[pfSense Support] Logging IGMP recognized as ESP
Why are IGMP Packets recognized as ESP (Encapsulated Security Payload) in GUI? Console: 10:15:43.276143 IP 1.1.1.1 224.0.0.1: igmp query v2 [max resp time 20] GUI: Mar 3 10:15:44 WAN 1.1.1.1 224.0.0.1 ESP Regards, Simon - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Minor text change suggestion - OpenNTPD
Hi On the OpenNTPD page I suggest the text be changed from Select the interface the NTP server will listen on. Select the interface(s) the NTP server will listen on. I assume this minor change more accurately describes that pfsense seems to be able to serve NTP on multiple LAN interfaces. (And I guess is a veiled question that my assumption is correct?!) Kind regards David - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Logging IGMP recognized as ESP
This is because IGMP works above the network Layer...thats why it is not recognized as a transport protocol...You should disable IGMP if there is no requirement on your network for it. Regards Abdulrehman On Tue, Mar 3, 2009 at 3:17 PM, Simon Gerber simon.ger...@gmail.com wrote: Why are IGMP Packets recognized as ESP (Encapsulated Security Payload) in GUI? Console: 10:15:43.276143 IP 1.1.1.1 224.0.0.1: igmp query v2 [max resp time 20] GUI: Mar 3 10:15:44 WAN 1.1.1.1 224.0.0.1 ESP Regards, Simon - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
AW: [pfSense Support] Not all Virtual IP's forwarding correctly
Von: Abdulrehman [mailto:arvagabo...@gmail.com] Gesendet: Dienstag, 3. März 2009 07:16 An: support@pfsense.com Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly Don't confuse guys up here...! 1. where your IP is blocked...at ISP end or somewhere on internet..? Don't be confused... he has a block of IP addresses; what he wants to say is a range of addresses (i.e. his ISP gave him a subnet with official addresses) 2. The second set and its port forwarding work with out issue (port He forwards port 80 of to an internal server 3. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port...what does it mean? As I understand it, he wants to have multiple IPs on the WAN side and forward port 80 to different internal servers depending on which WAN IP the request was received. I don't think he can do this through the gui, maybe some config.xml-hacking does the trick. Paul, in the subject you talk about Virtual IPs. Please read the manual; the Virtual IP-Settings in the pfsense-GUI are not what you believe you understood. A VIP is NOT a second address for an Interface as you need it. You can make a backup of your config, edit the resulting xml file and restore it (search the web; there is a howto in pfsense.org). I havent done port forwarding yet, so I cannot help you at this point. Regards Matthias On Tue, Mar 3, 2009 at 7:40 AM, Paul joyride...@gmail.com wrote: We have a block ip address from our provider. The main ip for our network and its port forwarding works well. I created 2 virtual ip's. The second set and its port forwarding work with out issue (port 80) that go to another server. The 3rd virtual ip I created partially works. SSH works. I then forwarded 80 with it and it does not work. I can pull up the webpage internally though. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port. What do I need to provide to see why its not working for help Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not all Virtual IP's forwarding correctly
Firewall Rules should look something like this... TCP | * | * | 192.168.1.10 | 80 (HTTP| * | | NAT HTTP to 1st server TCP | * | * | 192.168.1.11 | 80 (HTTP| * | | NAT HTTP to 2nd server TCP | * | * | 192.168.1.12 | 80 (HTTP| * | | NAT HTTP to 3rd server NAT rules should look something like this... WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP) HTTP to 1st server WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP) HTTP to 2nd server WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP) HTTP to 3rd server Virtual IPs should look something like this... x.x.x.127 | CARP | VIP1 x.x.x.128 | CARP | VIP1 note... the 126 IP in this case is attatched to the WAN interface. If you create your rules from the NAT configuration, they will show up like this (easy as pie). Let me know what it looks like on your end. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier m...@thias.de wrote: Von: Abdulrehman [mailto:arvagabo...@gmail.com] Gesendet: Dienstag, 3. März 2009 07:16 An: support@pfsense.com Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly Don't confuse guys up here...! 1. where your IP is blocked...at ISP end or somewhere on internet..? Don't be confused... he has a block of IP addresses; what he wants to say is a range of addresses (i.e. his ISP gave him a subnet with official addresses) 2. The second set and its port forwarding work with out issue (port He forwards port 80 of to an internal server 3. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port...what does it mean? As I understand it, he wants to have multiple IPs on the WAN side and forward port 80 to different internal servers depending on which WAN IP the request was received. I don't think he can do this through the gui, maybe some config.xml-hacking does the trick. Paul, in the subject you talk about Virtual IPs. Please read the manual; the Virtual IP-Settings in the pfsense-GUI are not what you believe you understood. A VIP is NOT a second address for an Interface as you need it. You can make a backup of your config, edit the resulting xml file and restore it (search the web; there is a howto in pfsense.org). I haven’t done port forwarding yet, so I cannot help you at this point. Regards Matthias On Tue, Mar 3, 2009 at 7:40 AM, Paul joyride...@gmail.com wrote: We have a block ip address from our provider. The main ip for our network and its port forwarding works well. I created 2 virtual ip's. The second set and its port forwarding work with out issue (port 80) that go to another server. The 3rd virtual ip I created partially works. SSH works. I then forwarded 80 with it and it does not work. I can pull up the webpage internally though. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port. What do I need to provide to see why its not working for help Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Captive Portal Issues
We have been running pfSense as a Captive Portal for quite sometime. Lately, our flenses have had services that were locking up. You could view items on the GUI, but could not execute a Captive Portal lookup or a Halt System or Reboot System. And if you ssh'ed into the system, you could not execute either or a web configurator restart either. On the particular system we had this happen to lately, we were using 1.2.1-RC2 and have had it happen on 1.2.2. We did recently upgrade to 1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to determine if this version had the same issue. This is the error that was in the /var/log/ lighttpd.error.log 2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 192 2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for /index.php on .php are down. This was on the monitor hooked up to the pfSense device IPFW: IPV6 - Unknown Extension Header(10), ext 2 IPFW: IPV6 - Unknown Extension Header(5), ext 2 Thanks
RE: [pfSense Support] Captive Portal Issues
My apologies that should say our pfsenses and not our flenses From: Atkins, Dwane P [mailto:atki...@uthscsa.edu] Sent: Tuesday, March 03, 2009 10:30 AM To: support@pfsense.com Subject: [pfSense Support] Captive Portal Issues We have been running pfSense as a Captive Portal for quite sometime. Lately, our flenses have had services that were locking up. You could view items on the GUI, but could not execute a Captive Portal lookup or a Halt System or Reboot System. And if you ssh'ed into the system, you could not execute either or a web configurator restart either. On the particular system we had this happen to lately, we were using 1.2.1-RC2 and have had it happen on 1.2.2. We did recently upgrade to 1.2.3-PRERELEASE-TESTING-VERSION and have not had it up long enough to determine if this version had the same issue. This is the error that was in the /var/log/ lighttpd.error.log 2009-03-03 09:04:58: (mod_fastcgi.c.2956) backend died; we'll disable it for 5 seconds and send the request to another backend instead: reconnects: 0 load: 192 2009-03-03 09:04:59: (mod_fastcgi.c.3568) all handlers for /index.php on .php are down. This was on the monitor hooked up to the pfSense device IPFW: IPV6 - Unknown Extension Header(10), ext 2 IPFW: IPV6 - Unknown Extension Header(5), ext 2 Thanks
[pfSense Support] VPN pass-through question
All, If you are not using the VPN on the pfsense firewall, but rather passing VPN traffic through the firewall to another server AND you have multiple VPN servers that you are passing WAN traffic to based on the remote IP, is this doable on pfSense? If so, is there a document you can point me to for reference? Thanks in advance. -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not all Virtual IP's forwarding correctly
Firewall GW TCP * | * 192.168.2.130 80 * Server 1 TCP * | * 192.168.2.150 80* Server 2 TCP * | * 192.168.2.160 80* Server 3 not working TCP * | * 192.168.2.160 80* Server 3 Works fine NAT Rules WAN TCP 80 192.168.2.130 ( ext x.x.x.114) 80 Server 1 WAN TCP 80 192.168.2.150 (ext x.x.x.115)80 Server 2 WAN TCP 80 192.168.2.160 (ext x.x.x.116)80 Server 3 Virtual IP' x.x.x.115/32 P ARP x.x.x.116/32 P ARP The only difference I see is the virtual ip setup. You have CARP setup instead of Proxy ARP. If it works for SSH on the 3rd server not sure why http would be the only one not working. If it needs CARP do I need to set the VIP Password , VHID Group, and Advertising Freq. paul Curtis LaMasters wrote: Firewall Rules should look something like this... TCP | * | * | 192.168.1.10 | 80 (HTTP| * | | NAT HTTP to 1st server TCP | * | * | 192.168.1.11 | 80 (HTTP| * | | NAT HTTP to 2nd server TCP | * | * | 192.168.1.12 | 80 (HTTP| * | | NAT HTTP to 3rd server NAT rules should look something like this... WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP) HTTP to 1st server WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP) HTTP to 2nd server WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP) HTTP to 3rd server Virtual IPs should look something like this... x.x.x.127 | CARP | VIP1 x.x.x.128 | CARP | VIP1 note... the 126 IP in this case is attatched to the WAN interface. If you create your rules from the NAT configuration, they will show up like this (easy as pie). Let me know what it looks like on your end. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier m...@thias.de wrote: Von: Abdulrehman [mailto:arvagabo...@gmail.com] Gesendet: Dienstag, 3. März 2009 07:16 An: support@pfsense.com Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly Don't confuse guys up here...! 1. where your IP is blocked...at ISP end or somewhere on internet..? Don't be confused... he has a block of IP addresses; what he wants to say is a range of addresses (i.e. his ISP gave him a subnet with official addresses) 2. The second set and its port forwarding work with out issue (port He forwards port 80 of to an internal server 3. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port...what does it mean? As I understand it, he wants to have multiple IPs on the WAN side and forward port 80 to different internal servers depending on which WAN IP the request was received. I don't think he can do this through the gui, maybe some config.xml-hacking does the trick. Paul, in the subject you talk about Virtual IPs. Please read the manual; the Virtual IP-Settings in the pfsense-GUI are not what you believe you understood. A VIP is NOT a second address for an Interface as you need it. You can make a backup of your config, edit the resulting xml file and restore it (search the web; there is a howto in pfsense.org). I haven’t done port forwarding yet, so I cannot help you at this point. Regards Matthias On Tue, Mar 3, 2009 at 7:40 AM, Paul joyride...@gmail.com wrote: We have a block ip address from our provider. The main ip for our network and its port forwarding works well. I created 2 virtual ip's. The second set and its port forwarding work with out issue (port 80) that go to another server. The 3rd virtual ip I created partially works. SSH works. I then forwarded 80 with it and it does not work. I can pull up the webpage internally though. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port. What do I need to provide to see why its not working for help Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not all Virtual IP's forwarding correctly
Curtis LaMasters wrote: Firewall Rules should look something like this... TCP | * | * | 192.168.1.10 | 80 (HTTP| * | | NAT HTTP to 1st server TCP | * | * | 192.168.1.11 | 80 (HTTP| * | | NAT HTTP to 2nd server TCP | * | * | 192.168.1.12 | 80 (HTTP| * | | NAT HTTP to 3rd server NAT rules should look something like this... WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP) HTTP to 1st server WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP) HTTP to 2nd server WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP) HTTP to 3rd server Virtual IPs should look something like this... x.x.x.127 | CARP | VIP1 x.x.x.128 | CARP | VIP1 note... the 126 IP in this case is attatched to the WAN interface. If you create your rules from the NAT configuration, they will show up like this (easy as pie). Let me know what it looks like on your end. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier m...@thias.de wrote: Von: Abdulrehman [mailto:arvagabo...@gmail.com] Gesendet: Dienstag, 3. März 2009 07:16 An: support@pfsense.com Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly Don't confuse guys up here...! 1. where your IP is blocked...at ISP end or somewhere on internet..? Don't be confused... he has a block of IP addresses; what he wants to say is a range of addresses (i.e. his ISP gave him a subnet with official addresses) 2. The second set and its port forwarding work with out issue (port He forwards port 80 of to an internal server 3. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port...what does it mean? As I understand it, he wants to have multiple IPs on the WAN side and forward port 80 to different internal servers depending on which WAN IP the request was received. I don't think he can do this through the gui, maybe some config.xml-hacking does the trick. Paul, in the subject you talk about Virtual IPs. Please read the manual; the Virtual IP-Settings in the pfsense-GUI are not what you believe you understood. A VIP is NOT a second address for an Interface as you need it. You can make a backup of your config, edit the resulting xml file and restore it (search the web; there is a howto in pfsense.org). I haven’t done port forwarding yet, so I cannot help you at this point. Regards Matthias On Tue, Mar 3, 2009 at 7:40 AM, Paul joyride...@gmail.com wrote: We have a block ip address from our provider. The main ip for our network and its port forwarding works well. I created 2 virtual ip's. The second set and its port forwarding work with out issue (port 80) that go to another server. The 3rd virtual ip I created partially works. SSH works. I then forwarded 80 with it and it does not work. I can pull up the webpage internally though. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port. What do I need to provide to see why its not working for help Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Changed the VIP from Proxy ARP to CARP ssh works still no go on the http - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not all Virtual IP's forwarding correctly
Curtis LaMasters wrote: Firewall Rules should look something like this... TCP | * | * | 192.168.1.10 | 80 (HTTP| * | | NAT HTTP to 1st server TCP | * | * | 192.168.1.11 | 80 (HTTP| * | | NAT HTTP to 2nd server TCP | * | * | 192.168.1.12 | 80 (HTTP| * | | NAT HTTP to 3rd server NAT rules should look something like this... WAN | TCP | 80 (HTTP) | 192.168.1.10 (ext.: x.x.x.126) | 80 (HTTP) HTTP to 1st server WAN | TCP | 80 (HTTP) | 192.168.1.11 (ext.: x.x.x.127) | 80 (HTTP) HTTP to 2nd server WAN | TCP | 80 (HTTP) | 192.168.1.12 (ext.: x.x.x.128) | 80 (HTTP) HTTP to 3rd server Virtual IPs should look something like this... x.x.x.127 | CARP | VIP1 x.x.x.128 | CARP | VIP1 note... the 126 IP in this case is attatched to the WAN interface. If you create your rules from the NAT configuration, they will show up like this (easy as pie). Let me know what it looks like on your end. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Mar 3, 2009 at 6:53 AM, Matthias Niggemeier m...@thias.de wrote: Von: Abdulrehman [mailto:arvagabo...@gmail.com] Gesendet: Dienstag, 3. März 2009 07:16 An: support@pfsense.com Betreff: Re: [pfSense Support] Not all Virtual IP's forwarding correctly Don't confuse guys up here...! 1. where your IP is blocked...at ISP end or somewhere on internet..? Don't be confused... he has a block of IP addresses; what he wants to say is a range of addresses (i.e. his ISP gave him a subnet with official addresses) 2. The second set and its port forwarding work with out issue (port He forwards port 80 of to an internal server 3. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port...what does it mean? As I understand it, he wants to have multiple IPs on the WAN side and forward port 80 to different internal servers depending on which WAN IP the request was received. I don't think he can do this through the gui, maybe some config.xml-hacking does the trick. Paul, in the subject you talk about Virtual IPs. Please read the manual; the Virtual IP-Settings in the pfsense-GUI are not what you believe you understood. A VIP is NOT a second address for an Interface as you need it. You can make a backup of your config, edit the resulting xml file and restore it (search the web; there is a howto in pfsense.org). I haven’t done port forwarding yet, so I cannot help you at this point. Regards Matthias On Tue, Mar 3, 2009 at 7:40 AM, Paul joyride...@gmail.com wrote: We have a block ip address from our provider. The main ip for our network and its port forwarding works well. I created 2 virtual ip's. The second set and its port forwarding work with out issue (port 80) that go to another server. The 3rd virtual ip I created partially works. SSH works. I then forwarded 80 with it and it does not work. I can pull up the webpage internally though. Now I do have port 80 forwarded to different servers depending on the ip on the WAN port. What do I need to provide to see why its not working for help Thanks - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Update, Dont know why it would work. I created another VIP on x.x.x.117 and changed my current mapping from .116 to it. Didnt change anything else and it works. Go figure, I guess I have 1 wasted address that I can't use for know, Tried .116 again still no go so .117 it'll have to be, Thanks to all for your help in figuring this out. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org