[pfSense Support] Re: Outgoing NAT failure
El 28/03/11 22:51, e...@tm-k.com escribió: El 28/03/11 19:24, e...@tm-k.com escribió: Sorry for double posting, as I just posted this question at: http://forum.pfsense.org/index.php/topic,35019.0.html but this is critical and urgent for me. Hope somebody can help me. I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 ) boxes in failover mode. The WAN IP address has been set as a Carp IP address and everything works fine when you browse the internet. Until you try to do a download. When downloading a file, after a while, it stalls. On the LAN side, with a tcpdump I can see that the server on the internet just stopped sending packets. On the WAN side, with the capture I see that suddenly pfSense stops passing data back to the LAN client and starts sending packets like the following one to the internet server: 8:13:54.058314 IP 1.1.1.1 pub4.kernel.org: ICMP host 1.1.1.1 unreachable, length 60 (1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This example is when downloading a kernel source tarball from kernel.org. Everything points that, after a while (something running periodically?) the state of the connection is lost and pfSense for some reason can't recognize the CARP ip as a valid ip address. Any help will be appreciated. What does ifconfig show at this time? Can you tcpdump 224.0.0.0/4 net on WAN to see who is declaring itself as CARP-master and whether it is going well (no slave's packets)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Just found that doing outbound NAT using the interface IP address instead of the carp IP it works fine, the only drawback is that I have to waste one public IP address per box plus a carp one for services... You have to 'waste' one public IP address per box is 'how it works', but you should be using CARP IP in your outbound NAT to make everything really redundant (to use CARP). With the tcpdump you mentioned I'm getting just packets like this one: 22:44:56.122437 IP 1.1.1.2 VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 11, prio 0, authtype none, intvl 1s, length 36 where 1.1.1.2 is the real IP address for the WAN interface on the primary box. It is normal. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Still having the same problem. If I do the oubound nat using the carp IP downloads stalls at random periods could this be a bug in this build? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Outgoing NAT failure
Sorry for double posting, as I just posted this question at: http://forum.pfsense.org/index.php/topic,35019.0.html but this is critical and urgent for me. Hope somebody can help me. I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 ) boxes in failover mode. The WAN IP address has been set as a Carp IP address and everything works fine when you browse the internet. Until you try to do a download. When downloading a file, after a while, it stalls. On the LAN side, with a tcpdump I can see that the server on the internet just stopped sending packets. On the WAN side, with the capture I see that suddenly pfSense stops passing data back to the LAN client and starts sending packets like the following one to the internet server: 8:13:54.058314 IP 1.1.1.1 pub4.kernel.org: ICMP host 1.1.1.1 unreachable, length 60 (1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This example is when downloading a kernel source tarball from kernel.org. Everything points that, after a while (something running periodically?) the state of the connection is lost and pfSense for some reason can't recognize the CARP ip as a valid ip address. Any help will be appreciated. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Outgoing NAT failure
El 28/03/11 19:24, e...@tm-k.com escribió: Sorry for double posting, as I just posted this question at: http://forum.pfsense.org/index.php/topic,35019.0.html but this is critical and urgent for me. Hope somebody can help me. I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 ) boxes in failover mode. The WAN IP address has been set as a Carp IP address and everything works fine when you browse the internet. Until you try to do a download. When downloading a file, after a while, it stalls. On the LAN side, with a tcpdump I can see that the server on the internet just stopped sending packets. On the WAN side, with the capture I see that suddenly pfSense stops passing data back to the LAN client and starts sending packets like the following one to the internet server: 8:13:54.058314 IP 1.1.1.1 pub4.kernel.org: ICMP host 1.1.1.1 unreachable, length 60 (1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This example is when downloading a kernel source tarball from kernel.org. Everything points that, after a while (something running periodically?) the state of the connection is lost and pfSense for some reason can't recognize the CARP ip as a valid ip address. Any help will be appreciated. What does ifconfig show at this time? Can you tcpdump 224.0.0.0/4 net on WAN to see who is declaring itself as CARP-master and whether it is going well (no slave's packets)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Just found that doing outbound NAT using the interface IP address instead of the carp IP it works fine, the only drawback is that I have to waste one public IP address per box plus a carp one for services... With the tcpdump you mentioned I'm getting just packets like this one: 22:44:56.122437 IP 1.1.1.2 VRRP.MCAST.NET: VRRPv2, Advertisement, vrid 11, prio 0, authtype none, intvl 1s, length 36 where 1.1.1.2 is the real IP address for the WAN interface on the primary box. Thanks for your prompt response - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] CARP ip on different network range
Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: CARP ip on different network range
El 01/06/10 18:09, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:14, Evgeny Yurchenko escribió: Matias wrote: El 01/06/10 17:00, Evgeny Yurchenko escribió: Matias wrote: Hi, I've an internet connection on which my ISP provides a /29 network, just one IP for my pfSense (1.2.1) box and on ip for their gateway. I'd like to set up this IP as CARP and be shared with the second pfSense box I have, but as far as I understand, in order to have this IP address as CARP I must set up another two IPs on **the same range** the CARP IP is.But I don't have more real IPs. What is your recommendation in this situation? Thanks for your help. /29 gives you 6 usable IPs. pfSense-1 pfSense-2 Gateway and you can configure 3 CARPs. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, it is a /30 actually. Oh. In this case you have to get more public IPs from your provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Do you know if with pfSense 2.0 there will be the option to usea a CARP IP outside the interface(s) network? To me it just does not make sense - to use IPs on WAN than can not be routed to you by Provider. What for? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org The only IP reacheable from my ISP point of view should be the CARP one. Why would I like to have two routeable (and payed) public IP addresses on the real interfaces of each pfsense box that I'm not going to use ever? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Can't activate dhcp on 2.0 snapshot
Hi, I'm trying on a virtual machine 2.0 snapshot 20100429 and I'm not able to activate the dhcp on the LAN interface. The interface address is 192.168.56.10, and when activating the DHCP service in the Available range field I can see: 192.168.56.1 - 192.168.56.254 But when entering in the next set of boxes the values 192.168.56.100 and 192.168.56.199 and (after completing all other fields) I get the following error message: The specified range lies outside of the current subnet. Which is incorrect to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Can't activate dhcp on 2.0 snapshot
El 04/05/10 14:19, Jim Pingle escribió: On 5/4/2010 8:15 AM, Matias wrote: I'm trying on a virtual machine 2.0 snapshot 20100429 and I'm not able to activate the dhcp on the LAN interface. The interface address is 192.168.56.10, and when activating the DHCP service in the Available range field I can see: 192.168.56.1 - 192.168.56.254 But when entering in the next set of boxes the values 192.168.56.100 and 192.168.56.199 and (after completing all other fields) I get the following error message: The specified range lies outside of the current subnet. Which is incorrect to me. Are you on a 32-bit or 64-bit snapshot? Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org 64, sorry. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Can't activate dhcp on 2.0 snapshot
El 04/05/10 14:31, Jim Pingle escribió: On 5/4/2010 8:25 AM, Matias wrote: El 04/05/10 14:19, Jim Pingle escribió: On 5/4/2010 8:15 AM, Matias wrote: I'm trying on a virtual machine 2.0 snapshot 20100429 and I'm not able to activate the dhcp on the LAN interface. The interface address is 192.168.56.10, and when activating the DHCP service in the Available range field I can see: 192.168.56.1 - 192.168.56.254 But when entering in the next set of boxes the values 192.168.56.100 and 192.168.56.199 and (after completing all other fields) I get the following error message: The specified range lies outside of the current subnet. Which is incorrect to me. Are you on a 32-bit or 64-bit snapshot? 64, sorry. There are some known issues with IP comparison functions on 64-bit snapshots. This is probably just one of those issues. Unfortunately, it seems to be a 64-bit PHP bug that we need to find a good workaround for. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, this is good news for me. At least I know that this is not a problem on the 32 bits version. Thanks for your help. Would you like me to open a ticket describing the problem? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Per user bw limit
Hi, Is it possible to impose a bandwidth limit on a per source ip basis on several LAN (LAN*OPTs) interfaces on 1.2.3? Thanks. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: pfSense tinydns package question
Scott Ullrich wrote: On Fri, Jun 19, 2009 at 6:18 AM, Matias Surdimatiassu...@gmail.com wrote: I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org TinyDNS is not compatible with DNS Forwarder. TinyDNS Is an authoritative DNS server whereas DNS Forwarder is a caching lookup server. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org That's all I needed to know. I think I'll end up setting up an external DNS and keep using th DNS Forwarder, and then forward all of my domain to that external DNS. It's a pity that both systems can't work together. Thanks for your help Scott. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] DNS wildcard support
Sorry for the double posting, but I'm not sure if the user list was the correct for this: Is there any way to add a host to the DNS service so that *.subdomain.domain.local would be resolved to the same IP address? Example in bind syntax: *.subdomain.domain A 192.168.1.2 Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense tinydns package question
I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: pfSense tinydns package question
Mark R wrote: Did you set up forwarding of requests to lo0 from the LAN? Is tinydns configured to respond to queries from your subnet? 2009/6/19 Matias Surdi matiassu...@gmail.com mailto:matiassu...@gmail.com I've installed the TinyDNS package. It's listening on 127.0.0.1. Then I've setup the DNS forwarder to resolve a certain domain against the authoritative name server 127.0.0.1. This doesn't work when making queries from the lan. The request gets to the forwarder but then it's lost and there is no traffic on lo0.Instead, if I do a DNS query from the pfSense box itself to 127.0.0.1 then there is traffic on lo0 and the DNS works Ok. I think that there is any default pfSense rule prohibiting the traffic. Is this the supposed way to work of TinyDNS and the forwarder or I'm missing something? Thanks! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Yes, I've setup a rule to allow *everything* from the lan with destination port udp 53. And no, I want tinyDNS to listen only in 127.0.0.1 and then the DNS Forwarder to forward request for just one subdomain. When I setup an external authoritative dns for a subdomain on a lan ip, it works. When I change that IP to 127.0.0.1 the incomming request are sent to the ISP dns servers. Is there any documentation on how is this supposed to work? The dns-server package replaces or complements the DNS Forwarder? Can both be used in the way I'm trying? What I want, is to have a domain, let's say: site.local and route all request to dev.site.local to TinyDNS, so that I can add or remove individual records on it. Can this be done? Many thanks for your help guys. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pf tagging
Does pfSense 1.2 support pf's packet tagging? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense on comtrend 536+ DSL router
Does anybody know if pfSense would work embedded on a comtrend ADSL2+ router? Any source of documentation/information about flashing it? Thanks everybody. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Very urgent - DHCP server failure
Thanks for you help.
That problem is solved, but now, I can't get dhcp failover to work again.
They seem to be not syncronized. I see the following on the DHCP leases
status page on the primary pfSense box:
dhcp0 recover-wait 2008/10/08 14:36:34 recover-wait 2008/10/08
14:36:34
dhcp1 recover 2008/10/08 14:36:34 unknown-state 2008/10/08
14:36:34
Here is the dhcpd.conf from each the two boxes:
pf1:
# cat /var/dhcpd/etc/dhcpd.conf
option domain-name mi.local.optenet.com;
default-lease-time 7200;
max-lease-time 86400;
authoritative;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
failover peer dhcp0 {
primary;
address 192.168.112.253;
port 519;
peer address 192.168.112.252;
peer port 520;
max-response-delay 10;
max-unacked-updates 10;
split 128;
mclt 600;
load balance max seconds 3;
}
failover peer dhcp1 {
primary;
address 192.168.114.253;
port 519;
peer address 192.168.114.252;
peer port 520;
max-response-delay 10;
max-unacked-updates 10;
split 128;
mclt 600;
load balance max seconds 3;
}
subnet 192.168.112.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 192.168.112.254;
deny dynamic bootp clients;
failover peer dhcp0;
range 192.168.112.10 192.168.112.110;
}
option routers 192.168.112.254;
ddns-domainname mi.local.optenet.com;
ddns-update-style interim;
option domain-name-servers 192.168.112.254;
option ntp-servers 192.168.112.254;
}
subnet 192.168.114.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 192.168.114.254;
deny dynamic bootp clients;
failover peer dhcp1;
range 192.168.114.10 192.168.114.110;
}
option routers 192.168.114.254;
ddns-domainname mi.local.optenet.com;
ddns-update-style interim;
option domain-name-servers 192.168.114.254;
option ntp-servers 192.168.114.254;
}
pf2:
# cat /var/dhcpd/etc/dhcpd.conf
option domain-name mi.local.optenet.com;
default-lease-time 7200;
max-lease-time 86400;
authoritative;
log-facility local7;
ddns-update-style none;
one-lease-per-client true;
deny duplicates;
failover peer dhcp0 {
secondary;
address 192.168.112.252;
port 520;
peer address 192.168.112.253;
peer port 519;
max-response-delay 10;
max-unacked-updates 10;
mclt 600;
load balance max seconds 3;
}
failover peer dhcp1 {
secondary;
address 192.168.114.252;
port 520;
peer address 192.168.114.253;
peer port 519;
max-response-delay 10;
max-unacked-updates 10;
mclt 600;
load balance max seconds 3;
}
subnet 192.168.112.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 192.168.112.254;
deny dynamic bootp clients;
failover peer dhcp0;
range 192.168.112.10 192.168.112.110;
}
option routers 192.168.112.254;
ddns-domainname mi.local.optenet.com;
ddns-update-style interim;
option domain-name-servers 192.168.112.254;
option ntp-servers 192.168.112.254;
}
subnet 192.168.114.0 netmask 255.255.255.0 {
pool {
option domain-name-servers 192.168.114.254;
deny dynamic bootp clients;
failover peer dhcp1;
range 192.168.114.10 192.168.114.110;
}
option routers 192.168.114.254;
option domain-name-servers 192.168.114.254;
option ntp-servers 192.168.114.254;
}
Network connectivity is fine between both hosts.
Any help would be very appreciated.
Gary Buckmaster escribió:
That's a pretty helpful log message. Looks like you declared a failover
peer incorrectly. Please review your configuration with that in mind.
Matias Surdi wrote:
Hi,
I'm using pfSense 1.2 , and suddenly DHCP seems to have stopped
working. On the system log, i see the following:
Oct 7 22:23:34 dhcpd: Internet Systems Consortium DHCP Server V3.0.5
Oct 7 22:23:34 dhcpd: Copyright 2004-2006 Internet Systems
Consortium.
Oct 7 22:23:34 dhcpd: All rights reserved.
Oct 7 22:23:34 dhcpd: For info, please visit
http://www.isc.org/sw/dhcp/
Oct 7 22:23:34 dhcpd: failover peer declaration with no referring
pools.
Oct 7 22:23:34 dhcpd: In order to use failover, you MUST refer to
your main failover declaration
Oct 7 22:23:34 dhcpd: in each pool declaration. You MUST NOT use
range declarations outside
Oct 7 22:23:34 dhcpd: of pool declarations.
Any idea?
-
To unsubscribe, e-mail:
[EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail
[pfSense Support] Re: Very urgent - DHCP server failure - SOLVED
Well, finally, there were two problems I think I forget to mention I was using failover. 1) Time drift between both boxes -IMPORTANT:--- 2) I've setup dhcp for two interfaces.One of them was working fine, the other never could get synchronized. Looking at the sockstat output on pf1 I saw that it had ports 519/tcp open for both failover IPs.On pf2 it had port 520/tcp open for both IPs, one ip from each interface with dhcp enabled and providing failover service. The problem (and I think it's a nasty bug) is that connecting from pf1-pf2'sFIRST_FAILOVER_IP:519 was working right, but connecting from pf1-pf2'sSECOND_FAILOVER_IP:519 was not working. The problem was solved by creating a rule which allows tcp ports 519-520 from and to failover ips. Hope it helps in the future somebody else. Thanks for your help. Matias Surdi escribió: Hi, I'm using pfSense 1.2 , and suddenly DHCP seems to have stopped working. On the system log, i see the following: Oct 7 22:23:34 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Oct 7 22:23:34 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 7 22:23:34 dhcpd: All rights reserved. Oct 7 22:23:34 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Oct 7 22:23:34 dhcpd: failover peer declaration with no referring pools. Oct 7 22:23:34 dhcpd: In order to use failover, you MUST refer to your main failover declaration Oct 7 22:23:34 dhcpd: in each pool declaration. You MUST NOT use range declarations outside Oct 7 22:23:34 dhcpd: of pool declarations. Any idea? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Very urgent - DHCP server failure
Hi, I'm using pfSense 1.2 , and suddenly DHCP seems to have stopped working. On the system log, i see the following: Oct 7 22:23:34 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Oct 7 22:23:34 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Oct 7 22:23:34 dhcpd: All rights reserved. Oct 7 22:23:34 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Oct 7 22:23:34 dhcpd: failover peer declaration with no referring pools. Oct 7 22:23:34 dhcpd: In order to use failover, you MUST refer to your main failover declaration Oct 7 22:23:34 dhcpd: in each pool declaration. You MUST NOT use range declarations outside Oct 7 22:23:34 dhcpd: of pool declarations. Any idea? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up - Now with high CPU usage
Finally, it's solved. ACPI was disabled on the BIOS, but at the same time we Enabled it, we also enabled the Use device polling Feature... so, one of these two actions actually solved the problem. Thanks everybody for your help. Paul Mansfield escribió: another thought: ensure you disable as much hardware as possible in the bios if you don't need it... i.e. serial, parallel, usb, mouse.. to free up interrupts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
For the archives: All problems have been finally solved. * Multiple DSL Routers on the same physical interface - Solved by setting up VLANS and connecting each DSL Router on a separate VLAN * Random Lock-ups with console freeze and lots of colleagues complaining - Solved with 1.2.1 RC1 (build 20080924-1953) * High CPU usage by NIC interrupts handling - Enabled ACPI on the BIOS. That's all for now.Thank you very much for your help. Matias Surdi escribió: Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
I've already replied a few moments ago with the output of dmesg, that should answer many of your questions. The console is absolutely FROZEN, I just see the menu as always but I can't do anything. The installation was made from the 1.2 CD and is running from harddisk. The problems started today.After we've increased the maximum states limit to 30.000. Is that too much? The hardware we are using is this: http://www.supermicro.es/?opcion=contenidoplt=productos/system%2F1u%2FSYS-5015M-MR Thanks for your help. Tim Nelson escribió: Does the box eventually come back up? What does the console(vga/serial) show? What hardware platform? Embedded, full, or live installation? How many NICs? Storage medium (HDD, DOM, CF, CD+Floppy, Etc)? More info needed please... :-) Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - Matias Surdi [EMAIL PROTECTED] wrote: Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
-0x30bf at device 31.2 on pci0 ata0: ATA channel 0 on atapci0 ata1: ATA channel 1 on atapci0 pci0: serial bus, SMBus at device 31.3 (no driver attached) pmtimer0 on isa0 orm0: ISA Option ROMs at iomem 0xc-0xcafff,0xcb000-0xcbfff,0xcc000-0xccfff on isa0 atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0 atkbd0: AT Keyboard irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] psm0: PS/2 Mouse flags 0x1000 irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model IntelliMouse, device ID 3 fdc0: Enhanced floppy controller at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: [FAST] ppc0: Parallel port at port 0x378-0x37f irq 7 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/9 bytes threshold ppbus0: Parallel port bus on ppc0 lpt0: Printer on ppbus0 lpt0: Interrupt-driven port ppi0: Parallel I/O on ppbus0 sc0: System console at flags 0x100 on isa0 sc0: VGA 16 virtual consoles, flags=0x300 sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 unknown: PNP0c01 can't assign resources (memory) unknown: PNP0303 can't assign resources (port) speaker0: PC speaker at port 0x61 on isa0 unknown: INT0800 can't assign resources (memory) unknown: PNP0c02 can't assign resources (memory) unknown: PNP0f13 can't assign resources (irq) unknown: PNP0501 can't assign resources (port) unknown: PNP0501 can't assign resources (port) unknown: PNP0401 can't assign resources (port) unknown: PNP0700 can't assign resources (port) uhid0: SMC SuperMicro LCD Display, rev 1.10/1.00, addr 2, iclass 3/0 Timecounter TSC frequency 2128013368 Hz quality 800 Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. ad0: 152627MB Seagate ST3160215AS 3.AAD at ata0-master SATA150 Trying to mount root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted WARNING: R/W mount of / denied. Filesystem is not clean - run fsck WARNING: R/W mount of / denied. Filesystem is not clean - run fsck em2: link state changed to DOWN vlan0: link state changed to DOWN em0: link state changed to DOWN em4: link state changed to DOWN em1: link state changed to DOWN em3: link state changed to DOWN em0: link state changed to UP em4: link state changed to UP em1: link state changed to UP em3: link state changed to UP em2: link state changed to UP vlan2: link state changed to UP vlan1: link state changed to UP vlan0: link state changed to UP em2: link state changed to DOWN vlan2: link state changed to DOWN vlan1: link state changed to DOWN vlan0: link state changed to DOWN em2: link state changed to UP vlan2: link state changed to UP vlan1: link state changed to UP vlan0: link state changed to UP pflog0: promiscuous mode enabled Michael Schuh escribió: Hello Matias, can you see any error messages on the Console from the box? thia are to less informations for identifying the source(s) of this error behavior. regards michael 2008/9/24 Matias Surdi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
More info: It seems to be happenning each 70 minutes. Michael Schuh escribió: Hello Matias, can you see any error messages on the Console from the box? thia are to less informations for identifying the source(s) of this error behavior. regards michael 2008/9/24 Matias Surdi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
The console is absolutely frozen.Can't do anything. I've the logs on a remote syslog server, but I don't see any error message that could give me a clue, just DHCP and blocked packets information. Also, the contents of all log files in /var/log (after rebooting) isn't usefull. Help please. Michael Schuh escribió: Hello Matias, can you see any error messages on the Console from the box? thia are to less informations for identifying the source(s) of this error behavior. regards michael 2008/9/24 Matias Surdi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: random lock up
Should this backup/restore procedure work backing up from 1.2 Release and restoring on 1.2.1 ? Thanks. Michael Schuh escribió: Hi Matias, have you cleaned up the filesystem after such a reboot? As mentoided? second it seems to me it could be a lockup during a hot spot?? 30.000 state should be possible with enough ram. I have a box configured with 1.000.000 states but 2 G RAM!! such a behavior w/o errormessages could be an temperature problem of the CPU or Harddrive or RAM - very fast lockup if it is hot Checkup the ram with memtest86+. Checkup cooling and cpu-cooler/fan. often the cooler isnt correct placed on the cpu or moved during the transport of the system. If it not helps try a newer version of pfsense, other peles reports such problems with 1.2 RELEASE but not with 1.2.1 on the same Hardware.. you can backup your config through diagnostics menu, reinstall and restore your config and erverything is fine, as you has it configered before. hope this helps.. regards michael 2008/9/24 Matias Surdi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] The console is absolutely frozen.Can't do anything. I've the logs on a remote syslog server, but I don't see any error message that could give me a clue, just DHCP and blocked packets information. Also, the contents of all log files in /var/log (after rebooting) isn't usefull. Help please. Michael Schuh escribió: Hello Matias, can you see any error messages on the Console from the box? thia are to less informations for identifying the source(s) of this error behavior. regards michael 2008/9/24 Matias Surdi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- === m i c h a e l - s c h u h . n e t === Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0177/9738644 @: m i c h a e l . s c h u h @ g m a i l . c o m === Ust-ID: DE251072318 === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] random lock up - Now with high CPU usage
Finally, we've migrated to 1.2.1 RC1 and seems to be working, at least for now. But, we are seeing that the CPU keeps on 50% use, and a top shows that it's being used by interrupt. The hardware is the same.(exactly the same, we reinstalled 1.2.1 on the same disk where was 1.2) The driver on 1.2.1 is Intel(R) PRO/1000 Network Connection Version - 6.7.3 And on 1.2 was Intel(R) PRO/1000 Network Connection Version - 6.2.9 Any idea what could be happenning? Matias Surdi escribió: Hi, I'm experiencing random crashed with 1.2, sometimes happens when saving a rule, other times when saving advanced settings.No reply from the pfSense box, no ping replies.nothing.Completly dead. Any idea what could be happenning here? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Multiple gateways on the same network interface
Chris Buechler escribió: On Wed, Sep 17, 2008 at 5:43 PM, Matias Surdi [EMAIL PROTECTED] wrote: If I've more than one IP address on each of my internet connections (now each one on his own interface), Will I be able to do Port Forwardings for all the IPs? yes Finally, we've managed to do what we were trying to do (multiple DSL routers on the same physical interface) by using VLANS on the WAN side (connecting the pfSense to a trunk switch interface and every DSL router to it's own VLAN did the job) Thanks you all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Multiple gateways on the same network interface
Hi, Is there any way to have multiple dsl routers connected to pfSense WAN's interface and do policy routing? If not, is this possible with current 1.2.1 o 1.3 snapshots? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Multiple gateways on the same network interface
Thanks for your help Wilson. That's not exactly what I'm trying to do. I've both DSL router on the same phisical WAN interface (with a switch, obviously). Then, on these DSL routers I've some port redirections to the pfSense box, and from the pfSense box to my servers on the LAN side. The incomming connections get succefully to the internal servers, but the replies from the servers for those connections allways return to the internet throught the system default gateway (the first DSL) instead from the DSL router it came (that could be the 1st DSL or the second), thus, port forwardings from the second DSL doesn't work. Any help would be very appreciated. Gilbert Wilson escribió: The answer to that which you seek is here: http://www.netlife.co.za/content/view/34/34/ There is another example somewhere on the wiki. Gil -- -- GILBERT WILSON IT Infrastructure Consultant Unbound Technology, LLC Phone: 202-380-9301 Fax: 202-330-5430 Email: [EMAIL PROTECTED] Web: http://www.unboundtechnology.com -- On Sep 17, 2008, at 1:19 PM, Matias Surdi wrote: Hi, Is there any way to have multiple dsl routers connected to pfSense WAN's interface and do policy routing? If not, is this possible with current 1.2.1 o 1.3 snapshots? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Multiple gateways on the same network interface
Chris Buechler escribió: On Wed, Sep 17, 2008 at 4:55 PM, Matias Surdi [EMAIL PROTECTED] wrote: Thanks for your help Wilson. That's not exactly what I'm trying to do. I've both DSL router on the same phisical WAN interface (with a switch, obviously). Then, on these DSL routers I've some port redirections to the pfSense box, and from the pfSense box to my servers on the LAN side. The incomming connections get succefully to the internal servers, but the replies from the servers for those connections allways return to the internet throught the system default gateway (the first DSL) instead from the DSL router it came (that could be the 1st DSL or the second), thus, port forwardings from the second DSL doesn't work. You need one interface per Internet connection. This will change in 1.3 but that is not suitable for production use at this time. Thanks Chris, this clears my doubts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Multiple gateways on the same network interface
Matias Surdi escribió: Chris Buechler escribió: On Wed, Sep 17, 2008 at 4:55 PM, Matias Surdi [EMAIL PROTECTED] wrote: Thanks for your help Wilson. That's not exactly what I'm trying to do. I've both DSL router on the same phisical WAN interface (with a switch, obviously). Then, on these DSL routers I've some port redirections to the pfSense box, and from the pfSense box to my servers on the LAN side. The incomming connections get succefully to the internal servers, but the replies from the servers for those connections allways return to the internet throught the system default gateway (the first DSL) instead from the DSL router it came (that could be the 1st DSL or the second), thus, port forwardings from the second DSL doesn't work. You need one interface per Internet connection. This will change in 1.3 but that is not suitable for production use at this time. Thanks Chris, this clears my doubts. Hi again Chris, just one more question. If I've more than one IP address on each of my internet connections (now each one on his own interface), Will I be able to do Port Forwardings for all the IPs? Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP ranges
Chris Buechler escribió: On Mon, Jun 23, 2008 at 12:37 PM, Matias Surdi [EMAIL PROTECTED] wrote: I've implemented this feature (althought not hard tested). I've attached the corresponding patches to http://cvstrac.pfsense.org/tktview?tn=1762 Thanks! Unfortunately some of that code changed a few days ago so that diff isn't correct, some of Ermal's interface list changes have been overwritten. Ermal got rid of the numerous different and inconsistent ways of finding which interfaces are active and replaced them with get_configured_interface_list() which is a great improvement. Could you please update your patch so it applies to the current state of RELENG_1? Shouldn't be that difficult to do so, and I'll test it once it's done. No changes related to this will be happening in the foreseeable future, so you won't run into this same problem. Actually nothing related to this has changed, aside from a few days ago, in years it just so happened to coincide with what you were doing. Sorry about that. No problem. I'm working on this. Just to see if I'm doing it correctly: 1) I'm downloading the CVS tree on my installed pfSense(from pfSense-20080617-2309) with the command: fetch -o - -q http://www.pfsense.com/~sullrich/tools/dev_bootstrap.sh | /bin/sh 2) I'll make the diffs from the files located in /home/pfsense/cvsroot/pfSense/usr/local/www 3) How can I test if everything is correct? Should I apply my own patches, build the iso, and install from that iso? Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP ranges
Chris Buechler escribió: On Tue, Jun 24, 2008 at 3:50 AM, Matias Surdi [EMAIL PROTECTED] wrote: No problem. I'm working on this. Just to see if I'm doing it correctly: 1) I'm downloading the CVS tree on my installed pfSense(from pfSense-20080617-2309) with the command: fetch -o - -q http://www.pfsense.com/~sullrich/tools/dev_bootstrap.sh | /bin/sh 2) I'll make the diffs from the files located in /home/pfsense/cvsroot/pfSense/usr/local/www I'm not sure what the best way to do this is, but that's the actual cvsroot, I think you can cvs diff off of that, as long as you're using RELENG_1. Maybe Scott can comment on a better way later, but what I know will work is to run: cvs -d /home/pfsense/cvsroot/ co -r RELENG_1 pfSense That'll checkout RELENG_1. Then if you diff against that, you should be good. 3) How can I test if everything is correct? Should I apply my own patches, build the iso, and install from that iso? Once we're converted to git this will be really straight forward, for now it's a bit of a pain. Just manually copy your changed files over a stock RELENG_1 install, that's easiest for now. If that works for you, attach an updated diff to that same ticket and I'll try it out. If it works and looks fine I'll go ahead and commit it. Thanks! Thank you, we appreciate the contribution. on the development host, I don't have the cvs binary.on my desktop: $ cvs -d cvsroot/ co -r RELENG_1 pfSense rsh: cvsroot: Name or service not known cvs [checkout aborted]: received broken pipe signal (the CVSROOT is not set, I think) I hate CVS. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP ranges
Chris Buechler escribió: On Mon, Jun 23, 2008 at 12:37 PM, Matias Surdi [EMAIL PROTECTED] wrote: I've implemented this feature (althought not hard tested). I've attached the corresponding patches to http://cvstrac.pfsense.org/tktview?tn=1762 Thanks! Unfortunately some of that code changed a few days ago so that diff isn't correct, some of Ermal's interface list changes have been overwritten. Ermal got rid of the numerous different and inconsistent ways of finding which interfaces are active and replaced them with get_configured_interface_list() which is a great improvement. Could you please update your patch so it applies to the current state of RELENG_1? Shouldn't be that difficult to do so, and I'll test it once it's done. No changes related to this will be happening in the foreseeable future, so you won't run into this same problem. Actually nothing related to this has changed, aside from a few days ago, in years it just so happened to coincide with what you were doing. Sorry about that. I've submitted the new patches to the trac, please, let me know if everything is correct now. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP ranges
Reza Ambler escribió: Also, is it possible to set DHCP options? I know the new Wyse thin client v10L looks for certain DHCP options to be configured in order for it to automatically pull new firm ware. So I was hoping to accomplish this with our pfSense machines. Would it be possible to set them manually in the config, or would it be wiped? Thanks, -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Matias Surdi Sent: Tuesday, June 17, 2008 9:37 AM To: support@pfsense.com Subject: [pfSense Support] DHCP ranges Is it possible to specify more than one dhcp range? If not, will it be available in 1.3? Sorry for making so much questions, but I'm trying to migrate our firewalls here, and I've to find work arounds for every feature we need. Thanks for your patience. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I've implemented this feature (althought not hard tested). I've attached the corresponding patches to http://cvstrac.pfsense.org/tktview?tn=1762 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: DHCP ranges
Matias Surdi escribió: Reza Ambler escribió: Also, is it possible to set DHCP options? I know the new Wyse thin client v10L looks for certain DHCP options to be configured in order for it to automatically pull new firm ware. So I was hoping to accomplish this with our pfSense machines. Would it be possible to set them manually in the config, or would it be wiped? Thanks, -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Matias Surdi Sent: Tuesday, June 17, 2008 9:37 AM To: support@pfsense.com Subject: [pfSense Support] DHCP ranges Is it possible to specify more than one dhcp range? If not, will it be available in 1.3? Sorry for making so much questions, but I'm trying to migrate our firewalls here, and I've to find work arounds for every feature we need. Thanks for your patience. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] I've implemented this feature (althought not hard tested). I've attached the corresponding patches to http://cvstrac.pfsense.org/tktview?tn=1762 Sorry, but with this feature I mean the one from the first post (multiple ranges). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Join the project
Hi, I'm an experienced web developer and I have some FreeBSD systems administration knowledge as I work as a system administrator currently. I'd like to make some improvements to pfSense, mainly to cover some needs we have.One of them, if the DHCP ranges issue I commented yesterday on this list. I'd like to contact the developers so that maybe they could give me a quick help in setting the development environment. In the while, I will continue reading the wiki and trying to do it myself. Thanks a lot. p/d: You can contact me at [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Destination NAT
Hi, In our current firewall (using iptables) we have a set of rules that makes a DNAT redirectin ALL outgoing udp port 53 (DNS) traffic to an internet DNS server, so that everybody is forces to use it. Is it possible to accomplish the same thing with pfSense? If yes, which is the correct/recommended way to do it? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Destination NAT
Bill Marquette escribió: On Tue, Jun 17, 2008 at 4:34 AM, Matias Surdi [EMAIL PROTECTED] wrote: In our current firewall (using iptables) we have a set of rules that makes a DNAT redirectin ALL outgoing udp port 53 (DNS) traffic to an internet DNS server, so that everybody is forces to use it. Is it possible to accomplish the same thing with pfSense? If yes, which is the correct/recommended way to do it? Firewall-NAT-Port Forward - there were numerous discussions on changing the titles of our NAT entries, no concensus was reached so it got left alone ;) Create a rule there and assign it to your LAN interface. Don't forget TCP port 53 while you're at it. --Bill Thanks, that worked correctly. Maybe in a few days we will have our new pfSense powered firewall :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCP ranges
Is it possible to specify more than one dhcp range? If not, will it be available in 1.3? Sorry for making so much questions, but I'm trying to migrate our firewalls here, and I've to find work arounds for every feature we need. Thanks for your patience. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] two gateways on the samen network
Suppose I've an OPT interface connected to a network where I've two other gateways, how can I do policy routing to thesese routers? As far as I can see, pfSense just allows one gateway per interface.Am I wrong? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: two gateways on the samen network
Gary Buckmaster escribió: Matias Surdi wrote: Suppose I've an OPT interface connected to a network where I've two other gateways, how can I do policy routing to thesese routers? As far as I can see, pfSense just allows one gateway per interface.Am I wrong? Thanks a lot. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] No, you're correct, one gateway per-interface is what it currently supports. but. I've just found System-Static Routes. that seems to do the job for me :-) Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
