Re: [pfSense Support] pfsense config for failover
On Sat, Jun 4, 2011 at 10:18 AM, Ahmed Ndaula anda...@spurtechnologies.comwrote: Hello folks, Here's the situation I am having; Right now I have a functional dual box. I have another with the right side not responding. My goal is to have 2 x dual boxes set up for fail-over. What would I need to have a successful fail-over configuration? I will be grateful getting a response on this issue. Best, -- Thanks for setting up your website on our reliable web servers. Ndaula Ahmed Systems/Network Administrator SPUR Technologies Off: +256-414-267247 Mob: +256-702-066343 Skype: ndaula Email: anda...@spurtechnologies.com Web: http://www.spurtechnologies.com --- Managed Networks | IT Infrastructure | Web Development | Web Hosting | Training | System Security Cameras http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm ShiB. while ( ! ( succeed = try() ) );
[pfSense Support] l7 blocking
Dear Users I have been trying to block p2p traffic, as its killing the internet line. I have recently asked a question if there was a way to get snort to block only that one traffic type and not the entire ip I was tolled to try layer 7 blocking which I now have. I have no problem blocking http, ftp or vnc, but bittorrent isn't blocking only if I enable bittorrent AND http to block then I can't get bittorrent peer connections And I really would like my users to be able to do a http request :) Im using 2.0 r2 Best regards Martin Månsson IT-supporter, University Library of Southern Denmark Tel. +45 6550 2709 Fax +45 6315 0095 Email m...@bib.sdu.dk Addr. Campusvej 55, DK-5230 Odense M, Denmark [cid:image001.jpg@01CC2446.168C5CF0] Campusvej 55 · DK-5230 Odense M · Denmark · Tel. +45 6550 1000 · www.sdu.dkhttp://www.sdu.dk/ inline: image001.jpg
RE: [pfSense Support] l7 blocking
Instead of blocking how about throttling to say 1KB/s so it is almost unusable for Bittorrent? http://www.smallnetbuilder.com/lanwan/lanwan-howto/30565-taming-your-networks-bandwidth-hogs-part-1?showall=start=2 Gavin Will | IT Systems Support | Exterity Ltd - BUILDING IPTV tel: +44 1383 828269 | fax: +44 1383 824905 | mob: + 44 7827 966328 e: gavin.w...@exterity.com | w: www.exterity.com | skype: exterity.gavin.will From: Martin Månsson [mailto:m...@bib.sdu.dk] Sent: 06 June 2011 11:35 To: support@pfsense.com Subject: [pfSense Support] l7 blocking Dear Users I have been trying to block p2p traffic, as its killing the internet line. I have recently asked a question if there was a way to get snort to block only that one traffic type and not the entire ip I was tolled to try layer 7 blocking which I now have. I have no problem blocking http, ftp or vnc, but bittorrent isn't blocking only if I enable bittorrent AND http to block then I can't get bittorrent peer connections And I really would like my users to be able to do a http request J Im using 2.0 r2 Best regards Martin Månsson IT-supporter, University Library of Southern Denmark Tel. +45 6550 2709 Fax +45 6315 0095 Email m...@bib.sdu.dk Addr. Campusvej 55, DK-5230 Odense M, Denmark Campusvej 55 · DK-5230 Odense M · Denmark · Tel. +45 6550 1000 · www.sdu.dk http://www.sdu.dk/ image001.jpg
Re: [pfSense Support] l7 blocking
On Mon, Jun 6, 2011 at 12:34 PM, Martin Månsson m...@bib.sdu.dk wrote: Dear Users I have been trying to block p2p traffic, as its killing the internet line. I have recently asked a question if there was a way to get snort to block only that one traffic type and not the entire ip I was tolled to try layer 7 blocking which I now have. I have no problem blocking http, ftp or vnc, but bittorrent isn’t blocking only if I enable bittorrent AND http to block then I can’t get bittorrent peer connections And I really would like my users to be able to do a http request J If bitorrent is using encryption then you have to create a regex yourself to detect there. L7 will only catch the unencrupted bittorrent as is today. Im using 2.0 r2 Best regards *Martin Månsson* IT-supporter, University Library of Southern Denmark Tel. +45 6550 2709 Fax +45 6315 0095 Email m...@bib.sdu.dk Addr. Campusvej 55, DK-5230 Odense M, Denmark [image: Beskrivelse: C:\Users\mam\Application Data\Microsoft\Signaturer\sduemaillogoUK.jpg] -- *Campusvej 55 · DK-5230 Odense M · Denmark · Tel. +45 6550 1000 · www.sdu.dk* -- Ermal
SV: [pfSense Support] l7 blocking
Well now have testet the traffic shaper and tried to set the limit too 1kb/s which it totally ignored (ill have another go at it) The real problem is that bittorrent eats up a lot of connections and that is killing our VPN connection, is there another way to limit the connections? Med venlig hilsen Martin Månsson IT-supporter, Syddansk Universitetsbibliotek Tlf. 6550 2709 Fax 6315 0095 Email m...@bib.sdu.dk Adr. Campusvej 55, 5230 Odense M [cid:image002.jpg@01CC2450.FAD57AE0] Campusvej 55 · 5230 Odense M · Tlf. 6550 1000 · www.sdu.dkhttp://www.sdu.dk/ Fra: Gavin Will [mailto:gavin.w...@exterity.com] Sendt: 6. juni 2011 12:46 Til: support@pfsense.com Emne: RE: [pfSense Support] l7 blocking Instead of blocking how about throttling to say 1KB/s so it is almost unusable for Bittorrent? http://www.smallnetbuilder.com/lanwan/lanwan-howto/30565-taming-your-networks-bandwidth-hogs-part-1?showall=start=2 Gavin Will | IT Systems Support | Exterity Ltd - BUILDING IPTV tel: +44 1383 828269 | fax: +44 1383 824905 | mob: + 44 7827 966328 e: gavin.w...@exterity.commailto:gavin.w...@exterity.com | w: www.exterity.comhttp://www.exterity.com | skype: exterity.gavin.will From: Martin Månsson [mailto:m...@bib.sdu.dk] Sent: 06 June 2011 11:35 To: support@pfsense.com Subject: [pfSense Support] l7 blocking Dear Users I have been trying to block p2p traffic, as its killing the internet line. I have recently asked a question if there was a way to get snort to block only that one traffic type and not the entire ip I was tolled to try layer 7 blocking which I now have. I have no problem blocking http, ftp or vnc, but bittorrent isn't blocking only if I enable bittorrent AND http to block then I can't get bittorrent peer connections And I really would like my users to be able to do a http request :) Im using 2.0 r2 Best regards Martin Månsson IT-supporter, University Library of Southern Denmark Tel. +45 6550 2709 Fax +45 6315 0095 Email m...@bib.sdu.dkmailto:m...@bib.sdu.dk Addr. Campusvej 55, DK-5230 Odense M, Denmark [cid:image003.jpg@01CC2450.FAD57AE0] Campusvej 55 · DK-5230 Odense M · Denmark · Tel. +45 6550 1000 · www.sdu.dkhttp://www.sdu.dk/ inline: image002.jpginline: image003.jpg
