[pfSense Support] Simple? NAT question
PFSense 1.2.3 Embedded Release on an Alix 2c3 Local network is 10.0.1.x subnet Trying to get port forwarding setup so that inbound connections on static public IP/WAN/port 80 get forwarded to LAN 10.0.1.4 Went to NAT > Port Forward and Setup a new rule that says: If - Proto - Ext. port range - NAT IP - Int. port range - Description WAN - TCP/UDP - 80 (HTTP) - 10.0.1.4 - (ext.: any) - 80 (HTTP) - WAN to 10.0.1.4 I let the NAT rule creation create the following Firewall rule: Proto - Source - Port - Destination - Port - Gateway - Schedule - Description TCP/UDP - * - * - 10.0.1.4 - 80 (HTTP) - * - none - NAT 80 to 10.0.1.4 This is driving me batty. I've setup NAT before and never run into any problems-I've compared this attempt to known good configs, as well as searched the message boards with no luck. I've already swapped out the hardware to try and rule that out. There aren't any other rules configured other than the defaults, and the only thing that this box is doing is being a router and pptp vpn server. Any help is appreciated. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] hybrid storage?
On Dec 11, 2009, at 6:13 AM, Jim Pingle wrote: On 12/11/2009 10:50 AM, David Burgess wrote: I've been happily using 1.2.3-RC1 for many months now on a Soekris net5501 and a 100GB 2.5" SATA drive. I like the idea of an embedded system on a CF card, but that's not possible or advisable for me as I'm running the squid and freeswitch packages. I was wondering however, if it would be difficult, inadvisable, or of no advantage to hack together an embedded system to run from a read-only CF card that mounts certain filesystems on writable media, such as a hard drive, where temp data such as disk cache and audio recordings would live. I've thought a bit about this in the past, and it might be doable in the future or via some kind of filesystem management package, if someone were to come up with one, but it isn't something that would be recommended (at least not yet) or supported. I don't know a tonne about the innards of pfsense and I've never played with the nanoBSD version. Is this something that would work in principle? Would it exploit the benefits of a read-only root filesystem (cold-reset resiliency, The moment you have a drive mounted rw, you lose this. :-) improved fs security, system responsiveness)? Would it require a lot of messing, besides manually altering /etc/fstab? You'd also have to alter the packages (or create appropriate symlinks if they can be followed by the application) to point those directories or files at the new storage location. Some packages might have built-in path settings and you'd just need to change the paths and hit save. Otherwise, you may need to alter the code for the package. As with most things, if you want to experiment, it's up to you, but do so with caution (and plenty of backups) and remember that you'll be out on a limb without a net to catch you if something breaks. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I might be missing the boat here, but what about using a 2.5" SSD instead of flash + normal HD? That way you get the benefit of solid state, plus you have the space & performance for a regular file system so you can run all the packages you want. Granted, SSDs aren't the cheapest things around, but it seems like a simpler solution. I've been considering an SSD paired with a 19" Supermicro case + intel atom that was pointed out in another discussion thread. Besides the cost of the SSD, can anyone fill me in on why an SSD wouldn't be good for running the full version of PFsense with packages? Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] DNS corrupt? How to fix
So there is one website which I know to be up and working that I am trying to access. When I am behind my pfsense/Alix 2c3, it does not work (will not load in a browser, will not ping, however every other site on the internet works--this holds true for any computer on the network). When I plug the modem directly into computer, the site in question loads right up. A week or so ago I was changing DNS servers in my PF webgui... could I have corrupted a DNS cache somewhere? I tried resetting to factory defaults and restoring my config, but that did not work. Any ideas? Is there a way to flush everything stored on the device but the config? Thanks for the help, looking forward to the book... Any chance there will be a kindle version? Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Help with Siproxd
On Aug 3, 2009, at 11:32 PM, Aarno Aukia wrote: As 1.2.3 hasn't been released yet, I assume you are using 1.2.3-rc1. You said you installed the siproxd package on 1.2.3-rc1 embedded ? Have you: - configured siproxd ? services -> siproxd, set the in- and outbound interfaces, port ranges etc - added firewall rules to WAN to allow the configured port ranges ? - configured AON by simply clicking "Manual Outbound NAT rule generation" in Firewall -> NAT -> Outbound, leaving the default rule untouched and applying ? -Aarno On Tue, Aug 4, 2009 at 11:08, Jeremy Bennett wrote: On Aug 3, 2009, at 6:29 PM, David Burgess wrote: On Mon, Aug 3, 2009 at 9:55 PM, Jeremy Bennett wrote: When I install siproxd, everything looks good, however when I go to my "services" page and press the "play/start" button, PFsense reports that "siproxd has been started", but when the page refreshes, the status still shows up as "stopped". Have you tried refreshing the Services>>Status page after waiting a few more seconds? I haven't used the siproxd package, but I know that some services take longer to start than it does for the page to refresh. db Yes I have waited for 30 seconds, a minute, 5 minutes, It never changes from "stopped" - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Checked through Aarno's suggestions. Was able to get siproxd to "running" status. Next issue to wade through: My VOIP provider doesn't use RTP. If I disable RTP in siproxd, it won't run. Does that mean I am out of luck? Mahalo, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Help with Siproxd
On Aug 3, 2009, at 6:29 PM, David Burgess wrote: On Mon, Aug 3, 2009 at 9:55 PM, Jeremy Bennett wrote: When I install siproxd, everything looks good, however when I go to my "services" page and press the "play/start" button, PFsense reports that "siproxd has been started", but when the page refreshes, the status still shows up as "stopped". Have you tried refreshing the Services>>Status page after waiting a few more seconds? I haven't used the siproxd package, but I know that some services take longer to start than it does for the page to refresh. db Yes I have waited for 30 seconds, a minute, 5 minutes, It never changes from "stopped" - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Help with Siproxd
Aloha, I'm running 1.2.3 on an Alix 2d3 and recently discovered the problem with PFsense + more than one sip phone the hard way. I'm using 5 polycom phones with a VOIP service (server is offsite) and would like to get PFsense working. Anyway, I've read about AON or editing "/etc/inc/filter.inc" on this thread: http://forum.pfsense.org/index.php?topic=12830.msg72156 I'm not comfortable with either solution since configuring AON or editing filter.inc is beyond me. Since I have 1.2.3 embedded, I figured I'd just install siproxd and be done with it (looking for the eaiest, GUI driven solution here). When I install siproxd, everything looks good, however when I go to my "services" page and press the "play/start" button, PFsense reports that "siproxd has been started", but when the page refreshes, the status still shows up as "stopped". Any help is appreciated. My knowledge of this is limited to what the GUI allows and setting up basic VPN stuff. My BSD knowledge is pretty limited. Mahalo, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] First Embedded System
I've had nothing but success with the Alix boards. They are very reliable. I usually setup the Alix with a gigabit switch (unmanaged) and then run an AP either off of the switch or OPT1 depending on client need. Alix with PF is a very high value solution. Cost of parts relative to function of hardware/software is amazing. If you are concerned about reliability, they are cheap enough to have a full set of backup parts on hand. Just order 2, prepare them at the same time, and make sure you have a backup of your config file handy. Also, if you want to ever move to more powerful hardware, I'm pretty sure you can take your config file and upload it to your new install and not have to reconfigure. On Apr 8, 2009, at 6:39 AM, Curtis LaMasters wrote: Everything I have heard and actually witnessed with the ALIX systems is that they are very stable. There has been discussion about reasons to use the full image on the ALIX systems instead of the embedded version but I cannot speak as to why. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Apr 8, 2009 at 11:13 AM, Joseph L. Casale wrote: I am about to order hardware to make my first embedded system and am thinking of an ALIX.2D3 as it covers port wise all that I need. This will function for a very small lan <10 clients, are there any opinions anyone can share about possibly better choices or more reliable setups? Thanks for any points! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN issue
I do have a rule connecting PPTP traffic to the LAN subnet. I've forwarded traffic (on the router that handles the t1) on the public IP's port 80 to the address (10.0.0.200) of the Alix/PF but cannot raise the webgui from off network. On Feb 17, 2009, at 6:35 PM, Jeremy Bennett wrote: Hello, I setup an Alix 2c3 embedded PFsense to serve as a VPN device. The main router terminates a VPN and is an Adtran Netvanta 3000 series device. The netvanta forwards all traffic on port 1723 to the PFsense box at 10.0.0.200. The PF PPTP server sits at 10.0.0.253 and assigns IPs from 10.0.0.148 on up. I've tried the VPN connection when on the local network and authenticate to 10.0.0.200 immediately. I'm trying to connect remotely and cannot. How do I begin troubleshooting this? Thanks for the help, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] VPN issue
Hello, I setup an Alix 2c3 embedded PFsense to serve as a VPN device. The main router terminates a VPN and is an Adtran Netvanta 3000 series device. The netvanta forwards all traffic on port 1723 to the PFsense box at 10.0.0.200. The PF PPTP server sits at 10.0.0.253 and assigns IPs from 10.0.0.148 on up. I've tried the VPN connection when on the local network and authenticate to 10.0.0.200 immediately. I'm trying to connect remotely and cannot. How do I begin troubleshooting this? Thanks for the help, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Recommended pfSense Hardwar e (UK ~£100) ?
Alix is a great solution. I've setup a few of them and they have proven very stable/trouble-free. Alix + PF is an extremely high value setup. I did run PF on the cheapest PC I could build at newegg ($275USD or so) with a number of intel NICs from ebay for 6 months or so, until I found the Alix2c3. While initially a little harder to setup, the Alix has proven to be a much better solution in terms of size, power draw, ease of maintenance, stability, etc. On Feb 13, 2009, at 3:29 AM, Eugen Leitl wrote: On Fri, Feb 13, 2009 at 01:41:44PM +0100, Rainer Duffner wrote: The Alix can do what? Close to 50 MBps, IIRC. 80-90, probably. So, for 5 MPs, a used WRAP could do as well. If you can get one, it's EOL http://pcengines.ch/wrap.htm I thought my WRAP ran hotter than my ALIX now, but apparently it's also only 3-5 W. I've got 5000/500 here and the WRAP was never the problem. I swapped it out for an Alix, though. To bad that the pound lost so much, or you could get two used WRAPs for that amount of money ;-) -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense 1.2 Alix VPN
Thanks for all of the suggestions. Tunnelblick and Viscosity look like good options. Here is another VPN related question: I've been using PPTP to date since it is dead simple to setup. If I need to connect to another site via PPTP, I need to turn off PPTP on my local box. Something about the limitation of PPTP in its current implementation or something... either way, turning off local PPTP server for the duration of my outbound session has been my workaround, but I don't always remember to turn it back on. Were I to switch to OpenVPN, would I be bound to the same limitation, or would I be able to leave the local OpenVPN server running while connecting to another external OpenVPN Pfsense box? On Feb 10, 2009, at 9:46 PM, Ihsan Dogan wrote: Am 10.2.2009 4:24 Uhr, Chris Buechler schrieb: Thank you for review. I typically use PPTP cause it is quick and easy, and supported natively by Mac OS X and Windows. Do you have a favorite OpenVPN client for OS X? I use http://code.google.com/p/tunnelblick/ There are certain issues with Tunnelblick. I'm using Viscosity VPN [1] already for a few weeks. Works really good and it's well integrated into MacOS. [1] http://www.viscosityvpn.com/ Ihsan -- ih...@dogan.ch http://blog.dogan.ch/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense 1.2 Alix VPN
RB, Thank you for review. I typically use PPTP cause it is quick and easy, and supported natively by Mac OS X and Windows. Do you have a favorite OpenVPN client for OS X? Mahalo, Jeremy On Feb 9, 2009, at 5:01 PM, RB wrote: On Mon, Feb 9, 2009 at 19:01, Jeremy Bennett wrote: 4) Assign a address of 10.0.0.X on the same subnet as everything else to the LAN port (making sure that it doesn't conflict with anything else) 5) Turn on the PPTP VPN server with another 10.0.0.X address (making sure that it doesn't conflict with anything else) 6) Create a firewall rule to pass all traffic on PPTP server to same subnet 6) Forward all traffic on port 1723 to the PFsense/Alix box. 7) connect the LAN port to the network. Am I leaving anything out? Should I disable anything else? Is this crazy? Typical VPN-on-a-stick configuration, but I can't imagine why anyone would elect to use PPTP over OpenVPN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Pfsense 1.2 Alix VPN
Hello, I was using PFsense 1.2 on an Alix 2c.3 as the primary router on my network. Switching to VOIP and upgrading our connection to a T1 required using a router that was recommended/provided to us by the VOIP provider. Switching to this new router was fine with me since it can terminate the T1, increased the number of available ports, and it provides PoE for the phones, but it doesn't do VPN, so I can't remote in. Because it worked so well previously, I'd like to put my PFsense/Alix box back on the network as a VPN server. I've yet to work through this solution, but I'm going to do the following: 1) reset the PF box to defaults 2) Run the install wizard again 3) Disable DHCP 4) Assign a address of 10.0.0.X on the same subnet as everything else to the LAN port (making sure that it doesn't conflict with anything else) 5) Turn on the PPTP VPN server with another 10.0.0.X address (making sure that it doesn't conflict with anything else) 6) Create a firewall rule to pass all traffic on PPTP server to same subnet 6) Forward all traffic on port 1723 to the PFsense/Alix box. 7) connect the LAN port to the network. Am I leaving anything out? Should I disable anything else? Is this crazy? Thanks for the help, Jeremy - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Intel Atom Motherboards or Similar Systems
I'll second the vote for netgate/alix. Setting it up is a little more involved that installing it on normal hardware, with firmware updates and serial cables, but the hard work is already done. This is the guide I followed: http://www.forums.cory.lievers.ca/viewtopic.php?t=196 Good luck, Jeremy On Jan 13, 2009, at 2:26 PM, David Rees wrote: On Tue, Jan 13, 2009 at 3:44 PM, Chuck Mariotti wrote: I have been looking at Atom based systems for a while. I keep drooling over these cheapo, compact, low power units. I'd really like to replace my 1Ghz, 1GB, 1U machine running pfSense with one. Are these things supported in pfSense? Is anyone using them or can recommend a board or specific system? I just need dual network/LAN. I have been looking at Jetway and Intel boards. Any suggested configs (and accessories, riser cards, CF, etc...) or alternatives would be appreciated. Here ya go: http://www.netgate.com/product_info.php?cPath=60_84&products_id=671 Alix 6B2 Kit. 2 10/100 NICs, 500MHz Geode processor, 256MB RAM, 512MB flash, $180. All you need to run pfSense. And only draws about 5w from the wall. Only drawback is that you have to pull the flash card when you want to upgrade an embedded system - for my production systems I keep an extra flash card around (less than $20) flash that and load it with a config backup so that downtime is minimal when upgrading. Basically as long as it takes for you to pull the thing apart and swap out a flash card. If the case had an opening for the flash card it'd be even faster (have been tempted to dremel out an opening to make flash card swapouts and upgrades extremely quick). They also make the Alix boards with 3 NICs and you can also load them up with a miniPCI wireless card, too if you want that. -Dave - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP problem
Next time I am on the same physical network as the box, I certainly will Thank you! On May 8, 2008, at 8:31 PM, Mogamat Abrahams wrote: Chris Buechler wrote: Yes, it does. Only PPTP rules apply to PPTP connections. Ok then its back to basics hey! Jeremy, please Send a copy of your Status:System Log, perhaps you also want to turn on packet capture and then connect and try to access your machines. Let see the output of that as well, if possible. Mogamat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP problem
Thank you for the help. I've considered this, but once I've established a VPN connection, shouldn't that put me on the LAN where the NAT firewall rules on the WAN don't apply? On May 7, 2008, at 10:52 PM, Mogamat Abrahams wrote: Jeremy Bennett wrote: When I try to connect to the file server, the connection times out. When I try to connect to the WebGUI, no dice either. Most likely your webgui and ssh are still on the default ports, which you have just redirected to another machine! I would suggest changing your webgui and ssh to a non standard port - maybe something like 8000 & 8001, then trying to connect again. Those settings are in System:General and System:Advanced Mogamat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] PPTP problem
I'm running PFsense 1.2 Embedded on an Alix2c3. Everything works (and has been working) good as far as I can tell. The problem I'm having is related to PPTP connections. At the location this box is running at, the PPTP server is on. I used to be able to VPN in and access network resources (connect to file server via AFP, access router webGUI). A little while ago I used NAT to redirect SSH and HTTPS to an internal IP so a vendor could work on a local ReadyNAS unit. It seems like since then, I've not been able to access anything on the local network... I can connect to the PPTP server, it issues me an IP on the local subnet (router is at 192.168.1.1, PPTP server is at 192.168.1.3) like 192.168.1.144 via DHCP. When I try to connect to the file server, the connection times out. When I try to connect to the WebGUI, no dice either. When I try to ping the router's IP, I get no response. No error, but no response. Same thing happens when I try to ping other IPs on the network. Any ideas? How do I begin to troubleshoot this? I've restarted the PPTP server and rebooted the device. If I'm behind my PFsense install, I've turned off my PPTP server. I've even gone so far as to plug my laptop directly into my DSL modem to ensure that nothing on the local network is interfering. I've tried from different computers at different locations with the same result. Thank you for the help. Aloha, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multiple SSID on single physical wireless interface
I run PFsense 1.2 on an embedded alix board, and use the extra OPT1 port to run my wireless. Rather than order a wireless add-on, I use a Linksys WRT54GL running either sveasoft or DD-WRT firmware (with DHCP turned off) as a wireless bridge. This has proven to be very stable, as well as giving me increased flexibility in terms of mounting the wireless unit. The aftermarket router firmwares allow virtual wireless interfaces. Stable + flexible. On Apr 20, 2008, at 4:11 PM, Chris Buechler wrote: On Sun, Apr 20, 2008 at 10:04 PM, David C P Gray <[EMAIL PROTECTED]> wrote: Hi All, Apologies if this capability already exists and I have just missed it... Are there any plans to implement virtual wireless interfaces in pfSense, thus allowing one to define multiple wireless networks that share a single physical interface. Funny you should ask today. Support for this was committed to FreeBSD earlier today: http://groups.google.com/group/lucky.freebsd.cvs.src/browse_thread/ thread/b0699e78c85f98da# " Multi-bss (aka vap) support for 802.11 devices. " To FreeBSD HEAD/8.0. I don't believe this will ever be in 7.x, so it won't be in pfSense 1.3. But the version after that will have it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dumb VPN question
More information is a good thing. GRE limitations be damned--PFsense is still the best. This does explain why I've been able to connect to other PPTP vpn servers (likely linux based). On Mar 12, 2008, at 6:13 AM, Angelo Turetta wrote: Jeremy Bennett wrote: Guys, Thank you for the confirmation and the pointer in the right direction. Anil -- exactly what I was looking for! With everyone's advice, things are now working smoothly. BSD PPTP limitations be damned--PFsense is the best! Let's not generalize too much. The 'real' limitation (in the GRE protocol, not really BSD) is just: no more than one GRE tunnel between any two endpoints (no matter whether each endpoint be nat- ed or bound to the public IP). Actually, years ago Microsoft (as the largest 'consumer' of GRE) has added a session ID inside some GRE headers: so now it is possible to distinguish the GRE packets belonging to different sessions between the same enpoints, as long as the server is running Windows. But by now, only ipfilter can take advantage of this nonstandard extension when doing NAT (don't know about Linux's iptables). If your WAN has more than 1 IP address, you can hack around some limitations/over-simplifications of the current pfSense-generated rules. If the endpoint of your NAT-ed connection is different from all of the active clients of your pfSense PPTP server, even if your WAN has only one public IP, it should 'just work'. But it doesn't, because the PHP code generates rules like these: # PPTP rdr on \$wan proto gre from any to any -> $pptpdtarget rdr on \$wan proto tcp from any to any port 1723 -> $pptpdtarget (pptptarget is 127.0.0.1 when the pfSense is acting as a server) I once had some patches to correct this, but it was for an old version of pfSense, you'd better redo it from scratch. Angelo. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dumb VPN question
Guys, Thank you for the confirmation and the pointer in the right direction. Anil -- exactly what I was looking for! With everyone's advice, things are now working smoothly. BSD PPTP limitations be damned--PFsense is the best! Aloha, Jeremy On Mar 11, 2008, at 11:26 AM, Chris Buechler wrote: Scott Ullrich wrote: On 3/11/08, Jeremy Bennett <[EMAIL PROTECTED]> wrote: Hello all, I think this has been asked in the past, but I'm looking for current (1.2) info. If I am sitting behind a PFsense firewall (which happens to be running its own PPTP server), can I connect to another PFsense firewall's PPTP VPN at a client location? I'm not interacting with my own PPTP firewall while attempting to connect to my client location... If anyone can confirm that this is possible, I will continue troubleshooting. No. Same issue as before. Described in detail on the Features page of the website, under PPTP limitations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dumb VPN question
Hello all, I think this has been asked in the past, but I'm looking for current (1.2) info. If I am sitting behind a PFsense firewall (which happens to be running its own PPTP server), can I connect to another PFsense firewall's PPTP VPN at a client location? I'm not interacting with my own PPTP firewall while attempting to connect to my client location... If anyone can confirm that this is possible, I will continue troubleshooting. Mahalo, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Transfer config from full to embedded
Mark, Thanks for the confirmation. I've proceeded, with success. My office is much quieter now! We'll see what sort of savings are on next months electric bill. Go Alix 2C3! Mahalo, Jeremy On Feb 24, 2008, at 8:46 PM, Mark Slatem wrote: Hi Jeremy, I can confirm you can do that, as I have just done it on my Alix 2c3 that has just arrived. What I did, is before making current backup from the PC , I removed all the additional packages that are not supported on the embedded version. Then I made a backup, restored it to alix, and wallah all working perfectly not one issue, my open vpn site to site tunnels and all came up automatically. The import wizard will ask you what interface on the alix you want to make LAN, WAN etc Cheers Mark On Mon, Feb 25, 2008 at 7:28 AM, Jeremy Bennett <[EMAIL PROTECTED]> wrote: I have a regular handbuilt machine with multiple NICs running pfsense v1.2RC4 Can I back up the config using the diagnostics > Backup/Restore feature, take the resulting file, and transfer it to an embedded install (Alix 2c3) running 1.2 RC4? I'd like to be able to replace my current PFsense machine with the embedded hardware, and not have to reconfigure everything. Thanks, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Transfer config from full to embedded
I have a regular handbuilt machine with multiple NICs running pfsense v1.2RC4 Can I back up the config using the diagnostics > Backup/Restore feature, take the resulting file, and transfer it to an embedded install (Alix 2c3) running 1.2 RC4? I'd like to be able to replace my current PFsense machine with the embedded hardware, and not have to reconfigure everything. Thanks, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Example configuration for PC Engines board
Galen, I'm frugal, but I'm also all about easy. I bought a serial cable just to make everything go smooth. Having done that, I upgraded the firmware on my Alix board, put RC4 on there, and it booted right up. Set my interfaces up, and was ready to go. I don't know if this approach is easier than editing .XML files, but it was pretty cool to see everything working as advertised, and it speaks to the quality of the available tutorials. Aloha, Jeremy On Feb 18, 2008, at 11:52 AM, Oliver von Bueren wrote: [EMAIL PROTECTED] wrote: I am trying to avoid getting out a serial cable. I need a working example for a PC Engines board. I have manually changed the interface names to vr0/vr1/vr2 but I'm still not getting activity. Can somebody please show me concrete examples of config.xml that are working for you? Hi Galen Is it a very new one? If yes, and it doen't have the latest firmware on it (v0.99), namely a v0.98 version, the current image (RC4) will hang during boot. To make sure you have to get your serial (null-modem) cable up and running. The one shipped to me a couple of weeks ago had 0.98 on it and therefore did not complete booting up. Oliver - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SV: [pfSense Support] New Build
Thanks everyone for the help. I'm going to start with a ALIX.2C3 from Netgate when they are available next week. As they are more affordable than the FX5620 I'll be able to stock spares, though I do look forward to finding a stateside vendor for a 6 lan port model. On Nov 5, 2007, at 12:12 PM, Chris Buechler wrote: Jeremy Bennett wrote: Anders, Thank you for your firsthand account. I was looking at this unit, but concerned about the realtek nics... I've had problems with those in the past, but if it works for you, then I'm interested. Are you able to use each of the 6 lan ports on this unit as a different interface/subnet in PFsense? If so, PFsense makes this a heavy duty little box. I stated it somewhere in a forum post recently I believe, the Realtek NIC's in embedded hardware always seem to be very reliable (contrary to some of the wide array of PCI cards with Realtek chipsets that are out there). I have multiple embedded devices with Realtek NIC's from vendors on our recommended vendors page, including a FX5620, and they're all rock solid. I use mine as a VLAN router at home, trunk on the gig interface with other network segments coming into other interfaces. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SV: [pfSense Support] New Build
Anders, Thank you for your firsthand account. I was looking at this unit, but concerned about the realtek nics... I've had problems with those in the past, but if it works for you, then I'm interested. Are you able to use each of the 6 lan ports on this unit as a different interface/ subnet in PFsense? If so, PFsense makes this a heavy duty little box. (too bad about the current USD exchange rate though). Thanks Again, Jeremy On Nov 4, 2007, at 6:57 PM, Anders Dahl wrote: Hi Mahalo I've been running 1.0.1-embedded on a FX5620, available at linitx.com http://linitx.com/viewproduct.php?prodid=10909. It's been running now for 6 months, without any problems at all. Kind regards Anders Dahl -Oprindelig meddelelse- Fra: Jeremy Bennett [mailto:[EMAIL PROTECTED] Sendt: 5. november 2007 05:00 Til: support@pfsense.com Emne: [pfSense Support] New Build I've been running PFsense successfully on a handbuilt PC for about a year now, and am stoked that it works so well. I'd like to move onto the next step and do an embedded setup. Can anyone recommend the best board/vendor for this approach? I'd like to have at minimum 3 lan ports, but also optimize for ease of setup/maintenance. Any recommendations from those that have already done this? Mahalo, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] New Build
I've been running PFsense successfully on a handbuilt PC for about a year now, and am stoked that it works so well. I'd like to move onto the next step and do an embedded setup. Can anyone recommend the best board/vendor for this approach? I'd like to have at minimum 3 lan ports, but also optimize for ease of setup/maintenance. Any recommendations from those that have already done this? Mahalo, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange network behavior
I had hooked a machine to the internet and proved that the problem didn't exist... My cables are known good. I put another NIC in the box (again, the intel ones PF likes) and assigned that as WAN. I assigned the NIC on the mobo as opt 2 (not currently in use). Using the 3rd intel NIC as WAN appears to clear up the problem. Don't know why, but at least everything works now. On Apr 22, 2007, at 2:16 PM, Rob Terhaar wrote: On 4/21/07, Jeremy Bennett <[EMAIL PROTECTED]> wrote: I've been using PFsense successfully for a number of months now. In the past week, my connection to the internet has seemed 'herky- jerky', i.e. sometimes I can get mail, IM and www working, other times it seems to hang for a minute or two. I confirmed this by using the test at www.speedtest.net. I'm able to reliably connect, but the connection speed jumps all over the place. I contacted our ISP for support, and they confirmed proper function of the modem (which I confirmed by cabling a laptop straight into the modem and testing). I've configured my PF box with WAN, LAN, and LAN 2. LAN is a wired network with my machines on it, and LAN2 has 2 wireless bridges connected to it. I have it set to assign my laptop a specific IP so I'm able to connect from the wireless on LAN2 to the wired LAN network. Other than that there is no cross subnet traffic. The PF box is an Asus mobo with a 2.6 ghz celeron, 512 mb of ram and a 40gb HD. WAN is using the built-in NIC on the mobo and LAN and LAN2 are both intel network cards. I've reinstalled PF on a new hard drive to rule out hardware (backing up and restoring settings from drive to drive), worked with the ISP, everything on the local network seems fine (I can connect reliable from machine to machine), but how do I begin to troubleshoot this? hook a computer directly to the internet, bypass the pfsense box and see if the problem still exists. If it doesn't then try pfsense on a different computer, with different nics, and different ethernet cables. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Strange network behavior
I've been using PFsense successfully for a number of months now. In the past week, my connection to the internet has seemed 'herky- jerky', i.e. sometimes I can get mail, IM and www working, other times it seems to hang for a minute or two. I confirmed this by using the test at www.speedtest.net. I'm able to reliably connect, but the connection speed jumps all over the place. I contacted our ISP for support, and they confirmed proper function of the modem (which I confirmed by cabling a laptop straight into the modem and testing). I've configured my PF box with WAN, LAN, and LAN 2. LAN is a wired network with my machines on it, and LAN2 has 2 wireless bridges connected to it. I have it set to assign my laptop a specific IP so I'm able to connect from the wireless on LAN2 to the wired LAN network. Other than that there is no cross subnet traffic. The PF box is an Asus mobo with a 2.6 ghz celeron, 512 mb of ram and a 40gb HD. WAN is using the built-in NIC on the mobo and LAN and LAN2 are both intel network cards. I've reinstalled PF on a new hard drive to rule out hardware (backing up and restoring settings from drive to drive), worked with the ISP, everything on the local network seems fine (I can connect reliable from machine to machine), but how do I begin to troubleshoot this? Thank you, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] new user... need help with Rules
AHA! Holger, Espen, Thank you. Holger, apologies - I had that first rule that passed LAN2 Traffic to WAN and everything else... I didn't realize it was working against me. Now I realize that I only need two rules on the LAN2 net to do what I was aiming for. Success. Mahalo, Jeremy On Feb 28, 2007, at 11:51 AM, Espen Johansen wrote: This is how I deal with wireless to internet acess but not lan. add a rule that says: Pass WLAN-subnet to destination NOT (!) LAN (meaning if it's not rying to acess lan then it's all good) You can also add rules to drop connections from WLAN clients to destination firewall when port is 80/22 (GUI/ssh) etc. Then VPN into the firewall from WLAN zone to acess LAN. -lsf On 2/28/07, Jeremy Bennett <[EMAIL PROTECTED]> wrote: In review, I'd like to grant full access to the internet for all computers on LAN (private, wired, my machines) and LAN2 (wireless segment - friends, families, neighbors). I'd like to make LAN invisible as far as LAN2 is concerned, yet allow my laptop to access LAN when it is attached to LAN2 wirelessly. I may not have been totally clear... I still need my LAN2 to see the internet, so the first rule WAS: PASS | Proto: * | Source: LAN2 net | Port: * | Destination: * | Port: * | Gateway: * So I changed it as such PASS | Proto: * | Source: * | Port: * | Destination: WAN address | Port: * | Gateway: * (Pass LAN2 to wan) PASS | Proto: * | Source: 192.168.12.99 | Port: * | Destination: * | Port: * | Gateway: * (Pass Powerbook to LAN) PASS | Proto: * | Source: LAN2 net | Port: * | Destination: ! LAN net | Port: * | Gateway: * (Block LAN2 from LAN) It seems to work... Have I introduced any sort of horrible security issue by doing this? Thanks for the help. > > > On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote: > >> First create a DHCP-server fort he LAN2 segment at services| >> dhcpserver|lan2-tab and add a static mapping for the mac of your >> notebook. >> >> Then go to firewall|rules|lan2tab >> Add a rule: pass, protocol any, source (IP of notebook), >> destination any, gateway default >> >> Below this add a rule: pass protocol any, source lan2 net, >> destination NOT LAN, gateway default >> >> That's all that is needed. >> >> Holger >> >> -Ursprüngliche Nachricht- >> Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Gesendet: Montag, 26. Februar 2007 10:39 >> An: support@pfsense.com >> Betreff: [pfSense Support] new user... need help with Rules >> >> I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an >> address >> via DHCP from local cable provider. LAN (192.168.12.1) is my (soon >> to be) >> private network, and LAN2 (192.168.12.1) has a couple of wireless >> bridges|APs at 192.168.12.253 & 254. What I need to do is create a >> rule >> that blocks traffic between LAN2 and LAN, yet still allows my laptop >> (192.168.12.99, assigned via MAC|static) to access LAN while >> wirelessly >> connected to LAN2. Any help or guidance on this is much appreciated. >> >> Mahalo, >> Jeremy >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] new user... need help with Rules
In review, I'd like to grant full access to the internet for all computers on LAN (private, wired, my machines) and LAN2 (wireless segment - friends, families, neighbors). I'd like to make LAN invisible as far as LAN2 is concerned, yet allow my laptop to access LAN when it is attached to LAN2 wirelessly. I may not have been totally clear... I still need my LAN2 to see the internet, so the first rule WAS: PASS | Proto: * | Source: LAN2 net | Port: * | Destination: * | Port: * | Gateway: * So I changed it as such PASS | Proto: * | Source: * | Port: * | Destination: WAN address | Port: * | Gateway: * (Pass LAN2 to wan) PASS | Proto: * | Source: 192.168.12.99 | Port: * | Destination: * | Port: * | Gateway: * (Pass Powerbook to LAN) PASS | Proto: * | Source: LAN2 net | Port: * | Destination: ! LAN net | Port: * | Gateway: * (Block LAN2 from LAN) It seems to work... Have I introduced any sort of horrible security issue by doing this? Thanks for the help. On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote: First create a DHCP-server fort he LAN2 segment at services| dhcpserver|lan2-tab and add a static mapping for the mac of your notebook. Then go to firewall|rules|lan2tab Add a rule: pass, protocol any, source (IP of notebook), destination any, gateway default Below this add a rule: pass protocol any, source lan2 net, destination NOT LAN, gateway default That's all that is needed. Holger -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. Februar 2007 10:39 An: support@pfsense.com Betreff: [pfSense Support] new user... need help with Rules I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an address via DHCP from local cable provider. LAN (192.168.12.1) is my (soon to be) private network, and LAN2 (192.168.12.1) has a couple of wireless bridges|APs at 192.168.12.253 & 254. What I need to do is create a rule that blocks traffic between LAN2 and LAN, yet still allows my laptop (192.168.12.99, assigned via MAC|static) to access LAN while wirelessly connected to LAN2. Any help or guidance on this is much appreciated. Mahalo, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] new user... need help with Rules
Hmmm... I'm doing something wrong. I got it to assign my laptop the proper address. I did this: Then go to firewall/rules/lan2tab Add a rule: pass, protocol any, source (IP of notebook), destination any, gateway default Then I did this: Below this add a rule: pass protocol any, source lan2 net, destination NOT LAN, gateway default Which is where I went wrong. I've put in the following: Action - Pass; Interface - LAN2; Protocol - Any; Source - LAN2 subnet; Destination - NOT 'LAN subnet'; Gateway - default. I think the problem is with my Source/Destination type... once rules are applied, they go into effect as soon as the filter is reloaded, correct? My main goal is to make LAN totally invisible as far as LAN2 is concerned. Thank you again for your help. Mahalo, Jeremy On Feb 26, 2007, at 1:13 AM, Holger Bauer wrote: First create a DHCP-server fort he LAN2 segment at services/ dhcpserver/lan2-tab and add a static mapping for the mac of your notebook. Then go to firewall/rules/lan2tab Add a rule: pass, protocol any, source (IP of notebook), destination any, gateway default Below this add a rule: pass protocol any, source lan2 net, destination NOT LAN, gateway default That's all that is needed. Holger -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. Februar 2007 10:39 An: support@pfsense.com Betreff: [pfSense Support] new user... need help with Rules I have pFsense 1.0.1, with a WAN, LAN and LAN2. The WAN gets an address via DHCP from local cable provider. LAN (192.168.12.1) is my (soon to be) private network, and LAN2 (192.168.12.1) has a couple of wireless bridges/APs at 192.168.12.253 & 254. What I need to do is create a rule that blocks traffic between LAN2 and LAN, yet still allows my laptop (192.168.12.99, assigned via MAC/static) to access LAN while wirelessly connected to LAN2. Any help or guidance on this is much appreciated. Mahalo, Jeremy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Smallest drive for PFsense
I've successfully installed on a 4 gb card... only reason I am trying this is 2 hard drives in a row wouldn't boot... the drives are known good too. I reset the bios, and am about to try on the HD again. (The CF card does have a lifetime warranty BTW). Thank you for the input. jbennett On Nov 30, 2006, at 4:26 PM, Craig FALCONER wrote: Mine's a 256 Mb card at home, which is fine. It will run on a 128 Mb card, but its just a bit close sometimes. Given prices these days, get a 256 Mb CF card. BTW don't bother getting a fast one... The 66x and 133x don't anything for you, and can cause more problems. -Original Message- From: Jeremy Bennett [mailto:[EMAIL PROTECTED] Sent: Friday, 1 December 2006 3:03 p.m. To: support@pfsense.com Subject: [pfSense Support] Smallest drive for PFsense How much space will PFsense install in? I'd like to install it on a CF card on a full size PC (not WRAP) and am curious what size card I can/should use (or if it is even a good idea). Thank you, jbennett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Smallest drive for PFsense
What if I wanted to use the installer of the liveCD with package support? What size would be optimal? The only package I'm likely to install would be the squid proxy Thank you, jbennett On Nov 30, 2006, at 4:07 PM, Holger Bauer wrote: Your cf media needs at least 128 mb. You can run the embedded image from that, however you will not have package support then. Packages are only supported on full installs. Also note that the console output is at serial console and you need a serial nullmodem cable to assign interfaces the first time you boot it up for the embedded image. Holger -Original Message- From: Jeremy Bennett [mailto:[EMAIL PROTECTED] Sent: Friday, December 01, 2006 3:03 AM To: support@pfsense.com Subject: [pfSense Support] Smallest drive for PFsense How much space will PFsense install in? I'd like to install it on a CF card on a full size PC (not WRAP) and am curious what size card I can/should use (or if it is even a good idea). Thank you, jbennett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Smallest drive for PFsense
How much space will PFsense install in? I'd like to install it on a CF card on a full size PC (not WRAP) and am curious what size card I can/should use (or if it is even a good idea). Thank you, jbennett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] LiveCD boots fine, but once installed on HD, doesn't work
Hello, I'm having trouble booting pfSense from my HD. the LiveCD works great, then I hit '99' to install to the HD. I accept all of the defaults and install straight to a brand new HD. When the system goes down for reboot, the regular pfSense menu comes up, then is quickly replaced by a screen full of rapidly scrolling characters (some of which are zeroes). I'm using the 1.0.1 liveCD on a basic Asus Board with a celeron CPU, 512 MB of RAM, onboard LAN + 3 intel pro 100 nics, and an 80 GB SATA drive, setting most recommended BIOS settings (the ones that are obvious at least). I have tried: Swapping the drive/cable (PATA drive, same result) GAG bootloader Any ideas? I had the beta or RC1 installed on the same hardware, no problem. Thank you for any assistance/insight on this. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]