Re: [pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)
Michael Schmitt wrote: Try this http://doc.pfsense.org/index.php/NanoBSD_on_WRAP Thanks for the suggestion, although I didn't try it in the end. A working fix was posted on the forum yesterday ( http://forum.pfsense.org/index.php/topic,20405.msg107813.html#msg107813 ) -> You need to set the bios power management mode to APM on the alix boards with VGA to be able to boot pfSense. May I suggest putting this in the wiki somewhere ? (I'm hitting my head against the wall right now for spending 2 weeks on trying to fix this and not trying that simple bios setting :-) ) Thanks! Hans - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Is your embedded pfsense stable?
>Date: Wed, 2 Dec 2009 22:35:39 -0800 >From: mehmasa...@gmail.com >To: support@pfsense.com >Subject: [pfSense Support] Is your embedded pfsense stable? > >1.2.3-RC3, nanobsd on a Netgate Alix board with 256 MB RAM and a 8GB CF card. >The firmware and all have been>updated.> > >Have been playing around with this box as a firewall for the last couple of >weeks. Then I did the unthinkable>and ventured out of my comfort shell. >Installed DNS Blacklist, Snort and Backup. Well, I can report that>Backup runs >without problems. Initially DNS Blacklist ran but then I installed the dreaded >pig... Snort. > >I had to try a few times for the install to take. Then Snort ran and I got >even bolder. I turned on a bunch>of rules without knowing what they actually >did. And that did me in. Keeping my eye on the RAM - I reached>84% and then it >happened. As Snort rules get exercised, memory usage skyrockets and froze my >little Alix>box. > >So, my question really is how far can these little machines be pushed? > >Mehma you said it yourself, Snort is a pig. it takes a decent amount of RAM to run it effectively. i wouldnt run it with anything less than a gig of ram even on a dedicated system as it can consume it pretty fast. the Alix board should be more than enough for any of the other plugins or services you put on there, Squid might be an exception depending on how you configure it. -Sean - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] boot failure on alix with pfSense 1.2.3-RC3 (or more recent snapshots)
Hans Maes wrote: > Thanks for the suggestion, although I didn't try it in the end. > A working fix was posted on the forum yesterday ( > http://forum.pfsense.org/index.php/topic,20405.msg107813.html#msg107813 ) > > -> You need to set the bios power management mode to APM on the alix > boards with VGA to be able to boot pfSense. > > May I suggest putting this in the wiki somewhere ? I added that to the Boot Troubleshooting doc on the Wiki, thanks! Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSense advocacy
* cost you can build as many pfsense boxes as you like without incurring any costs, or any additional costs over a single support fee you can keep cheap PC-type spares around, with cisco keeping spares duplicates hardware and license costs software upgrades are free hardware upgrades are at commodity PC prices * upgrades software upgrades are generally straight forward hardware upgrades are easy: - drop in more memory or network cards as it's a PC - for a total upgrade simply copy the config file to a new box and fix it * features very rich feature set with no hidden extra costs * debugging and visibility very much easier to find out what's going on as you have a full command line; you can also install extra bits of freebsd too if needed. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Is your embedded pfsense stable?
On Thu, Dec 3, 2009 at 1:35 AM, mehma sarja wrote: > 1.2.3-RC3, nanobsd on a Netgate Alix board with 256 MB RAM and a 8GB CF > card. The firmware and all have been updated. I installed on a WRAP 2-ethernet system at my home the Nov 3 snapshot on Nov 3. I applied the boot sector patch as outlined on the wiki to let it boot on the WRAP. So far, it has locked up twice. The first time I was unable to get the serial console to respond, nor pings, nothing. The second time I was in a hurry (the Boss was in the family room waiting for her laptop to get to the net) so I just power cycled it. Right now I'm suspected it overheated, so I moved stuff around to give it more air. If it happens again, I'll dig deeper. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Old Firebox question
Hi folks, In a former like I replaced an overworked Firebox with an IPCop installation (this was before I knew about pfSense, all my firewalls are now pfSense now. Anyways... the only thing I miss about that Firebox was this cool little graphical traffic graph that updated in real time. On one side of the screen they had the external IP and port or protocol, and on the other was the internal IP and port/protocol. I've got the rate package installed which does a nice job of breaking down the traffic, but its not as pretty. Does anyone know what I'm taking about, and if so, does anyone know about a package out there that might replicate this completely frivolous non-security related eye-candy? With regards, - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Old Firebox question
Hi, You mean the one they had on the front of the watchguard firebox 2 and 3 models? They replicated those in the wsm ui. In the Firebox X series they have a sort of star interpretation instead of the triangle. You could flip the role of the primary lan and wan interface on that one to show a direction of the traffic. Although practically doable in SVG, I doubt anyone from the m0n0wall camp ever considered building such a SVG graph. in pfSense however it would make for a fine graph. I'm thinking of something that would look a bit like this. http://www.aditus.nu/jpgraph/img/gallery/radarlogex1.png The multi interface traffic graph. It would make a nice dashboard widget whilst at the same time consuming less space. Regards, Seth Op 3 dec 2009, om 17:18 heeft Tim Dressel het volgende geschreven: > Hi folks, > > In a former like I replaced an overworked Firebox with an IPCop > installation (this was before I knew about pfSense, all my firewalls > are now pfSense now. > > Anyways... the only thing I miss about that Firebox was this cool > little graphical traffic graph that updated in real time. On one side > of the screen they had the external IP and port or protocol, and on > the other was the internal IP and port/protocol. I've got the rate > package installed which does a nice job of breaking down the traffic, > but its not as pretty. > > Does anyone know what I'm taking about, and if so, does anyone know > about a package out there that might replicate this completely > frivolous non-security related eye-candy? > > With regards, > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Old Firebox question
> Date: Thu, 3 Dec 2009 08:18:13 -0800 > From: tjdres...@gmail.com > To: support@pfsense.com > Subject: [pfSense Support] Old Firebox question > > Hi folks, > > In a former like I replaced an overworked Firebox with an IPCop > installation (this was before I knew about pfSense, all my firewalls > are now pfSense now. > > Anyways... the only thing I miss about that Firebox was this cool > little graphical traffic graph that updated in real time. On one side > of the screen they had the external IP and port or protocol, and on > the other was the internal IP and port/protocol. I've got the rate > package installed which does a nice job of breaking down the traffic, > but its not as pretty. > > Does anyone know what I'm taking about, and if so, does anyone know > about a package out there that might replicate this completely > frivolous non-security related eye-candy? > > With regards, > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > personally i get most of that style info from the ntop package. theres also an addon widget that adds IP information next to the traffic graph, forgot what its called - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Old Firebox question
-Original Message- From: Sean Cavanaugh [mailto:millenia2...@hotmail.com] Sent: Thursday, December 03, 2009 9:18 AM To: support@pfsense.com Subject: RE: [pfSense Support] Old Firebox question > Date: Thu, 3 Dec 2009 08:18:13 -0800 > From: tjdres...@gmail.com > To: support@pfsense.com > Subject: [pfSense Support] Old Firebox question > > Hi folks, > > In a former like I replaced an overworked Firebox with an IPCop > installation (this was before I knew about pfSense, all my firewalls > are now pfSense now. > > Anyways... the only thing I miss about that Firebox was this cool > little graphical traffic graph that updated in real time. On one side > of the screen they had the external IP and port or protocol, and on > the other was the internal IP and port/protocol. I've got the rate > package installed which does a nice job of breaking down the traffic, > but its not as pretty. > > Does anyone know what I'm taking about, and if so, does anyone know > about a package out there that might replicate this completely > frivolous non-security related eye-candy? > > With regards, > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > personally i get most of that style info from the ntop package. theres also an addon widget that adds IP information next to the traffic graph, forgot what its called - If only NTOP was stable on more than 1% of installssigh RATE is the package with that functionality... and it is a very welcome addition to the package family! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Is your embedded pfsense stable?
This begs the question what can snort be run on? As I experienced, the pig fended off 2 intrusions - something in the porn arena - during the first few hours. That's pretty useful.
RE: [pfSense Support] PFSense advocacy
Commercial support is top notch. We had an obscure issue with Xenserver, but it was only affecting a subset of our users who had a VPN connection. I thought it was a VPN issue, so the pfsense guys worked with me all the way down to a detailed packet analysis. They gave me great information that led back to the server and helped me diagnose this tricky issue that had nothing to do with pfsense. Thank you! -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Wednesday, December 02, 2009 4:54 PM To: support@pfsense.com Subject: Re: [pfSense Support] PFSense advocacy On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal wrote: > I realize this is a support forum, so if there is a better place to > post this, I will take it there. > > So, I'm trying to get a pfsense box in the shop because I've enjoyed > working with it on my own setup. The boss is fairly open-minded and > open to a healthy discussion on the topic, but in the end, he wants to > know why this would be preferable to a Cisco solution. > > Since I've never worked extensively with Cisco, can someone give me a > few salient points to throw at him. I already used the cost argument, > he wants more. Commercial support should help put Boss's worries at bay: https://portal.pfsense.org/ Between this, the mailing list and forum you are covered. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] How to ensure packets go out of the IP they came I on?
Dear All, I have multiple ISP's connected to my pfSense box, but only the ISP that is configured as the WAN seems to be able to route traffic. Attempts to come into ISP configured on OPT1 seem to make it to the firewall, get through, but I see a entry in the firewall saying that a packet from the internal LAN attempted to go out and was blocked. Why does the happen, and how can I make sure that all virtual IPs work when the NAT rules say ANY ip address. --- Kind Regards, Mr Gabriel
Re: [pfSense Support] PFSense advocacy
I also can vouch for the commercial support. The team understands that you most likely have others who are waiting for you to fix this... and its not just you.. but its many that need the support... and your just the gateway. Much much better than the sonic boom i got when I found out the poor level of service I got with the competition. On Dec 3, 2009, at 5:01 PM, Borowicz, Paul wrote: > Commercial support is top notch. We had an obscure issue with Xenserver, but > it was only affecting a subset of our users who had a VPN connection. I > thought it was a VPN issue, so the pfsense guys worked with me all the way > down to a detailed packet analysis. They gave me great information that led > back to the server and helped me diagnose this tricky issue that had nothing > to do with pfsense. > > Thank you! > > -Original Message- > From: Scott Ullrich [mailto:sullr...@gmail.com] > Sent: Wednesday, December 02, 2009 4:54 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] PFSense advocacy > > On Wed, Dec 2, 2009 at 4:26 PM, Ron García-Vidal > wrote: >> I realize this is a support forum, so if there is a better place to >> post this, I will take it there. >> >> So, I'm trying to get a pfsense box in the shop because I've enjoyed >> working with it on my own setup. The boss is fairly open-minded and >> open to a healthy discussion on the topic, but in the end, he wants to >> know why this would be preferable to a Cisco solution. >> >> Since I've never worked extensively with Cisco, can someone give me a >> few salient points to throw at him. I already used the cost argument, >> he wants more. > > Commercial support should help put Boss's worries at bay: > > https://portal.pfsense.org/ > > Between this, the mailing list and forum you are covered. > > Scott > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional > commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to ensure packets go out of the IP they came I on?
On Thu, Dec 3, 2009 at 7:42 PM, Gabriel - IP Guys wrote: > Dear All, > > > > I have multiple ISP’s connected to my pfSense box, but only the ISP that is > configured as the WAN seems to be able to route traffic. Attempts to come > into ISP configured on OPT1 seem to make it to the firewall, get through, > but I see a entry in the firewall saying that a packet from the internal LAN > attempted to go out and was blocked. Why does the happen, and how can I make > sure that all virtual IPs work when the NAT rules say ANY ip address. > That's how it works by default. Not enough info there to tell you what you have setup that makes it not do that. Post your NAT, rules, and anything else that may be relevant. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
