Re: [pfSense Support] migrating pf to pfSense
On Tue, Feb 23, 2010 at 2:40 PM, David Newman wrote: > For possible migration of a couple of OpenBSD/pf boxes to pfSense, is > there a import facility for pf.conf configs? > No. I've done it manually a few times, not a big deal unless you have a huge ruleset. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] migrating pf to pfSense
For possible migration of a couple of OpenBSD/pf boxes to pfSense, is there a import facility for pf.conf configs? thanks dn - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Captive portal failure with subnets on LAN interface
On Tue, Feb 23, 2010 at 10:26 AM, Nigel Metheringham wrote: > I'm looking at pfsense 1.2.3. > > We have a requirement to push several subnets through a captive portal, so > expected pfsense to be able to do this (with the "Disable MAC filtering" > option). > > However any clients, other than on the local LAN network, that attempt to > route through the pfsense box get no packets back at all - no redirect to the > portal web page, nothing. > > This is due to the following pf rule being used to push packets to the > captive portal stuff:- > > pass in quick on $lan from 192.168.50.0/24 to any keep state \ > label "USER_RULE: Default LAN -> any" > That has nothing to do with what pushes to captive portal, that's your LAN rule. Edit that rule under Firewall > Rules, LAN tab. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] mlppp
I have a single ADSL connection that is mlppp capable. I'm running pfsense 1.2.3-Release on a net5501+Intel Pro/1000 GT (4 * 10/100 + 1 * 100/1000). I would like to eventually add more ADSL connections for loadbalancing, which is simple enough to set up when using NAT. However, I would like to ideally set up true bonding, or loadbalancing with a bridged LAN using public IP addresses. I found a post that makes it appear possible with 2.0. I'm using the same ISP as the poster: http://dslr.net/forum/r23826167-working-mlppp-in-pfsense-20 I'm not at all familiar with mlppp (I only discovered it today). 1. Will it accomplish what I'm looking to do? 2. Is there a better method to get this working than the cli stuff in the above post? I don't mind cli, I just prefer a config that is easily backed up and replicated, and I prefer using a product such as pfsense in a way that is somewhat convential, as support tends to be better that way. 3. Would the same hack work in 1.2.3? 4. Are there plans to support mlppp in the GUI, either the core distro or an optional package? db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Captive portal failure with subnets on LAN interface
Perhaps it should be optional, I came across this with redirection as well,
where the interface IP is hardcoded even if you select ''any'' there.
(which doesnt work if you have Squid on a different machine and redirect all
http traffic towards the squid box :-))
Cheerio,
Remko
On Feb 23, 2010, at 4:26 PM, Nigel Metheringham wrote:
> I'm looking at pfsense 1.2.3.
>
> We have a requirement to push several subnets through a captive portal, so
> expected pfsense to be able to do this (with the "Disable MAC filtering"
> option).
>
> However any clients, other than on the local LAN network, that attempt to
> route through the pfsense box get no packets back at all - no redirect to the
> portal web page, nothing.
>
> This is due to the following pf rule being used to push packets to the
> captive portal stuff:-
>
> pass in quick on $lan from 192.168.50.0/24 to any keep state \
> label "USER_RULE: Default LAN -> any"
>
> I can hack stuff so that things do work by changing /etc/inc/filter.inc (diff
> has been white space mangled to stop it wrapping):-
> diff -u filter.inc.orig filter.inc
> --- filter.inc.orig 2010-02-23 15:24:02.0 +
> +++ filter.inc 2010-02-23 15:24:04.0 +
> @@ -1752,7 +1752,7 @@
> $src = $lanip;
> break;
> case 'lan':
> -$src = "{$lansa}/{$lansn}";
> +$src = "any";
> break;
> case 'pptp':
> $src = "{$pptpsa}/{$pptpsn}";
>
>
> which feels like doing surgery with a chainsaw...
>
> Can anyone suggest a better fix for this? And how do I do a proper bug
> report to get this fixed in the next release...
>
> Nigel.
>
> --
> [ Nigel Metheringham nigel.methering...@intechnology.com ]
> [ - Comments in this message are my own and not ITO opinion/policy - ]
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
--
/"\ Best regards,| re...@freebsd.org
\ / Remko Lodder | re...@efnet
Xhttp://www.evilcoder.org/|
/ \ ASCII Ribbon Campaign| Against HTML Mail and News
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] torrent
> Would like to use allow a machine to access the internet directly and > download torrents. Am a newbie in pfsense but been able to port > forward the necessary ports to the mail server but am unable to allow > a machine to use squid in pfsense to dowload the torrent or even > allow an IP to download the torrent. Squid won't come in the picture to my best knowledge, as it only acts in between HTTP traffic. I only open up a range of ports (generally 6881-6889) to the machine that acts as a Torrent device (freenas for instance). The management port of Torrent is outside this range (for obious reasons :) ) good luck. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Captive portal failure with subnets on LAN interface
I'm looking at pfsense 1.2.3.
We have a requirement to push several subnets through a captive portal, so
expected pfsense to be able to do this (with the "Disable MAC filtering"
option).
However any clients, other than on the local LAN network, that attempt to route
through the pfsense box get no packets back at all - no redirect to the portal
web page, nothing.
This is due to the following pf rule being used to push packets to the captive
portal stuff:-
pass in quick on $lan from 192.168.50.0/24 to any keep state \
label "USER_RULE: Default LAN -> any"
I can hack stuff so that things do work by changing /etc/inc/filter.inc (diff
has been white space mangled to stop it wrapping):-
diff -u filter.inc.orig filter.inc
--- filter.inc.orig 2010-02-23 15:24:02.0 +
+++ filter.inc 2010-02-23 15:24:04.0 +
@@ -1752,7 +1752,7 @@
$src = $lanip;
break;
case 'lan':
-$src = "{$lansa}/{$lansn}";
+$src = "any";
break;
case 'pptp':
$src = "{$pptpsa}/{$pptpsn}";
which feels like doing surgery with a chainsaw...
Can anyone suggest a better fix for this? And how do I do a proper bug report
to get this fixed in the next release...
Nigel.
--
[ Nigel Metheringham nigel.methering...@intechnology.com ]
[ - Comments in this message are my own and not ITO opinion/policy - ]
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
[pfSense Support] torrent
Hi all, Would like to use allow a machine to access the internet directly and download torrents. Am a newbie in pfsense but been able to port forward the necessary ports to the mail server but am unable to allow a machine to use squid in pfsense to dowload the torrent or even allow an IP to download the torrent. Please help Regards - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
