Re: [pfSense Support] Output (mwatt) of a minipci wireless card
Hi, I'm sorry but you guys need to read up on wireless. 1: Wireless output power has "nothing" to do with the range. If the receiving end uses a high performance antenna they can both talk and listen to your AP many miles away. 2. High power cards only gives you more noise. Stick to a cm-9 type card with high RX sensitivity. That will give you much better results. You can not restrict the range of wireless buy lowering the output RX power. Radio lan can not be restricted this way. It's a 2way communication, so anyone with a high gain antenna can both talk and listen to a low powered AP. Range for a 100mw card with a 32dbi directional antenna at NLOS is about 120KM so if you guys think that restricting the TX power is going to keep you safe from the next door internet café, then you are very much mistaken. Cheers and good night. -lsf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Traffic shaping. Parent Queue
A little more info please.
Version: ?
Did you set up defaults with the wizard ?
-lsf
From: Audun Brekke
[mailto:[EMAIL PROTECTED]
Sent: 29. september 2005 23:57
To: support@pfsense.com
Subject: [pfSense Support] Traffic
shaping. Parent Queue
There seems to be an error in the traffic shaping.
When I set the queues manually it is not possible to
set the parent queue.
I can set the queue to be parent in the webui, but
the queue don’t seem to be updated.
I get an error like:
php: : There were error(s) loading the rules:
/tmp/rules.debug:16: queue MaxDownload has no parent /tmp/rules.debug:16:
errors in queue definition /tmp/rules.debug:17: queue MaxUpload has no parent
/tmp/rules.debug:17: errors in queue definition pfctl: Syntax error in config
file: pf rules not loaded - The line in question reads [16]: queue MaxDownload
bandwidth 4100Kb cbq
There is no change in the config file if I set or
unset the “this is the parent queue” in the webui.
I line like this shoud be added in the config files
when the “this is the parent queue” is selected
altq on xl0 cbq queue { MaxDownload }
-Audum-
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29.09.2005
RE: [pfSense Support] Network Device pooling
Hi Peter, I have seen you have done a lot of testing with apache benchmarking. I find it a little strange to use this as a test. Basically you will hit the roof of standing I/O operations because you introduce latency with pfsense. The lower the latency the more finished tasks/connections per time unit. Most people don't take this into consideration when they tune apache. Although, this is one of the most important aspects of web-server tuning. This is the scenario: Client with low BW and high latency will generate a standing I/O because of the way apache is designed. So if a client with 100ms latency asks for a file of 100Kbyte and he has a 3KB/s transfer rate he will generate a standing I/O operation for "latency + transfer time", and the I/O operation will not be finished until he has a completed transfer. So basically you do the same, because you change the amount of time the request takes to process you will have more standing I/O operations then if pfsense does routing only (faster then routing and filtering). So lets say that you increase latency from 0.4 ms to 2 ms it will mean that you have standing I/O 250% longer. So in turn that will mean that your ability to serve connections will be 1/5 with 2ms compared to 0.4 ms latency. I hope this explains better the behavior you see. As for device polling there are some sysctls that controls polling behavior sysctl kern.polling. will list them. The ones listed below seems to be the once that has the most effect on polling and performance. You will have to play around with these settings to find out what works best on your HW, as I can't seem to find some common setting that works well for all kinds of HW. kern.polling.each_burst=80 kern.polling.burst_max=1000 kern.polling.user_frac=50 The info/documentation on these settings seems limited so you should do some creative google searching to find out more. -lsf -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: 30. oktober 2005 05:35 To: support@pfsense.com Subject: [pfSense Support] Network Device pooling Hi, Tested this feature to see if it helps me with apache benchmark problem - no it does not . Also it looks like it is firewall related issue as if firewall is totally disabled (pf fails to load rules) everything works as expected. Speaking about Network pooling - in my case it increased packet round trip (2 Gbit Nicks) from 0.4 ms to 2ms. At the same time it well decreased CPU usage during the tests so this is something to consider if CPU performance ever becomes the problem. On other hand I was a bit surprised - according to vmstat number of interrupts even on idle box jumped to some 30.000/sec (from some 150 without this option set) I guess these are timer interrupts are used for pooling, so why they are pooled about 1000 times per second if we get so many timer interrupts ? One more thing to note: system needs to be restarted for this option to take an affect, however it does not say so anywhere. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Empty LAN IP is broken once again
Hi Peter, I'm sorry, but I for one have had quite enough emails from you by now. You have clearly demonstrated that you do not understand enough about firewalls, filtering, BSD etc. to use pfSense in it's current state. And I have more then enough emails to read without this mailing list getting filled up with unneeded info. It seems some devs has already tried to nicely inform you that you are somewhat on the wrong track here. Like comparing a i386 generic OS and HW, with a Cisco PIIX, I mean come on, what on earth are you thinking ? A OS created to do routing and packet filtering running with ASICs is not comparable to FreeBSD on I386 at all. I mean a Junpier M40 might have a PII 233Mhz processor and 256 MB RAM. It does 40 million pps +++. So then I guess FreeBSD running on a 500Mhz with 512MB ram should handle twice as much ?!? Junos is even derived from freebsd so it _MUST_ be somewhat the same :p Seriously, you have clearly demonstrated that you do not have a clue about what your doing, even suggesting to put the same IP on two interfaces clearly shows me that you do not know the first thing about how things works. Even thinking about using pfsense in a datacenter to protect your boxes with your kind of knowledge is at best a BAD move. Now please sit down and read up on routing, TCP/IP and BSD in general. Then learn how the things work from sitting in your own LAB and test things (not with ab btw.). Then put what you have learned to good use (and NO, that does not mean writing another 60 emails to this list). That means test, and figure out the problem, and give us a fix/patch. Or at least a detailed description of the problem, and how to repeat it. We already know that there are many bugs in the system and that performance is not close to what it can be. But the goal for 1.0 is to have something that works and gives users a nice SOHO firewall solution. It's not to give you a system so that you can sell your [insert project] with a minimal cost. Also remember this, each email you send to this list steals x minutes of time from each developer. So your 60 plus emails has probably consumed at least 300 minutes times 10 from the developers of this project. That amounts to 3000 minutes, and each dev might have as much as 4-6 hours after a days work, that is spent on this project. Now find your calc and see how many days of development time you have "wasted". Now, feel free to contribute. And if you can't do it with code or usefull testing, do it with HW or documentation. -lsf -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: 31. oktober 2005 23:57 To: support@pfsense.com Subject: Re: [pfSense Support] Empty LAN IP is broken once again On Mon, 2005-10-31 at 17:51 -0500, Scott Ullrich wrote: > After all of the problems from the last couple days its obvious that > an IP address is required on the LAN interface so I have reinstalled > the code that prevents someone from not entering an IP address. The > shaper is another area that gets broken by this careless move on my > part. Heh. So we're back dead in a water. IP is required. The same IP as on WAN leads to trouble. Fake IP leads to less trouble but still some stuff does not work this way > > Scott > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > Hi, > > > > It looks like there is some newly added bug in 0.90 with empty LAN > > address (WAN bridging) > > > > # FTP proxy > > rdr-anchor "pftpx/*" > > rdr on em1 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 > > > > > > pass in on em1 proto tcp from /29 to any port 5900:5930 keep state tag > > qOthersDownH > > pass out on em0 proto tcp from any to any port 5900:5930 keep state > > tag qOthersUpH > > pass in on em0 proto tcp from any to /29 port 5900:5930 keep state tag > > qOthersUpH > > pass out on em1 proto tcp from any to /29 port 5900:5930 keep state > > tag qOthersDownH > > > > > > I guess this is part of traffic shaper. > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Re: Trouble installing to Dell PowerEdge 850
Have you tried to change the modes of the controller in BIOS ? Like native vs. legacy mode and RAID mode vs. SATA mode etc ? The ICH7 support of FreeBSD might also be to blame. I'm not sure how good it is atm. -lsf -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Lynn A. Roth Sent: 1. november 2005 21:12 To: support@pfsense.com Subject: [pfSense Support] Re: Trouble installing to Dell PowerEdge 850 Here is dmesg -a after booting verbose. The drive is connected to Channel 0 on the SATA controller. Lynn P: ID: 0x VER: 0x00050014 LDR: 0x0100 DFR: 0x0fff lint0: 0x00010700 lint1: 0x0400 TPR: 0x SVR: 0x01ff timer: 0x000100ef therm: 0x0001 err: 0x0001 pcm: 0x0001 crypto: ath_rate: version 1.2 wlan: <802.11 MAC ACL support> wlan: mac acl policy registered wlan: <802.11 Link Layer> mem: Pentium Pro MTRR support enabled nfslock: pseudo-device null: io: random: ath_hal: 0.9.16.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413, DFS) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: [MPSAFE] pci_open(1):mode 1 addr port (0x0cf8) is 0x8090 pci_open(1a): mode1res=0x8000 (0x8000) pci_cfgcheck: device 0 [class=06] [hdr=00] is there (id=27788086) pcibios: BIOS version 2.10 Found $PIR table, 9 entries at 0xc00fb840 PCI-Only Interrupts: none Location Bus Device Pin Link IRQs embedded01A 0x60 3 4 5 6 10 11 14 15 embedded0 29A 0x68 3 4 5 6 10 11 14 15 embedded0 29B 0x69 3 4 5 6 10 11 14 15 embedded0 29C 0x6a 3 4 5 6 10 11 14 15 embedded0 29D 0x6b 3 4 5 6 10 11 14 15 embedded0 28A 0x69 3 4 5 6 10 11 14 15 embedded0 28B 0x6a 3 4 5 6 10 11 14 15 embedded0 28C 0x6b 3 4 5 6 10 11 14 15 embedded0 28D 0x63 3 4 5 6 10 11 14 15 embedded0 31A 0x60 3 4 5 6 10 11 14 15 embedded0 31B 0x62 3 4 5 6 10 11 14 15 embedded0 31C 0x68 3 4 5 6 10 11 14 15 embedded0 31D 0x63 3 4 5 6 10 11 14 15 embedded50A 0x60 3 4 5 6 10 11 14 15 embedded50B 0x61 3 4 5 6 10 11 14 15 embedded50C 0x62 3 4 5 6 10 11 14 15 embedded50D 0x63 3 4 5 6 10 11 14 15 embedded60A 0x61 3 4 5 6 10 11 14 15 embedded60B 0x62 3 4 5 6 10 11 14 15 embedded60C 0x63 3 4 5 6 10 11 14 15 embedded60D 0x60 3 4 5 6 10 11 14 15 slot 1 20A 0x60 3 4 5 6 10 11 14 15 slot 1 20B 0x61 3 4 5 6 10 11 14 15 slot 1 20C 0x62 3 4 5 6 10 11 14 15 slot 1 20D 0x63 3 4 5 6 10 11 14 15 slot 2 10A 0x60 3 4 5 6 10 11 14 15 slot 2 10B 0x61 3 4 5 6 10 11 14 15 slot 2 10C 0x62 3 4 5 6 10 11 14 15 slot 2 10D 0x63 3 4 5 6 10 11 14 15 embedded75A 0x63 3 4 5 6 10 11 14 15 AcpiOsDerivePciId: bus 0 dev 31 func 0 AcpiOsDerivePciId: bus 0 dev 31 func 0 acpi0: Power Button (fixed) pci_link0: irq 5 on acpi0 pci_link0: Links after initial probe: Index IRQ Rtd Ref IRQs 05 N 0 3 4 5 6 7 9 10 11 12 pci_link0: Links after initial validation: Index IRQ Rtd Ref IRQs 05 N 0 3 4 5 6 7 9 10 11 12 pci_link0: Links after disable: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link1: irq 3 on acpi0 pci_link1: Links after initial probe: Index IRQ Rtd Ref IRQs 03 N 0 3 4 5 6 7 9 10 11 12 pci_link1: Links after initial validation: Index IRQ Rtd Ref IRQs 03 N 0 3 4 5 6 7 9 10 11 12 pci_link1: Links after disable: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link2: on acpi0 pci_link2: Links after initial probe: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link2: Links after initial validation: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link2: Links after disable: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link3: on acpi0 pci_link3: Links after initial probe: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link3: Links after initial validation: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link3: Links after disable: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link4: irq 11 on acpi0 pci_link4: Links after initial probe: Index IRQ Rtd Ref IRQs 0 11 N 0 3 4 5 6 7 9 10 11 12 pci_link4: Links after initial validation: Index IRQ Rtd Ref IRQs 0 11 N 0 3 4 5 6 7 9 10 11 12 pci_link4: Links after disable: Index IRQ Rtd Ref IRQs 0 255 N 0 3 4 5 6 7 9 10 11 12 pci_link5: irq 10 on acpi0 pci_link5: Links after initial probe: Index IRQ Rtd Ref IRQs 0 10 N 0 3 4 5 6 7 9
RE: Re: RE: Re: [pfSense Support] Serial port console ... ?
Any chance you have console redirection enabled in BIOS for this one ? Not sure if the GX260 has it but... Some systems when set to console redirection start acting like they are indeed a DCE, and not a DTE as one might assume it is. Also do you get any info at all when you boot it ? Just my two cents. -lsf -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: 3. november 2005 16:32 To: support@pfsense.com Subject: Re: Re: RE: Re: [pfSense Support] Serial port console ... ? I have to say that I don't necessarily agree with the statement. I have had it working on EXACTLY the same system(s) w/ the same cable before, but to satisfy my curiosity and that of those out there ... I just tried a db9 to db9 null-modem cable to no avail ... I just went so far as to setup a Cisco router w/ reverse telnet so I could monitor what was comming off from the pfSense serial port (set for COM1 in the BIOS .. BTW, as has always been), and see no bits at all comming from the serial device (pfSense). I am very familiar w/ DTE/DCE communications ... worked many years w/ ISPs and modem banks and mainframe comms ... not my first exposure to or w/ DTE/DCE comms or null-modem communications. My concern is that it worked before w/ a flat roll over (Cisco) cable ... and you are in fact correct Bill, MOST serial comms between active devices require 2/3x but since trying to set this up in 0.84,5,6.x and having had to use a roll-over cable to get it to work (I did try a null-modem way back when I first set this system up, but couldn't get it to work w/ that connection scema). My suspect is that there has been some handy work on the serial setup in FreeBSD at the OS level don't know that for sure .. not real litterate w/ BSDs .. I know a fair bit from the *NIX (Solaris, Linux, AIX) world, but certainly not as up to speed in the FreeBSD realm. I've been pouring over the FreeBSD site for KBs on different serial port configs and there seems to be a fair bit of config you can do to a serial interface as is there in the NIX realm. I don't know what else to say but I keep looking and contribute where I can. Regards, -- DLStrout > > Not sure I saw what type of hardware you had two Dell GX260's. > Straight through cables are usually used to connect PC's depands on the "setup/programming" of the serial interface in the OS. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] [pfSense 0.88/0.90] Atheros card not bound to driver
Hi, The HAL and drivers are updated in version .92 and newer. This should fix what you are seeing. Just get .93 as soon as it hits the mirrors. -lsf > -Original Message- > From: Marc A. Volovic [mailto:[EMAIL PROTECTED] > Sent: 11. november 2005 17:35 > To: support@pfsense.com > Cc: Marc A. Volovic > Subject: [pfSense Support] [pfSense 0.88/0.90] Atheros card not bound to > driver > > Hello. > > I am experiencing a peculiar phenomenon - on a WRAP.1 board (BIOS 1.08), > a TP-Link TL-WN660G card is NOT bound to driver on a cold boot (i.e. power > cycle) - and therefore not used. The card IS detected, HAL is reported > (version 0.9.14.9), but driver remains unbound and card is reported as > "not > claimed". > > On subsequent reboots (i.e. console/web ui generated boots), the card is > detected but IS bound to the driver and is, therefore, usable. > > Initially, I suspected both the card and the WRAP. Subsequent tests, > with > other Mini-PCI Atheros cards and other WRAP boards (I have access to a > number of both), proves that the behaviour is repeatable. > > Linux does not exhibit similar behavior, with HAL 0.9.16.3 being > detected > and driver (ath_pci 0.9.4.5) bound every boot, cold or warm, on the very > same boards and the very same Atheri cards (plural of Atheros, how ;-)... > > Has anyone seen similar behaviour? What can cause this and how can I > provide more pertinent information to check this issue. I readily admit > that my BSD experience is dated (SunOS 4.1), and I am trying to bootstrap > my memory into a more functional mode (among other stuff to be able to > build local versions of the embedded images). > > Thanks! > > Marc > > -- > ---MAV > Marc A. Volovic [EMAIL PROTECTED] > Swiftouch, LTD +972-544-676764 > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 0.92 WPA Client Issues?
WPA testing has mostly been done with AP config, as this is what most ppl use. However it worked as a client last time I checked, but something might be broken with it now. I'll retest this ASAP. I just need to find a second client box to test with, I'll report back later. To verify you setup you can do this quite simple, just set it up as a AP and see that you can connect with another client, then just change it to client mode you it should be fine. If it's not then you can try running it manually, from console. If you don't know how to do this then just leave it for now and I'll do some testing. -lsf > -Original Message- > From: Brad Gass [mailto:[EMAIL PROTECTED] > Sent: 15. november 2005 18:38 > To: support@pfsense.com > Subject: [pfSense Support] 0.92 WPA Client Issues? > > Hello. > > I've done some digging and have yet to come up with any answers in the > archives or forum, so I thought I'd just ask. > > I've recently installed 0.92 embedded on a WRAP board, 256MB CF card and a > Atheros mPCI card (CM9). > > I'm trying to use this setup as a wireless client device (with WPA-PSK > encryption), initially just attempting to associate with an access point > right on the bench. > > I've gone through and set the system up for basic operations and assigned > ath0 as my WAN port. Assigned the IP address, SSID, etc - everything > works as expected when using no encryption, and 40 bit WEP (I didn't test > 128 bit, but assume it works fine). But, no joy at all with WPA. > > I've tried two access points - a StarOS AP (CM9 card) and a Linksys WRV54G > - and specifying the appropriate ciper for both (or auto) and no luck at > all with either. I've fiddled with nearly everything I can think of, and > nothing results in an association. Changing key times, ciphers, nothing. > > My last configuration is as follows: > > pfSense - fresh install of 0.92 embedded, assigned interfaces (sis0 -> > LAN, ath0 -> WAN), assigned my wireless static IP, SSID, enabled WPA and > entered the key (32 random ASCII characters). > > StarOS - fresh install of 2.10.0, assigned IP addresses, WPA-PSK > encryption, key rotation of 3600, and the WPA key (32 random ASCII > characters). > > SNR's are a non-issue, >35dB all around. Distance (ACK timing) isn't an > issue here either, less than 10 feet on the bench. > > Is there something stupid I'm missing here, or is there issues with using > WPA as a wireless client? More information on request, just let me know > what you need. > > As a secondary question, is there a way to adjust the ACK timing of the > radio? Assuming the WPA issues can be worked out, this setup would make a > really nice wireless client access device in several places in my network, > but link distances could approach 8 miles, so timing would likely need > some tuning. > > Thanks in advance of any and all help! > > > Brad > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 0.92 WPA Client Issues?
See http://cvstrac.pfsense.com/tktview?tn=684,0 Problem should be resolved now, let me know if you still have issues. -lsf > -Original Message- > From: Espen Johansen [mailto:[EMAIL PROTECTED] > Sent: 15. november 2005 20:28 > To: support@pfsense.com > Subject: RE: [pfSense Support] 0.92 WPA Client Issues? > > WPA testing has mostly been done with AP config, as this is what most ppl > use. However it worked as a client last time I checked, but something > might > be broken with it now. I'll retest this ASAP. I just need to find a second > client box to test with, I'll report back later. > To verify you setup you can do this quite simple, just set it up as a AP > and > see that you can connect with another client, then just change it to > client > mode you it should be fine. If it's not then you can try running it > manually, from console. If you don't know how to do this then just leave > it > for now and I'll do some testing. > > -lsf > > > -Original Message- > > From: Brad Gass [mailto:[EMAIL PROTECTED] > > Sent: 15. november 2005 18:38 > > To: support@pfsense.com > > Subject: [pfSense Support] 0.92 WPA Client Issues? > > > > Hello. > > > > I've done some digging and have yet to come up with any answers in the > > archives or forum, so I thought I'd just ask. > > > > I've recently installed 0.92 embedded on a WRAP board, 256MB CF card and > a > > Atheros mPCI card (CM9). > > > > I'm trying to use this setup as a wireless client device (with WPA-PSK > > encryption), initially just attempting to associate with an access point > > right on the bench. > > > > I've gone through and set the system up for basic operations and > assigned > > ath0 as my WAN port. Assigned the IP address, SSID, etc - everything > > works as expected when using no encryption, and 40 bit WEP (I didn't > test > > 128 bit, but assume it works fine). But, no joy at all with WPA. > > > > I've tried two access points - a StarOS AP (CM9 card) and a Linksys > WRV54G > > - and specifying the appropriate ciper for both (or auto) and no luck at > > all with either. I've fiddled with nearly everything I can think of, > and > > nothing results in an association. Changing key times, ciphers, > nothing. > > > > My last configuration is as follows: > > > > pfSense - fresh install of 0.92 embedded, assigned interfaces (sis0 -> > > LAN, ath0 -> WAN), assigned my wireless static IP, SSID, enabled WPA and > > entered the key (32 random ASCII characters). > > > > StarOS - fresh install of 2.10.0, assigned IP addresses, WPA-PSK > > encryption, key rotation of 3600, and the WPA key (32 random ASCII > > characters). > > > > SNR's are a non-issue, >35dB all around. Distance (ACK timing) isn't an > > issue here either, less than 10 feet on the bench. > > > > Is there something stupid I'm missing here, or is there issues with > using > > WPA as a wireless client? More information on request, just let me know > > what you need. > > > > As a secondary question, is there a way to adjust the ACK timing of the > > radio? Assuming the WPA issues can be worked out, this setup would make > a > > really nice wireless client access device in several places in my > network, > > but link distances could approach 8 miles, so timing would likely need > > some tuning. > > > > Thanks in advance of any and all help! > > > > > > Brad > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Are Sangoma cards supported
I'm not sure, I have been trying to find this out myself. If you test it, please let me know. Also if anyone has tried AWM or Junghans with Freebsd6 please let me know. I'm working on implementing asterisk in pfsense, to provide a full SMB "all in one" system. I'm currently thinking of having a wifi phone connected to pfsense in order to have a nice PBX solution for cordless long-range handsets, as well as a PBX for softphones and normal VoIP phones. -lsf > -Original Message- > From: Eric W. Bates [mailto:[EMAIL PROTECTED] > Sent: 15. november 2005 22:18 > To: support@pfsense.com > Subject: [pfSense Support] Are Sangoma cards supported > > Has anyone tried to use any of the Sangoma cards with pfsense? > Specifically, I'm interested in trying their T1 card: > > http://www.sangoma.com/products/p_csu_cards.htm > > Drivers: > ftp://ftp.sangoma.com/FreeBSD/ > > They might not support FreeBSD 6.x. They list 5.4 in May 2005 Release > notes. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] restarting httpd
Do a “ps –auxww |grep http” and you will se full command line for whatever process (change or remove the grep if you are looking for something else) you are looking to kill /restart (unless you already killed it that is) /usr/local/sbin/mini_httpd -c **.php|**.cgi -u root -maxproc 16 -i /var/run/mini_httpd.pid -lsf From: alan walters [mailto:[EMAIL PROTECTED] Sent: 23. november 2005 12:06 To: support@pfsense.com Subject: [pfSense Support] restarting httpd How can the httpd be restarted from the command line. I attempted to run the php script from the command line but it failed looking for credentials.
Re: [pfSense Support] Wireless problems...spoke too soon
Be aware that you can have noise problems if you/someone else have AP's running in cloaking mode (other channel size then normal). You will not be able to see these AP's with netstumbler. You will need either a AP that supports cloaking and site servey, or you will need a spectrum analyser. -lsf On 6/25/06, Jonathan Woodard <[EMAIL PROTECTED]> wrote: I also have a router that is on my workbench that is acting as awireless client and it is also giving the same problems. I live in the middle of 3 acres in a very small town so I know there is no other AP'sin distance. There is really nothing else here that causes a problem.When I turn my old netgear "b" AP on everything works great with it. The AP card might very well be crappy but it would surpsrise me since it'sworked like a champ until now. Thank you for your suggestions however.:-) Any other advice I would welcome.JonathanHolger Bauer wrote: > Sounds like noise to me. Check out your neighbourhood for interfering channels (you can do so for example by scanning with http://netstumbler.com/ for other accesspoint). Also other devices can interfere with wireless that won't be listed with netstumbler (like for example wireless home video transmitters; Check your environment for devices that might cause noise). Also maybe the wireless card of the client that is having issues is just crappy as another one works. >> Holger> -Original Message-> From: Jonathan Woodard [mailto:[EMAIL PROTECTED]]> Sent: Sunday, June 25, 2006 1:30 AM> To: support@pfsense.com> Subject: Re: [pfSense Support] Wireless problems...spoke too soon>>> Well, apparantly that didn't fix it completely. I can no longer get an IP from the wireless. Again, the AP connects fine but dhcp will not give me an IP. I tried with my laptop and it didn't work then i moved it closer and it gave me an address so I'm assuming is a range issue. However everything suggests that the range is very good to excellent. I walked farther away with my laptop and got an IP but the connections timed out several times when I tried browsing the internet. Again any suggestions would be appreciated. >> Btw, this is the card I'm using. It is an Atheros chipset. EDIMAX EW-7325IG PCI Wireless LAN Card - Retail>> Jonathan>>> Scott Ullrich wrote:> On 6/24/06, Jonathan Woodard < [EMAIL PROTECTED]> wrote:>> Well, I am able to get an IP with the desktop now so I would assume that> fixed it. I would still like to know what was happening but if no one > knows I'll be happy it works for now. :-)>> thanks for the quick help Scott.>>> Let's just say there where some pretty obvious bugs with non ath cards.>> Scott >> -> To unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]>> > Virus checked by G DATA AntiVirusKit>>> - > To unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED] >>-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] SDSL Question
SDSL/SHDSL/gSHDSL equipment are not easily changed from one vendor/DSLAM to the next, so you should rather setup your modems in bridge mode instead of trying to replace them. This config will change the router into bridge mode. Before you start you might want to backup your old config and possible any pppoe/pppoa username/pass that you need for the pfsense config. You will also need config password and enable password for the router. Either that or you can ask your tech rep to send you a modem based on this config (a smaller ISP will most likely help you do this, a big one will most likely not). --- EnableConfigure terminalNo service padService timestamps debug uptimeService timestamps log uptimeService password-encryptionHostname "your_routername"Ip subnet-zeroNo ip routing Bridge irbInterface Ethernet0No shutdownNo ip addressNo ip route-cacheBridge-group 1Hold-queue 100 outInterface ATM0No shutdownNo ip addressNo ip route-cacheNo atm ilmi-keepalive Pvc 8/35Encapsulation aal5snapDsl equipment-type CPEDsl operating-mode GSHDSL symmetric annex B (might be different annex standard for your region, check the old config before you do this)Dsl linerate AUTO Bridge-Group 1Interface BVI1Ip address "the ip you want on the inside of the router" "subnet"No shutdownIp classlessNo ip http serverBridge 1 protocol ieeeLine con 0Exec-timeout 120 0 Stopbits 1Line vty 0 4Access-class 23 inExec-timeout 120 0Login localScheduler max-task-time 5000EndWrite memoryDisableExit --- Good luck :-) -lsf On 7/20/06, Lawrence Farr <[EMAIL PROTECTED]> wrote: I currently have 2 Cisco 828's with SDSL connectionsplugged into separate interfaces on one of my PfSense boxes. The external IP's are nat'd by the cisco, thennat'd again by pfSense, and it's just a lot clunkierto work out any issues than I'd like. Does anyone knowof a supported card or external bridging modem that I can use with pfSense to pass the external IP's directlyto the pfSense box without having to use the cisco'sredirection?CheersLawrence FarrEPC Direct Limited- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] trap infected computers
For more usable info: http://ungoliant.sourceforge.net/ -lsf On 7/27/06, dny <[EMAIL PROTECTED]> wrote: anyway we can setup our firewall to do this?? http://www.pcworld.com/resource/printable/article/0,aid,123138,00.asprgds,dny--- http://bloglines.com/public/bacaan --- harini udah baca blom? ... they look but do not see and hear but do not listen or understand. Mat 13:13... but that which cometh out of the mouth, this defileth a man. Mat 15:11- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] jitter?
The only time I have seen behaviour like this is when either the nic or the cable has issue, when everything stopped it was the card trying to autosense half duplex because of a bad cable. Maybe you should have a look at your nics, and possibly the cable and or switch. Another example is the 3c905B that drops to half duplex when loaded with 70mbit + over a period (30sec or more). just my 2cents. -lsf On 7/28/06, Jure Pečar <[EMAIL PROTECTED]> wrote: Hi all,We just switched our web service over from an overloaded linux firewall to a pfSense box. Previously, on the linux firewall, our service worked ok, even though it was limited by the bandwith that box managed to chew through.Now, on pfSense, it seems to be working faster, but we expirience lots of what I belive is a network jitter. For example, when I download a ~1MB picture from the gallery, I see random pauses during the transfer. This affects all traffic ... and when you wait few seconds for a dns reply every now and then, the site goes kaboom. I don't have much expirience in networking, so I'd appreciate any suggestions where to look for a cause and how to figure out what is going on. It's strange because now, over pfSense, there are fewer network components between me and my servers than there were before when the servers were behind linux firewall. --Jure Pečarhttp://www.email.si-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Working DDNS for local network
To create patches this should be enough to check out the files: http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/ -lsf On 8/11/06, Robert Mortimer <[EMAIL PROTECTED]> wrote: I have a working setup to do the following1) Enter a local DDNS update key under the DDNS settings 2) Enter a sub-domain (zone) for each DHCP subnet under the DHCP settings3) If local key exists DHCP offers option to enable DDNS for the subnet'sforward zoneI need to do the followingImprove error trapping to prevent all possibility of referencing a key that has been disabled or removedOptionalAllow update of reverse zoneAllow multiple keysI have diffs against RC2 or if could you give me some limited access to cvsI could add them/recreate them against HEAD The document I have been working against for DDNS configuration of ISC DHCPcan be found herehttp://www.ops.ietf.org/dns/dynupd/secure-ddns-howto.html#forward I am in the UK so I am on GMT--Robert-To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Redirect Port 80 to Squid/Dans Guardian Box for Filtering
Adding a rule (before the default rules) that takes port 80 from !squidserverip --> and forward it to the squid box should do the trick. -lsf On 8/18/06, stephan peterson <[EMAIL PROTECTED]> wrote: I'm using pfSense on my home network and it is working great as a firewallfor me. I'd like to add content filtering to the mix. I was thinking I would dedicate a box to the task. I'd like to make it transparent to theusers though. I don't want to have to configure the browsers to point tothe Squid/DG box. I'd rather redirect all outbound HTTP traffic to the Sqiud/DG box and then it would send it out thru the firewall using afirewall rule that would allow it outbound on port 80.Has anyone done this? Is it possible? Poking around I don't see how tomake it happen and my searches of the list archive haven't turned up any help. I get the impression though that it's not possible and that's notwanted I wanted to hear.Thanks,Stephan-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ethernet over firewire
I have used it sucessfully with pfsense but not recently, and no there is no special cable requirements for FireWire. It should work just fine. -lsf On 10/4/06, sai <[EMAIL PROTECTED]> wrote: I have a firewire port that I want to use for CARP (its there and cantreally use it foranything else) . However I cannot get pfsense to ping when I connect 2 machines together. If anyone has used firewire beforeplease let me know if I need a special wire for this? With Cat5 cableswe would need crossed cables - is there any requirement like that here?sai-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Features
On 11/28/06, saidy <[EMAIL PROTECTED]> wrote: Just to know, How pfsense can be act as a load balancer, anti-spam, anti-virus? It is ok to implement to enterprise level? Something like a products of juniper and fortinet.. Please comment. SAIDY Bangi, Malaysia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Pfsense is not a Juniper killer (yet), I can tell you that much. But it can do enterprise work, all depends on how much you want it to do. Like every system it has it's restrictions. Please be more spesific in your questions, do you have any idea how much traffic it will need to handle ? Mail amounts, etc. etc. what kind of HW do you plan on using it on ? P.S. Best way to find out is to test ;-) -lsf
Re: [pfSense Support] Loopback and DNS lookup fail
On 11/29/06, Tim Martin <[EMAIL PROTECTED]> wrote: I had a lot of problems with one of my routers and finally broke down and did a complete re-install of pfSense. I went through and set everything up the way I wanted it and it worked fine. I think there was some little something in the config file that got messed up. The problem I was having was low bandwidth through all the interfaces. Tim Bennett Lee wrote: I have a pfSense box that cannot loopback to internal addresses via WAN IPs and cannot resolve DNS (and hence cannot contact pfsense.com to download packages). Note that only pfSense itself cannot resolve DNS--our internal servers can resolve DNS using the same external name servers as pfSense. We're running 1.0.1, but this hasn't worked for us on this box since RC3 or so (I think). I have 2 other pfSense boxes and both those work fine. I couldn't figure out why this one can't loopback or resolve DNS, so I built a new pfSense box with all new hardware, installed from CD, then loaded the old config with new interface IDs. Same problem. Thus, I assume there's a problem with my config. However, I've been over and over the config and compared it to the 2 working boxes and to old config backups we have. I can't find any significant differences. I even removed all the features and rules that I could, thinking maybe I was overlooking something. Still can't get it to work. The only thing I can think to do now is to rebuild and start the setup from scratch, manually re-entering our entire config and checking after every change to see if it still works. Can anyone offer any solutions or troubleshooting advice before I'm forced to shutdown our offices for a few hours? --Bennett -- Stop Spam Now: http://www.spamarrest.com/affl?4025320 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] If you send me your config.xml i'll take a look at it. -lsf
Re: [pfSense Support] SuperG Atheros Chipset
To enable trubo mode check the turbo button, speed is still selected up to 54mbit, only difference is that with turbo enabled all speeds are 2x whatever speed you choose. Se the wiki for more info on manual ifconfig settings: http://wiki.pfsense.com/wikka.php?wakka=Wireless WPA2 is not fully implemented at the time, you can look at the generated hostapd/wpasupplicant config for more info. Also refer to the manpages for hostapd and wpa_supplicant. -lsf On 12/4/06, Joseph (Joe) Lynn <[EMAIL PROTECTED]> wrote: Hi everyone, Congrats on a great product… I was wondering about wireless… I'm using the ath(4) driver for an Atheros 5212 card. I notice that in the man page for the ath driver, it states that:- "AR5212-based devices support 802.11a, 802.11b, and 802.11g operation with transmit speeds appropriate to each. All chips also support an Atheros Turbo Mode (TM) that operates in the 5Ghz frequency range with 2x the transmit speeds. Some chips also sup- port Turbo mode in the 2.4Ghz range with 802.11g. (These modes are, how- ever, only interoperable with other Atheros-based devices.)" Is there a way to enable the SuperG functionality within pfSense, outside of the GUI? Also, if I want to enable the 802.11x to use WPA2 Enterprise, how do I configure the EAP side of things within the GUI? Or does it have to be done at the command line? Many thanks, Joe
Re: [pfSense Support] SuperG Atheros Chipset
As i said in my previous mail: http://wiki.pfsense.com/wikka.php?wakka=Wireless note the lines: ifconfig -m "IF-NAME" (lists modes) ifconfig -v "IF-NAME" (view settings) You will find stuff like -burst or burst etc. a lot of this stuff is mediaopts. -lsf On 12/5/06, Carlos Rosário <[EMAIL PROTECTED]> wrote: Turbo Mode uses channel width of 40mhz while normal operation uses 20mhz and every single channel takes 5mhz. This is why Turbo Mode is not a good thing in the 802.11b/g networks, since the 2,4ghz band is already very populated, and that's the reason I think the developer of the driver in FreeBSD didn't include Turbo Mode in 802.11g operations. SuperG is a different thing, it's a set of features to optimize communication – Compression, Fast Frames and Packet Bursting. I don't know if all of theses features are present in the FreeBSD driver. -- *From:* Espen Johansen [mailto:[EMAIL PROTECTED] *Sent:* terça-feira, 5 de Dezembro de 2006 16:51 *To:* support@pfsense.com *Subject:* Re: [pfSense Support] SuperG Atheros Chipset To enable trubo mode check the turbo button, speed is still selected up to 54mbit, only difference is that with turbo enabled all speeds are 2x whatever speed you choose. Se the wiki for more info on manual ifconfig settings: http://wiki.pfsense.com/wikka.php?wakka=Wireless WPA2 is not fully implemented at the time, you can look at the generated hostapd/wpasupplicant config for more info. Also refer to the manpages for hostapd and wpa_supplicant. -lsf On 12/4/06, *Joseph (Joe) Lynn* <[EMAIL PROTECTED]> wrote: Hi everyone, Congrats on a great product… I was wondering about wireless… I'm using the ath(4) driver for an Atheros 5212 card. I notice that in the man page for the ath driver, it states that:- "AR5212-based devices support 802.11a, 802.11b, and 802.11g operation with transmit speeds appropriate to each. All chips also support an Atheros Turbo Mode (TM) that operates in the 5Ghz frequency range with 2x the transmit speeds. Some chips also sup- port Turbo mode in the 2.4Ghz range with 802.11g. (These modes are, how- ever, only interoperable with other Atheros-based devices.)" Is there a way to enable the SuperG functionality within pfSense, outside of the GUI? Also, if I want to enable the 802.11x to use WPA2 Enterprise, how do I configure the EAP side of things within the GUI? Or does it have to be done at the command line? Many thanks, Joe
Re: [pfSense Support] SuperG Atheros Chipset
Forgot this in my last reply, Turbo mode is also part of the "Super" functions in the atheros chips: Super G/Super AG mode includes dynamic 108 Mbps capability, real-time hardware data compression, Fast Frames™ and standards-compliant bursting. The reason I only mentioned Turbo is because the rest is normally enabled if the card is capable of super modes. -lsf On 12/5/06, Carlos Rosário <[EMAIL PROTECTED]> wrote: Turbo Mode uses channel width of 40mhz while normal operation uses 20mhz and every single channel takes 5mhz. This is why Turbo Mode is not a good thing in the 802.11b/g networks, since the 2,4ghz band is already very populated, and that's the reason I think the developer of the driver in FreeBSD didn't include Turbo Mode in 802.11g operations. SuperG is a different thing, it's a set of features to optimize communication – Compression, Fast Frames and Packet Bursting. I don't know if all of theses features are present in the FreeBSD driver. -- *From:* Espen Johansen [mailto:[EMAIL PROTECTED] *Sent:* terça-feira, 5 de Dezembro de 2006 16:51 *To:* support@pfsense.com *Subject:* Re: [pfSense Support] SuperG Atheros Chipset To enable trubo mode check the turbo button, speed is still selected up to 54mbit, only difference is that with turbo enabled all speeds are 2x whatever speed you choose. Se the wiki for more info on manual ifconfig settings: http://wiki.pfsense.com/wikka.php?wakka=Wireless WPA2 is not fully implemented at the time, you can look at the generated hostapd/wpasupplicant config for more info. Also refer to the manpages for hostapd and wpa_supplicant. -lsf On 12/4/06, *Joseph (Joe) Lynn* <[EMAIL PROTECTED]> wrote: Hi everyone, Congrats on a great product… I was wondering about wireless… I'm using the ath(4) driver for an Atheros 5212 card. I notice that in the man page for the ath driver, it states that:- "AR5212-based devices support 802.11a, 802.11b, and 802.11g operation with transmit speeds appropriate to each. All chips also support an Atheros Turbo Mode (TM) that operates in the 5Ghz frequency range with 2x the transmit speeds. Some chips also sup- port Turbo mode in the 2.4Ghz range with 802.11g. (These modes are, how- ever, only interoperable with other Atheros-based devices.)" Is there a way to enable the SuperG functionality within pfSense, outside of the GUI? Also, if I want to enable the 802.11x to use WPA2 Enterprise, how do I configure the EAP side of things within the GUI? Or does it have to be done at the command line? Many thanks, Joe
Re: [pfSense Support] SuperG Atheros Chipset
For "super modes" brusting is supported on pretty much every chip that
supports it, As for compression etc. you will have to verify this with the
previous mentioned ifconfig lines.
As for creating your own wpa supplicant, sure you can do this. However if
you want it to stay intact during reboots and other wireless interface
changes, the best way is to hardcode them in /etc/inc/interfaces.inc
look for "function interfaces_wireless_configure"
scroll down to the section: /* generate wpa_supplicant/hostap config if wpa
is enabled */
Find:
switch ($wlcfg['mode']) {
case 'bss':
if (isset($wlcfg['wpa']['enable'])) {
$wpa .= << wrote:
Hi all,
Many thanks to everyone for their replies…
As far as I can see now, from reading around and checking these messages,
etc, it looks like most 108 atheros cards are supported at least in static
turbo mode, whilst the super G extensions are not.
I'm not sure if this will be too much of a problem…
Now I'm thinking, as far as I can tell, there's no reason why I couldn't
just configure the wpa_supplicant.conf file by hand to authenticate against
a radius server using EAP-TLS, is there?
Cheers,
Joe
--
*From:* Espen Johansen [mailto:[EMAIL PROTECTED]
*Sent:* 05 December 2006 23:09
*To:* support@pfsense.com
*Subject:* Re: [pfSense Support] SuperG Atheros Chipset
Forgot this in my last reply, Turbo mode is also part of the "Super"
functions in the atheros chips:
Super G/Super AG mode includes dynamic 108 Mbps capability, real-time
hardware data compression, Fast Frames™ and standards-compliant bursting.
The reason I only mentioned Turbo is because the rest is normally enabled
if the card is capable of super modes.
-lsf
On 12/5/06, *Carlos Rosário* <[EMAIL PROTECTED]> wrote:
Turbo Mode uses channel width of 40mhz while normal operation uses 20mhz
and every single channel takes 5mhz. This is why Turbo Mode is not a good
thing in the 802.11b/g networks, since the 2,4ghz band is already very
populated, and that's the reason I think the developer of the driver in
FreeBSD didn't include Turbo Mode in 802.11g operations. SuperG is a
different thing, it's a set of features to optimize communication –
Compression, Fast Frames and Packet Bursting. I don't know if all of theses
features are present in the FreeBSD driver.
--
*From:* Espen Johansen [mailto:[EMAIL PROTECTED]
*Sent:* terça-feira, 5 de Dezembro de 2006 16:51
*To:* support@pfsense.com
*Subject:* Re: [pfSense Support] SuperG Atheros Chipset
To enable trubo mode check the turbo button, speed is still selected up to
54mbit, only difference is that with turbo enabled all speeds are 2x
whatever speed you choose.
Se the wiki for more info on manual ifconfig settings:
http://wiki.pfsense.com/wikka.php?wakka=Wireless
WPA2 is not fully implemented at the time, you can look at the generated
hostapd/wpasupplicant config for more info.
Also refer to the manpages for hostapd and wpa_supplicant.
-lsf
On 12/4/06, *Joseph (Joe) Lynn* < [EMAIL PROTECTED]> wrote:
Hi everyone,
Congrats on a great product…
I was wondering about wireless… I'm using the ath(4) driver for an Atheros
5212 card.
I notice that in the man page for the ath driver, it states that:-
"AR5212-based devices support
802.11a,
802.11b, and 802.11g operation with transmit speeds appropriate to each.
All chips also support an Atheros Turbo Mode (TM) that operates in the
5Ghz frequency range with 2x the transmit speeds. Some chips also sup-
port Turbo mode in the 2.4Ghz range with 802.11g. (These modes are, how-
ever, only interoperable with other Atheros-based devices.)
"
Is there a way to enable the SuperG functionality within pfSense, outside of
the GUI?
Also, if I want to enable the 802.11x to use WPA2 Enterprise, how do I
configure the EAP side of things within the GUI?
Or does it have to be done at the command line?
Many thanks,
Joe
Re: [pfSense Support] Good Wireless Card?
Get the 3com 3CRDAG675B. PCI card, removable antenna, works like a charm. supports XR and more. The old version is 3CRDAG675 and does not have detachable antenna, but it works wery well, and you can cut the wire to the antenna and solder a N connector on it, or whatever connector you need (if any). -lsf On 12/19/06, Joseph (Joe) Lynn <[EMAIL PROTECTED]> wrote: Hi All, I've checked the FreeBSD compatibility list, but it's hard to find any recommendations from anyone who has managed to set up a system that I am looking for… I am trying to buy two PCI wireless cards with the ath(4) static turbo 108 cards that support AES encryption (preferably running a network bridge and RADIUS). Has anyone used pfSense to achieve this kind of setup with cards they can recommend? Would I be right in thinking that even if the card itself doesn't claim to support AES, FreeBSD can provide it with software drivers? Many thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Muliple Warp-PFSense as AP
I don't see why it shouldn't work, but then again, you did not give much info as to what you are trying to accomplish (like roaming etc.). -lsf On 1/30/07, kab <[EMAIL PROTECTED]> wrote: Hello, I run PF-Sense now for over a month and it works great on my WARP. Now I plan to extend my wlan with 2 WARP boxes working as AP's. Is this possible with PF-Sense? The configuration would by like this: PF-Sense Firewall running on a WARP1 | AP 1 running PF-Sense on a WARP2 | AP 2 running PF-Sense on a WARP2 The AP's would by connected by Cat5e Cable and powered with Power-Over-Ethernet. Thanks for reply's kab - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] new user... need help with Rules
This is how I deal with wireless to internet acess but not lan. add a rule that says: Pass WLAN-subnet to destination NOT (!) LAN (meaning if it's not rying to acess lan then it's all good) You can also add rules to drop connections from WLAN clients to destination firewall when port is 80/22 (GUI/ssh) etc. Then VPN into the firewall from WLAN zone to acess LAN. -lsf On 2/28/07, Jeremy Bennett <[EMAIL PROTECTED]> wrote: In review, I'd like to grant full access to the internet for all computers on LAN (private, wired, my machines) and LAN2 (wireless segment - friends, families, neighbors). I'd like to make LAN invisible as far as LAN2 is concerned, yet allow my laptop to access LAN when it is attached to LAN2 wirelessly. I may not have been totally clear... I still need my LAN2 to see the internet, so the first rule WAS: PASS | Proto: * | Source: LAN2 net | Port: * | Destination: * | Port: * | Gateway: * So I changed it as such PASS | Proto: * | Source: * | Port: * | Destination: WAN address | Port: * | Gateway: * (Pass LAN2 to wan) PASS | Proto: * | Source: 192.168.12.99 | Port: * | Destination: * | Port: * | Gateway: * (Pass Powerbook to LAN) PASS | Proto: * | Source: LAN2 net | Port: * | Destination: ! LAN net | Port: * | Gateway: * (Block LAN2 from LAN) It seems to work... Have I introduced any sort of horrible security issue by doing this? Thanks for the help. > > > On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote: > >> First create a DHCP-server fort he LAN2 segment at services| >> dhcpserver|lan2-tab and add a static mapping for the mac of your >> notebook. >> >> Then go to firewall|rules|lan2tab >> Add a rule: pass, protocol any, source (IP of notebook), >> destination any, gateway default >> >> Below this add a rule: pass protocol any, source lan2 net, >> destination NOT LAN, gateway default >> >> That's all that is needed. >> >> Holger >> >> -Ursprüngliche Nachricht- >> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Gesendet: Montag, 26. Februar 2007 10:39 >> An: support@pfsense.com >> Betreff: [pfSense Support] new user... need help with Rules >> >> I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an >> address >> via DHCP from local cable provider. LAN (192.168.12.1) is my (soon >> to be) >> private network, and LAN2 (192.168.12.1) has a couple of wireless >> bridges|APs at 192.168.12.253 & 254. What I need to do is create a >> rule >> that blocks traffic between LAN2 and LAN, yet still allows my laptop >> (192.168.12.99, assigned via MAC|static) to access LAN while >> wirelessly >> connected to LAN2. Any help or guidance on this is much appreciated. >> >> Mahalo, >> Jeremy >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Get WLAN Working with Intel Pro/Wireless 2915ABG
Does dmesg report the card at all ? It's Atheros based so it should show up as ath0. Does ifconfig list it ? Please provide more info. -lsf On 4/19/07, Christian Veith <[EMAIL PROTECTED]> wrote: Hi Folks, is it possible to use the Intel Pro/Wireless 2915ABG as an access point with pfsense embedded ? i?ve just installed the card on my wrap but there are no new interfaces in the interface assignment. Everything i found on the forum was that post from 9th of April 2006: http://forum.pfsense.org/index.php/topic,977.msg5975.html#msg5975 What could i do to get it working ? kind regards Christian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Get WLAN Working with Intel Pro/Wireless 2915ABG
Maybe I'm wrong, but one of the first intel ABG cards was based on a 5212 chip, thought it was the 2915 but maybe not. Been a while since i last tried out the intel cards. -lsf On 4/19/07, David Barbero <[EMAIL PROTECTED]> wrote: Chris Buechler <[EMAIL PROTECTED]> ha escrito: > That's not an Atheros card. It should be supported by the iwi driver > though, we must not have that in the pfsense kernel for some reason? > Maybe this is why, from the iwi(4) man page: > > > This driver requires firmware to be loaded before it will work. You need > to install the ports/net/iwi-firmware-kmod port before ifconfig(8) will > work. Probabily for the licence of the driver... In FreeBSD 6.2 this driver come with distribution, but for use it, you need a line in /boot/loader.conf (I don't sure is in this file...). Regards. -- "Linux is for people who hate Windows, BSD is for people who love UNIX" "Social Engineer -> Because there is no patch for human stupidity" - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] firewalling
Go read http://www.pfsense.com -lsf On 4/30/07, Mohsen Pahlevanzadeh <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh,it's mean that ipfw or PF or ipf or ipfilter.now, which ? Holger Bauer wrote: > - DHCP-Server enabled at LAN-Interface > - pfSense LAN IP 192.168.1.1 > - webgui at http://192.168.1.1 , User "admin" password "pfsense" > - DHCP-Client at WAN > - Block anything incoming at WAN > - Allow anything coming from LAN > > Holger > > -Original Message- > From: Mohsen Pahlevanzadeh [mailto:[EMAIL PROTECTED] > Sent: Sunday, April 29, 2007 5:52 PM > To: support@pfsense.com > Subject: [pfSense Support] firewalling > > Dear all, > I have installed pfsense,But i don't know what is firewall software > default.Do you know? > --Mohsen - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit Version: AVK 17.4315 from 29.04.2007 Virus news: www.antiviruslab.com Virus checked by G DATA AntiVirusKit Version: AVK 17.4319 from 29.04.2007 Virus news: www.antiviruslab.com - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGNdwAixBch8qE3VMRAlB6AJ9neAasoKi33tgcJipl+8F5LQCKywCfXiLY uh0DAQxKvNrnzj8oc18xnS8= =rbzO -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] atheros signal and noise
You can't see the noise but you can get "the signal" (sort of) by looking at the RSSI value. Take a look at the wireless status page. http://forum.pfsense.org/index.php/topic,1368.0.html for more info. -lsf On 5/7/07, Fábio Gusmão <[EMAIL PROTECTED]> wrote: Hello, How can i see the signal, and most important, how to list the noise from the clients in my ap interface? Thanks, Gusmão - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Wireless loop
I'll take a look at the wireless on 1.2 once I get my lab back up and running. I just moved a month ago, got internet (cable) today, will get ADSL tomorrow and hopefully finnish cabling my apartment sometime this week, so maybe i can be ready to do some testing in the weekend. However I have gotten feedback that the wireless code in FBSD6.2 shows some weird behaviour. Mostly it's in ad-hoc mode tho (and that has been a issue for quite some time). -lsf On 5/8/07, Sonny Mounicou <[EMAIL PROTECTED]> wrote: Since upgrading to the beta version, my wireless gets stuck in a loop where it goes up and down. In the logs, I get the following entries: May 7 18:01:53 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deassociated May 7 18:01:53 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deauthenticated due to local deauth request May 7 18:01:50 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: associated May 7 18:01:47 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deassociated May 7 18:01:47 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deauthenticated due to local deauth request May 7 18:01:44 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: associated May 7 18:01:44 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deassociated May 7 18:01:44 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deauthenticated due to local deauth request May 7 18:01:41 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: associated May 7 18:01:41 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deassociated May 7 18:01:41 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: deauthenticated due to local deauth request May 7 18:01:37 hostapd: ath0: STA 00:XX:XX:XX:XX:XX IEEE 802.11: associated The times seems to match, as it takes two to three seconds for the cycle. I am running 1.2-Beta-1 built Apr 30. Any thoughts? I haven't seen this in months of running 1.0. Is this a known issue? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Configuring NICs speed / full duplex
Did you try a new cable? Autosensing can be very borked if the cable is not cat5e and properly wired. -lsf On 5/10/07, Chris Buechler <[EMAIL PROTECTED]> wrote: Sean Cavanaugh wrote: > > > I actually have an issue with a Netgear gigabit NIC taking over 60 > seconds once pfsense was loaded to finish auto negotiating the gigabit > speed. It would show the interface up at 100 mbit, as confirmed by my > gigabit switch but nothing could touch the inside interface until it > finally switched over to gigabit. makes it insanely long for firewall > to come back up after a reboot. Upgrade your switch firmware if possible and see if that makes a difference. Does that same NIC behave the same using Windows? If so, well it's just junk, if not, there's a FreeBSD driver issue of some sort. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Printer support for pfsense
Search the forums, this has been asked and answered before. There are several options, take a look at the freebsd docs. -lsf On 6/20/07, Siju George <[EMAIL PROTECTED]> wrote: On 6/1/07, Ronald Zúñiga <[EMAIL PROTECTED]> wrote: > Hi All, > > I just want to know if it is possible to install a printer on pfsense. I > need to share the printer to a windows network... so I think I would be > using samba... > Since no one answered your question. A Firewall is not exactly the device that you should use to share Printers :-) But in Firms where systems are very few most functions are crammed into the available hardware. I remember when I first Joined for Job there were only 5 systems in the company and one machine was the Domain Controller, Firewall, Web Proxy, File Server, WebServer, Database Server etc. etc. So If that is your case : Since you mentioned about using Samba I guess you want to share the printer primarily to Windows Computers. You can save yourselves from a lot of trouble if you configure printer on one of the Windows machines and share it from there. This has nothing to do with pfsense but I really felt pity on you because of your question. They are similar to the ones I asked 5 yrs back :-) Thankyou so much Kind Regards Siju - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Debugging hostapd
set up your wireless as you like it in GUI.
Then edit /tmp/{$if}_setup.sh ( {$if} = your interface name like ath0
or wi0 or whatever) and find the line that starts
hostapd/wpa_supplicant (should look somthing like: /usr/sbin/hostapd
-B /var/etc/hostapd_{$if}.conf and change it to somthing like
/usr/sbin/hostapd -dd /var/etc/hostapd_{$if}.conf
-B = run in background
-dd = debug mode
Then from CLI (ssh in or whatever) run /tmp/ath0_setup.sh and do your debugging.
Remeber if you change anything in GUI the /tmp/ath0_setup.sh file will
be overwritten and you have to edit it again.
Also when you exit debug mode, hostapd will stop, so you need to enter
gui and save changes on the wireless setup page to rewrite the startup
script and start wireless again.
Good luck :-)
-lsf
On 7/4/07, tester tester <[EMAIL PROTECTED]> wrote:
How can I get detailed debug data from hostapd? I've been using pfSense also
as an access-point.
I have some trouble with wireless and debugging can help me to understand
the problem better.
Thanks!
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Best setup for a colocation
You do not have to NAT to use CARP, all you need is a linknet (/29 or larger) and the other public ip's routed behind the linknet primary ip. Example. subnet 1.2.3.0/29 1.2.3.1 = gateway ip for WAN interface 1.2.3.2 = CARP common ip for WAN interface 1.2.3.3 = real ip for WAN on firewall 1 1.2.3.4 = real ip for WAN on firewall 2 on opt1 you have subnet 1.2.4.0/26 or whatever you get. (ISP sets up 1.2.4.1/26 to be routed to 1.2.3.2) 1.2.4.1 = CARP common IP for opt1 1.2.4.2 = real ip for opt1 on firewall 1 1.2.4.3 = real ip for opt1 on firewall 2 1.2.4.4-->1.2.4.62 = hosting servers (based on /26 mask) Real servers have 1.2.4.1 as gateway and use 1.2.4.4 to 1.2.4.62 as ip's. Then enable advanced outbound NAT and delete the rule for opt1 or if you choose to use LAN interface for servers then delete the lan rule. You can change the lan range to be public IP's if you like, but i prefer to have the lan zone on a seperate interface in this kind of setup. It makes it easier to fix stuff if you mess up something, and it's nice to have for a VPN setup to reach LAN (remote management etc.) -lsf On 6/29/07, Gary Buckmaster <[EMAIL PROTECTED]> wrote: It should also be noted that CARP doesn't work with bridged interfaces, so if you want CARP (which for a data center environment, you probably do) you'll want to use the setup that Chris suggested. Chris Daniel wrote: > If you think you will ever need failover using CARP, 1:1 NAT with > virtual IPs is the way to go. A filtering bridge is nice, and yes, a > bit easier, but you can't implement failover with it under pfSense. > Either way you go, it's essentially the same procedure with regard to > maintaining firewall rules. I can't speak to the Asterisk issue, but > maybe someone else can chime in on that. > > > Ugo Bellavance wrote: > >> Hi, >> >> I'm about to have a few servers in the same half-rack in a >> datacenter and I'm thinking about the best setup possible for that: >> >> - Filtering Bridge >> - 1-to-1 NAT >> - Other??? >> >> I'm especially affraid of Asterisk (SIP) behind a 1-to-1 NAT. I don't >> know exactky what are the pros and cons of each. I guess a filtering >> bridge is easier to install, and we configure the hosts behind with >> public IP addresses and it is easier to forget a host unprotected... >> >> Any opinions on this? >> >> Regards, >> >> Ugo >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dual Wan Problem
Sounds like you hit the firewall and not the actual server behind it, is it destination NATed (portforward) ? You can try to telnet to the ip with port 22 and see what kind of sshd that responds. I bet that you are not hitting the correct box. -lsf On 7/24/07, Chris Flugstad <[EMAIL PROTECTED]> wrote: So i have setup Dual wan on my pfsense and that is working, BUT when i ssh into a server behind the router, I get what looks to be 2 responses coming back and doesnt allow me to login. Has anyone else seen this problem? I can ssh and it will ask for username, and then password, but doesnt seem to like the password, even though the password is correct -chris flugstad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Current 1.2 versions
pfSense-1.2-RC1-Embedded.img.gz is the Greatest/latest. -lsf On 7/25/07, Chris Bagnall <[EMAIL PROTECTED]> wrote: Greetings list, Whilst configuring a couple of new routers (soekris 4801 boxes with 256mb compact flash cards), I noticed there appear to be rather a few different versions of the "embedded" image now available. Am I right in assuming RC1 is later than BETA-2? I must confess I've not seen any announcements on this list about it Regards, Chris -- C.M. Bagnall, Director, Minotaur I.T. Limited For full contact details visit http://www.minotaur.it This email is made from 100% recycled electrons - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to schedule shutdown and box heartbeat
Why not go all the way ? Shutdown -r yymmddhhmm -lsf On 9/24/07, Vivek Khera <[EMAIL PROTECTED]> wrote: > > > On Sep 22, 2007, at 7:05 AM, tester wrote: > > >> min" etc) > > This was the command I typed from the shell: > > > > echo "shutdown -r now" | at "xx:yy" > > why not more simply "shutdown -r xx:yy" > > shutdown has its own timing mechanism. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Dual WLAN no load balancing (different GW)
PPPoE can only be used on WAN. opt interface can use static or dhcp assigned address. The rest of the config is easily done with advanced outbound nat and filtering rules. You can do all that you request with pfsense. You will assign the same gatway in dhcp for all lan hosts, then you add special rules to route out on wither WAN1 or WAN2 (opt interface) -lsf On 10/1/07, Ingvald Grimstveit <[EMAIL PROTECTED]> wrote: > > *Current setup:* > 1x WAN PPPoE > (running PPTP VPN server on pfSense with local user db.) > > > *Need:* > 1x Additional WAN > > > *Configuration would be:* > -Different GW for computers on same LAN (inside) > > -Port forwarding rules for the two WAN's > e.g. > port 80 from WAN1 to 192.168.10.10 (GW for .10 would be WAN1) > port 3389 from WAN2 to 192.168.10.12 (GW for .12 would be WAN2) > and more > > This implies 2x IP on LAN if. > > > *Question:* > Can this be done (easily)? > If so what kind of WAN2 subscription do I need (not another PPPoE i > think). > > > best regards > Ingvald > > - To > unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED]
Re: Ha: [pfSense Support] Re: Take my update ???
Please send the files in diff -rub format. And send them to [EMAIL PROTECTED] -lsf On 10/12/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > news <[EMAIL PROTECTED]> написано 11.10.2007 19:54:19: > > > [EMAIL PROTECTED] wrote: > > > Please send me link, where we take my changes PFsense. > > > > Hi, what are you looking for exactly? > > > > Excuse me! Below files Pfsense for set Static Ip address for WAN PPPoE. > > (See attached file: upload.zip) > > Please take this is changes. > > > > Ugo > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN
http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/ -lsf On 10/12/07, Tortise <[EMAIL PROTECTED]> wrote: > > I am sorry for the usual question, where does one get 1.2RC-3 please?! > Kind regards David > > - Original Message - > From: "Jan Hoevers" <[EMAIL PROTECTED]> > To: > Sent: Friday, October 12, 2007 1:50 PM > Subject: Re: [pfSense Support] hotplug event on LAN triggers problem on > PPTP WAN > > > Chris Buechler wrote on 26-9-2007 2:02: > > Definitely sounds like a bug. I opened a ticket. If you can, please hang > > on with 1.2rc2 for the time being. None of the developers have a PPTP > > WAN, so we'll need somebody to test the change with that specific setup. > > hi Chris, > > Perfect, the issue is fixed! > > As you requested off list I've installed the embedded platform image > labelled "1.2-RC3 built on Thu Oct 11 17:09:49 EDT 2007" and created > some ethernet hotplug events as a test. Of course I still find them in > the logs (check_reload_status: rc.linkup starting, etc.) but mpd doesn't > get killed anymore and the PPTP-WAN link remains up. > > I'm quite happy with this result, and with your fast reaction. > > thanks a lot, > Jan Hoevers > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Problems with DHCP leases
Add a little info like the version you run, how did you uppgrade (i assume you did a upgrade since you are missing the group). >From what version to what version etc. -lsf On 10/30/07, bRokEnCHaRacTer <[EMAIL PROTECTED]> wrote: > > Hello, > > I've got a problem with the dhcpd service of pfsense: I don't get a IP > over DHCP. > According the status page, the dhcpd is up and running, the DHCP log also > shows > no activity. > > I also tried to capture the network activity with WireShark: I only got my > own DHCP > discover requests, but no other DHCP related packages. > > The only hints I got were from the System Logs: > > Oct 30 11:19:14 dhcpd: no such group: _dhcp Oct 30 11:19:14 dhcpd: no > such group: _dhcp Oct 30 11:19:14 dhcpd: For info, please visit > http://www.isc.org/sw/dhcp/ Oct 30 11:19:14 dhcpd: All rights reserved. Oct > 30 11:19:14 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 30 > 11:19:14 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 > Could you please help me to fix this problem? Any hints are welcome. > > Regards, > bc
Re: [pfSense Support] carp and firewall setups
You need a /29 on your wan to use pfsense and carp. -lsf On Nov 14, 2007 2:40 AM, Geoff Crompton <[EMAIL PROTECTED]> wrote: > Hi, > > I'm just trying to educate myself about carp, and if pfSense can do what > we want. I'm trying out an 1.2RC3-embedded on a pair of net4801 devices. > We have a several servers in a datacentre, and two subnets, a /28 and a > /27. > > Our datacenter have said that they can give us an extra /30 for our WAN > side addresses on the router. However I'm not sure I can get CARP > working in this scenario, because I think I need support for carpdev, > and I don't think it's available in 1.2RC3. > > What I think won't work is > * Needing more address on the WAN interface than /30 allows, in order > to have both physical addresses and a carp Virtual IP address on the > routers > * Needing two physical addresses on the LAN interface, so I can add > the two carp Virtual IP addresses as the default router on each subnet. > > Like I said, I think carpdev isn't supported in 1.2RC3, and I think > carpdev would make this all possible. Am I missing something that would > make this all easy without carpdev support? > > -- > Geoff Crompton > Debian System Administrator > http://www.strategicdata.com.au > Phone: +61 3 9340 9000 > Fax: +61 3 9348 2015 > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Split DNS LAN/DMZ
Cant you just use pfsense wan ip as the ntp server ip and use reflection for that ? -lsf On Nov 22, 2007 11:18 PM, Volker Kuhlmann <[EMAIL PROTECTED]> wrote: > On Thu 22 Nov 2007 17:04:02 NZDT +1300, Jaye Mathisen wrote: > > > Use split-horizon DNS, > > Sure, how do I do this with pfsense? I can't find any docs about it and > the > DNS forwarder config page doesn't mention any interfaces (1.2RC3). > > > and different DNS servers for the LAn/DMZ hosts? > > Hm, setting up a separate DNS server for just 1 or 2 hosts in the DMZ is > probably a bit over the top. > > Thanks for your help. > > Volker > > -- > Volker Kuhlmann > http://volker.dnsalias.net/ Please do not CC list postings to me. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Pfsense can do this?
Yes you can do this, all you need to pay attention to is that the servers are routed out one interface and the lan/clients are routed out another, this is a wery simple thing to do with pfsense. If you like you can also set up a DMZ for the servers and have them seperated from the clients. You can also select outgoing link based on service (so you can have SSH,VoIP and other latency sensitive traffic on one DSL link while haveing the rest on the other). Many options and pfsense supports all of them. A starting hint will be AON (Advanced Outbound Nat) and another will be the GW selection at the bottom of rules. Take a look at the tutorials and read the forum, it has tons of info on dualwan setups. -lsf On Nov 23, 2007 4:51 AM, Victor Padro <[EMAIL PROTECTED]> wrote: > Hello listers! > > this is my first post about pfsense, just need some information to get > going with Pfsense, which seems a cool firewall/router distro to me! > > the thing is that i am considering using pfsense to do the next project: > > I got 8 windows/linux servers that my client uses on a daily basis, they > serve as exchange 2005 mail server, domain controller(user authentification) > ftp, web, ruby on rails, and some other stuff, the point is that my client > uses two broadband links ADSL(using DHCP from ISP) and cablemodem(which has > a public shared IP, DHCP also) i want to use the ADSL line to connect via > internet to the servers kinda DMZ, and use the cablemodem to surf within the > office, can this be done with pfsense? my first guess is yes it can be > done, but how can it be done, is there a guide to achieve this goal or at > least have the idea to do so? > Any help will be greatfully apreciated. > > Thank you. > > Victor. >
Re: [pfSense Support] Suggestions appreciated for unusual network setup
This approach is just plain wrong. What you want is a linknet for each of the 2 ip ranges. I'm sorry but it seems you are missing some very basic understanding about routing and networking. What you need is a /30 network between your ISP and your pfSense router. Then your isp needs to route the first /25 to the pfsense /30 ip. and the same for the other one. The actual loadbalancing has to be done on each unit connected to the pfsense unit (i guess you want to have one ip from each range on every server). Then you tell pfsense to use WAN as GW for the first /25 and OPT1 as GW for the second /25. BTW: your logic about adding second ip range as proxy-arp are flawed, it will never failover the way you think. -lsf On Nov 22, 2007 11:57 PM, Chris Bagnall <[EMAIL PROTECTED]> wrote: > > You cannot do this! And this is really a very very short answer of why > > it doesn't work. > > I don't think you're interested on internals of this just the quick > answer. > > Actually, I kind of am. I'd be very interested to know why it can't work, > if you don't mind explaining. > > Regards, > > Chris > -- > C.M. Bagnall, Director, Minotaur I.T. Limited > For full contact details visit http://www.minotaur.it > This email is made from 100% recycled electrons > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] ifconfig -v ath0 scan borken?
Command you should use is ifconfig ath0 scan (-v is to list long ssids) You can only list in adhoc or station mode (infrastructure). Is the interface enabled in pfsense at all ? And if it is, make sure it's not configured as a AP. -lsf On Jan 23, 2008 11:13 PM, Cristian Ionescu-Idbohrn < [EMAIL PROTECTED]> wrote: > According to this: > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-wireless.html > > 29.3.3.1.1 How to Find Access Points > > "To scan for networks, use the ifconfig command. This request may take a > few moments to complete as it requires that the system switches to each > available wireless frequency and probes for available access points." > > and: > > "Note: You must mark the interface up before you can scan. Subsequent scan > requests do not require you to mark the interface up again." > > If I do: > > # ifconfig -v ath0 down > # ifconfig -v ath0 up scan > > I get results in a jiffy. But any subsequent: > > # ifconfig -v ath0 scan > > never returns :( > > Is there something I'm missing? Is there a better way? > > > -- > Cristian > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Wifi NIC
As far as I know there is still no MIMO cards supported in FreeBSD. You might have some luck with project evil (ndisulator) but this is not supported at all. -lsf On Jan 17, 2008 1:58 AM, MyStiC <[EMAIL PROTECTED]> wrote: > I have an Airlink 101 MIMO XR PCI and am trying to use it as the WAN. > The first problem is pfSense doesn't show it's match as an option, if > there is a fix for this, I could problably take it from there. Is > this possible & if so, how. I'm running the latest & greatest RC4. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Wanted: Tips for a VLAN capable switch (for home use)
A bit old this, just adding my 2 cents for the archives. If you don't need gigabit you should have a look at the 3548 and/or 3524xl (48 and 24 port version), it has 2 additional gbic ports, and cost about 140$ on ebay (buy it now). They come with layer2 and 3 support, then latest firmware was done sometime in 2007 iirc. It does pretty much anything you could ask for in a home environment and then some, and the gbic ports can use 1000baseTP-gbics that you can get on ebay for about 30$ a piece (new). So around 200$ for 48*100mbit TP ports and 2*gig TP ports is not bad at all. And most of them come with Enterprise Image (if you need the newest image, email me offlist and I'll get it for you. -lsf On Tue, Apr 8, 2008 at 4:06 AM, Curtis Maurand <[EMAIL PROTECTED]> wrote: > Linksys has a couple of very nice models as does Adtran. > > Curtis Maurand > Head Honcho > Xyonet Webhosting Services > 6 Evergreen Lane > Biddeford, ME 04005 > http://www.xyonet.com > mailto:[EMAIL PROTECTED] > 207.252.7748 > > - Original Message - > From: "Paul M" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: Friday, April 4, 2008 11:51:40 AM (GMT-0500) America/New_York > Subject: Re: [pfSense Support] Wanted: Tips for a VLAN capable switch (for > home use) > > a second hand cisco 2950 would be quite cheap on ebay, the gigabit 2960g > (I think) might be getting too pricey. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] Wanted: Tips for a VLAN capable switch (for home use)
Not for those swtiches they are EOL and you can get it with any cisco login. On Thu, May 29, 2008 at 11:11 AM, Paul Mansfield <[EMAIL PROTECTED]> wrote: > Espen Johansen wrote: > >> all. And most of them come with Enterprise Image (if you need the newest >> image, email me offlist and I'll get it for you. >> > > erm, IOS updates are a commercial service from Cisco, so it's probably not > a wise move to offer this kind of "help" on a public mailing list! > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] port forwarding (but from LAN to WAN)
Check out Advanced outbound NAT (AON) menu, firewall --> NAT select the outbound TAB. Change to manual ... This is first match so the first rule needs to be the rule that should change the src/dst port as needed. The rest should be self explaining.. -lsf On Thu, Oct 9, 2008 at 9:32 AM, Michel Servaes <[EMAIL PROTECTED]> wrote: > Hi, > > > Today I have stumbled upon an intresting "problem". I know I can translate > my ports the other way round from WAN to LAN, and with this knowledge I've > added a rule the other sense around. > What do I need ? > > I have a customer, who has an FTP server running at port 10021 (his ISP > blocks any port below 1024). And we have some older software that is only > capable of connecting to an ftp-server at the normal port... > I already modified "services" on the windows machine, which allows me to > connect - but I wanted to know if a more elegant way (in the firewall > itself) would be possible ? > > thanks for some clues/ideas ! > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] tcp tuning for pfsense?
For the record, pfSense is not linux but freebsd. -lsf On Fri, Oct 24, 2008 at 1:55 PM, Paul Mansfield <[EMAIL PROTECTED]>wrote: > JJB wrote: > > http://www.psc.edu/networking/projects/tcptune/ > > > tcp auto-tuning has been in the linux kernel for quite a while, so > unless you have lots of time to test things, chances are tweaking your > linux box will only make it worse > > and as Chris B says, it's largely irrelevant to pfSense - this was > covered in a thread a while back, so if you're still interested search > the mail list archives. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: [pfSense Support] alix board embedded help
Regarding your wireless card, you should have a 5414 based card, the nextgen cards are not supported yet afaik. -lsf On Mon, Oct 27, 2008 at 5:01 PM, Patrick M. Murray, M.F.A. < [EMAIL PROTECTED]> wrote: > Hi, I've been happily running pfSense v1.2 embedded on a Alix board that > has 2 > USB, 2 mini pci, 2 eth ports, 1 antenna hole, a serial console port, and is > all running on a 512mb CF card, but I also have a 44pin header inside. > > 1. My first goal to make this thing wireless. I have 2 wireless cards. > The > first is a Broadcom BCM9431MPG mini pc, which is a pull from a HP laptop. > It > has 2 antenna leads. I can't find much about this card at all. It's a B/G. > 2. My second card is an Atheros AR5416, an A/B/G/N mini pci card that > is a > pull from an Apple Airport Extreme, which BTW sucks. It's a MIMO, 3 antenna > leads, with 3 antennas mounted on the sides as small chips. But it's a fast > card. But the Apple AE can't handle anything over a speed of about 750kb/s, > or > it makes the amber light on my Cisco 10/100 switch blink, and eventually > will > stall. > 3. My goal is to get 1 or 2 (I'm pretty sure only 1 wireless card is > allowed > in the box) of the wireless cards in the box, working top speed, and I read > something some time ago about attaching the antenna to a old DirectTV Dish > that is not being used, which I happen to have on my roof here in the > Bronx, > as with the Airport - even right next to it, I get only 60% signal, as my > place has brick walls that kill the signal. But I need some range of about > 3 > city blocks so my biz partner can hop on my wireless network, and so I can > use > my own wireless at the coffee shop just across the street, both in the same > direction, linear, bearing NE. > 4. So my question is, will either of these cards work with my Alix > board, and > if so, how do I find and enable the drivers? And is the dish going to work > if > I adapt the connection to the 50ft-75ft coax cable to N connectors on one > end > with the purchase of some pigtails? IF neither of these cards will work, > what > card do you recommend that will work with the dish, and/or have the highest > signal for under $100? > 5. OpenWRT is the only place I have found a driver for the Atheros > 5008 chip, > in collaboration with MadWIFI. But I need this to run as a firewall, and > temp. > router for now, as it is being used now. And I like pfSense. All other > networking equipment is Cisco, and I have a Cisco 7507 router packed full > of > goodies, but can't get a serial connection to it to set it up. Any help on > this would be greatly appreciated as well - as I have 2 RSPs, and both the > Y-cables for console and AUX, but every combo of connecting Y-console cable > to > serial port on PC using TeraTerm returns nothing at all. Yet all other > Cisco > equipment works fine. > > 1. My second question is, the embedded version is very limited > compared to > full version. Should I install a full version on an ultra-fast 1GB CF flash > card? Will it fit? Or should I sacrifice the clean box I have the Alix > board > in and throw a 40GB 2.5" HD in there on the 44pin header? And if so, how do > I > make it boot from this drive if I want to keep a CF card with a backup > config > file attached? The 44pin header is not soldered in yet, but I have TONS of > laptop parts, as I built a server out of 4 Mac Minis that all were adapted > to > handle 4 full size 3.5" drives each. A bit slow due to limit of 1GB RAM > each, > but does okay job. Soldering 44pin is no prob for me, but I'm out of > enclosures except for the Mac Mini ones, which are severely shielded > inside, > and from what I've read, the farther away the antenna is from the card, > there > is less noise, but will eventually not work. What should I do? > 2. I also would like to know what the USB ports can be used for, and > the > secondary mini-pci slot. Like I said I'm running embedded right now, and > there > aren't any options for these USB ports. I dunno what they can be used for, > but > I'd like to have network printing and network shared hard drive if these > will > work with the USB ports. How do I do this? > > > Thanks for your help in advance - sorry so many questions, but I spent all > night looking for the answers, and didn't really come up with any. I read > the > e-mails every day, but ¾ of the time I have no idea what you all are > talking > about, especially when it comes to v.1.3. ? Thanks again! > > Sincerely, > > Patrick > > > > -Original Message- > From: Eugen Leitl [mailto:[EMAIL PROTECTED] > Sent: Monday, October 27, 2008 10:26 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] alix board embedded help > > On Mon, Oct 27, 2008 at 10:55:10AM +, Paul Mansfield wrote: > > > > > 3. My goal is to get 1 or 2 (I'm pretty sure only 1 wireless card > > > is allowed in the box) of the wireless cards in the box, working top > > > speed, and I read something so
Re: [pfSense Support] 1.2.3RC1 embedded: wireless communication with Nokia N97 stops after a few KB but the connection desn't drop
Only thing I can think of is the rekeying, setting it to 0 should solve it if it's the case. -lsf On Sun, Jul 12, 2009 at 7:21 PM, Angelo wrote: > Hi, > > I have a weird wireless connection issue with my new Nokia N97, hope > someone can help me. > > I use 1.2.3RC1 embedded on a Alix 2d3 with a minipci card. > The system has been serving me fine for a couple of months providing > internet access to my server and a sip device cable and to my laptop through > wireless. > > As explained later I don't think this matters, but the wireless card was > setup as access point and protected with WPA2. > No bridges. The devices in the network dont interact much, they mainly need > internet access so I have WAN, LAN, OPT1 and OPT2 with respectively a public > IP, 192.168.69.0/24, 192.168.70.0/24, 192.168.71.0/24. Very plain setup, > the only rules I've added allow communication between LAN, OPT1 and OPT2. > > Yesterday I bought a Nokia N97 and as soon as I came back home I started > playing with it. I joined my wireless network and typed the PSK and the > phone said it was connected properly. Opened the browser and went on google, > typed a search and I got the page, another couple of pages and the > connection stopped working. The page doesn't load and the phone gives me an > error like gateway not responding. I am 101% sure it's something in the > phone or in the wireless manager of the phone so I start investigating on > it. > > I can see the DHCP lease from pfsense and for a few seconds I can ping the > phone's IP then the connections stops until I manually disconnect and > reconnect. Then it works for another few seconds. > When the traffic stops after few seconds the phone still thinks it's > connected and can stay connected for hours giving the gateway error problem; > if I reboot the pfsense box the phone loses the connections for about a > minute, then it automatically reconnects and works for a few seconds. > I spent a good while focusing on the phone since I was sure they did some > weird implementation that wasn't working fine with WPA2. > > So I decided to simplify the problem. As a test I moved the AP on WEP > security, the phone kept connecting and working foe only a few secs. > As an extreme step I setup the AP as an open system. The phone kept > misbehaving. > > As a note, during all these tests I was using the same wireless connection > with my XP laptop that was working fine. > Also, on both the phone and the laptop the signal is really strong (the > phone says 100%). > > I stepped back a bit and I decided to work wit other networks. I know the > WEP key of my housemate and some of my neighbours keeps his wireless net > open but the signal of this network is really low. My housemate wireless > router is a linksys provided by his provider. > > I could connect on the open network and surf with almost no issues, the > signal was occasionally dropping but the phone was reconnecting and then > everything was ok. > I could use the WEP protected network of my housemate with no issues, I > installed several apps, surfed the web and checked emails. > > I started playing with all the settings like allow 802.11g only, intra BBS > etc but the result was always the same. > > I am a bit at a loss here. I still believe the problem is mainly on the > phone. But other APs can work perfectly with it. I wonder if there is a way > to make pfSense work like them and allow the phone to use the network. > > I monitored the traffic with the phone from its connection to when it stops > responding. It didn't help me much but maybe somebody can spot interesting > clues there. > > 17:55:01.669458 IP (tos 0x0, ttl 64, id 32436, > offset 0, flags [none], proto ICMP (1), length 48) 192.168.71.1 > > 192.168.71.198: ICMP echo request, id 63553, seq 0, length 28 > 17:55:02.018578 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto > UDP (17), length 328) 192.168.71.1.bootps > 192.168.71.198.bootpc: [udp sum > ok] BOOTP/DHCP, Reply, length 300, xid 0xb078fb1a, Flags [none] (0x) > Your-IP 192.168.71.198 > Client-Ethernet-Address 00:26:68:04:de:05 (oui Unknown) > Vendor-rfc1048 Extensions > Magic Cookie 0x63825363 > DHCP-Message Option 53, length 1: Offer > Server-ID Option 54, length 4: 192.168.71.1 > Lease-Time Option 51, length 4: 7200 > Domain-Name-Server Option 6, length 4: 192.168.71.1 > Domain-Name Option 15, length 12: "nglrossi.com" > Subnet-Mask Option 1, length 4: 255.255.255.0 > Default-Gateway Option 3, length 4: 192.168.71.1 > 17:55:02.025847 IP (tos 0x10, ttl 16, id 0, offset 0, flags [none], proto > UDP (17), length 328) 192.168.71.1.bootps > 192.168.71.198.bootpc: [udp sum > ok] BOOTP/DHCP, Reply, length 300, xid 0xb078fb1a, Flags [none] (0x) > Your-IP 192.168.71.198 > Client-Ethernet-Address 00:26:68:04:de:05 (oui Unknown) > Vendor-rfc1048 Extensions > Magic Cookie 0x6382
