[pfSense Support] ftp troubleshooting instructions help
I would like some clarifications on the FTP troubleshooting page. It states: 2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing. What does this mean exactly? Make a rule, select LAN Subnet as the source to destination 127.0.0.1 for ports 8000-8030? Would this be created under the LAN tab? What if my client also used ports 7950-8079 as well? Would i edit the rule to allow all the ports instead? do i need to make rules from the lan subnet for each IP address i need to ftp to? Also, do i need to do port forwarding for those ports as well? We dont run an FTP server, we just need to FTP out. thanks for the clarification - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] help with port forwarding
Hello list, I seem to be having some problems with opening ports the correct way on my pfsense firewall. I have a client that is behind a pfsense firewall that needs to use ftp to download from from a provider (insurance company) Their tech docs tell me to open ports 20,21,80,443,7950-8079 for all of their ip addresses for the communication to work properly, They gave me a list of ip addresses, and i have created rules for each ip address to port forward the ports to the machine doing the downloading. let me take a step back. the default configuration for pfsense is to let all lan traffic pass to the WAN unrestricted. any computer on the lan can access any computer on the internet on any port, correct? There is a rule under the LAN that has that in it at least. Which is why its confusing me why this client cant use the download client for the provider, and all it does is open an FTP connection and download new policies to their system. they sent me a list of ip addresses of their servers, telling me that those the machine downloading the polcies needs to be able to connect on the ports above to their servers. and if the lan going out is unrestricted, then i dont understand why it isnt working. first i made rules stating that their ip address - on the ports specified - goes to the ip address of the local machine doing the download. that didnt work. So then i changed the rules to allow their ip address to ANY port on the local ip address doing the downloading and that didnt work either. i also added LAN rules to allow the local machine to connect to their ip address on the specified ports. didnt work either. the pfsense firewall replaced their SBS2003 machine as the firewall and it was working with that, there were no ports open on the SBS server to allow the access (which tells me how bad the SBS firewall actually was) but its creating a big problem for my client not being able to download new policies into their system. Is there something special im suppose to be doing to open ports for this kind of communication? it shouldnt be this complicated, all i need to do is make sure one machine on their local network can ftp into their machines using passive ftp to download information. what am i doing wrong? Also, does pfsense do ALG? I have another client that is doing Voip and is getting one way audio, which from what other people have told me and ive read on the internet is a firewall issue. Its like an issue of the pbx making a call, going out on one port and when it gets the packets back on another port it messes with the header of the packet and it doesnt know how to get back to the originating machine. i have all the nessesary ports for sip and voip open pointing to the pbx on the network. it all seems complicated and im having a heck of a time with getting pfsense to do the job i need done. ive read other post of people having problems with FTP an pfsense, but never found a real solution for the problem. any help on this subject would be greatly appreciated. Thanks for any and all help. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] connecting netgear fvs124g to openvpn for site to site vpn
On Tue, Jan 27, 2009 at 1:39 PM, Chris Buechler c...@pfsense.org wrote: On Mon, Jan 26, 2009 at 10:37 AM, Nick Smith nick.smit...@gmail.com wrote: I have one site with a Netgear FVS124G firewall that the documentation mentions it has PKI support. PKI isn't the same as OpenVPN, I'm sure the Netgear doesn't support OpenVPN. It should be possible to connect it using IPsec. From what ive read, openvpn is alot better than ipsec, but i could have it wrong. I guess ill have to look into redoing my vpn setup and use ipsec instead of openvpn. thanks for the advice. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] connecting netgear fvs124g to openvpn for site to site vpn
On Tue, Jan 27, 2009 at 2:45 PM, Chris Buechler c...@pfsense.org wrote: On Tue, Jan 27, 2009 at 2:41 PM, Nick Smith nick.smit...@gmail.com wrote: On Tue, Jan 27, 2009 at 1:39 PM, Chris Buechler c...@pfsense.org wrote: On Mon, Jan 26, 2009 at 10:37 AM, Nick Smith nick.smit...@gmail.com wrote: I have one site with a Netgear FVS124G firewall that the documentation mentions it has PKI support. PKI isn't the same as OpenVPN, I'm sure the Netgear doesn't support OpenVPN. It should be possible to connect it using IPsec. From what ive read, openvpn is alot better than ipsec, but i could have it wrong. Depends on the needs of your environment. For interoperability with other firewalls, IPsec is the best because it's going to be the only thing that will work. I guess ill have to look into redoing my vpn setup and use ipsec instead of openvpn. You can use OpenVPN for your remote access users and IPsec for site to site. it took me a while to get it going, but it does work well now that its going. I am using it in conjunction with backuppc to backup remote servers over the internet, gives me access to the entire lan and i dont have to hassle with installing remote client software on the individual servers, just connect the 2 firewalls for site to site and your good to go. openvpn does have a client install, i guess in a worst case senerio i would just end up installing that on the servers to connect to the vpn. do they both have the same bandwidth throughput? that would probably be the only reason i would look at switching is if ipsec transferred faster than openvpn. these are embedded pfsense installs, so im also looking at the least overhead possible. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] connecting netgear fvs124g to openvpn for site to site vpn
Well the good news is, that the hard part is over and its already setup. The nightmare is trying to make it work with anything else but pfsense. And yes, it has been rock solid thus far. On Tue, Jan 27, 2009 at 2:43 PM, Glenn Kelley gl...@typo3usa.com wrote: OpenVPN can be a nightmare for setup. Take an advil and then go to work. Good news - once its setup its rock solid ! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] connecting netgear fvs124g to openvpn for site to site vpn
I have one site with a Netgear FVS124G firewall that the documentation mentions it has PKI support. Our office is running pfsense openvpn with PKI and BF-CBC. Ive tried googling how to get the netgear to connect to the pfsense firewall for site to site connectivity, but i havnt come up with anything. Does anyone know if its possible to do so, and if it is, how to do it? Ive emailed netgear support, but have yet to hear back from them. Our pfsense openvpn is already setup and we have other firewalls connecting to it via PKI and it is working great for site to site. I would like to get the netgear they already have connected to it as well if at all possible. thanks for any input. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] clamav RC2
I have a fresh install of RC2 on a new firewall and when i try to install clamav it instantly says installation complete without downloading anything and i cant start or run the clamav service or freshclam via the web interface. Is there a problem with the clamav package or is it a problem on my end? TIA Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] clamav RC2
Holger Bauer wrote: There are only a few packages working atm. I think ClamAV is not finished yet. We'll have to review packages before pfSense 1.0 is released and divide them in known working packages and alpha/beta packages. Holger Is there a list of the few that are working? Were they working with RC1? Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Bridged Multi-Wan Load Balancing Failover
Gary Buckmaster wrote: Scott Ullrich wrote: On 8/3/06, Gary Buckmaster [EMAIL PROTECTED] wrote: Aren't those Opteron based? If so, then you're out of luck, because pfSense is currently not an x64 platform. Opterons will run just fine on 32 bit as well as 64 bit. One of our builder servers is a dual Opteron. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] My mistake. String me up. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] What about a sparc64? like a sun u2? will it run on that? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] cant reset password
Im getting this error when trying to reset the admin password via the console: Error: cannon determine root pwd in sync_webgui_passwords(). Effectively locking me out of the firewall. Is there anyway to correct this? I was hoping to upgrade to RC2, but need to get this fixed first, I am running RC1. TIA Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] cant reset password
Bill Marquette wrote: On 8/2/06, Bill Marquette [EMAIL PROTECTED] wrote: Not with that error message you aren't. That came from HEAD. Please reinstall. Thanks PS. for those still wondering why cvs_sync.sh is gone...here you go. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Guess I'll get to try out RC2 anyway ;-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]