[pfSense Support] pptp lan address
In the monowall docs on pptp it suggests that you can assign a range of ip addresses to the pptp clients that is not part of the lan ip network range, however if you do this that you can’t route the address range to the wan – is there a way around this – i.e can you put this range into the static routes and add whatever rules are required? (Reason being – historically the lan address range I have inherited is 192.168.0.0/24 which I know is going to conflict with every 2nd xp client user’s home broadband home la nip address range.) TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
[pfSense Support] Linux -> pfsense questions
I have in the past used iptables on Debian. I have recently aquired a wrap with pfsense on it. Just trying to come to terms with the differences. So if someone could help with some answers to questions I haven’t been able to glean from the docs (references to parts of the docs with relevant info also appreciated): Are there any example rule sets for a standard type firewall without the default rule that allows all lan sourced traffic (if there is such a thing) for a wan, lan and dmz type firewall? iptables tracks the attributes new, established and related in relation to connections – does pfsense do this “automatically”? I only had a brief look at pf documentation as it was at the command line level and I couldn’t map to the GUI rules – is it worth while going back to the pf docs which leads on to the next question what are the defaults built in to pfsense? Related to the first question – do you need a rule to allow return traffic from an established connection? TIA Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
RE: [pfSense Support] Linux -> pfsense questions
Thanks for the info - the /tmp/rules.debug does help to understand what's happening. Here's a bit of information on related: RELATED packets are similar to ESTABLISHED packets, but something is different. These are packets that are related to an established connection, but are not part of the connection. So far, the only confirmed use of RELATED I've seen has to do with FTP and ICMP, and then only in conjunction with ESTABLISHED for FTP. So the way I will approach it is open a port for servers on the wan interface on the dmz or lan interface. And open ports on the lan interface for proxy servers, DNS and smtp on the lan interface. From what you've said - the established traffic - i.e. answering/replying traffic will be passed. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, 2 July 2006 11:45 PM To: support@pfsense.com Subject: Re: [pfSense Support] Linux -> pfsense questions On 7/2/06, Craig Silva <[EMAIL PROTECTED]> wrote: > Are there any example rule sets for a standard type firewall without the > default rule that allows all lan sourced traffic (if there is such a thing) > for a wan, lan and dmz type firewall? That's certainly something we'd hoped people would do :) At this time, I'm not aware of any example rulesets. > iptables tracks the attributes new, established and related in relation to > connections - does pfsense do this "automatically"? I'm not sure what "related" does, but we certainly do keep state on traffic. A state entry is created for the SYN in a tcp packet that is allowed, all further packets in that flow are passed if they follow the RFCs and don't muck with sequence numbers, window sizes...etc > I only had a brief look at pf documentation as it was at the command line > level and I couldn't map to the GUI rules - is it worth while going back to > the pf docs which leads on to the next question > what are the defaults built in to pfsense? The rules are in /tmp/rules.debug - there's a large number of system generated rules, but you can see the set options we use and the user generated rules towards the bottom of the ruleset. > Related to the first question - do you need a rule to allow return traffic > from an established connection? Nope...state tables keep track of it all :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pptp lan address
Thanks for this - I now realize that I don't need to route traffic from the pptp clients to the lan - now I just need to understand how to route traffic to the server pptp address. i.e. to get to the pptp clients do I route to the pptp client subnet through the lan interface? (This doesn't seem to be working if that is the case. i.e. client subnet 192.168.58.16/28, lan interface 192.168.0.5 so route add 192.168.58.16/28 via 192.168.0.5 ???) Craig From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Sunday, 2 July 2006 11:13 PM To: support@pfsense.com Subject: RE: [pfSense Support] pptp lan address You can have the pptp users in a seperate subnet but it won't solve your conflict as you then would still have the lan client in the same subnet and the remote destination you now have to route to still will conflict. You can't add a route to a remote subnet that is identical with your local subnet. I guess you simply need to change your 192.168.0.0/24 to something more uncommon. Holger -Original Message----- From: Craig Silva [mailto:[EMAIL PROTECTED] Sent: Sunday, July 02, 2006 1:47 PM To: support@pfsense.com Subject: [pfSense Support] pptp lan address In the monowall docs on pptp it suggests that you can assign a range of ip addresses to the pptp clients that is not part of the lan ip network range, however if you do this that you cant route the address range to the wan is there a way around this i.e can you put this range into the static routes and add whatever rules are required? (Reason being historically the lan address range I have inherited is 192.168.0.0/24 which I know is going to conflict with every 2nd xp client users home broadband home la nip address range.) TIA Craig ------ Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pptp lan address
Thanks Holger - I probably didn't express my question very well. How do network hosts on the LAN subnet know about the pptp virtual lan subnet - does the lan interface do proxy arp automatically or does it act as a gateway to the pptp virtual lan - i.e. I am trying to ping another host on the lan network from a pptp client that has connected to the pfsense - how does the remote lan host know where the pptp virtual lan is? Craig -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 4 July 2006 6:56 AM To: support@pfsense.com Subject: RE: [pfSense Support] pptp lan address You don't need any rules at the pfSense for subnets that the pfSense directly sees at it's interfaces. You only might need routes at other gateways that are in the network so they find their way to the pptp users. Also if your pptp subnet is different from your pfSense LAN subnet the clients need "use default gateway of remote network" checked (default when configuring a pptp connection with windows clients). Holger > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Monday, July 03, 2006 3:27 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp lan address > > > Thanks for this - I now realize that I don't need to route > traffic from the > pptp clients to the lan - now I just need to understand how > to route traffic > to the server pptp address. > > i.e. to get to the pptp clients do I route to the pptp client > subnet through > the lan interface? (This doesn't seem to be working if that > is the case. > i.e. client subnet 192.168.58.16/28, lan interface > 192.168.0.5 so route add > 192.168.58.16/28 via 192.168.0.5 ???) > > Craig > > > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Sunday, 2 July 2006 11:13 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp lan address > > You can have the pptp users in a seperate subnet but it won't > solve your > conflict as you then would still have the lan client in the > same subnet and > the remote destination you now have to route to still will > conflict. You > can't add a route to a remote subnet that is identical with your local > subnet. I guess you simply need to change your 192.168.0.0/24 > to something > more uncommon. > > Holger > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 02, 2006 1:47 PM > To: support@pfsense.com > Subject: [pfSense Support] pptp lan address > In the monowall docs on pptp it suggests that you can assign > a range of ip > addresses to the pptp clients that is not part of the lan ip > network range, > however if you do this that you can't route the address range > to the wan - > is there a way around this - i.e can you put this range into > the static > routes and add whatever rules are required? > > (Reason being - historically the lan address range I have inherited is > 192.168.0.0/24 which I know is going to conflict with every > 2nd xp client > user's home broadband home la nip address range.) > > TIA > > Craig > > > > -- > Craig Silva. IT Manager. > ABX Logistics, Australia. > http://www.abxlogistics.com.au > 9 Trade Park Dve. Tullamarine. Vic. 3043 > Tel: +61 3 9 335 8250, Mob: 0408408748 > email: [EMAIL PROTECTED] > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pptp lan address
Thanks for this - it was a rules problem in the end. I can get to the pptp clients by routing traffic to the lan interface. -Original Message- From: Ryan L. Rodrigue [mailto:[EMAIL PROTECTED] Sent: Wednesday, 5 July 2006 10:28 PM To: support@pfsense.com Subject: RE: [pfSense Support] pptp lan address It doesn't. All it knows is where its Default gateway (router) is. The router knows the route to the PPTP. All A host on any network knows is where the devices are on its own subnet. It then forwards anything not on its own subnet to the router, which in turn passes it on where it needs to go. I hope this helps. >Ryan "I at first you don't succeed, sky-diving probably isn't for you." -Original Message- From: Craig Silva [mailto:[EMAIL PROTECTED] Sent: Monday, July 03, 2006 5:24 PM To: support@pfsense.com Subject: RE: [pfSense Support] pptp lan address Thanks Holger - I probably didn't express my question very well. How do network hosts on the LAN subnet know about the pptp virtual lan subnet - does the lan interface do proxy arp automatically or does it act as a gateway to the pptp virtual lan - i.e. I am trying to ping another host on the lan network from a pptp client that has connected to the pfsense - how does the remote lan host know where the pptp virtual lan is? Craig -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 4 July 2006 6:56 AM To: support@pfsense.com Subject: RE: [pfSense Support] pptp lan address You don't need any rules at the pfSense for subnets that the pfSense directly sees at it's interfaces. You only might need routes at other gateways that are in the network so they find their way to the pptp users. Also if your pptp subnet is different from your pfSense LAN subnet the clients need "use default gateway of remote network" checked (default when configuring a pptp connection with windows clients). Holger > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Monday, July 03, 2006 3:27 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp lan address > > > Thanks for this - I now realize that I don't need to route > traffic from the > pptp clients to the lan - now I just need to understand how > to route traffic > to the server pptp address. > > i.e. to get to the pptp clients do I route to the pptp client > subnet through > the lan interface? (This doesn't seem to be working if that > is the case. > i.e. client subnet 192.168.58.16/28, lan interface > 192.168.0.5 so route add > 192.168.58.16/28 via 192.168.0.5 ???) > > Craig > > > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Sunday, 2 July 2006 11:13 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp lan address > > You can have the pptp users in a seperate subnet but it won't > solve your > conflict as you then would still have the lan client in the > same subnet and > the remote destination you now have to route to still will > conflict. You > can't add a route to a remote subnet that is identical with your local > subnet. I guess you simply need to change your 192.168.0.0/24 > to something > more uncommon. > > Holger > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Sunday, July 02, 2006 1:47 PM > To: support@pfsense.com > Subject: [pfSense Support] pptp lan address > In the monowall docs on pptp it suggests that you can assign > a range of ip > addresses to the pptp clients that is not part of the lan ip > network range, > however if you do this that you can't route the address range > to the wan - > is there a way around this - i.e can you put this range into > the static > routes and add whatever rules are required? > > (Reason being - historically the lan address range I have inherited is > 192.168.0.0/24 which I know is going to conflict with every > 2nd xp client > user's home broadband home la nip address range.) > > TIA > > Craig > > > > -- > Craig Silva. IT Manager. > ABX Logistics, Australia. > http://www.abxlogistics.com.au > 9 Trade Park Dve. Tullamarine. Vic. 3043 > Tel: +61 3 9 335 8250, Mob: 0408408748 > email: [EMAIL PROTECTED] > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL
[pfSense Support] pptp address allocation
In the config for a user with pptp there is the option to allocate a specific ip address. I’ve done this but given I allocated the first one in the range notice that it is provided to other users as well. How do you configure it so that a specific user gets only that one address and its not allocated to anyone else? Tia -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
RE: [pfSense Support] RC2 ?
I notice that the date on the embedded rc2 image available on the mirrors changes regularly - does this mean that it incorporates released patches or should I follow the procedure outlined below to get to the most correct/fixed release? -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 15 August 2006 12:54 PM To: support@pfsense.com Subject: RE: [pfSense Support] RC2 ? run "fetch -q -o http://www.pfsense.com/~sullrich/update_to_rc2a.sh | sh -" from a shell. You need to do that in alphabetical order (a,b,c,..) as these are incremental updates (don't worrys, it will check for the installed version; you can't destroy anything). These patches work for embedded and full installs as well. Holger -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 15, 2006 1:39 AM To: support@pfsense.com Subject: [pfSense Support] RC2 ? Just a quick question about the RC2a,b,c,d,e.tgz files ... should we be applying these to an existing RC2 install, and if so what is the preferred method of applying these patches? -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] RC2 ?
I can now answer my own question - no - the embedded image download from the mirrors does not get updated with the latest fix/patch. I've just been through a process of updating on a wrap and the easy way was to upload the update_to_rc2x.sh shell scripts using the web interface and then using the serial console to run these files. My experience was that attempting to run the shell scripts using the command prompt on the diagnostics menu was no good even once I had worked out that the command should be sh /tmp/update_to_rc2x.sh - just got no response. So my question is - can I get a shell remotely that will run these scripts or does it have to be through the serial console (i.e. am I missing something?) Reason being is that I want to deploy a few wraps in other cities and want to assure myself that I can patch them remotely. -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 15 August 2006 12:54 PM To: support@pfsense.com Subject: RE: [pfSense Support] RC2 ? run "fetch -q -o http://www.pfsense.com/~sullrich/update_to_rc2a.sh | sh -" from a shell. You need to do that in alphabetical order (a,b,c,..) as these are incremental updates (don't worrys, it will check for the installed version; you can't destroy anything). These patches work for embedded and full installs as well. Holger -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 15, 2006 1:39 AM To: support@pfsense.com Subject: [pfSense Support] RC2 ? Just a quick question about the RC2a,b,c,d,e.tgz files ... should we be applying these to an existing RC2 install, and if so what is the preferred method of applying these patches? -- David L. Strout Engineering Systems Plus, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pptp address allocation
I tried assigning an ip outside the pool but then routing to this address didn't work. How might I get routing to this new ip address? Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Thursday, 17 August 2006 11:53 AM To: support@pfsense.com Subject: RE: [pfSense Support] pptp address allocation Either assign this user an IP outside the pool or assign all users specific IPs so the pool won't be used. Holger -Original Message----- From: Craig Silva [mailto:[EMAIL PROTECTED] Sent: Thursday, August 17, 2006 3:42 AM To: support@pfsense.com Subject: [pfSense Support] pptp address allocation In the config for a user with pptp there is the option to allocate a specific ip address. I've done this but given I allocated the first one in the range notice that it is provided to other users as well. How do you configure it so that a specific user gets only that one address and its not allocated to anyone else? Tia ------ Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pptp address allocation
I wanted to set it up as a separate subnet so its not part of the LAN -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, 22 August 2006 8:57 PM To: support@pfsense.com Subject: RE: [pfSense Support] pptp address allocation Is your PPTP subnet part of your LAN or is it a seperate subnet? In case it is part of your LAN there should not be a problem. Holger > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 22, 2006 12:02 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp address allocation > > > I tried assigning an ip outside the pool but then routing to > this address > didn't work. > > How might I get routing to this new ip address? > > Craig > > -- > Craig Silva. IT Manager. > ABX Logistics, Australia. > http://www.abxlogistics.com.au > 9 Trade Park Dve. Tullamarine. Vic. 3043 > Tel: +61 3 9 335 8250, Mob: 0408408748 > email: [EMAIL PROTECTED] > -Original Message- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Thursday, 17 August 2006 11:53 AM > To: support@pfsense.com > Subject: RE: [pfSense Support] pptp address allocation > > Either assign this user an IP outside the pool or assign all > users specific > IPs so the pool won't be used. > > Holger > > -Original Message- > From: Craig Silva [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 17, 2006 3:42 AM > To: support@pfsense.com > Subject: [pfSense Support] pptp address allocation > > > In the config for a user with pptp there is the option to allocate a > specific ip address. I've done this but given I allocated the > first one in > the range notice that it is provided to other users as well. > > How do you configure it so that a specific user gets only > that one address > and its not allocated to anyone else? > > Tia > > -- > Craig Silva. IT Manager. > ABX Logistics, Australia. > http://www.abxlogistics.com.au > 9 Trade Park Dve. Tullamarine. Vic. 3043 > Tel: +61 3 9 335 8250, Mob: 0408408748 > email: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] version
Hi - just put rc3 on another wrap. Given its not in production thought I would try the firmware option. Uploaded a, b and c updates and each time the system rebooted, however the web gui doesn’t show the revision as did RC2 (i.e. RC2f) Either its not doing that this time or uploading these files through the gui is a waste of time and I should do it through the shell. Is there a way of determining the update revision level from the shell? Also what is the mini-embedded update? -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
[pfSense Support] router?
I am contemplating utilizing pfsense on a wrap as an internal routing solution for our private IP WAN. On the wrap its reliable – no moving parts and the GUI is pretty good. (I must be getting old – firewall batch files with arcane sequences of commands just aren’t as riveting as they once were) Anyway my question is if I turn off the firewall filtering and let rfc 1918 addresses through the wan, can I still use the GUI to do traffic shaping? Any opinions on turning off the firewall option gratefully received as I I have an inclination to leave things be and just let the rfc 1918 addresses through with the wan interface pointing to the branch lan (lan interface pointing across the WAN) but not sure which would be better for traffic shaping and management. Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
[pfSense Support] sylog through wan interface
I’m having some difficulty forwarding syslog to a remote computer through the wan interface. I am using advanced nat with the rules turned off as its an internal router. Not sure how to put a rule in for traffic coming from the router itself or is it something else I’ve got wrong. Thanks Craig -- Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED]
[pfSense Support] mini update
Hi - couldn't find any info on this in the wiki or whatever so here goes. Luckily I have a test wrap so I though t I would try the firmware update option with the mini embedded update to see what mileage I got - previously I have reflashed a new release. I started off with with RC3 and progressibvely added the updates and this part worked great. I then uploaded the mini update for release 1.0 and the update succeeded however the console feeds back that the webconfigurator fails to start and there is no response from the wrap after bootup complete from the console however it does echo a ping. Anyway - this is just a report back - and a query - is there a plan to fix the mini update or will it be a reflash - I have an RC3 in Perth (I'm in Melbourne). Craig ------ Craig Silva. IT Manager. ABX Logistics, Australia. http://www.abxlogistics.com.au 9 Trade Park Dve. Tullamarine. Vic. 3043 Tel: +61 3 9 335 8250, Mob: 0408408748 email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] FTP and Loadbalancer
Just a point of clarification - I take it that you mean that load balancing and ftp proxy will not be supported together, not that both will not be supported? > Sorry but load balancing and FTP will not be possible with version > 1.0. And most likely not even with future versions. Just too many > issues with the FTP Proxy userland helper. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] wireless ap config?
Just looking for confirmation / ideas on how to proced - I have a spare wrap 1-2 with three nics and a cm9 wireless card. This is actually a testing/hardware spare for our main firewall router and I have a spare flash card with that config available, but in the meantime I want to use this hardware as a wireless access point with authentication to a radius server. At the moment my plan is to bridge to the lan interface and not configure the wan interface with an ip - enable bridge packet filtering in advance and just do static routing - setting up wireless authentication through radius. I'm assuming that by bridging I can utilise the dhcp server that is accessible on the lan. That's the initial plan anyway I'ld appreciate any thoughts Craig -- ------ Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCP on bridged wireless interface
Just wondering whether anyone can tell me if a remote dhcp server on the lan interface can provide dhcp services to a wireless optional interface bridged to the lan interface and if so whether you have to enable dhcp relay or simply ensure that a rule applies to let dhcp traffic through? -- -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] AP authentication documentation
Is there any documentation available on wireless ap authentication and whether radius can be used for authentication.? -- -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] dhcp on pptp settings?
Can you enable the netbios node type setting on the pptp dhcp settings? I'm trying vista and its a little less compliant with file sharing through pptp. -- -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] routing from pptp to ipsec interface
I sort of have a feeling that this is not possible but am asking the question anyway - I have users who attach via pptp to a pfsense box and this same box has an ipsec tunnel on it. Anyway to route between the two? Craig -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] problems with hardware switch - wrap - alix
Recently acquired an Alix 2-3 as an upgrade to a wrap. Burned the image onto a flash card and the system booted fine - allocated the interfaces and then uploaded the backup from the wrap. At first everything looked good but if I try to do a quick swap i.e. have the new system loaded and waiting with a different lan interface ip and then quickly swap the cables to the DMZ (opt1)and WAN and change the LAN interface to the old ip address I have problems with the internet - I can see http requests going out from my squid proxy but being blocked on the way back in. Similarly for email. This is a preliminary query in case anyone can quickly point to something I don't know or have forgotten that will help with this problem. To date I've been trying to swap it out quickly but have to retreat after five minutes or so as the system is in production so I haven't been able to analyse the results as thoroughly as I would like - I'm going to allocate an hour's downtime tonight to have a better go at it, but a quick fix would be great. Craig ------ Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] rule numbers
I'm looking at my logs trying to work out which rule number 262 is? is there a way or relating the log entry to the actual rule in either the webgui or shell? Craig -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] rule numbers
thanks for that but I'm look at logs on a syslog server -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au >>> sai <[EMAIL PROTECTED]> 23/06/2008 2:46 pm >>> if you add descriptions to the rules, the text of the description comes up in the popup window when you click on the pass/block icon. sai On 6/22/08, Craig Silva <[EMAIL PROTECTED]> wrote: > I'm looking at my logs trying to work out which rule number 262 is? > > is there a way or relating the log entry to the actual rule in either the > webgui or shell? > > Craig > > ------ > Craig Silva, IT Manager, ABX Logistics (Aust.) P/L > 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia > Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 > Email: [EMAIL PROTECTED] > Web: http://www.abxlogistics.com.au > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] port forwarding from lan to wan?
Because I want to have traffic shaping across our wan I want to set up a pfsense box with filtering turned on even though its really only routing. In this context I want to port forward port 25 to a particular server as the CEO utilises a mail server that's outside our network but as long as we relay for his address it doesn't matter and then we don't have to mess around with his mail config. Anyway - are there any likely probs with this? Craig ------ Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] port forwarding from lan to wan?
Its a good idea - I'll have a look at it. -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au >>> Paul Mansfield <[EMAIL PROTECTED]> 23/06/2008 7:28 pm >>> Craig Silva wrote: > In this context I want to port forward port 25 to a particular server as the > CEO utilises a mail server that's outside our network but as long as we relay > for his address it doesn't matter and then we don't have to mess around with > his mail config. could you not simply hijack the DNS for that hostname so that it resolves to a mail server of your choice? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Full install for 1.2.1-RC1 embedded?
Having a look at 1.2.1 but can't see a full install for embedded 9maybe I'm blind) - only an update for RC1 - last time I tried to update it failed, so had to revert to 1.2 release. be nice to try it if its available. Craig ------ Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au ( http://www.abxlogistics.com.au/ )
Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?
Will have a look but trying to install onto wrap so the only way I know how to do this is to flash an image -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au ( http://www.abxlogistics.com.au/ ) >>> "Chris Buechler" <[EMAIL PROTECTED]> 29/10/2008 1:25 pm >>> On Tue, Oct 28, 2008 at 10:16 PM, Craig Silva <[EMAIL PROTECTED]> wrote: > Having a look at 1.2.1 but can't see a full install for embedded 9maybe I'm > blind) - only an update for RC1 - last time I tried to update it failed, so > had to revert to 1.2 release. > There isn't a different full install for embedded, just take the live CD and install, select the embedded kernel. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?
So as I don't waste your time - any docs or forum discussions on this? -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au ( http://www.abxlogistics.com.au/ ) >>> "Chris Buechler" <[EMAIL PROTECTED]> 29/10/2008 1:36 pm >>> On Tue, Oct 28, 2008 at 10:29 PM, Craig Silva <[EMAIL PROTECTED]> wrote: > Will have a look but trying to install onto wrap so the only way I know how > to do this is to flash an image > Use VMware and USB redirection, CF then shows up as a hard drive. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?
To answer my own question - yes there are docs on this - http://devwiki.pfsense.org/FullInstallOnWRAP What I really wanted to ask was - how can I create an embedded image to put onto a flash card (as opposed to a micro drive) utilizing the embedded update? Craig -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au ( http://www.abxlogistics.com.au/ ) >>> "Craig Silva" <[EMAIL PROTECTED]> 29/10/2008 1:52 pm >>> So as I don't waste your time - any docs or forum discussions on this? >>> "Chris Buechler" <[EMAIL PROTECTED]> 29/10/2008 1:36 pm >>> On Tue, Oct 28, 2008 at 10:29 PM, Craig Silva <[EMAIL PROTECTED]> wrote: > Will have a look but trying to install onto wrap so the only way I know how > to do this is to flash an image > Use VMware and USB redirection, CF then shows up as a hard drive. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?
thanks - sometimes the obvious isn't -- Craig Silva, IT Manager, ABX Logistics (Aust.) P/L 9 Trade Park Dve. Tullamarine. Melbourne. vic. 3043 Australia Tel: + 61 3 9 335 8250, Fax: +61 3 9 335 2714, Mob: 0408408748 Email: [EMAIL PROTECTED] Web: http://www.abxlogistics.com.au ( http://www.abxlogistics.com.au/ ) >>> "Vick Khera" <[EMAIL PROTECTED]> 29/10/2008 3:13 pm >>> On Tue, Oct 28, 2008 at 11:25 PM, Craig Silva <[EMAIL PROTECTED]> wrote: > To answer my own question - yes there are docs on this - > http://devwiki.pfsense.org/FullInstallOnWRAP > > What I really wanted to ask was - how can I create an embedded image to put > onto a flash card (as opposed to a micro drive) utilizing the embedded > update? Umm, you don't? You download the pfsense-MMDD-HHMM.img file and dd that to your flash. You'll end up with something newer than RC1, but that's a good thing, IMO. That's what I did on my last re-flash on 9/26. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
