Re: [pfSense Support] hidden/implicit rule allowing snmp?
On Wed, Feb 18, 2009 at 10:14 AM, Paul Mansfield it-admin-pfse...@taptu.com wrote: I'm rehoming a monitoring box to a new address and I was checking our various pfSense firewalls would continue to work, and I noticed that there's no rule allowing access to UDP:161 for the LAN interface, in fact none of the interfaces even mention udp:161 and there's no other rule which would cover it. Please can you tell me how this still works? Is this an implicit/hidden rule? The anti-lockout rule allows traffic to the LAN IP. You can turn it off under System - Advanced. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: hard drive install failure
anyone? 2009/2/16 Nick Upson nick.up...@gmail.com: additionally, I tried to install onto a smaller (10Gb) Hard drive, this appeared to work until I rebooted after the install and attempted to boot from the hard drive, both (I tried this with 2 different drives) failed to boot with READ_DMA failures, g_vfs_done error = 5, vnode_pager_getpages: I/O read error init: can't exec /bin/sh for /etc/rc init: fatal signal: segmentation fault 2009/2/16 Nick Upson nick.up...@gmail.com: I'm attempting to install onto a hard-drive, the format was ok but then I get /sbin/fdisk -v -f /tmp/new.fdisk ad1 FAILED with a return code of 1 the log says the number of cylinders 153221 may out of range and that the number of sectors is out of range. I am attempting to install onto a 320Gb drive, is that too big? or do I need to change something somewhere - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: hard drive install failure
On Wed, Feb 18, 2009 at 09:27, Nick Upson nick.up...@gmail.com wrote: anyone? Most probably didn't respond because your description of the problem seemed pretty obvious that you have a hard drive failure. pfSense uses modern FreeBSD under the hood, and there's no reason a 320GB drive would be too large. If the drive works anywhere else, it might be cause for concern with pfSense; otherwise, installing on the smaller (more importantly, different) drive didn't prove anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: hard drive install failure
the 320 Gb drive works fine for a fedora 8 install the smaller drives both would have had to fail at exactly the same place which seems unlikely 2009/2/18 RB aoz@gmail.com: On Wed, Feb 18, 2009 at 09:27, Nick Upson nick.up...@gmail.com wrote: anyone? Most probably didn't respond because your description of the problem seemed pretty obvious that you have a hard drive failure. pfSense uses modern FreeBSD under the hood, and there's no reason a 320GB drive would be too large. If the drive works anywhere else, it might be cause for concern with pfSense; otherwise, installing on the smaller (more importantly, different) drive didn't prove anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: hard drive install failure
I assume you've already followed this: http://doc.pfsense.org/index.php/Boot_Troubleshooting Nick Upson wrote: the 320 Gb drive works fine for a fedora 8 install the smaller drives both would have had to fail at exactly the same place which seems unlikely 2009/2/18 RB aoz@gmail.com: On Wed, Feb 18, 2009 at 09:27, Nick Upson nick.up...@gmail.com wrote: anyone? Most probably didn't respond because your description of the problem seemed pretty obvious that you have a hard drive failure. pfSense uses modern FreeBSD under the hood, and there's no reason a 320GB drive would be too large. If the drive works anywhere else, it might be cause for concern with pfSense; otherwise, installing on the smaller (more importantly, different) drive didn't prove anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: hard drive install failure
I hadn't found it (I did look), working through it now 2009/2/18 Gary Buckmaster g...@centipedenetworks.com: I assume you've already followed this: http://doc.pfsense.org/index.php/Boot_Troubleshooting Nick Upson wrote: the 320 Gb drive works fine for a fedora 8 install the smaller drives both would have had to fail at exactly the same place which seems unlikely 2009/2/18 RB aoz@gmail.com: On Wed, Feb 18, 2009 at 09:27, Nick Upson nick.up...@gmail.com wrote: anyone? Most probably didn't respond because your description of the problem seemed pretty obvious that you have a hard drive failure. pfSense uses modern FreeBSD under the hood, and there's no reason a 320GB drive would be too large. If the drive works anywhere else, it might be cause for concern with pfSense; otherwise, installing on the smaller (more importantly, different) drive didn't prove anything. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN issue
I do have a rule connecting PPTP traffic to the LAN subnet. I've forwarded traffic (on the router that handles the t1) on the public IP's port 80 to the address (10.0.0.200) of the Alix/PF but cannot raise the webgui from off network. On Feb 17, 2009, at 6:35 PM, Jeremy Bennett wrote: Hello, I setup an Alix 2c3 embedded PFsense to serve as a VPN device. The main router terminates a VPN and is an Adtran Netvanta 3000 series device. The netvanta forwards all traffic on port 1723 to the PFsense box at 10.0.0.200. The PF PPTP server sits at 10.0.0.253 and assigns IPs from 10.0.0.148 on up. I've tried the VPN connection when on the local network and authenticate to 10.0.0.200 immediately. I'm trying to connect remotely and cannot. How do I begin troubleshooting this? Thanks for the help, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Traffic shaper issues
I'm having some issues with the traffic shaper after switching to 1.2.2. Basically I was noticing that the RRD quality graph was showing pings of 1 second when there was a lot of bandwidth being used on the line. I don't remember seeing that issue when I was on the old version. I started experimenting and found some issues. For a simple reproduction, I created a simple shaper rule using the wizard. Up and down was both set to 500 kbit (I have 6 mbit symmetric so this is easily satisfied). I also added a generic VOIP reserving 96 kbit. Now if I have a window open where I ping the first hop after the firewall, and in another window I start a fast download. The ping will quickly go to several seconds - then start timing out completely. Accessing the firewall to look at stats etc while the download runs is impossible. Questions: Why can't I create a shaper with the wizard without adding any special cases? What if I just want to limit everything to a fraction of the connection speed? Should the firewall access be limited along with everything else? Even with no rules for ICMP, shouldn't they be scheduled once in a while instead of timing out? Regards, -Jeppe