[pfSense Support] Not able to ping PPPoE clients from the WAN side
Dear All, Based on the following scenario and configurations shown here, PFSense-1 - WAN Interface, public IP: 218.208.98.20/27 GW: 218.208.98.1 DNS1: 202.188.0.133 DNS2: 202.188.1.5 LAN Interface, public IP: 218.208.98.21/27 and bridged to WAN interface DHCP server enabled with the range of 218.208.98.24 to 218.208.98.26 PPPoE enabled on LAN interface with Radius authentication as the following configurations: Server Address: 10.10.10.10 Issue IP Addresses via RADIUS server is enabled PFSense-2 - WAN Interface, public IP: 218.208.98.22/27 GW: 218.208.98.1 DNS1: 202.188.0.133 DNS2: 202.188.1.5 LAN Interface, public IP: 218.208.98.23/27 and bridged to WAN interface DHCP server enabled with the range of 218.208.98.28 to 218.208.98.31 PPPoE enabled on LAN interface with Radius authentication as the following configurations: Server Address: 10.10.20.10 Issue IP Addresses via RADIUS server is enabled WANLAN || ||Access Point(AP)| ||| | |||| || |--| |--| PFSense-1|| Switch |---|ATA |---|Phone | | | in Bridge mode ||| || |--| ||||| -| Switch | ||| || || PC | | | | || | | | || | | | | PFSense-2 ||---| | | |--| in Bridge mode || Same as above | | ||||---| | | | ||-| | -| SIP Server | | |-| | | |---| |---| Radius Server | |---| As noted above that each interface on both PFSense is assigned a public IP where the LANs interfaces are bridged to the WAN. All the PCes (Wired and Wireless) have to be on public IP addresses assigned by DHCP for remote monitoring and they have to login using the captive portal authentication in order to access the Internet. The ATA connects normal phones to sip server in order to make VoIP calls with other phones on the same network or the other one. The ATA Automatically dials a PPPoE to PFSense to establish a PPPoE connection using Radius authentication and assigned a public IP address pushed by the Radius based on the attributes, for example FRAM-IP-ADDRESS=218.208.98.27 and FRAM-IP-NETMASK=225.225.225.224 bound to the authentication account in the Radius server. Each ATA has its own authentication account bound to a unique public IP address registered in the Radius server I am facing two problems: First: I cannot ping or access the ATA's web GUI from the WAN side although it has assigned a public IP after establishing the PPPoE connection and get it registered with the SIP server. Second: Sometimes one PC on one PFSense LAN gets a DHCP IP from the second PFSense because they are on a bridge mode. So how to stop this to happens? Your help is much appreciated and thanks in advance Regards Bassam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] How to make 40 pfsense platforms refer to an external Login Page
Hi Scott, Thanks for your response. This exactly what I want. How could you help in solving my problem, what code adding and changes are needed to be done on PFSense platform in server the clients with a central login page hosted on one of my servers? Your help and support is much appreciated Regards Bassam -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 07, 2007 1:07 AM To: support@pfsense.com Subject: Re: [pfSense Support] How to make 40 pfsense platforms refer to an external Login Page On 7/29/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote: Dear All, I have recently deployed a 40 PFSense platforms in one of the university campuses to enable staff and students to access Internet and other resources on the WAN side through wired and Wi-Fi. I have ported a customized login page that contains some logos and advertisements. Unfortunately, every time I need to add new information to the login page I need to update the entire deployed platform, and this is really a tedious and boring operation. I wonder if there is a possibility to make pfsense refers to an external login page hosted on a web server that eases my life of doing such operation. If there is no such thing in pfsense at the moment, is there any plan in the future to make pfsense refers to an external login page? I would redirect to a central login page that is served from one of your servers. While redirecting pass the server ip address and port that you need to post to from the central server. Then you can serve out a master page that knows where to post against when authenticating, etc. I am available via contract work if you need further assistance with this. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.11.8/940 - Release Date: 8/6/2007 4:53 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] How to make 40 pfsense platforms refer to an external Login Page
Dear All, I have recently deployed a 40 PFSense platforms in one of the university campuses to enable staff and students to access Internet and other resources on the WAN side through wired and Wi-Fi. I have ported a customized login page that contains some logos and advertisements. Unfortunately, every time I need to add new information to the login page I need to update the entire deployed platform, and this is really a tedious and boring operation. I wonder if there is a possibility to make pfsense refers to an external login page hosted on a web server that eases my life of doing such operation. If there is no such thing in pfsense at the moment, is there any plan in the future to make pfsense refers to an external login page? Regards Bassam
[pfSense Support] Bandwidth limit and Captive portal login page.
Dear All, I am trying to build a commercial Wi-Fi network using pfsense, and I have a couple of questions that need your generous reply and answers. Please let your answers be after each and every question A- Portals: 1- Can I replace the user login page (the pfsense portal page) with and external one hosted on different server. I mean to redirect the captive portal login page to a different one. 2- If yes, then how to configure pfsense to do that, and what the essential login page code must be? 3- If no, can I customize the login page that resides inside pfsens?, and where can I find the login page in pfsense. B- Bandwidth control: I am trying to offer four kind of bandwidth packages, 512 kbps, 1mbps, 10mbps and 30mbps 1- Is there a way to control or limit the bandwidth by pfsense per user authentication account, I mean by using a specific Radius Vendor Specific Attributes (VSA) attached to every user account registered in the Radius, so that once the user got authenticated, the pfsense will limit the bandwidth based on the bandwidth VSA value attached to that user account that it receives from the radius. This scenario if the user is assigned a DHCP IP. 2- In case if the user assigned a static IP, is there a way where pfsense can limit the bandwidth based on that static IP? 3- If the above both don't work with pfsense, so what do you suggest me to use to control the bandwidth per user? Your help is much more appreciated and looking forward to hear from you Best Regards Bassam
[pfSense Support] why it doesn't honor Session-Timeout attribute
Dear PFSense Folk, I have setup a PFSense machine with a radius server authentication and accounting method. However, I have noticed that PFSense doesn't honor the radius attribute Session-Timeout when it is set for a limited time in users profiles. For example if I set the Session-Timeout = 120 for a user, that session wont be ended after 2 min. Is it considered a bug in PFSense or is not supported, and when it will be fixed up? Regards Bassam
RE: [pfSense Support] How to get back the logout popup window after it has closed mistakenly??
Hi again, This is an issue when user is charged by their on-line time. If they cannot logout, they will be charged extra for the idle-timeout delay. In our deployment, due to customer requirement we can't set the idle-timeout too short. So the ability for user to manually logout is important. Regards Bassam -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, April 13, 2007 4:58 AM To: [EMAIL PROTECTED] Subject: RE: [pfSense Support] How to get back the logout popup window after it has closed mistakenly?? There is no way to logout then. You'll have to wait for the idle timout or the hard timeout to kick your session then. Holger From: Bassam A. Al-Khaffaf [mailto:[EMAIL PROTECTED] Sent: Thursday, April 12, 2007 3:24 AM To: [EMAIL PROTECTED] Subject: [pfSense Support] How to get back the logout popup window after it has closed mistakenly?? Dear All, I enabled the captive portals and using it successfully. However, I just wonder how to get back or re-open the logout popup window after it has closed mistakenly? If the logout window has closed mistakenly, then how can we logout to end the session? Regards Bassam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.2.0/757 - Release Date: 4/11/2007 5:14 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
FW: [pfSense Support] How to get back the logout popup window after it has closed mistakenly??
Hi again, This is an issue when user is charged by their on-line time. If they cannot logout, they will be charged extra for the idle-timeout delay. In our deployment, due to customer requirement we can't set the idle-timeout too short. So the ability for user to manually logout is important. So it must be a there is a way in pfsense to manually logout and end the session by the user. I mean, it should be there is a way to get the logout popup window again, So why it cannot have the ability to popup again and automatically when it has mistakenly closed, or we may have send http request, for example http://1.2.3.4, to make pfsense send again the popup window after is has mistakenly closed. Please this issue is very important to me and I want your help to find a solution for it Regards Bassam -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, April 13, 2007 4:58 AM To: [EMAIL PROTECTED] Subject: RE: [pfSense Support] How to get back the logout popup window after it has closed mistakenly?? There is no way to logout then. You'll have to wait for the idle timout or the hard timeout to kick your session then. Holger From: Bassam A. Al-Khaffaf [mailto:[EMAIL PROTECTED] Sent: Thursday, April 12, 2007 3:24 AM To: [EMAIL PROTECTED] Subject: [pfSense Support] How to get back the logout popup window after it has closed mistakenly?? Dear All, I enabled the captive portals and using it successfully. However, I just wonder how to get back or re-open the logout popup window after it has closed mistakenly? If the logout window has closed mistakenly, then how can we logout to end the session? Regards Bassam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.2.0/757 - Release Date: 4/11/2007 5:14 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.4.0/759 - Release Date: 4/12/2007 7:58 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] A couple of questions
For the password part, I used the command passwd to change the root password independently from the GUI configurator password successfully, However, when I reboot my pfsense machine, the root password will be turned back to as same as the GUI Configurator password, so how can I fix the password changing? Regards Bassam -Original Message- From: Josep Pujadas i Jubany [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 11, 2007 2:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] A couple of questions On Wed, 11 Apr 2007 11:36:14 +0800, Bassam A. Al-Khaffaf wrote Dear All, In pfsense I have the following questions: 1- I enabled the captive portal with no problems, and when I log in, I get the popup logout window. However, how can I get back the logout popup window just in case it is closed mistakenly? 2- I can use an ssh client at the LAN side to access the console menu, but cannot ssh at the WAS side, why could be the problem? 3- I am using SFTP to access the pfsense file system at the LAN side, but cannot do the same thing at the WAN side, what could be the problem? 4- How can I change the root password apart from the web gui password? Your help is much appreciated. Regards Bassam Bassam, 2 3. SFTP is SSH. I'm using also SSH and SFTP ... I think you have to authorise traffic for SSH (TCP port 22) in your WAN. 4. pfSense is FreeBSD 6.x based. Please, see man page for passwd command: http://www.freebsd.org/cgi/man.cgi? query=passwdapropos=0sektion=0manpath=FreeBSD+6.2-RELEASEformat=html Regards, Josep Pujadas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 269.2.0/756 - Release Date: 4/10/2007 10:44 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] How to get back the logout popup window after it has closed mistakenly??
Dear All, I enabled the captive portals and using it successfully. However, I just wonder how to get back or re-open the logout popup window after it has closed mistakenly? If the logout window has closed mistakenly, then how can we logout to end the session? Regards Bassam
[pfSense Support] A couple of questions
Dear All, In pfsense I have the following questions: 1- I enabled the captive portal with no problems, and when I log in, I get the popup logout window. However, how can I get back the logout popup window just in case it is closed mistakenly? 2- I can use an ssh client at the LAN side to access the console menu, but cannot ssh at the WAS side, why could be the problem? 3- I am using SFTP to access the pfsense file system at the LAN side, but cannot do the same thing at the WAN side, what could be the problem? 4- How can I change the root password apart from the web gui password? Your help is much appreciated. Regards Bassam
[pfSense Support] couple of inquiries regarding pfsense
Dear All, I have a couple of inquiries where I need people who have experience to convey some of their knowledge to me. 1- Does pfsense support 802.1x authentications; I mean does it act as an authenticator for any 802.1x supplicant, in another word, does it allow EAP authentication requests to EAP authentication servers? 2- Does pfsense support Group-oriented policy firewall and bandwidth control? Regards Bassam
[pfSense Support] not able to cutomize the console menue
Dear All, I posted this question in the form 5 days ago and I did not get any single reply, and then I decided to post it here thought I may get a concern about it. I am trying to customize the console menu and add more entries that is accessible through ssh or com1. However, I spent about more than 5 days inspecting every possible shell file that contains that console menu but I failed. I would appreciate you guys if you helped me to find out where is that shell file, what is its name, and in which directory in the pfsense file system is stored. Thanks a lot Bassam
RE: [pfSense Support] not able to cutomize the console menue
Yes, that is the file that I was looking for - Thanks a lot Regards Bassam -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 27, 2007 11:14 AM To: support@pfsense.com Subject: Re: [pfSense Support] not able to cutomize the console menue You mean /etc/rc.initial? --Bill On 3/26/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote: Dear All, I posted this question in the form 5 days ago and I did not get any single reply, and then I decided to post it here thought I may get a concern about it. I am trying to customize the console menu and add more entries that is accessible through ssh or com1. However, I spent about more than 5 days inspecting every possible shell file that contains that console menu but I failed. I would appreciate you guys if you helped me to find out where is that shell file, what is its name, and in which directory in the pfsense file system is stored. Thanks a lot Bassam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.18/734 - Release Date: 3/26/2007 2:31 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] not able to cutomize the console menue
Now I tried to customize and modify that file /etc/rc.initial taking a copy of it using SFTP, edit it on my windows xp machine, modify it, save it, and the copy it back to the pfsens file system. Now, when I try to ssh, or using the normal output consol, I get this error: /etc/rc.initial: not found What could be the problem? Even if I change a single bit character inside that file and then copy it back, I get the same problem, I don't know why? Does pfsense maintain the file signatures, however, I have made many changes to the gui without problem. So what could be the problem??? Your help is much appreciated Bassam -Original Message- From: Bassam A. Al-Khaffaf [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 27, 2007 12:50 PM To: support@pfsense.com Subject: RE: [pfSense Support] not able to cutomize the console menue Yes, that is the file that I was looking for - Thanks a lot Regards Bassam -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 27, 2007 11:14 AM To: support@pfsense.com Subject: Re: [pfSense Support] not able to cutomize the console menue You mean /etc/rc.initial? --Bill On 3/26/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote: Dear All, I posted this question in the form 5 days ago and I did not get any single reply, and then I decided to post it here thought I may get a concern about it. I am trying to customize the console menu and add more entries that is accessible through ssh or com1. However, I spent about more than 5 days inspecting every possible shell file that contains that console menu but I failed. I would appreciate you guys if you helped me to find out where is that shell file, what is its name, and in which directory in the pfsense file system is stored. Thanks a lot Bassam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.18/734 - Release Date: 3/26/2007 2:31 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.18/734 - Release Date: 3/26/2007 2:31 PM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] How to FTP to PFSense
Dear All, I am new to pfsense, and would like to have special thanks for all the people who participated with the development of this package. I have installed pfsense on a CF successfully. However, I am trying to access the pfsense file system through FTP clinet. I used normal FTP and secured FTP through ssh. Unfortuantely I couldn't get it done because the FTP client is not able to establish the connection. I need to ftp for further modifications. My question is how can I establish an FTP to the the pfsense file system? Your help is much appreciated. Regards Bassam