Re: [pfSense Support] RRD graphs / Quality - Shows 2 WANs
Op 22-11-2010 8:38, Jeppe Øland schreef: Never seen this one before. Hi, Now when I look at the RRD graphs, something is funky. Traffic and Packets show as expected ... but Quality has 2 sets of graphs. The drop-down to select an interface shows 2 WAN entries. What version are you on? I assume it's a bug ... maybe related to the move and WAN getting a new MAC. Can I clear one set of the values? (or merge it to the other?) Merge, No. You can however delete on of the 2 databases from /var/db/rrd/ Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] RRD graphs / Quality - Shows 2 WANs
Never seen this one before. I moved my pfSense installation to a different machine temporarily ... backup of the old configuration (with RRD data), and restore on the new one. After mucking with the original hardware, I moved it back again ... backup of the new configuration (with RRD data), and restore on the original one. Now when I look at the RRD graphs, something is funky. Traffic and Packets show as expected ... but Quality has 2 sets of graphs. The drop-down to select an interface shows 2 WAN entries. I assume it's a bug ... maybe related to the move and WAN getting a new MAC. Can I clear one set of the values? (or merge it to the other?) Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
Resurrecting an old thread. I just tried installing pfSense 2.0 embedded on a new box. It's not working and of course I don't have a serial port on any PC around me. Guess what I DO have ... VGA and a keyboard. Are there any plans to get VGA support added soon-ish? Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
hi, just my simple idea, not sure if it fits perfectly. setup the interface on the firewall to 192.168.0.0/23 p.e. if-address 192.168.0.1 add a second virtual IP (carp) to the Lan IF 192.168.1.1 ( as gateway address for the second /24 ) add certain rules for it if neccessary. TROUBLESHOOTING: for checking if you have trouble with fw rules log in to the shell per ssh, press 8 and type in tcpdump -ni pflog0 ( not 100% sure if i remember right) fits to 192.168.0.0/24 and 192.168.1.0/24 clients can still use /24 as subnetmask use ipcalc for calculating the right numbers where should be fitting to your purposes if i remember well you cannot use 192.168.1.1 as starting net, thats against the subnetting rules of tcp-ip ( masking with a bitmask leads to 192.168.0.0/23) NO GO: DHCP in that interfaces with splitted solution for both /24 speak: dhcpd cannot easy differ to what /24 range he should give asked addresses ( wlan/wired will result in same addressrange than) everything beside that needs more setup e.g. putting mac-addresses in the DHCP-config. hth greetings michael -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] LCD driver for TEAK 3035S
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi List, >>The Teak 3035 uses the serial port 1 to communicate with the LCM. I have now got a Teak 3035S from :- http://linitx.com/viewproduct.php?prodid=12711 The unit is brilliant, but I have the issue with the LCD panel as well. I have PF v1.2.3 installed and working brilliantly and I also installed the lcpproc package, but this is where the issues started. The Serial Port detected but PF is /dev/caud1 and the lcdproc package expects the port to be /dev/cau1 I changed all references in all the files to /dev/caud1 and left the driver as pyramid, this got me to a stage where teh LCD now just cycles with the word 'Initializing...' and then goes blank and restarts the LCD and show 'Initializing...' again and again... but never shows any real info. The LCD is a 2 row x 20 column display, but I have no way to find out what driver it needs from the list in the lcdproc package... Can anyone point me in the correct direction, otherwise this is a >£600 unit that i could replace with a ~£300 (like these units :- http://linitx.com/viewproduct.php?prodid=12508 or this unit that has *2* alix 3 NIC units in a 1U chassis for £312.42 http://linitx.com/viewproduct.php?prodid=12915 ) I have also tried to contact the manufacturers of the Teak unit @ http://www.arinfotek.com/product.php?gid=1&pid=52 with no success. - -- Gavin Spurgeon. AKA Da Geek - -- "The happiest of people don't necessarily have the best of everything, they just make the most of everything that comes along their way.." -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzpRZ8ACgkQvp6arS3vDir4fwCfd/bOXDsCDeFWFfJOs3LB2tHP /psAnjpAqMNqUWLr0ijuSEUplaGjVn3w =Fioj -END PGP SIGNATURE- -- This message was scanned by DaGeek Spam Filter and is believed to be clean. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Teak 3035S as a pfSense Unit ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Daniel, > The Arbor units look nice > (http://www.arboraust.com/network-and-box-pcs/network-server) > but the NIC interfaces are in the back which is a bit of pain. > Forgot to mention, they can be purchased from Eltech Solutions > (www.eltech.co.uk). Was you able to get any price details for these units ? I have now tried 3 times to E-Mail Eltech with no responce from them. - -- Gavin Spurgeon. AKA Da Geek - -- "The happiest of people don't necessarily have the best of everything, they just make the most of everything that comes along their way.." -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzpSxoACgkQvp6arS3vDiq53wCfSrgWLP9ZgGVVRWcR2h6AoEWt LgwAn1J3qu+qbhWM87uVPVYVddfMJnVa =bxbg -END PGP SIGNATURE- -- This message was scanned by DaGeek Spam Filter and is believed to be clean. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] how to prevent spams
Only authorized users are allowed thru SMTP AUTH method. But I guess one of the remote systems infected with virus should be spamming using the mail credentials configured by authenticated user. Since the spam generated is huge in numbers, how do I detect in pfsense firewall for such an abnormal traffic and block that particular remote IP in gateway level itself. Can I set a limit on WAN port on incoming traffic from a particular IP address ? Or can I set a rule in such a way that the remote IP will be automatically blocked, in case it exceeds the pre-defined threshold in wan firewall rule ? When I trace my Mail server logs, it looks like the remote IP is spoofed and a bogus address. So blocking that address may not be effective. From: Evgeny Yurchenko [mailto:evg.yu...@rogers.com] Sent: Sunday, November 21, 2010 8:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] how to prevent spams On 10-11-21 02:58 AM, Guruprasad wrote: I am using PFSense firewall in my office. I have a windows based mail server in LAN and all the systems in LAN send mails thru the mailserver(icewarp merak mail server). There is no spam problem. But the moment I allow my branch office people to send/receive mails using my local mail server via my ISP allocated static IP ( this is configured in pfsense WAN), lots of spam/virus being relayed thru my mail server and I could see the same in my mail server Log. Since many roaming users/branch office people are connected to this mail server, how do I find out which remote client is compromised and sending this spams using my internal mail server as a relay host. Secondly is there any AV package for pfsense which can prevent smpt, pop, ftp, smb viruses apart from http ( I have installed clamAV) -guru I very hope you allow only authenticated clients to use your smtp-server to send e-mails, don't you? Evgeny
Re: [pfSense Support] LCD driver for TEAK 3035S
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hiya Grégory, On 10/11/2010 10:55, bsd wrote: > But how can It be detected if it hasn't got the right drivers ? > Aren't the drivers included in the package I have sent as an attachment ? > > Is only being able to communicate with this serial port enough ? Did you manage to get the LCD Panel on the Teak 3035S working with pfSense ? I would love to hear if you have had any more luck in getting it working ? - -- Gavin Spurgeon. AKA Da Geek - -- "The happiest of people don't necessarily have the best of everything, they just make the most of everything that comes along their way.." -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.12 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzpRjMACgkQvp6arS3vDirO2QCgop9cF6owF37avB8p84dY1nGV nwUAniSBC6Q+/t/EgXMDFF5VdWQimFIC =oUR4 -END PGP SIGNATURE- -- This message was scanned by DaGeek Spam Filter and is believed to be clean. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to prevent spams
On Sun, Nov 21, 2010 at 2:58 AM, Guruprasad wrote: > I am using PFSense firewall in my office. I have a windows based mail > server in LAN and all the systems in LAN send mails thru the > mailserver(icewarp merak mail server). There is no spam problem. > > But the moment I allow my branch office people to send/receive mails using > my local mail server via my ISP allocated static IP ( this is configured in > pfsense WAN), lots of spam/virus being relayed thru my mail server and I > could see the same in my mail server Log. > > Since many roaming users/branch office people are connected to this mail > server, how do I find out which remote client is compromised and sending > this spams using my internal mail server as a relay host. > Thank depends on your mail server. I would suggest that you ask this on a forum dedicated to the mail server you are using. - Y
Re: [pfSense Support] how to prevent spams
On 10-11-21 02:58 AM, Guruprasad wrote: I am using PFSense firewall in my office. I have a windows based mail server in LAN and all the systems in LAN send mails thru the mailserver(icewarp merak mail server). There is no spam problem. But the moment I allow my branch office people to send/receive mails using my local mail server via my ISP allocated static IP ( this is configured in pfsense WAN), lots of spam/virus being relayed thru my mail server and I could see the same in my mail server Log. Since many roaming users/branch office people are connected to this mail server, how do I find out which remote client is compromised and sending this spams using my internal mail server as a relay host. Secondly is there any AV package for pfsense which can prevent smpt, pop, ftp, smb viruses apart from http ( I have installed clamAV) -guru I very hope you allow only authenticated clients to use your smtp-server to send e-mails, don't you? Evgeny
Re: [pfSense Support] how to prevent spams
On 21 November 2010 07:58, Guruprasad wrote: > Since many roaming users/branch office people are connected to this mail > server, how do I find out which remote client is compromised and sending > this spams using my internal mail server as a relay host. For this you should look at the logs on you mail server. > Secondly is there any AV package for pfsense which can prevent smpt, pop, > ftp, smb viruses apart from http ( I have installed clamAV) I have never used it but you could check out the spamd package, maybe thats what your looking for? -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
Am 21.11.2010 03:01, schrieb Chris Buechler: > A broadcast domain is the layer 2 segregation of the network. If > you're not using VLANs, and have one switch, you have one broadcast > domain. The broadcast address is different, but those broadcasts all > go to every device. In the case of buggy phone firmware maybe they > don't listen to the broadcast address on other subnets, but they're > still receiving those broadcasts and still on the same broadcast > domain. > http://en.wikipedia.org/wiki/Broadcast_domain Ah, yes, that's right. Technically spoken, of course all ethernet packages that go through the wire will hit the NICs of the devices connected to the wire (that's L2). But the logic (= firmware, IP stack) of the device will only answer those broadcasts that belong to the L3 subnet the NIC is member of. In my case the problem is really the answering of the phones to the Windows broadcasts which results in a slow responiveness of the phone user interface. Regards Karsten -- Karsten Becker Head of Information Technology Ecologic Institute Berlin - Brussels - Vienna - Washington DC Pfalzburger Strasse 43/44 | 10717 Berlin | Germany Tel. +49 (30) 86880-0 | Fax +49 (30) 86880-100 http://www.ecologic.eu/ | http://www.ecologic-events.eu/ Ecologic Institute publishes a monthly newsletter. To subscribe, please register at: http://www.ecologic.eu/subscribe.htm - - - Ecologic Institut gemeinnuetzige GmbH GF/Director: R. Andreas Kraemer | AG Charlottenburg HRB 57947 | USt/VAT-IdNr. DE811963464 'Ecologic' is a Trade Mark (TM) of Ecologic Institut gemeinnuetzige GmbH, Berlin. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
