Re: [pfSense Support] Firewall service as a business?

2011-03-24 Thread Neonicacid 
IIRC you are able to charge whatever you feel is appropriate for the
software.

On Thu, Mar 24, 2011 at 11:02 PM, Mehma Sarja  wrote:

> Does anyone offer pfsense firewall as a service? If so, what are the
> charges and details? I am thinking for a 5 person Law office or 7 person
> doctor's office.
>
> Mehma
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

[pfSense Support] Firewall service as a business?

2011-03-24 Thread Mehma Sarja 
Does anyone offer pfsense firewall as a service? If so, what are the 
charges and details? I am thinking for a 5 person Law office or 7 person 
doctor's office.


Mehma

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] RE: Release all unused DHCP leases.

2011-03-24 Thread Chris Buechler 
On Wed, Mar 23, 2011 at 2:18 PM, Adam Thompson  wrote:
> Offline leases in the pfSense interface are, I believe, merely a visual
> guide to show you who last got that IP address.  The “offline” part is what
> I’m not 100% sure about – if it just means the expiry date is past, or if
> the lease has been released, or if the device isn’t responding to ARP… dunno
> about that part.

"Offline" in that context means that IP is not currently active in the
firewall's ARP table, which means it hasn't accessed the Internet or
anything else triggering ARP on the firewall in over 20 minutes.

Short of waiting the lease time, or removing the entire lease database
or removing individual entries from it, there isn't really a way to
delete unexpired leases.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

[pfSense Support] dnsmasq and --listen-address

2011-03-24 Thread Douglas K . Rand 
In pfSense 2.0 RC1 you can't run tinydns and the DNS forwarder
(dnsmasq) at the same time. The suggest configuration seems to be run
tinydns listening on 127.0.0.1:53 and create a NAT rule to forward DNS
requests on the external interface to 127.0.0.1:53 and configure
dnsmasq to override a specific domain and send the requests to
127.0.0.1.

I found a similar problem at http://forum.pfsense.org/index.php?topic=25897.0

The trouble is that that solution didn't work for me. Specifying
--except-interface=lo0 didn't work.

 What I ended up doing is adding
'--listen-address={$config['interfaces']['lan']['ipaddr']}' to line
697 of /etc/inc/services.inc.

Perhaps the "right" solution is to have a knob for where dnsmask
should listen? 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] can't block https://facebook.com via firefox

2011-03-24 Thread Adam Piasecki 

On 3/23/2011 5:29 PM, Yehuda Katz wrote:
On Wed, Mar 23, 2011 at 5:14 PM, Michael Schuh 
mailto:michael.sc...@gmail.com>> wrote:



for a bit fun:
put *.facebook.com  into your dns-masquerader
and lead him to the
internal IP of the firewall
or to 127.0.0.1 :D (* -> www, or whatever else, i am not aware if the
dns-forwarder can match wildcards)
Deny all other DNS beside the access to the firewall.


Just make sure you block access to other DNS servers at the firewall.
You might not think that so many people have heard of OpenDNS or 
Google Public DNS.


- Y
With some Port Forwarding you can force all your clients to use a DNS of 
your choosing, even if they statically assigned another DNS on there 
computer. I have it working, works great.


--
Adam M Piasecki
MidAtlanticBroadband
Office: 410-727-8250 x 123
Cell: 940-224-4837
Fax: 410-727-8245

AW: [pfSense Support] pfSense as subordinate CA

2011-03-24 Thread Fuchs, Martin 
Well thats not exactly what i want to do...

I want pfsense to be its own subordinate ca that's authenticated by the windows 
ca.
This way it would be possible for me to use the pfsense ca for all ssl issues 
on the pfsense and would not have to use the windows ca for that, but the trust 
would be established, because the windows ca authenticated the pfsense ca.
When I import the ca it seems pfsense cannot use it (because it displays 
external ?)

-Ursprüngliche Nachricht-
Von: Vick Khera [mailto:vi...@khera.org] 
Gesendet: Mittwoch, 23. März 2011 13:35
An: support@pfsense.com
Betreff: Re: [pfSense Support] pfSense as subordinate CA

On Wed, Mar 23, 2011 at 7:03 AM, Fuchs, Martin  
wrote:
> I'd like to use my Windows 2008R2 CA as the main CA and pfSense as a 
> subordinate CA.
>
> When I import an existing certificate of a subordinate ca, I cannot 
> chose this ca, when creating new certs with pfsense. (it displays the 
> ca then as
> external)

Not sure I follow the need, but it sounds like you just need to import the CA 
certificate into pfSense, then just keep using the windows CA to issue 
certificates, and pfSense will authenticate them.  That's what we do for our 
1.2.3 installation -- the CA is on another server.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional 
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org