RE: [pfSense Support] Outbound port forward

2011-09-06 Thread Ryan Rodrigue
What if you enabled DNS Forwarder and forwarded All DNS Request to PFsense.

Ryan Rodrigue
P.O. Box 4336
Chief Technical Manager
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma, LA 70360
Fax (985) 853-0134
radiote...@aaremail.com
www.aarelectronics.com


-Original Message-
From: Arquivos [mailto:arqui...@otv.com.br] 
Sent: Tuesday, September 06, 2011 2:34 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Outbound port forward

> What you want is a NAT Port Forward entry on your LAN interface to 
> destination port 53 and a redirect target IP of the server you want to 
> force. I haven't tried this but I believe it will do what you are 
> asking.

I´ve tried this config and it didn´t work :( In NAT por forward only
internal IP´s can be specified and i need an external DNS server, so i´m
still in the dark.
Tks..

Danilo



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 6441 (20110906) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] how to block the bit torrent

2011-09-02 Thread Ryan Rodrigue

On Fri, Sep 2, 2011 at 12:23 PM, Glenn Kelley  wrote:
> There is a PFSense 2 book available for the Kindle or paperback - in 
> Amazon Store - just search for PFSENSE


I recommended the 1.2 book because he said he was running 1.2



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] how to block the bit torrent

2011-09-01 Thread Ryan Rodrigue
Get it, Read It.  It will help a lot I think.

 

http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/097903428
0



RE: [pfSense Support] how to add the wifi

2011-09-01 Thread Ryan Rodrigue

-Original Message-
From: RB [mailto:aoz@gmail.com] 
Sent: Thursday, September 01, 2011 9:36 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] how to add the wifi

On Thu, Sep 1, 2011 at 08:31, Ryan Rodrigue  wrote:
> There is not a 100% definite answer to this.  What I do is open the 
> ports I need (80 for http, 25 for smtp, ect and then put a block all 
> rule below these.  This usually works for 99% of the bit torrent 
> traffic.  The problem is that PFsense blocks based on ports, bit 
> torrent can be intelligent and change ports.  You could also do the 
> traffic shaper and put bit torrent in a very low spped queue, but I have 
> never tried that.

pfSense 2.0 has the capability to categorize traffic at "layer 7", but even 
that isn't foolproof against bittorrent.

You are correct.  I haven't played with these features yet.  My method works 
for me and I think it is a good method in general.  Allow what you need, Block 
everything else.  Yes, It gets aggravating sometimes, but it also helps prevent 
the next dumb thing the users decide to try.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional 
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6427 (20110901) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] how to add the wifi

2011-09-01 Thread Ryan Rodrigue
 

ok..please help me. how to block the bit torrent in pfsense 1.2.3

 

Thank you,

 

There is not a 100% definite answer to this.  What I do is open the ports I
need (80 for http, 25 for smtp, ect and then put a block all rule below
these.  This usually works for 99% of the bit torrent traffic.  The problem
is that PFsense blocks based on ports, bit torrent can be intelligent and
change ports.  You could also do the traffic shaper and put bit torrent in a
very low spped queue, but I have never tried that.



RE: [pfSense Support] how to add the wifi

2011-09-01 Thread Ryan Rodrigue
You probably need to login to the Linksys and take it out of router mode and
put it in AP mode. Or at least turn of DHCP on the Linksys and connect it to
the LAN port instead of the WAN port.  If you don't have a wifi card, you
will not have any WiFi setting in PFsense.

 


Ryan Rodrigue

P.O. Box 4336


Chief Technical Manager

Houma, LA 70361


A A R Electronics, Inc

Phone (985) 876-4096


510 West Tunnel Blvd

Phone (800) 649-7346


Houma, LA 70360

Fax (985) 853-0134


radiote...@aaremail.com

 <http://www.aarelectronics.com/> www.aarelectronics.com

 

 

From: suresh suresh [mailto:suresh.notion...@gmail.com] 
Sent: Thursday, September 01, 2011 9:13 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] how to add the wifi

 

No,.. i dont have wifi card.if i configure the wifi router. that goes to the
differnt network. like am pfsense using 192.18.7.10 in wifi coonected
systemshows ip 192.168.1.1 at that time i cant take print or scan both will
come on 7.1 series. how to solve this problem.and also more question how to
block the bit torrent. am using pfsense 1.2.3.

 

Thank you,

 

Regards,

Suresh

 

 

On Thu, Sep 1, 2011 at 7:22 PM, RB  wrote:

On Thu, Sep 1, 2011 at 07:48, suresh suresh 
wrote:
> Hi All,
> how to add the wifi in pfsense. i am having the linksys home router.how to
> setup wifi in the pf sense. please help me.

Do you have a wifi card in your pfSense machine?  Are you wanting it
to be a wireless client or an access point?

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

 



RE: [pfSense Support] hardware suggestions

2011-08-03 Thread Ryan Rodrigue

I'm installing onto a seagate 320GB 2.5" hard drive, from a CD, both
connected via sata. I boot from the CD and have attempted to install
directly (press I) and continue (press C) into the liveCD boot, do a minimal
configuration (1 lan & 1 wan) and install from there (option 99). I'm using
the non-embedded version, both 1.2.3 and 2.0rc3.

I have 2 possible outcomes when I boot from disk, depending upon the options
used to install

- A menu is visible on the screen which after a few seconds attempts to
boot, this is what I finish up with on the screen
F1  pfSense
Boot:  F1
\<- non-moving spinner

- the other outcome is that I get an error message like this:
default 0:ad(0,a)/boot/kernel/kernel
no /boot/loader
boot:
 

I would change the setting in the bios for the hard drive to ATA or legacy
mode if it has such a setting.  

 

It appears as though it doesn't like the hard drive for some reason.  

 

I have had that problem with some compact flash modules and 1 SATA drive
that I fixed by setting my BIOS to what it called legacy mode. (Basically it
presented the SATA drive as IDE I think.)




-- 
Nick Upson (01799 533252)



RE: [pfSense Support] Re: install headache (part 2)

2011-08-02 Thread Ryan Rodrigue
 

From: Nick Upson [mailto:n...@telensa.com] 
Sent: Tuesday, August 02, 2011 6:56 AM
To: support pfsense
Subject: [pfSense Support] Re: install headache (part 2)

 

 

On 2 August 2011 11:19, Nick Upson  wrote:

Hi,

I am trying to be systamatic about trying the combinations of variables, so
far nothing works properly

(2.0 rc3, go straight into install rather than run pfsense from the cd)

a) quick install, uni processor - hangs at the spinner after boot prompt 
b) block mode off, uni processor - error about no boot loader
c) quick install, SMP processor - hangs at the spinner after boot prompt 
d) quick install, SMP processor - hangs at the spinner after boot prompt 


(boot into pfsense, option 99 to install)

e) quick install, uni processor - error about no /boot/loader

disabled LBA in BIOS

( go straight into install rather than run pfsense from the cd)

f) quick install, uni processor - hangs at the spinner after boot prompt 

(boot into pfsense, option 99 to install)

g) quick install, uni processor - error about no /boot/loader
h) block mode off, uni processor - error about no /boot/loader

enable  LBA in BIOS
( go straight into install rather than run pfsense from the cd)

i) block mode off, uni processor - error about no /boot/loader

-- 
Nick Upson (01799 533252)

 

What kind of hardware are you trying to install on?



RE: [pfSense Support] Diffrent Gateway Adress ( External )

2011-06-14 Thread Ryan Rodrigue
 

 

From: Shibashish [mailto:shi...@gmail.com] 
Sent: Tuesday, June 14, 2011 3:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Diffrent Gateway Adress ( External )

 

 

2011/6/14 Koray AGAYA 

Thank you for your information

 

I added 1:1 NAT section like bellow I tested same result external gateway not 
changed. Gateway adresses is 2.2.2.2 What is my mistake ?

 


MAIL 

2.2.2.4/32 

10.0.1.12/32 

mail.mems.metu.edu.tr  

 

 

It is an external IP, not an external gateway you are looking for.  You need to 
Specify the IP in 1:1 NAT which it appears you did.  You also need to specify 
the External IP in Virtual IPs.  At the bottom of the 1:1 NAT Page it says you 
may also need to specify them as virtual IPs with a link.

 

Each interface must have a unique gateway.  

Step 1: I would think that you need to remove the Mail interface all together 
if you have not already done so.

Step 2: Go to Firewall – Virtual Ip’s and specify the Type ( I use proxy arp 
usually) interface it will resides on (Probably the WAN unless you have 2 
ISP’s), and IP address.

Step 3: Go to Firewall – NAT and Choose the 1:1 Tab. And click the + sign. (or 
edit if you already have one there)

Step 4:  Select the interface (same one you selected for virtual IP) External 
IP, Internal IP, Destination type (I use any).

Step 5: Click Save.

 



RE: [pfSense Support] allow/deny users by MAC address?

2011-06-06 Thread Ryan Rodrigue


->Original Message-
>From: Luke Jaeger [mailto:ad...@pvpa.org] 
>Sent: Monday, June 06, 2011 8:31 AM
>To: support@pfsense.com
>Subject: [pfSense Support] allow/deny users by MAC address?
>
>I run a school network where students and teachers sometimes bring in
personal laptops.
>
I>s there a way to filter these by MAC address so that teachers get access
to certain resources (such as printing) and students don't?
>Or do I have to set up a separate wireless network for teachers only?
>
>Luke Jaeger | Technology Coordinator
>Pioneer Valley Performing Arts Charter Public School www.pvpa.org
>

Short answer - No.
Possible solution: 
Some of your better Wi-Fi access points allow you to set multiple SSID's
with a separate VLAN for each.  I would do that and setup an SSID for
Teachers with their passcode and an SSID for students with their passcode.
That way you could setup the access they have with the VLAN.  This way you
also don't have to worry about the limited number of Wi-Fi channels because
both SSIDs work in conjunction with each other on the same channel.  I do
this and I also setup an SSID for IT login with a non-broadcasting SSID and
a separate passcode.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Blocking Windows Machines

2011-05-06 Thread Ryan Rodrigue


>In addition to this, and to controlling DHCP, as another poster mentioned, 
>there is an audit method that may take some time, but can be automated to some 
>degree.
>
>It's an interesting use of TTLs I saw discussed on another list - you have to 
>keep track of the TTLs by the hosts on your network and notice the anomalies. 
>Most OSes use a starting >TTL of either 64 or 128. If you notice packets with 
>a TTL of 63 or 127 coming from a particular IP address through your 
>router/firewall, you have an indicator that that IP address is a >router or 
>NAT device itself. I would also suspect that if you see mixed TTLs coming from 
>a single IP address, that might also signal something to investigate.
>
>Kurt 


And while this is correct if it goes through a router, I don't think a simple 
access point will change (decrement) the TTL.  I remember Mikrotik would let 
you override the TTL to 1 so that any router hanging off would discard the 
packets.  That is unless they used another Mikrotik router that would simple 
modify the TTL again.  They did this in a mangle rule.

(Sorry I correct a fat finger issue above)


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Blocking Windows Machines

2011-05-06 Thread Ryan Rodrigue


>In addition to this, and to controlling DHCP, as another poster mentioned, 
>there is an audit method that may take some time, but can be automated to some 
>degree.
>
>It's an interesting use of TTLs I saw discussed on another list - you have to 
>keep track of the TTLs by the hosts on your network and notice the anomalies. 
>Most OSes use a starting >TTL of either 64 or 128. If you notice packets with 
>a TTL of 63 or 127 coming from a particular IP address through your 
>router/firewall, you have an indicator that that IP address is a >router or 
>NAT device itself. I would also suspect that if you see mixed TTLs coming from 
>a single IP address, that might also signal something to investigate.
>
>Kurt 


And while this is correct if it goes through a router, I don't think a simple 
access point will change (decrement) the TTL.  I remember Mikrotik would let 
you override the TTL to 1 so that any router hanging off would discard the 
packets.  Thank is unless they used another Mikrotik router that would simple 
modify the TTL again.  They did this in a mangle rule.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] can't block https://facebook.com via firefox

2011-03-23 Thread Ryan Rodrigue

-Original Message-
From: Raylund Lai [mailto:raylund@kankanwoo.com] 
Sent: Wednesday, March 23, 2011 11:14 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] can't block https://facebook.com via firefox

I think the best is to combine DNS and firewall rule.

Using something like OpenDNS for all the DNS inquiry on your network and
then setup firewall rule so that only DNS inquiry are allowed to OpenDNS.
Then, going to OpenDNS to set your own blocking/allowing rule(s).

-Raylund
 This is a good approach too.  Rather than only allow dns to opendns you
could redirect all dns request to opendns in the nat settings.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] can't block https://facebook.com via firefox

2011-03-23 Thread Ryan Rodrigue


-Original Message-
From: Luke Jaeger [mailto:ad...@pvpa.org] 
Sent: Wednesday, March 23, 2011 8:59 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] can't block https://facebook.com via firefox
>
>Yes, I'm sure - facebook.com is explicitly blocked in my squid blacklist
and the shallalist 'socialnet' category is blocked too in squidguard. I also
set up a firewall rule blocking any >traffic >on any port to
>
>66.220.147.0/24
>66.220.149.0/24
>66.220.153.0/24
>69.63.176.0/24
>69.63.181.0/24
>69.63.184.0/24
>69.63.187.0/24
>69.63.189.0/24
>69.63.190.0/24

>But it's still possible to get to facebook, ONLY via https and ONLY in
Firefox when set to bypass system proxy settings.


You did put the block list above any allow list and you did put it on the
LAN port.  Correct?
I personally would set anything on the local network on Https, and Http to
block thus forcing them to use your squid proxy.  (Allow squid proxy of
course)



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Multiple WAN subnets

2011-03-01 Thread Ryan Rodrigue
Could you use virtual IPs assigned to the wan interface?  I use them now for
a different subnet and it works fine for me.  I assign the virtual IP and
use 1:1 nat.

 
Ryan
Rodrigue
        P.O. Box
4336
Systems
Technician  
       Houma, LA 70361
A A R Electronics,
Inc 
   Phone (985) 876-4096
510 West Tunnel
Blvd
    Phone (800) 649-7346
Houma, LA
70360   
     Fax (985) 853-1034
radiote...@aaremail.com 
 www.aarelectronics.com 

 


-Original Message-
From: JASON JAMES [mailto:jam...@milton.k12.wi.us] 
Sent: Tuesday, March 01, 2011 11:02 AM
To: support@pfsense.com
Subject: [pfSense Support] Multiple WAN subnets

We currently use PFSense as a perimeter firewall it does all of our NAT as
well. We recently ran out of public ip's and had another subnet issued to
us. The problem is whether I add a new interface or set it up as a static
route we can't get it to be reachable from outside. I know I am missing
something small, I have been skimming through the pFsense book again and
nothing is popping out. Anyone have any ideas? If I add it as an interface,
I can ping whatever ip address I bind that interface too but adding virtual
ips and then setting up NAT for additional ips in that block are not
routeable. 




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5917 (20110301) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




RE: [pfSense Support] Firewall security compromised by auxillary programs?

2011-02-07 Thread Ryan Rodrigue


-Original Message-
From: Sean Cavanaugh [mailto:millenia2...@hotmail.com] 
Sent: Friday, February 04, 2011 6:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Firewall security compromised by auxillary
programs?

?-Original Message-
From: Mark Jones
Sent: Friday, February 04, 2011 2:54 PM
To: support@pfsense.com
Subject: [pfSense Support] Firewall security compromised by auxillary
programs?

Well, I hear of people running pfSense in a VM, and I wonder how do you
avoid exposing the host OS to the network?  How can a firewall be run in a
VM and not leave the host OS hanging out to be attacked?  Or, go the
otherway and put the VM in the FreeBSD used by pfSense since there is plenty
of excess CPU and memory to do the trick.  Only getting vmware to run on
pfSense FreeBSD might be difficult (I haven't actually tried it) given the
very few pieces of FreeBSD that are present in a pfSense environment.

I am just a big dummy, but I would say that if the interfaces used for
PFsense are dedicated to interfaces in VMware (with separate Vswitches
each)without a service console connection, then you are OK.  Esxpecially on
ESX because it is has a firewall and is pretty well locked down.  Don't be
stupid and try to do so on a single interface.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Hardware not supported

2011-01-26 Thread Ryan Rodrigue

 

2011/1/26 İhsan Doğan :
>>> I've bought recently a Shuttle XPC-35 and unfortunately this 
>>> hardware does not run with FreeBSD 8.1, but it does with FreeBSD 8.2.
>>>
>>> Are there any plans to run pfSense 2.0 with FreeBSD 8.2?
>>
Not my first choice, but you could try to load some hypervisor on it like 
VMware ESXi and run it as a VM.  I have had PF running for over 6 months in a 
VM and it works great.




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] changing LAN to WAN

2011-01-19 Thread Ryan Rodrigue


-Original Message-
From: Chris Buechler [mailto:cbuech...@gmail.com] 
Sent: Wednesday, January 19, 2011 10:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] changing LAN to WAN

On Wed, Jan 19, 2011 at 5:55 AM, Nick Upson  wrote:
> Hi,
>
> I have an existing pfsense setup with 5 Lan & 1 Wan, I need to change
> LAN3 (the only unused one) to become a second WAN (connected to an 
> adsl modem) Please could someone give me some idea how to achieve 
> this, I've got the book but the part about configuring a second WAN 
> doesn't cover changing an existing setup.
>

Just change the interface's IP config as needed, then configure it however
desired as an additional WAN.

Agreed - Don't forget the Outbound Nat settings.  Though you did say you
have the book.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5800 (20110119) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] MAC based Access Control

2010-11-29 Thread Ryan Rodrigue
I there a way to manually specify an IP to a mac in the ARP tables.  That
way you could filter based on IP and if someone changed their IP to avoid
the filters, there internet access wouldn't work.  You could then take it a
step further and lockdown the switch port to only that one mac and if they
got cleaver and changed their mac, that wouldn't work either.  Just a
thought.  Feel free to blast away.

 

Description: Description: Description:
C:\Users\Ryan\AppData\Roaming\Microsoft\Signatures\AARElectronics3.gifRyan
Rodrigue
P.O. Box 4336
Systems Technician
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma, LA 70360
Fax (985) 853-1034
 <mailto:radiote...@aaremail.com> radiote...@aaremail.com
<http://www.aarelectronics.com/> www.aarelectronics.com 

 

 

 

 

From: stephen at stephenjc [mailto:step...@stephenjc.com] 
Sent: Monday, November 29, 2010 8:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] MAC based Access Control

 

I was under the impression that pfsense was  layer 3 software. Imo, I don't
think it should be dealing with layer 2. You can always use a switch with
port security.

On Nov 29, 2010 8:21 AM, "Vick Khera"  wrote:
> On Mon, Nov 29, 2010 at 8:11 AM, Adam Piasecki
>  wrote:
>> I understand it's a false sense of security, but I can see how it would
be
>> helpful.  Maybe a package can be made with the understanding that its not
>> 100% full proof.
>>
> 
> So you have a security feature that works, except when it doesn't.
> The problem is there is no way to tell when it is not working, so how
> do you "deal with it then"?
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 

<><>

RE: [pfSense Support] Assign custom Gateway

2010-11-05 Thread Ryan Rodrigue
 


-Original Message-
From: Tim Dickson [mailto:tdick...@aubergeresorts.com] 
Sent: Friday, November 05, 2010 4:54 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Assign custom Gateway


> Is there a way in PF to have dhcp assign a custom gateway in the 
> static dhcp setup.

Why don't you whitelist the IPs you want to pass in the captive portal
configuration.
They would all go through the captive portal, but those IPs assigned to
bypass wouldn't be blocked.
-Tim
I guess I could do that.  I want to pass all office pc's and block 2 semi
public pc's.  If it wasn't for this printer, I would have a separate network
for these pc's.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5595 (20101105) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Assign custom Gateway

2010-11-05 Thread Ryan Rodrigue
 

From: Ryan L. Rodrigue [mailto:radiote...@aaremail.com] 
Sent: Friday, November 05, 2010 9:16 AM
To: support@pfsense.com
Subject: [pfSense Support] Assign custom Gateway

 

Is there a way in PF to have dhcp assign a custom gateway in the static dhcp
setup.  

 

A little info on what I am trying to accomplish

Most users get IP address for normal gateway with normal restrictions and
all. 

Some special users get an IP on the same network, but a different router
with different restrictions and captive portal login. 

 The easiest way I could see to do this is to simply use two routers and
assign them accordingly.

I suppose 1 router would work, but I want only a few specific machines to
use captive portal and most machines to bypass CP.  This is kind of opposite
to what most people do.

I could also use VLAN and segrigate this computer, but I want them to share
all network resourses expecially itunes and a weird network printer that
doesn't seem to like traversing routers. (The printer doesn't even have a
place for a default gateway, how weird is that?)

 

I am really just trying to keep things simple.

Thanks for any suggestions.

 

 

 

Sorry, I read what I wrote and realize clarity is not one of my strengths.

Under the dhcp server I can add a static map.  Is there a way to add a
different gateway just for this static map.

I am running PF 1.2.3 Release.  Perhaps in version 2?  

Thanks for reading and any help you might be able to provide.



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5593 (20101105) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com



[pfSense Support] Assign custom Gateway

2010-11-05 Thread Ryan L. Rodrigue
Is there a way in PF to have dhcp assign a custom gateway in the static
dhcp setup.  

 

A little info on what I am trying to accomplish

Most users get IP address for normal gateway with normal restrictions
and all. 

Some special users get an IP on the same network, but a different router
with different restrictions and captive portal login. 

 The easiest way I could see to do this is to simply use two routers and
assign them accordingly.

I suppose 1 router would work, but I want only a few specific machines
to use captive portal and most machines to bypass CP.  This is kind of
opposite to what most people do.

I could also use VLAN and segrigate this computer, but I want them to
share all network resourses expecially itunes and a weird network
printer that doesn't seem to like traversing routers. (The printer
doesn't even have a place for a default gateway, how weird is that?)

 

I am really just trying to keep things simple.

Thanks for any suggestions.

 Ryan Rodrigue
P.O. Box 4336
Systems Technician
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma, LA 70360
Fax (985) 853-1034
radiote...@aaremail.com <mailto:radiote...@aaremail.com>
www.aarelectronics.com <http://www.aarelectronics.com/>  

 

 

 

 

<><>

RE: [pfSense Support] BLOCK IP or ALIAS firewall rule not blocking traffic

2010-09-22 Thread Ryan
Are you trying to block an external IP from internal network or internal IP
from external network

If IP to be blocked in external
on WAN put
Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any
on LAN put
Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to
block)

If IP to be blocked in internal
on LAN put
Action=Block, Protocol=Any, Source IP=(your IP to block), Destination IP=Any
on WAN put
Action=Block, Protocol=Any, Source IP= Any, Destination IP=(your IP to
block)

Remember rules are processed in order top to bottom, so if allow all is on
top, this will do nothing.



 
Ryan Rodrigue
P.O. Box 4336
Systems Technician
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma LA 70360
Fax (985) 853-1034
radiote...@aaremail.com
www.aarelectronics.com 
 
 

> -Original Message-
> From: Chris Flugstad [mailto:ch...@cascadelink.com] 
> Sent: Wednesday, September 22, 2010 4:44 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] BLOCK IP or ALIAS firewall 
> rule not blocking traffic
> 
> So what rule(s) would I add to block all traffic to this ip.  
> I setup traffice shaping and set this ip to a 5k up/down but 
> its still much higher than that -chris
> 
> On 9/22/2010 2:39 PM, Chris Buechler wrote:
> > On Wed, Sep 22, 2010 at 5:33 PM, Chris 
> Flugstad  wrote:
> >
> >> So i have public IP's , not Nat'd , on this box, 1.2.3, and I have 
> >> blocked an ip on both WAN AND LAN , any protocol, source and 
> >> destination, and traffic is still passing for this ip.
> >>
> >> any help?
> >>
> >>  
> > Traffic will never be sourced from and destined to the same IP.
> >
> > 
> -
> > To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional 
> > commands, e-mail: support-h...@pfsense.com
> >
> > Commercial support available - https://portal.pfsense.org
> >
> >
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 
> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] freeswitch help

2010-08-12 Thread Ryan
> On Thu, Aug 12, 2010 at 3:35 PM, Ryan L. Rodrigue 
>  wrote:
> 
> > 1.  Broadvox is set to go out of a certain ISP that we have on 
> > interface opt1.  I don't see anywhere in the setting to 
> specify this.
> 
> Create a pass rule on the internal interface, selecting OPT1 
> as the gateway.

So The freswitch binds to the lan interface by default?

> 
> > 2.  I assume I should put the broadvox settings in the 
> gateways tab as 
> > a new gateway. Am I correct in this?
> 
> You mean http://pfsense/system_gateways.php? Here you should 
> see the interfaces' gateways, i.e., the ISP next hop. Once it 
> is entered here you can choose it as your gateway when 
> creating a pass rule above.
> 

Sorry,  Freeswitch gateways tab.  I do believe I am correct on this.


> > 3.  Broadvox said they don't need a user name or password, just the 
> > proper IP address.  Is it ok to leave those fields blank?
> 
> Not sure, as I've always used them.
> 
> You may find the freeswitch support a little better on the 
> pfsense packages forum. I don't know if the maintainer is on 
> this list.
> Another good place to go is IRC #fusionpbx (similar project, 
> same folks).
> 
> db

Thank you for your help.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] freeswitch help

2010-08-12 Thread Ryan L. Rodrigue
I am playing around with the freeswitch package a little and am slightly
confused.  I am trying to make it work with a broadvox sip service that
we have.  
1.  Broadvox is set to go out of a certain ISP that we have on interface
opt1.  I don't see anywhere in the setting to specify this.  
2.  I assume I should put the broadvox settings in the gateways tab as a
new gateway. Am I correct in this?  
3.  Broadvox said they don't need a user name or password, just the
proper IP address.  Is it ok to leave those fields blank?  
 
Thanks for your help, Ryan
 
 
 


RE: [pfSense Support] PFsense 2.0 CP auto authenticate

2010-06-07 Thread Ryan


 

> -Original Message-
> From: Chris Buechler [mailto:cbuech...@gmail.com] 
> Sent: Monday, June 07, 2010 3:07 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] PFsense 2.0 CP auto authenticate
> 
> On Mon, Jun 7, 2010 at 2:17 PM, Ryan  wrote:
> >
> > Is there a way in PFsense 2.0 to have captive portal auto 
> authenticate 
> > all IPs on a subnet.  What I am wanting to do is limit all 
> users to 1 
> > Mbps each (up and down) without needed them to authenticate.
> >
> 
> No, but you can do that with limiters.
> 
Limmiters?  Who, what, and where?


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] PFsense 2.0 CP auto authenticate

2010-06-07 Thread Ryan

Is there a way in PFsense 2.0 to have captive portal auto authenticate all
IPs on a subnet.  What I am wanting to do is limit all users to 1 Mbps each
(up and down) without needed them to authenticate.

This works well if I add an IP entry for each, but is there a way to do a
large group like a whole subnet.  I am lazy and don't feel like making 200+
entries.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] PFsense 2.0 SMTP notifications.

2010-06-04 Thread Ryan

> 
> Anything that would show up in the top bar as an alert. 
> Gateway failures aren't counted among those, however. Things 
> like CARP changeovers would do that, and some other major things.
> 
> I have some ideas for beefing that area up. I'm interesting 
> in having an HDD space notification, and I know there are 
> probably other general triggers that people would like to see 
> (high load average, high swap usage, etc)
> 
> Jim
> 
Thanks for the quick reply.  With our failover setup like it is, one of our 
internet goes down sometimes and I don't ever realise (great router).  I would 
just like an email of these events so I could check an see whats going on.  Or 
at least know it went down.  I agree that other alerts would be great as well.  
System rebooted, state table maxing out, CPU maxing out just to think of a few. 
 I love that smtp is here now.  It gives alot of potential.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] block facebook twitter and youtube pfsense

2010-06-04 Thread Ryan

> 
> If you have a DNS server for internal use in your org, 
> consider putting zones on it that are authoritative for the 
> sites you wish to block, then putting in a wildcard entry 
> that points to 127.0.0.1
> 
> I do that for all of the sites you mention, plus a few others.
> 

I do this for a few sites myself using the dns server in PFsense.  I forward to 
an internal webserver that has a page that says Get to work and says some lie 
about All internet traffic is monitored and repeated attempts to access this 
site will be sent to your supervsior.   It's not perfect, but it works well for 
our user.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] PFsense 2.0 SMTP notifications.

2010-06-04 Thread Ryan
Sorry if this gets sent twice, I forgot to put a subject 
I finally got a chance t play with the new version 2.0 beta.  I must say, I 
like what I see so far.  Thanks

I see there is a place under Advanced > Notifications for an smtp server for 
noticfications.  What is considered an Alert that would be sent by these 
notifications?  Is there a place to adjust this.  I mainly and looking for a 
notice that a gateway id down.  Thanks for the help.

Ryan
 

__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5173 (20100604) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5173 (20100604) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] PfSense and hardware

2010-06-03 Thread Ryan
Send the message a dozen more times.  Maybe someone will respond.  Ok  I guess 
by you repition that you set the states to 250 and it seems you still are 
being limmited to 60mbps.  When you installed it, what kernal did you select?
 
 

  _  

From: Cihan Saglamoz [mailto:cihan.sagla...@gmail.com] 
Sent: Thursday, June 03, 2010 3:16 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PfSense and hardware


I set it to 250

In 60 mbits/s I see it about 140


Cihan SAĞLAMÖZ




On Thu, Jun 3, 2010 at 9:49 PM, Chris Buechler  wrote:


On Thu, Jun 3, 2010 at 2:41 PM, Cihan Saglamoz  wrote:
> Hi,
>
> Is pfsense supports quad core cpus?
>
>
> I have a pfsense running on a box with quad core cpu and 3 gb memory. It has
> a server mainboard and Gbit intel NIC over it.
>
> I am using it as a SYN Proxy after 60 mbits/s attack it is not possible to
> connect to firewall and servers behind the firewall.
>


You're probably exhausting your state table, increase its limit under
System>Advanced.



> On shell I see that tcpdump and syslog uses cpu very much. And I see only
> one cpu on "top" command.  Is there another way for checking it?
>
> Which feature uses tcpdump?  Can I close it?


logging, don't kill it.



> Do you know some ways for
> tuning pfsense to handle more than 60 mbits?
>


Increase the state table is probably all you need to do.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org






RE: [pfSense Support] pfSense 1.2.3/2.0 doesn't boot on Axiomtek NA-820

2010-05-28 Thread Ryan



> -Original Message-
> From: Malte S. Stretz [mailto:m...@apache.org] 
> Sent: Friday, May 28, 2010 9:36 AM
> To: support@pfsense.com
> Subject: [pfSense Support] pfSense 1.2.3/2.0 doesn't boot on 
> Axiomtek NA-820
> 
> Hi,
> 
> I'm currently trying to install pfSense 1.2.3 on an Axiomtek 
> NA-820 [1,2].  
> Apart from the seven GBit interfaces its nothing fancy, Intel 
> CPU, SATA controller, CF adapter.  FreeBSD is an officially 
> supported OS for that device.
> 

> 
> Cheers,
> Malte
> 
> [1]http://axiomtek.com/products/ViewProduct.asp?view=429
> [2]http://axiomtek.com/Download/Download/NA-820/NA-820.pdf
> -- 


What's the pricing on these units?  They look nice.
 
 

__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5154 (20100528) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Multiwan and DNS forwarder

2010-05-21 Thread Ryan

> >   
> Yeah, I missed that requirement on the first read-through.  
> Didn't mean to give you a bum steer. 

Thats OK.  I've been running thes fail-over setup for a while and just now
thought of this senario.  It worked when I tested it over a year ago because
i simply tested with ping.  My wan went out last week and I couldn't figure
out why the fail-over failed.  I found out it was a failure in my design.

 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 5136 (20100521) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Multiwan and DNS forwarder

2010-05-21 Thread Ryan


> -Original Message-
> From: Gary Buckmaster [mailto:g...@s4f.com] 
> Sent: Friday, May 21, 2010 3:24 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Multiwan and DNS forwarder
> 
> Actually, the easier way to do this is to use policy routes.  
> Create aliases called ISP1DNS and ISP2DNS and put the 
> appropriate DNS server IPs in those two aliases.  Then create 
> firewall rules on your LAN
> interface(s) above any load balancing rules which will match 
> DNS traffic to the appropriate DNS servers and select the 
> appropriate gateway. 
>
I would think your approach would work if the end computer was requesting
dns from the real dns server, not using dns forwarding.  I think the DNS
request does not originate from the Lan, but from the router itself.  I may
be wrong in this though.
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 5136 (20100521) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Multiwan and DNS forwarder

2010-05-21 Thread Ryan

> 
> For such multi-WAN setups, I would recommend hard coding your 
> DNS servers under System > General Setup and not allowing 
> them to be overridden. Then add a static route for one of 
> them so it always goes out your second WAN. Make sure the 
> server you use will answer on the WAN for which it's being 
> used, use Google's public DNS or OpenDNS and you don't have 
> to worry about that.
> 

Thanks for the reply.  So I go to System> Static routes and add a new route.
I gues I set the DNS server in the Destination Network Field with a /32 and
I put the default gateway of my T1 in the Gateway field.  What do i put for
the interface field?  I don't see an interface for the pfsense trafic
itself.
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 5136 (20100521) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Multiwan and DNS forwarder

2010-05-21 Thread Ryan
First, this is the best routing product I have ever used.  Ihad a box that was 
up and running for over two years!!!  It only rebooted because of a faiure in 
my ups.  I went ahead and updated to 1.2.3 seings as the system up time had 
reset anyway.  Thanks for the excellent work!!!

I have a Question.

I use Mlti-Wan with 1 Cable modem, 1 DSL line and 1 T1 line.  I setup Failover 
and have been very happy thus far.  I am also using DNS forwarder.  On each 
computer, PFsense assigns its own address as the DNS server.  Then PF serves up 
the dns.  My question it, what link does PF use to get its dns information.  I 
would assume the wan link as this is the only link that it uses for package 
information also.  If it is just the wan link and I lose that connection, will 
the fail-over be of any real use?  It seems like without being able to update 
the dns, individual user will only be able to reach those sites in the cached 
dns table.  Am i correct in this?  Thank for the help.
 

__ Information from ESET NOD32 Antivirus, version of virus signature 
database 5136 (20100521) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] If I get a new box to be my pfsense box can I import all my settings?

2010-04-15 Thread Ryan
> If I get a new box to be my pfsense box can I import all my settings?

Backup using Diagnostics> Backup/Restore on current router and then restore
on new router.



 
> Also what's best nic ard pci can I get for best performance 

I don't quite understand the question.  I have been using Intel and like
them the best. Most decent hardware configurations will cause the router to
route faster than home internet connection speeds.



> Should I get a good netgear pro safe switch for also 
> performance this is for home network.

Again. Any (OK, most) 10/100 switch will perform faster than a home internet
connection.  However a good gigabit switch with jumbo frame support will
allow you to transfer files quicker inside of your network.  I guess the
answer to this depends on what you want to accomplish and how much you want
to spend.

I hope this helps some.  Good Luck.

- Ryan
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 5032 (20100415) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] help -- policy routing problem

2010-03-18 Thread Ryan
Just a stupid qestion, but can you setup a virtual IP for either your mail
server, your voip device or both?

 
Ryan Rodrigue
P.O. Box 4336
Systems Technician
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma LA 70360
Fax (985) 853-1034
radiote...@aaremail.com
www.aarelectronics.com 
 
 

> -Original Message-
> From: mayak-cq [mailto:ma...@australsat.com] 
> Sent: Thursday, March 18, 2010 3:36 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] help -- policy routing problem
> 
> hi all,
> 
> thanks for the incredibly quick responses ...
> 
> i'll ask the provider to put a second ip address on his 
> router to get around the problem. i can't be the only one!
> 
> pfsense is fantastic!
> 
> cheers
> 
> m
> 
> 
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 
> 
> 
> __ Information from ESET NOD32 Antivirus, version of 
> virus signature database 4956 (20100318) __
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 4956 (20100318) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] client requirement and a Q

2010-02-25 Thread Ryan

> > Also I would like to ask. Can I block an iprange?
> 
> The firewall lets you block CIDR networks. If your range 
> doesn't fit neatly into a standard subnet then you have the 
> choice of blocking the encapsulating subnet, or creating 
> multiple rules to neatly cover the desired range.
> 
> Hope that helps.
> 
> db


You can also use aliases to specify the list of IPs or Subnets or
combination of the two you would like to use in your rules.  This can
simplify the rules some and make adding an ip or subnet very simple.  Very
efficient if you are using multiple rules or want to block on multiple
interfaces.
Good Luck.
 

__ Information from ESET NOD32 Antivirus, version of virus signature
database 4895 (20100225) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] potential pfsense hardware

2009-10-16 Thread Ryan
> Eugen Leitl wrote:
> > On Fri, Oct 16, 2009 at 12:27:47PM -0400, Curtis Maurand wrote:
> >> Check this one out.  It should work just fine.  Very inexpensive.
> >>
> >> http://www.newegg.com/Product/Product.aspx?Item=N82E16816101262
> > 
I have actually looked at this.  We use supermicro for some of our servers
and they make a great product.  This has 2 onboard nics, but they are both
realtek.  I guess I am too picky.  Realtek seems ok in a regular desktop pc,
but for a router, i would like an intel or a broadcom.  I could get a quad
pci-e intel nics, but i am too cheap. lol.  Maybe someone will make one
soon.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] potential pfsense hardware

2009-10-15 Thread Ryan

> Hi Ryan,
> 
> I'm just testing an atom wth re(4) but the NIC-Chip shouldn't 
> be the problem.
> I started a thread in the Forum, so i don't want to crosspost here.
> 
> http://forum.pfsense.org/index.php/topic,19808.0.html
> 
> I just try to build a Kernel working with that board and PF-Sense ...
> 
I find most of these Atom board use realtek nics.  I gues in an attempt to
keep cost down.  I am not interested in atom for its size or power
consumption. I guess i am stange, but i like the idea of building a decent
system for under $250

For the price of the MSI board mentioned in a different post, I can buy a
chaep Intel MB and processor for about $160 and have room for expansion.  I
like the <$120 price range expecially since it includes the processor. That
pus a cheap case with PSU ($30), 3 intel nics ($20 each - 6$, and a
transcend ide or sata disk module ($30) and i have a working system for
$240.  If it had 2 onboard intel nics, that drops $40 off the price and
leaves room for expansion.

I also like the low poer consumtion and low heat that mans i can slap a
larger heatsink and get rid of the processor fan.  That helps eliminate a
point of failure and maintance.  Just my $.02

PS.  sorry for top posting earlier.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] potential pfsense hardware

2009-10-15 Thread Ryan
Does anyone make an atom board with intel onboard.  I'd rather intel if i
had my choice.  I have seen a couple of flexatx atom boards that look real
promising, but they don't have intel nics.
 

Ryan Rodrigue <http://www.aarelectronics.com/>
<http://www.aarelectronics.com/>  <http://www.aarelectronics.com/> 


 <http://www.aarelectronics.com/>   
Office: (985) 876-4096

Fax: (985) 853-0134

radiote...@aaremail.com

 <mailto:radiote...@aaremail.com> 

 


  _  

From: Philippe LeCavalier [mailto:supp...@plecavalier.com] 
Sent: Thursday, October 15, 2009 12:16 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] potential pfsense hardware


On Thu, 2009-10-15 at 15:32 +, Joseph L. Casale wrote: 

I'd rather have a Realtek if I had to.

I second that!




Cheers,
Phil 



__ NOD32 4511 (20091015) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com


<>

RE: [pfSense Support] package manager in 1.2.2

2009-10-07 Thread Ryan

 

> -Original Message-
> From: Agi Subagio [mailto:a...@mbs.co.id] 
> Sent: Wednesday, October 07, 2009 1:37 AM
> To: support@pfsense.com
> Subject: [pfSense Support] package manager in 1.2.2
> 
> just upgraded from 1.2-RELEASE to 1.2.2, but the package 
> manager couldn't communicate with pfsense.com and this is not 
> happened in my other 1.2-RELEASE box.
>
 
Is the wan working properly?  If using multiwan, PFsense will only
communicate with packages using the wan interface.  Just a thought on a
place to check.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] potential pfsense hardware

2009-08-27 Thread Ryan

> I'm thinking about picking up a Supermicro Atom based system 
> for use with pfSense: 
> 
> http://www.supermicro.com/products/system/1U/5015/SYS-5015A-H.
> cfm?typ=H 
> 
> Any thoughts on potential issues with running pfSense on this 
> hardware? 
> 
> Thanks in advance,
> Sterling Windmill
>

The realtek nics they use are not the best.  I wish they would use intel.
It is an intel board after all. 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Re: Can captive portal authenticate based on windows login

2009-04-22 Thread Ryan

 

> -Original Message-
> From: Curtis LaMasters [mailto:curtislamast...@gmail.com] 
> Sent: Wednesday, April 22, 2009 2:18 AM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Re: Can captive portal 
> authenticate based on windows login
> 
> Barracuda bases logins 100% on IP address when used as a 
> transparent proxy.  User opens browser and looks at 
> google.com, the barracuda gets IP information from the Audit 
> of login/logout on the domain controller and associates a 
> users.  The barracuda checks the user against a group and 
> then allows or denies them access to the destination.  100% 
> IP address, no plugin required.
> 
> Curtis LaMasters
> http://www.curtis-lamasters.com
> http://www.builtnetworks.com
> 
I use websense for this now and it work great as far as automatically
logging via windows username.  It does the same thing i think.  The problem
is that if a person is not logged into windows with a specific username, it
blocks all requests.  ( I can configure it to et them through , but that
really defeats the purpose. )  I want a way to let a guest authenticate with
a password that I can give them and have normal users automatically
authenticate.  I will have to play with ISA this weekend.  I will probably
set up a VM at my house this weekend. I can always use that and put pfsense
ahead of it.  Unfortunatly all I have is ISA 2004, but if it works well, I
don't mind buying 2006.




> 
> 
> On Wed, Apr 22, 2009 at 1:00 AM, Glenn Kelley 
>  wrote:
> > i believe the barracuda does this only when the outlook plugin has 
> > been downloaded - i could be wrong however but at least that is our 
> > experience thusfar.
> > - actually there is one other time - when they are part of 
> a windows 
> > network and ldap is involved already...
> >
> >
> > On Apr 22, 2009, at 12:52 AM, Curtis LaMasters wrote:
> >
> >> 's Web Filter does this.  I know you have to install a DC 
> client on 
> >> the domain controllers that key's off of event log logins/offs and 
> >> reports to the filter.  Probably not what you need but it's an 
> >> option.
> >
> >
> > 
> -
> > To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional 
> > commands, e-mail: support-h...@pfsense.com
> >
> > Commercial support available - https://portal.pfsense.org
> >
> >
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 
> 
> 
> __ NOD32 3834 (20090206) Information __
> 
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
> 
> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Can captive portal authenticate based on windows login

2009-04-21 Thread Ryan

> -Original Message-
> From: Dimitri Rodis [mailto:dimit...@integritasystems.com] 
> Sent: Tuesday, April 21, 2009 4:34 PM
> To: support@pfsense.com
> Subject: RE: [pfSense Support] Can captive portal 
> authenticate based on windows login
> 
> Single Sign-on (aka one set of credentials) is one thing, the 
> captive portal's ability to automatically _receive_ (and 
> authenticate) the credentials from the requesting 
> client/browser is another. Unless I'm misunderstanding, Ryan 
> wants to get rid of the username/password prompt from the 
> captive portal, and have the "current" windows logon 
> credentials automatically pass to the captive portal, which 
> is currently not possible with pfSense-- ISA Server is the 
> only thing I know of that does this.
> 
> Dimitri Rodis
> Integrita Systems LLC
> http://www.integritasystems.com

You are correct.  This is exactly what i want to do.
Ryan Rodrigue

> 
> 
> -Original Message-
> From: Jim Pingle [mailto:li...@pingle.org]
> Sent: Tuesday, April 21, 2009 1:18 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Can captive portal 
> authenticate based on windows login
> 
> Ryan wrote:
> >
> >> Without seeing the CP screen, automatically logging them in with 
> >> Windows
> > credentials, no. You can authenticate them on.
> >> the CP screen with RADIUS using their Windows credentials 
> to IAS on a
> > Windows Server DC (if you're using AD).
> >
> >
> > I kinda thought that was the case.  Thank you for your help 
> Chris.  Do 
> > you know of anything that might do this?
> 
> I don't know if the Captive Portal can be coerced to support 
> LDAP or Kerberos, but I have heard of people achieving a 
> single sign-on type setup with Squid that way.
> 
> Jim
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
> additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 
> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Can captive portal authenticate based on windows login

2009-04-21 Thread Ryan
 



Ryan Rodrigue


  
Office: (985) 876-4096
Fax: (985) 853-0134


-Original Message-
From: Dimitri Rodis [mailto:dimit...@integritasystems.com] 
Sent: Tuesday, April 21, 2009 2:47 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Can captive portal authenticate based on
windows login

Microsoft Internet Security and Acceleration Server (ISA Server), and you
need to have AD.

I've used it, but only in this particular case. I do not know of anything in
the open source world that works reliably specifically the way you want it
to. (That is not to say that nothing exists, I just may not know about it).
With respect to ISA, there is a client installation (aka Firewall Client)
that is required to make the authentication transparent--without it, it
would work just like pfSense would-- with RADIUS against AD, and the user
would have to enter credentials manually.

Dimitri Rodis
Integrita Systems LLC
http://www.integritasystems.com


Thanks a bunch.  This Really helps.  I have ISA, but never even installed
it.  I thought it was just a firewall.  Thank you again for your help, Ryan.
 


>Without seeing the CP screen, automatically logging them in with Windows
credentials, no. You can authenticate them on.
>the CP screen with RADIUS using their Windows credentials to IAS on a
Windows Server DC (if you're using AD).


I kinda thought that was the case.  Thank you for your help Chris.  Do you
know of anything that might do this? 


__ NOD32 3834 (20090206) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Can captive portal authenticate based on windows login

2009-04-21 Thread Ryan


>Without seeing the CP screen, automatically logging them in with Windows
credentials, no. You can authenticate them on.
>the CP screen with RADIUS using their Windows credentials to IAS on a
Windows Server DC (if you're using AD).


I kinda thought that was the case.  Thank you for your help Chris.  Do you
know of anything that might do this? 


__ NOD32 3834 (20090206) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Can captive portal authenticate based on windows login

2009-04-21 Thread Ryan L. Rodrigue
First.  Thanks for making the best rouster software in the world.
 
Second.   I'v searched, but i cant quite figure it out.  I would like to
use captive portal.  What I want is to have certain users based on
windows username and passwords automatically autenticate without seeing
the captive portal screen.  If the user is unknow, then have them
redirected to supply alternate credentials.  I was hoping maybe I could
do this with a radius server.  Any help or sugestions are greatly
appreciated.  I hope I am clean in what I am asking for.  I am not very
familiar with radius and captive portal.  Thank you.
 


RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing

2009-04-14 Thread Ryan
 Block the IP and wait to see who complains that they are disconnected.



Ryan Rodrigue


  
Office: (985) 876-4096
Fax: (985) 853-0134


-Original Message-
From: Juan Rivera [mailto:jriv...@americancableco.com] 
Sent: Tuesday, April 14, 2009 6:55 AM
To: support@pfsense.com
Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE:
[pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense
Support] website browsing

Now as you see in the picture there is IP 192.168.1.147  that IP address
cant be located with a computer name how can I locate who is using that IP
address I have use Advance IP scanner but  its saying that the IP address is
dead and also look at our Dns records and nothing no computer with that IP
address u think is a computer infected with malware and can you help me on
how to locate it

-Original Message-
From: Tim Dickson [mailto:tdick...@calistogaranch.com]
Sent: Monday, April 13, 2009 4:19 PM
To: support@pfsense.com
Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support]
RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website
browsing

It all depends on throughput levels - but yes, I can pretty much guarantee
it can handle it. (1990's hardware can handle 70 users with modest
throughput), but if you are curious - what are your specs?
I was more wondering if you had a couple machines with malware that may be
pegging out your connections state table, or some P2P users. 
Check your state table and make sure it isn't maxing out.  And make sure if
you have P2P users, that they aren't maxing out your bandwidth. 

Blank MTU in your config is fine - that means it will be at 1500 - which is
the standard on most connections (at least in the US).

You didn't answer if all was well when bypassing the pfSense box.  If it is,
then start segregating things.  Try it with JUST your machine -> pfSense
->
Modem, and see how that works... this is granting your box is malware free
:) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your
machine to test.

Good luck!
-Tim


-Original Message-
From: Juan Rivera [mailto:jriv...@americancableco.com]
Sent: Monday, April 13, 2009 12:57 PM
To: support@pfsense.com
Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM]
Re:
[pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing

Yeah just called my ISP they are checking on the modem to see if there is
something wrong with it  as the MTU was blank before I made any changes to
it, now it got me thinking I have more than 70 computers connecting to my
free BSD you think it can't handle that many ?

-Original Message-
From: Tim Dickson [mailto:tdick...@calistogaranch.com]
Sent: Monday, April 13, 2009 2:54 PM
To: support@pfsense.com
Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support]
RE: [SPAM] Re: [pfSense Support] website browsing

Sounds like you are pulling at straws here - but try and find out what the
root of your problem is.  If your packets are fragmented, then yes this will
slow things down - but it could be totally irrelevant to your issue. 
If you bypass pfSense is everything fine? 
How do your traffic graphs look? (how many connections are you doing - check
the state table)

If it is in fact your MTU - check with your ISP on what your MTU should be,
you'll want to leave it matching theirs as changing MTU will just cause MORE
packet fragmentation where it isn't necessary, or causing more packets with
less data. And if your MTU is correct, your traffic is minimal, and you are
still having latency issues start a trace and find the routers your traffic
is passing through.  Then test the MTU levels to each router to find out
which router is causing your fragmentation.  You should then point your ISP
to that router. 

The random MTU guess isn't going to get you anywhere.  Just my 2cents
though...
-Tim

-Original Message-
From: Juan Rivera [mailto:jriv...@americancableco.com]
Sent: Monday, April 13, 2009 11:12 AM
To: support@pfsense.com
Subject: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM]
Re:
[pfSense Support] website browsing

ok I've done that but still the internet slow the MTU is not at 1400 but
internet slow is there anything else that could be the problem 

-Original Message-
From: Gary Buckmaster [mailto:g...@centipedenetworks.com]
Sent: Monday, April 13, 2009 1:28 PM
To: support@pfsense.com
Subject: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support]
website browsing

This is not the way to do this as the configuration will not survive
reboots.  You can set the MTU on the interface configuration page for your
WAN interface in the webGUI.  I would encourage you to check that out. 

Mikel Jimenez Fernandez wrote:
> Hi
>
> Yo have to reduce the MTU of interfaces
>
> ifconfig interface mtu 1380  for example
>
> Do it in LAN 

RE: [pfSense Support] WAN IP Pool

2009-01-05 Thread Ryan L. Rodrigue
Yep.  If you are wanting to use nat, use virtual IP to set up additional
Ip address and then use 1:1 nat to specify which internal IPs you would
like on which external IP addresses.  I am not sure, but i think you
must enable advanced outbound nat as well.  I hope this helps, Ryan



From: Abdulrehman [mailto:arvagabo...@gmail.com] 
Sent: Monday, January 05, 2009 6:46 AM
To: support@pfsense.com
Subject: [pfSense Support] WAN IP Pool


Hy i am using fiber optic as my WAN...i have to Network cards fxp0 and
vr0.fxp0 is my LAN side and vr0 is my WAN side. I have 16 IP Pool from
my ISP and i want to use this Pool behind my Pfsense firewall.Any
help...?Thanks in advance.

Regards
Abdulrehman



RE: [pfSense Support] Clock incorrect

2009-01-02 Thread Ryan L. Rodrigue
try to change it to the appropriate city/state.   Try america/new york. 

-Original Message-
From: k_o_l [mailto:k_...@hotmail.com] 
Sent: Friday, January 02, 2009 10:00 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Clock incorrect

Ryan,

It is set for time Zone "ETC/GMT-5"

-Original Message-----
From: Ryan L. Rodrigue [mailto:radiote...@aaremail.com]
Sent: Friday, January 02, 2009 10:53 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Clock incorrect

is your timezone set to GMT - x or set to a city/state?  It should be
city/state.  this was an issue a while back too. I don't know if it was
ever solved. 

-Original Message-
From: k_o_l [mailto:k_...@hotmail.com]
Sent: Friday, January 02, 2009 9:45 AM
To: support@pfsense.com
Subject: [pfSense Support] Clock incorrect

Hello,

I have NTP setup under "General Setup" but system clock and timestamp in
logs showing in correct time. This was not a problem prior to my upgrade
to 1.2.1, any ideas?

Thanks
Sam



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org





-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org





-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Clock incorrect

2009-01-02 Thread Ryan L. Rodrigue
is your timezone set to GMT - x or set to a city/state?  It should be
city/state.  this was an issue a while back too. I don't know if it was
ever solved. 

-Original Message-
From: k_o_l [mailto:k_...@hotmail.com] 
Sent: Friday, January 02, 2009 9:45 AM
To: support@pfsense.com
Subject: [pfSense Support] Clock incorrect

Hello,

I have NTP setup under "General Setup" but system clock and timestamp in
logs showing in correct time. This was not a problem prior to my upgrade
to 1.2.1, any ideas?

Thanks
Sam



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org





-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



RE: [pfSense Support] Multi Wan Load Balancing / Fail over weighted?

2008-11-06 Thread Ryan L. Rodrigue
Fail over works just fine.  Just set it up in the loadbalancer pool as 
failover,  Just put them in the order you want first to last.
-Original Message-
From: Duncan Hall [mailto:[EMAIL PROTECTED]
Sent: Thu 11/6/2008 6:45 PM
To: support@pfsense.com
Subject: [pfSense Support] Multi Wan Load Balancing / Fail over weighted?
 
I have configured Multi Wan Load Balancing with Fail over working on 
Pfsense 1.2.1 RC2 all appears to work well but I have a question.

Is it possible to weight the connections or have fail over without Load 
Balancing?

My reason for asking is I have a fibre connection into my office from 
our ISP and a backup ADSL2 line through another ISP. The backup line has 
download limits (30 gig per month) before I incur either severe shaping 
or huge costs. My main line is very reliable and more than fast enough 
but once in a while it does go down and people start to panic so I was 
hoping to either weight the load balancing to something like 90% fibre 
and 10% ADSL2 or failing that have a setup where the ADSL only kicks in 
once the fibre is down. At the moment I just turn off the ADSL2 router 
as we approach our limit and plug it back in if there is an outage but 
the office is open 24/7 and fate would have it that if there is an 
outage it happens when I'm sleeping.

Any suggestions?

Thanks in Advance.

Duncan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org





<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] PFsense on P4 Hyperthreading

2008-09-29 Thread Ryan Rodrigue
Thanks for the super quick reply.  I thought as much, but just wanted to
confirm.  Is there a limit to the number of processors it supports?  Will a
dual zeon quad core (8 processors) work?  i really don't have a need for
that much, but I was just curious while I have you here.

-Original Message-
From: Vivek Khera [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 10:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] PFsense on P4 Hyperthreading


On Mon, Sep 29, 2008 at 10:58 AM, Ryan Rodrigue <[EMAIL PROTECTED]>
wrote:
> Will PF sense work with a P4 using hypthreading?  I know I can disable it
in
> the BIOS, but i was just wondering if I could use it.  If I can, in the
> install, should I tell it I have a single CPU or a multi CPU setup?
Thanks
> for the help, Ryan
>

FreeBSD treats it as multiple CPUs, so use the SMP kernel.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3480 (20080929) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] PFsense on P4 Hyperthreading

2008-09-29 Thread Ryan Rodrigue
Will PF sense work with a P4 using hypthreading?  I know I can disable it in
the BIOS, but i was just wondering if I could use it.  If I can, in the
install, should I tell it I have a single CPU or a multi CPU setup?  Thanks
for the help, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Tracking Individual Users

2008-07-17 Thread Ryan Rodrigue
I know there was a thread similar to this, but I started a new message
because I don't feel it is the same.

Is there any way anyone knows of to get a list of who went were on PFsense?
I mainly would like to log traffic per user.  If it did a resolution of the
websites name instead of IP, that would be great also.  What my goal is is
to just keep an eye on where my kids are going on the internet.  I'd like to
get an easy to understand list.  PF may do this already, but if it does, I
don't know where.  I think this can be done with squid, but I am using CF
(full install of CF) and have heard that squid isn't good for CF.  I really
don't want it to slow down my connection either if possible.  Thanks for all
of your help,  This is a great product.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Review New Hardware Setup

2008-06-13 Thread Ryan Rodrigue
I have a board on order and will let you know how well it works with
pfsense.

-Original Message-
From: Simon Dick [mailto:[EMAIL PROTECTED]
Sent: Friday, June 13, 2008 6:02 AM
To: support@pfsense.com; support@pfsense.com
Subject: Re: [pfSense Support] Review New Hardware Setup



On Fri, 13 Jun 2008 10:55:51 +0100, "Paul Mansfield"
<[EMAIL PROTECTED]> said:
> Simon Dick wrote:
> > I have an Atom 230 based system I've just put together, unfortunately
> > it's not one I'm planning to install BSD nevermind pfSense on, I'll
> > actually be using it for VMWare (one of the guests will be pfSense, but
> > this is only for a small home network, I'm trying to combine old low
> > powered systems)
>
>
> would you be able to do at least a minimal network performance test, eg,
> boot linux and use "netcat" to test raw throughput?

It's running centos 5 anyway, so I'll do that shortly, bear in mind I'm
using a quad port 100Mb fxp type pci card, not the onboard Realtek one
though (centos doesn't come with a driver to support it for some strange
reason)
--
Simon Dick
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3184 (20080613) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Review New Hardware Setup

2008-06-12 Thread Ryan Rodrigue
Sorry to butt in to this question, but i think it kinda goes along.  Has
anybody tried the new Inet atom based processors for something like this?
They have made a few ITX boards for a pretty cheap price.  They even have
intel chipsets.
http://www.malabs.com/product.asp?product_sku=76171&item_no=MB-945GCLF&show=
b&pass=&shopid=
looks interesting.

Thant and a good intel quad nic may be the way too go.  Too bad it has a
realtek nic onboard.  An intel would have made this unit much better IMO.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2008 9:59 AM
To: support@pfsense.com
Subject: [pfSense Support] Review New Hardware Setup


We are currently using Sokrisis 5501 with the embedded version of
PFsense, they work great, but we are noticing that around 150-200 users
the CPU starts maxing out.

So we need to build a stronger box, here are the specs an employee came
up with. With this box we want to have up to 1,000 users. Using captive
portal, and traffic shaper.

I have already recommend we use a Intel pro 10/100 nic, and not a SMC
nic. Anything else that is not supported, or known to be flaky?

Also have people had better luck with Intel or AMD based boards?

Thanks
Adam


pfSense High Scalability Platform
Dual-Core 1.8GHz Athlon x64 CPUs
1 GB RAM
SATA II Hard Disk @ 160GB

HARDWARE:
-
1 $ 94.99 ARK IPC-4806 Black Steel 4U Server
http://www.newegg.com/Product/Product.aspx?item=N82E16811128015

1 $216.99 TYAN S3970G2N-U-RS 1207(F) ServerWorks HT1000 ATX Server
Motherboard
http://www.newegg.com/Product/Product.aspx?item=N82E16813151071


1 $174.00 AMD Opteron 2210 Santa Rosa 1.8GHz Socket F 95W Dual-Core
Processor Model OSA2210GAA6CQ
http://www.newegg.com/Product/Product.aspx?item=N82E16819105030


1 $ 34.99 Dynatron F558 77mm 2 Ball CPU Cooler
http://www.newegg.com/Product/Product.aspx?item=N82E16835114068


1 $ 59.99 Kingston 1GB (2 x 512MB) 240-Pin DDR2 FB-DIMM DDR2 667 (PC2
5300) ECC Fully Buffered Dual Channel Kit Server Memory Model
KVR667D2S8F5K2/1G
http://www.newegg.com/Product/Product.aspx?item=N82E16820134340


1 $ 13.99 LITE-ON Black IDE CD-ROM Drive Model DH-52N2P-04
http://www.newegg.com/Product/Product.aspx?item=N82E16827106086


1 $  7.49 SAMSUNG Black Internal Floppy Drive Model SFD321B/LBL1
http://www.newegg.com/Product/Product.aspx?item=N82E16821103203


2 $ 37.98 SMC SMC9452TX-1 10/ 100/ 1000Mbps PCI EZ Card Copper Gigabit Card
http://www.newegg.com/Product/Product.aspx?item=N82E16833129144


1 $ 10.99 ICY DOCK MB449SK-B 5.25" internal Hard drive mobile rack
http://www.newegg.com/Product/Product.aspx?item=N82E16817994047


1 $ 41.99 HITACHI Deskstar 7K160 HDS721616PLA380 (0Y30006) 160GB 7200
RPM SATA 3.0Gb/s Hard Drive
http://www.newegg.com/Product/Product.aspx?item=N82E16822145162


1 $ 59.99  COOLMAX CP-500T 500W EPS12V Power Supply
http://www.newegg.com/Product/Product.aspx?item=N82E16817159040


SOFTWARE:
-
1 $ 0.00 FreeBSD/pfSense
Free with self-support

TOTAL:

$753.39

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3181 (20080612) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Wanted: Tips for a VLAN capable switch (for home use)

2008-06-11 Thread Ryan L. Faircloth
I use HP Procurve 2626 switches around 350 on ebay most days

From: Nelson Papel [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 2:28 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Wanted: Tips for a VLAN capable switch (for home 
use)

A Nortel Baystack 450-24, they are dirt cheap on Ebay ($15-30).  I used one for 
a couple years with no faults.

Also the Cisco 2924 and 2950, but those are a bit pricier.


From: Victor Padro [mailto:[EMAIL PROTECTED]
Sent: Monday, June 09, 2008 0:46
To: support@pfsense.com
Subject: Re: [pfSense Support] Wanted: Tips for a VLAN capable switch (for home 
use)

I'm about to buy one myself, cos my old 1900 Catalyst can't handle VLANs 
properly.

Anyone has experienced 3com baseline 2226 switch?

I was even thinking of getting the Linksys SLM2008 for its cheap price, any 
suggestions?



P.S. here in mexico I can't find the HP Procurve switches for less than 560 dls.


Saludos.

Victor.
On Fri, May 30, 2008 at 7:31 AM, Espen Johansen <[EMAIL 
PROTECTED]> wrote:
Not for those swtiches they are EOL and you can get it with any cisco login.

On Thu, May 29, 2008 at 11:11 AM, Paul Mansfield <[EMAIL 
PROTECTED]> wrote:
Espen Johansen wrote:
all. And most of them come with Enterprise Image (if you need the newest image, 
email me offlist and I'll get it for you.

erm, IOS updates are a commercial service from Cisco, so it's probably not a 
wise move to offer this kind of "help" on a public mailing list!


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




RE: [pfSense Support] portforward

2008-05-30 Thread Ryan Rodrigue
did you set the nat forwarding?

-Original Message-
From: Peter Todorov [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2008 11:31 AM
To: support@pfsense.com
Subject: [pfSense Support] portforward


Hello can somebody help me with port forward with pfsense. I enable port
forward for wan and computers from internet (external) can access my apache
server on DMZ, but I cannot access my apache server from LAN.

--
?? ?? ? ?



RE: [pfSense Support] System Time

2008-04-10 Thread Ryan Rodrigue
great.  I knew there was a simple way to do this.  Thanks.  >Ryan

-Original Message-
From: Tortise [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 10, 2008 5:09 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] System Time


Hey I know the answer to this one!
Go to Command menu under Diagnostics and type date, bingo!
http://[pfsenseIP]/status.php also gives it!
Kewl eh!
Kind regards
David Hingston 


- Original Message - 
From: "Paul M" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 10, 2008 9:33 PM
Subject: Re: [pfSense Support] System Time


Curtis LaMasters wrote:
> status.php probably has it somewhere.  If not you could issue a command
> via the GUI in the diagnostic menu.

it does.  it would probably be useful to have the system time on the
index.php system summary page?

how would you browse to status.php, there doesn't seem to be a link to
it on from the menus?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3015 (20080410) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] System Time

2008-04-09 Thread Ryan Rodrigue
I love these machines.  Aside from a person steping on one and breaking the
motherboard, I don't think i have had any unit fail in the field.  Thanks, I
have just a quick question.
Is there any place to see the system time on the webgui?  I was looking at
some logs and the time was off.  I couldnt figure out what time it thought
it was so I could figure out what time the logs were really talking about.
I fixed the time issue using NTP, but was just curious in case I ever saw
this in the future.  Thanks for your help, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] More Ethernet ports on a pfsense box

2008-04-09 Thread Ryan Rodrigue
thanks for the info.  I searched a litle bit and found the same thing.  I was 
hoping for a site that had real prices.  I hate the -email me 3 or 4 times and 
I might give you a quote- game.  It leads me to believe that company is 
embarassed of thier own prices.  lol.  Thanks again

-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 09, 2008 9:29 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] More Ethernet ports on a pfsense box


On 4/9/08, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> What are the cost on these boxes?  Does anyone know where they can be 
> purchased?  Thanks

Seems a lot of these manufacturers OEM the boxes for appliance
vendors; most I've contacted have been pretty willing to sell to
individuals, however.  The only thing is they often want to conduct
initial business via email and don't often put quotes on their sites
(not very forthcoming of them).  If you choose a particular model, you
can often search for that number and find a site or two that are
re-selling them.  I usually expect $600-$1200, depending on the
hardware.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3013 (20080409) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] More Ethernet ports on a pfsense box

2008-04-09 Thread Ryan Rodrigue
What are the cost on these boxes?  Does anyone know where they can be 
purchased?  Thanks

-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 08, 2008 7:38 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] More Ethernet ports on a pfsense box


Depends on how flexible you are; if you're not tied to a particular
piece of hardware, you could do something like this:

http://www.win-enterprises.com/index.php?option=com_content&task=view&id=52&Itemid=60

10x copper 10/100/1000 interfaces and 4x copper 10/100.  In fact, a
search for (less quotes) "1u network appliance" nets quite a few
similar ones from various sources.

Would a VLAN-capable switch do what you need?  There's every
possibility your requirements may exceed your physical port's
throughput, but if not, trunking could essentially turn an N-port
switch into N-1 unique interfaces on your system.  For that matter,
I'm curious what kind of port-density you're looking for.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3012 (20080409) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Multiple VPN compatible with Micro$oft

2008-03-18 Thread Ryan Rodrigue
Chris, Thanks for the reply.  Will PPTP work with MS Active Directory?  I
was kinda thinking it would using radius.  I may be incorrect in this
though.

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 6:30 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


Radio Tech wrote:
> Hello all.  I am looking for some information.  I need to implement a
> wireless connection using VPN access.  I am kinda green on VPN and really
> dont know the way to go.   The kicker is, it need to be able to support up
> to 300 user and have the ability to intergrate with Microsoft Active
> Directory.  Will anything on PFsense do this.  I really like this router
and
> feel it is possible, but I don't know what the best way to go it.  I can
try
> it on a test box.  I would give more information, but I don't know what
> other questions are important.  Thanks for your help, Ryan
>

What Curtis pointed you to should work, but you might prefer PPTP
because the client is built into Windows, and it's a heck of a lot
easier to configure. It's much less firewall friendly and less secure,
so it's suitability depends on your environment and its requirements.

No problem supporting that many users with PPTP or OpenVPN as long as
you have adequate CPU power for however much traffic you need to push.
Unless it's a significant amount ( > 15 Mb), basically anything will
suffice.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 2956 (20080318) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Multiple VPN compatible with Micro$oft

2008-03-17 Thread Ryan Rodrigue
Thanks a bunch Curtis.  I can test to see if it works , but i have no way of
testing more than a few connections.  I at least have a good place to start
now.  Thanks again, Ryan

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 1:24 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I'm not sure that OpenVPN truly has an upper limit.  I think you are only
limited to the bandwidth you have available or the cpu/memory resources on
the server you are connected to.

Curtis


On Mon, Mar 17, 2008 at 1:07 PM, Ryan Rodrigue < [EMAIL PROTECTED]>
wrote:


I think this is what I am looking for. Thanks for the information. Is there
any limitiation to the number of OPENVPN connections I can have in PFsense?





Oh. I changed my display name on my email address from Radio Tech to Ryan
Rodrigue. Sorry, I didn't realise it was setup that way..

and i am very goofy.  I replied to the wrong message.  Sorry for any
confusion.

-Original Message-
From: Curtis LaMasters [mailto: [EMAIL PROTECTED]
Sent: Monday, March 17, 2008 11:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I believe you want to have remote access users connect to the pfSense box
with a VPN and authenticate with Active Directoryif so try OpenVPN with
reference to this forum topic:

http://forum.pfsense.org/index.php/topic,4105.0.html

Please let me know if this is not what you are looking for.

--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com




--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



RE: [pfSense Support] Multiple VPN compatible with Micro$oft

2008-03-17 Thread Ryan Rodrigue
I think this is what I am looking for. Thanks for the information. Is there
any limitiation to the number of OPENVPN connections I can have in PFsense?





Oh. I changed my display name on my email address from Radio Tech to Ryan
Rodrigue. Sorry, I didn't realise it was setup that way..

and i am very goofy.  I replied to the wrong message.  Sorry for any
confusion.

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 11:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I believe you want to have remote access users connect to the pfSense box
with a VPN and authenticate with Active Directoryif so try OpenVPN with
reference to this forum topic:

http://forum.pfsense.org/index.php/topic,4105.0.html

Please let me know if this is not what you are looking for.

--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



RE: [pfSense Support] Web Console Quits responding

2008-03-17 Thread Ryan Rodrigue
I think this is what I am looking for.  Thanks for the information.  Is
there any limitiation to the number of OPENVPN connections I can have in
PFsense?



Oh.  I changed my display name on my email address from Radio Tech to Ryan
Rodrigue.  Sorry, I didn't realise it was setup that way..

-Original Message-
From: Neal Lawson [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 12:38 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Web Console Quits responding


ok, it seems that web console will only work if you have a machine on
the same subnet, even tho there are routes for the other networks on my
lan side..


On Sun, 2008-03-16 at 15:44 -0700, Neal Lawson wrote:
> im using firefox, and it happens with http and https
>
> On Sun, 2008-03-16 at 16:44 -0500, Curtis LaMasters wrote:
> > Neil,
> >
> > What browser are you using? I've had some similar issues with IE6 in
> > the past but I was able to clear it up by cleaning out the cache of
> > IE.  Are you using http or https to access the firewall?
> >
> >
> > --
> > Curtis LaMasters
> > http://www.curtis-lamasters.com
> > http://www.builtnetworks.com
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 2953 (20080317) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: AW: [pfSense Support] IPSEC

2008-02-28 Thread Ryan Neily
Return Receipt
   
   Your   Re: AW: [pfSense Support] IPSEC  
   document:   
   
   was[EMAIL PROTECTED]
   received
   by: 
   
   at:02/28/2008 15:48:41 EST  
   




Re: AW: [pfSense Support] IPSEC

2008-02-28 Thread Ryan Neily
Return Receipt
   
   Your   Re: AW: [pfSense Support] IPSEC  
   document:   
   
   was[EMAIL PROTECTED]
   received
   by: 
   
   at:02/28/2008 14:22:07 EST  
   




RE: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade

2008-01-23 Thread Ryan Rodrigue
alright.  Im stupid.  What is FUD?

-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 8:34 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade


Please stop spreading FUD (this is the second request).  The firmware
upgrade is working very well for almost everyone.  You had a specific
issue, we would have been interested to know the details of your issue
so it could have been resolved.  Simply because you, personally, had an
issue doesn't mean that an otherwise functional component should be avoided.

-Gary

Ngawang Sangye wrote:
> The upgrade to 1.2RC4 didn't work - via firmware upload. I backed up
> the settings, installed fresh from ISO image I downloaded of RC4 and
> restored the settings and it was a good result.
>
> So I recommend you avoid the firmware upgrade.
>
> Regards
>
> Sangye
>
>
> On 23/01/2008, *Gabriel Green* <[EMAIL PROTECTED]
> > wrote:
>
> Hi all:
>
> I have 1.2RC2-beta1 on a PC installed to HD and want to upgrade to
> 1.2-RC2.  However, after picking the appropriate interfaces, the
> LiveCD halts on "Configuring WAN interface..." - I try
> ALT+FunctionKeys to see debugging information; nothing.  Then I
> also tried Ctrl+Alt+Del; again nothing.
>
> LAN card is fxp0
> WAN card is rl0
>
> Any ideas?  Can I use the "firmware upgrade" option (even though,
> as such, there is no "firmware" on a PC; only a HDD.)
>
> Thanks -
> Gabe
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2817 (20080123) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade

2008-01-23 Thread Ryan Rodrigue
My firware upgrade worked great.  Been up 6 days and 14 hours.  Not even
anything resembling a problem here.  I haven't read too many problems with
the upgrade.  Im sure if there was a real problem, many people would have
posted about it by now.  Have faith in the PFsense team.  Backup your image
first.  and go ahead and download the full iso if you want.  That being
said, id still do the upgrade.

-Original Message-
From: Ngawang Sangye [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 4:17 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade


The upgrade to 1.2RC4 didn't work - via firmware upload. I backed up the
settings, installed fresh from ISO image I downloaded of RC4 and restored
the settings and it was a good result.

So I recommend you avoid the firmware upgrade.

Regards

Sangye


On 23/01/2008, Gabriel Green < [EMAIL PROTECTED]> wrote:

Hi all:

I have 1.2RC2-beta1 on a PC installed to HD and want to upgrade to 1.2-RC2.
However, after picking the appropriate interfaces, the LiveCD halts on
"Configuring WAN interface..." - I try ALT+FunctionKeys to see debugging
information; nothing.  Then I also tried Ctrl+Alt+Del; again nothing.

LAN card is fxp0
WAN card is rl0

Any ideas?  Can I use the "firmware upgrade" option (even though, as such,
there is no "firmware" on a PC; only a HDD.)

Thanks -
Gabe





RE: [pfSense Support] Making a VPN Connection

2008-01-21 Thread Ryan Neily
Return Receipt
   
   Your   RE: [pfSense Support] Making a VPN Connection
   document:   
   
   was[EMAIL PROTECTED]
   received
   by: 
   
   at:01/21/2008 11:19:04 EST  
   




RE: [pfSense Support] Dropped WAN connections

2008-01-19 Thread Ryan Neily
Return Receipt
   
   Your   RE: [pfSense Support] Dropped WAN connections
   document:   
   
   was[EMAIL PROTECTED]
   received
   by: 
   
   at:01/19/2008 15:21:15 EST  
   




RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

2008-01-17 Thread Ryan Rodrigue
Log in and on the first sceen it should show the version.  Or you can go to
Status >System

-Original Message-
From: Ngawang Sangye [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 6:33 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!


i did the firmware upgrade with the update, I don't see that it has been
upgraded? How can you see if the upgrade was successful?

Thanks

Sangye


On 17/01/2008, Jeroen < [EMAIL PROTECTED]> wrote:



On Jan 17, 2008 12:35 AM, Ryan Rodrigue < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:


alright.  Im goofy.  I guess i just got used to decompressing the image
before burning to cd.  And the 7zip works fine for the ISO.  thanks, Ryan


Not really, it's also just smart to check whether the archive is in mint
condition before you feed it to the box :) pfSense will probably
also double-check it, but you never know.


Time to go to sleep. Will report if I find any bugs tomorrow.

--
Jeroen




RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

2008-01-16 Thread Ryan Rodrigue
alright.  Im goofy.  I guess i just got used to decompressing the image
before burning to cd.  And the 7zip works fine for the ISO.  thanks, Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 5:03 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 6:16 PM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


At least its not just me.  I think i'll get it from my house tonight.  I
have cable there.  um..  I was trying to get the update, not the full
install.  Thanks for your help.  Ryan


You do not need to extract the update file.  Simply feed it to pfSense's
webConfigurator.

Scott




RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

2008-01-16 Thread Ryan Rodrigue
At least its not just me.  I think i'll get it from my house tonight.  I
have cable there.  um..  I was trying to get the update, not the full
install.  Thanks for your help.  Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 4:51 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 5:39 PM, Jeroen < [EMAIL PROTECTED]> wrote:

Same here with FF. Downloaded from http://pfsense.iserv.nl/updates/.



Sigh.  I'll gzip -d the file on the server and allow the .iso to be
populated to the mirros without any type of compression.  Sorry ISP's!

Scott




RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

2008-01-16 Thread Ryan Rodrigue
using forefox.  i will try IE

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 4:36 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 5:34 PM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


Has anyne downloaded this successfully?  I have, but i keep getting an
error.  unexpected end of archive.  Im using WinRar which has always worked
in the past.  I even tried from different mirrors.



This seems to occur every release.  Are you using IE?  If so, then IE
automatically decompresses the file and forgets to change the filename
suffix.

Scott
PS: If you are using IE, try firefox.




[pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

2008-01-16 Thread Ryan Rodrigue
Has anyne downloaded this successfully?  I have, but i keep getting an
error.  unexpected end of archive.  Im using WinRar which has always worked
in the past.  I even tried from different mirrors.

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:36 PM
To: [EMAIL PROTECTED]
Subject: [pfSense-discussion] 1.2-RC4 released!


The pfSense development team is happy to bring you the final release
candidate in the 1.2 series!

Info here:
http://blog.pfsense.org/?p=164

__ NOD32 2798 (20080116) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] PPPOE with static IP

2008-01-16 Thread Ryan Rodrigue
I am on
1.2-RC3
built on Wed Nov 7 19:02:16 EST 2007
why do you say that?  is the ability to put ip in PPPOE supposed to be
added?

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 9:31 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP


It appears you are on an older version of pfSense.  Try upgrading to 1.2rc3
or wait till 1.2rc4 comes out within the next couple of weeks.

Curtis


On Jan 16, 2008 9:27 AM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


Thanks for the replys.  First, i corrected the issue with the lack of a
second DNS last week.  My internet is up and working.  The thing is that i
am not getting the same IP address i used to.  I think this is yet another
stupid change.  I tried a cheap linksys router that lets me manually put in
an IP address in the PPPoe settings and it all works well.
I put the IP into the Virtual IP settings, but it doesn't work.  I tried it
as an ARP and Other.  Then i went to the NAT settings and setup a 1:1 nat
with my machine and it doesnt want to work.  Im not sure what else to try.

Argg,  Why did Att have to change things?  Everything worked fine.  I am
very much looking for a new ISP.  Maybe I'll get a Real ISP this time.
 -Original Message-
From: Curtis LaMasters [mailto: [EMAIL PROTECTED]
Sent: Tuesday, January 15, 2008 6:01 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP



Check out http://blog.pfsense.org.  One of the latest posts I believe fixes
your problem.

Curtis


On Jan 15, 2008 3:33 PM, Ryan Rodrigue <  <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]> wrote:


i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: [EMAIL PROTECTED]






--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com




--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



RE: [pfSense Support] PPPOE with static IP

2008-01-16 Thread Ryan Rodrigue
Thanks for the replys.  First, i corrected the issue with the lack of a
second DNS last week.  My internet is up and working.  The thing is that i
am not getting the same IP address i used to.  I think this is yet another
stupid change.  I tried a cheap linksys router that lets me manually put in
an IP address in the PPPoe settings and it all works well.
I put the IP into the Virtual IP settings, but it doesn't work.  I tried it
as an ARP and Other.  Then i went to the NAT settings and setup a 1:1 nat
with my machine and it doesnt want to work.  Im not sure what else to try.

Argg,  Why did Att have to change things?  Everything worked fine.  I am
very much looking for a new ISP.  Maybe I'll get a Real ISP this time.
 -Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 15, 2008 6:01 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP



Check out http://blog.pfsense.org.  One of the latest posts I believe fixes
your problem.

Curtis


On Jan 15, 2008 3:33 PM, Ryan Rodrigue <  <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]> wrote:


i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: [EMAIL PROTECTED]






--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



[pfSense Support] PPPOE with static IP

2008-01-15 Thread Ryan Rodrigue
i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Making a VPN Connection

2008-01-10 Thread Ryan Neily
Return Receipt
   
   Your   [pfSense Support] Making a VPN Connection
   document:   
   
   was[EMAIL PROTECTED]
   received
   by: 
   
   at:01/10/2008 17:07:59 EST  
   




RE: [pfSense Support] Port 80

2008-01-07 Thread Ryan Rodrigue
I am not sure why the LAN has an ip address and is bridged.  I am not sure
if this would really work.  Are you trying to do nat and have some things
that do not nat?  If you are, i would use another interface (if you have
that option).  Also, alot of the stupid DSL routers still do filtering.
this may be your problem.

-Original Message-
From: Paul Cockings [mailto:[EMAIL PROTECTED]
Sent: Monday, January 07, 2008 4:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Port 80


Bridging is possible (and it works for everything I tested except port
80), but I don't think many people are using this configuration.  My
reason to use this method is I hold a belief that NAT buggers about with
things, and wanted to cut NAT out the loop.  Just to use pfsense as a
firewall.  (maybe there is a better way?)

I'm not that dandy with IIS so I suspected IIS or the windows firewall.
The IIS box only has one interface and that is assigned the public ip.
I happen to have another test box on this network 78.32.32.11, and from
that I can happily browse the test page a http://78.32.32.14:80
As a further test, I did enable the windows firewall, and only allow my
RDP session in, with logging on.  No dropped packets reported to port 80
for the windows firewall therefore my conclusion is the packets never
get past pfsense.

Hope all that made sense.

The problem is quite repeatable, I thought it might be 1.2-BETA-2, so I
upgraded to 1.2-RC3 ealrier today - fresh start and wiped the box
clean.  It displays the same results.

Would it help if I posted a 'pfctl -sa' ?Any pf bridging gurus around?

Kind Regards,
Paul


Hoos, Stephen wrote:
> Crazy me but, can you see the IIS box on port 80 from the LAN?  Do you
> have the IIS box set up to answer on the public IP you are assigning it?
> Can you ping the box from the outside?  I would give the IIS box a
> private address and use aliases to port forward port 80.  I am not sure
> but I don't think you can BRIDGE your WAN and LAN.
>
> -Original Message-
> From: Paul Cockings [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 07, 2008 1:02 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Port 80
>
> Hi Pfsense list, (first time poster - I'm loving pfsense)
>
> I have followed the updated tutorial for transparent firewall
> http://pfsense.trendchiller.com/transparent_firewall.pdf
>
> I've tried with 1.2-BETA-2 and 1.2-RC3,  it all just about makes sense
> expect I cannot get port 80 to open up.  I'd like to open up port 80 to
> a windows IIS6 machine
>
> Heres the test rig: (yes real ip address's!)
>
> My Location = external to all this on another connection
>
> ADSL MODEM (transparent dumb box) 78.32.32.9 pfsense WAN 78.32.32.10/29
> pfsense Gateway: 78.32.32.9 pfsense LAN 192.168.1.1 + BRIDGE with WAN
> webGUI Port: 10443 webGUI protocol: HTTPS Enable filtering bridge = on
> Disable webGUI anti-lock out = on Block private networks = on (tried
> off, no change) Disable userlanbd ftp proxy = on NAT Outbound = Manual
> NAT Outbound Rule = No nat (NOT)
>
> Windows Box does not have windows firewall switch on = absolutely
> confirmed.
> IIS is on port 80
> RDP port 3389
> windows ip address: 78.32.32.14
> windows subnet: 255.255.255.248
> windows gateway: 78.32.32.9
>
> LAN RULE = Allow anything out (this is just a testing box)
>
> If I create a WAN RULE
> TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 3389 -
> gateway any Then I can RDP into the box, I have logging switched on and
> I see the entry in the firewall log
>
> If I create a WAN RULE
> TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 80 -
> gateway any Then I cannot see the IIS test page from my browser, logging
> is switched on, but I never see an entry in the firewall log
>
> If I delete the rules, and try
>
> http://78.32.32.14:3389 - I see firewall logs http://78.32.32.14:4000 -
> I see firewall logs http://78.32.32.14:80 - I see no firewall logs
>
> 'netstat -an' confirms that nothing appears to be using port 80 if i try
> a packet capture for 78.32.32.14:80 - I see nothing
>
> It appears to me that the traffic could be being dropping before being
> evaluated by the firewall rules?
>
> Whats going on?
> Any help, guideance, direction, or request for more info would be
> greatly appreciated.   I hope I give enough information.
>
> Kind Regards,
> Paul
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
> commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2772 (20080107) Information __

This message was checked by NOD32 antivirus 

RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

2007-12-28 Thread Ryan Rodrigue
You are correct.  My ISP is on crack and that is the problem.  I can't fix
them so I was hoping for another soultion.  I guess i will just have to
leave it in the mode it is in until  i get a better sollution.  Thanks
again,   Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:36 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Alright.  do you think this could possibly be the problem?
> Thanks again for all of your help.  I will try to leave you alone now.

No,  Your ISP changing out their gear without proper notice to the
customers is the cause of your grief.  As you said, this worked for a
long time prior to the ISP deciding that it is in your best interest
to change out the way their equipment works, etc.

I don't know what to tell you beyond this, honestly.  We cannot switch
MPD versions during a release candidate cycle so I am afraid that this
issue will not be solved for you soon if that is what you are implying
with these questions.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

2007-12-28 Thread Ryan Rodrigue
Alright.  do you think this could possibly be the problem?
Thanks again for all of your help.  I will try to leave you alone now.

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:28 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Alright.  I am definatly not an expert on this.  I was just looking at the
> FreeBSD and found the have a version 5.0r2.  I am just trying to help.  I
> don't undestand why windows would still work though.  I figured id do
> somethign, even if it was wrong.  Thanks, Ryan
>
> http://www.freebsd.org/cgi/ports.cgi?query=mpd&stype=name&sektion=net

We plan to move to a more recent version in the future.  But at the
moment both pfSense and m0n0wall are still on the 3 branch.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

2007-12-28 Thread Ryan Rodrigue
Alright.  I am definatly not an expert on this.  I was just looking at the
FreeBSD and found the have a version 5.0r2.  I am just trying to help.  I
don't undestand why windows would still work though.  I figured id do
somethign, even if it was wrong.  Thanks, Ryan

http://www.freebsd.org/cgi/ports.cgi?query=mpd&stype=name&sektion=net

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:18 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Thanks,.  In the forum they speak of an outdated MPD in pfsense.  I
searched
> and found it an updated version.  How do i install it, if it is even
> possible?

We are already on the latest version of MPD (3 branch).  Same as m0n0wall.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

2007-12-28 Thread Ryan Rodrigue
Thanks,.  In the forum they speak of an outdated MPD in pfsense.  I searched
and found it an updated version.  How do i install it, if it is even
possible?

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 10:43 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> I have a pfsence that has been working great for a year and a half.  When
I
> got beck wendesday, my pppoe will not connect.
> I have my dslmodem in bridge mode.  If i switch it and let it be the
router
> everything works.  If i connect the modem bridge mode to a laptop and
pppoe
> from the laptop, it works.  I tried changing network cards and upgrading
to
> the lastest version and even blowong away my config and making a new one.
> nothing works.  this is a post of the system logs.  I found that other
> people in the forum are complaining of the same thing.  Has anyone found a
> solution that allows my pfsense to keep a real public ip address?
>
> Thanks for your help, Ryan
[snip]

 This appears to be a recurring issue with Bellsouth/Death Star
(AT&T).   Check the forum there is thread open on it.  In the meantime
call and tell them that they have been breaking folks connections with
this change.  Not that they give a crap anyways.

http://forum.pfsense.org/index.php/topic,7248.0/topicseen.html

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] AA$T PPPOE OUT? What's the world comming to?

2007-12-28 Thread Ryan Rodrigue
I have a pfsence that has been working great for a year and a half.  When I
got beck wendesday, my pppoe will not connect.
I have my dslmodem in bridge mode.  If i switch it and let it be the router
everything works.  If i connect the modem bridge mode to a laptop and pppoe
from the laptop, it works.  I tried changing network cards and upgrading to
the lastest version and even blowong away my config and making a new one.
nothing works.  this is a post of the system logs.  I found that other
people in the forum are complaining of the same thing.  Has anyone found a
solution that allows my pfsense to keep a real public ip address?

Thanks for your help, Ryan

Dec 28 16:36:04  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:04  mpd: MAGICNUM 00ea7190
Dec 28 16:36:04  mpd: MRU 1500
Dec 28 16:36:04  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:04  mpd: MRU 1492
Dec 28 16:36:04  mpd: MAGICNUM b778760b
Dec 28 16:36:04  mpd: Name: "nworlama73w"
Dec 28 16:36:04  mpd: Using authname "[EMAIL PROTECTED]"
Dec 28 16:36:04  mpd: IPADDR 0.0.0.0
Dec 28 16:36:04  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:04  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:04  mpd: SECDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 68.216.208.91
Dec 28 16:36:04  mpd: 68.216.208.91 is OK
Dec 28 16:36:04  mpd: IPADDR 68.216.208.91
Dec 28 16:36:04  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:04  mpd: SECDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 0.0.0.0
Dec 28 16:36:04  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: MRU 1492
Dec 28 16:36:10  mpd: MAGICNUM 14307b03
Dec 28 16:36:10  mpd: MAGICNUM 2092d69f
Dec 28 16:36:10  mpd: MRU 1500
Dec 28 16:36:10  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:10  mpd: MAGICNUM 2092d69f
Dec 28 16:36:10  mpd: MRU 1500
Dec 28 16:36:10  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:10  mpd: MRU 1492
Dec 28 16:36:10  mpd: MAGICNUM 14307b03
Dec 28 16:36:10  mpd: Name: "nworlama73w"
Dec 28 16:36:10  mpd: Using authname "[EMAIL PROTECTED]"
Dec 28 16:36:10  mpd: IPADDR 0.0.0.0
Dec 28 16:36:10  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:10  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:10  mpd: SECDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 68.216.208.91
Dec 28 16:36:10  mpd: 68.216.208.91 is OK
Dec 28 16:36:10  mpd: IPADDR 68.216.208.91
Dec 28 16:36:10  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:10  mpd: SECDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 0.0.0.0
Dec 28 16:36:10  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:15  mpd: MRU 1492
Dec 28 16:36:15  mpd: MAGICNUM d605ae0c
Dec 28 16:36:15  mpd: MAGICNUM 4581f731
Dec 28 16:36:15  mpd: MRU 1500
Dec 28 16:36:15  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:15  mpd: MAGICNUM 4581f731
Dec 28 16:36:15  mpd: MRU 1500
Dec 28 16:36:15 

RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue
Sorry.  I forgot to let you know.  I do have the correct IP address assigned
by my isp.  To answer your other question,  the
wan rule is pass protocol:any port:any source:any  destination:192.168.1.10
gateway:default
this rule is at the top of the list. (first processed)
i figured id go for simple and the block what i don't need after.

-Original Message-
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:19 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



What are the rules you are using on the WAN for traffic.

Keep in mind when you are defining the destination address it should be the
PRIVATE IP not the PUBLIC one

If you are getting the correct address on whatismyip then the NAT mapping is
fine. it is firewall rules that are messing you up.

-Tim



From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 10:27 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



I have it setup as Proxy ARP



I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask



on the WAN interface it is setup as x.x.x.74  /29



I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100



I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis



__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com




RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue
I have it setup as Proxy ARP

I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask

on the WAN interface it is setup as x.x.x.74  /29

I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100

I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips


Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis



RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue
sorry.  i mistyped.  I am at 1.2RC3

-Original Message-
From: Sean Cavanaugh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:41 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


First step, upgrade to latest release, 1.2-RC3 as there have been MANY fixes
put in since 1.0.1

-Sean



  _


> Date: Wed, 26 Dec 2007 09:17:45 -0800
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: RE: [pfSense Support] Virtual Ips
>
> I am having the same problem. I have an external IP from Qwest which is
> part of an 8-IP address block. That IP is the "gateway" and the others
> are for my use. SO I am trying to assign them to devices on my local
> net.
>
> I set up mine in virtual IP, and created a NAT rule with the option
> selected to also create an associated firewall rule.
>
> I can surf out to the internet just fine but I can not access the device
> through the IP I designated, from the outside going in.
>
> I don't know about you, but I am using pfSense 1.01 and no extra
> services like Squid. One person suggested that Squid was installed and
> was block the entrance from the outside. But that was not the case
> because it is not installed.
>
> So I am in the same boat you are.
>
>
> James Kusler, Information Technology Manager
> PHONE| 509.624.1613 or 800.822.4456 FAX| 509.624.1604
> [EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com
> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 26, 2007 9:19 AM
> To: support@pfsense.com
> Subject: [pfSense Support] Virtual Ips
>
> I have a stupid question.. I am trying to set up 2 servers with a
> seperate
> external IP adresses. My wan IP is x.x.x.74 I want to use x.x.x.73 for
> server 1 and x.x.x.72 for server 2. Server 1 is 192.168.1.10 and server
> 2
> is 192.168.1.11. I think i have to set this up in 1:1 nat, Firewall
> rules,
> and also in Virtual IPs. Is there anywhere else i need to set this up,
> It
> doesn't seem to be working. Maybe I have this way off or something
> else.
> Thanks for your help.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>



  _

The best games are on Xbox 360. Click here for a special offer on an Xbox
360 Console. Get it now! <http://www.xbox.com/en-US/hardware/wheretobuy/>

__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com




RE: [pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue
OK.  Im stranded, but at least im not alone.  I am using pfsense 1.3RC3.  I
upgraded before i posted the question in hopes that would work.  It didn't.
I feel like I have to be missing something.

-Original Message-
From: James Kusler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:18 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


I am having the same problem.  I have an external IP from Qwest which is
part of an 8-IP address block.  That IP is the "gateway" and the others
are for my use.  SO I am trying to assign them to devices on my local
net.

I set up mine in virtual IP, and created a NAT rule with the option
selected to also create an associated firewall rule.

I can surf out to the internet just fine but I can not access the device
through the IP I designated, from the outside going in.

I don't know about you, but I am using pfSense 1.01 and no extra
services like Squid.  One person suggested that Squid was installed and
was block the entrance from the outside.  But that was not the case
because it is not installed.

So I am in the same boat you are.


James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 
-Original Message-
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 9:19 AM
To: support@pfsense.com
Subject: [pfSense Support] Virtual Ips

I have a stupid question.. I am trying to set up 2 servers with a
seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server
2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall
rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up,
It
doesn't seem to be working.  Maybe I have this way off or something
else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Virtual Ips

2007-12-26 Thread Ryan Rodrigue
I have a stupid question.. I am trying to set up 2 servers with a seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server 2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up, It
doesn't seem to be working.  Maybe I have this way off or something else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: RE: [pfSense Support] Port forward nating confusion (non html)

2007-10-24 Thread Ryan L. Faircloth
I was able to solve all of my issues except one.

I have a second pfsense unit with an (remote lan is 192.168.2.0 ) ipsec sa 
covering the Opt 1 subnet
I have 69.28.70.72 nated to 192.168.19.3

I need to connect to connect from a pc 192.168.2.5 to 69.28.70.72 but I can't 
figure out what rule I need.


-Original Message-
From: Ryan L. Faircloth [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 23, 2007 9:53 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Port forward nating confusion (non html)

Sorry about the HTML


From: Ryan L. Faircloth [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 23, 2007 9:52 PM
To: support@pfsense.com
Subject: [pfSense Support] Port forward nating confusion

I have what I thought is a simple setup, I am sure I am missing something 
please help

WAN = 209.208.9.205/255.255.255.252
LAN = 192.168.19.0/255.255.255.0
OPT 1 = 69.28.70.64/255.255.255.224

I have machines on both LAN and OPT1 which can connect out and receive 
connections (appropriately per rules) however I have been unable to nat the 
address 69.28.70.70 to 192.168.19.3 (https) no matter what I do the connection 
times out, is there a prior post dealing with this setup I could be pointed to. 
If not I would value the groups assistance
.
Thank you
Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] Port forward nating confusion (non html)

2007-10-23 Thread Ryan L. Faircloth
Sorry about the HTML


From: Ryan L. Faircloth [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 23, 2007 9:52 PM
To: support@pfsense.com
Subject: [pfSense Support] Port forward nating confusion

I have what I thought is a simple setup, I am sure I am missing something 
please help

WAN = 209.208.9.205/255.255.255.252
LAN = 192.168.19.0/255.255.255.0
OPT 1 = 69.28.70.64/255.255.255.224

I have machines on both LAN and OPT1 which can connect out and receive 
connections (appropriately per rules) however I have been unable to nat the 
address 69.28.70.70 to 192.168.19.3 (https) no matter what I do the connection 
times out, is there a prior post dealing with this setup I could be pointed to. 
If not I would value the groups assistance
.
Thank you
Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Port forward nating confusion

2007-10-23 Thread Ryan L. Faircloth
I have what I thought is a simple setup, I am sure I am missing something 
please help

WAN = 209.208.9.205/255.255.255.252
LAN = 192.168.19.0/255.255.255.0
OPT 1 = 69.28.70.64/255.255.255.224

I have machines on both LAN and OPT1 which can connect out and receive 
connections (appropriately per rules) however I have been unable to nat the 
address 69.28.70.70 to 192.168.19.3 (https) no matter what I do the connection 
times out, is there a prior post dealing with this setup I could be pointed to. 
If not I would value the groups assistance
.
Thank you
Ryan



[pfSense Support] pfSense custom build using FreeBSD 7-Current

2007-10-16 Thread Ryan L. Faircloth
I know this is unsupported however on my own I would like to build and test 
this configuration specifically to test vlan support in the vr driver. Has 
anyone successfully operated pfSense in this configuration before.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: [pfSense Support] SOEKRIS NET5501

2007-10-10 Thread Ryan L. Faircloth
Thanks using your link I noticed in R7 this is supported is there anyway I can 
upgrade my unit to release 7 (I know its prerlease)

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 10, 2007 10:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] SOEKRIS NET5501

Per 
http://www.freebsd.org/cgi/man.cgi?query=vlan&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html
vr(4) doesn't support oversize frames.  Without this support your
firewall will fragment frames - due to the issues this causes, we do
not support vlan configurations on hardware that isn't listed on the
vlan(4) man page.

--Bill

On 10/10/07, Ryan L. Faircloth <[EMAIL PROTECTED]> wrote:
>
>
>
>
> I am new to Freebsd in general and pfSense I am using 1.2RC2 embedded on a
> Soekris Net5501, the unit has 4 nics which default to the vr driver. This is
> reporting as no vlan support an suggestions Soekris indicated these nics
> should support vlans. Can this be worked around at this time or do I need to
> look into Intel Pro+ adapters?
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  1   2   >