RE: [pfSense Support] Basics of connecting 2 or more WAN ports
Hi Gary, Firstly thanks for the prompt response ! I have finally found some documentation, I will go about that shortly. I think one of my problems is DNS and handling those requests. Please confirm how I go about setting up static routes to the DNS servers belonging to a particular WAN connection. Lastly what is the difference between setting up firewall rules under the LAN tab vs the WAN tab ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 18 Feb 2008 05:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] Basics of connecting 2 or more WAN ports Mike, Item 1 is a FAQ. The answer is that pfSense only supports PPPoE on the primary WAN interface. All other OPT interfaces treated as WANs must use a device in front of them to negotiate the PPPoE connection and provide a static IP address. Load balancing is configured in the Load Balancing dialog inside the pfSense webGUI. Consult the pfSense documentation on setting up outbound load balancing. A common mistake people make when configuring outbound load balancing is that they neglect to set up static routes to the DNS servers belonging to a particular WAN connection. -Gary Mike Lever wrote: > > Hi, > > > > I have been searching high and low but I cannot seem to find anywhere > a manual or instructions on how to setup multiple WAN ports only, no > DMZ, SMTP , HTTPS etc separation. All I want to do is correctly > balance my 5 DSL lines using PFsense 1.2RC4 > > > > My questions are as follows: > > > >1. How can I setup multiple PPPoe sessions ? I can see the one WAN > port where it allows me to but on the option cards all I can > select is static and DHCP. If I use DHCP how do I set the > firewall to allow an internal IP address access to the router ? >2. How does the firewall work ? Where do I set load balancing rules > ? on the LAN / on each WAN port or both ? >3. What else do I need to set ? >4. how would I set DNS if I have a separate DHCP server ? > > > > I understand these may be basic questions but seem to be pulling my > hair out over this combination that works very intermittently. > > > > Any feedback would gladly be appreciated ! > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > http://www.velocityfilms.com > > > > > > *CONFIDENTIALITY CAUTION*: If you have received this communication in > error, please note that it is intended for the addressee only, is > privileged and confidential and dissemination or copying prohibited. > Please notify us immediately by e-mail and return the original > message. Thank you. > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Setting gateways ?
Thanks, I have used those documents, only problem is that gateway issue. I cant seem to separate is and seem to be getting the gateway from one of my other interface cards. What can I check to ensure it has its own gateway ? I have set it up in interface setup as that way but when I view the interface status is shows the shared one. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: 26 Feb 2008 11:00 PM To: support@pfsense.com Subject: Re: [pfSense Support] Setting gateways ? > In a nutshell I have 3 DSL lines ( currently 1 x PPPoe, 1 static and 1 DHCP) > > What, in your opinion is the best setup ? (I can make all of the above > static ) > > How do I go about setting up the gateways so I achieve load balancing but > that traffic goes through the relevant gateway and not shared ? The multi-WAN document should cover what you're looking for: http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing Do note that in 1.2, only one interface can connect via PPPoE; if you have a choice, it would definitely simplify your setup to make them all static, or at least DHCP. If you want specific clients to go through specific circuits, that's a slightly different setup; you'll want to use source-based routing (search wiki/mailing list for documentation). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load kernel error
While trying to upgrade to 1.2 using the webgui update I received an error during the next bootup Loading /boot/defaults/loader.conf Unable to load a kernel ! - Cant load 'kernel' It freezes there.. I've tried to reinstall from scratch, the setup runs fine but freezes at the same point in bootup. What did I do wrong and what can I do to correct it ? using the Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load kernel error
Hi Gary, Thanks for that info. I am using a standard installation not an embedded device (I think, I'm working off a standard desktop, HDD, no CF) I also tried a fresh re-install and it installs fine, then boots up. I noticed the problem. The platform is CDROM and obviously disk usage is at 100%. So it appears to be working off the CD and not the HDD During installation, how do I set it to format the HDD and install on the hard drive ? I have watched the installation and it is all automated and doesn't allow me to set the target installation. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: 28 Feb 2008 07:55 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load kernel error Can I assume that this is an embedded device you're trying to upgrade? If so, this is a reported issue and has been discussed several times on this mailing list. Use the shell upgrade method provided or re-flash your CF card. Mike Lever wrote: > While trying to upgrade to 1.2 using the webgui update I received an error > during the next bootup > > Loading /boot/defaults/loader.conf > Unable to load a kernel ! > - > Cant load 'kernel' > > It freezes there.. I've tried to reinstall from scratch, the setup runs fine > but freezes at the same point in bootup. > > What did I do wrong and what can I do to correct it ? using the > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCPDISCOVER
Looking at my system log I see repeated messages dhclient[12649]: DHCPDISCOVER on rl0 to 255.255.255.255 port 67 interval 13 Now rl0 is statically configured and should be needing any form of DHCP, where is this coming from ? and how do I stop it ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing further info
Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesnt seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing further info
Thanks Sean for the clarification. One point of clarification.. can you please define exactly what a 'state' is ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 <mailto:[EMAIL PROTECTED]> <http://www.velocityfilms.com> http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. _ From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 04 Mar 2008 07:44 PM To: support@pfsense.com Subject: RE: [pfSense Support] Load Balancing further info load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Tue, 4 Mar 2008 16:50:26 +0200 > Subject: [pfSense Support] Load Balancing further info > > Hi, > > Excuse my ignorance on this one. > > I am having a debate with my boss. > > Please explain to me the basics of load balancing ? > > IP address x is accessing www.cnn.com > > It arrives at the load balancer which at that point in time pings a > pre-determined gateway / IP address. Based on that speed, it will then > submit the request over that line and wait for the transmission ? > > How does it actually decide which WAN port to send the packet ? is it > constantly pinging on all WAN ports ? > > How is a typical webpage broken down into packets ? i.e. how many packets > are there in a typical page ? > > Again apologies for the simple ness...just want to get my head around the > load balancing / round robin concept. > > Lastly, looking at usage on the interfaces. My WAN port is showing quite a > bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as > close to the manual as possible but it doesn't seem to be load balancing > correctly. > > > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ Helping your favorite cause is as easy as instant messaging. You IM, we give. Learn more. <http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join>
RE: [pfSense Support] Load Balancing further info
<>
[pfSense Support] Fatal trap 12 during installation
Hi, While trying to install Pfsense on a box I come across the following error: Fatal Trap 12: page fault while in kernel mode Fault virtual address = 0x10 Fault code = supervisor read, page not present Instruction pointer = 0x28:0xc0745010 Stack pointer = 0x28:0xc0c208f8 Frame pointer = 0x28:0xc0c208f8 Code segment= base 0x0, limit 0xf, type 0x1b = DPL0, pres1, def32 1, gran 1 Processor eflags= interrupt enabled, resume, IOPL = 0 Current process = 0 (swapper) Trap number = 12 Panic: page fault Uptime: 1s My hardware setup is as follows: 2 x D-Link DFE-580TX 4-Port 10/100 Mbps Ethernet Server PCI Adapter 1 x Intel Core 2 Duo E4500 2.2GHz 2MB 800Mhz FSB LGA775 Processor 1 x Intel Plum Creek D945GCPE Motherboard w/A8 + G + L + SATA2 1 x Seagate 80GB Barracuda SATA300 8MB 7200RPM Hard Drive w/NCQ 2 x Sony 52x CD-ROM Drive - OEM - Black 1 x Kingston DDR2-1066 1GB HyperX Memory Module What can I check / do ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
The last line before the error is: ste0: http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 07:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation What part of the install does this happen? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
Done ! removed them and it works fine. I put the 2 x Dlinks into an old P4 its boots up fine ! So then the problem is the board ? processor ? Can you suggest a board that you know for certain works with either the dlinks or Intel 4 port cards ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 07:55 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation On 3/19/08, Mike Lever <[EMAIL PROTECTED]> wrote: > The last line before the error is: > > ste0: pci3 Try removing one of the dlink 4 port cards. I get similar panics when trying to use 2 PCI-E 4-port intel gigabit cards as well. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Fatal trap 12 during installation
No such luck with these cards in that board, tried RC2, 3 & 4 to no avail Working fine off a P4 box as a temporary measure. I will be getting 1 x Intel quad card and 1 x dual card and hopefully that will do the trick. Will keep you posted Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 19 Mar 2008 08:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Fatal trap 12 during installation On 3/19/08, Mike Lever <[EMAIL PROTECTED]> wrote: > Done ! removed them and it works fine. I put the 2 x Dlinks into an old P4 > its boots up fine ! > > So then the problem is the board ? processor ? > > Can you suggest a board that you know for certain works with either the > dlinks or Intel 4 port cards ? My very uneducated guess about this would be there is something strange in the interrupt routing or APIC code. Make sure your bios is on the latest and greatest version. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Schedule firewall - Creative solution required
Hi, Wandering if anybody has an idea for me with my dillema... I have 5 WAN ports, 4 of them I get charged per Gb while the 5th is uncapped.. On my previous load balancer I was able to create a ''call schedule'' whereby the 4 'capped' WAN ports would be deactivated at night and then reactivate in the morning. Thereby only allowing traffic throught the 5th wan port which is uncapped. I see pfsense doesn't support such a function (yet). The one option is to set each of those 4 routers individually to disconnect their own WAN sessions but then can I safely rely on the load balancer to take those off the RRD ? Additionally when I reach my cap and get throttled down to a snails pace, I would like the load balancer to take that WAN port out of the RRD. Is it possible to configure the ICMP setting whereby if a ping is taking too long then it disables the interface ? Or maybe to monitor total amount of Gb's uploaded and downloaded and then disconnect once reached the limit ? Any help or ideas would greatly be appreciated ! Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Routing MSN
Hi, Been having problems the last few days with users on my LAN not being able to login to MSN messenger. I have been fiddling around on my firewall but unsure what I affected to make this change. How can I route all mu MSN traffic through a specific wan port ? I have 5 various types and would like to direct it through one of them. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Routing MSN
Hi Chris, When I set my firewall as you said below it still wouldn't allow me to log on to MSN. The only way I get it to work is by setting the any rule on all the criteria: Proto Source PortDestination PortGateway ScheduleDescription * * * * * * Only problem with this is then I lose out on my load balancing rule. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: 07 Apr 2008 01:56 AM To: support@pfsense.com Subject: Re: [pfSense Support] Routing MSN Mike Lever wrote: > Hi, > > Been having problems the last few days with users on my LAN not being able > to login to MSN messenger. I have been fiddling around on my firewall but > unsure what I affected to make this change. > > How can I route all mu MSN traffic through a specific wan port ? I have 5 > various types and would like to direct it through one of them. > It appears to use TCP port 1863. http://en.wikipedia.org/wiki/MSN_Messenger#Protocol You just need to setup a rule on your LAN interface allowing TCP 1863 specifying the gateway of the WAN you wish to use for it. Make sure you put that rule above any other rules that would match that traffic or the rule won't work (first match wins). Advanced Outbound NAT is not required and should not be used unless you have another reason for using it. Outbound NAT rules are automatically generated for all WANs (unless you use AON), and only firewall rules can direct traffic out a specific WAN. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Routing MSN
Hi Curtis, Thanks for the advise, I will give wireshark a bash, just not sue how to find where things are going wrong with MSN ? I dont see any errors in the log either I just see sessions going through their normal process. I seemed to make some changes today and it works. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: 07 Apr 2008 04:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Routing MSN I've never actually herd of having to open any ports for MSN to function properly. Now, I only use the messenger portion of this so I may not have ever had the need. Without adding any special rules to the firewall or changing the outbound NAT, do you get any error messages in the log? Have you used Wireshark or done any packet inspection on the PC or firewall? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Where do I put squid ?
Ive got Pfsense running on one box going out to 5 DSL WAN Ports. I have now setup a squid box running separately. I would like to run it as a transparent proxy on my network. How do you suggest I set it up ? Do I put another NIC in the squid box, then setup a firewall rule to route all http traffic to the squid box / gateway and then load balance the squid boxs traffic out ? The Pfsense box IP = 10.0.0.3 Squid IP = 10.0.0.197 Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Hi Dean , Thanks for the feedback, so are you suggesting I only use 1 NIC for the squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network and 1 going BACK to the Pfsense. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Dean Larson [mailto:[EMAIL PROTECTED] Sent: 11 May 2008 01:28 PM To: support@pfsense.com Subject: RE: [pfSense Support] Where do I put squid ? i think it would be cool to route http traffic to the squid box, but put a rule just infront of it to allow your squid box to go out the firewall. for security i would not allow a second nic to go out the squid box onto the internet. i myself set up the browsers manually for the squid box. at another gig i had, we put a file on a server that gave the browser setting: included proxy settings as well as browser bypass for local browsing. it's been a while, so i'd have to do some digging through my old files. : i'm a bit brain dead today > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: Sun, 11 May 2008 10:25:14 +0200 > Subject: [pfSense Support] Where do I put squid ? > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have now > setup a squid box running separately. I would like to run it as a > transparent proxy on my network. How do you suggest I set it up ? > > Do I put another NIC in the squid box, then setup a firewall rule to route > all http traffic to the squid box / gateway and then load balance the squid > box's traffic out ? > > The Pfsense box IP = 10.0.0.3 > Squid IP = 10.0.0.197 > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > _ With Windows Live for mobile, your contacts travel with you. http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo bile_052008 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Done that, but where I was battling was setting IP addresses on the pfsense interface (the squid is static) what do I set as the ip address and gateway ? Also how do I configure the firewall rules ? Any ideas there ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 20:18 Subject: RE: [pfSense Support] Where do I put squid ? Just setup the pfSense DHCP Server to use the squid box as gateway address. Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > Hi Dean , > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > and 1 going BACK to the Pfsense. > > Regards, > > > Mike Lever > > Tenacity Films (Pty) Ltd t/a > Velocity Films > > (T) +2711-807-0100 > (F) 086-681-7518 > > http://www.velocityfilms.com > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > please note that it is intended for the addressee only, is privileged and > confidential and dissemination or copying prohibited. Please notify us > immediately by e-mail and return the original message. Thank you. > > > -Original Message- > From: Dean Larson [mailto:[EMAIL PROTECTED] > Sent: 11 May 2008 01:28 PM > To: support@pfsense.com > Subject: RE: [pfSense Support] Where do I put squid ? > > > i think it would be cool to route http traffic to the squid box, but put a > rule just infront of it to allow your squid box to go out the firewall. for > security i would not allow a second nic to go out the squid box onto the > internet. > > i myself set up the browsers manually for the squid box. at another gig i > had, we put a file on a server that gave the browser setting: included proxy > settings as well as browser bypass for local browsing. it's been a while, > so i'd have to do some digging through my old files. : i'm a bit brain dead > today > > > > > From: [EMAIL PROTECTED] > > To: support@pfsense.com > > Date: Sun, 11 May 2008 10:25:14 +0200 > > Subject: [pfSense Support] Where do I put squid ? > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > now > > setup a squid box running separately. I would like to run it as a > > transparent proxy on my network. How do you suggest I set it up ? > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > all http traffic to the squid box / gateway and then load balance the > squid > > box's traffic out ? > > > > The Pfsense box IP = 10.0.0.3 > > Squid IP = 10.0.0.197 > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > _ > With Windows Live for mobile, your contacts travel with you. > http://www.windowslive.com/mobile/overview.html?ocid=TXT_TAGLM_WL_Refresh_mo > bile_052008 > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Where do I put squid ?
Thaks David ! Bear in mind that I am using it as a transparent proxy. Surely I must set some rules on the firewall to route all http traffic to the squid box and back to the pfsense box ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "David Meireles" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-05-11 21:27 Subject: RE: [pfSense Support] Where do I put squid ? Ok, on the DHCP Server you have as gateway the squid server, and the squid server will have as gateway the pfsense IP (that way you won't need to have 2 interfaces on the squid server, since it's all in the same subnet). About the rules, use only the squid server to apply the squid rules, and the rest, leave it on the pfsense (port blocking and stuff). Dom, 2008-05-11 s 21:19 +0200, Mike Lever escreveu: > Done that, but where I was battling was setting IP addresses on the pfsense > interface (the squid is static) what do I set as the ip address and gateway ? > Also how do I configure the firewall rules ? > > Any ideas there ? > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > -Original Message- > From: "David Meireles" <[EMAIL PROTECTED]> > To: support@pfsense.com > Sent: 08-05-11 20:18 > Subject: RE: [pfSense Support] Where do I put squid ? > > Just setup the pfSense DHCP Server to use the squid box as gateway > address. > > Dom, 2008-05-11 s 15:23 +0200, Mike Lever escreveu: > > > Hi Dean , > > > > Thanks for the feedback, so are you suggesting I only use 1 NIC for the > > squid box ? as opposed to 2, 1 coming IN from the Pfsense / internal network > > and 1 going BACK to the Pfsense. > > > > Regards, > > > > > > Mike Lever > > > > Tenacity Films (Pty) Ltd t/a > > Velocity Films > > > > (T) +2711-807-0100 > > (F) 086-681-7518 > > > > http://www.velocityfilms.com > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > please note that it is intended for the addressee only, is privileged and > > confidential and dissemination or copying prohibited. Please notify us > > immediately by e-mail and return the original message. Thank you. > > > > > > -Original Message- > > From: Dean Larson [mailto:[EMAIL PROTECTED] > > Sent: 11 May 2008 01:28 PM > > To: support@pfsense.com > > Subject: RE: [pfSense Support] Where do I put squid ? > > > > > > i think it would be cool to route http traffic to the squid box, but put a > > rule just infront of it to allow your squid box to go out the firewall. for > > security i would not allow a second nic to go out the squid box onto the > > internet. > > > > i myself set up the browsers manually for the squid box. at another gig i > > had, we put a file on a server that gave the browser setting: included proxy > > settings as well as browser bypass for local browsing. it's been a while, > > so i'd have to do some digging through my old files. : i'm a bit brain dead > > today > > > > > > > > > From: [EMAIL PROTECTED] > > > To: support@pfsense.com > > > Date: Sun, 11 May 2008 10:25:14 +0200 > > > Subject: [pfSense Support] Where do I put squid ? > > > > > > I've got Pfsense running on one box going out to 5 DSL WAN Ports. I have > > now > > > setup a squid box running separately. I would like to run it as a > > > transparent proxy on my network. How do you suggest I set it up ? > > > > > > Do I put another NIC in the squid box, then setup a firewall rule to route > > > all http traffic to the squid box / gateway and then load balance the > > squid > > > box's traffic out ? > > > > > > The Pfsense box IP = 10.0.0.3 > > > Squid IP = 10.0.0.197 > > > > > > Regards, > > > > > > > > > Mike Lever > > > > > > Tenacity Films (Pty) Ltd t/a > > > Velocity Films > > > > > > (T) +2711-807-0100 > > > (F) 086-681-7518 > > > > > > http://www.velocityfilms.com > > > > > > > > > CONFIDENTIALITY CAUTION: If you have received this communication in error, > > > please note that it is intended for the addressee only, is privileged and > > > confidential and dissemination or copying p
[pfSense Support] USB to Ethernet
In south Africa we have had the emergence of a second network operator and a converged voice and data offering. Their only initial offering is an all-in-one device http://www.neotel.co.za/neotel/view/neotel/en/page789 The only way to access data using this device is via a mini-usb at the back. Can anybody suggest the best way to incorporate this as a WAN port in Pfsense ? I currently have it running through an old laptop using XP ICS ( Internet Connection sharing), seems to be doing an okay job but wandering if there are any better alternatives out there ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Setting failover parameters
Firstly, on what basis does failover work ? when is it activated ? Is it possible to set the conditions on which it switch over ? I would like to set it that should throughput drop below a certain speed for x seconds it will failover. Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 -Original Message- From: "Chris Buechler" <[EMAIL PROTECTED]> To: support@pfsense.com Sent: 08-06-25 07:19 Subject: Re: [pfSense Support] error in firewall rules with FTP helper on embedded On Tue, Jun 24, 2008 at 9:36 AM, Vivek Khera <[EMAIL PROTECTED]> wrote: > > I've had passwd file corruption before a couple of times during power > failures, etc. > Hah Of course *you* have, Vivek. ;) If only any of the developers could replicate embedded problems like it seems only you can :) 1.3 embedded will (hopefully) be based on NanoBSD and support multiple firmware installs (primary/backup or what have you), and upgrades will be essentially the same as m0n0wall's - i.e. bulletproof. I say hopefully because it's still a work in progress, but there is a working proof of concept and it appears that's the way things will end up. It's not pfSense code related, or it'd be happening on full installs as well, and we'd be hearing about it a lot more. Looking at just one mirror out of 11 (NYI), the 1.2 release iso has been downloaded 228,094 times, 1.2 embedded 30,723 times. We haven't heard of this ever happening on a full install, and we definitely would have by now if it were happening with more than 7 times as many downloads. So it's something to do with how we're doing embedded, and going the NanoBSD route eliminates this and takes us back to being more m0n0wall-like on embedded. pfSense 1.3 should offer an excellent embedded if this all shapes up as planned. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Easy way to change ISP info
In our country at the moment we are experiencing connectivity problems. When this occurs I then have to connect to each of my 7 WAN/DSL routers, change login info to an alternate ISP's, then reset the load balancer pool to another pool. Will there be a feature in 1.3 wherby you can select PPPoE dialup in pfsense for every WAN/OPT card as opposed to only the primary WAN ? Does anybody else have a simila situation ? Any ideas / suggestions how I can streamline this process ? Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Incorporating squid
Hi all, I have just had a squid box configured and am about to implement it on on my network. I would like to ask you how you suggest I place it and route traffic accordingly. Is anybody currently using squid boxes with pfsense. I can't use the onboard package as I have multiple WAN ports. Any help would greatly be appreciated ! Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (t) +2711-807-0100 (f) +2711-807-1208 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Incorporating squid
Hi Tim, Thank you very much for that feedback. One question. Once I have setup things as you suggested below, will requests from the squid box out to the internet cloud be load balanced ? I.e.: How do I ensure that the outgoing traffic that is not on the proxy server is load balanced ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. -Original Message- From: Tim Nelson [mailto:[EMAIL PROTECTED] Sent: 20 Aug 2008 11:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Incorporating squid I recently implemented a pfSense + Squid setup for a school. You'll need to make sure that the box you're running squid on is on a different interface than the subnet(s) you want filtered. The rules that redirect traffic destined on port 80 apply globally to an interface so if your squid box lies on that same interface, it will not be able to 'get out' either. Go into NAT, then add a new 'Port Forward'. Use these values: Interface: the interface traffic will be coming in. If you want to filter your LAN clients, select LAN here External Address: any Protocol: TCP External Port Range: 80 (HTTP should be in the drop down box) NAT IP: The IP of your squid box Local Port: The port you have squid running on Save your entries and then apply the changes. Any existing states will not be affected (I don't *think*) so you may have to clear your state tables before this becomes effective for all clients. Tim Nelson Systems/Network Engineer Rockbochs Inc. (218)727-4332 x105 - "Mike Lever" <[EMAIL PROTECTED]> wrote: > Hi all, > > I have just had a squid box configured and am about to implement it on > on my network. > > I would like to ask you how you suggest I place it and route traffic > accordingly. Is anybody currently using squid boxes with pfsense. I > can't use the onboard package as I have multiple WAN ports. > > Any help would greatly be appreciated ! > > Mike Lever > > Tenacity Films (Pty) Ltd > t/a Velocity Films > (t) +2711-807-0100 > (f) +2711-807-1208 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Monitoring throughput
Hi, I have just received a bill from my ISP for usage of 270Gb for one month traffic. I would like to verify this from my side. Can anybody please suggest a package or solution to use together with Pfsense ? Best regards, Mike Mike Lever +27 82 903 8613 Mobile +27 11 807 0100 Telephone +27 11 807 1208 Fax http://www.velocityfilms.com Cannes Silver Lion 08 | Allan Gray "Beautiful" Cannes Bronze Lion 08 | MTN "Clap D&AD Annual 08 | MTN Clap Clios 08 | Cinematography & Direction | MTN Clap Clios TV Hall of Fame | Keith Rose AdReview Director of the Year 08 | Greg Gray Loeries Grand Prix 08 | Allan Gray Beautiful Please do not print this mail unless necessary. Save paper This email is subject to Velocity's legal notice: http://velocityfilms.com/_emaildisclaimer - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] Monitor IP address
Hi, Can somebody please explain to me exactly how this works. I am having an argument with my superior. He is insistent on setting the monitor IP addresses in my load balancer pool to the same IP address. In his mind it makes sense, as that way it will pick up which line is the fastest to the same point and route accordingly. I read in the manuals that these IP addresses should be unique, and therefore did as the manual said. What will happen if they are set to the same address and why is that so ? Here is my thinking on how it works, please correct me where I am going wrong. I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, WAN4 & WAN5 simultaneously. Depending on which has the quickest response and is not currently transmitting packets, it will utilise. Then why set the unique IP addresses ? Best regards, Mike Mike Lever +27 82 903 8613 Mobile +27 11 807 0100 Telephone +27 11 807 1208 Fax http://www.velocityfilms.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Monitor IP address
Thanks for the explanation Bill. Can you please elaborate where you mention: "You'll actually lose link failure detection" What exactly is link failure detection ? I understand the meaning of the words in isolation but can you elaborate in the load balancing / Pfsense context ? "Whichever link came up last will set the route to your monitor IP through it." So then, say WAN2 was the last WAN port to come up and the monitor addresses were set to the same IP address, would it then only route traffic through WAN2 ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 01 Dec 2008 10:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 2:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote: > Hi, > > Can somebody please explain to me exactly how this works. I am having an > argument with my superior. He is insistent on setting the monitor IP > addresses in my load balancer pool to the same IP address. In his mind it > makes sense, as that way it will pick up which line is the fastest to the > same point and route accordingly. Yeah, that won't work. > I read in the manuals that these IP addresses should be unique, and > therefore did as the manual said. What will happen if they are set to the > same address and why is that so ? You'll actually lose link failure detection. Whichever link came up last will set the route to your monitor IP through it. > Here is my thinking on how it works, please correct me where I am going > wrong. > > I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, > WAN4 & WAN5 simultaneously. Depending on which has the quickest response and > is not currently transmitting packets, it will utilise. Then why set the > unique IP addresses ? Usually the monitor IP is set to the next hop so you can detect link failure. Latency is not taken into account. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: [Pfsense Support] Monitor IP address
Great, thank you very much Bill. One point for clarification purposes... please define a flow ? Best regards, Mike Mike Lever +27 82 903 8613 - Mobile +27 11 807 0100 - Telephone +27 11 807 1208 - Fax http://www.velocityfilms.com -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 02 Dec 2008 12:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] Monitor IP address On Mon, Dec 1, 2008 at 3:09 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote: >> >> I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3, >> WAN4 & WAN5 simultaneously. Depending on which has the quickest response and >> is not currently transmitting packets, it will utilise. > > What Bill said is correct. One additional comment, the above isn't > true. Your load balancing is round robin, all connections in a pool > are used equally. If the monitor IP for a specific gateway stops This is an important point to note. Monitoring is for the purposes of availability, not for latency detection. The WANs are load balanced from a connection perspective, not from a throughput or latency perspective. If you have a single flow eating up an entire connection, nothing will stop other flows from using that connection. The load balancing is on a flow by flow basis in a round robin fashion. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
