Re: [pfSense Support] VLAN Capable switch
On Sun, Oct 4, 2009 at 2:15 PM, Anil Garg wrote: > I have a pfsense with two 10/100 PCI cards (acting as LAN & WAN router). > I have a 4 port (quad) 10/100 PCI (ZNYX ZX374) card. > If I were to add this card into the box and then add those ports and bridge > them with each other (completely away from LAN WAN) will those four ports > act like a VLAN capable switch? I don't don't have a VLAN capable switches > and by introducing this will I be able to run a VLAN based segmented > network. > Based on your description, I don't think you understand what VLANs are. To make a 4 port NIC act like a VLAN switch, you would just put one IP subnet on each interface and not bridge anything. To make a 4 port NIC act like a switch that can control traffic between the ports using firewall rules, you can bridge them all together and configure your rules accordingly. That's nothing like a VLAN switch though. You will need a decently powerful (1 GHz or more) system to get 100 Mb wire speed through multiple interfaces simultaneously (and that's cutting it pretty close to the limit of the PCI bus with four 100 Mb ports on one PCI card). But if you don't need much throughput it will be fine. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Capable switch
On Sun, Oct 4, 2009 at 9:24 PM, Anil Garg wrote: > David > > I am not very technical. My server room is far away from my internet > connection at my home. So there is only one cable going from the internet to > server room. I am still reading about VLAN so that I understand its working > better. I could be wrong, but I don't see anything that VLANs can offer you that physical interfaces cannot, unless you lack physical interfaces, which you apparently don't. Configure each interface as its own subnet, configure your firewall rules as you like (they are default deny by default, except the first (LAN) interface, and you're in business. You're looking at doing something like this?: Internet | | pfsense---Server1 (S1) / | \ S2 S3 S4 If you want your servers to have unrestricted access to each other, as on an unmanaged switch, then bridge the interfaces in question. If not, then each on its own subnet with a rule to allow access only as needed. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Capable switch
David I am not very technical. My server room is far away from my internet connection at my home. So there is only one cable going from the internet to server room. I am still reading about VLAN so that I understand its working better. Anil From: David Burgess To: support@pfsense.com Sent: Sunday, October 4, 2009 7:25:40 PM Subject: Re: [pfSense Support] VLAN Capable switch On Sun, Oct 4, 2009 at 6:15 PM, Anil Garg wrote: > I have a pfsense with two 10/100 PCI cards (acting as LAN & WAN router). > I have a 4 port (quad) 10/100 PCI (ZNYX ZX374) card. > If I were to add this card into the box and then add those ports and bridge > them with each other (completely away from LAN WAN) will those four ports > act like a VLAN capable switch? I don't don't have a VLAN capable switches > and by introducing this will I be able to run a VLAN based segmented > network. Why bridge multiple interfaces, then separate them as vlans with no vlan-capable switch? Wouldn't you get the same effect by just running the separate interfaces as separate LANs? Just asking. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] streaming video (rtsp, mms)
On Fri, Oct 2, 2009 at 9:25 AM, Jure Pečar wrote: > > If anyone is going to dig this in the archives, here is the simplest way: > > * download http://docs.real.com/docs/proxykit/osrtspproxy_2_0.tar.gz > * patch with patches from > http://www.grogy.com/local_doc/www/apache22/data/ports/net/osrtspproxy/files/ > * compile, run > * configure pfsense to forward udp ports 6970-32000 to it > > This little proggy also exists as a freebsd package, so I see no reason it is > not included in pfSense by default. > Something that well less than one in a thousand people are interested in won't be in by default, but it is a possibility for a package. Open a feature request at http://redmine.pfsense.org if you'd like. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] possible bug
On Fri, Oct 2, 2009 at 3:43 PM, Borowicz, Paul wrote: > I am 1.2.3-RC3 > built on Mon Sep 14 02:04:35 UTC 2009 > > I have a DMZ, WAN, and LAN on this box. I have been getting bleed through > from the DMZ to the LAN and vice versa. > > I have a WAN rule, all stars except destinaition is DMZ net > > I have two DMZ rules, the are both applied to source DMZ net, one blocks an > alias I have defind called internal_subnets and one allows anything except > things destined for internal_subnets. > > I also had a rule on the lan that blocks anything destined for 10.1.1.0/24 > (my dmz subnet), it did not work until I changed it to block DMZ net. > > Is this a bug where the subnets are not being recognized in the firewall > interface? > No, something not right with your rules, or how you're testing them. For example, a constant ping won't get dropped when you add a block rule since it has an existing state. Once you stop it, wait a few seconds, and start it again, it will get blocked. Or kill the state manually under Diagnostics -> States. > A curious thing is that I can now not ping 10.1.1.4 from a computer plugged > into the LAN, but I can ping it from the diagnostics ping interface if I > source the ping from the LAN interface. > Rules don't apply to traffic initiated from the firewall. Since you're a support customer, please open a new ticket attaching a copy of your configuration and we'll check it out. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Capable switch
On Sun, Oct 4, 2009 at 6:15 PM, Anil Garg wrote: > I have a pfsense with two 10/100 PCI cards (acting as LAN & WAN router). > I have a 4 port (quad) 10/100 PCI (ZNYX ZX374) card. > If I were to add this card into the box and then add those ports and bridge > them with each other (completely away from LAN WAN) will those four ports > act like a VLAN capable switch? I don't don't have a VLAN capable switches > and by introducing this will I be able to run a VLAN based segmented > network. Why bridge multiple interfaces, then separate them as vlans with no vlan-capable switch? Wouldn't you get the same effect by just running the separate interfaces as separate LANs? Just asking. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense 1.2.3 alix 2d13 IDE disk installation problem
2009/10/4 ozan ucar : > Hi everyone, > I have a alix 2d13 onboard.I need installation pfsense 1.2.3 on ide disk. > > http://forum.pfsense.org/index.php/topic,13509.0.html > I'm installation change config.xml for nic lan wan and edit > /etc/fstap and replace all disk name ad0 . > > system when booting an error message ; > > - http://www.cehturkiye.com/hpdiskerror.bmp > > - http://www.cehturkiye.com/hperrordisk2.bmp > > - http://www.cehturkiye.com/error.txt > > What should I do ? > The disk is different on the destination than it was where you installed it. Put in the correct disk name there, then edit /etc/fstab after it's done booting. Look above the boot logs to see what the correct disk is, maybe something like : ufs:ad2s1a - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense 1.2.3 alix 2d13 IDE disk installation problem
This is really a weird setting! You are using a board that has been created and design to work with Compact Flash. I think It is a bit "strange" to try to use It with an IDE drive. I would suggest that you use an embedded image as described in here: http://blog.pfsense.org/?p=472 Then you can decompress the image (make sure you grab an image with the right size (1Go - 2Go - 4Go) and simply use dd to grave the image on your CF card. # gunzip pfSense-1.2.3-1g-20090928-1005-nanobsd.img.gz # cat pfSense-1.2.3-1g-20090928-1005-nanobsd.img | dd of=/dev/disk1 bs=16k After that all you have to do is put the card in your Alix 2d13 and boot… If you want to see the output, just connect to the card using the serial port. And that's It. I don't see why you are trying to use an IDE drive with this kind of hardware… ? Bye Le 4 oct. 2009 à 18:36, ozan ucar a écrit : Hi everyone, I have a alix 2d13 onboard.I need installation pfsense 1.2.3 on ide disk. http://forum.pfsense.org/index.php/topic,13509.0.html I'm installation change config.xml for nic lan wan and edit /etc/fstap and replace all disk name ad0 . system when booting an error message ; - http://www.cehturkiye.com/hpdiskerror.bmp - http://www.cehturkiye.com/hperrordisk2.bmp - http://www.cehturkiye.com/error.txt What should I do ? «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ Grégory Bernard www.OsNet.eu «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ PGP ID --> 0x1BA3C2FD - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Transparent squid box on same subnet
On Sun, Oct 4, 2009 at 2:59 PM, Apostolis Sotiropoulos wrote: > Hi to all, > > I want to have a transparent squid proxy on a box which is in the same > subnet with the pf lan. > So i'm adding a nat to forward all traffic to 80 in the squids port but that > makes a loop for the squids box traffic. Is there a rule so i don't include > traffic from that host? > No, it has to be on a different interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VLAN Capable switch
Your Switch should have the "trunking feature": 802.1Q Best Choice for small Switches is Netgear (Many Models in all Categories) Take a look at the category "Managed Switches" Support for Layer 2 (3 is with routing functionality, not important for you) Start searching here: http://www.netgear.com/Products/Switches/FullyManaged10_100_1000Switches.aspx Or buy this one: GSM7212 12 Ports with 802.1Q "trunking" support for 512 different VLAN http://www.netgear.com/Products/Switches/FullyManaged10_100_1000Switches/GSM7212.aspx Best Regard Ralf - Original Message- Date: Sun, 04 Oct 2009 20:15h From: Anil Garg To: support@pfsense.com Subject: [pfSense Support] VLAN Capable switch I have a pfsense with two 10/100 PCI cards (acting as LAN & WAN router). I have a 4 port (quad) 10/100 PCI (ZNYX ZX374) card. If I were to add this card into the box and then add those ports and bridge them with each other (completely away from LAN WAN) will those four ports act like a VLAN capable switch? I don't don't have a VLAN capable switches and by introducing this will I be able to run a VLAN based segmented network. The traffic is not much Comments. Anil - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Transparent squid box on same subnet
Hi to all, I want to have a transparent squid proxy on a box which is in the same subnet with the pf lan. So i'm adding a nat to forward all traffic to 80 in the squids port but that makes a loop for the squids box traffic. Is there a rule so i don't include traffic from that host? Thanx in advance - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] VLAN Capable switch
I have a pfsense with two 10/100 PCI cards (acting as LAN & WAN router). I have a 4 port (quad) 10/100 PCI (ZNYX ZX374) card. If I were to add this card into the box and then add those ports and bridge them with each other (completely away from LAN WAN) will those four ports act like a VLAN capable switch? I don't don't have a VLAN capable switches and by introducing this will I be able to run a VLAN based segmented network. The traffic is not much Comments. Anil
RE: [pfSense Support] Wireless Setup
Hi, the ath(0) "atheros" driver with my D-Link DWL-G520 PCI WLAN-Card supports these three types: - Infrastructure (BSS) - Ad-Hoc (IBSS) - Access Point So it should work for your ;-) Best regards. Ralf -Original Message - Date: Sat, 03 Oct 2009 18:41h From: "Joseph L. Casale" To: "'support@pfsense.com'" Subject: RE: [pfSense Support] Wireless Setup >You should have a look which wifi chip supports the AP mode. >I know that the old intel (example 2200BG) chips couldn't be used in AP >mode. > >I have bought a Wistron CM9 with Atheros chip and use it with Askozia >(Asterisk PBX based on FreeBSD). Works fine in AP mode. So it should ok >for pfSense too. > >Best is to have a look at >http://www.freebsd.org/releases/7.0R/hardware.html#WLAN for supported >cards. Thanks Dominik and Ralf, That was something I didn't know (ap mode). jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Pfsense 1.2.3 alix 2d13 IDE disk installation problem
Hi everyone, I have a alix 2d13 onboard.I need installation pfsense 1.2.3 on ide disk. http://forum.pfsense.org/index.php/topic,13509.0.html I'm installation change config.xml for nic lan wan and edit /etc/fstap and replace all disk name ad0 . system when booting an error message ; - http://www.cehturkiye.com/hpdiskerror.bmp - http://www.cehturkiye.com/hperrordisk2.bmp - http://www.cehturkiye.com/error.txt What should I do ? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
