Re: [pfSense Support] PPPoE gets disconnected on WAN port
Hello, On Tue, 2008-04-29 at 19:08 -0400, Chris Buechler wrote: On Tue, Apr 29, 2008 at 8:44 AM, Olivier Mueller [EMAIL PROTECTED] wrote: Short update about my issues: Thanks for your feedback (and also to David). I couldn't try the commands yet because the device was remote and people were working, but I will keep them around in case the problems are coming back. This still might be something that is required. It seems we're missing the mpd config option for auto reconnect on PPPoE. But if it's working fine again now it must be OK, a flaky modem could have just as easily caused the scenario you were seeing. Let us know if the problem recurs. It worked about 5 days without problems, then it started again: Apr 30 11:17:38 gateway mpd: [pppoe] PPPoE connection closed May 5 11:18:56 gateway mpd: [pppoe] PPPoE connection closed May 8 11:17:57 gateway mpd: [pppoe] PPPoE connection closed May 9 11:14:30 gateway mpd: [pppoe] PPPoE connection closed May 9 11:51:18 gateway mpd: [pppoe] PPPoE connection closed May 13 09:56:03 gateway mpd: [pppoe] PPPoE connection closed May 13 12:28:51 gateway mpd: [pppoe] PPPoE connection closed May 14 23:13:23 gateway mpd: [pppoe] PPPoE connection closed May 15 10:06:19 gateway mpd: [pppoe] PPPoE connection closed May 15 10:13:36 gateway mpd: [pppoe] PPPoE connection closed Replacing/Resetting the VDSL Router (bridge) didn't helped. Maybe are the devices not strong enough of a small office LAN with about 15 people?(pfSense is on an Alix Board box) I'll check again with the ISP, but I guess the problem is local. The question is just where to search for it :) regards, Olivier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Intel Pro 1000 VT
I originally thought the problem was that the Intel was not working and the Braodcom was, however with my recent findings have led me to believe neither were working originally :( I've had a look at the supported hardware list for FreeBSD 7 and it doesn't appear in there. I'm quite worried that there is no way round this problem. Cheers Adam -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: 15 May 2008 03:43 To: support@pfsense.com Subject: Re: [pfSense Support] Intel Pro 1000 VT On Wed, May 14, 2008 at 5:34 AM, Adam Costello [EMAIL PROTECTED] wrote: There's good news and bad news. Good news: That install fixed the issue with the Intel Pro 1000VT and when I stick the cable link status says UP Bad News: The onboard Broadcom NetXtreme Dual Gigabit NIC is not working. If I stick a cable in that it doesn't even notice even though I have lights on the NIC and switch port. Did it work with the official 1.2 version? This might be something that's not supported until FreeBSD 7, in which case we can't help you at the moment. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the SecuraProtect Email Security System. For more information please visit http://www.securaprotect.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Multi User Wireless System
Dear list, Subject is a little off topic, but I love pfsense so much I like to use it for everything! Any thoughts gratefully received. Imagine a building that has 8 rooms, each room is rented to a different person. Each person may require internet access via wireless only. 1 access point covers the building nicely. The manager of the building will charge a small amount of rent for internet access. It maybe the case that some rooms want access, some do not The manager wants to: Set limits on the internet use, ie 5gb per month per room. Suspend accounts if they don't pay Provide wireless isolation between rooms - so room 1 cannot connect to room 2 etc Send a daily report to the rooms stating how much allowance is left that month (or provide a webpage to check) Proxy server, with possibility to have content filtering in the future Traffic shaping to help stop any one person dominating the connection. I've created a similar system using IPCOP, Traffic control and report addon, Dans Guardian Addon and a load of ugly scripts in the past, but not something I can give to building manager to control. Any thoughts how this might be achieved with Pfsense? Or do you know of any other open source solutions that do just this? Regards, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multi User Wireless System
I've created a similar system using IPCOP, Traffic control and report addon, Dans Guardian Addon and a load of ugly scripts in the past, but not something I can give to building manager to control. Any thoughts how this might be achieved with Pfsense? Or do you know of any other open source solutions that do just this? PFsense+Captive Portal+Squid+SquidGuard should do it... Mogamat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Intel Pro 1000 VT
From: [EMAIL PROTECTED] To: support@pfsense.com Date: Thu, 15 May 2008 09:50:17 +0100 Subject: RE: [pfSense Support] Intel Pro 1000 VT I originally thought the problem was that the Intel was not working and the Braodcom was, however with my recent findings have led me to believe neither were working originally :( I've had a look at the supported hardware list for FreeBSD 7 and it doesn't appear in there. I'm quite worried that there is no way round this problem. Cheers Adam If the hardware is not on the supported hardware list, they will NOT work with pfSense. You will have to get another NIC for the server. _ Windows Live SkyDrive lets you share files with faraway friends. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008
RE: [pfSense Support] Intel Pro 1000 VT
Hi Sean, Sorry didn't put this in the message below, the Braodcom (NetXtreme BCM5722) is actually the embedded NIC so I can't replace :( Is my only option a custom build (if I can find the FreeBSD drivers for it)? Cheers Adam From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 15 May 2008 15:09 To: support@pfsense.com Subject: RE: [pfSense Support] Intel Pro 1000 VT From: [EMAIL PROTECTED] To: support@pfsense.com Date: Thu, 15 May 2008 09:50:17 +0100 Subject: RE: [pfSense Support] Intel Pro 1000 VT I originally thought the problem was that the Intel was not working and the Braodcom was, however with my recent findings have led me to believe neither were working originally :( I've had a look at the supported hardware list for FreeBSD 7 and it doesn't appear in there. I'm quite worried that there is no way round this problem. Cheers Adam If the hardware is not on the supported hardware list, they will NOT work with pfSense. You will have to get another NIC for the server. _ Windows Live SkyDrive lets you share files with faraway friends. Start sharing. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh _skydrive_052008 __ This email has been scanned by the SecuraProtect Email Security System. For more information please visit http://www.securaprotect.com
RE: [pfSense Support] Intel Pro 1000 VT
Adam, This may sound strange, but you might want to load linux and vmware server on the machine, and run pfSense virtualized until the hardware support comes for your NICs. We run pfSense virtualized on Dell PE1800s, PE2900s, and PE2950 servers all the time. Dimitri Rodis Integrita Systems LLC From: Adam Costello [mailto:[EMAIL PROTECTED] Sent: Thursday, May 15, 2008 7:47 AM To: support@pfsense.com Subject: RE: [pfSense Support] Intel Pro 1000 VT Hi Sean, Sorry didn't put this in the message below, the Braodcom (NetXtreme BCM5722) is actually the embedded NIC so I can't replace :( Is my only option a custom build (if I can find the FreeBSD drivers for it)? Cheers Adam From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 15 May 2008 15:09 To: support@pfsense.com Subject: RE: [pfSense Support] Intel Pro 1000 VT From: [EMAIL PROTECTED] To: support@pfsense.com Date: Thu, 15 May 2008 09:50:17 +0100 Subject: RE: [pfSense Support] Intel Pro 1000 VT I originally thought the problem was that the Intel was not working and the Braodcom was, however with my recent findings have led me to believe neither were working originally :( I've had a look at the supported hardware list for FreeBSD 7 and it doesn't appear in there. I'm quite worried that there is no way round this problem. Cheers Adam If the hardware is not on the supported hardware list, they will NOT work with pfSense. You will have to get another NIC for the server. Windows Live SkyDrive lets you share files with faraway friends. Start sharing. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Ref resh_skydrive_052008 __ This email has been scanned by the SecuraProtect Email Security System. For more information please visit http://www.securaprotect.com
Re: [pfSense Support] Intel Pro 1000 VT
If that Broadcom card isn't on the supported hardware list for FreeBSD 7, you may be up a creek without a paddle unfortunately. You may try installing straight FreeBSD 7 on this machine and see if it recognizes the cards. That won't help you put pfSense on it, admittedly, but it'll at least give you a clue as to whether or not you'll see support for those cards anytime in the next year or two. Adam Costello wrote: Hi Sean, Sorry didn’t put this in the message below, the Braodcom (NetXtreme BCM5722) is actually the embedded NIC so I can’t replace :( Is my only option a custom build (if I can find the FreeBSD drivers for it)? Cheers Adam *From:* Sean Cavanaugh [mailto:[EMAIL PROTECTED] *Sent:* 15 May 2008 15:09 *To:* support@pfsense.com *Subject:* RE: [pfSense Support] Intel Pro 1000 VT From: [EMAIL PROTECTED] To: support@pfsense.com Date: Thu, 15 May 2008 09:50:17 +0100 Subject: RE: [pfSense Support] Intel Pro 1000 VT I originally thought the problem was that the Intel was not working and the Braodcom was, however with my recent findings have led me to believe neither were working originally :( I've had a look at the supported hardware list for FreeBSD 7 and it doesn't appear in there. I'm quite worried that there is no way round this problem. Cheers Adam If the hardware is not on the supported hardware list, they will NOT work with pfSense. You will have to get another NIC for the server. Windows Live SkyDrive lets you share files with faraway friends. Start sharing. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008 __ This email has been scanned by the SecuraProtect Email Security System. For more information please visit http://www.securaprotect.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Virtualizing pfSense
Good Day All, I would like to take a reasonable machine and run some virtualization software on it so that I can run both pfSense and a copy of a standard workstation image so I can use it for remote testing. The workstation image will not need to run that often but I need to make sure it is running in the same type of environment as the rest of the internal workstations. Can I safely run pfSense and another OS in a virtualized environment without compromising security? If so can you give me a basic idea of what I need. Do I need 3 physical NICs in the machine 1 WAN, 1 LAN, 1 for the workstation image. I will probably use VMWare Workstation 6.0 is there anything special I need to do with it, etc. Your help is greatly appreciated. I have pfSense running in a number of buildings and it works great but this is just one more new twist to it for me. Ron.
Re: [pfSense Support] Virtualizing pfSense
On Thu, May 15, 2008 at 11:05 AM, Ron Lemon [EMAIL PROTECTED] wrote: I would like to take a reasonable machine and run some virtualization software on it so that I can run both pfSense and a copy of a standard workstation image so I can use it for remote testing. The workstation image will not need to run that often but I need to make sure it is running in the same type of environment as the rest of the internal workstations. Can I safely run pfSense and another OS in a virtualized environment without compromising security? The answer here greatly depends on your security standards. In this configuration, the biggest risk you have is that someone can directly compromise the host, thereby compromising your guests. At this time, I believe this is a theoretical attack vector, although I have certainly seen network driver level compromises in the past. So, while you aren't likely to be compromised from a script kiddie, I wouldn't want to put this in front of a skilled and dedicated attacker (you don't have any enemies do you? ;-P) If so can you give me a basic idea of what I need. Do I need 3 physical NICs in the machine 1 WAN, 1 LAN, 1 for the workstation image. I will probably use VMWare Workstation 6.0 is there anything special I need to do with it, etc. The best way you can set this up would be a 3 or 4 nic configuration (3 is probably good enough). Host: NIC 1 - Host OS management NIC 2 - bridged to pfSense (use as pfSense WAN) NIC 3 - bridged to pfSense (use as pfSense LAN) and bridge to workstation Make sure there is no IP protocols running on the host OS on NIC 2 and NIC 3 and that other than vmware, nothing is bound to those NICs in any way. Anything in promiscuous mode (say, tcpdump, snort, etc) running on the host is vulnerable to application level attacks that can compromise the host and bypass the firewall. FWIW...on the security risk front. Would I run this at work, no, no, and hell no...at home..I might take the risk given that I have a decent understanding of the attack vectors. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Intel Pro 1000 VT
From: [EMAIL PROTECTED] To: support@pfsense.com Date: Thu, 15 May 2008 15:47:09 +0100 Subject: RE: [pfSense Support] Intel Pro 1000 VT Hi Sean, Sorry didn’t put this in the message below, the Broadcom (NetXtreme BCM5722) is actually the embedded NIC so I can’t replace :( Is my only option a custom build (if I can find the FreeBSD drivers for it)? Cheers Adam I was referring to adding in a PCI, PCI-X or PCI-E network card with a supported chipset. pfSense includes all the network drivers from the FreeBSD version it is tracking. Currently pfSense-1.2.RELEASE uses FreeBSD 6.2 but there is a testing release that is based on 6.3 that I'm seeing referenced more and more to solve some hardware related issues. If the chipset manufacturer has made their own drivers that work for FreeBSD (HIGHLY unlikely) then a custom build would be feasible but a pretty daunting task in of itself. -Sean _ Windows Live SkyDrive lets you share files with faraway friends. http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Virtualizing pfSense
__ Date: Thu, 15 May 2008 12:05:53 -0400 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Virtualizing pfSense Good Day All, I would like to take a reasonable machine and run some virtualization software on it so that I can run both pfSense and a copy of a standard workstation image so I canuse it for remote testing. The workstation image will not need to run that often but I need to make sure it is running in the same type of environment as the rest of theinternal workstations. Can I safely run pfSense and another OS in a virtualized environment without compromising security? If so can you give me a basic idea of what I need. Do I need 3 physical NICs in the machine 1 WAN, 1 LAN, 1 for the workstation image. I will probably use VMWareWorkstation 6.0 is there anything special I need to do with it, etc. Your help is greatly appreciated. I have pfSense running in a number of buildings and it works great but this is just one more new twist to it for me. Ron. I currently run this type of setup at home. I have a windows 2003 server with VMWare server 2.0 beta running on it. The computer has 3 NICs to help segregate traffic. onboard NIC is for Win2k3 network access, NIC card 1 is for WAN use for pfSense, NIC card 2 is a gigabit for LAN for pfSense image as well as LAN access for my FreeBSD server image. i have all protocols turned off on NIC cards 1 and 2 except for the VMWare connector so Win2k3 will only see raw traffic on those ports and not do any processing of it. i also turned off the VMWare connector to the onboard NIC so i cannot accidentally bind it with a virtual image. security of the system is for the most part no worse than having them all on different systems. as long as the host system is treated with more care since it controls when those virtual images run, it should not be any more concern than normal. _ Make Windows Vista more reliable and secure with Windows Vista Service Pack 1. http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Virtualizing pfSense
Am 15.05.2008 um 19:24 schrieb Sean Cavanaugh: __ Date: Thu, 15 May 2008 12:05:53 -0400 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Virtualizing pfSense Good Day All, I would like to take a reasonable machine and run some virtualization software on it so that I can run both pfSense and a copy of a standard workstation image so I canuse it for remote testing. The workstation image will not need to run that often but I need to make sure it is running in the same type of environment as the rest of theinternal workstations. Can I safely run pfSense and another OS in a virtualized environment without compromising security? If so can you give me a basic idea of what I need. Do I need 3 physical NICs in the machine 1 WAN, 1 LAN, 1 for the workstation image. I will probably use VMWareWorkstation 6.0 is there anything special I need to do with it, etc. Your help is greatly appreciated. I have pfSense running in a number of buildings and it works great but this is just one more new twist to it for me. Ron. I currently run this type of setup at home. I have a windows 2003 server with VMWare server 2.0 beta running on it. Does VMware Server 2.0 come with VMware Tools for FreeBSD6? And how do you install them in pfSense? Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Virtualizing pfSense
From: [EMAIL PROTECTED] Date: Thu, 15 May 2008 20:47:26 +0200 To: support@pfsense.com Subject: Re: [pfSense Support] Virtualizing pfSense Am 15.05.2008 um 19:24 schrieb Sean Cavanaugh: __ Date: Thu, 15 May 2008 12:05:53 -0400 From: [EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] Virtualizing pfSense Good Day All, I would like to take a reasonable machine and run some virtualization software on it so that I can run both pfSense and a copy of a standard workstation image so I canuse it for remote testing. The workstation image will not need to run that often but I need to make sure it is running in the same type of environment as the rest of theinternal workstations. Can I safely run pfSense and another OS in a virtualized environment without compromising security? If so can you give me a basic idea of what I need. Do I need 3 physical NICs in the machine 1 WAN, 1 LAN, 1 for the workstation image. I will probably use VMWareWorkstation 6.0 is there anything special I need to do with it, etc. Your help is greatly appreciated. I have pfSense running in a number of buildings and it works great but this is just one more new twist to it for me. Ron. I currently run this type of setup at home. I have a windows 2003 server with VMWare server 2.0 beta running on it. Does VMware Server 2.0 come with VMware Tools for FreeBSD6? And how do you install them in pfSense? Rainer for the record, VMWare tools is included in the ports collection and they dont really do anything beyond provide a clock sync between the virtual image and the host PC which if set up properly wont skew off by enough to really worry about anyway. they are almost not worth installing. pfSense has an option to sync to an NTP server already and i just run an NTP sync program within my BSD server image. but yes VMWare Server does come with the tools ISO's -Sean _ Make Windows Vista more reliable and secure with Windows Vista Service Pack 1. http://www.windowsvista.com/SP1?WT.mc_id=hotmailvistasp1banner
Re: [pfSense Support] Virtualizing pfSense
Am 15.05.2008 um 20:55 schrieb Sean Cavanaugh: for the record, VMWare tools is included in the ports collection Well, the port uses the stuff from the mounted iso-image ;-) You can't download them separately, AFAIK. and they dont really do anything beyond provide a clock sync between the virtual image and the host PC That's not completely true, IIRC. AFAIK, the tools are also helping with memory management (on ESX at least, maybe Server 2.0 gained something here on Server 1.0) they are almost not worth installing. pfSense has an option to sync to an NTP server already and i just run an NTP sync program within my BSD server image. IMO, the biggest problem of VMware is clock-syncing. Even on supported platforms. It's a nightmare. but yes VMWare Server does come with the tools ISO's -Sean Make Windows Vista more reliable and secure with Windows Vista Service Pack 1. Learn more. I thought it was one of those witty tag-lines along Make Vista more reliable by installing Ubuntu or so. Interestingly, it doesn't say faster ;-))) cheers, Rainer -- Rainer Duffner CISSP, LPI, MCSE [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Virtualizing pfSense
On Thu, May 15, 2008 at 3:07 PM, Rainer Duffner [EMAIL PROTECTED] wrote: Am 15.05.2008 um 20:55 schrieb Sean Cavanaugh: for the record, VMWare tools is included in the ports collection open-vm-tools from ports is the way to go. I have packages built for pfSense, just need to put together the wrapper to add to our package system. I'll be posting to the blog when it's available. AFAIK, the tools are also helping with memory management (on ESX at least, maybe Server 2.0 gained something here on Server 1.0) You need the memory thing (don't recall offhand what it's called) for VMotion in ESX. It also does help with time keeping, and lets you use the vmxnet network driver which is more efficient than other options. more on that later once the package is available. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]