[pfSense Support] script-heavy sites not blocked, but still not loading
Certain sites refuse to fully load behind our pfsense 1.2.2 firewall. These tend to be script-heavy sites. for example, http://dictionary.reference.com The sites are not blocked by squidguard - they load partially but never finish loading. The problem happens across browsers and platforms. If I curl the site in my terminal, it works fine. Setting my laptop's proxy settings to always ignore proxy on *reference.com didn't help. But when I plug a laptop directly into the cable modem outside the firewall, the sites load properly. Any ideas on how to fix this? Thanks - Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ADSL2+ PCI Card (from LinITX.com) in a pfSense Box ?
> On 14/10/10 23:44, Gavin Spurgeon wrote: >> Just stumbled upon this cool little PCI card over @ LinITX.com > ... >> mode, If I had a pfSense unit that could use this (or similar) PCI card >> I could scrap my current Cheap Home Router and just have a pfSense box >> connected direct to my ISP. > having had an external modem go bad (draytek vigor) after a bad thunderstorm but the attached computer survived without a glitch (on a UPS), I'd be very reluctant to integrate the ADSL card into a computer as there's bound to be less isolation. that said, if the card has a freebsd driver, it should work just fine. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] script-heavy sites not blocked, but still not loading
On 15/10/10 15:17, Luke Jaeger wrote: > Certain sites refuse to fully load behind our pfsense 1.2.2 firewall. it sounds a bit like MTU being broken try reducing mtu to 1400? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ADSL2+ PCI Card (from LinITX.com) in a pfSense Box ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Paul, >> On 14/10/10 23:44, Gavin Spurgeon wrote: >>> Just stumbled upon this cool little PCI card over @ LinITX.com >> ... >>> mode, If I had a pfSense unit that could use this (or similar) PCI card >>> I could scrap my current Cheap Home Router and just have a pfSense box >>> connected direct to my ISP. >> > > having had an external modem go bad (draytek vigor) after a bad > thunderstorm but the attached computer survived without a glitch (on a > UPS), I'd be very reluctant to integrate the ADSL card into a computer > as there's bound to be less isolation. > > that said, if the card has a freebsd driver, it should work just fine. I would normally agree, but the PC in question would be a cheap ITX type unit anyway, as I would rather not have 2 devices plugged in wasting power when I could just have 1. This would be for a home www connection anyway, so no real shame if it did blow up. The details of the card seem to say it is seen by the host system as a Realtek 10/100 Network Port (RTL8100CL) and the card does the hard work. So I guess the real question is... Does pfSense support the RTL8100CL Nic ? - -- Gavin Spurgeon. AKA Da Geek - -- "The happiest of people don't necessarily have the best of everything, they just make the most of everything that comes along their way.." -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky4jEcACgkQvp6arS3vDip25ACg5D7Fsektja775goMLHVf9H4m Z28AoLerY+brZjjTnO+oGsTrYjHNjZ84 =ALzs -END PGP SIGNATURE- -- This message was scanned by DaGeek Spam Filter and is believed to be clean. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] script-heavy sites not blocked, but still not loading
I'll try it - do I need to do that on every interface? or just WAN? Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org On Oct 15, 2010, at 12:44 PM, Paul Mansfield wrote: On 15/10/10 15:17, Luke Jaeger wrote: Certain sites refuse to fully load behind our pfsense 1.2.2 firewall. it sounds a bit like MTU being broken try reducing mtu to 1400? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Slow Captive Portal pages
We are experiencing some extremely slow captive portal pages. Are there any tweaks we might make that will speed this up? If we take the same test machine and put it on another network, all web pages come up quickly. This is just the initial redirect page. Thank you Dwane
[pfSense Support] TinyDNS on 2.0beta4 ?
Chris/anyone, Does the TinyDNS package work correctly under 2.0BETA4? Thanks, -Adam Thompson athom...@c3a.ca <>- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Slow Captive Portal pages
On 10/15/2010 07:31 PM, Atkins, Dwane P wrote: We are experiencing some extremely slow captive portal pages. Are there any tweaks we might make that will speed this up? If we take the same test machine and put it on another network, all web pages come up quickly. This is just the initial redirect page. I had the same problem a few months ago. In my case the cause was the radius accounting database was getting full, so the radius was slowing down, which caused the captive portal to be extremely slow. Funny thing was it was only for some users. (the most active ones with most accounting records in the database) Other users could log in at normal speed. Regards, H.
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On 10/14/10 2:57 PM, Eugen Leitl wrote: On Thu, Oct 14, 2010 at 02:41:10PM -0700, Mehma Sarja wrote: So the current comparison is between a fanless enclosure and a supermicro atom server. Let's leave off the drive and memory for now. You will need some minimal air flow, especially in a rack. I think the Supermicros are a bit on the "too low" side. The axial fan one (haven't seen it yet) might do better. I am wondering if there is a kit to move the ps outside or replace it with a fanless one? The only fans in this thing is the ps fan/s. I'll probably spring for a SSD as suggested. Do I need 4 GB memory or So far, Transcend SLC SSD and Intel 2nd gen MLC SSD. No failures, so far. Someone suggested running off a USB stick. Wouldn't that limit some packages which want storage or speedy storage? [snip] So, now let's talk memory and drive. I'd want to use only what I need to reduce heat and power useage. It seems like you get more with the supermicro server that the fanless box. The ps - 80 watts is probably Fanless box might be ok if it's got enough surface and is mounted so that it can be passively cooled by convection. Yea, the fanless option still appeals to me because fans get on my nerves. Newegg lists the atom server at 370 + 15 shipping, provantage lists it forty bucks cheaper - http://www.provantage.com/supermicro-sys-5015a-phf~4SUP91RC.htm. Building it yourself: 70 + 15 for the case, 200 +8 for the MB = 293 - which is 50 bucks cheaper than provantage. I'd rather spend the extra 50. Newegg also provides bundles with 2 GB memory and 3.5" SATA drive. Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
>>> I'll probably spring for a SSD as suggested. Do I need 4 GB memory or >> So far, Transcend SLC SSD and Intel 2nd gen MLC SSD. No failures, so far. Don't take SSDs for granted. When they fail, they *really* fail. I have an OCZ Vertex in my desktop PC, and 2 months ago it failed spectacularly. Just over 1 year old and the PC BSOD'd ... on reboot, POST wouldn't even see the drive. There is a jumper on it to go into a secondary bootloader, and I was able to reflash it back to working condition ... but all data was lost. 2 months later it failed again the same way. > Someone suggested running off a USB stick. Wouldn't that limit some packages > which want storage or speedy storage? You can install the full version on a USB stick of CF card ... but you get into the usual long-term reliability with flash based devices. HDDs work in the fanless cases as well ... you just have to make sure the case is not covered and in a reasonably well ventilated area. > Yea, the fanless option still appeals to me because fans get on my nerves. Mine is in my home, so noise really is key. Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] script-heavy sites not blocked, but still not loading
On Fri, Oct 15, 2010 at 7:22 PM, Luke Jaeger wrote: > I'll try it - do I need to do that on every interface? or just WAN? > Just WAN. Also sounds like the most likely cause to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] TinyDNS on 2.0beta4 ?
On 10/15/2010 2:52 PM, Adam Thompson wrote: > Chris/anyone, > Does the TinyDNS package work correctly under 2.0BETA4? Yes, we have one customer running it on 2.0 with around 15,000 records. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
On 10/15/10 2:27 PM, Jeppe Øland wrote: [snip] HDDs work in the fanless cases as well ... you just have to make sure the case is not covered and in a reasonably well ventilated area. This is getting interesting, someone on the list mentions that 2.5" drives are not reliable for 24x7x365 situations - so are you using a 3.5" drive? My setup is at home as well and it is just not fan noise - we see MUCH more dust than a traditional server room. That fan is not going to last long. Although a regular PC fan does fine for years - that PC does not perform 24x7x365 duty. So, you got me leaning towards the fanless case again with maybe a 3.5" drive. I can try for a single platter drive. Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?
I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server. Usually pfSense checks most things and tells me when I stuff up, but on this occasion it did not. I'm pretty sure it checks for duplicate MAC addresses, should it check for duplicate IP's also? Yeah I should have noticed, but for some reason I didn't see it. I can edit an entry to use a duplicate IP and it accepts it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Routing Multiple Static IPs
Hi All, Having a bit of a problem wrapping my head around a particular network setup. Basically the scenario is as follows: -- 1 ISP (Cable Internet Provider) -- 5 Available static IPs -- 1 Cable Modem -- 1 Generic PC with 2 NICs (running pfSense) -- 1 Gigabit Switch with 20+ PCs connected The current physical setup is as follows: ISP (5 STATIC IPs) --> CABLE MODEM --> pfSense Box (2 NICs) --> 32-port Gb Switch --> 20+ PCs I need to be able to do each of the following: 1) Connect a router downstream from the pfSense box to use 1 of the 5 available IPs -- so as to segregate networks 2) Route all traffic from 2 of the 5 available static IPs to a single PC whilst maintaining their "internal" (10.0.0.x) status. I'm not really sure what I need to be looking into for this -- VLANs, BGP, General Multihoming, NAT? Do I need more hardware? Be as descriptive as you deem necessary. Currently the entire network is just running off a single static IP address (i.e. a run-of-the-mill cable internet setup with pfSense box as the router) Best, Michael - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?
- Original Message - From: "Tortise" To: Sent: Saturday, October 16, 2010 3:56 PM Subject: [pfSense Support] 1.2.3-Release - minor user protection improvement suggestion? I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server. Usually pfSense checks most things and tells me when I stuff up, but on this occasion it did not. I'm pretty sure it checks for duplicate MAC addresses, should it check for duplicate IP's also? Yeah I should have noticed, but for some reason I didn't see it. I can edit an entry to use a duplicate IP and it accepts it. OK found the reason for this: "Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address" as posted at http://blog.pfsense.org/?author=2&paged=3 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org