date:20100506

[pfSense Support] slow captive portal

2010-05-06 Thread Marc Boisis-Delavaud


Hello,

I'm using pfsense as captive portal in our university, but the time to get the 
authentication page is very long (20-30s).
My version is 1.2.3, load average is around 0,2, the only thing is a lot of 
error in lighttpd.error.log:

2010-05-06 16:01:08: (connections.c.292) SSL: 1 error:1407609C:SSL 
routines:SSL23_GET_CLIENT_HELLO:http request

Help
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] 3 interface box with transparent bridge between 2 of them

2010-05-06 Thread Tim Dickson

>... Any idea as to 1.x and not plugging a cable into WAN while bridging 2 OPTs?

Setup WAN to a VLAN - just to get it out of the way...

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] 3 interface box with transparent bridge between 2 of them

2010-05-06 Thread drew Roberts

On Thu, May 6, 2010 at 2:13 PM, Tim Dickson  wrote:
>>... Any idea as to 1.x and not plugging a cable into WAN while bridging 2 
>>OPTs?
>
> Setup WAN to a VLAN - just to get it out of the way...

I put in an extra nic so that I have a box with 4 nics.

WAN configured but unused.
LAN for management.
OPT1 bridge with OPT2
OPT2 bridge with OPT1

I had traffic passing over the bridge as far a I could tell but I was
having rules errors and could not get other things to show/graph.

Tomorrow I want to try using WAN for management and ignoring LAN and
seeing if I can get better results. I think I need to dig into what
form the rule to let me manage from the WAN needs to look like.

I have not been configuring any VLANs on this box at all. How would I
go about not doing what I suggest above but instead setting WAN to a
VLAN as you suggest?

all the best,

drew
-- 
http://freemusicpush.blogspot.com/

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] 3 interface box with transparent bridge between 2 of them

2010-05-06 Thread Tim Dickson

> How would I go about not doing what I suggest above but instead setting WAN 
> to a VLAN as you suggest?

When setting up your NICS - choose YES to add VLANS.
Just add some extra VLANS even if you aren't using them.
OR you can set it up in the GUI after, by adding VLANS then assigning to the 
interface.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] 3 interface box with transparent bridge between 2 of them

2010-05-06 Thread drew Roberts

On Thu, May 6, 2010 at 4:48 PM, Tim Dickson  wrote:
>> How would I go about not doing what I suggest above but instead setting WAN 
>> to a VLAN as you suggest?
>
> When setting up your NICS - choose YES to add VLANS.
> Just add some extra VLANS even if you aren't using them.
> OR you can set it up in the GUI after, by adding VLANS then assigning to the 
> interface.

Sure, but is there any particular way I should set them up before
assigning the WAN to it so that it will work as you suggest?

Perhaps I am being dense...

Thanks for the replies.

all the best,

drew
-- 
http://freemusicpush.blogspot.com/

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

2010-05-06 Thread Danny

Hi,

I´ve got to pfsense 1.2.3 boxes (CARPed), and I´m experiencing issues
accessing from the outside to the inside using PAT. (From WAN to OPT2)

I don´t think the problem are rules, becasue sometimes works and sometimes
not

I tcpdumped the traffic, and it seems is working but sometimes not... I also
parse the log

First try connection, dropped
May 6 18:20:19 block em1 TCP 88.215.163.167:55944 192.168.212.171:22

Second try connection timed out
May 6 18:30:09 pass em1 TCP 88.215.163.167:56122 192.168.212.171:22

Third try, dropped (but the intial prompt was seen)
May 6 18:35:24 block em1 TCP 88.215.163.167:55944 192.168.212.171:22

PAT Rules are ok. Access rules ok, but sometimes I see dropped the traffic
by default rule, when a couple of rules below there are a explicit rule to
permit the traffic WAN and LAN

PAT for 88.215.163.167 to SSH is 22171 > 192.168.212.171 port 22
Any clue?

(Obviously IPs are fictitious)
-- 
dpc

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

2010-05-06 Thread Hans Maes


Danny wrote:


PAT Rules are ok. Access rules ok, but sometimes I see dropped the 
traffic by default rule, when a couple of rules below there are a 
explicit rule to permit the traffic WAN and LAN


Firewall rules are processed in a top-down order, first rule that 
matches is used, others below are ignored.
So if your default block rule is the first one on top, others will never 
match.


H.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] 2.0 traffic shaper reference

2010-05-06 Thread David Burgess

Is there a tutorial on the traffic shaper in 2.0? I read the related
FAQ or wiki page (now I forget which), I ran the wizard and found the
results not only confusing, but inconsistent with my responses, and I
have scoured the forums.

I don't understand why there is a floating interface, which is where
the wizard puts all the rules it creates. I make rules on the other
interfaces and found them ineffective. I don't understand why "quick"
is the default for firewall rules, but optional for the shaper. I also
found that option to be ineffective on the rules I created.

I don't expect anybody to explain all these things here on the list; I
don't even have a 2.0 instance booting at the moment. I just wanted to
point out what appears to be a lack of documentation or intuitive
interface so far.

Is this covered more in-depth in the book? I haven't seen the book
yet, but I would consider that an acceptable solution. Until I can
figure out shaper 2.0 though, I'm afraid that release is not much use
to me.

I love pfsense, I'm just sayin', because feedback helps to make a good
thing better.

db

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

2010-05-06 Thread Danny

I know that, but default rule is always the last (hidden). There is a
explicit rule to permit the traffic, if you read my mail, you will see that
sometimes is working, So I think is not a problem with the rules...

Thanks for your reply

On Thu, May 6, 2010 at 11:40 PM, Hans Maes  wrote:

> Danny wrote:
>
>>
>> PAT Rules are ok. Access rules ok, but sometimes I see dropped the traffic
>> by default rule, when a couple of rules below there are a explicit rule to
>> permit the traffic WAN and LAN
>>
>>  Firewall rules are processed in a top-down order, first rule that matches
> is used, others below are ignored.
> lock rule is the first one on top, others will never match.
>
> H.
>
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 
dpc

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

2010-05-06 Thread Evgeny Yurchenko


Danny wrote:

Hi,

I´ve got to pfsense 1.2.3 boxes (CARPed), and I´m experiencing issues 
accessing from the outside to the inside using PAT. (From WAN to OPT2)


I don´t think the problem are rules, becasue sometimes works and 
sometimes not


I tcpdumped the traffic, and it seems is working but sometimes not... 
I also parse the log


First try connection, dropped
May 6 18:20:19 block em1 TCP 88.215.163.167:55944 
 192.168.212.171:22 



Second try connection timed out
May 6 18:30:09 pass em1 TCP 88.215.163.167:56122 
 192.168.212.171:22 



Third try, dropped (but the intial prompt was seen)
May 6 18:35:24 block em1 TCP 88.215.163.167:55944 
 192.168.212.171:22 



PAT Rules are ok. Access rules ok, but sometimes I see dropped the 
traffic by default rule, when a couple of rules below there are a 
explicit rule to permit the traffic WAN and LAN


PAT for 88.215.163.167 to SSH is 22171 > 192.168.212.171 port 22
Any clue?

(Obviously IPs are fictitious)
--
dpc

Isn't 192.168.212.171 OPT's IP by chance?


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] slow captive portal

RE: [pfSense Support] 3 interface box with transparent bridge between 2 of them

Re: [pfSense Support] 3 interface box with transparent bridge between 2 of them

RE: [pfSense Support] 3 interface box with transparent bridge between 2 of them

Re: [pfSense Support] 3 interface box with transparent bridge between 2 of them

[pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

[pfSense Support] 2.0 traffic shaper reference

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

Re: [pfSense Support] Weird behaviour accessing from WAN to LAN using PAT on CARped system

10 matches

Site Navigation

Mail list logo

Footer information