[pfSense Support] add users
Hi there team, I was wondering is it possible to add users(different then standard name ,,admin) for webgui? Thank you in advance for the answer. PS - pfsense 1.2 -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Source NAT
Hi Chris, Can he just edit the conf file on hand and bypass webgui? On Fri, Dec 18, 2009 at 10:39 AM, Chris Buechler cbuech...@gmail.com wrote: On Fri, Dec 18, 2009 at 3:21 AM, Tapani Tarvainen pfse...@tapanitarvainen.fi wrote: On Fri, Dec 18, 2009 at 02:52:43AM -0500, Chris Buechler (c...@pfsense.org) wrote Source NAT Can this be done with pfSense? Not at this time. Bummer. :-( Are there plans to add it in the future? It will be eventually, I don't know when. It's a pretty minor change I believe, and it may be a requirement for a project I'm working on right now. If that turns out to be the case, it may make 2.0 if it ends up as simple as I think it will be. Otherwise the next release after probably. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RC3 to RELEASE - Verify
I have a problem with SATA in FreeBSD kernel and upgrade is still no go. On Fri, Dec 18, 2009 at 9:26 AM, Seth Mos seth@xs4all.nl wrote: Op 17-12-2009 11:35, Paul Mansfield schreef: has anyone upgraded a pfsense cluster running 1.2.2-release to 1.2.3? Yes. am using many CARP addresses on WAN and LAN ports, IPSEC, OpenVPN, and advanced outbound nat. I am using multiple WAN connections, 380 IPsec vpn tunnels, roughly a hundred rules and 40 aliases. It is a 8 interface box with 1 lan and multiple opt interfaces, it uses vlans as well. I also use the load balancer for outbound traffic. It uses both port forwarding an 1:1 NAT. I also use the outbound NAT feature to bind to a carp address. It is a carp cluster based on 2 Dell PowerEdge servers with each 6 gigabit ports, one being the sync network, the others used by pfSense. It have about ~30 carp vips or so. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Source NAT
Hi Tapani Tarvainen, So the code will be overwritten on reboot - right? If so one simple script that copy the file before rebooting and one script that overwrite original file after boot. Is this sound any sense? On Fri, Dec 18, 2009 at 11:13 AM, Tapani Tarvainen pfse...@tapanitarvainen.fi wrote: On Fri, Dec 18, 2009 at 10:53:40AM +0200, Peter Todorov (pmi...@gmail.com) wrote Hi Chris, Can he just edit the conf file on hand and bypass webgui? Not quite that easy. I took a look at the code, and pfSense doesn't keep the raw pf conf file, but rebuilds it out of its own xml config at every reload, and the code that does that (filter.inc) has any hardwired as source address. I took a stab at hacking filter.inc and modified it so that if there's source-address modifier in the nat rule, it uses it as source in the rdr entry. I tested it with backup/restore: backed config up, added source-address entry, restored, and it seems to work. Somewhat surprisingly the rule even survived adding another NAT rule from the GUI. This is not exactly convenient, however, and I haven't taken a look at the GUI code to see how hard it'd be to make necessary changes there. -- Tapani Tarvainen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Source NAT
Hi Tapani, I run away from ugly hacks and thats the reason I am stuck with version 1.2.1 (do not want to recompile the custom kernel and make my disk) tell if that work On Fri, Dec 18, 2009 at 11:41 AM, Tapani Tarvainen pfse...@tapanitarvainen.fi wrote: On Fri, Dec 18, 2009 at 11:21:32AM +0200, Peter Todorov (pmi...@gmail.com) wrote So the code will be overwritten on reboot - right? The actual pf code, yes - the xml config is where permanent configuration is kept. (Caveat: I haven't read the code very thoroughly yet, I only downloaded pfSense first time yesterday, so I may have missed something obvious.) If so one simple script that copy the file before rebooting and one script that overwrite original file after boot. Is this sound any sense? I guess that'd be possible, but in this case modifying filter.inc as I did and putting the changes in the xml file seems easier. It's also more consistent with the rest of the stuff and might allow patching the GUI later without breaking anything or having to undo any ugly hacks. -- Tapani Tarvainen - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!
What you do on client machine? On Sat, Dec 19, 2009 at 6:11 AM, Tortise tort...@paradise.net.nz wrote: - Original Message - From: Chris Weakland chris.weakl...@gmail.com To: support@pfsense.com Sent: Sunday, December 13, 2009 4:40 AM Subject: Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded! Also if ur nic is a pci or pcie nic the wol cable must be connected to the motherboard header for it to work with wol. Chris I just tried WOL using an Intel 1000GT PCI NIC, (using no wol cable between the NIC and the motherboard) and it works fine. The tested motherboard is a GA-EP31-DS3L, which (sadly) does not have WOL in the BIOS. Certainly many NIC's and motherboards will need those cables, clearly not always. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Need help regarding the initial configuration of pfsense
Hire are some tutorials: http://doc.pfsense.org/index.php/Tutorials Hire is some explanation: http://doc.pfsense.org/index.php/Automatic_NAT_Rules_Generation On Wed, Feb 25, 2009 at 11:59 AM, Sumesh T A sumesh.n...@gmail.com wrote: Dear All I have installed pfsense successfully. I need to use pfsense box as a NAT router BOX. But i am unable get it work as expected. Can somebody send me documentation needed for the same. -- T. A. Sumesh Lecturer, CSED NIT Calicut -- честността не е порок
Re: [pfSense Support] ftp troubleshooting instructions help
On Tue, Feb 10, 2009 at 10:51 PM, Nick Smith nick.smit...@gmail.com wrote: I would like some clarifications on the FTP troubleshooting page. It states: 2. If you have a restrictive ruleset or are utilizing policy based routing for multiple-wans then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8030. IE: allow LAN subnet to 127.0.0.1 8000-8030. This rule should be on top of all other LAN rules that utilize policy based routing. What does this mean exactly? Make a rule, select LAN Subnet as the source to destination 127.0.0.1 for ports 8000-8030? Would this be created under the LAN tab? I got 2 LANs and have this rule on top of LAN and LAN2 tabs. What if my client also used ports 7950-8079 as well? Would i edit the rule to allow all the ports instead? do i need to make rules from the lan subnet for each IP address i need to ftp to? Also, do i need to do port forwarding for those ports as well? We dont run an FTP server, we just need to FTP out. thanks for the clarification - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
Re: [pfSense Support] Does anybody have working dual wan failover with pfsense?
It work for me on 1.2 It is the old way for now, but it works On Tue, Jan 13, 2009 at 8:25 AM, Simon Cornelius P Umacob simon...@gmail.com wrote: On Mon, Jan 12, 2009 at 6:42 PM, Erwan David erwan.da...@trusted-logic.com wrote: On Mon, Jan 12, 2009 at 11:30:44AM CET, Veiko Kukk veiko.k...@krediidipank.ee said: Erwan David wrote: It works great for me, in 1.2.1 Do you have also load sharing or only failover? How are your failover pools configured? --- Veiko I have both. 2 links, Wan and opt1 interfaces. 3 pools: preferWan, gateway (failover) Wan then opt1 preferOpt1, gateway (failover) opt1 then Wan loadBalanced, gateway (balance) wan,opt1 Then in firewall rules on LAN interface I use preferWan, preferOpt1 or loadBalanced as gateway. Yepp, same configuration in one of my setups. I even installed it on an ancient PC with 64MB RAM, which I later upgraded to 96MB. =) [ simon.cpu ] - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
[pfSense Support] hptrr: no controller detected on 1.2.2 and 1.2.1
Hello again, After many tryouts for upgrading and fresh installing the 1.2.2 and 1.2.1 I got same error when system boots: ,,hptrr: no controller detected. I understand that comes with FreeBSD 7, but I cant find how to workaround it. I do not understand fully the problem and I think that my hardware is very very old. But still ... there is somewhere a solution. Can someone give some light about the problem. PS -- after that error system hangs -- честността не е порок
[pfSense Support] Re: hptrr: no controller detected on 1.2.2 and 1.2.1
I get some idea for that problem (strange that I do not have RAID or something like that). I read this http://unix.derkeiler.com/pdf/Mailing-Lists/FreeBSD/questions/2008-07/msg01662.pdf and I will wait for pfsense on FreeBSD 7.1 On Tue, Jan 13, 2009 at 12:10 PM, Peter Todorov pmi...@gmail.com wrote: Hello again, After many tryouts for upgrading and fresh installing the 1.2.2 and 1.2.1 I got same error when system boots: ,,hptrr: no controller detected. I understand that comes with FreeBSD 7, but I cant find how to workaround it. I do not understand fully the problem and I think that my hardware is very very old. But still ... there is somewhere a solution. Can someone give some light about the problem. PS -- after that error system hangs -- честността не е порок -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
I try to install 1.2.2 get ,,hptrr: no controller detected. I check in pfsense forum and I found that I am not alone but I cant find solution to the problem yet. Any idea how to bypass this? On Sun, Jan 11, 2009 at 12:20 AM, Peter Todorov pmi...@gmail.com wrote: OK. I did console update from 1.2 to 1.2.2 and system doesn't boot again I guess I will try tomorow with fresh install of 1.2.2 and load backup files from 1.2. PS - - it is very old coputers Pentium I (with a ,,turbo button) On Sat, Jan 10, 2009 at 10:20 PM, Peter Todorov pmi...@gmail.com wrote: Curtis, I am not so sure that I will understand raw logs, but if you tel me I will pastebin every log. I just do not know where to look. Cris I see that my installation is very outdated. I have version 1.2 and now I will try now to update it via SSH and then I will see. On Fri, Jan 9, 2009 at 6:33 PM, RB aoz@gmail.com wrote: On Fri, Jan 9, 2009 at 08:31, Chris Buechler c...@pfsense.org wrote: You rarely want to NAT between internal interfaces. Ditto. The only internal NAT I have is when traversing from a trusted VLAN to an untrusted one (open wireless) to mask the systems. If your routing (primarily on the clients) is configured properly, the only thing you should have to do to enable DMZ-LAN is set an 'allow' rule for the specific traffic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок -- честността не е порок -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
Curtis, I am not so sure that I will understand raw logs, but if you tel me I will pastebin every log. I just do not know where to look. Cris I see that my installation is very outdated. I have version 1.2 and now I will try now to update it via SSH and then I will see. On Fri, Jan 9, 2009 at 6:33 PM, RB aoz@gmail.com wrote: On Fri, Jan 9, 2009 at 08:31, Chris Buechler c...@pfsense.org wrote: You rarely want to NAT between internal interfaces. Ditto. The only internal NAT I have is when traversing from a trusted VLAN to an untrusted one (open wireless) to mask the systems. If your routing (primarily on the clients) is configured properly, the only thing you should have to do to enable DMZ-LAN is set an 'allow' rule for the specific traffic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
OK. I did console update from 1.2 to 1.2.2 and system doesn't boot again I guess I will try tomorow with fresh install of 1.2.2 and load backup files from 1.2. PS - - it is very old coputers Pentium I (with a ,,turbo button) On Sat, Jan 10, 2009 at 10:20 PM, Peter Todorov pmi...@gmail.com wrote: Curtis, I am not so sure that I will understand raw logs, but if you tel me I will pastebin every log. I just do not know where to look. Cris I see that my installation is very outdated. I have version 1.2 and now I will try now to update it via SSH and then I will see. On Fri, Jan 9, 2009 at 6:33 PM, RB aoz@gmail.com wrote: On Fri, Jan 9, 2009 at 08:31, Chris Buechler c...@pfsense.org wrote: You rarely want to NAT between internal interfaces. Ditto. The only internal NAT I have is when traversing from a trusted VLAN to an untrusted one (open wireless) to mask the systems. If your routing (primarily on the clients) is configured properly, the only thing you should have to do to enable DMZ-LAN is set an 'allow' rule for the specific traffic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? Thank Peter On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler c...@pfsense.org wrote: 2009/1/8 Curtis LaMasters curtislamast...@gmail.com: Sounds like a NAT issue. Manually configure our outbound NAT or tell it not to NAT. Not necessary. Traffic between internal interfaces isn't NATed unless you enable AON and configure it to do so. The firewall rules on the DMZ interface don't allow pings most likely. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
I add NAT rule and I got connection On Fri, Jan 9, 2009 at 11:41 AM, Peter Todorov pmi...@gmail.com wrote: Maybe I need to update to 1.2.1 On Fri, Jan 9, 2009 at 11:32 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jan 09, 2009 at 11:14:50AM +0200, Peter Todorov wrote: Yes the are now in second place (DMZ interface) ICMP DMZnet * * * * and ICMP LANnet * * * *. There are rules also on second place (LAN interface) ICMP DMZnet * * * * and ICMP LANnet * * * * . No ping from DMZ to LAN. Strange, I can ping my setup fine. No dual WAN, though. On Fri, Jan 9, 2009 at 10:59 AM, Eugen Leitl [1]eu...@leitl.org wrote: On Fri, Jan 09, 2009 at 10:15:26AM +0200, Peter Todorov wrote: Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? There's a rule allowing ICMP between DMZ and LAN, yes? Thank Peter On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler [1][2]...@pfsense.org wrote: 2009/1/8 Curtis LaMasters [2][3]curtislamast...@gmail.com : Sounds like a NAT issue. Manually configure our outbound NAT or tell it not to NAT. Not necessary. Traffic between internal interfaces isn't NATed unless you enable AON and configure it to do so. The firewall rules on the DMZ interface don't allow pings most likely. - To unsubscribe, e-mail: [3][4]support-unsubscr...@pfsense.com For additional commands, e-mail: [4][5]support-h...@pfsense.com Commercial support available - [5][6]https://portal.pfsense.org -- �à �à à à References 1. mailto:[7]...@pfsense.org 2. mailto:[8]curtislamast...@gmail.com 3. mailto:[9]support-unsubscr...@pfsense.com 4. mailto:[10]support-h...@pfsense.com 5. [11]https://portal.pfsense.org/ -- Eugen* Leitl a href=[12]http://leitl.org;leitl/a [13]http://leitl.org __ ICBM: 48.07100, 11.36820 [14]http://www.ativel.com [15]http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- �е��но���а не е по�ок References 1. mailto:eu...@leitl.org 2. mailto:c...@pfsense.org 3. mailto:curtislamast...@gmail.com 4. mailto:support-unsubscr...@pfsense.com 5. mailto:support-h...@pfsense.com 6. https://portal.pfsense.org/ 7. mailto:c...@pfsense.org 8. mailto:curtislamast...@gmail.com 9. mailto:support-unsubscr...@pfsense.com 10. mailto:support-h...@pfsense.com 11. https://portal.pfsense.org/ 12. http://leitl.org/ 13. http://leitl.org/ 14. http://www.ativel.com/ 15. http://postbiota.org/ -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- честността не е порок -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
I add * * * 192.168.2.x * * to DMZ and LAN interfaces. I set thease rules to the top but there is not even a ping from DMZ to 192.168.2.x. I get ping to LAN interface (192.168.2.1) from DMZ but not to any of computers attached to that interface. On Wed, Jan 7, 2009 at 6:19 PM, Gary Buckmaster g...@centipedenetworks.comwrote: Peter Todorov wrote: Hello, I have a LAN that have 192.168.2.0/24 http://192.168.2.0/24 and DMZ (second LAN) with 192.168.4.0/24 http://192.168.4.0/24 How can I access LAN from DMZ? pfsense 1.2 - dual WAN configuration. Thank you in advance for answers. -- честността не е порок Typically this is inadvisable from a security standpoint. However, in order to allow it, create firewall rules on your DMZ interface with the destination IP of the machine(s) you want to send to. !DSPAM:4964d6b815801234511312! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
Re: [pfSense Support] DMZ to LAN access
I have got ping from LAN to DMZ .. I do not have ping from DMZ to LAN Is there some restriction that I have mised? On Thu, Jan 8, 2009 at 12:28 PM, Aarno Aukia m...@arska.ch wrote: If you would like to send ping-replies from LAN to DMZ you might have to add a * * * 192.168.4.x * * to LAN... -Aarno 2009/1/8 Peter Todorov pmi...@gmail.com I add * * * 192.168.2.x * * to DMZ and LAN interfaces. I set thease rules to the top but there is not even a ping from DMZ to 192.168.2.x. I get ping to LAN interface (192.168.2.1) from DMZ but not to any of computers attached to that interface. On Wed, Jan 7, 2009 at 6:19 PM, Gary Buckmaster g...@centipedenetworks.com wrote: Peter Todorov wrote: Hello, I have a LAN that have 192.168.2.0/24 http://192.168.2.0/24 and DMZ (second LAN) with 192.168.4.0/24 http://192.168.4.0/24 How can I access LAN from DMZ? pfsense 1.2 - dual WAN configuration. Thank you in advance for answers. -- честността не е порок Typically this is inadvisable from a security standpoint. However, in order to allow it, create firewall rules on your DMZ interface with the destination IP of the machine(s) you want to send to. !DSPAM:4964d6b815801234511312! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок -- Aarno Aukia 0764000464 -- честността не е порок
[pfSense Support] DMZ to LAN access
Hello, I have a LAN that have 192.168.2.0/24 and DMZ (second LAN) with 192.168.4.0/24 How can I access LAN from DMZ? pfsense 1.2 - dual WAN configuration. Thank you in advance for answers. -- честността не е порок
Re: [pfSense Support] second WAN on PPPOE
Thank you Chris for the answer. I will await for 2.0 version. On Wed, Nov 12, 2008 at 7:51 PM, Chris Buechler [EMAIL PROTECTED] wrote: 2008/11/12 Peter Todorov [EMAIL PROTECTED]: Hello list, I wonder is there a option to add second WAN (OPT) with PPPOE? pfsense 1.2. Not in 1.2, you have to do it on your modem for OPT WANs. In 2.0 that's an option. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org -- честността не е порок
[pfSense Support] second WAN on PPPOE
Hello list, I wonder is there a option to add second WAN (OPT) with PPPOE? pfsense 1.2. Thank you in advance for answers. -- честността не е порок
[pfSense Support] routing
Hello, I have a privite network. || |-| --| p |192.168.0.1 | dlink dir615| x.x.x.x | f ||192.168.0.245 | | s ||--| --| e | | y.y.y.y | n | | | s |192.168.3.1 |-| | e |-| |PC |192.168.2.106 || | |-| (windows) | |192.168.3.5(freeBSD) |-| |PC | |-| That is the topology of my network. My question is how can I see 192.168.3.5from 192.168.2.106. Thank yuo in advance for the answer -- честността не е порок
Re: [pfSense Support] DMZ lan ping
I stil cannot ping the LAN I get: su-2.05b# ping merlin ping: cannot resolve merlin: Unknown host On Thu, Oct 9, 2008 at 4:31 AM, Chris Buechler [EMAIL PROTECTED] wrote: 2008/10/8 Paul Mansfield [EMAIL PROTECTED]: icmp echo request on DMZ interface, yes (in a firewall rule) as well as a route to LAN on DMZ which should be handled by the systems' default routes, assuming that's pfSense. machines, and advanced NAT so that LAN isn't natted to DMZ No, only traffic leaving WAN interfaces gets NATed, not between internal interfaces. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- честността не е порок
Re: [pfSense Support] DMZ lan ping
192.168.0.1 LAN -- --merlin | pfsense| -- ---taira 192.168.3.5 DMZ On Thu, Oct 9, 2008 at 10:49 AM, Tonix (Antonio Nati) [EMAIL PROTECTED]wrote: This is a dns resolution error. Where is merlin resolved? Tonino Peter Todorov ha scritto: I stil cannot ping the LAN I get: su-2.05b# ping merlin ping: cannot resolve merlin: Unknown host On Thu, Oct 9, 2008 at 4:31 AM, Chris Buechler [EMAIL PROTECTED]wrote: 2008/10/8 Paul Mansfield [EMAIL PROTECTED]: icmp echo request on DMZ interface, yes (in a firewall rule) as well as a route to LAN on DMZ which should be handled by the systems' default routes, assuming that's pfSense. machines, and advanced NAT so that LAN isn't natted to DMZ No, only traffic leaving WAN interfaces gets NATed, not between internal interfaces. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- честността не е порок -- [EMAIL PROTECTED]Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] -- честността не е порок
[pfSense Support] DMZ lan ping
What rule must I add to ping LAN from DMZ? -- честността не е порок
Re: [pfSense Support] portforward
http://img2.freeimagehosting.net/uploads/th.94613b2206.jpg http://img2.freeimagehosting.net/image.php?5c2d6c27d1.jpg http://img2.freeimagehosting.net/image.php?94613b2206.jpg http://img2.freeimagehosting.net/image.php?9ce00da942.jpg http://img2.freeimagehosting.net/image.php?68378091fc.jpg http://img2.freeimagehosting.net/image.php?e5f570ae1d.jpg On Wed, Jun 4, 2008 at 11:38 AM, sai [EMAIL PROTECTED] wrote: http://imageshack.us/ http://www.freeimagehosting.net/ On 5/30/08, Peter Todorov [EMAIL PROTECTED] wrote: Where I can upload screanshots to show ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- честността не е порок
[pfSense Support] portforward
Hello can somebody help me with port forward with pfsense. I enable port forward for wan and computers from internet (external) can access my apache server on DMZ, but I cannot access my apache server from LAN. -- честността не е порок
Re: [pfSense Support] portforward
|WAN | WAN2 (OPT1) | (real IP) | | | | | || 192.168.3.x | PFSENSE | |--- | || DMZ(OPT2) (192.168.3.1) -| Apache| - || | |LAN (192.168.0.1) | | |(192.168.0.245 WAN) |---| | WIFI Ruter | |---| | | | Laptops (192.168.2.x) 2008/5/30 Ryan Rodrigue [EMAIL PROTECTED]: did you set the nat forwarding? -Original Message- *From:* Peter Todorov [mailto:[EMAIL PROTECTED] *Sent:* Friday, May 30, 2008 11:31 AM *To:* support@pfsense.com *Subject:* [pfSense Support] portforward Hello can somebody help me with port forward with pfsense. I enable port forward for wan and computers from internet (external) can access my apache server on DMZ, but I cannot access my apache server from LAN. -- честността не е порок -- честността не е порок
Re: [pfSense Support] portforward
Where I can upload screanshots to show ? 2008/5/30 Ryan Rodrigue [EMAIL PROTECTED]: did you set the nat forwarding? -Original Message- *From:* Peter Todorov [mailto:[EMAIL PROTECTED] *Sent:* Friday, May 30, 2008 11:31 AM *To:* support@pfsense.com *Subject:* [pfSense Support] portforward Hello can somebody help me with port forward with pfsense. I enable port forward for wan and computers from internet (external) can access my apache server on DMZ, but I cannot access my apache server from LAN. -- честността не е порок -- честността не е порок
[pfSense Support] Re: OPT
I got it done. I enable NAT to OPT1
[pfSense Support] OPT
Hello to all, I am new to pfsense, so I do everiting by the book. I have two ISP that come and several computers (my LAN network) that benefits from the ISP. The two ISP - give me IP from DHCP (or static - can work bout ways). One I call BTK - 192.168.1.2/24 from ADSL router that have IP 192.168.1.1/18. The second give me IP by DHCP true cable modem - motorola SB4200 (now I use ethernet adaptor not USB). My LAN is IP is 192.168.0.11/24. I install pfsense 1.2from live CD on one of computers that I want to use like getaway. So I have: LAN - vr0 (192.168.0.11/24) WLAN - rl0 (192.168.1.2/24) getaway=192.168.1.1 DNS - 212.39.90.42 OPT1 - rl1 (DHCP - some address from 85.130.0.0/18) getaway(by DHCP)= 85.130.0.1 DNS - 217.9.224.2 I allow DHCP to LAN in first wizard. start address - 192.168.0.15/24 and end address - 192.168.0.254 I plug the cables and enable the OPT1 interface. Register DHCP leases in DNS forwarder Register DHCP static mappings in DNS forwarder Diagnostics - Ping from WAN to 192.168.1.1 - OK from WAN to 69.64.6.21 - OK from OTP to 85.130.0.1 - OK from OTP to 69.64.6.21 - NO ping form one of internal computers (behind pfsense) to 69.64.6.21 - OK Services - Load Balancer Setting - Pool1 Pool name - LoadBalance Description - Round Robin load balancing Type - Gateway Behavior - Load Balancing Port - Unused 1st IPMonitor - 212.39.90.42 1st Interface name - WAN 2st IPMonitor - 217.9.224.2 2st Interface name - OPT1 Setting - Pool2 Pool name - WAN1FailsToWAN2 Description - WAN 2 preferred when WAN 1 fails Type - Gateway Behavior - Failover Port - Unused 1st IPMonitor - 217.9.224.2 1st Interface name - OPT1 2st IPMonitor - 212.39.90.42 2st Interface name - WAN Setting - Pool3 Pool name - WAN2FailsToWAN1 Description - WAN 1 preferred when WAN 2 fails Type - Gateway Behavior - Failover Port - Unused 1st IPMonitor - 212.39.90.42 1st Interface name - WAN 2st IPMonitor - 217.9.224.2 2st Interface name - OPT1 Sticky connections - enable Firewall - Rules, LAN tab Rule - Load Balance Position in rule list - Last Action - Pass Disabled - Unchecked Interface - LAN Protocol - any Source - LAN subnet Source OS - any Destination - any Log - no Schedule - none Gateway - LoadBalance Description - Everything else gets shared out Rule - WAN Position in rule list - top Action - Pass Disabled - Unchecked Interface - LAN Protocol - any Source - LAN subnet Source OS - any Destination - network 212.39.0.0/24 Log - no Schedule - none Gateway - 192.168.1.1 Description - Make sure DMZ 1 traffic goes to right interface Rule - OPT1 Position in rule list - top-1 Action - Pass Disabled - Unchecked Interface - LAN Protocol - any Source - LAN subnet Source OS - any Destination - OPT1 subnet Log - no Schedule - none Gateway - default (there is no 85.130.0.1 from dropdown list) Description - Make sure DMZ 2 traffic goes to right interface Rule - HTTPS Position in rule list - top-2 Action - Pass Disabled - Unchecked Interface - LAN Protocol - TCP Source - LAN subnet Source OS - any Destination - any Destination port range - HTTPS Log - no Schedule - none Gateway - WAN2FailsToWAN1 Description - Route https through one working connection Rule - SMTP Position in rule list - top-3 Action - Pass Disabled - Unchecked Interface - LAN Protocol - TCP Source - LAN subnet Source OS - any Destination - any Destination port range - SMTP/S Log - no Schedule - none Gateway - 192.168.1.1 Description - Route SMTP to the ISP that handles it Apply rules From I have internet (ping to 69.64.6.21) to internal computers (behind the pfsense), but when I unplug WAN cable I don't have internet. I use this document to do this: http://doc.pfsense.org/index.php/MultiWanVersion1.2 I think that I do everything by the book, but I do not have Internet when I unplug the WAN cable. Please help me to configure that router. Thank you in advance. -- честността не е порок
[pfSense Support] boot error
Hello from me, I am trying to boot live CD 1.2 on one machine and I get *read error: 0x20*I want to test will this software will recognize the modem I use. The modem is Motorola Surfboard 4100. This is USB modem. From one side there is coaxial cable from cable TV and from the other is USB that is plug in the computer. -- честността не е порок
[pfSense Support] boot error
Hello from me, I am trying to boot live CD 1.2 on one machine and I get *read error: 0x20*I want to test will this software will recognize the modem I use. The modem is Motorola Surfboard 4100. This is USB modem. From one side there is coaxial cable from cable TV and from the other is USB that is plug in the computer. -- честността не е порок
