Re: [pfSense Support] IP Routing
Hi, The way I understood it, you are trying to redirect INTERNAL computers that try to access 74.125.224.214 to your server but allow your server access to that IP. There is no easy way to do this in 1.2.x. However, in 2.0, you should be able to do this with Port Forwarding. Try a Port Forward Rule similar to the following: - Interface: LAN - Source: NOT - Dest: 74.125.224.214 - Dest. Port Range: an alias that contains 80 and 443 - Redirect Target IP: - Redirect Target Port: Same alias as above Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 On Thu, Mar 10, 2011 at 8:44 PM, Anthony Saenz wrote: > Hi, > > I'm new to pfsense and so far haven't found a way to do the following: > > I'm trying to route traffic on ports 80/443 going to a "public" IP (in this > case let's say 74.125.224.214) to a box we have internally here in the > office but if that box itself tries to hit the IP, allow it to pass through > to the intended destination. Is this at all possible or is there another > medium that would allow me to do this? > > Thanks! > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense Support] IP Routing
On Thu, Mar 10, 2011 at 8:44 PM, Anthony Saenz wrote: > Hi, > > I'm new to pfsense and so far haven't found a way to do the following: > > I'm trying to route traffic on ports 80/443 going to a "public" IP (in this > case let's say 74.125.224.214) to a box we have internally here in the > office but if that box itself tries to hit the IP, allow it to pass through > to the intended destination. Is this at all possible or is there another > medium that would allow me to do this? It sounds like what you want is called NAT reflection. However it's only available on pfSense 2.x. There are alternative options though. If you just need the server itself to access the website you're serving why use the external IP address to do that. You can use the host file to point it to itself. If you need the rest of the internal hosts to be able to access the website by dns name you can also use split dns which gives the hosts the internal IP address for the resource rather than the external IP address. -- David
[pfSense Support] NAT hairpinning
I have a pair of 1.2.3 boxes and I'm having some issues that have manifested themselves as an inability to send emails with attachments depending on the IP of the mail server the message is being sent to. Setup: Host A is on interface LAN. Host A is supposed to get NAT translated once it leaves interface LAN. Mail Server has interfaces on both LAN and APP networks. Mail Server delivers mail for two domains, foo.com and bar.com. Host A resolves mail.foo.com to an IP on the LAN side. Host A resolves mail.bar.com to an IP on the APP side. Scenario 1: - Host A sends an email via mail.foo.com, pfSense sees nothing, as expected, because Host A and the SMTP server are on the same subnet. - Everything works fine. Scenario 2: - Host A sends an email with no attachment via mail.bar.com, pfSense receives the packet, forwards it to APP side of Mail Server. - Mail Server netstat shows the destination IP of the SMTP connection to be the APP IP as expected. - Mail Server netstat shows the source IP of the SMTP connection is from Host A's LAN IP instead of the outbound NAT IP. - Everything works fine. Scenario 3: - Host A sends an email with any size attachment via mail.bar.com, pfSense receives the packet, forwards it to APP side of Mail Server. - Mail Server netstat shows the destination IP of the SMTP connection to be the APP IP as expected. - Mail Server netstat shows the source IP of the SMTP connection is from Host A's LAN IP instead of the outbound NAT IP. - Message transmission times out. Exim has no knowledge of the transaction so nothing shows up in maillog. I have a feeling this has something to do with the asymmetric nature of the traffic when Host A tries to send mail to mail.bar.com because it's got an IP in APP and LAN. I've scoured the NAT config, created a manual NAT entry on the LAN interface hoping to translate everything as it leaves the LAN interface, I've also toggled the Nat Reflection checkbox in the System Configuration. Nothing seems to make a difference - I can't get mail.bar.com to see the NAT IP. The really strange thing is that this this all works fine if no attachment is sent in the email (scenario 2). Any ideas? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
On 3/10/11 1:07 PM, Chris Buechler wrote: On Thursday, March 10, 2011, Mehma Sarja wrote: On 3/10/11 11:33 AM, Chris Buechler wrote: Based on your screenshot, that has no relevance. The screenshot shows you're booting from CD, likely a USB CD drive, which is slow initializing and you need to pick the "boot from USB" option at the first boot menu. To be clear: When I boot off a live pf123 cd, the install happens smoothly. When I stick a pf RC1 cd in, the install gets stuck at the screenshot. To me, that has relevance and I believe the system is mis-naming the hard drive and not seeing it. BIOS sees it. No, the mount root of the CD is failing, that has nothing to do with the hard drive. Use the option I noted and it will work. Chris et all, I stand corrected and grateful - that worked! Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] IP Routing
Hi, I'm new to pfsense and so far haven't found a way to do the following: I'm trying to route traffic on ports 80/443 going to a "public" IP (in this case let's say 74.125.224.214) to a box we have internally here in the office but if that box itself tries to hit the IP, allow it to pass through to the intended destination. Is this at all possible or is there another medium that would allow me to do this? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
On Thursday, March 10, 2011, Mehma Sarja wrote: > On 3/10/11 11:33 AM, Chris Buechler wrote: > > Based on your screenshot, that has no relevance. The screenshot shows > you're booting from CD, likely a USB CD drive, which is slow > initializing and you need to pick the "boot from USB" option at the > first boot menu. > > To be clear: When I boot off a live pf123 cd, the install happens smoothly. > When I stick a pf RC1 cd in, the install gets stuck at the screenshot. To me, > that has relevance and I believe the system is mis-naming the hard drive and > not seeing it. BIOS sees it. > No, the mount root of the CD is failing, that has nothing to do with the hard drive. Use the option I noted and it will work. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
On Thu, Mar 10, 2011 at 12:12 PM, Mehma Sarja wrote: > On 3/10/11 11:33 AM, Chris Buechler wrote: >> Based on your screenshot, that has no relevance. The screenshot shows >> you're booting from CD, likely a USB CD drive, which is slow >> initializing and you need to pick the "boot from USB" option at the >> first boot menu. > > To be clear: When I boot off a live pf123 cd, the install happens smoothly. > When I stick a pf RC1 cd in, the install gets stuck at the screenshot. To > me, that has relevance and I believe the system is mis-naming the hard drive > and not seeing it. BIOS sees it. > > BEFORE > Before finding the possible cause, I've tried multiple permutations of disk > drives, 32 and 64 bit versions of pf RC1 and two upgrade paths - > unsuccessfully. There is something either in the new pf install process or > this particular hardware that is not right. Since I am not hearing much > noise on the message boards, I believe it to be a hardware issue. > Specifically, the issue may be that system is referring to a hard drive > incorrectly. Hence the FreeBSD message board link in the previous message. > > SOMETHING CHANGED > Oddly, last night a fresh 32 bit pf 123 install followed by an upgrade went > smoothly. I just want to know what went wrong. FWIW, I run RC1-RC4 on a Supermicro X7SPA-H. It suffers from the USB mount problem, but running from a SATA HDD or SDD works fine. USB boot can be fixed by adding a delay to the config file. See http://redmine.pfsense.org/issues/495 Regards, -Jeppe - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
On 3/10/11 11:33 AM, Chris Buechler wrote: Based on your screenshot, that has no relevance. The screenshot shows you're booting from CD, likely a USB CD drive, which is slow initializing and you need to pick the "boot from USB" option at the first boot menu. To be clear: When I boot off a live pf123 cd, the install happens smoothly. When I stick a pf RC1 cd in, the install gets stuck at the screenshot. To me, that has relevance and I believe the system is mis-naming the hard drive and not seeing it. BIOS sees it. BEFORE Before finding the possible cause, I've tried multiple permutations of disk drives, 32 and 64 bit versions of pf RC1 and two upgrade paths - unsuccessfully. There is something either in the new pf install process or this particular hardware that is not right. Since I am not hearing much noise on the message boards, I believe it to be a hardware issue. Specifically, the issue may be that system is referring to a hard drive incorrectly. Hence the FreeBSD message board link in the previous message. SOMETHING CHANGED Oddly, last night a fresh 32 bit pf 123 install followed by an upgrade went smoothly. I just want to know what went wrong. Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
I have issue with the same board with centos and ubuntu! On 11-03-10 02:33 PM, Chris Buechler wrote: On Thu, Mar 10, 2011 at 12:14 AM, Mehma Sarja wrote: The - Motherboard is "Super X7SPA-HF" I switched the TORQX SSD with a regular drive - they both get stuck at the same point, see screenshot. "Root mount" fails is a "panic" Here is a link to what I think is the cause: http://forums.freebsd.org/showthread.php?t=17331 Based on your screenshot, that has no relevance. The screenshot shows you're booting from CD, likely a USB CD drive, which is slow initializing and you need to pick the "boot from USB" option at the first boot menu. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FreeBSD Lost Track of Drive During Upgrade [WAS: Re: pfSense Support] Re: List Posting Etiquette [WAS: Re: [pfSense Support] Re: Intel Gigabit - em0: Watchdog Timeout]
On Thu, Mar 10, 2011 at 12:14 AM, Mehma Sarja wrote: > > The - Motherboard is "Super X7SPA-HF" I switched the TORQX SSD with a > regular drive - they both get stuck at the same point, see screenshot. "Root > mount" fails is a "panic" Here is a link to what I think is the cause: > http://forums.freebsd.org/showthread.php?t=17331 > Based on your screenshot, that has no relevance. The screenshot shows you're booting from CD, likely a USB CD drive, which is slow initializing and you need to pick the "boot from USB" option at the first boot menu. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] RRD quits collecting
From: Jeppe Øland [mailto:jol...@gmail.com] Sent: Wednesday, March 09, 2011 6:22 PM To: support@pfsense.com Cc: Seth Mos Subject: Re: [pfSense Support] RRD quits collecting On Wed, Mar 9, 2011 at 2:55 PM, Seth Mos wrote: > Op 9 mrt 2011, om 23:51 heeft David Burgess het volgende geschreven: >> On Wed, Mar 9, 2011 at 3:49 PM, k_o_l wrote: >>> Since I installed 2.0-RC1 last Friday I’ve noticed RRD at least on two >>> different occasion stopped collecting data see attached. >> >> http://forum.pfsense.org/index.php/topic,33154.0.html > > I wish it made sense really, somehow processes are getting stuck with no > apparent visible clue as to the cause. > Most notably top which I use for gathering the CPU stats and sometimes > rrdtool waiting for a lock on a rrd. > We've been using this approach for the better part of 3 years and why it's > stopped working now as it is astounds me. I've seen it on 1.2 based distros as well. Or rather, I've seen RRD problems (like NaNs in the DB) caused by multiple updaterrd's running. Can't the script check if it's already running, and exit without doing anything if it is? Regards, -Jeppe -Original Message- I don't have duplicate processes running, but I did notice it only happens after I apply changes - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
