[pfSense Support] CDROM Version Install
Hi Guys, I am pulling my hair out trying to figure this out. I have PFSense now running on several boxes in different locations. I am building a new firewall for a client and during the install I am getting the following error on versions 80.0, 80.4, 85.0 and 85.2. The error is as follows: Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4 Letting this run it finally comes up asking if I want to setup my vlan now. I go through the setup fine add a few rules and reboot and the process starts over. Please help as I am bald enough now and the ole lady hates when I start pulling her hair out of her head. Thanks in Advance, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
Thanks for the fast response Scott. I will give that a try right now. Mike -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 6:08 PM To: support@pfsense.com Subject: Re: [pfSense Support] CDROM Version Install Try a different CD-ROM Reader. I've got this problem at work on a machine as well. Scott On 9/27/05, Mike <[EMAIL PROTECTED]> wrote: > Hi Guys, > I am pulling my hair out trying to figure this out. > I have PFSense now running on several boxes in different locations. > > I am building a new firewall for a client and during the install I am > getting the following error on versions 80.0, 80.4, 85.0 and 85.2. > > The error is as follows: > > Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4 > > Letting this run it finally comes up asking if I want to setup my vlan now. > I go through the setup fine add a few rules and reboot and the process > starts over. > > Please help as I am bald enough now and the ole lady hates when I start > pulling her hair out of her head. > > Thanks in Advance, > > Mike > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
OK I have tried 3 CDROMS and 3 floppy drives with no luck. All the CDROMS and Floppy drives are good with 1 new of each in that mix. I have tried a blank floppy and then tried a floppy with a working config file. I replaced both the floppy and CDROM cables with no luck :( I also tried 74.4, 80.0, 80.4, 85.0 and 85.2 versions with the same error every time. Thanks, Mike -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 6:23 PM To: support@pfsense.com Subject: Re: [pfSense Support] CDROM Version Install Yes, s0ren changed tha ATAPI CDRom code recently. :/ Scott On 9/27/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > "If you get a chance try a default install (just for testing) of FreeBSD > Beta 5 (or whatever the latest beta of 6.0 is) and see if you get the > same issues." > :) > > -Original Message- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:15 PM > To: support@pfsense.com > Subject: AW: [pfSense Support] CDROM Version Install > > I'm seeing this problem since 0.85.2. the same cd-rom reader was working ever since pfsense 0.20 for me :-/ > > Holger > > -Ursprüngliche Nachricht- > Von: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 28. September 2005 00:12 > An: support@pfsense.com > Betreff: RE: [pfSense Support] CDROM Version Install > > > FreeBSD is having love issue (see no) with your cdrom. It could be.. > 1. bad cdrom drive > 2. bad cdrom > 3. bad cable > 4. sucky IDE chipset. > 5. FreeBSD bug. > > If you get a chance try a default install (just for testing) of FreeBSD > Beta 5 (or whatever the lastest beta of 6.0 is) and see if you get the > same issues. > -Original Message- > From: Mike [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:06 PM > To: support@pfsense.com > Subject: [pfSense Support] CDROM Version Install > Importance: High > > Hi Guys, > I am pulling my hair out trying to figure this out. > I have PFSense now running on several boxes in different locations. > > I am building a new firewall for a client and during the install I am > getting the following error on versions 80.0, 80.4, 85.0 and 85.2. > > The error is as follows: > > Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 > error=4 > > Letting this run it finally comes up asking if I want to setup my vlan > now. > I go through the setup fine add a few rules and reboot and the process > starts over. > > Please help as I am bald enough now and the ole lady hates when I start > pulling her hair out of her head. > > Thanks in Advance, > > Mike > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
Well I did everything that the wiki support said to do with no luck. Just for the record I went ahead and installed M0n0Wall on it with no issues. I would rather use PFSense and really need to find a fix. I am scheduled to put this box in place tomorrow so any more help would be greatly appreciated. Thanks, Mike -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 8:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] CDROM Version Install The only thing left to try is: http://wiki.pfsense.com/wikka.php?wakka=BootTroubleShooting Scott On 9/27/05, Mike <[EMAIL PROTECTED]> wrote: > OK I have tried 3 CDROMS and 3 floppy drives with no luck. All the CDROMS > and Floppy drives are good with 1 new of each in that mix. > I have tried a blank floppy and then tried a floppy with a working config > file. > I replaced both the floppy and CDROM cables with no luck :( > > I also tried 74.4, 80.0, 80.4, 85.0 and 85.2 versions with the same error > every time. > > Thanks, > Mike > > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 6:23 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] CDROM Version Install > > Yes, s0ren changed tha ATAPI CDRom code recently. :/ > > Scott > > > On 9/27/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > "If you get a chance try a default install (just for testing) of FreeBSD > > Beta 5 (or whatever the latest beta of 6.0 is) and see if you get the > > same issues." > > :) > > > > -Original Message- > > From: Holger Bauer [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, September 27, 2005 5:15 PM > > To: support@pfsense.com > > Subject: AW: [pfSense Support] CDROM Version Install > > > > I'm seeing this problem since 0.85.2. the same cd-rom reader was working > ever since pfsense 0.20 for me :-/ > > > > Holger > > > > -Ursprüngliche Nachricht- > > Von: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED] > > Gesendet: Mittwoch, 28. September 2005 00:12 > > An: support@pfsense.com > > Betreff: RE: [pfSense Support] CDROM Version Install > > > > > > FreeBSD is having love issue (see no) with your cdrom. It could be.. > > 1. bad cdrom drive > > 2. bad cdrom > > 3. bad cable > > 4. sucky IDE chipset. > > 5. FreeBSD bug. > > > > If you get a chance try a default install (just for testing) of FreeBSD > > Beta 5 (or whatever the lastest beta of 6.0 is) and see if you get the > > same issues. > > -Original Message- > > From: Mike [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, September 27, 2005 5:06 PM > > To: support@pfsense.com > > Subject: [pfSense Support] CDROM Version Install > > Importance: High > > > > Hi Guys, > > I am pulling my hair out trying to figure this out. > > I have PFSense now running on several boxes in different locations. > > > > I am building a new firewall for a client and during the install I am > > getting the following error on versions 80.0, 80.4, 85.0 and 85.2. > > > > The error is as follows: > > > > Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 > > error=4 > > > > Letting this run it finally comes up asking if I want to setup my vlan > > now. > > I go through the setup fine add a few rules and reboot and the process > > starts over. > > > > Please help as I am bald enough now and the ole lady hates when I start > > pulling her hair out of her head. > > > > Thanks in Advance, > > > > Mike > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > Virus checked by G DATA AntiVirusKit > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Mobile VPN clients
Any help with mobile VPN client software? I know it sounds vague, but I am having a major difficulty in getting any to function. I have tried Tau, and Greenbow, with limited success. I have checked the pfsense configuration over and over, and cannot find an error, but I am wondering if there are any suggestions from other users as to a better alternative for a mobile ipsec client software. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Big Problems with 2wire ADLS modem+Router.
Alberto Moreno wrote: Hi people. This week my ISP told me that i need to change my old modem: DSL modem speedstream 5400, just a modem. My LAN was behind pfsense, DHCP, one vpn to my office, it was very beautiful. Some times i just connect my box and i was at work, didn't need to get there. Now, i have this 2wire Modem+Router(Model 2701HG-T), which if came with built-in Firewall, wireless, and other cool stuff for someone with no acknowledge of pfsense could say, this is great!!! Now i don't how to hell i will have my old settings, i cannot disable the firewall from that device, i cannot access my office from my LAN clients, the only one who could access my office is the pfsense box, because i enable some rule to the 2wire firewall, but any of my clients can. I'm lost, i don't know how is the gateway now or which one i chose? What about my WAN interface? I try to connect my wan interface but i don't get any answer from my ISP. I disable the DHCP server from the device, but right now my Gateway is 2wire, what can i do to bring everything to normal? do i need tot add each rule to my LAN and NAT or forward to my 2wire gateway? Someone could point me, what i need to do, or help me understand my case and help me find some path to this? Thanks all for your time. P.S. Running pfsense 1.0.1 Release. -- LIving the dream... I have the same gateway, and I just set the PFsense box in DMZ plus mode (in the 2wire gateway) and specified that it gets the external IP from my ISP. I am thinking that the 2wire's allow for proprietary firmware/ software for each ISP though, so this may not work for you. When you attempt to log in, do you use the http://? The address you type in here is found in your PFsense WAN gateway. After you have made the changes in your 2wire, you will need to reboot the pfsense box. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Traffic Shaper and Vonage
Hello All, This is my first mailing list post do I hope I am doing this right. I have Vonage phone service and want to improve my call quality. I used traffic shaper to do this, but now after I plugged my phone adapter in to the fire walled hub I get a dial tone but cannot make any out going or receive any incoming. It is like I don’t have an internet connection. My question is (and it is probably a stupid question) is after I created my traffic shaper do I have to create firewall rules to make this work? Thanks in advanced, Mike
RE: [pfSense Support] Alert about pf rules syntax errors... again...
Scott when you say try this do you mean to copy yours over writing what is there now. I seem to be having the same issues with syntax errors and just wanted to make sure I am reading you right :) Thanks, Mike -Original Message- From: M. Kohn [mailto:[EMAIL PROTECTED] Sent: Friday, August 12, 2005 1:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] Alert about pf rules syntax errors... again... Hm don't work Seems to be something different. If I check $tunnel is "Array" in /etc/inc/filter.inc --- if(is_array($config['ipsec']['tunnel'])) { foreach ($config['ipsec']['tunnel'] as $tunnel) { if (is_array($tunnel)) { $remote_gateway = $tunnel['remote-gateway']; $local_subnet = return_vpn_subnet($tunnel['local-subnet']); $ipfrules .= "pass quick on " . $wanif . " proto udp .. --- it works... My php ist not so well - so I don't understand, why $tunnel is not an array first time Scott Ullrich schrieb: > This is not the correct fix. Try this /etc/inc/vpn.inc. > > http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/vpn.inc?rev=1.69;c ontent-type=text%2Fplain > > On 8/12/05, M. Kohn <[EMAIL PROTECTED]> wrote: > >>Hi, >> >>small hint abut IPSec bug (I hope...): >>(pfSense 0.75) >> >>The function filter_rules_generate() in >>/etc/inc/filter.inc rules will try to set >>the rules for IPSec: >> >>Line 2093 in /etc/inc/filter.inc: >>--- >>if(is_array($config['ipsec']['tunnel'])) { >>foreach ($config['ipsec']['tunnel'] as $tunnel) { >>$remote_gateway = $tunnel['remote-gateway']; >>--- >> >>Normally no problem, but there is an "empty" tunnel definition >>in $config['ipsec']['tunnel'], but I don't know why... >> >>So I added the following patch as a workaround, checking if >>$tunnel['remote-gateway'] is empty: >> >>(see attached filter.diff) >> >> >>PS: Should I better use CVSTRAC for such things? >> >> >>--- filter.inc.org Fri Aug 12 12:56:44 2005 >>+++ filter.inc Fri Aug 12 16:11:20 2005 >>@@ -2091,6 +2091,7 @@ >>} >>if(is_array($config['ipsec']['tunnel'])) { >>foreach ($config['ipsec']['tunnel'] as $tunnel) { >>+ if (!empty($tunnel['remote-gateway'])) { >>$remote_gateway = $tunnel['remote-gateway']; >>$local_subnet = return_vpn_subnet($tunnel['local-subnet']); >>$ipfrules .= "pass quick on " . $wanif . " proto udp from " . $ipsec_ip . " to " . $remote_gateway . " port = 500 keep state label \"IPSEC: ". $tunnel['descr'] ." udp\"\n"; >>@@ -2104,6 +2105,7 @@ >> >>$ipfrules .= "pass quick on " . $lanif . " from " . $tunnel['remote-subnet'] . " to " . $local_subnet . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; >>$ipfrules .= "pass quick on " . $lanif . " from " . $local_subnet . " to " . $tunnel['remote-subnet'] . " keep state label \"IPSEC: " . $tunnel['descr'] ."\"\n"; >>+ } >>} >>} >> >> >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Packages
I am running version 0.75 upgraded from 0.74.8 and in either version I am unable to see any packages. It says Unable to retrieve package info from www.pfesnse.com. Cached data will be used. I received the same error from the 0.74.8 version. I could see them in the 0.74.0 version. Any ideas? Mike
[pfSense Support] TFTP and NTP server options in DHCP
Hi. I run an asterisk phone system at home and have SIP phones that depend on the DHCP server supplying tftp-server and ntp server info. I am thinking about moving to pfsense as my firewall, but the documentation and support forums seem unclear as to whether or not the DHCP server in pfsense can send these options. Are they supported in the GUI, via editing text files or not at all? Thanks, Mike Food fight? Enjoy some healthy debate in the Yahoo! Answers Food & Drink Q&A. http://answers.yahoo.com/dir/?link=list&sid=396545367
Re: AW: [pfSense Support] TFTP and NTP server options in DHCP
Are you talking about this page? http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden When I click on the link to the config.xml file, it doesn't work, and there are no DHCP options listed on that page. Thanks, mike - Original Message From: "Fuchs, Martin" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Friday, January 19, 2007 2:52:33 PM Subject: AW: [pfSense Support] TFTP and NTP server options in DHCP DIV { MARGIN:0px;} Hi ! pfSense can support further DHCP Options, they are listed under "hidden options" Have a look in the doc-pages ;-) Von: Mike Myers [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 19. Januar 2007 23:18 An: support@pfsense.com Betreff: [pfSense Support] TFTP and NTP server options in DHCP Hi. I run an asterisk phone system at home and have SIP phones that depend on the DHCP server supplying tftp-server and ntp server info. I am thinking about moving to pfsense as my firewall, but the documentation and support forums seem unclear as to whether or not the DHCP server in pfsense can send these options. Are they supported in the GUI, via editing text files or not at all? Thanks, Mike It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. http://tools.search.yahoo.com/toolbar/features/mail/
Re: AW: [pfSense Support] TFTP and NTP server options in DHCP
Sorry, as I said in my first note, I am looking for time server and tftp-server options, which are important for SIP phones. The tftp server isn't used for PXE, but for phone config files. Sorry for being dense here - is there a working link to the config.xml file that shows all the DHCP options? Thanks, mike - Original Message From: Scott Ullrich <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, January 20, 2007 10:26:04 AM Subject: Re: AW: [pfSense Support] TFTP and NTP server options in DHCP Sure there are DHCP options listed on that page: "dhcpd/(if)/next-server and dhcpd/(if)/filename These are used for PXE booting, and you should know what they do if you're trying to set up PXE." On 1/20/07, Mike Myers <[EMAIL PROTECTED]> wrote: > > Are you talking about this page? > http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden > > When I click on the link to the config.xml file, it doesn't work, and there > are no DHCP options listed on that page. > > Thanks, > mike > > > > - Original Message > From: "Fuchs, Martin" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: Friday, January 19, 2007 2:52:33 PM > Subject: AW: [pfSense Support] TFTP and NTP server options in DHCP > > > Hi ! > > pfSense can support further DHCP Options, they are listed under "hidden > options" > Have a look in the doc-pages ;-) > > > Von: Mike Myers [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 19. Januar 2007 23:18 > An: support@pfsense.com > Betreff: [pfSense Support] TFTP and NTP server options in DHCP > > > > > Hi. I run an asterisk phone system at home and have SIP phones that depend > on the DHCP server supplying tftp-server and ntp server info. I am thinking > about moving to pfsense as my firewall, but the documentation and support > forums seem unclear as to whether or not the DHCP server in pfsense can send > these options. Are they supported in the GUI, via editing text files or not > at all? > > Thanks, > Mike > > > > It's here! Your new message! > Get new email alerts with the free Yahoo! Toolbar. > > > TV dinner still cooling? > Check out "Tonight's Picks" on Yahoo! TV. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail
Re: AW: [pfSense Support] TFTP and NTP server options in DHCP
Thanks. This link makes it look like only the specific tftp-server option was committed to the CVS, and not the more generic one that enables me to set other options like time server as well. Is that correct? Is there a way to set a time-server option as well? Thanks, Mike - Original Message From: Rob Terhaar <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, January 20, 2007 11:22:54 AM Subject: Re: AW: [pfSense Support] TFTP and NTP server options in DHCP http://forum.pfsense.org/index.php?PHPSESSID=57e7842b266615391197d4e59d287662&topic=1192.0 On 1/20/07, Mike Myers <[EMAIL PROTECTED]> wrote: Sorry, as I said in my first note, I am looking for time server and tftp-server options, which are important for SIP phones. The tftp server isn't used for PXE, but for phone config files. Sorry for being dense here - is there a working link to the config.xml file that shows all the DHCP options? Thanks, mike - Original Message From: Scott Ullrich <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, January 20, 2007 10:26:04 AM Subject: Re: AW: [pfSense Support] TFTP and NTP server options in DHCP Sure there are DHCP options listed on that page: "dhcpd/(if)/next-server and dhcpd/(if)/filename These are used for PXE booting, and you should know what they do if you're trying to set up PXE." On 1/20/07, Mike Myers < [EMAIL PROTECTED]> wrote: > > Are you talking about this page? > http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden > > When I click on the link to the config.xml file, it doesn't work, and there > are no DHCP options listed on that page. > > Thanks, > mike > > > > - Original Message > From: "Fuchs, Martin" < [EMAIL PROTECTED]> > To: support@pfsense.com > Sent: Friday, January 19, 2007 2:52:33 PM > Subject: AW: [pfSense Support] TFTP and NTP server options in DHCP > > > Hi ! > > pfSense can support further DHCP Options, they are listed under "hidden > options" > Have a look in the doc-pages ;-) > > > Von: Mike Myers [mailto: [EMAIL PROTECTED] > Gesendet: Freitag, 19. Januar 2007 23:18 > An: support@pfsense.com > Betreff: [pfSense Support] TFTP and NTP server options in DHCP > > > > > Hi. I run an asterisk phone system at home and have SIP phones that depend > on the DHCP server supplying tftp-server and ntp server info. I am thinking > about moving to pfsense as my firewall, but the documentation and support > forums seem unclear as to whether or not the DHCP server in pfsense can send > these options. Are they supported in the GUI, via editing text files or not > at all? > > Thanks, > Mike > > > > It's here! Your new message! > Get new email alerts with the free Yahoo! Toolbar. > > > TV dinner still cooling? > Check out "Tonight's Picks" on Yahoo! TV. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut. TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/
[pfSense Support] High ping times over IPSec tunnels
Hello Everyone, I recently discovered that when my internet pipe (either upload or download (2Mb-down/1Mb-Up)) is saturated with traffic, the ping time to my remote site pfSense boxes is really high (sometimes 800-1000ms). My office uses pfSense (full) and all of my remote offices are connected via IPSec VPNs and use pfsense (embedded) with WRAP boards. However, when the internet pipe is saturated and the ping times get high to the remote sites, I get average ping times when pining sites that are not on our VPNs (i.e. pinging www.google.com I get ~80-100ms ping times). I thought this may be caused by the traffic shaper (even though I have all IPSec traffic as high-priority). Therefore, I turned off traffic shaping at the main office and at one of the remote sites, and ping times are still high through the VPN on high internet pipe loads. This leads me to believe it is a problem with the VPN tunnels. I know there is an extra system load for pvn traffic, but it does not make any sense to me why this only happens when there is a lot of internet traffic. NOTE: When I tested this with high internet loads, the traffic was non-vpn traffic. Any help would be much appreciated. Is there some settings I can tweak on the tunnels? I am using Blowfish for the encryption algorithm, SHA1 for the hash algorithm, DH key group = 2, lifetime = 28800 for the Phase 1 settings. Am using ESP, Blowfish, SHA1, and lifetime = 86400 for the phase 2 settings. Thanks in advance. Mike Lee
[pfSense Support] Upgrade question using LiveCD
Hello Everyone, I have a full install of pfSense (non-embedded) and would like to upgrade the current version, 1.0.1 to 1.2 Beta1. Can I use the iso.gz file to feed the firmware upgrade utility in pfSense? What is the best way to upgrade an non-embedded installation and not loose any config data? Thanks. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Upgrade question using LiveCD
Great! Thanks for your help. Mike Jaye Mathisen wrote: I upgraded just using the .tar.gz file (not an ISO) on my soekris. It worked fine, except it didn't shutdown/reboot, I had to manually reset it. Since then, it's been working great, and the addition of miniupnpd in the base install as well as the various improvements has been great... YMMV. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Upgrade question using LiveCD
Awesome! Thanks. Mike Scott Ullrich wrote: On 5/9/07, Mike Lee <[EMAIL PROTECTED]> wrote: Hello Everyone, I have a full install of pfSense (non-embedded) and would like to upgrade the current version, 1.0.1 to 1.2 Beta1. Can I use the iso.gz file to feed the firmware upgrade utility in pfSense? What is the best way to upgrade an non-embedded installation and not loose any config data? Thanks. Download http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/pfSense-Full-Embedded-Update-1.2-BETA-1-TESTING-SNAPSHOT-05-09-2007.tgz Visit System -> Firmware -> Enable firmware upgrade Click browse and find the downloaded file. Click upgrade. Click yes to the non-signed image question. That's it. I would recommend backing up your configuration from Diagnostics -> Backup / Restore just in case prior. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Shaping OpenVPN Tunnels (Take two)
Hello Everyone, I did some searching and found this previous discussion on shaping OpenVPN tunnels: http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 Basically the discussion ended with, that you cannot shape the OpenVPN tunnels because openvpn uses the TUN interface and the shaper looks for traffic on the LAN interface heading towards the WAN to shape. My question is, since this discussion is somewhat old, has there been any more progress/talk on getting the OpenVPN tunnels to shape properly? I would like to be able to shape them because I have some remote offices and plan on using OpenVPN tunnels for VoIP. I know you cannot shape traffic within VPN tunnels because they are encrypted, but I am planning on using specific ports for certain tunnels to pass only VoIP traffic through and shaping those OpenVPN ports. Thanks in advance. Mike Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Martin, Actually this is exactly what I want. I want to shape the entire OpenVPN tunnel entirely. This is because I will only be passing VoIP traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN tunnel over the standard port 1194 then I would like to shape all traffic on port 1194. I have tried this by using the wizard, specifying I want to shape VoIP, and then going and modifying the VoIP shaping rules to shape only port 1194. Unfortunately, I never see the traffic in the VoIP queue when I place calls to our remote offices over the OpenVPN tunnel. Thanks. Mike Fuchs, Martin wrote: > The general problem is not solved until now - encrypted tunnels cannot be > shaped... > There's the possibility to shape a whole OpenVPN tunnel (clientside) for > outgoing traffic, but I believe this is not what wou really want... > > What you are planning is some sort of traffic shaping on port based rules. > > It might be possible to do so, but perhaps you better ask scott for this when > he's back from bsdcan... > > Regards, > > Martin > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Donnerstag, 17. Mai 2007 16:40 > An: support@pfsense.com > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Hello Everyone, > > I did some searching and found this previous discussion on shaping > OpenVPN tunnels: > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > Basically the discussion ended with, that you cannot shape the > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > looks for traffic on the LAN interface heading towards the WAN to > shape. My question is, since this discussion is somewhat old, has there > been any more progress/talk on getting the OpenVPN tunnels to shape > properly? > I would like to be able to shape them because I have some remote > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > shape traffic within VPN tunnels because they are encrypted, but I am > planning on using specific ports for certain tunnels to pass only VoIP > traffic through and shaping those OpenVPN ports. > Thanks in advance. > > Mike Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Are you talking about the most recent 1.2 beta snapshot? I am running 1.2beta1 from 5/9/07 and it does not have this feature on the OpenVPN client setup. Thanks again. Mike Fuchs, Martin wrote: > Have a look at the openvpn client in the actual snapshot, there's the option > to shape an entire tunnel from clientside... perhaps it helps... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 15:46 > An: support@pfsense.com > Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Martin, > > Actually this is exactly what I want. I want to shape the entire > OpenVPN tunnel entirely. This is because I will only be passing VoIP > traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN > tunnel over the standard port 1194 then I would like to shape all > traffic on port 1194. I have tried this by using the wizard, specifying > I want to shape VoIP, and then going and modifying the VoIP shaping > rules to shape only port 1194. Unfortunately, I never see the traffic > in the VoIP queue when I place calls to our remote offices over the > OpenVPN tunnel. > Thanks. > > Mike > > Fuchs, Martin wrote: > >> The general problem is not solved until now - encrypted tunnels cannot be >> shaped... >> There's the possibility to shape a whole OpenVPN tunnel (clientside) for >> outgoing traffic, but I believe this is not what wou really want... >> >> What you are planning is some sort of traffic shaping on port based rules. >> >> It might be possible to do so, but perhaps you better ask scott for this >> when he's back from bsdcan... >> >> Regards, >> >> Martin >> >> -Ursprüngliche Nachricht- >> Von: Mike Lee [mailto:[EMAIL PROTECTED] >> Gesendet: Donnerstag, 17. Mai 2007 16:40 >> An: support@pfsense.com >> Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) >> >> Hello Everyone, >> >> I did some searching and found this previous discussion on shaping >> OpenVPN tunnels: >> >> http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 >> >> Basically the discussion ended with, that you cannot shape the >> OpenVPN tunnels because openvpn uses the TUN interface and the shaper >> looks for traffic on the LAN interface heading towards the WAN to >> shape. My question is, since this discussion is somewhat old, has there >> been any more progress/talk on getting the OpenVPN tunnels to shape >> properly? >> I would like to be able to shape them because I have some remote >> offices and plan on using OpenVPN tunnels for VoIP. I know you cannot >> shape traffic within VPN tunnels because they are encrypted, but I am >> planning on using specific ports for certain tunnels to pass only VoIP >> traffic through and shaping those OpenVPN ports. >> Thanks in advance. >> >> Mike Lee >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've upgraded my embedded client to 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't see the option to shape the entire tunnel under the OpenVPN-Client screen. Am I looking in the wrong area. I also tried to create a new tunnel and no shaping option either. Also re-ran the shaping wizard and no OpenVPN option. Thanks again for your help, it's much appreciated. Mike ** Fuchs, Martin wrote: > > > In the latest snap 14-5 it’s present… > > > > *Von:* Mike Lee [mailto:[EMAIL PROTECTED] > *Gesendet:* Freitag, 18. Mai 2007 18:30 > *An:* support@pfsense.com > *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels > (Take two) > > > > Are you talking about the most recent 1.2 beta snapshot? I am > running 1.2beta1 from 5/9/07 and it does not have this feature on > the OpenVPN client setup. Thanks again. > > Mike > > Fuchs, Martin wrote: > > Have a look at the openvpn client in the actual snapshot, there's the option to shape an entire tunnel from clientside... perhaps it helps... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 15:46 > An: support@pfsense.com <mailto:support@pfsense.com> > Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Martin, > > Actually this is exactly what I want. I want to shape the entire > OpenVPN tunnel entirely. This is because I will only be passing VoIP > traffic within this tunnel. Therefore, if I want to run my VoIP OpenVPN > tunnel over the standard port 1194 then I would like to shape all > traffic on port 1194. I have tried this by using the wizard, specifying > I want to shape VoIP, and then going and modifying the VoIP shaping > rules to shape only port 1194. Unfortunately, I never see the traffic > in the VoIP queue when I place calls to our remote offices over the > OpenVPN tunnel. > Thanks. > > Mike > > Fuchs, Martin wrote: > > > The general problem is not solved until now - encrypted tunnels cannot be shaped... > > There's the possibility to shape a whole OpenVPN tunnel (clientside) for outgoing traffic, but I believe this is not what wou really want... > > > > What you are planning is some sort of traffic shaping on port based rules. > > > > It might be possible to do so, but perhaps you better ask scott for this when he's back from bsdcan... > > > > Regards, > > > > Martin > > > > -Ursprüngliche Nachricht- > > Von: Mike Lee [mailto:[EMAIL PROTECTED] > > Gesendet: Donnerstag, 17. Mai 2007 16:40 > > An: support@pfsense.com <mailto:support@pfsense.com> > > Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > > > Hello Everyone, > > > > I did some searching and found this previous discussion on shaping > > OpenVPN tunnels: > > > > http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > > > Basically the discussion ended with, that you cannot shape the > > OpenVPN tunnels because openvpn uses the TUN interface and the shaper > > looks for traffic on the LAN interface heading towards the WAN to > > shape. My question is, since this discussion is somewhat old, has there > > been any more progress/talk on getting the OpenVPN tunnels to shape > > properly? > > I would like to be able to shape them because I have some remote > > offices and plan on using OpenVPN tunnels for VoIP. I know you cannot > > shape traffic within VPN tunnels because they are encrypted, but I am > > planning on using specific ports for certain tunnels to pass only VoIP > > traffic through and shaping those OpenVPN ports. > > Thanks in advance. > > > > Mike Lee > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > For additional commands, e-mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > > --
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Oh. I though you meant the client side. I'll upgrade our main pfSense box (server-side) and try again. Thanks and have a great weekend. Mike Scott Ullrich wrote: > The option resides in the OpenVPN server configuration screen. > > Scott > > > On 5/18/07, Mike Lee <[EMAIL PROTECTED]> wrote: >> > I've upgraded my embedded client to > 1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007 and I still don't >>> see the > option to shape the entire tunnel under the OpenVPN-Client screen. Am > I looking in the wrong area. I also tried to create a new tunnel and > no shaping option either. Also re-ran the shaping wizard and no > OpenVPN option. Thanks again for your help, it's much appreciated. > > Mike > ** > Fuchs, Martin wrote: >> > >> In the latest snap 14-5 it's present& > > > >> *Von:* Mike Lee [mailto:[EMAIL PROTECTED] >> *Gesendet:* Freitag, 18. Mai 2007 18:30 >> *An:* support@pfsense.com >> *Betreff:* Re: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels >> (Take two) > > > >> Are you talking about the most recent 1.2 beta snapshot? I am >> running 1.2beta1 from 5/9/07 and it does not have this feature on >> the OpenVPN client setup. Thanks again. > >> Mike > >> Fuchs, Martin wrote: > >> Have a look at the openvpn client in the actual snapshot, there's the >>> option to shape an entire tunnel from clientside... perhaps it helps... > >> -Ursprüngliche Nachricht- >> Von: Mike Lee [mailto:[EMAIL PROTECTED] >> Gesendet: Freitag, 18. Mai 2007 15:46 >> An: support@pfsense.com <mailto:support@pfsense.com> >> Betreff: Re: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > >> Martin, > >> Actually this is exactly what I want. I want to shape the entire >> OpenVPN tunnel entirely. This is because I will only be passing VoIP >> traffic within this tunnel. Therefore, if I want to run my VoIP >>> OpenVPN >> tunnel over the standard port 1194 then I would like to shape all >> traffic on port 1194. I have tried this by using the wizard, >>> specifying >> I want to shape VoIP, and then going and modifying the VoIP shaping >> rules to shape only port 1194. Unfortunately, I never see the traffic >> in the VoIP queue when I place calls to our remote offices over the >> OpenVPN tunnel. >> Thanks. > >> Mike > >> Fuchs, Martin wrote: > > >> The general problem is not solved until now - encrypted tunnels >>> cannot be shaped... > >> There's the possibility to shape a whole OpenVPN tunnel >>> (clientside) >>> for outgoing traffic, but I believe this is not what wou really want... > > > >> What you are planning is some sort of traffic shaping on port >>> based >>> rules. > > > >> It might be possible to do so, but perhaps you better ask scott >>> for >>> this when he's back from bsdcan... > > > >> Regards, > > > >> Martin > > > >> -Ursprüngliche Nachricht- > >> Von: Mike Lee [mailto:[EMAIL PROTECTED] > >> Gesendet: Donnerstag, 17. Mai 2007 16:40 > >> An: support@pfsense.com <mailto:support@pfsense.com> > >> Betreff: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > > >> Hello Everyone, > > > >> I did some searching and found this previous discussion on >>> shaping > >> OpenVPN tunnels: > > > > >>> http://forum.pfsense.org/index.php?PHPSESSID=836df07da7c9becd9259e22e1847c7ae&topic=3013.0 > > > > >> Basically the discussion ended with, that you cannot shape the > >> OpenVPN tunnels because openvpn uses the TUN interface and the >>> shaper > >> looks for traffic on the LAN interface heading towards the WAN to > >> shape. My question is, since this discussion is somewhat old, has >>> there > >> been any more progress/talk on getting the OpenVPN tunnels to >>> shape > >> properly? > >> I would like to be able to shape them because I have some >>> remote > >> offices and plan on using OpenVPN tunnels for VoIP. I know you >>> cannot > >> shape traffic within VPN tunnels because they are encrypted, >>> but I am > >> planning on using specific ports for certain tunnels to pass only >>> VoIP > >> traffic throu
Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Sorry guys, but when I looked at the OpenVPN server options on one of our OpenVPN boxes running the 5/14 snapshot, I don't see any options for shaping the tunnel. Below are the options I have: Disable this tunnel Protocol Dynamic IP Local port Address pool Use static IPs Local network Remote network Client-to-client VPN Cryptography Authentication method Shared key etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two)
Ok. I'll just hold tight for now. Do you know if this functionality will make it into the final 1.2 release or will it be in future point (1.3, etc.) releases? Thanks. Mike Fuchs, Martin wrote: > Shaping only works from client side at the moment... > I'm looking how to shape from server side but at the monemt it's not > possible... > > -Ursprüngliche Nachricht- > Von: Mike Lee [mailto:[EMAIL PROTECTED] > Gesendet: Freitag, 18. Mai 2007 22:48 > An: support@pfsense.com > Betreff: Re: AW: AW: AW: [pfSense Support] Shaping OpenVPN Tunnels (Take two) > > Sorry guys, but when I looked at the OpenVPN server options on one of > our OpenVPN boxes running the 5/14 snapshot, I don't see any options for > shaping the tunnel. Below are the options I have: > > Disable this tunnel > Protocol > Dynamic IP > Local port > Address pool > Use static IPs > Local network > Remote network > Client-to-client VPN > Cryptography > Authentication method > Shared key etc. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Mike Lee IT Manager - Biosource America Biosource America, Inc. The contents of this e-mail correspondence are considered confidential and privileged and otherwise protected from disclosure by BIOSOURCE AMERICA, INC., a wholly owned subsidiary of Nova Biosource Fuels, Inc. This correspondence and its contents are for distribution to and for use by the named parties only. If you have received this correspondence in error, please contact us without delay. -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.1 (Darwin) mQGiBEZN5H8RBADDzHaIUMPXer3aBqLUGF8h+sRdSTvUAIueqzd9Lbxwn0S09sYf J6X4gnmxjoZDyN+aCAQQxK1biAd95nPn0vbyIoEIaPo0UYgG9KjsKK4DHNv0C/Os ttYVzJX3rsezB87GTFHznYzJxIXFJZoKyXcW2SQp9wUhpaEw7ddA3DJyDwCghoXq IS4wyPK0M9qAXNKGjmWt7bkD/RJAqY7GdMFTTmu1MZ+hbmfHT0pdsS3KoBGTlngP mvbL2cIS0KeB7haYLGcjddrg2E0FiC1I9NBuwVrfvA8mItemHshYo+YkQHblAUhc JQC7dGTQU+YimJyp3HnGRKvONfb6uvSfQDcYARINqcS75+ufJgmdH2ZZXogjDS7N WnKFBAC7/+VM1FkVZRS4TIk2JiIEz1h9zBlRADJzzTTf+WeJvWCrXeEQ5TaPEH7X Xvc8g30uP9xSK/1fQ8G1eb+jvXBHnZOfyjXqHFK/dPzp1z+XHTkGq6ByvcWg5jnf BPL2zOF3c003mVPqUinnLdUbGc5K7SDScN5/+6CQWNFg4NNLZLQ5TWljaGFlbCBM ZWUgKEJpb3NvdXJjZSBBbWVyaWNhKSA8bWxlZUBiaW9zb3VyY2VmdWVscy5jb20+ iGQEExECACQFAkZN5H8CGwMFCQHhM4AGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQ QSbcfXk9NL9z1ACeN6SIM02US339IcsCIOAHZHuJ0/QAn1mgTuKU6yfbtdEvg0by cd+nb4E+uQINBEZN5NAQCADg7GcN/KjGb7pa6qQvOFz4YGDj0vigYGh5s6PKeUoM TW65h5zOcWmJYsYNv7Rg90RFOdRS/sqaOrmBD1bGuC3jN+JXM71vnHK+P/nNlT2y DoP3xJgGDqbqr74cjNSxaaVQnr7k2Ns2hHpG/b5oYB0Dn6UTkOvPIfRYFnENq1X0 /YmAEVSCUF5pjmcykXbuZ8AfX4zoBVH/js6ufY14yqhIiGzxYralrS69ATTL65VH wOWmU54bMX9iOWBySBnj46lEjn4KLsrouL04m6cKKO2w1aeR8vu12UxxLcAdMQ3b vE83p6CW1bC0h/ifyziThNznm3Pk3dBQlVxSVanVjnb3AAMFB/4oV7FIjunmDsvP Fczv/4femQsSMYEt6VdsU16R6u4ZpTNmupSVdJy+Gr+AzDzvvdkk/FFenywaU/WG aWamv456oRKe26jJQxAbKXIdlL3pGsSu+E8eirgZB//rNfUvc5zBAVjE3kfDSr6X MlzBlMiQIRWtakxGB2I/R9YrHQ0AwPzMM4ENE915tc6hRHJhQu/bcHjhhszxmB+I T+rHnsbOj6h0K8m1CW8FNhwTHBmHAJERoD8zwNOHMgXXQ0Ll8eXtrM9FlcGKzglq f+sWoKTBS+esKp/wAXHJgZVlkxL855ln+YdRhUvLZnuNTYf6Xme4Lf3G60pBxUbh h6CSIarAiE8EGBECAA8FAkZN5NACGwwFCQHhM4AACgkQQSbcfXk9NL8nVwCdGYBD K2HaCtPrv5B1JZHNiAQl4H4AnR5QcJV7O3+NoMsC3nzjJ2NB6QGy =hkcV -END PGP PUBLIC KEY BLOCK- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Support in 1.3 for nforce ethernet driver?
Hi. I am redoing a bunch of servers to rack amount everything, and I figured it would be good to move my pfsense firewall to a more modern hardware config at the same time I stuffed it into a 2U rackmount case. My new Since the hardware compatibility list said nforce and my old nforce2 based system worked fine, I went with a new hardware config is an AMD CPU with an Nforce 430 based motherboard with integrated 6150 graphics. When I tried to load pfsense 1.3 RC3 on it, it failed to detect the onboard interface. Upon closer study, it looks like this interface is supported by the nfe driver, which doesn't appear to be part of pfsense 1.3. I found a reference to a freebsd 6 nve driver here: http://www.f.csce.kyushu-u.ac.jp/~shigeaki/software/freebsd-nfe.html. Is it possible to get this added to pfsense? These motherboards are quite popular for small firewalls because of the onboard video support. Thanks Mike __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Support in 1.3 for nforce ethernet driver?
I've had pretty decent with these boards under linux, but pfsense is my first foray into freebsd territory. Pfsense supports a ton of ethernet interfaces, and I was just surprised this didn't work. Thanks, Mike - Original Message From: Joel Robison <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, November 10, 2007 2:16:39 PM Subject: Re: [pfSense Support] Support in 1.3 for nforce ethernet driver? Hello, I have had a bad experience with that chipset myself. The board doest perform very well even with the driver working correctly ( I had to modify the driver to include the MCP51 ethernet device and recompile). If you have something else, preferably intel, I would suggest using that instead. Thats my 2 cents. -Joel On Nov 10, 2007, at 2:04 PM, Mike Myers wrote: > Hi. I am redoing a bunch of servers to rack amount everything, and > I figured it would be good to move my pfsense firewall to a more > modern hardware config at the same time I stuffed it into a 2U > rackmount case. > > My new Since the hardware compatibility list said nforce and my old > nforce2 based system worked fine, I went with a new hardware config > is an AMD CPU with an Nforce 430 based motherboard with integrated > 6150 graphics. > > When I tried to load pfsense 1.3 RC3 on it, it failed to detect the > onboard interface. Upon closer study, it looks like this interface > is supported by the nfe driver, which doesn't appear to be part of > pfsense 1.3. I found a reference to a freebsd 6 nve driver here: http://www.f.csce.kyushu-u.ac.jp/~shigeaki/software/freebsd-nfe.html > . > > Is it possible to get this added to pfsense? These motherboards are > quite popular for small firewalls because of the onboard video > support. > > Thanks > Mike > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Support in 1.3 for nforce ethernet driver?
BTW, it looks like this driver is part of freebsd 7, so it will get fully supported some time in the future. It would just be nice sooner rather than later... :-) thx mike - Original Message From: Joel Robison <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, November 10, 2007 2:16:39 PM Subject: Re: [pfSense Support] Support in 1.3 for nforce ethernet driver? Hello, I have had a bad experience with that chipset myself. The board doest perform very well even with the driver working correctly ( I had to modify the driver to include the MCP51 ethernet device and recompile). If you have something else, preferably intel, I would suggest using that instead. Thats my 2 cents. -Joel On Nov 10, 2007, at 2:04 PM, Mike Myers wrote: > Hi. I am redoing a bunch of servers to rack amount everything, and > I figured it would be good to move my pfsense firewall to a more > modern hardware config at the same time I stuffed it into a 2U > rackmount case. > > My new Since the hardware compatibility list said nforce and my old > nforce2 based system worked fine, I went with a new hardware config > is an AMD CPU with an Nforce 430 based motherboard with integrated > 6150 graphics. > > When I tried to load pfsense 1.3 RC3 on it, it failed to detect the > onboard interface. Upon closer study, it looks like this interface > is supported by the nfe driver, which doesn't appear to be part of > pfsense 1.3. I found a reference to a freebsd 6 nve driver here: http://www.f.csce.kyushu-u.ac.jp/~shigeaki/software/freebsd-nfe.html > . > > Is it possible to get this added to pfsense? These motherboards are > quite popular for small firewalls because of the onboard video > support. > > Thanks > Mike > > > > > __ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Support in 1.3 for nforce ethernet driver?
I expected you'd be moving to freebsd 7 at some point, but is their no chance to get it supported in 1.2? Thanks, Mike - Original Message From: Scott Ullrich <[EMAIL PROTECTED]> To: support@pfsense.com Sent: Saturday, November 10, 2007 2:34:35 PM Subject: Re: [pfSense Support] Support in 1.3 for nforce ethernet driver? On Nov 10, 2007 5:29 PM, Mike Myers <[EMAIL PROTECTED]> wrote: > I've had pretty decent with these boards under linux, but pfsense is my first foray into freebsd territory. Pfsense supports a ton of ethernet interfaces, and I was just surprised this didn't work. Support for these types of NICS are in FREEBSD 7 and will be coming to pfSense early next year. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Basics of connecting 2 or more WAN ports
Hi Gary, Firstly thanks for the prompt response ! I have finally found some documentation, I will go about that shortly. I think one of my problems is DNS and handling those requests. Please confirm how I go about setting up static routes to the DNS servers belonging to a particular WAN connection. Lastly what is the difference between setting up firewall rules under the LAN tab vs the WAN tab ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 18 Feb 2008 05:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] Basics of connecting 2 or more WAN ports Mike, Item 1 is a FAQ. The answer is that pfSense only supports PPPoE on the primary WAN interface. All other OPT interfaces treated as WANs must use a device in front of them to negotiate the PPPoE connection and provide a static IP address. Load balancing is configured in the Load Balancing dialog inside the pfSense webGUI. Consult the pfSense documentation on setting up outbound load balancing. A common mistake people make when configuring outbound load balancing is that they neglect to set up static routes to the DNS servers belonging to a particular WAN connection. -Gary Mike Lever wrote: > > Hi, > > > > I have been searching high and low but I cannot seem to find anywhere > a manual or instructions on how to setup multiple WAN ports only, no > DMZ, SMTP , HTTPS etc separation. All I want to do is correctly > balance my 5 DSL lines using PFsense 1.2RC4 > > > > My questions are as follows: > > > >1. How can I setup multiple PPPoe sessions ? I can see the one WAN > port where it allows me to but on the option cards all I can > select is static and DHCP. If I use DHCP how do I set the > firewall to allow an internal IP address access to the router ? >2. How does the firewall work ? Where do I set load balancing rules > ? on the LAN / on each WAN port or both ? >3. What else do I need to set ? >4. how would I set DNS if I have a separate DHCP server ? > > > > I understand these may be basic questions but seem to be pulling my > hair out over this combination that works very intermittently. > > > > Any feedback would gladly be appreciated ! > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > http://www.velocityfilms.com > > > > > > *CONFIDENTIALITY CAUTION*: If you have received this communication in > error, please note that it is intended for the addressee only, is > privileged and confidential and dissemination or copying prohibited. > Please notify us immediately by e-mail and return the original > message. Thank you. > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Setting gateways ?
Thanks, I have used those documents, only problem is that gateway issue. I cant seem to separate is and seem to be getting the gateway from one of my other interface cards. What can I check to ensure it has its own gateway ? I have set it up in interface setup as that way but when I view the interface status is shows the shared one. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: 26 Feb 2008 11:00 PM To: support@pfsense.com Subject: Re: [pfSense Support] Setting gateways ? > In a nutshell I have 3 DSL lines ( currently 1 x PPPoe, 1 static and 1 DHCP) > > What, in your opinion is the best setup ? (I can make all of the above > static ) > > How do I go about setting up the gateways so I achieve load balancing but > that traffic goes through the relevant gateway and not shared ? The multi-WAN document should cover what you're looking for: http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing Do note that in 1.2, only one interface can connect via PPPoE; if you have a choice, it would definitely simplify your setup to make them all static, or at least DHCP. If you want specific clients to go through specific circuits, that's a slightly different setup; you'll want to use source-based routing (search wiki/mailing list for documentation). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load kernel error
While trying to upgrade to 1.2 using the webgui update I received an error during the next bootup Loading /boot/defaults/loader.conf Unable to load a kernel ! - Cant load 'kernel' It freezes there.. I've tried to reinstall from scratch, the setup runs fine but freezes at the same point in bootup. What did I do wrong and what can I do to correct it ? using the Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load kernel error
Hi Gary, Thanks for that info. I am using a standard installation not an embedded device (I think, I'm working off a standard desktop, HDD, no CF) I also tried a fresh re-install and it installs fine, then boots up. I noticed the problem. The platform is CDROM and obviously disk usage is at 100%. So it appears to be working off the CD and not the HDD During installation, how do I set it to format the HDD and install on the hard drive ? I have watched the installation and it is all automated and doesn't allow me to set the target installation. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 28 Feb 2008 07:55 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load kernel error Can I assume that this is an embedded device you're trying to upgrade? If so, this is a reported issue and has been discussed several times on this mailing list. Use the shell upgrade method provided or re-flash your CF card. Mike Lever wrote: > While trying to upgrade to 1.2 using the webgui update I received an error > during the next bootup > > Loading /boot/defaults/loader.conf > Unable to load a kernel ! > - > Cant load 'kernel' > > It freezes there.. I've tried to reinstall from scratch, the setup runs fine > but freezes at the same point in bootup. > > What did I do wrong and what can I do to correct it ? using the > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCPDISCOVER
Looking at my system log I see repeated messages dhclient[12649]: DHCPDISCOVER on rl0 to 255.255.255.255 port 67 interval 13 Now rl0 is statically configured and should be needing any form of DHCP, where is this coming from ? and how do I stop it ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing further info
Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesnt seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing further info
Thanks Sean for the clarification. One point of clarification.. can you please define exactly what a 'state' is ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 <mailto:[EMAIL PROTECTED]> <http://www.velocityfilms.com> http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. _ From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 04 Mar 2008 07:44 PM To: support@pfsense.com Subject: RE: [pfSense Support] Load Balancing further info load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Tue, 4 Mar 2008 16:50:26 +0200 > Subject: [pfSense Support] Load Balancing further info > > Hi, > > Excuse my ignorance on this one. > > I am having a debate with my boss. > > Please explain to me the basics of load balancing ? > > IP address x is accessing www.cnn.com > > It arrives at the load balancer which at that point in time pings a > pre-determined gateway / IP address. Based on that speed, it will then > submit the request over that line and wait for the transmission ? > > How does it actually decide which WAN port to send the packet ? is it > constantly pinging on all WAN ports ? > > How is a typical webpage broken down into packets ? i.e. how many packets > are there in a typical page ? > > Again apologies for the simple ness...just want to get my head around the > load balancing / round robin concept. > > Lastly, looking at usage on the interfaces. My WAN port is showing quite a > bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as > close to the manual as possible but it doesn't seem to be load balancing > correctly. > > > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ Helping your favorite cause is as easy as instant messaging. You IM, we give. Learn more. <http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join>
RE: [pfSense Support] Load Balancing further info
<>
[pfSense Support] Fatal trap 12 during installation
Hi, While trying to install Pfsense on a box I come across the following error: Fatal Trap 12: page fault while in kernel mode Fault virtual address = 0x10 Fault code = supervisor read, page not present Instruction pointer = 0x28:0xc0745010 Stack pointer = 0x28:0xc0c208f8 Frame pointer = 0x28:0xc0c208f8 Code segment= base 0x0, limit 0xf, type 0x1b = DPL0, pres1, def32 1, gran 1 Processor eflags= interrupt enabled, resume, IOPL = 0 Current process = 0 (swapper) Trap number = 12 Panic: page fault Uptime: 1s My hardware setup is as follows: 2 x D-Link DFE-580TX 4-Port 10/100 Mbps Ethernet Server PCI Adapter 1 x Intel Core 2 Duo E4500 2.2GHz 2MB 800Mhz FSB LGA775 Processor 1 x Intel Plum Creek D945GCPE Motherboard w/A8 + G + L + SATA2 1 x Seagate 80GB Barracuda SATA300 8MB 7200RPM Hard Drive w/NCQ 2 x Sony 52x CD-ROM Drive - OEM - Black 1 x Kingston DDR2-1066 1GB HyperX Memory Module What can I check / do ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
The last line before the error is: ste0: http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 07:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation What part of the install does this happen? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
Done ! removed them and it works fine. I put the 2 x Dlinks into an old P4 its boots up fine ! So then the problem is the board ? processor ? Can you suggest a board that you know for certain works with either the dlinks or Intel 4 port cards ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 07:55 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation On 3/19/08, Mike Lever <[EMAIL PROTECTED]> wrote: > The last line before the error is: > > ste0: pci3 Try removing one of the dlink 4 port cards. I get similar panics when trying to use 2 PCI-E 4-port intel gigabit cards as well. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
No such luck with these cards in that board, tried RC2, 3 & 4 to no avail Working fine off a P4 box as a temporary measure. I will be getting 1 x Intel quad card and 1 x dual card and hopefully that will do the trick. Will keep you posted Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 08:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation On 3/19/08, Mike Lever <[EMAIL PROTECTED]> wrote: > Done ! removed them and it works fine. I put the 2 x Dlinks into an old P4 > its boots up fine ! > > So then the problem is the board ? processor ? > > Can you suggest a board that you know for certain works with either the > dlinks or Intel 4 port cards ? My very uneducated guess about this would be there is something strange in the interrupt routing or APIC code. Make sure your bios is on the latest and greatest version. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Schedule firewall - Creative solution required
Hi, Wandering if anybody has an idea for me with my dillema... I have 5 WAN ports, 4 of them I get charged per Gb while the 5th is uncapped.. On my previous load balancer I was able to create a ''call schedule'' whereby the 4 'capped' WAN ports would be deactivated at night and then reactivate in the morning. Thereby only allowing traffic throught the 5th wan port which is uncapped. I see pfsense doesn't support such a function (yet). The one option is to set each of those 4 routers individually to disconnect their own WAN sessions but then can I safely rely on the load balancer to take those off the RRD ? Additionally when I reach my cap and get throttled down to a snails pace, I would like the load balancer to take that WAN port out of the RRD. Is it possible to configure the ICMP setting whereby if a ping is taking too long then it disables the interface ? Or maybe to monitor total amount of Gb's uploaded and downloaded and then disconnect once reached the limit ? Any help or ideas would greatly be appreciated ! Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Routing MSN
Hi, Been having problems the last few days with users on my LAN not being able to login to MSN messenger. I have been fiddling around on my firewall but unsure what I affected to make this change. How can I route all mu MSN traffic through a specific wan port ? I have 5 various types and would like to direct it through one of them. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Routing MSN
Hi Chris, When I set my firewall as you said below it still wouldn't allow me to log on to MSN. The only way I get it to work is by setting the any rule on all the criteria: Proto Source PortDestination PortGateway ScheduleDescription * * * * * * Only problem with this is then I lose out on my load balancing rule. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: 07 Apr 2008 01:56 AM To: support@pfsense.com Subject: Re: [pfSense Support] Routing MSN Mike Lever wrote: > Hi, > > Been having problems the last few days with users on my LAN not being able > to login to MSN messenger. I have been fiddling around on my firewall but > unsure what I affected to make this change. > > How can I route all mu MSN traffic through a specific wan port ? I have 5 > various types and would like to direct it through one of them. > It appears to use TCP port 1863. http://en.wikipedia.org/wiki/MSN_Messenger#Protocol You just need to setup a rule on your LAN interface allowing TCP 1863 specifying the gateway of the WAN you wish to use for it. Make sure you put that rule above any other rules that would match that traffic or the rule won't work (first match wins). Advanced Outbound NAT is not required and should not be used unless you have another reason for using it. Outbound NAT rules are automatically generated for all WANs (unless you use AON), and only firewall rules can direct traffic out a specific WAN. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Routing MSN
Hi Curtis, Thanks for the advise, I will give wireshark a bash, just not sue how to find where things are going wrong with MSN ? I dont see any errors in the log either I just see sessions going through their normal process. I seemed to make some changes today and it works. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: 07 Apr 2008 04:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Routing MSN I've never actually herd of having to open any ports for MSN to function properly. Now, I only use the messenger portion of this so I may not have ever had the need. Without adding any special rules to the firewall or changing the outbound NAT, do you get any error messages in the log? Have you used Wireshark or done any packet inspection on the PC or firewall? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Where do I put squid ?
Ive got Pfsense running on one box going out to 5 DSL WAN Ports. I have now setup a squid box running separately. I would like to run it as a transparent proxy on my network. How do you suggest I set it up ? Do I put another NIC in the squid box, then setup a firewall rule to route all http traffic to the squid box / gateway and then load balance the squid boxs traffic out ? The Pfsense box IP = 10.0.0.3 Squid IP = 10.0.0.197 Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Hi Dean , Thanks for the feedback, so are you suggesting I only use 1 NIC for the squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network and 1 going BACK to the Pfsense. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Dean Larson [mailto:[EMAIL PROTECTED] Sent: 11 May 2008 01:28 PM To: support@pfsense.com Subject: RE: [pfSense Support] Where do I put squid ? i think it would be cool to route http traffic to the squid box, but put a rule just infront of it to allow your squid box to go out the firewall. for security i would not allow a second nic to go out the squid box onto the internet. i myself set up the browsers manually for the squid box. at another gig i had, we put a file on a server that gave the browser setting: included proxy settings as well as browser bypass for local browsing. it's been a while, so i'd have to do some digging through my old files. : i'm a bit brain dead today > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Sun, 11 May 2008 10:25:14 +0200 > Subject: [pfSense Support] Where do I put squid ? > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have now > setup a squid box running separately. I would like to run it as a > transparent proxy on my network. How do you suggest I set it up ? > > Do I put another NIC in the squid box, then setup a firewall rule to route > all http traffic to the squid box / gateway and then load balance the squid > box's traffic out ? > > The Pfsense box IP = 10.0.0.3 > Squid IP = 10.0.0.197 > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ With Windows Live for mobile, your contacts travel with you. http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo bile_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Done that, but where I was battling was setting IP addresses on the pfsense interface (the squid is static) what do I set as the ip address and gateway ? Also how do I configure the firewall rules ? Any ideas there ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 20:18 Subject: RE: [pfSense Support] Where do I put squid ? Just setup the pfSense DHCP Server to use the squid box as gateway address. Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > Hi Dean , > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > and 1 going BACK to the Pfsense. > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > -Original Message- > From: Dean Larson [mailto:[EMAIL PROTECTED] > Sent: 11 May 2008 01:28 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] Where do I put squid ? > > > i think it would be cool to route http traffic to the squid box, but put a > rule just infront of it to allow your squid box to go out the firewall. for > security i would not allow a second nic to go out the squid box onto the > internet. > > i myself set up the browsers manually for the squid box. at another gig i > had, we put a file on a server that gave the browser setting: included proxy > settings as well as browser bypass for local browsing. it's been a while, > so i'd have to do some digging through my old files. : i'm a bit brain dead > today > > > > > From: [EMAIL PROTECTED] > > To: support@pfsense.com > > Date: Sun, 11 May 2008 10:25:14 +0200 > > Subject: [pfSense Support] Where do I put squid ? > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > now > > setup a squid box running separately. I would like to run it as a > > transparent proxy on my network. How do you suggest I set it up ? > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > all http traffic to the squid box / gateway and then load balance the > squid > > box's traffic out ? > > > > The Pfsense box IP = 10.0.0.3 > > Squid IP = 10.0.0.197 > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > _ > With Windows Live for mobile, your contacts travel with you. > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > bile_052008 > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely I must set some rules on the firewall to route all http traffic to the squid box and back to the pfsense box ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 21:27 Subject: RE: [pfSense Support] Where do I put squid ? Ok, on the DHCP Server you have as gateway the squid server, and the squid server will have as gateway the pfsense IP (that way you won't need to have 2 interfaces on the squid server, since it's all in the same subnet). About the rules, use only the squid server to apply the squid rules, and the rest, leave it on the pfsense (port blocking and stuff). Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > Done that, but where I was battling was setting IP addresses on the pfsense > interface (the squid is static) what do I set as the ip address and gateway ? > Also how do I configure the firewall rules ? > > Any ideas there ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 20:18 > Subject: RE: [pfSense Support] Where do I put squid ? > > Just setup the pfSense DHCP Server to use the squid box as gateway > address. > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > Hi Dean , > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > > and 1 going BACK to the Pfsense. > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > -Original Message- > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > Sent: 11 May 2008 01:28 PM > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > rule just infront of it to allow your squid box to go out the firewall. for > > security i would not allow a second nic to go out the squid box onto the > > internet. > > > > i myself set up the browsers manually for the squid box. at another gig i > > had, we put a file on a server that gave the browser setting: included proxy > > settings as well as browser bypass for local browsing. it's been a while, > > so i'd have to do some digging through my old files. : i'm a bit brain dead > > today > > > > > > > > > From: [EMAIL PROTECTED] > > > To: support@pfsense.com > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > now > > > setup a squid box running separately. I would like to run it as a > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > > all http traffic to the squid box / gateway and then load balance the > > squid > > > box's traffic out ? > > > > > > The Pfsense box IP = 10.0.0.3 > > > Squid IP = 10.0.0.197 > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying p
[pfSense Support] USB to Ethernet
In south Africa we have had the emergence of a second network operator and a converged voice and data offering. Their only initial offering is an all-in-one device http://www.neotel.co.za/neotel/view/neotel/en/page789 The only way to access data using this device is via a mini-usb at the back. Can anybody suggest the best way to incorporate this as a WAN port in Pfsense ? I currently have it running through an old laptop using XP ICS ( Internet Connection sharing), seems to be doing an okay job but wandering if there are any better alternatives out there ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Setting failover parameters
Firstly, on what basis does failover work ? when is it activated ? Is it possible to set the conditions on which it switch over ? I would like to set it that should throughput drop below a certain speed for x seconds it will failover. Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "Chris Buechler" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-06-25 07:19 Subject: Re: [pfSense Support] error in firewall rules with FTP helper on embedded On Tue, Jun 24, 2008 at 9:36 AM, Vivek Khera <[EMAIL PROTECTED]> wrote: > > I've had passwd file corruption before a couple of times during power > failures, etc. > Hah Of course *you* have, Vivek. ;) If only any of the developers could replicate embedded problems like it seems only you can :) 1.3 embedded will (hopefully) be based on NanoBSD and support multiple firmware installs (primary/backup or what have you), and upgrades will be essentially the same as m0n0wall's - i.e. bulletproof. I say hopefully because it's still a work in progress, but there is a working proof of concept and it appears that's the way things will end up. It's not pfSense code related, or it'd be happening on full installs as well, and we'd be hearing about it a lot more. Looking at just one mirror out of 11 (NYI), the 1.2 release iso has been downloaded 228,094 times, 1.2 embedded 30,723 times. We haven't heard of this ever happening on a full install, and we definitely would have by now if it were happening with more than 7 times as many downloads. So it's something to do with how we're doing embedded, and going the NanoBSD route eliminates this and takes us back to being more m0n0wall-like on embedded. pfSense 1.3 should offer an excellent embedded if this all shapes up as planned. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Easy way to change ISP info
In our country at the moment we are experiencing connectivity problems. When this occurs I then have to connect to each of my 7 WAN/DSL routers, change login info to an alternate ISP's, then reset the load balancer pool to another pool. Will there be a feature in 1.3 wherby you can select PPPoE dialup in pfsense for every WAN/OPT card as opposed to only the primary WAN ? Does anybody else have a simila situation ? Any ideas / suggestions how I can streamline this process ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Incorporating squid
Hi all, I have just had a squid box configured and am about to implement it on on my network. I would like to ask you how you suggest I place it and route traffic accordingly. Is anybody currently using squid boxes with pfsense. I can't use the onboard package as I have multiple WAN ports. Any help would greatly be appreciated ! Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Incorporating squid
Hi Tim, Thank you very much for that feedback. One question. Once I have setup things as you suggested below, will requests from the squid box out to the internet cloud be load balanced ? I.e.: How do I ensure that the outgoing traffic that is not on the proxy server is load balanced ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Tim Nelson [mailto:[EMAIL PROTECTED] Sent: 20 Aug 2008 11:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Incorporating squid I recently implemented a pfSense + Squid setup for a school. You'll need to make sure that the box you're running squid on is on a different interface than the subnet(s) you want filtered. The rules that redirect traffic destined on port 80 apply globally to an interface so if your squid box lies on that same interface, it will not be able to 'get out' either. Go into NAT, then add a new 'Port Forward'. Use these values: Interface: the interface traffic will be coming in. If you want to filter your LAN clients, select LAN here External Address: any Protocol: TCP External Port Range: 80 (HTTP should be in the drop down box) NAT IP: The IP of your squid box Local Port: The port you have squid running on Save your entries and then apply the changes. Any existing states will not be affected (I don't *think*) so you may have to clear your state tables before this becomes effective for all clients. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - "Mike Lever" <[EMAIL PROTECTED]> wrote: > Hi all, > > I have just had a squid box configured and am about to implement it on > on my network. > > I would like to ask you how you suggest I place it and route traffic > accordingly. Is anybody currently using squid boxes with pfsense. I > can't use the onboard package as I have multiple WAN ports. > > Any help would greatly be appreciated ! > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Monitoring throughput
Hi, I have just received a bill from my ISP for usage of 270Gb for one month traffic. I would like to verify this from my side. Can anybody please suggest a package or solution to use together with Pfsense ? Best regards, Mike Mike Lever +27 82 903 8613 Mobile +27 11 807 0100 Telephone +27 11 807 1208 Fax http://www.velocityfilms.com Cannes Silver Lion 08 | Allan Gray "Beautiful" Cannes Bronze Lion 08 | MTN "Clap D&AD Annual 08 | MTN Clap Clios 08 | Cinematography & Direction | MTN Clap Clios TV Hall of Fame | Keith Rose AdReview Director of the Year 08 | Greg Gray Loeries Grand Prix 08 | Allan Gray Beautiful Please do not print this mail unless necessary. Save paper This email is subject to Velocity's legal notice: http://velocityfilms.com/_emaildisclaimer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Monitor IP address
Hi, Can somebody please explain to me exactly how this works. I am having an argument with my superior. He is insistent on setting the monitor IP addresses in my load balancer pool to the same IP address. In his mind it makes sense, as that way it will pick up which line is the fastest to the same point and route accordingly. I read in the manuals that these IP addresses should be unique, and therefore did as the manual said. What will happen if they are set to the same address and why is that so ? Here is my thinking on how it works, please correct me where I am going wrong. I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 & WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. Then why set the unique IP addresses ? Best regards, Mike Mike Lever +27 82 903 8613 Mobile +27 11 807 0100 Telephone +27 11 807 1208 Fax http://www.velocityfilms.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Monitor IP address
Thanks for the explanation Bill. Can you please elaborate where you mention: "You'll actually lose link failure detection" What exactly is link failure detection ? I understand the meaning of the words in isolation but can you elaborate in the load balancing / Pfsense context ? "Whichever link came up last will set the route to your monitor IP through it." So then, say WAN2 was the last WAN port to come up and the monitor addresses were set to the same IP address, would it then only route traffic through WAN2 ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 01 Dec 2008 10:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 2:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote: > Hi, > > Can somebody please explain to me exactly how this works. I am having an > argument with my superior. He is insistent on setting the monitor IP > addresses in my load balancer pool to the same IP address. In his mind it > makes sense, as that way it will pick up which line is the fastest to the > same point and route accordingly. Yeah, that won't work. > I read in the manuals that these IP addresses should be unique, and > therefore did as the manual said. What will happen if they are set to the > same address and why is that so ? You'll actually lose link failure detection. Whichever link came up last will set the route to your monitor IP through it. > Here is my thinking on how it works, please correct me where I am going > wrong. > > I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, > WAN4 & WAN5 simultaneously. Depending on which has the quickest response and > is not currently transmitting packets, it will utilise. Then why set the > unique IP addresses ? Usually the monitor IP is set to the next hop so you can detect link failure. Latency is not taken into account. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: [Pfsense Support] Monitor IP address
Great, thank you very much Bill. One point for clarification purposes... please define a flow ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 02 Dec 2008 12:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 3:09 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote: >> >> I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, >> WAN4 & WAN5 simultaneously. Depending on which has the quickest response and >> is not currently transmitting packets, it will utilise. > > What Bill said is correct. One additional comment, the above isn't > true. Your load balancing is round robin, all connections in a pool > are used equally. If the monitor IP for a specific gateway stops This is an important point to note. Monitoring is for the purposes of availability, not for latency detection. The WANs are load balanced from a connection perspective, not from a throughput or latency perspective. If you have a single flow eating up an entire connection, nothing will stop other flows from using that connection. The load balancing is on a flow by flow basis in a round robin fashion. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Errors with Squidguard using the Université Toulouse blacklist collection
I have pfSense 1.2.3 with squid/squidguard installed. When squidguard is configured to use the Université Toulouse blacklist collection I get the following errors. The following input errors were detected: (B1) BLACKLIST 'blk_blacklists_agressif' error: file '/var/db/squidGuard/blk_blacklists_agressif' not found (B1) BLACKLIST 'blk_blacklists_drugs' error: file '/var/db/squidGuard/blk_blacklists_drugs' not found (B1) BLACKLIST 'blk_blacklists_mail' error: file '/var/db/squidGuard/blk_blacklists_mail' not found (B1) BLACKLIST 'blk_blacklists_porn' error: file '/var/db/squidGuard/blk_blacklists_porn' not found (B1) BLACKLIST 'blk_blacklists_publicite' error: file '/var/db/squidGuard/blk_blacklists_publicite' not found (B1) BLACKLIST 'blk_blacklists_redirector' error: file '/var/db/squidGuard/blk_blacklists_redirector' not found (B1) BLACKLIST 'blk_blacklists_violence' error: file '/var/db/squidGuard/blk_blacklists_violence' not found When configured to use Shalla’s Blacklists everything works correctly. I noticed that the Université Toulouse tar file contains links, where as the Shalla tar does not. The links look like they maybe to cover some name changes in some of the lists. Removig the offending lists from /usr/local/etc/squidGuard/blacklist.files takes care of the error until the lists are updated. Can anyone point me to the script that is generating the blacklists.file so that I can try and figure out what is going wrong. Thanks Mike - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Fwd: how to add vlan on pfsense FreeBSD 6.2-RELEASE-p11 i386
> Any update > > -- Forwarded message -- > From: joseph malai > Date: Wed, Jan 26, 2011 at 1:34 PM > Subject: Fwd: how to add vlan on pfsense FreeBSD 6.2-RELEASE-p11 i386 > To: support-h...@pfsense.com > > > > > -- Forwarded message -- > From: joseph malai > Date: Wed, Jan 26, 2011 at 10:31 AM > Subject: how to add vlan on pfsense FreeBSD 6.2-RELEASE-p11 i386 > To: support@pfsense.com > > > Hi > Thx for add on support team > kindly help on how to > 1.add vlan on pfsense(router 192.168.3.1) > 2.how say vlan2 to talk with vlan4 > attched network diagram for the same > > Joseph VLANs are initially setup from the console. So either from the physical console or an ssh connection select the "Assign Interfaces" option from the menu. The first question is to do VLANs or not. Additional VLANs can be added using the Web Interface by going to - Interfaces->assign->VLANs. Once configured VLANs are interfaces and can have rules configured just like any other interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Microsoft updates through pfSense
The proper way to handle that many clients is to run a WSUS update server (or its new replacement, System Center). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 7:52 PM, Shali K.R. wrote: > Dear db, > > i have tried this, but it showing a high bandwidth usage, is this a proper > way?? > > On Fri, Feb 18, 2011 at 9:14 AM, David Burgess wrote: > >> On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. >> wrote: >> > Dear all, >> > >> > I am having 500 windows client machines connected through pfSense and >> squid, >> > please suggest me a suitable method for handling updates. >> >> You'll find the appropriate info here: >> >> http://doc.pfsense.org/index.php/Squid_Package_Tuning >> >> db >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > > -- > Thanks & Regards > > Shali K R > Server Administrator > Vidya Academy of Science & Technology > Thrissur,Kerala. > Mob:9846303531 > > >
Re: [pfSense Support] Microsoft updates through pfSense
Ah, sorry. I don't have a great recommendation for you then. I've not used a WSUS server without a domain. You can tune squid to cache larger files, but I too am not extremely fond of Squid. I always have random issues with this and that running it (mainly custom web apps, java, etc). Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Thu, Feb 17, 2011 at 8:04 PM, Shali K.R. wrote: > Dear Mike McLaughlin, > > But WSUS requires a domain controller for the perfect functioning, i also > tried this without domain controller but its not working well > > > On Fri, Feb 18, 2011 at 9:25 AM, Mike McLaughlin wrote: > >> The proper way to handle that many clients is to run a WSUS update server >> (or its new replacement, System Center). >> >> Mike McLaughlin - System Administrator >> Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 >> Office 530-470-0104 - Cell 530-559-9606 >> >> >> >> On Thu, Feb 17, 2011 at 7:52 PM, Shali K.R. wrote: >> >>> Dear db, >>> >>> i have tried this, but it showing a high bandwidth usage, is this a >>> proper way?? >>> >>> On Fri, Feb 18, 2011 at 9:14 AM, David Burgess wrote: >>> >>>> On Thu, Feb 17, 2011 at 8:42 PM, Shali K.R. >>>> wrote: >>>> > Dear all, >>>> > >>>> > I am having 500 windows client machines connected through pfSense and >>>> squid, >>>> > please suggest me a suitable method for handling updates. >>>> >>>> You'll find the appropriate info here: >>>> >>>> http://doc.pfsense.org/index.php/Squid_Package_Tuning >>>> >>>> db >>>> >>>> - >>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>> For additional commands, e-mail: support-h...@pfsense.com >>>> >>>> Commercial support available - https://portal.pfsense.org >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards >>> >>> Shali K R >>> Server Administrator >>> Vidya Academy of Science & Technology >>> Thrissur,Kerala. >>> Mob:9846303531 >>> >>> >>> >> > > > -- > Thanks & Regards > > Shali K R > Server Administrator > Vidya Academy of Science & Technology > Thrissur,Kerala. > Mob:9846303531 > > >
Re: [pfSense Support] 2.0 admin interface slow? Not a big deal
Typically when I experience a slow web interface it is caused by DNS timeouts. Check your local settings and your pfSense box's DNS. Mike McLaughlin - System Administrator Clientworks, Inc - 721 Zion St, Nevada City, CA 95959 Office 530-470-0104 - Cell 530-559-9606 On Tue, Feb 22, 2011 at 12:47 PM, Eric Inazaki wrote: > Currently I have a small 1.2.3 setup going and I just started fooling > with 2.0 (B5). I noticed the admin interface, both web and console, > seem slow. In the case of the web admin, when I go from the main page > to, for instance, the rules page, there's quite a long pause. In the > console, if a console message is displayed (a notice that someone just > logged onto the web admin, for instance) and I hit return to bring up > the main menu again there's a lag before the menu comes up. Maybe not > an overall slowness but more of a lag or hesitancy. > > Odder still is that the 1.2.3 machine (the faster one) is an old P4 > or some such machine w/ 2x3c905 NICs (don't remember how much ram, but > it's not much, <1GB). The 2.0B5 machine is a dual opteron @2GHz, 2GB > ram, 2xGbE + 1x100Mb NICs (all on-board). Both are running LiveCD (amd64 > in the case of 2.0B5) and config.xml is on a usb stick. > > Any idea what could cause the speed discrepancy? Could it be a usb2 vs. > usb1 thing? Not a big deal, just curious. > > TIA, > eric > > -- > ___ > Eric Inazaki || > Washington University in Saint Louis || 314.935.6248 voice > Physics Department, Campus Box 1105|| 314.935.4083 fax > One Brookings Drive|| e...@physics.wustl.edu email > Saint Louis, MO 63130 || > --- > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
I'm very happily using OpenVPN with Viscosity and TunnelBlick (clients) on many Mac 10.5-10.7 machines. I'm currently using 1.2.3 at the perimeter and a 2.0 box to manage my certs (which I hope to roll over to the perimeter box once we upgrade for the sake of being able to download the pre-loaded installers in 2.0). The only issues I've hit at all are related to the crappy Samba implementation in 10.6 and below. The test 10.7 machines are a dream. The users love how transparent and easy the VPN is. Mike McLaughlin On Mon, Apr 11, 2011 at 8:19 AM, Paul Mather wrote: > I believe my previous message on this topic ( > http://www.mail-archive.com/support@pfsense.com/msg21912.html) may have > been a victim of tl;dr. So, in hope of better success, I will restate my > problem in a more positive light: > > Has anyone managed to get IPsec for mobile clients working with pfSense 2.0 > and Mac OS X 10.6? If so, which client are you using on the Mac OS X side? > Is anything special needed on the pfSense side? > > I have tried both the built-in Cisco IPSec client and also IPSecuritas on > Mac OS X, with mixed results. Usually the IPsec VPN will only work via > NAT-T. For the non-NAT-T case, the VPN doesn't appear to be able to route > traffic, and just keeps accumulating SAD entries and losing SPD entries on > the pfSense side. > > I haven't tried L2TP---can anyone report success using the built-in L2TP > client in Mac OS X 10.5 onwards? > > (I have tried updating my pfSense installation via the 2.0 nightly builds, > but to no avail. It still doesn't work.) > > Any help is gratefully appreciated. > > Cheers, > > Paul. > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense Support] Carp failover time
I think we're discussing timeouts related to OSI levels 2 or 3. A physical disconnect is of course immediate, but i think other factors should be considered, like watchdog style errors, ping timeouts, and transport layer failures. I hope we can document points of failure and expected delays for each. best, mike-- On Sat, 02 Jul 2011 17:36:39 +0200, Peter van der Leek wrote: What is the average time for the carp failover to kick in... i.e. how much time does it take for the "backup" to become "master" and start serving requests and vice versa? Is the timing parameter configurable? I have both the WAN and LAN gw as carp ip. I as a human have never been faster then the failover, meaning that I immediately refreshed the CARP status screen after pulling a cable and that it was already showing master. It is at least within a second. Kind regards, Peter van der Leek - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Mike Nichols My Own SOHO m...@myownsoho.net http://myownsoho.com 212 202-2194 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org