[pfSense Support] DNS wildcard support
Sorry for the double posting, but I'm not sure if the user list was the correct for this: Is there any way to add a host to the DNS service so that *.subdomain.domain.local would be resolved to the same IP address? Example in bind syntax: *.subdomain.domain A 192.168.1.2 Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Disabling (outbound) FTP helper on a per rule basis ?
On Thu, Jun 18, 2009 at 16:25, Evgeny Yurchenkoevgeny.yurche...@frontline.ca wrote: From: Célio [mailto:con...@gmail.com] Sent: June 18, 2009 4:32 AM To: support@pfsense.com Subject: [pfSense Support] Disabling (outbound) FTP helper on a per rule basis ? Hi, I have the usual ftpes or passive ftp issue, with the FTP Helper I'm only wondering about outbound connections (i want to connect to various external FTP servers) Isn't there a way to specify that when connecting to IP x.x.x.x i don't want to use FTP Helper ? Or maybe something to bypass it like reforwarding port xyz to port 21 for ip x.x.x.x so that ftp helper is not triggered ? Or may i use another ftp proxy in my dmz that would support ftpes and disabled ftp helper for dmz ? My problem is that i have to connect very often to different FTPs including active/passive/ftpes ... and having to change the ftphelper option every time is really boring ... Any hint ? (if it can help i'm having two wan connections ) Thx a lot ! Celio 1) FTP helper works perfectly. Ftp helper in pfSense doesn't work with outgoing ssl encrypted ftp, you have to disable the helper to get it working with ftpe/s. 2) You can either use ftp-helper on the interface or disable it, you can not use it only for 'some ftp sites' 3) If you want to get rid of pfSense's ftp helper then disable it and redirect all FTP traffic to your own FTP proxy. Or disable the helper and use passive mode ftp when possible and in the rare case where you have to active mode you can use an ftp client that supports limiting the active mode listening port range (filezilla for example) and do the port forwards yourself. Eugene - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense tinydns package question
I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: pfSense tinydns package question
Mark R wrote: Did you set up forwarding of requests to lo0 from the LAN? Is tinydns configured to respond to queries from your subnet? 2009/6/19 Matias Surdi matiassu...@gmail.com mailto:matiassu...@gmail.com I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Yes, I've setup a rule to allow *everything* from the lan with destination port udp 53. And no, I want tinyDNS to listen only in 127.0.0.1 and then the DNS Forwarder to forward request for just one subdomain. When I setup an external authoritative dns for a subdomain on a lan ip, it works. When I change that IP to 127.0.0.1 the incomming request are sent to the ISP dns servers. Is there any documentation on how is this supposed to work? The dns-server package replaces or complements the DNS Forwarder? Can both be used in the way I'm trying? What I want, is to have a domain, let's say: site.local and route all request to dev.site.local to TinyDNS, so that I can add or remove individual records on it. Can this be done? Many thanks for your help guys. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: pfSense tinydns package question
2009/6/19 Matias Surdi matiassu...@gmail.com Mark R wrote: Did you set up forwarding of requests to lo0 from the LAN? Is tinydns configured to respond to queries from your subnet? 2009/6/19 Matias Surdi matiassu...@gmail.com mailto: matiassu...@gmail.com I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Yes, I've setup a rule to allow *everything* from the lan with destination port udp 53. you allow traffic. But do you rdr it? Otherwise how will it get to 127.0.0.1 port 53 I think this is why it works locally and on the pfsense box and not for the LAN. And no, I want tinyDNS to listen only in 127.0.0.1 and then the DNS Forwarder to forward request for just one subdomain. I might be wrong. Long time since I set it up. But I think tinydns needs to be told respond to dns queries from your LAN, otherwise it will ignore them. When I setup an external authoritative dns for a subdomain on a lan ip, it works. When I change that IP to 127.0.0.1 the incomming request are sent to the ISP dns servers. Is there any documentation on how is this supposed to work? The dns-server package replaces or complements the DNS Forwarder? Can both be used in the way I'm trying? What I want, is to have a domain, let's say: site.local and route all request to dev.site.local to TinyDNS, so that I can add or remove individual records on it. Can this be done? Many thanks for your help guys. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Nfsen - Netflow: 2 new possibly packages for pfsense?
Hi all.I'm exploring features embedded into pfsense, and I was looking to interesting features as RRD graphics of system activityes. I've read on RRD also improvements introduced from the use of packages: NfSen - Netflow. Do You think will be this packages ported in pfsense in the future? Thanks a lot. Cheers, Tebano. _ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx
[pfSense Support] SSL Offloading
Hey PfSense Gurus - I've got a half dozen redundant PFSense WWW load balancing clusters in production, and yet I've never had to worry about this particular requirement before now. I suspect I already know the answer, but I wanted to check in and make sure. I have a client whose IIS application must be blissfully unaware that it is being encapsulated in SSL. There is an ISAPI filter they wrote to handle their custom authentication system, and having the internal traffic pass through the SSL encapsulation in IIS breaks it. Their solution was to use an old F5 SSL accelerator to offload the SSL traffic out of the environment. Now, I have utterly no interest in using that particular piece of equipment to accomplish this task, but I am also unsure how to exactly accomplish this goal. My preference would be to do this at the PFSense load balancer, rather than installing additional hardware for this purpose. Is there some functionality like this in PFSense, perhaps via a package? If not, is there another open source solution that you'd recommend (probably off list since it would be offtopic)? When thinking about what I want to accomplish, my brain said 'apache SSL proxy' - would I be on the right track there? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.usmailto:supp...@atlasnetworks.us http://support.atlasnetworks.us/portal
Re: [pfSense Support] SSL Offloading
Nathan Eisenberg wrote: Hey PfSense Gurus – I’ve got a half dozen redundant PFSense WWW load balancing clusters in production, and yet I’ve never had to worry about this particular requirement before now. I suspect I already know the answer, but I wanted to check in and make sure. I have a client whose IIS application must be blissfully unaware that it is being encapsulated in SSL. There is an ISAPI filter they wrote to handle their custom authentication system, and having the internal traffic pass through the SSL encapsulation in IIS breaks it. Their solution was to use an old F5 SSL accelerator to offload the SSL traffic out of the environment. Now, I have utterly no interest in using that particular piece of equipment to accomplish this task, but I am also unsure how to exactly accomplish this goal. My preference would be to do this at the PFSense load balancer, rather than installing additional hardware for this purpose. Is there some functionality like this in PFSense, perhaps via a package? If not, is there another open source solution that you’d recommend (probably off list since it would be offtopic)? When thinking about what I want to accomplish, my brain said ‘apache SSL proxy’ – would I be on the right track there? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us mailto:supp...@atlasnetworks.us http://support.atlasnetworks.us/portal Use the stunnel package? Though load balancing it may interfere with load balancing (or load balancing may interfere with it). I'd try it and see how it works for a single address. Chuck Benson smime.p7s Description: S/MIME Cryptographic Signature
Re: [pfSense Support] pfSense tinydns package question
On Fri, Jun 19, 2009 at 6:18 AM, Matias Surdimatiassu...@gmail.com wrote: I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org TinyDNS is not compatible with DNS Forwarder. TinyDNS Is an authoritative DNS server whereas DNS Forwarder is a caching lookup server. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Nfsen - Netflow: 2 new possibly packages for pfsense?
On Fri, Jun 19, 2009 at 1:00 PM, Tebano epaminondal_epa_m_ino...@hotmail.com wrote: Hi all. I'm exploring features embedded into pfsense, and I was looking to interesting features as RRD graphics of system activityes. I've read on RRD also improvements introduced from the use of packages: NfSen - Netflow. Do You think will be this packages ported in pfsense in the future? Never in the base system as it requires Perl. If there are any NetFlow tools that don't require Perl, we would like to have something of that nature in the base system, but I've looked and come up empty. It's a possibility for a package in the future. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org