[pfSense Support] Attachments very slow to download from Hotmail
Hi all, Odd problem. Attachments take an AGE to download from Hotmail. As far as I can tell it does not affect our POP3 mail or Google Mail. I have pfSense 1.2.2 with squid running as a transparent proxy. No fancy routing, just NAT. Adam - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Attachments very slow to download from Hotmail
On 01/06/10 11:29, Adam Egan wrote: Hi all, Odd problem. Attachments take an AGE to download from Hotmail. As far as I can tell it does not affect our POP3 mail or Google Mail. I have pfSense 1.2.2 with squid running as a transparent proxy. No fancy routing, just NAT. MTU path discovery problem? are you blocking icmp? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Guide for p ackage deployment | architecture of pfSense
On 31/05/10 08:23, bsd wrote: I am looking for a guide or an answer that could help me to understand how pfSense is architectured maybe buy the book off amazon? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Attachments very slow to download from Hotmail
Paul Mansfield wrote: On 01/06/10 11:29, Adam Egan wrote: Hi all, Odd problem. Attachments take an AGE to download from Hotmail. As far as I can tell it does not affect our POP3 mail or Google Mail. I have pfSense 1.2.2 with squid running as a transparent proxy. No fancy routing, just NAT. MTU path discovery problem? are you blocking icmp? pfSense 1.2.2 is very old and out of date. Before anything else, upgrade. Then look at this: http://doc.pfsense.org/index.php/Squid_Package_Tuning - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Guide for packag e deployment | architecture of pfSense
I have the book, and it does not contain the type of information the poster is looking for, specifically, the lower level structure of the boot process, differences in said structure/organization between live/embedded/full, nor differences between 1.2.3 and 2.0. Documentation of the packaging system and system architecture is non-existent AFAIK. Thats not to say the book is not worthwhile, but it is mostly a high level tour through the features of 1.2.3. Gordon Russell Clarke County IT - Original Message - From: Paul Mansfield it-admin-pfse...@taptu.com To: support@pfsense.com Sent: Tuesday, June 1, 2010 8:50:02 AM Subject: Re: [pfSense Support] Guide for package deployment | architecture of pfSense On 31/05/10 08:23, bsd wrote: I am looking for a guide or an answer that could help me to understand how pfSense is architectured maybe buy the book off amazon? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] CARP ip on different network range
Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP ip on different network range
Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: CARP ip on different network range
Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: CARP ip on different network range
Matias wrote: El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? To me it just does not make sense - to use IPs on WAN than can not be routed to you by Provider. What for? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 18:09, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? To me it just does not make sense - to use IPs on WAN than can not be routed to you by Provider. What for? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org The only IP reacheable from my ISP point of view should be the CARP one. Why would I like to have two routeable (and payed) public IP addresses on the real interfaces of each pfsense box that I'm not going to use ever? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: CARP ip on different network range
On Tue, Jun 1, 2010 at 12:24 PM, Matias matiassu...@gmail.com wrote: El 01/06/10 18:09, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? To me it just does not make sense - to use IPs on WAN than can not be routed to you by Provider. What for? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org The only IP reacheable from my ISP point of view should be the CARP one. Why would I like to have two routeable (and payed) public IP addresses on the real interfaces of each pfsense box that I'm not going to use ever? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org A typical deployment where redundant firewalls come into play would be a router on the edge with a switch behind it, and both firewalls on the switch. if you have a vlan capable switch like a cisco 2950 or something, you can handle outside, inside, and the betwen-box carp traffic all on the same switch. And still have room leftover for your LAN switching needs. 2950s tend to go for between $50 and $75, and their ability to do things like VLAN an spanning tree make their real value per dollar pretty damn high over what you can get at best buy. It struck me as odd at first to have a router outside the firewall since the firewall is the hardest box, and it would make sense for it to be furthest on the periphery of my network. But all a router is really doing is passing traffic from the ISP into the LAN. As long as you configure it to just pass traffic and allow telnet/ssh access from the LAN only, there is really very little to exploit. a simple cisco 2600 series router with 2 ethernet interfaces will take care of most peoples LAN - WAN routing needs and can be had for very cheap. for a little more you can even put an etherswitch module in it and take all your CARP traffic off the LAN switch. I usually reccommend a cisco router over a BSD box for WAN delivery duty since they rarely if ever need patching, they do simple wan delivery marvelously well, the config is dead simple, and they very very rarely fail. Just pass all traffic through it using a single NAT/PAT pool to give your pfsense boxen a few addresses to work with, and have your pfsense box do any rules/translations/etc for the LAN. A Cisco 2611xm or 2621xm can be had for under 200 on ebay. cheaper if you spend a little time hunting. I usually reccommend the XM models since they have much better throughput than the non-xm models of the same numbers. And a 16 mbit cable connection stresses them pretty hard (they were intended as T1 routers, modern broadband blows T1s away). But this is how you can easily do CARP with only 1 public IP being served to your premesis. Just think of your cisco router as another telco router... Set it up and forget it's there, and pretend like your pfsense boxes are the real edge devices. You might be thinking well then I don't have redundancy anymore... but chances are the next hop box your redundant pfsense boxes talk to isn't redundant anyways, so any way you think about it you lose redundancy upstream anyways. Of course buying cisco gear rubs some open source people the wrong way, and paying ~300 for network infrastructure rubs people that are
Re: [pfSense Support] pfSense 1.2.3/2.0 doesn't boot on Axiomtek NA-820
On Friday 28 May 2010 16:35:30 I wrote: [...] Both images do not boot at all. All I see is the Verifying DMI Pool Data stanza from the BIOS and that's it. No boot loader no nothing; serial is quiet (I even switched off the redirection of the BIOS POST to the serial device). After trying almost everything (LBA and CHS mode, writing the image both in my cardreader and from a Linux booted from an USB stick), I finally tried m0n0 1.34 and pfSense-1.2.2-Embedded. Both boot successfully from the CF card (didn't try the harddisk but I guess it should work, too). Oh, the pfSense-2.0 image on the 4 GB CF card almost booted on my WRAP (apart from the point where it breaks as described in the Wiki, but at least I saw some traces of the boot loader), so the image was flashed fine. [...] I finally made that thing boot, with the help from [3]. I had to install a FreeBSD on the internal harddrive (not as easy as it sounds without a CD-ROM, but the FreeBSD 8 memstick image [4] helped). Afterwards I was able to mount /dev/ad1s1a and copy /boot to /tmp. After that a `fdisk -B -b /tmp/boot/boot0 /dev/ad2` was needed and after a reboot everything worked. fdisk did spit out a lot of warnings (see below), but in the end it worked anyway. Is this some special case or could the official images be fixed up somehow so that they boot more reliably? [r...@dummybsd ~]# fdisk -B -b /tmp/boot/boot0 /dev/ad2 *** Working on device /dev/ad2 *** parameters extracted from in-core disklabel are: cylinders=31045 heads=16 sectors/track=63 (1008 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=31045 heads=16 sectors/track=63 (1008 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 3861585 (1885 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 758/ head 15/ sector 63 The data for partition 2 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 3861711, size 3861585 (1885 Meg), flag 0 beg: cyl 759/ head 1/ sector 1; end: cyl 493/ head 15/ sector 63 The data for partition 3 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 7723296, size 102816 (50 Meg), flag 0 beg: cyl 494/ head 0/ sector 1; end: cyl 595/ head 15/ sector 63 The data for partition 4 is: UNUSED Do you want to change the boot code? [n] We haven't changed the partition table yet. This is your last chance. parameters extracted from in-core disklabel are: cylinders=31045 heads=16 sectors/track=63 (1008 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=31045 heads=16 sectors/track=63 (1008 blks/cyl) Information from DOS bootblock is: 1: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 3861585 (1885 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 758/ head 15/ sector 63 2: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 3861711, size 3861585 (1885 Meg), flag 0 beg: cyl 759/ head 1/ sector 1; end: cyl 493/ head 15/ sector 63 3: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 7723296, size 102816 (50 Meg), flag 0 beg: cyl 494/ head 0/ sector 1; end: cyl 595/ head 15/ sector 63 4: UNUSED Should we write new partition table? [n] fdisk: Class not found Cheers, Malte [3]http://doc.pfsense.org/index.php/Boot_Troubleshooting [4]ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.0/8.0-RELEASE- i386-memstick.img - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Performance problems
Hi. We've installed pfSense 1.2.3 on a couple of Coyote Point 550i appliences and so far we're very happy. It has 2GB of memory and a Xeon 3000-something CPU. It's run to run some sort of FreeBSD so Nanobsd should be well supported. This week however, we started running some test through the firewall. We're stresstesting Varnish, a http accelerator. The problem is that the pfSense box seems to be the weakest link in the chain. Quickly we saw the state table run full. When we increased the size of the table we run out of CPU quite fast. Load (read using vmstat) jumps up to ~50. Is it probable that this is due to the overhead of state tracking? The book on pfSense doesn't really have any good advice and google hasn't turned up much. Is there a high performance tuning guide? TIA, Per. -- Per Buer, Varnish Software Phone: +47 21 54 41 21 / Mobile: +47 958 39 117 / skype: per.buer - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Performance problems
On Tue, Jun 1, 2010 at 2:08 PM, Per Buer pe...@varnish-software.com wrote: Hi. We've installed pfSense 1.2.3 on a couple of Coyote Point 550i appliences and so far we're very happy. It has 2GB of memory and a Xeon 3000-something CPU. It's run to run some sort of FreeBSD so Nanobsd should be well supported. This week however, we started running some test through the firewall. We're stresstesting Varnish, a http accelerator. The problem is that the pfSense box seems to be the weakest link in the chain. Quickly we saw the state table run full. When we increased the size of the table we run out of CPU quite fast. Load (read using vmstat) jumps up to ~50. Is it probable that this is due to the overhead of state tracking? When you hit the limit of your hardware, you'll run out of CPU. At what point that happens depends on the speed of the CPU, and what NICs you have. The ceiling for a given piece of hardware is packets per second rather than bandwidth, and large scale HTTP load testing can generate a lot of packets. The overhead is in the firewalling. At what throughput levels are you pegging the CPU? One other consideration with any HTTP load testing with stateful firewalls is to be careful with your methodology. Generating large numbers of requests from a single source IP will lead to source port reuse which will be problematic with any stateful firewall (you'll start to see some connections failing) and generally isn't indicative of real-world usage patterns. I suspect given your business, you probably already know that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Attachments very slow to download from Hotmail
Upgrading to 1.2.3 seemed to cure the problem... I will do some more testing and let the list know.. Any reason 1.2.2 would have a problem with hotmail? Adam On 1 June 2010 13:54, Gary Buckmaster g...@s4f.com wrote: Paul Mansfield wrote: On 01/06/10 11:29, Adam Egan wrote: Hi all, Odd problem. Attachments take an AGE to download from Hotmail. As far as I can tell it does not affect our POP3 mail or Google Mail. I have pfSense 1.2.2 with squid running as a transparent proxy. No fancy routing, just NAT. MTU path discovery problem? are you blocking icmp? pfSense 1.2.2 is very old and out of date. Before anything else, upgrade. Then look at this: http://doc.pfsense.org/index.php/Squid_Package_Tuning - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Attachments very slow to download from Hotmail
No, but since literally thousands of bugs were fixed since 1.2.2, its entirely possible that whatever was actually causing the problem was fixed. Adam Egan wrote: Upgrading to 1.2.3 seemed to cure the problem... I will do some more testing and let the list know.. Any reason 1.2.2 would have a problem with hotmail? Adam On 1 June 2010 13:54, Gary Buckmaster g...@s4f.com wrote: Paul Mansfield wrote: On 01/06/10 11:29, Adam Egan wrote: Hi all, Odd problem. Attachments take an AGE to download from Hotmail. As far as I can tell it does not affect our POP3 mail or Google Mail. I have pfSense 1.2.2 with squid running as a transparent proxy. No fancy routing, just NAT. MTU path discovery problem? are you blocking icmp? pfSense 1.2.2 is very old and out of date. Before anything else, upgrade. Then look at this: http://doc.pfsense.org/index.php/Squid_Package_Tuning - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Attachments very slow to download from Hotmail
On Tue, Jun 1, 2010 at 6:22 PM, Gary Buckmaster g...@s4f.com wrote: No, but since literally thousands of bugs were fixed since 1.2.2, its entirely possible that whatever was actually causing the problem was fixed. heh more like a dozen, and I don't recall any specific to MSS clamping or similar which sounds like the problem here, but could be something specific to Squid and you always want to be on the latest version. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: CARP ip on different network range
Matias wrote: El 01/06/10 18:09, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? To me it just does not make sense - to use IPs on WAN than can not be routed to you by Provider. What for? The only IP reacheable from my ISP point of view should be the CARP one. Why would I like to have two routeable (and payed) public IP addresses on the real interfaces of each pfsense box that I'm not going to use ever? Actually, I was wondering the same thing after my CARP adventure this weekend (which ended up with me rolling it back to the original one box config due to the way port forwarding works when based on the WAN address). If the idea of CARP is to have multiple IP's shared between a pair of machines, and the address for the boxes themselves are not used for anything, why burn a usable IP on them? Why not assign them an IP outside of the subnet they are physically sitting on? One can do this with a VMWare box (I have multiple IP's running on an interface that is outside of the subnet the interface is on, and another that doesn't even have an IP assigned to it that deals with multiple IP's via vmware server), so why not with a WAN address on a pair of CARP'ed machines? The only thing I could see it breaking would be if the pfs boxes are pulling data (NTP updates, packages, etc) from the outside, but that assumes that these kinds of things default to the WAN address and can't be redirected out one of the CARP addresses. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: CARP ip on different network range
On Tue, Jun 1, 2010 at 11:09 PM, Justin The Cynical cyni...@penguinness.org wrote: If the idea of CARP is to have multiple IP's shared between a pair of machines, and the address for the boxes themselves are not used for anything, why burn a usable IP on them? Why not assign them an IP outside of the subnet they are physically sitting on? Because that's the way CARP works. There are no alternatives short of porting carpdev which is not easy. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Guide for package deployment | architecture of pfSense
On Mon, May 31, 2010 at 3:23 AM, bsd b...@todoo.biz wrote: Hello, I am looking for a guide or an answer that could help me to understand how pfSense is architectured in term of directory (FreeBSD level)… The goal of this question is to be able to solve various problems related to the deployment of a package on a pfSense box. - rc.conf equivalent on pfSense (with implementation examples) There isn't one. - guidelines of the architecture (for embedded and Live install) - specification related to the architecture (specific mechanism) - highlight of differences between 1.2.3 and 2.0 architecture And there really isn't anything on the above either, short of reading the source. The dev info that is available is here: http://doc.pfsense.org/index.php/Category:Development http://devwiki.pfsense.org - though there is a lot of outdated info there, check the last revision, if it's 2 years or more ago it's probably not accurate - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org