Re: [pfSense Support] PF and UT not working
any one have idea, where iam doing wrong ? Perhaps if you made it a little more clear why you're using two firewall products in-line of each other and what role they're each expected to play. There's likely some unexpected interplay between the two, particularly with the effective MITM a captive portal is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
It is likely that they are doing as I do... Use pfSense for firewall and VPN, while using Untangle for strictly filtering purposes (web, mail, etc) and not firewalling. - Jason -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 8:36 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working any one have idea, where iam doing wrong ? Perhaps if you made it a little more clear why you're using two firewall products in-line of each other and what role they're each expected to play. There's likely some unexpected interplay between the two, particularly with the effective MITM a captive portal is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PF and UT not working
On Fri, Jul 25, 2008 at 8:20 AM, Jason J. Ellingson [EMAIL PROTECTED] wrote: It is likely that they are doing as I do... Use pfSense for firewall and VPN, while using Untangle for strictly filtering purposes (web, mail, etc) and not firewalling. The conjecture is appreciated, but unless you're experiencing the same problem (CP doesn't work with bridged Untangle) I'm not sure it's valid. If you are having the same problem or have solved it already, please do share. I can guess what the problem is and a likely fix, but that's irrelevant (and presumptive) until the 'customer' more clearly states the problem. They're both network control devices that have been developed with differing philosophies and are not explicitly designed to work together. Hence, the need to know *precisely* what role the Untangle device is playing in their network. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
ram, This is a bit of a shot in the dark, but try turning off services in Untangle... until they are all off. It may be that one of them (like the Intrusion Detection module) is detecting something it doesn't like. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 3:41 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Thu, Jul 24, 2008 at 6:18 PM, Tim Nelson [EMAIL PROTECTED] wrote: It sounds like google.com http://google.com/ is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Hi thanks for the reply I have added that IP address in to that Allow IP place but still no success... any other suggestions, looks like some where the packets are dropping. any one have idea, where iam doing wrong ? ram
Re: [pfSense Support] PF and UT not working
I agree... and also try completely removing the Untangle box from the network to see if the problem clears up. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Original Message - From: Jason J. Ellingson [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, July 25, 2008 10:38:54 AM GMT -06:00 US/Canada Central Subject: RE: [pfSense Support] PF and UT not working ram, This is a bit of a shot in the dark, but try turning off services in Untangle... until they are all off. It may be that one of them (like the Intrusion Detection module) is detecting something it doesn't like. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 3:41 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Thu, Jul 24, 2008 at 6:18 PM, Tim Nelson [EMAIL PROTECTED] wrote: It sounds like google.com is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Hi thanks for the reply I have added that IP address in to that Allow IP place but still no success... any other suggestions, looks like some where the packets are dropping. any one have idea, where iam doing wrong ? ram
[pfSense Support] soekris - which model suits well ?
I currently have a normal I386 pc (pentium IV - 1,6GHz with 512MB RAM and a 20GB HDD)... Let's say if I want to replace this with a Soekris unit... how should I compare this to a normal pc ? I have about 10 ipsec VPNs, 4 VLAN's, some traffic shaping and some packages installed (I am planning on either using a CF HDD or if I need to take one of the Soekris boards that have an IDE/SATA connector, I'd install a small 2,5 HDD ofcourse). Because of the CF HDD (and not CF Flash) I asume I can safely install the full version - and in doing so, I would have all functionality like I have now on my Pentium IV ?? Sure, I can take the net 5501-70, but this might as well be overkill... I'm also planning on installing another Soekris at home (with a monowall CF card as backup, and pfSense (CF HDD) for daily use - I assume I can exchange the config.xml between mono pfsense for that matter ?) the home router is just an old PentiumIII 600mhz, I guess any Soekris will do just fine here at home ? I am currently weighing my options, since I cant make up my mind - in either buying Alix, Wrap, Soekris or just plain stay with a normal (intel) motherboard... the advantage of having a normal motherboard, is that I can use gbit cards ofcourse (which either Alix, Wrap Soekris does not offer today)... not that I have any use for gbit at home (all my switching is gbit, but my internet is just about 20mbit) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] soekris - which model suits well ?
On Fri, Jul 25, 2008 at 5:40 PM, Michel Servaes [EMAIL PROTECTED] wrote: I currently have a normal I386 pc (pentium IV - 1,6GHz with 512MB RAM and a 20GB HDD)... Let's say if I want to replace this with a Soekris unit... how should I compare this to a normal pc ? I have about 10 ipsec VPNs, 4 VLAN's, some traffic shaping and some packages installed (I am planning on either using a CF HDD or if I need to take one of the Soekris boards that have an IDE/SATA connector, I'd install a small 2,5 HDD ofcourse). Because of the CF HDD (and not CF Flash) I asume I can safely install the full version - and in doing so, I would have all functionality like I have now on my Pentium IV ?? Maybe, maybe not. You have a LOT more horsepower with a P4 than a 5501 or ALIX even. If an ALIX would suit your needs I would recommend it over Soekris gear, PC Engines donates a lot of gear to us developers so they tend to be better tested, and of course I recommend you support the companies that support us. From watching the Soekris list since the 5501 release, there appear to be some widespread defects in the 5501 boards that require shipping back to Soekris for repair so I would personally be leery of buying one at this point. I purchase the ALIX setups I deploy from netgate.com, great folks there. Back on topic - whether or not an ALIX will handle your needs depends on a few things. What throughput do you require, and what IPsec throughput do you require? See also: http://www.pfsense.org/index.php?option=com_contenttask=viewid=52Itemid=49 I'm also planning on installing another Soekris at home (with a monowall CF card as backup, and pfSense (CF HDD) for daily use - I assume I can exchange the config.xml between mono pfsense for that matter ?) From m0n0 to pfSense, yes. In the opposite direction, no. m0n0 configs restored on pfsense are converted. the home router is just an old PentiumIII 600mhz, I guess any Soekris will do just fine here at home ? Again depends on bandwidth, features, etc. I have a 20 Mb cable modem and 3 Mb DSL at home, I could barely max out both of those with a 4801, but that's running way too close to capacity for my comfort. I run a 1 GHz VIA 1U rack mount donated by hacom.net as my perimeter home firewall. (because who doesn't have rack cabinets at home? ;) Or in Scott Ullrich's case, a dead mini fridge that happens to be a perfect fit for 19 rack mount gear) It doesn't break a sweat pegging both connections. An ALIX would also work fine also and still leave plenty of headroom. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]