Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Thu, Jan 13, 2011 at 2:07 AM, Maik Heinelt m...@vegasystems.com wrote: On 2011/01/13 9:20, Chris Buechler wrote: On Wed, Jan 12, 2011 at 1:43 PM, Charles N Wyble char...@knownelement.com wrote: Same here. No PPPOE support. It works fine for the vast majority, there are some edge cases that don't work and we don't know why yet at this point. Send logs, it doesn't work isn't helpful. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. I just would like to make it working! How about that idea? Maik That can be helpful too. Please provide the setup and details to me privately so i can give a look. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] NUT pfsense package rewrite
On Wed, Jan 12, 2011 at 7:52 PM, Grant Joy grant@a-1networks.com wrote: Hello, I am rewriting the pfsense NUT package to work with multiple UPSs. Everything is working, except deleting UPSs. I am using pkg.php and the adddeleteeditpagefields XML tag to create the list of UPSs. What I really need is for a PHP function to run when the remove button is clicked (one of my functions defined in nut.inc.) Is there a way to call a function (like the custom_php functions) on delete? Am I going to be better off rewriting nut.xml as a /web file? Thank you, Grant Joy A-1 Networks Send the code to have an answer otherwise nobody can help you. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Not able to add virtual carp ip on different subnet
My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
On Thu, Jan 13, 2011 at 12:29 PM, Shibashish shi...@gmail.com wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. Whats your netmask for your WAN? -- .warren
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
xx.xx.87.40/29 ShiB. while ( ! ( succeed = try() ) ); On Thu, Jan 13, 2011 at 4:06 PM, Warren Baker war...@decoy.co.za wrote: On Thu, Jan 13, 2011 at 12:29 PM, Shibashish shi...@gmail.com wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. Whats your netmask for your WAN? -- .warren
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
My ISP has given xx.xx.93.192/27 (32 IPs – 30 Usable IPs excluding Network Broadcast) ShiB. while ( ! ( succeed = try() ) ); On Thu, Jan 13, 2011 at 4:07 PM, Shibashish shi...@gmail.com wrote: xx.xx.87.40/29 ShiB. while ( ! ( succeed = try() ) ); On Thu, Jan 13, 2011 at 4:06 PM, Warren Baker war...@decoy.co.za wrote: On Thu, Jan 13, 2011 at 12:29 PM, Shibashish shi...@gmail.com wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. Whats your netmask for your WAN? -- .warren
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
On 1/13/2011 5:29 AM, Shibashish wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. CARP VIPs have to be in the same subnet as an existing IP address on the interface. On 1.2.x, this means it must be in the same subnet as the WAN IP. On 2.0 you can also add an IP alias VIP inside of the same subnet as x.x.93.193/27 and then you can add a CARP VIP for x.x.93.193/27 If this is part of a CARP cluster, each unit will need a separate IP alias inside of that subnet (the same way they each need an IP in the WAN subnet). If it's a standalone unit you may as well use an IP alias in place of a CARP VIP. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
Thanks for explaining. I wanted to use haproxy and this was not starting. The reason as someone suggested is that the VIP must be a CARP ip. http://forum.pfsense.org/index.php?topic=21748.0 http://forum.pfsense.org/index.php?topic=21748.0I'm on 1.2.3-RELEASE. ShiB. while ( ! ( succeed = try() ) ); On Thu, Jan 13, 2011 at 6:38 PM, Jim Pingle li...@pingle.org wrote: On 1/13/2011 5:29 AM, Shibashish wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. CARP VIPs have to be in the same subnet as an existing IP address on the interface. On 1.2.x, this means it must be in the same subnet as the WAN IP. On 2.0 you can also add an IP alias VIP inside of the same subnet as x.x.93.193/27 and then you can add a CARP VIP for x.x.93.193/27 If this is part of a CARP cluster, each unit will need a separate IP alias inside of that subnet (the same way they each need an IP in the WAN subnet). If it's a standalone unit you may as well use an IP alias in place of a CARP VIP. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Not able to add virtual carp ip on different subnet
On 1/13/2011 8:15 AM, Shibashish wrote: [please don't top post] On Thu, Jan 13, 2011 at 6:38 PM, Jim Pingle li...@pingle.org mailto:li...@pingle.org wrote: On 1/13/2011 5:29 AM, Shibashish wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. CARP VIPs have to be in the same subnet as an existing IP address on the interface. On 1.2.x, this means it must be in the same subnet as the WAN IP. On 2.0 you can also add an IP alias VIP inside of the same subnet as x.x.93.193/27 and then you can add a CARP VIP for x.x.93.193/27 If this is part of a CARP cluster, each unit will need a separate IP alias inside of that subnet (the same way they each need an IP in the WAN subnet). If it's a standalone unit you may as well use an IP alias in place of a CARP VIP. Thanks for explaining. I wanted to use haproxy and this was not starting. The reason as someone suggested is that the VIP must be a CARP ip. http://forum.pfsense.org/index.php?topic=21748.0 http://forum.pfsense.org/index.php?topic=21748.0I'm on 1.2.3-RELEASE. Then you can't use it with a CARP VIP on WAN there. You'd need an IP inside of your WAN subnet. You could try a 2.0 beta snapshot and see if it works for you. Though you could hack an IP alias into the config on 1.2.3 using a shellexec, it doesn't show up for use elsewhere in the GUI so it doesn't gain you anything here. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to set USB Wi-fi dongle as client to connect to another Wireless router?
On Wed, Jan 12, 2011 at 5:17 PM, Bruce B bruceb...@gmail.com wrote: Hi Everyone, Good news for me that a Cisco/Linksys USB dongle WUSB54GC V3 was detected within seconds of connecting to pfSense 2.0 Alix board. However, having loaded pfSense 2.0 just today, I am not sure where to turn for some documentation. First of all, the interface allowed me to add a run0 which is pointing to Wireless dongle I believe, and then there is a Wireless tab in Interfaces tab which is confusing and I was able to add run0 there again. I have done that but now I am stuck as to how to do a search for the network available around me. Is there a network scan available? Or do I have to put the values for SSID and security types somewhere in the settings? I do see the Ad-hoc, Infrastructure, and Access Point mode but I am not sure what they mean in pfSense context. The same as they mean in any context. Ignore the Wireless tab under Interfacesassign for this usage, everything else is identical to 1.2.3. There is various information here: http://doc.pfsense.org/index.php/Category:Wireless and if you search the list and forum. Best info is in the book. http://pfsense.org/book basically just assign it, go to that interface, enable it, select infrastructure, fill in the info for your network. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On Wed, Jan 12, 2011 at 8:07 PM, Maik Heinelt m...@vegasystems.com wrote: Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. That would be ideal, was going to ask for that but generally you can't get Internet access to a box that can't connect to the Internet. :) If you have another means of getting it on the Internet, that'd be great. Contact Ermal off list with info. Alternatively, for others who can't provide such access, getting a pcap of the PPPoE attempts would be helpful, the logs aren't showing much in this case. Running: tcpdump -i xx0 -s 0 -w /tmp/pppoe.pcap where xx0 is your physical WAN interface (em0, re0, whatever it may be). Let that run for a few minutes and hit ctrl-c to break out, then go to DiagnosticsCommand and paste /tmp/pppoe.pcap in the file download box, and email that file to me and/or Ermal off list. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Not able to add virtual carp ip on different subnet
-Original Message- From: Jim Pingle [mailto:li...@pingle.org] Sent: Thursday, January 13, 2011 5:42 AM To: support@pfsense.com Subject: Re: [pfSense Support] Not able to add virtual carp ip on different subnet On 1/13/2011 8:15 AM, Shibashish wrote: [please don't top post] On Thu, Jan 13, 2011 at 6:38 PM, Jim Pingle li...@pingle.org mailto:li...@pingle.org wrote: On 1/13/2011 5:29 AM, Shibashish wrote: My WAN ip is xx.xx.87.44 I am trying to add a Virtual IP CARP as xx.xx.93.193, but i am not able to. Sorry, we could not locate an interface with a matching subnet for xx.xx.93.193/27. Please add an ip in this subnet on a real interface. I want the carp ip to be used for haproxy without which haproxy doesnt start. How do i add this? Thanks. CARP VIPs have to be in the same subnet as an existing IP address on the interface. On 1.2.x, this means it must be in the same subnet as the WAN IP. On 2.0 you can also add an IP alias VIP inside of the same subnet as x.x.93.193/27 and then you can add a CARP VIP for x.x.93.193/27 If this is part of a CARP cluster, each unit will need a separate IP alias inside of that subnet (the same way they each need an IP in the WAN subnet). If it's a standalone unit you may as well use an IP alias in place of a CARP VIP. Thanks for explaining. I wanted to use haproxy and this was not starting. The reason as someone suggested is that the VIP must be a CARP ip. http://forum.pfsense.org/index.php?topic=21748.0 http://forum.pfsense.org/index.php?topic=21748.0I'm on 1.2.3-RELEASE. Then you can't use it with a CARP VIP on WAN there. You'd need an IP inside of your WAN subnet. You could try a 2.0 beta snapshot and see if it works for you. Though you could hack an IP alias into the config on 1.2.3 using a shellexec, it doesn't show up for use elsewhere in the GUI so it doesn't gain you anything here. Jim Here is a PDF of what Jim is talking about. I use this for my CARP VIPs, works fine without issues. http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf Thanks, Chase Bolt - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Blank RRD traffic graphs with VLANs in router mode
On 1/12/2011 2:57 AM, Seth Mos wrote: Op 11-1-2011 18:00, Lan Tran schreef: ello, I'm running version 2.0-BETA5 (amd64) built on Fri Jan 7 02:54:00 EST 2011 and builtin RRD traffic graphs are blank when pfSense is acting as a router (Disable all packet filtering option is checked). The graphs work fine when I run it as firewall. I need to be able to get traffic (bandwidth usage) stats on the VLANs with pfSense acting as a router. WAN port is assigned with a static ip and untagged. VLANS port is trunked and connected to Cisco switch. Please let me know if more info is needed. TIA. We started using the pf counters for the traffic statistics because they are 64bit and do not wrap as easily as the OS counters do. Regards, Seth Seth, Thanks for the response. Is there a package that can do what I want? LT - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] autorollback?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL1xkAAoJEMvvG/TyLEAtvLMP/REFq++C3Wvzq1ANdJC9uGjN WqacjBMSvaESr1NpP6h9BSWdaOTcBOvfjh+bCNkItHWsVJhAc+IC7voZTWpd4W9G IM9l6cuEeNmB87IusV1ik4GUmTVbc6s+rOLu+xGMJk1LJlaNlaJbtcdfEEywMGxQ 1vfCecgPG/863UP6h3/RKZsfBC7996M78h4EXnkV+sLz3o9/sfh2GP3ykixWYYI7 +OMGZOJf6RhGtUxeSHqj9XfiTaTbvFf/usMvrnDjE8mDQJPtkVI1eLnz+r2QX8Cq +d7E+yJiCYuI4Sm2FltMRCPcUITXjnlcdmT+jWKKJhffNb64mbAn8gEu2zO1RubD JAOr6iK64fdBiL9vw3GnlfT+9tw043lNXgn2uMMaAOXWEHKKU+kwo738WVBCTHzv /iUw/6X08o45Dci55k0iyruNUsfOW86hOoZCZ23buWPimHprTcWMiTgMCBWzdzb1 8IgWv//eaOr4SENhUq7HTHDgQsxrEGBJ6Cl8fMP3oArHgCoxs3Y92eUvft4+PBtH morfUCLnlM1mw78ql/HGh+XWMdc3tuFDkg/+IAuXSutpYIMlVKJsNaN6a+dc/f9E ftg9nJwotMPd1w0U7RBitjyrSI6+TSb7DlPZLpWiDH+Vn7nayFyPZ+f6XzoMg9kw qdtbjippuYfoYpSADd3Z =zZPN -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL1xkAAoJEMvvG/TyLEAtvLMP/REFq++C3Wvzq1ANdJC9uGjN WqacjBMSvaESr1NpP6h9BSWdaOTcBOvfjh+bCNkItHWsVJhAc+IC7voZTWpd4W9G IM9l6cuEeNmB87IusV1ik4GUmTVbc6s+rOLu+xGMJk1LJlaNlaJbtcdfEEywMGxQ 1vfCecgPG/863UP6h3/RKZsfBC7996M78h4EXnkV+sLz3o9/sfh2GP3ykixWYYI7 +OMGZOJf6RhGtUxeSHqj9XfiTaTbvFf/usMvrnDjE8mDQJPtkVI1eLnz+r2QX8Cq +d7E+yJiCYuI4Sm2FltMRCPcUITXjnlcdmT+jWKKJhffNb64mbAn8gEu2zO1RubD JAOr6iK64fdBiL9vw3GnlfT+9tw043lNXgn2uMMaAOXWEHKKU+kwo738WVBCTHzv /iUw/6X08o45Dci55k0iyruNUsfOW86hOoZCZ23buWPimHprTcWMiTgMCBWzdzb1 8IgWv//eaOr4SENhUq7HTHDgQsxrEGBJ6Cl8fMP3oArHgCoxs3Y92eUvft4+PBtH morfUCLnlM1mw78ql/HGh+XWMdc3tuFDkg/+IAuXSutpYIMlVKJsNaN6a+dc/f9E ftg9nJwotMPd1w0U7RBitjyrSI6+TSb7DlPZLpWiDH+Vn7nayFyPZ+f6XzoMg9kw qdtbjippuYfoYpSADd3Z =zZPN -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. You can always just go to Diagnostics Backup/Restore on the config history tab and go back to any of the last 25 or so configs. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, 13 Jan 2011, Jim Pingle wrote: On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Cheers, -- Cristian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 3:55 PM, Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com wrote: On Thu, 13 Jan 2011, Jim Pingle wrote: On 1/13/2011 3:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Because they aren't applied until you click that, but are saved to the config. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. On 01/13/2011 12:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL2fSAAoJEMvvG/TyLEAtTJwQAL4BVGNo24abXG+XQfekeX6q pV28fEapTxkUELhrWTQzc+/vIUxF40uf6J/tmD/X4jS+zZUzcKouhn4CwkOAsGKq 50qkyv0ktROBP8wRginIMGU/XhgOc7/GuAZGqOItB4A56OYb8rqV0xLJAIMNJ9gc kE7aTx6SqAdtR594P3YRAqbspJ9/7HGcyYoeicc3/TuA/DVjZDoSGVd3zhkRmbwO 706j3fwkVzTBDDEieEABs8W/uFydFsgeeXuFQkprFIz0IHyMoz9fwwKd9lgsi7yI bAMMuLfV3rO7i7J/vDz+kXGUkaVrAviKicHAk/JXkD2KCxeIzeqpJpziyYunhr/Q byUltKtsTzm+pIZCFQCr9DGDxQrmAgMqvmk7K3ZzmZwifZJXu0lHFsQZwbTf+g2g 6G5iTbMh++ZRJvp2Y4uKZEGWb0owkfpVPat3lhajvQu/2Eusp4vcHkYKverjBhJn GGA6oTlkqrxVDFQiuOFst4H9N1+xgNH7NdEfYnqHjl3Q92sq5EcS3Z4Dqm8XIq1f fkXKoV383u1ZhpKosWfC4naTV+FXymQgd4Elmv6czc315zvQbbouO8JUsFqDSizH nHv/yvmSGBM6QM2Kn2lpipGtCHFETN9J24Aua9qocvrNoTbQk25FdB3meNAyy2jN PN+iHbw+q57jQ+PoyXGj =01Yv -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
would be easy, before applying changes make a local xml backup, and add an option to revert back to previous XML On 11-01-13 04:00 PM, Charles N Wyble wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. On 01/13/2011 12:26 PM, Francois-Alexandre St-Onge Aubut wrote: dont apply changes? On 11-01-13 03:11 PM, Charles N Wyble wrote: Does pfsense have a feature like cisco/juniper where if you don't confirm the change it rolls it back? How difficult would something like this be to implement? Any estimates of the developer time/cost to implement it? -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - -- Charles N Wyble (char...@knownelement.com) Systems craftsman for the stars http://www.knownelement.com Mobile: 626 539 4344 Office: 310 929 8793 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNL2fSAAoJEMvvG/TyLEAtTJwQAL4BVGNo24abXG+XQfekeX6q pV28fEapTxkUELhrWTQzc+/vIUxF40uf6J/tmD/X4jS+zZUzcKouhn4CwkOAsGKq 50qkyv0ktROBP8wRginIMGU/XhgOc7/GuAZGqOItB4A56OYb8rqV0xLJAIMNJ9gc kE7aTx6SqAdtR594P3YRAqbspJ9/7HGcyYoeicc3/TuA/DVjZDoSGVd3zhkRmbwO 706j3fwkVzTBDDEieEABs8W/uFydFsgeeXuFQkprFIz0IHyMoz9fwwKd9lgsi7yI bAMMuLfV3rO7i7J/vDz+kXGUkaVrAviKicHAk/JXkD2KCxeIzeqpJpziyYunhr/Q byUltKtsTzm+pIZCFQCr9DGDxQrmAgMqvmk7K3ZzmZwifZJXu0lHFsQZwbTf+g2g 6G5iTbMh++ZRJvp2Y4uKZEGWb0owkfpVPat3lhajvQu/2Eusp4vcHkYKverjBhJn GGA6oTlkqrxVDFQiuOFst4H9N1+xgNH7NdEfYnqHjl3Q92sq5EcS3Z4Dqm8XIq1f fkXKoV383u1ZhpKosWfC4naTV+FXymQgd4Elmv6czc315zvQbbouO8JUsFqDSizH nHv/yvmSGBM6QM2Kn2lpipGtCHFETN9J24Aua9qocvrNoTbQk25FdB3meNAyy2jN PN+iHbw+q57jQ+PoyXGj =01Yv -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, 13 Jan 2011, Chris Buechler wrote: On Thu, Jan 13, 2011 at 3:55 PM, Cristian Ionescu-Idbohrn cristian.ionescu-idbo...@axis.com wrote: On Thu, 13 Jan 2011, Jim Pingle wrote: Even if you don't apply changes, the config has still been saved. So, what's the point with an apply changes then? Because they aren't applied until you click that, but are saved to the config. Shouldn't that be: apply changes, activate changes, and if that succeeds save config? Don't apply changes, keep everything unchanged? Cheers, -- Cristian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
Although I never found myself in a situation where I need to have an auto-revert, I can see how this will be useful for some. Or for myself, someday. Rgds, On 2011-01-14, David Burgess apt@gmail.com wrote: On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
-Original Message- From: Pandu Poluan [mailto:pa...@poluan.info] Sent: Thursday, January 13, 2011 2:36 PM To: support@pfsense.com Subject: Re: [pfSense Support] autorollback? Although I never found myself in a situation where I need to have an auto-revert, I can see how this will be useful for some. Or for myself, someday. Rgds, On 2011-01-14, David Burgess apt@gmail.com wrote: On Thu, Jan 13, 2011 at 2:00 PM, Charles N Wyble char...@knownelement.com wrote: Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. Ubiquiti's AirOS 5 has a change button which updates the config file but doesn't apply it. Pressing it also causes three buttons to appear on the page, Test, Apply and Cancel. If you hit the test button it applies your changes then posts a countdown from 180 seconds and the 3 previous buttons are replaced by 2 new, Apply and Revert. This feature has saved me many walks in the snow, and I can see how it could be useful in pfsense. AirOS is open, so I imagine the code could be borrowed if it proves useful/portable to a dev. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- -- Pandu E Poluan - IT Optimizer My website: http://pandu.poluan.info/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I am also for this change. Never know when you may need it, but is a great fail safe. Thanks, Chase Bolt - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. I know exactly what you mean and on RHEL systems I am doing iptables changes remotely with, I always `echo orig_script.sh |at now +10 minutes` then make changes and if I am happy I atrm the job. If I overlooked or fat fingered something, I just have to wait... So how does one do a restore from the cli in pfSense? You could accomplish the something... jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 2.0 BETA5 Can't get PPPoE working!
On 2011/01/14 2:50, Chris Buechler wrote: On Wed, Jan 12, 2011 at 8:07 PM, Maik Heineltm...@vegasystems.com wrote: Well, if I can help We have a PPPoE line for developing tests. I could setup a pfsense 2.0 Beta5 box and make you ssh login to it. Then you, or other pfsense developer can debug it. That would be ideal, was going to ask for that but generally you can't get Internet access to a box that can't connect to the Internet. :) If you have another means of getting it on the Internet, that'd be great. Contact Ermal off list with info. Alternatively, for others who can't provide such access, getting a pcap of the PPPoE attempts would be helpful, the logs aren't showing much in this case. Running: tcpdump -i xx0 -s 0 -w /tmp/pppoe.pcap where xx0 is your physical WAN interface (em0, re0, whatever it may be). Let that run for a few minutes and hit ctrl-c to break out, then go to DiagnosticsCommand and paste /tmp/pppoe.pcap in the file download box, and email that file to me and/or Ermal off list. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Chris, I will prepare a pfsense box, today and if you would like to debug it, I would appreciate it. We have more than one Internet lines, here, so I'm able to share the box one one Internet connection via SSH and connect it to our spare one. But I would like to be in the office, while you are on that machine. Just to be sure, weird things are going on, there! ;) If you are interest, I will send you the connecting data on your personal email account. Maik attachment: maik.vcf- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 6:13 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: The feature on cisco/juniper is a two phase application process. Phase one applies the configuration. Phase two rolls it back if you don't confirm it. So if you did something that blocked you out of the device for example, it would auto roll back. I miss this feature on pfsense. It's on Juniper and Cisco devices and would be useful on pfsense. I know exactly what you mean and on RHEL systems I am doing iptables changes remotely with, I always `echo orig_script.sh |at now +10 minutes` then make changes and if I am happy I atrm the job. If I overlooked or fat fingered something, I just have to wait... So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] autorollback?
So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. Chris, That's simple enough. So utilizing what comes stock, would you suggest a cron job be the best thing to use for this if you are worried about losing your shell? Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] autorollback?
On Thu, Jan 13, 2011 at 10:46 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: So how does one do a restore from the cli in pfSense? cd /cf/conf/backup cp config-xxx.xml ../config.xml reboot replacing config-.xml with whichever one you want. Chris, That's simple enough. So utilizing what comes stock, would you suggest a cron job be the best thing to use for this if you are worried about losing your shell? Yeah you could do that and accomplish the same thing, kind of ugly though it would work. Would be nice to have another option in the future. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Multi WAN
Dear all, I have 2 WAN ( Static and another PPPOE )connections and a LAN connection i added PPPOE as WAN and static as OPT1 two connections are active and i added a firewall rule for OPT1 allow all to all then i check the connectivity of OPT1, i can ping to OPT1 from out side but cant ping from OPT1 to anywhere, any idea??/ -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Multi WAN
On Thu, Jan 13, 2011 at 10:29 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear all, I have 2 WAN ( Static and another PPPOE )connections and a LAN connection i added PPPOE as WAN and static as OPT1 two connections are active and i added a firewall rule for OPT1 allow all to all then i check the connectivity of OPT1, i can ping to OPT1 from out side but cant ping from OPT1 to anywhere, any idea??/ You said OPT1 is a WAN with static IP, so I assume you configured it with a gateway. If you didn't turn off automatic outbound NAT then OPT1 will not accept any LAN-destined traffic unless you define port forward rules. Alternately, you could turn off AON if your LAN is in public IP address space (or if one of your WANs is). db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi WAN
On Fri, Jan 14, 2011 at 1:12 AM, Shali K.R. sh...@vidyaacademy.ac.in wrote: OPT1 as wan (public IP and gateway ) i can ping from out side.first i need to configure the connection right? then NAT ing and all these... i cant make any ping from GUI choosing OPT1 as interface Read the page - Note: Multi-wan is not supported from this utility currently. Setup your rules to send some traffic out of it to test. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi WAN
Dear sir, How can i create rule for out going? i already created all allow rule for OPT1 in firewal- Rules On Fri, Jan 14, 2011 at 11:46 AM, Chris Buechler cbuech...@gmail.comwrote: On Fri, Jan 14, 2011 at 1:12 AM, Shali K.R. sh...@vidyaacademy.ac.in wrote: OPT1 as wan (public IP and gateway ) i can ping from out side.first i need to configure the connection right? then NAT ing and all these... i cant make any ping from GUI choosing OPT1 as interface Read the page - Note: Multi-wan is not supported from this utility currently. Setup your rules to send some traffic out of it to test. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks Regards Shali K R Server Administrator Vidya Academy of Science Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Multi WAN
On Thu, Jan 13, 2011 at 11:30 PM, Shali K.R. sh...@vidyaacademy.ac.in wrote: Dear sir, How can i create rule for out going? i already created all allow rule for OPT1 in firewal- Rules When you create a firewall rule on an interface, that rule will govern only packets arriving on that interface, not leaving it. So by creating a rule on OPT1 to allow all, you are allowing all internet traffic to enter your network--generally not a good idea from a security standpoint, however without any port forward rules defined you have not yet exposed any LAN hosts, only pfsense itself (ie, any services listening there, such as web UI, ssh, DNS). If you want LAN traffic to be able to connect to external hosts via OPT1 then you need to create LAN rules, wherein you may define the WAN interface/gateway that matching traffic will use. I suggest you read up on this document and then come back with specific questions you may have. http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing Enjoy. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org