RE: [pfSense Support] Loading Full pfSense onto CompactFlash cards
Works fine for me - a 256 Mb CF card is relatively cheap, and when it does die they'll be even cheaper. I did a full install from CD by adding a CD drive temporarily to my machine. Because you're using another machine, it may be detecting the wrong or a weird disk geometry. Try using CHS rather than LBA mode. Or do the install on the target machine if you can. Also - what brand of CF card are you using? Some of the uber-fast ones don't work so good. It pays to buy a cheaper CF card for pfSense. -Original Message- From: William Somerset [mailto:[EMAIL PROTECTED] Sent: Wednesday, 21 February 2007 4:37 a.m. To: support@pfsense.com Subject: [pfSense Support] Loading Full pfSense onto CompactFlash cards I'm aware of the dangers of loading a CompactFlash with the full version of pfSense but I'm wanting to put packages on the device. Is there any method for getting this loaded? I tried doing a normal install with VMWare writing directly to the card for a hard drive but when I put it into the machine, it doesn't work. Can anyone point me to a tutorial or anything that would provide me with a method for doing this?
RE: [pfSense Support] Nokia IP330
They're awesome wee boxes, and they run pfSense just fine. Especially given it's a 1RU form factor. Mine's only a 166 MHz CPU and its fully useable. -Original Message- From: SDamron [mailto:[EMAIL PROTECTED] Sent: Thursday, 28 December 2006 2:49 p.m. To: support@pfsense.com Subject: [pfSense Support] Nokia IP330 Hello Fellow Listers I have a Nokia IP330 which runs pfsense quite well, it has a 400mhz AMD with 512 megs of ram, and a 30 gig HDD in it. If someone local (in the US, that is) would like it, all you would have to do is pay shipping on it, and it is yours. If the project team would like it, they would of course get first right of refusal :o) I have upgraded to new hardware due to increased bandwidth, and this is just going to sit in the closet if no one wants it. Thanks. Scott -- --- A fight to the death between zombies has a few inherent problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] floppy drive doesn't work in MS Virtual Server 2005 R2
I don't have a suggestion - but do make sure your floppy image file is formatted fat12 already - I had that problem with both pfsense and m0n0wall inside vmware when I was testing. -Original Message- From: Anderson Carli [mailto:[EMAIL PROTECTED] Sent: Friday, 29 December 2006 6:53 a.m. To: support@pfsense.com Subject: [pfSense Support] floppy drive doesn't work in MS Virtual Server 2005 R2 I'm using pfsense in a Virtual Server, It works well, but I'm having some problems on shutdown, sometimes the disk went broken. So I decided to use it on direct from CD image, but the freebsd doesn't recognize the Floppy as related here: http://www.freebsd.org/cgi/query-pr.cgi?pr=91476 It is possible to apply this patch in pfsese distribution, or there is another way to solve this problem (broken disk on hot shutdown)? Thanks, Anderson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Smallest drive for PFsense
No sorry - I have no idea why a 133x ultrafast sandisk CF card failed to work, whereas a 40x budget sandisk CF works fine... But that's my experience. -Original Message- From: sai [mailto:[EMAIL PROTECTED] Sent: Saturday, 2 December 2006 3:13 p.m. To: support@pfsense.com Cc: Craig FALCONER Subject: Re: [pfSense Support] Smallest drive for PFsense On 12/1/06, Craig FALCONER [EMAIL PROTECTED] wrote: Mine's a 256 Mb card at home, which is fine. It will run on a 128 Mb card, but its just a bit close sometimes. Given prices these days, get a 256 Mb CF card. BTW don't bother getting a fast one... The 66x and 133x don't anything for you, and can cause more problems. Can you explain why fast CF cards might cause problems? I just got some 144x card ! sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Smallest drive for PFsense
Mine's a 256 Mb card at home, which is fine. It will run on a 128 Mb card, but its just a bit close sometimes. Given prices these days, get a 256 Mb CF card. BTW don't bother getting a fast one... The 66x and 133x don't anything for you, and can cause more problems. -Original Message- From: Jeremy Bennett [mailto:[EMAIL PROTECTED] Sent: Friday, 1 December 2006 3:03 p.m. To: support@pfsense.com Subject: [pfSense Support] Smallest drive for PFsense How much space will PFsense install in? I'd like to install it on a CF card on a full size PC (not WRAP) and am curious what size card I can/should use (or if it is even a good idea). Thank you, jbennett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Is it an attack?
I'll have a stab - please correct me if I'm wrong... Josep - I assume this is a snippet from the firewall logs page showing traffic that has been blocked? And that you have a webserver running on 192.168.101.2 with a valid NAT and a firewall rule to allow traffic from * on WAN to port 80/tcp on your web server? Well - one of those assumptions is wrong. What is your WAN address? Can users see your web server correctly? -Original Message- From: Josep Pujadas i Jubany [mailto:[EMAIL PROTECTED] Sent: Sunday, 26 November 2006 9:07 a.m. To: pfSense Subject: [pfSense Support] Is it an attack? Hi! pfSense is blocking access to my web server from a determinate IP. Any rule is configured about this IP. Is pfSense considering this an attack. If yes, why? Nov 25 18:31:56 WAN 88.19.121.209:14726 192.168.101.2:80 TCP Nov 25 18:31:59 WAN 88.19.121.209:14726 192.168.101.2:80 TCP Nov 25 18:32:04 WAN 88.19.121.209:14726 192.168.101.2:80 TCP ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VLAN trunking?
Should work - I've been playing with vlans and got it all working. The only weirdness I have left to solve is why my vlan only works if there's a tcpdump -i vlan0 /dev/null running on my pfsense box. If thats not running I simply see no data. -Original Message- From: Nathan Osborne [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 3:19 a.m. To: support@pfsense.com Subject: [pfSense Support] VLAN trunking? Hi everyone, I have a pretty basic VLAN question that I haven't been able to find the answer to: Can pfSense do VLAN trunking? More specifically: I'm installing a Metro Ethernet connection with pfSense boxes on each end. I need to tag all traffic sent over the Metro Ethernet connection with a specific VLAN id in order for the ISP's switch to handle the traffic correctly and send it on to the pfSense box on the other end. Can pfSense do this through its VLAN configuration, or would I need a 802.1q switch in between the pfSense and the Metro E connection on each end to specify the VLAN info? Each box has Intel cards (em), running ver 1.0.1. Thanks for any tips, Nate - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VLAN trunking?
From: Scott Ullrich [mailto:[EMAIL PROTECTED] On 11/8/06, Craig FALCONER [EMAIL PROTECTED] wrote: Should work - I've been playing with vlans and got it all working. The only weirdness I have left to solve is why my vlan only works if there's a tcpdump -i vlan0 /dev/null running on my pfsense box. If thats not running I simply see no data. What kind of NIC(s)? Intel somethingorother... It's a nokia IP330 dmesg says fxp2: Intel 82558 Pro/100 Ethernet port 0x7000-0x701f mem 0xe0301000-0xe0301fff,0xe020-0xe02f irq 5 at device 15.0 on pci0 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VLAN trunking?
Title: Message So you have a two-way metrosexual connection? -Original Message-From: Nathan Osborne [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 9:39 a.m.To: support@pfsense.comSubject: Re: [pfSense Support] VLAN trunking?It's a pretty short distance and it's a fast pipe, so I should be able to get some pretty good benchmarks of the type of traffic it's possible to push over this connection. I'm running it on Poweredge 1850 servers with 2 GB RAM, onboard Intel NICs, and Intel 1000MT dual port server PCI adapters.
RE: [pfSense Support] VLAN trunking?
Heya - not wishing to argue, but I'm really telling the truth. vlan0 is 192.168.200.1/24 and the workstation is at 192.168.200.2 # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=4.221 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.233 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.233/2.727/4.221/1.494 ms # ps auxw | grep tcpdump root 298 0.0 0.9 3832 2172 d0- SSat07PM 0:51.74 /usr/sbin/tcpdump -l -n -e -ttt -i pflog0 root 48512 0.0 0.2 1468 608 p0 R+2:15PM 0:00.01 grep tcpdump root 67821 0.0 0.9 3852 2244 p0- S 9:12PM 0:17.03 tcpdump -i vlan0 # kill 67821 # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes ^C --- 192.168.200.2 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss # tcpdump -i vlan0 /dev/null [1] 48592 # tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan0, link-type EN10MB (Ethernet), capture size 96 bytes # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=2.412 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.009 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.009/1.710/2.412/0.701 ms # All I can think of is more Nokia weirdness. This is an IP330 with three on-board NICs. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Bill Marquette wrote: Doesn't really make any sense. We already are doing a background TCPDUMP to get the firewall logs. On pflog0. This is on the vlan interface which really is bizarre. I could see if for some reason the physical fxp interface wasn't in PROMISC mode needing to do it for that interface, but for the vlan interface I'm stumped. And he said that's the only way it *works*? Due to the FreeBSD + promisc bug with VLAN's, tcpdumping any vlanX interface or the parent interface should kill all network activity on all VLAN's. Does on every box I've tried, and others have reported the same. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VLAN trunking?
I suspect this is not the answer. I ran tcpdump net 192.168.200.0/24 on a third machine and there's no traffic detected. I'm using a dumb unmanaged switch which makes it more confusing. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 3:01 p.m. To: support@pfsense.com Subject: Re: [pfSense Support] VLAN trunking? Charles Sprickman wrote: Here's kind of an out of left field idea... Someone mentioned that running tcpdump on a vlan interface actually *breaks* it. By breaks, I'm betting that means sends the vlan traffic without vlan tags. I'm not sure exactly what happens to break it, but sending the traffic without tags would make sense. I haven't done enough testing to know what happens to the traffic. Interesting theory, could very well be right on. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] VLAN trunking? SOLVED
It *IS* promiscuous mode that's making it work. With tcpdump running in the background # ifconfig vlan0 vlan0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 inet 192.168.200.1 netmask 0xff00 broadcast 192.168.200.255 inet6 fe80::2a0:8eff:fef6:6ae8%vlan0 prefixlen 64 scopeid 0x8 ether 00:12:92:33:46:aa media: Ethernet autoselect (100baseTX full-duplex) status: active vlan: 4 parent interface: fxp0 # ifconfig fxp0 fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet6 fe80::2004:77a:c5f6:4af5%fxp0 prefixlen 64 scopeid 0x1 inet 10.28.1.1 netmask 0x broadcast 10.28.255.255 ether 02:a5:53:e0:c4:67 media: Ethernet autoselect (100baseTX full-duplex) status: active After killing tcpdump # ifconfig vlan0 vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet 192.168.200.1 netmask 0xff00 broadcast 192.168.200.255 inet6 fe80::2a0:8eff:fef6:6ae8%vlan0 prefixlen 64 scopeid 0x8 ether 00:12:92:33:46:aa media: Ethernet autoselect (100baseTX full-duplex) status: active vlan: 4 parent interface: fxp0 # ifconfig fxp0 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=8VLAN_MTU inet6 fe80::2004:77a:c5f6:4af5%fxp0 prefixlen 64 scopeid 0x1 inet 10.28.1.1 netmask 0x broadcast 10.28.255.255 ether 02:a5:53:e0:c4:67 media: Ethernet autoselect (100baseTX full-duplex) status: active # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss # ifconfig vlan0 promisc # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=1.360 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.138 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.138/1.249/1.360/0.111 ms # So it looks like my VLAN setup required promisc mode on fxp0 (my lan port) and vlan0 What do you think? -Original Message- From: Craig FALCONER [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 3:09 p.m. To: support@pfsense.com Subject: RE: [pfSense Support] VLAN trunking? Sorry I'm not the metro guy. I have a pfsense box plugged into a non-managed switch, so the vlan MTU had to be dropped to 1496. The pfsense box only sees traffic on the vlan when there's a tcpdump session running. On the other box I had to disable rp_filter before the vlan tagging worked. I haven't found the same thing in freeBSD. This is what rp_filter does in linux. 546 rp_filter - BOOLEAN 547 1 - do source validation by reversed path, as specified in RFC1812 548 Recommended option for single homed hosts and stub network 549 routers. Could cause troubles for complicated (not loop free) 550 networks running a slow unreliable protocol (sort of RIP), 551 or using static routes. 552 553 0 - No source validation. 554 555 conf/all/rp_filter must also be set to TRUE to do source validation 556 on the interface 557 558 Default value is 0. Note that most distributions enable it in startup scripts. I imagine the same concept is hidden somewhere in sysctl but I can't spot it. These are possibilities... net.inet.ip.check_interface: 0 net.inet.ip.sourceroute: 0 net.inet.ip.redirect: 0 Or do I just ifconfig vlan0 mtu 1496 promisc ? -Original Message- From: Charles Sprickman [mailto:[EMAIL PROTECTED] Sent: Thursday, 9 November 2006 2:32 p.m. To: support@pfsense.com Subject: RE: [pfSense Support] VLAN trunking? On Thu, 9 Nov 2006, Craig FALCONER wrote: Heya - not wishing to argue, but I'm really telling the truth. Here's kind of an out of left field idea... Someone mentioned that running tcpdump on a vlan interface actually *breaks* it. By breaks, I'm betting that means sends the vlan traffic without vlan tags. If that is indeed the case, perhaps your metro ether provider does not allow tagged ethernet packets. Make sense? Charles vlan0 is 192.168.200.1/24 and the workstation is at 192.168.200.2 # ping 192.168.200.2 PING 192.168.200.2 (192.168.200.2): 56 data bytes 64 bytes from 192.168.200.2: icmp_seq=0 ttl=64 time=4.221 ms 64 bytes from 192.168.200.2: icmp_seq=1 ttl=64 time=1.233 ms ^C --- 192.168.200.2 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.233/2.727/4.221/1.494 ms # ps auxw | grep tcpdump root 298 0.0 0.9 3832 2172 d0- SSat07PM 0:51.74 /usr/sbin/tcpdump -l -n -e -ttt -i pflog0 root 48512 0.0 0.2 1468 608 p0 R+2:15PM 0:00.01 grep tcpdump root 67821 0.0 0.9 3852 2244 p0- S 9:12PM 0:17.03 tcpdump -i
RE: [pfSense Support] Minimium Hardware 96 MRAM?
No that's not enough... You need one of these: http://techreport.com/reviews/2006q1/gigabyte-iram/index.x?pg=1 then create a swap file on that! -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Monday, 6 November 2006 5:01 p.m. To: support@pfsense.com Subject: Re: [pfSense Support] Minimium Hardware 96 MRAM? On 11/5/06, Rob Terhaar [EMAIL PROTECTED] wrote: I store my swapfile on a ram drive! I certainly hope that's a joke, cause it's the daftest thing I've ever heard otherwise!!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Master Browser
Another thought - maybe the firewall rules allow some crap to enter your network from the WAN side, and someone else's windows box is spewing smb on the local cable segment you're on? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Thursday, 21 September 2006 11:52 a.m. To: support@pfsense.com Subject: RE: [pfSense Support] Master Browser Do you by chance have the freenas package installed? or had it installed at some point? that is the only thing that comes to mind that could cause something samba related. If not you might have a another machine running in your network using the IP-Adress of the pfsense too. Holger -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, September 21, 2006 1:01 AM To: support@pfsense.com Subject: Re: [pfSense Support] Master Browser On 9/20/06, cmaurand [EMAIL PROTECTED] wrote: Hello, my pfsense box seems to think its a domain master browser on my SAMBA network. Its constantly messing up my network neighborhood. What gives? I don't have samba installed on that box. I don't seen anything in the docs and I don't see a smb.conf file anywhere on the machine. Why is it doing this and what can I do to get it to stop making announcements and causing elections with my SAMBA domain controller? HUH!? Why do you think the pfSense box is causing this? It doesn't speak SMB at all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfsense, core-duo support?
Beg your pardon - SMP is enabled fine in pfSense From dmesg FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 2 -Original Message- From: Robert Carr [mailto:[EMAIL PROTECTED] Sent: Sunday, 10 September 2006 7:48 a.m. To: support@pfsense.com Subject: [pfSense Support] pfsense, core-duo support? I realize pfsense isn't SMP-capable, but would it run on a core-duo (or core-solo processor)? Or are these processors totally unsupported for now? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfsense snapshot 09-03-06 embedded
Why not call them 1.0-SNAPSHOT-2006-09-03? At least they'll sort correctly in a listing. Or are we really talking about the 8th and 9th of march 2006? It proves that pfSense is a global programme, when date representation issues arise :) -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, 5 September 2006 6:17 a.m. To: support@pfsense.com Subject: Re: [pfSense Support] pfsense snapshot 09-03-06 embedded On 9/4/06, Imre Ispánovits [EMAIL PROTECTED] wrote: Hi, I've just upgraded RC2 today to the latest pfSense-Mini-Embedded-Update-1.0-SNAPSHOT-09-03-06 It shows on system overview page as 1.0-SNAPSHOT-08-03-06 built on Thu Aug 10 19:38:26 UTC 2006 Did I missed something, or is it just wrong title there and I may ignore it safely? Otherwise firmware upgrade went smoothly on generic pc (Compaq SFF P3/400Mhz/256MB/64MB CF card) Typo. For some reason I was a month back in time when I prepared these images. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SSH access?
Shouldn't be anything special - make sure SSH is turned on in the advanced page, and give the machine time to generate ssh keys etc. (you'll get a message at the top of your window when that is done) Also confirm you're using the right port (22) Check out the firewall logs page as well, just after you try sshing to the box... Often that points you in the right direction. -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Friday, 25 August 2006 5:51 a.m. To: support@pfsense.com Subject: [pfSense Support] SSH access? Is there a trick to getting SSH to work? I have enabled this setup, but I can't seem to access this from either my LAN or WAN side. I would bet I can't get it from the WAN, but I thought I should be able to access from the LAN when enabled. Also, I see no rules stating that I can't access port 22. This is a new install, RC2 Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] favicon
Its definitely there in RELENG_1_SNAPSHOT-06-24-2006 already, and probably earlier versions too. -Original Message- From: Volker Kuhlmann [mailto:[EMAIL PROTECTED] Sent: Wednesday, 19 July 2006 1:46 p.m. To: support@pfsense.com Subject: [pfSense Support] favicon I would find it a good idea to copy http://pfsense.com/favicon.ico to /usr/local/www of the pfsense install image. Makes it much easier to see the bookmark for the local pfsense box in the browser. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Mass adding of firewall rules
One of the easiest answers is to download your config.xml file, edit it in a text editor (or a spreadsheet programme) and upload it again. -Original Message- From: Brad Bendy [mailto:[EMAIL PROTECTED] Sent: Monday, 10 July 2006 8:57 p.m. To: support@pfsense.com Subject: [pfSense Support] Mass adding of firewall rules Hello, I want to do some mass adding of rules, mostly blocking all the RIPE CIDR ranges from entering my network, but there are hundreds of these entries. Is there any documentation on perhaps running a curl POST to the page that adds the rules so this could be automated, this could also be used for intergration with Snort or other customer software packages where you would want realtime adding of firewall rules. Any help on this would be great! Thanks Brad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] OpenVPN syslogging
From: Scott Ullrich [mailto:[EMAIL PROTECTED] cvs_sync.sh releng_1 Note - doing this requires at *least* 100 Mb of free disk space, possibly more. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PFSense + Poweredge
Damn strange - I can ssh into a P166 running pfSense and it still works full speed. -Original Message- From: Scott Williamson [mailto:[EMAIL PROTECTED] Sent: Friday, 30 June 2006 12:27 a.m. To: support@pfsense.com Subject: RE: [pfSense Support] PFSense + Poweredge ...Overkill Yes, but they work, and as long as I do not SSH into them the CPU sets around 2% utilization. Seems when I start SSH'ing though I drop to about 50% and system becomes unresponsive and requires a reboot to clear up. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Package Request - Cache Server ???
And I have to wonder if proactive caching saves anything other than time. I remember those download accelerators that would pre-download every link on the current web page, but those were really only useful in a time-charged situation. The main difference between squid and Ryan's description is updates every hour I know of no current web cache that fetches/updates content just in case its needed. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 8:56 a.m. To: support@pfsense.com Subject: Re: [pfSense Support] Package Request - Cache Server ??? On 6/28/06, Ryan L. Rodrigue [EMAIL PROTECTED] wrote: I don't know if this is possibe, but I was in a guy's office and he had a Computer rack mounted that he said was a cache server. I had never heard of such a thing, but he said it monitors what pages are frequently visited, download them, periodically checks for updates, and serves the cached pages to people on his network that request it. Example: Everyone's homepage in the office is http://www.google.com. It caches Google.com (Specially pics and stuff. Anytime a person opens there browser, it serves them the cached page and uses 0 internet bandwidth. and it checkes every hour for any changes. Squid? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] automatic backup
Fair enough - can you put the recommended answer in the docs somewhere? Automated backups my memory. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 9:21 a.m. To: support@pfsense.com Subject: Re: [pfSense Support] automatic backup FWIW, after 1.0 this will break as we are no longer using HTTP Basic auth. At that point you'll have to switch to using xmlrpc. --Bill On 6/27/06, Imre Ispánovits [EMAIL PROTECTED] wrote: On Tue, 27 Jun 2006 10:59:39 -0400 Scott Ullrich [EMAIL PROTECTED] wrote: Use exec_raw.php and simply cat out /cf/conf/config.xml Something like this: wget -qO /tmp/config_backup.xml --user=admin --password=pfsense --no-check-certificate https://10.0.0.103/exec_raw.php?cmd=cat /cf/conf/config.xml The '--no-check-certificate' was missing, now it's working fine! Thank you Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Package Request - Cache Server ???
Certainly. There is a squid package for pfsense, but if you're serious about caching then you should run it on a separate machine. Squid is packaged for just about every BSD or linux distro available. The basic idea flow is this: Client asks for http://criggie.dyndns.org/ (for example) Request goes to cache server (set in web browser properties) Cache server checks index to see if that web page html is in cache. If yes then serve up the local version, if no then go fetch that page and serve it to client while storing a copy locally to accelerate the next access. Likewise, all the images on that page will be added to the cache the first time someone looks at that site. Theres a lot more to it of course... The cache can check to see if a file has changed or not on the source web server, and serve up the local copy if it hasn't changed... And the cache server has to roll old cached files out if they haven't been accessed for a while. Check out http://www.squid-cache.org/ for more info. -Original Message- From: Ryan L. Rodrigue [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 9:49 a.m. To: support@pfsense.com Subject: RE: [pfSense Support] Package Request - Cache Server ??? Alright. That was just how the guy explained it to me. It may not fetch anything automatically. I thought most of those web accelerators just droped the graphics. I don't know, i really never caught on to the Accelerator phase cause i already had a broadband connection when it came out and really didn't care. I know at the office we work at 80% of our employees go to the same website over and over every day. It has alot of graphics they see over and over, so a cache server would help to relieve some of our internet connection. Can anyone give me some more info on squid. I have never heard of this. -Original Message- From: Craig FALCONER [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 28, 2006 4:11 PM To: support@pfsense.com Subject: RE: [pfSense Support] Package Request - Cache Server ??? And I have to wonder if proactive caching saves anything other than time. I remember those download accelerators that would pre-download every link on the current web page, but those were really only useful in a time-charged situation. The main difference between squid and Ryan's description is updates every hour I know of no current web cache that fetches/updates content just in case its needed. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 8:56 a.m. To: support@pfsense.com Subject: Re: [pfSense Support] Package Request - Cache Server ??? On 6/28/06, Ryan L. Rodrigue [EMAIL PROTECTED] wrote: I don't know if this is possibe, but I was in a guy's office and he had a Computer rack mounted that he said was a cache server. I had never heard of such a thing, but he said it monitors what pages are frequently visited, download them, periodically checks for updates, and serves the cached pages to people on his network that request it. Example: Everyone's homepage in the office is http://www.google.com. It caches Google.com (Specially pics and stuff. Anytime a person opens there browser, it serves them the cached page and uses 0 internet bandwidth. and it checkes every hour for any changes. Squid? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] States Locking Up
Title: Message SNMP causes those spikes afaik. Disable it if you don't need it? -Original Message-From: Tim Dickson [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 10:28 a.m.To: support@pfsense.comSubject: RE: [pfSense Support] States Locking UpOK, so it's been a day with my state table at 20,000. RAM is at 20% and CPU time averages around 8%It is still locking up, but browsing around I have come across something that may help. On the RRD Graphs I had noticed before it seemed traffic peaked when the lock ups occured... but not always. I then went to the Graph "packets" and EVERY time the states lock the packets jump up to 2.0k up and 4.0k down. Once I reset the states the packets will go back to a normal state.So far today (looking at the RRD graph for today) I can see 15 spikes for the last 24 hours. The Greatest time between was 4 hours from 00:00 to 04:30. Hope this helps! I'm thinking of redoing the config from scratch, but I have a lot of virtual IP and 1:1 mappings that I will loose. If I backup, I'm afraid that whatever is causing this will return. Give me your thoughts on this. Thanks!-TimOn Wed, 2006-06-28 at 01:18 +0200, Holger Bauer wrote: Normal should be fine. See what the changed state limit does first. Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2006 12:55 AM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up OK, I've changed my states to 20k What "Mode" should I be using? We are connected via a full T1 right now I have it set up for normal. Thanks! -Tim -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2006 3:09 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up As you're not hitting the maximum limit this should not be the issue but as you have lots of RAM you can boost this value up just to see if it makes any difference. Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2006 5:07 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up Should I set me state limit to 1000 or something? seems silly, but I'm willing to try anthing to get this to work. -tim -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 26, 2006 2:58 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up What is your state limit at systemadvanced and how many states do you hit when the problem occurs? Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Monday, June 26, 2006 7:39 PM To: support@pfsense.com Subject: [pfSense Support] States Locking Up I submitted to this list last week and am hoping I can hit some fresh brain cells this week :) I am having an issue with states locking up. This happens every half an hour or so (it's completely random... can go hours or minutes). When it happens if I reset states it clears up and all is well. Also while it happens if I ping google it will drop roughly 3 of every 4 packets sent. Most current connections will remain (like a dowload) but occasionally it will drop also. I'm running beta1RC1a on an AMD 2200 athlon XP with 2gig RAM and 30gb harddrive. I'm running in dual WAN with interface names WAN, LAN and GWAN, GLAN (xl driver) I have advanced outbound NAT enabled and I have Source subnet of LAN to WAN and source subnet GLAN to WAN. I then have rules for lan net to go out the WAN gateway and glan subnet out GWAN gateway. Am I doing something wrong here? basically I ALWAYS want LAN to go out WAN and GLAN to go out GWAN IP's are both Static for the WAN interfaces. Let me know if any more info is needed! -Tim Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
RE: [pfSense Support] States Locking Up
Title: Message Okay then - look at the states table when its not working, and see what the source/destination IP is. Go to that machine and unplug it from your network. Almost guarantee they have p2p software, or spyware, or whatever buzzword it is now. -Original Message-From: Tim Dickson [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 11:05 a.m.To: support@pfsense.comSubject: RE: [pfSense Support] States Locking UpIt's not start up spikes (those I know about)when these spikes occur 3 out of every 4 packets I send out drop until I reset my states.If I leave it alone eventually it will usually clear up, but it could take several minutes to an hour.-TimOn Thu, 2006-06-29 at 10:49 +1200, Craig FALCONER wrote: SNMP causes those spikes afaik. Disable it if you don't need it? -Original Message-From: Tim Dickson [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 June 2006 10:28 a.m.To: support@pfsense.comSubject: RE: [pfSense Support] States Locking Up OK, so it's been a day with my state table at 20,000. RAM is at 20% and CPU time averages around 8%It is still locking up, but browsing around I have come across something that may help. On the RRD Graphs I had noticed before it seemed traffic peaked when the lock ups occured... but not always. I then went to the Graph "packets" and EVERY time the states lock the packets jump up to 2.0k up and 4.0k down. Once I reset the states the packets will go back to a normal state.So far today (looking at the RRD graph for today) I can see 15 spikes for the last 24 hours. The Greatest time between was 4 hours from 00:00 to 04:30. Hope this helps! I'm thinking of redoing the config from scratch, but I have a lot of virtual IP and 1:1 mappings that I will loose. If I backup, I'm afraid that whatever is causing this will return. Give me your thoughts on this. Thanks!-TimOn Wed, 2006-06-28 at 01:18 +0200, Holger Bauer wrote: Normal should be fine. See what the changed state limit does first. Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 28, 2006 12:55 AM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up OK, I've changed my states to 20k What "Mode" should I be using? We are connected via a full T1 right now I have it set up for normal. Thanks! -Tim -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2006 3:09 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up As you're not hitting the maximum limit this should not be the issue but as you have lots of RAM you can boost this value up just to see if it makes any difference. Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 27, 2006 5:07 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up Should I set me state limit to 1000 or something? seems silly, but I'm willing to try anthing to get this to work. -tim -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED]] Sent: Monday, June 26, 2006 2:58 PM To: support@pfsense.com Subject: RE: [pfSense Support] States Locking Up What is your state limit at systemadvanced and how many states do you hit when the problem occurs? Holger -Original Message- From: Tim Dickson [mailto:[EMAIL PROTECTED]] Sent: Monday, June 26, 2006 7:39 PM To: support@pfsense.com Subject: [pfSense Support] States Locking Up I submitted to this list last week and am hoping I can hit some fresh brain cells this week :) I am having an issue with states locking up. This happens every half an hour or so (it's completely random... can go hours or minutes). When it happens if I reset states it clears up and all is well. Also while it happens if I ping google it will drop roughly 3 of every 4 packets sent. Most current connections will remain (like a dowload) but occasionally it will drop also. I'm running beta1RC1a on an AMD 2200 athlon XP with 2gig RAM and 30gb harddrive. I'm running in dual WAN with interface names WAN, LAN and GWAN, GLAN (xl driver) I have advanced outbound NAT enabled and I have Source subnet of LAN to WAN and source subnet GLAN to WAN. I then have rules for lan net to go out the WAN gateway and glan subnet out GWAN gateway. Am I doing something wrong here? basically I ALWAYS want LAN to go out WAN and GLAN to go out GWAN IP's are both Static for the WAN interfaces. Let me know if any more info is needed! -Tim Virus checked by
RE: [pfSense Support] Dual Wireless results for Bill M.
This is a guess - but maybe because both wireless cards are physically right beside each other maybe their aerials are crosstalking. Try moving the cards so they are in PCI slots as far apart as possible. If that doesn't help try a replacement aerial on a cable rather than a pencil aerial out the back of your NIC. This is what happens when 6 APs are all in the same room and arguing over channels. http://staff.avonside.school.nz/cf/lala-wireless.png Actual throughput was almost 0 because everything kept channel hopping to what looked clear. -Original Message- From: Jonathan Woodard [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 June 2006 7:26 p.m. To: support@pfsense.com Subject: [pfSense Support] Dual Wireless results for Bill M. I was testing a box with 2 wireless cards to try possible separate AP's in the same box and I promised I would give my results here. I have a test desktop and a test laptop. The desktop carries a b card while the laptop is g and both Pfsense cards are g Atheros cards (Dlink and Edimax). Under light load they seem to perform fine. However, I connected the desktop to the Dlink card and Dl'd a iso while just browsing with the laptop on the Edimax card. I began to notice pages would stall while loading and some would timeout alltogether. I didn't notice a problem with the iso downloading. I tried to put the dlink card on channel 1 and move the Edimax card to 11 but this was no help. It was suggested to try channel 1 6 as they interfere less but I haven't tested this yet, however, I do plan to. After seeing how things went last night unless more people can give me good success with this kind of setup I will probably not be putting this kind of setup into use anywhere. Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Alcatel switches and VLANs
pfSense is working great for me. I have a captive portal NIC in my firewall, which wors fine. I want to connect some spare wireless APs to the captive portal NIC. The hangup is that I only have a limited number of fibres between buildings, and they're all in use for a flat network. The main network has no managed switches. I have been donated three alcatel omnistack OS4024 switches which are managed and do VLANs. The gear that does the fibre is not VLAN aware. Is it possible to connect the alcatels together through the network so that the VLAN for guest wiureless cannot see the main network? like this? http://criggie.dyndns.org/crap/vlan.png The alcatel switches can be dedicated completely to the guest LAN/VLAN if necessary. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Wireless suggestions (dual wireless?)
From: Jonathan Woodard [mailto:[EMAIL PROTECTED] I wonder if there is some way in Pfsense to separate the 2 (public/private) on the one AP? I am thinking not since I want to secure one and not the other but I would just like verification on this. Not on the one wireless card - you would need two. This also allows you to use captive portal and/or traffic shaping on that interface. (someone will correct me if I'm wrong :) Can I install 2 supported wireless cards and separate them that way? This would be really cool since everything is still in the one box. I'd recommend an additional NIC, plugged into a separate switch/hub (doesn't need to be flash) and run a UTP cable off to each physical Access Point. POE is an option at this point too. How big is the space? Physical coverage might be an issue with one wireless NIC inside the server. On a semi-side note. Can anyone give me any experience on Pfsense as an AP? No - I used to use m0n0 as an AP, but it was only WEP and only 11 Mbit. Now I use linksys WRT54G as plain APs. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Traffic shaping / prioritisation
1 Mbit should be fine on the minimum spec box - a pentium with 128 Mb ram. More is good of course. -Original Message- From: Jack Pivac [mailto:[EMAIL PROTECTED] Sent: Wednesday, 7 June 2006 1:25 p.m. To: support@pfsense.com Subject: Re: [pfSense Support] Traffic shaping / prioritisation on 07/06/06 12:15 Scott Ullrich said the following: On 6/6/06, Jack Pivac [EMAIL PROTECTED] wrote: Hi All, Have a PFSense BETA4 box running here, working great normally apart from the bw sharing. 2 of us can be happily gaming playing world of warcraft, but if someone else comes along and does some heavy web browsing, or even downloading a file on a single http stream, then the games lag out and disconnect. Can anyone give me an idea why its not proritising the gaming traffic properly... and not handling the load? We have fixed many bugs in the traffic shaper since beta 4. If this is a full installation then please run this from the console option 8: cvs_sync.sh releng_1 Then rerun the traffic shaping wizard. Be sure to select select the p2p Catch all option and lower or raise applications on the Raise or lower other Applications screen. Scott Will give that a go when i can find a spare keyboard :P But quick question - Whats the reccommended minimum system specs for a 1mbit connection sharing up to 5 (and 20 if its different) people? Cheers, -- Jack Pivac Delphinus Technology http://www.delphinus.co.nz/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]