortise [mailto:[EMAIL PROTECTED] Sent: Thursday, April 10, 2008 5:09 AM To: support@pfsense.com Subject: Re: [pfSense Support] System Time Hey I know the answer to this one! Go to Command menu under Diagnostics and type date, bingo! http://[pfsenseIP]/status.php also gives it! Kewl eh! Kind regards David Hingston - Original Message - From: Paul M [EMAIL PROTECTED] To: support@pfsense.com Sent: Thursday, April 10, 2008 9:33 PM Subject: Re: [pfSense Support] System Time Curtis LaMasters wrote: status.php probably has it somewhere. If not you could issue a command via the GUI in the diagnostic menu. it does. it would probably be useful to have the system time on the index.php system summary page? how would you browse to status.php, there doesn't seem to be a link to it on from the menus? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ NOD32 3015 (20080410) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking to destination ports
Randy Schultz write: Yeah I know - bad form replying to one's own message but... could somebody who knows more confirm or deny if this will work in pfsense: create an alias that blocks ports, then set up a rule that blocks from any to the alias Hi, it is possible in another way. First, you have to create a port-alias, but cosinder, that you put only ports from the same type (tcp or udp) in one alias. Live example: allow only secure mailtransport to my mailserver: 1. port alias alias nameSecure_mail/name address465 993 995/address descr/ typeport/type detailSMTPS||IMAPS||POPS||/detail /alias 2. rule rule typepass/type interfacelan/interface max-src-nodes/ max-src-states/ statetimeout/ statetypekeep state/statetype os/ protocoltcp/protocol source networklan/network /source destination addressa.b.c.d/address portSecure_mail/port /destination descrallow secure MAIL to xyz/descr /rule Hope this helps bye Christoph - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking to destination ports
On Thu, 10 Apr 2008, Christoph Hanle spaketh thusly: -}Hi, -}it is possible in another way. -}First, you have to create a port-alias, but cosinder, that you put only ports -}from the same type (tcp or udp) in one alias. -} -}Live example: -}allow only secure mailtransport to my mailserver: -}1. port alias -}alias -} nameSecure_mail/name -} address465 993 995/address -} descr/ -} typeport/type -} detailSMTPS||IMAPS||POPS||/detail -} /alias -}2. rule -}rule -} typepass/type -} interfacelan/interface -} max-src-nodes/ -} max-src-states/ -} statetimeout/ -} statetypekeep state/statetype -} os/ -} protocoltcp/protocol -} source -} networklan/network -} /source -} destination -} addressa.b.c.d/address -} portSecure_mail/port -} /destination -} descrallow secure MAIL to xyz/descr -} /rule -} -} -}Hope this helps Heya, Sorry. Apparently I wasn't clear. I want to block, not pass, all traffic to a specific port. For example, everybody on a /16 must use a given mailhost to send mail out. To enforce this, pass packets from the mailhost to any host but only to port 25, block all other traffic from anybody and from any port, to anybody on port 25. I've messed around a bit with setting up an alias with a bunch of ports: BlockPortsInside 67:69, 111, 113, 137:139, 161:162, 512:515, 1433:1434 When I try to add the alias as a block(say tcp), the gui allows me, but in the logs I see: Apr 10 16:34:06 php: : There were error(s) loading the rules: no IP address found for 67:69 /tmp/rules.debug:140: could not parse host specification pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [69 /tmp/rules.debug]: Thoughts? -- Randy([EMAIL PROTECTED]) 765.983.1283 * Love with your heart, think with your head; not the other way around. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ssh host keys
On Sun, Apr 6, 2008 at 6:16 PM, Cristian Ionescu-Idbohrn [EMAIL PROTECTED] wrote: Is there a way I could debug this myself? I'd need some tips. Anyone? Cheers, Go to ~/.ssh/ find file known_hosts and edit it :-) accordingly Just saw this mail -- - Postgrad student of Department of Computer Engineering and Informatics ( http://www.ceid.upatras.gr ) WARNING: posting to or from gmail might disclose sensitive information to people you don't entirely trust. For safe, private communication use korkarak (at) ceid (dot) upatras (dot) gr , and my public PGP key from http://students.ceid.upatras.gr/~korkakak/mykey - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Multimple WAN ftp server thing.
Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multimple WAN ftp server thing.
On 4/10/08, David Cavanaugh [EMAIL PROTECTED] wrote: Hello all and greetings: We've recently switched to pfsense to, among other things, take advantage of the multiple WAN feature. So, we have two interfaces defined thusly: wan ifem0/if mtu/ blockpriv/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddr74.x.x.4/ipaddr subnet29/subnet gateway74.x.x.3/gateway /wan opt1 ifsis0/if descrWAN2/descr bridge/ enable/ ipaddr170.x.x.2/ipaddr subnet30/subnet gateway170.x.x.1/gateway spoofmac/ mtu/ /opt1 WAN(WAN) is a T1. OPT1(WAN2) is a DSL. We created a LoadBalance Gateway with WAN and WAN2, as follows: lbpool typegateway/type behaviourfailover/behaviour monitorip/ nameLANLoadBalance/name descLoad Balance LAN/desc port/ serverswan|208.67.217.132/servers serversopt1|208.67.217.132/servers monitor/ /lbpool We have users in the field trying to access an FTP server on the LAN via the OPT1(WAN2) IP address. Without me going any further, is such a thing feasible? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FTP is not supported on multi-wan. This question comes up every couple months. Search the archives / forum for more information. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] WAN Multipe
Hello, I have the following doubt. How can I create in my firewall the user go out to Internet by means of a dynamic pool of public ips? (NAT pool dynamic) A time ago I did it but now I forgot it: can anybody help me? Greetings Sebastián Veloso Varas SAF - Fuerza Aérea de Chile Web : www.saf.cl E-mail : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] blocking to destination ports
Don't bother with this. I ran through a small flame-war with Scott about this, wrote my own patches for pfsense, that were working flawlessly on 1.0.1 and were applying rules on out-traffic, but politic persuation on dev's side prevented those patches to be implemented... Too bad, from my point of view. Don't start that all over again, just learn to live with in-only rules. /jan Randy Schultz wrote: Hiya, We are running 1.2-RELEASE with a bridge across OPT1 and OPT2. Is there any way to block to destination ports? I have found blocking from source ports but cannot find anything that allows me to block traffic to a port. Have I just overlooked something? -- Randy([EMAIL PROTECTED]) 765.983.1283 * Love with your heart, think with your head; not the other way around. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
