Re: [pfSense Support] Router supporting multiple WAN IP Addresses.
On Tue, Mar 31, 2009 at 12:52 AM, Kipton Moravec k...@kdream.com wrote: Does it matter if the two systems that need public IPs have (1:1/Server) NAT in front of them? Yes. But I also want to block services that they should not be supporting. I assume you meant that it doesn't matter if there is inbound NAT in front of the systems. You can filter 1:1 NAT but if you don't need full exposure you are probably better off configuring individual inbound NAT on a port-by-port basis. I meant more of case of multiple computers that only need to get out, and do not need to be accesses from the Internet. My terminology is not up to speed yet. Ahh, outbound NAT only, by default pfSense will do that for you. If I specify the WAN interface as x.x.x.208 /29 Then my firewall Card sees all 8 addresses. x.x.x.208 to x.x.x.215 My PFSense Firewall is x.x.x.209 Then my firewall rules can specify what to do in the specific cases of x.x.x.209 x.x.x.210 x.x.x.211 x.x.x.212 x.x.x.213 Is that how it works? No. If your IP block was x.x.x.208/29 you set your modem/router up as x.x.x.209, WAN interface on the firewall is x.x.x.210/29, then setup Proxy ARP virtual IP addresses on WAN for the other IPs in the network that you're interested in (note in the case of VIPs the IPs should be set as x.x.x.211/32, x.x.x.212/32 and so on). Proxy ARP basically means that pfSense will respond to ARP requests for the configured VIPs as well as its configured WAN interface address, hence it will see the traffic on them, then you can configure inbound NAT on the VIP to pass the appropriate port(s) through to the appropriate internal IP address (with the appropriate firewall rules). If you need real time assistance with the setup the IRC channel is generally pretty good for relatively simple stuff like this. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] About Firewall Rules
I use pfsense 1.2.2 now. When I set firewall rules when action's pass it's pass but when action's block it's pass 0___o' and when action's reject it's block O . O'' - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] About Firewall Rules
rakthum_r_NetworkTelecom_IP#1 wrote: I use pfsense 1.2.2 now. When I set firewall rules when action's pass it's pass but when action's block it's pass 0___o' and when action's reject it's block O . O'' Remember that the firewall rules are matched from top to bottom. If a rule is based early in the chain, the following rules will be disregarded seeing as a matching rule was already found. -- Yours sincerely Jostein Elvaker Haande aka tolecnal A free society is a place where it is safe to be unpopular - Adlai Stevenson http://tolecnal.net - tolecnal [at] tolecnal [dot] net - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Filtering by URL or regexp
Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
luismi wrote: Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org This has been covered on this list many times before. Please consult the archives. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
look at squid acl-rules par example you can also generate lists to load in squid für deny or allow... 2009/3/31 luismi asturlui...@gmail.com Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
Re: [pfSense Support] Filtering by URL or regexp
Ah ok :-] El mar, 31-03-2009 a las 11:39 -0500, Gary Buckmaster escribió: luismi wrote: Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org This has been covered on this list many times before. Please consult the archives. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Intel Atom Install Trouble
I reset the jetway dual-core atom board's bios to optimized defaults. The board rebooted and worked like a charm. Thanks for everyone's help and advice. VRIII On 3/30/2009 6:44 PM, Dave Warren wrote: In message49d1326b.3050...@elitemail.org Vaughn L. Reid III vaughn_reid_...@elitemail.org was claimed to have wrote: I have a Intel Atom based board that I'm trying to get pfsense to install on. I can boot fine into safe mode but I get a panic message when I try the default boot config. I can reproduce this from both the pfsense ISO and after an actual install onto the hard drive. I'm trying to install 1.2.3 (downloaded today). This is a shot in the dark, but try resetting the BIOS to it's defaults and see if you've got any luck. I've got an Atom 330 based system (Sorry, I don't have the mobo or chipset details handy, beyond to say it's a Intel mobo) that panics during the install based on some combination of BIOS options that I don't entirely recall. I have reason to believe there are some ACPI issues but haven't had the time to track it down, but at this point if I disable ACPI I can't even boot the system, it locks immediately after the Highpoint driver (I don't use any Highpoint cards in this machine), and ACPI needs to be enabled for the system to even boot. Beyond the initial hardware configuration fun, it has been rock solid. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
Hi again, I am searching with google -I am sorry, I didn't do that before- but the idea is to filter directly when I enter a rule without install third-party packages like squid. Is that possible? If not, is there any plan to include it in future releases? El mar, 31-03-2009 a las 17:44 +0100, Michael Schuh escribió: look at squid acl-rules par example you can also generate lists to load in squid für deny or allow... 2009/3/31 luismi asturlui...@gmail.com Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
Its in 2.0 with the layer7 filter/shaper On Tue, Mar 31, 2009 at 7:09 PM, luismi asturlui...@gmail.com wrote: Hi again, I am searching with google -I am sorry, I didn't do that before- but the idea is to filter directly when I enter a rule without install third-party packages like squid. Is that possible? If not, is there any plan to include it in future releases? El mar, 31-03-2009 a las 17:44 +0100, Michael Schuh escribió: look at squid acl-rules par example you can also generate lists to load in squid für deny or allow... 2009/3/31 luismi asturlui...@gmail.com Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
On Tue, Mar 31, 2009 at 10:38, luismi asturlui...@gmail.com wrote: Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ The problem with IP filtering by DNS entry is that you tie your critical filtering path to an external, nondeterministic lookup. There is no guarantee you will get a DNS query back in a reasonable timeframe. You're also at best issuing a DNS query per-connection and at worst issuing one per packet. Yes, there are caches, but those only partially mitigate the issue. Filtering at a higher protocol level (e.g. with an HTTP proxy like squid) allows much better control over what users access. You don't have control over other protocols (vpn, bt, etc.), but if you're seriously worried about such, you could also implement 'positive controls' (default deny, add rules for what users may access) or configure your users' DNS server to block queries for that domain. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Filtering by URL or regexp
Ok, far enough. El mar, 31-03-2009 a las 20:19 +0200, Ermal Luçi escribió: Its in 2.0 with the layer7 filter/shaper On Tue, Mar 31, 2009 at 7:09 PM, luismi asturlui...@gmail.com wrote: Hi again, I am searching with google -I am sorry, I didn't do that before- but the idea is to filter directly when I enter a rule without install third-party packages like squid. Is that possible? If not, is there any plan to include it in future releases? El mar, 31-03-2009 a las 17:44 +0100, Michael Schuh escribió: look at squid acl-rules par example you can also generate lists to load in squid für deny or allow... 2009/3/31 luismi asturlui...@gmail.com Is possible to create rules to match URLs or regext expression? I would like to provide access just to *.foobar.com but I don't know the IPs used for that domain :-/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- = = = m i c h a e l - s c h u h . n e t = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] allow access to certain ip's without going through traffic shaper
I have a pfsense box/cap portal for a wifi hotspot, 1.2.2 and traffic shaper is on. A client is trying to access a certain ip(ftp) but its getting hosed in the traffic shaper. Most people dont use ftp so normally wouldnt care. what would be the best way to allow this ip, or person around the traffic shaper? Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] allow access to certain ip's without going through traffic shaper
And related: Is it possible to make access to pfSense itself bypass the shaper? I managed to effectively lock myself out of administrating a box by setting the shaper limit a lot lower than the current bandwidth usage on the network :( Regards, -Jeppe On Tue, Mar 31, 2009 at 5:40 PM, Chris Flugstad ch...@cascadelink.com wrote: I have a pfsense box/cap portal for a wifi hotspot, 1.2.2 and traffic shaper is on. A client is trying to access a certain ip(ftp) but its getting hosed in the traffic shaper. Most people dont use ftp so normally wouldnt care. what would be the best way to allow this ip, or person around the traffic shaper? Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Template to connect a Cisco router to PFSense using IPSec
I was just collaborating on this for the wiki, here is the link. http://doc.pfsense.org/index.php/IPSec_between_pfSense_and_a_Cisco_PIX -Original Message- From: luismi [mailto:asturlui...@gmail.com] Sent: Mon 3/30/2009 3:05 PM To: support@pfsense.com Subject: [pfSense Support] Template to connect a Cisco router to PFSense using IPSec Is there anyone here, in the list, with a template to configure a Cisco router against a pfsense firewall using ipsec? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org winmail.dat- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] About Firewall Rules
I know about the firewall rules priority but... I can't reject any package because but when action's block it's pass and when action's reject it's block -- From: Jostein Elvaker Haande jehaa...@gmail.com Sent: Tuesday, March 31, 2009 11:15 PM To: support@pfsense.com Subject: Re: [pfSense Support] About Firewall Rules rakthum_r_NetworkTelecom_IP#1 wrote: I use pfsense 1.2.2 now. When I set firewall rules when action's pass it's pass but when action's block it's pass 0___o' and when action's reject it's block O . O'' Remember that the firewall rules are matched from top to bottom. If a rule is based early in the chain, the following rules will be disregarded seeing as a matching rule was already found. -- Yours sincerely Jostein Elvaker Haande aka tolecnal A free society is a place where it is safe to be unpopular - Adlai Stevenson http://tolecnal.net - tolecnal [at] tolecnal [dot] net - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Template to connect a Cisco router to PFSense using IPSec
On Tue, Mar 31, 2009 at 10:43 PM, Borowicz, Paul pborow...@behaviorcorp.org wrote: I was just collaborating on this for the wiki, here is the link. http://doc.pfsense.org/index.php/IPSec_between_pfSense_and_a_Cisco_PIX He's running IOS though, which is different from PIX OS. (Luis is a support customer who opened a ticket on this with more info) I'm going to write instructions on IPsec with IOS tomorrow. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue
I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any information on my config if you'd like for testing/comparison. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 -Original Message- From: Andrew Cotter [mailto:andrew.cot...@somersetcapital.com] Sent: Friday, March 20, 2009 12:35 PM To: support@pfsense.com Subject: RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue Von: Dimitri Rodis [mailto:dimit...@integritasystems.com] Gesendet: Freitag, 20. März 2009 18:27 An: support@pfsense.com Betreff: [pfSense Support] Firebox X series w/ 1.2 and 1.2.2 issue So, I have a pair of firebox x700 units that I have put new CF cards in. I have tried both 1.2-RELEASE and 1.2.2 (both embedded), and both behave the same way. On the serial console, I will see the following: re4: watchdog timeout re4: watchdog timeout etc If I change the LAN interface to re1, the same thing happens, except on the serial console I will see: re1: watchdog timeout re1: watchdog timeout ...etc I had a similar issue while I was working on a few X500/700 whatever boxes last week. I know people suggest that various low end switches produce this error, but I had no switch in the mix. I was going direct to a desktop and was getting it. It was a home made looking cable. As soon as I plugged in one of our prefab cables it went away. Try and switch out the ethernet cable. Let us know. I have 5 of these boxes in the corner of my office. 3 of which I am planning on deploying in the next two weeks. Andrew - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue
On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson tnel...@rockbochs.com wrote: I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any information on my config if you'd like for testing/comparison. What version are you running on it? 1.2.3 snapshots as of this past Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per recommendations of the FreeBSD developer who maintains that code. It may not be an issue with snapshots since Sunday. Those who are seeing watchdog timeouts on re or rl cards should try a 1.2.3 snapshot. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue
- Chris Buechler c...@pfsense.org wrote: On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson tnel...@rockbochs.com wrote: I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any information on my config if you'd like for testing/comparison. What version are you running on it? 1.2.3 snapshots as of this past Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per recommendations of the FreeBSD developer who maintains that code. It may not be an issue with snapshots since Sunday. Those who are seeing watchdog timeouts on re or rl cards should try a 1.2.3 snapshot. - D'oh! I performed my testing with (oddly enough) the latest 2.0-ALPHA-ALPHA snapshot. For some reason I don't have the current 1.2.2 available. Well, that makes my previous post a bit useless... I'll certainly try on the newest 1.2.3 snapshots. I may be putting this unit into production for a personal project and would like to have it most stable. 2.0 is rather impressive but I get the impression that it's not ready for primetime yet... :-) Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue
What version are you currently running? I have seen watchdog timeouts with 1.2 and 1.2.2. I have 2 units in a CARP cluster, and 5 of the interfaces are being used (2 WANs, although 1 of the WANs was not configured for the test, 2 LANs, and 1 dedicated sync interface). I have made various modifications to /boot/loader.conf which have reduced the watchdog timeouts, but they still show up. The behavior gets really weird when I have both units operating in a cluster.. Anyway, I think it might show up when you use more than 2 interfaces. Initial testing with just a LAN/WAN setup didn't appear to really have any issues.. then I added a second LAN and a dedicated sync interface for CARP and threw it into production, and it lasted about 10 minutes before it melted down with watchdog timeouts. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: Tuesday, March 31, 2009 8:38 PM To: support@pfsense.com Subject: Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any information on my config if you'd like for testing/comparison. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 -Original Message- From: Andrew Cotter [mailto:andrew.cot...@somersetcapital.com] Sent: Friday, March 20, 2009 12:35 PM To: support@pfsense.com Subject: RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue Von: Dimitri Rodis [mailto:dimit...@integritasystems.com] Gesendet: Freitag, 20. März 2009 18:27 An: support@pfsense.com Betreff: [pfSense Support] Firebox X series w/ 1.2 and 1.2.2 issue So, I have a pair of firebox x700 units that I have put new CF cards in. I have tried both 1.2-RELEASE and 1.2.2 (both embedded), and both behave the same way. On the serial console, I will see the following: re4: watchdog timeout re4: watchdog timeout etc If I change the LAN interface to re1, the same thing happens, except on the serial console I will see: re1: watchdog timeout re1: watchdog timeout ...etc I had a similar issue while I was working on a few X500/700 whatever boxes last week. I know people suggest that various low end switches produce this error, but I had no switch in the mix. I was going direct to a desktop and was getting it. It was a home made looking cable. As soon as I plugged in one of our prefab cables it went away. Try and switch out the ethernet cable. Let us know. I have 5 of these boxes in the corner of my office. 3 of which I am planning on deploying in the next two weeks. Andrew - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue
Woohoo! Didn't know you guys got this put in.. I'll test tomorrow or Thursday as time permits. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Tuesday, March 31, 2009 8:49 PM To: support@pfsense.com Subject: Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson tnel...@rockbochs.com wrote: I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any information on my config if you'd like for testing/comparison. What version are you running on it? 1.2.3 snapshots as of this past Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per recommendations of the FreeBSD developer who maintains that code. It may not be an issue with snapshots since Sunday. Those who are seeing watchdog timeouts on re or rl cards should try a 1.2.3 snapshot. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature