RE: [pfSense Support] Can't get basic routing to work.

[Ryan Rodrigue]

Just curios, how many ip's do you have?  Have you tried setting this up in
an isolated network just to see if it works?  I had a problem with bellsouth
not really assigning all of the ip addresses they claim they did.  The first
two in the range were reserved, yet they reported them.  When i assigned my
router to one nothing worked at all.   I am just wondering if this may be
part of the problem.  I will set up a few boxes this weekend without nat
just to make sure, but i am pretty sure it does work.

-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Friday, August 04, 2006 3:15 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't get basic routing to work.


That's the whole point.  Please read the documentation, and research 1:1
NAT to see why it will work for this purpose.

A. Jones wrote:
> I can't set up a 1:1 as the wan interface is on a different subnet
> than my lan interface
>
>
>> From: "Tim Dickson" <[EMAIL PROTECTED]>
>> Reply-To: support@pfsense.com
>> To: 
>> Subject: RE: [pfSense Support] Can't get basic routing to work.
>> Date: Fri, 4 Aug 2006 12:13:53 -0700
>>
>> If bridging is not an option I would recommend setting 1:1 mappings for
>> each public address.  It will work beautifully and will also allow you
>> to set up two separate networks.
>> -Tim
>>
>> -Original Message-
>> From: A. Jones [mailto:[EMAIL PROTECTED]
>> Sent: Friday, August 04, 2006 7:29 AM
>> To: support@pfsense.com
>> Subject: [pfSense Support] Can't get basic routing to work.
>>
>> I can't get the most basic of basic routing to work.
>>
>> Here's my network setup
>>
>> Intel computer with 512 ram and new xeon.
>> Two Intel PWLA8492MT Dual port Gig-E Cards plus 2 onboard intel Gig-E
>> ports.
>>
>> DSL Modem (Subnet A)
>>  |
>> pfSense WAN (Subnet A)
>>  |
>> PfSense LAN (Subnet B)
>>  |
>> Computers with static public IPs (Subnet B)
>>
>> Bridging is not an option as in the near future I want to cut subnet B
>> into two subnets and put each half subnet onto different interfaces.
>>
>> I've tried going to advanced NAT and deleting all the rules while having
>> subnet B on LAN.
>> Deleting all the NAT rules while having subnet B on OPT1.
>> DISABLING THE FIREWALL!!! while having subnet B on LAN/OPT1.
>>
>> I just can't get packets to get through.
>> The joke is that it all works fine when I use the default rule created
>> for NAT.
>> But I don't want or need NAT for this setup.
>> I MUST have public, static IPs on the computers =o/
>>
>> Please help
>>
>> _
>> Express yourself instantly with MSN Messenger! Download today - it's
>> FREE!
>> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
>> commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>
> _
> Express yourself instantly with MSN Messenger! Download today - it's
> FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] load balancer status screen.

[Ryan Rodrigue]

I have 2 Wan connections connected using load balancer.  On the Status>Load
Balancer screen it shows both online, but the color around WAN 2 changes
from green to yellow pretty often.  Even when it is yellow, it is still up
and still says online.  My question is, what does the color mean, if
anything?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] HAVP

[Ryan Rodrigue]

Does anyone know if the HAVP package works with RL2?  Was the issues with
loadbalancing transparent mode fixed also?  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] What are the functional differences between a hard disk installation and a CDROM install?

[Ryan Rodrigue]

My Preference is the transcend IDE flash drives.  Ultra reliable and fairly
inexpresive.  Both versions run from RAM.  You cant upgrade the CDROM
without rewriting the image.  I also don't think you can install any
packages to it.  Just my 2 cents > Ryan

-Original Message-
From: Jonathan Wanak [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 23, 2006 12:13 PM
To: support@pfsense.com
Subject: [pfSense Support] What are the functional differences between a
hard disk installation and a CDROM install?


Hi,

I'm trying to decide whether to go with a hard drive install or a CDROM
install of pfSense.  I haven't found anything that specifies what features
are different between the two installations.

What are the pros and cons of going with a hard drive versus a CDROM-based
install?  Is there a routing performance or memory hit with the CDROM
version?  Can the CDROM version save logs, RRD graphs, etc. to a floppy, or
will this information be lost after a reboot?  Does anyone have a strong
preference either way, and why?

I'd appreciate any input.

Thanks,

Jon Wanak



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] PPPoE On OPT interface.

[Ryan Rodrigue]

I seem to remember work was once being done to make OPT interfaces work with
PPPoE.  Can someone tell me how to do this of if it can be done.  I am using
a Linksys box just for this purpose right now, but would like to get away
from this.

-Original Message-
From: Jonathan Wanak [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 23, 2006 12:07 PM
To: support@pfsense.com
Subject: [pfSense Support] Configuring OPT1 as a second LAN


Hi,

Please forgive this question if it has already been addressed; I looked for
the solution, but may have missed it.

I'm configuring my pfSense router (RC2 hard drive installation on a Pentium
II box with 3 NICs, 256MB RAM) with public and private LANs.  I haven't been
able to configure OPT1 to operate as a second LAN, and the interface
configuration page looks more like the WAN configuration than the LAN
configuration.  I did succeed in doing this a long time ago with m0n0wall,
but have forgotten the details involved.

How do I configure OPT1 as a second (public) LAN interface, isolated from
the primary (private) LAN interface?  Are there firewall settings, filters,
or other configuration steps I need to take to make this work?  Any pointers
would be greatly appreciated!

Thanks,

Jon Wanak



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Smallest drive for PFsense

[Ryan Rodrigue]

I use the transcend IDE Flash modules.  I was having a problem with cheap CF
cards loosing something needed for boot up after onkl a couple of months.  I
use the 512 meg version IDE Flash disk.  Rock solid.  Works great.

-Original Message-
From: Vivek Khera [mailto:[EMAIL PROTECTED]
Sent: Friday, December 01, 2006 12:51 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Smallest drive for PFsense



On Nov 30, 2006, at 9:26 PM, Craig FALCONER wrote:

> Mine's a 256 Mb card at home, which is fine.  It will run on a 128
> Mb card,
> but its just a bit close sometimes.
>
> Given prices these days, get a 256 Mb CF card.   BTW don't bother
> getting a
> fast one... The 66x and 133x don't anything for you, and can cause
> more
> problems.

Forget prices, just go to the local store and try to buy a CF card
smaller than 512Mb...  perhaps even 1Gb is minimum by now.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Content Filtering - Is it possible

[Ryan Rodrigue]

I currently have a need to do some content filtering on our network.  I
would like to do this with PF sense if possible.  I have heard of
dansguardian and think this may work.  My questions:

What else is needed to implement dansguardian, or something similar, in
PFsense?

Is anyone else out there doing this, and if so How?

Does anyone know of a better way of doing this?

Is there somewhere you could point me to find more informaion on this?

Thanks in advance.  >Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Traffic Shaper Question

[Ryan Rodrigue]

I have a stupid question about traffic shaper.  I love PF, but am kinda new
to the traffic shapper portion of it.  I started to search the site for it,
but the previous post just said the docs were outdated so i thought I'd ask.
I have 3 local area networks all connected to interfaces on pfsense.  Id
like to traffic shap between them and the internet.  I have a 2.5 meg down,
512 up connection
LAN1 - No traffic shaping
LAN2- Limit all p2p.  Limit internet to about 700k down 150k up
LAN- Same as LAN2.  Just need to keep it isolated from LAN2
I feel this should be possible.  I use the wizard and it only allows you to
specify one interface.  Any help would be much appreciated.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Traffic Shaper Question

[Ryan Rodrigue]

So it is possible if I manually create each entry(sounds like fun).  Ok.
Thanks for the help.  I had another question.  I know 812.1q supports
priority tagging.  If i put a tag in the switch that says vlan 10 and vlan
20 (vlan 10 = opt 1 and vlan 20 = opt 2) are low priority, will PFsense
understand that and prioritize it or am I over thinking this. 

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 8:06 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


It allows you to specify 2 Interfaces and that is what currently is
supported. Unfortunately multi Interface shaping is pretty much voodoo
magic. There is work going on to support this in the future (
http://forum.pfsense.org/index.php/topic,2718.0.html ). Some people have
multiinterface shaping working by creating profiles from scratch but you
really have to know what you are doing. With said, either wait for the
improvements or good luck ;-)

Holger

> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, January 24, 2007 3:13 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Traffic Shaper Question
> 
> I have a stupid question about traffic shaper.  I love PF, 
> but am kinda new to the traffic shapper portion of it.  I 
> started to search the site for it, but the previous post just 
> said the docs were outdated so i thought I'd ask.
> I have 3 local area networks all connected to interfaces on 
> pfsense.  Id like to traffic shap between them and the 
> internet.  I have a 2.5 meg down,
> 512 up connection
> LAN1 - No traffic shaping
> LAN2- Limit all p2p.  Limit internet to about 700k down 150k up
> LAN- Same as LAN2.  Just need to keep it isolated from LAN2 I 
> feel this should be possible.  I use the wizard and it only 
> allows you to specify one interface.  Any help would be much 
> appreciated.  Thanks, Ryan
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For 
> additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2002 (20070124) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Traffic Shaper Question

[Ryan Rodrigue]

Yea, I understand that.  I was just wondering if the router will understand
a low priority tag and treat it accordingly. (Automaticly put tat packet
into high, normal, or low priority trafic queues based on the tag).  Thanks
for all of your help.

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 3:59 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


Vlans are seen as seperate interfaces so you will end up with shaping
multiple interfaces again (or trying to do so). 

Holger

-Original Message-
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, January 24, 2007 5:59 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question

So it is possible if I manually create each entry(sounds like fun).  Ok.
Thanks for the help.  I had another question.  I know 812.1q supports
priority tagging.  If i put a tag in the switch that says vlan 10 and
vlan 20 (vlan 10 = opt 1 and vlan 20 = opt 2) are low priority, will
PFsense understand that and prioritize it or am I over thinking this. 

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 8:06 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


It allows you to specify 2 Interfaces and that is what currently is
supported. Unfortunately multi Interface shaping is pretty much voodoo
magic. There is work going on to support this in the future (
http://forum.pfsense.org/index.php/topic,2718.0.html ). Some people have
multiinterface shaping working by creating profiles from scratch but you
really have to know what you are doing. With said, either wait for the
improvements or good luck ;-)

Holger

> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 24, 2007 3:13 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Traffic Shaper Question
> 
> I have a stupid question about traffic shaper.  I love PF, but am 
> kinda new to the traffic shapper portion of it.  I started to search 
> the site for it, but the previous post just said the docs were 
> outdated so i thought I'd ask.
> I have 3 local area networks all connected to interfaces on pfsense.  
> Id like to traffic shap between them and the internet.  I have a 2.5 
> meg down,
> 512 up connection
> LAN1 - No traffic shaping
> LAN2- Limit all p2p.  Limit internet to about 700k down 150k up
> LAN- Same as LAN2.  Just need to keep it isolated from LAN2 I feel 
> this should be possible.  I use the wizard and it only allows you to 
> specify one interface.  Any help would be much appreciated.  Thanks, 
> Ryan
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional

> commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2002 (20070124) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2004 (20070124) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Traffic Shaper Question

[Ryan Rodrigue]

I didn't think it would.  Thanks for all of your help Holger.  PFsense rules

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 5:10 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


pfSense trafficshaping won't do anything without trafficshaper rules so
unless you set up multiple interface trafficshaping you will be out of
luck. 

-Original Message-----
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 25, 2007 12:08 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question

Yea, I understand that.  I was just wondering if the router will
understand a low priority tag and treat it accordingly. (Automaticly put
tat packet into high, normal, or low priority trafic queues based on the
tag).  Thanks for all of your help.

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 3:59 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


Vlans are seen as seperate interfaces so you will end up with shaping
multiple interfaces again (or trying to do so). 

Holger

-Original Message-----
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 5:59 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question

So it is possible if I manually create each entry(sounds like fun).  Ok.
Thanks for the help.  I had another question.  I know 812.1q supports
priority tagging.  If i put a tag in the switch that says vlan 10 and
vlan 20 (vlan 10 = opt 1 and vlan 20 = opt 2) are low priority, will
PFsense understand that and prioritize it or am I over thinking this. 

-Original Message-
From: Holger Bauer [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 24, 2007 8:06 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Traffic Shaper Question


It allows you to specify 2 Interfaces and that is what currently is
supported. Unfortunately multi Interface shaping is pretty much voodoo
magic. There is work going on to support this in the future (
http://forum.pfsense.org/index.php/topic,2718.0.html ). Some people have
multiinterface shaping working by creating profiles from scratch but you
really have to know what you are doing. With said, either wait for the
improvements or good luck ;-)

Holger

> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 24, 2007 3:13 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Traffic Shaper Question
> 
> I have a stupid question about traffic shaper.  I love PF, but am 
> kinda new to the traffic shapper portion of it.  I started to search 
> the site for it, but the previous post just said the docs were 
> outdated so i thought I'd ask.
> I have 3 local area networks all connected to interfaces on pfsense.  
> Id like to traffic shap between them and the internet.  I have a 2.5 
> meg down,
> 512 up connection
> LAN1 - No traffic shaping
> LAN2- Limit all p2p.  Limit internet to about 700k down 150k up
> LAN- Same as LAN2.  Just need to keep it isolated from LAN2 I feel 
> this should be possible.  I use the wizard and it only allows you to 
> specify one interface.  Any help would be much appreciated.  Thanks, 
> Ryan
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional

> commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2002 (20070124) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2004 (20070124) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2005 (20070125) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] ClamAV

[Ryan Rodrigue]

Does anyone know the status of the clamAV package and if it will ever
return.  I had it on an old version and updated, but i dont see it anymore.
Thanks, Ryan.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Posting a bounty

[Ryan Rodrigue]

Id like to post a Bounty.  Whats the proper procedure to do so.?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] PPPOE Connection / Packages are getting lost

[Ryan Rodrigue]

Alright.  I like to keep things a little simple, or at least try.  Did you
connect driectly to a laptop using that pppoe login?  I had a very similar
issue with a garbage DSL modem from bellsouth.  I fought with it far a week
before i thought of connecting it straight to a laptop and it couldnt even
work like that.  Turned out to be a just that.  Strange thing is.  Yahoo
worked, google didn't.  Strange Huh.  Just my 2 cents.

-Original Message-
From: Jeff Quinonez [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 14, 2007 1:20 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE Connection / Packages are getting lost


Why is your trace to snort bouncing back and forth?

14   63.240.198.67 ( 63.240.198.67)  177.605 ms
 63.240.197.134

 ( 63.240.197.134)  179.209 ms
 63.240.198.67 ( 63.240.198.67)  176.753 ms
15  *   

63.240.198.67 ( 63.240.198.67)  179.625 ms *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *

[pfSense Support] maximum number ot interfaces?

[Ryan Rodrigue]

I searched and havent quite found the answer i was looking for.  Is there a
limit to the number of vlan interfaces you can have on a pfsense Box?  I
have a strange need to put 60 interfaces on one box.  Is this possible.  If
so, please let me know.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] maximum number ot interfaces?

[Ryan Rodrigue]

Great.  Thanks.  I was worried i may be streatching the capabilities of the
machine.  Thanks again > Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 28, 2007 11:50 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] maximum number ot interfaces?


On 6/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> I searched and havent quite found the answer i was looking for.  Is there
a
> limit to the number of vlan interfaces you can have on a pfsense Box?  I
> have a strange need to put 60 interfaces on one box.  Is this possible.
If
> so, please let me know.  Thanks, Ryan

It will work okay but the GUI screen will start to become really
crowded on the firewall rules screens, etc.   There is a open ticket
for this but we are busy with other items ATM.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2361 (20070628) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Squid Installation Hanging?

[Ryan Rodrigue]

I  have installed squid on a few different machines.  On every machine It
gets to the message
"This operation may take quite some time, please be patient.  Do not press
stop or attempt to navigate away from this page during this process."
I have left this on overnight (10 plus hours) and still have this screen.  I
reboot the router and Squid shows to eb installed and appears to work fine.
Is this just a bug?  I even tries it today on a fresh install using 1.2 Beta
2.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Virtual Ips

[Ryan Rodrigue]

I have a stupid question.. I am trying to set up 2 servers with a seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server 2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up, It
doesn't seem to be working.  Maybe I have this way off or something else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

[Ryan Rodrigue]

OK.  Im stranded, but at least im not alone.  I am using pfsense 1.3RC3.  I
upgraded before i posted the question in hopes that would work.  It didn't.
I feel like I have to be missing something.

-Original Message-
From: James Kusler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:18 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


I am having the same problem.  I have an external IP from Qwest which is
part of an 8-IP address block.  That IP is the "gateway" and the others
are for my use.  SO I am trying to assign them to devices on my local
net.

I set up mine in virtual IP, and created a NAT rule with the option
selected to also create an associated firewall rule.

I can surf out to the internet just fine but I can not access the device
through the IP I designated, from the outside going in.

I don't know about you, but I am using pfSense 1.01 and no extra
services like Squid.  One person suggested that Squid was installed and
was block the entrance from the outside.  But that was not the case
because it is not installed.

So I am in the same boat you are.


James Kusler, Information Technology Manager 
PHONE| 509.624.1613 or 800.822.4456  FAX| 509.624.1604
[EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com 
-Original Message-
From: Ryan Rodrigue [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 26, 2007 9:19 AM
To: support@pfsense.com
Subject: [pfSense Support] Virtual Ips

I have a stupid question.. I am trying to set up 2 servers with a
seperate
external IP adresses.  My wan IP is x.x.x.74  I want to use x.x.x.73 for
server 1 and x.x.x.72 for server 2.  Server 1 is 192.168.1.10 and server
2
is 192.168.1.11.  I think i have to set this up in 1:1 nat, Firewall
rules,
and also in Virtual IPs.  Is there anywhere else i need to set this up,
It
doesn't seem to be working.  Maybe I have this way off or something
else.
Thanks for your help.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Virtual Ips

[Ryan Rodrigue]

sorry.  i mistyped.  I am at 1.2RC3

-Original Message-
From: Sean Cavanaugh [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 11:41 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips


First step, upgrade to latest release, 1.2-RC3 as there have been MANY fixes
put in since 1.0.1

-Sean



  _


> Date: Wed, 26 Dec 2007 09:17:45 -0800
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: RE: [pfSense Support] Virtual Ips
>
> I am having the same problem. I have an external IP from Qwest which is
> part of an 8-IP address block. That IP is the "gateway" and the others
> are for my use. SO I am trying to assign them to devices on my local
> net.
>
> I set up mine in virtual IP, and created a NAT rule with the option
> selected to also create an associated firewall rule.
>
> I can surf out to the internet just fine but I can not access the device
> through the IP I designated, from the outside going in.
>
> I don't know about you, but I am using pfSense 1.01 and no extra
> services like Squid. One person suggested that Squid was installed and
> was block the entrance from the outside. But that was not the case
> because it is not installed.
>
> So I am in the same boat you are.
>
>
> James Kusler, Information Technology Manager
> PHONE| 509.624.1613 or 800.822.4456 FAX| 509.624.1604
> [EMAIL PROTECTED] | www.sound-tele.com | www.solaxis.com
> -Original Message-
> From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 26, 2007 9:19 AM
> To: support@pfsense.com
> Subject: [pfSense Support] Virtual Ips
>
> I have a stupid question.. I am trying to set up 2 servers with a
> seperate
> external IP adresses. My wan IP is x.x.x.74 I want to use x.x.x.73 for
> server 1 and x.x.x.72 for server 2. Server 1 is 192.168.1.10 and server
> 2
> is 192.168.1.11. I think i have to set this up in 1:1 nat, Firewall
> rules,
> and also in Virtual IPs. Is there anywhere else i need to set this up,
> It
> doesn't seem to be working. Maybe I have this way off or something
> else.
> Thanks for your help.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>



  _

The best games are on Xbox 360. Click here for a special offer on an Xbox
360 Console. Get it now! <http://www.xbox.com/en-US/hardware/wheretobuy/>

__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

RE: [pfSense Support] Virtual Ips

[Ryan Rodrigue]

I have it setup as Proxy ARP

I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask

on the WAN interface it is setup as x.x.x.74  /29

I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100

I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips


Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis

RE: [pfSense Support] Virtual Ips

[Ryan Rodrigue]

Sorry.  I forgot to let you know.  I do have the correct IP address assigned
by my isp.  To answer your other question,  the
wan rule is pass protocol:any port:any source:any  destination:192.168.1.10
gateway:default
this rule is at the top of the list. (first processed)
i figured id go for simple and the block what i don't need after.

-Original Message-
From: Tim Dickson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:19 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



What are the rules you are using on the WAN for traffic.

Keep in mind when you are defining the destination address it should be the
PRIVATE IP not the PUBLIC one

If you are getting the correct address on whatismyip then the NAT mapping is
fine. it is firewall rules that are messing you up.

-Tim



From: Ryan Rodrigue [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 10:27 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] Virtual Ips



I have it setup as Proxy ARP



I went to 1:1 NAT and firewall rules and specified the 73 and 72 as two
seperate entries using the /32 subnet mask



on the WAN interface it is setup as x.x.x.74  /29



I setup a wan rule to allow anything with the destination 192.168.1.10 and
same for 192.168.1.100



I can still not get anything to work.  I am getting the correct IP address
if i go to whatismyip.com, but when i try to hit the webserver ip from my
phone (seperate network all together)  it doesn't work.  I thought this was
going to be fairly simple. lol

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 26, 2007 12:00 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Virtual Ips

Under Virtual IP's are you using Carp, Proxy Arp, or IP?  If you want to use
1:1 NAT, go ahead and do so for that specific IP address, then under the
firewall rules add in a rule to match the traffic you would like to permit.
It should be that simple.  Additionally, the IP's 73 and 72 are within your
given range correct?  Are you using the correct subnet mask?

Curtis



__ NOD32 2747 (20071225) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

[pfSense Support] AA$T PPPOE OUT? What's the world comming to?

[Ryan Rodrigue]

I have a pfsence that has been working great for a year and a half.  When I
got beck wendesday, my pppoe will not connect.
I have my dslmodem in bridge mode.  If i switch it and let it be the router
everything works.  If i connect the modem bridge mode to a laptop and pppoe
from the laptop, it works.  I tried changing network cards and upgrading to
the lastest version and even blowong away my config and making a new one.
nothing works.  this is a post of the system logs.  I found that other
people in the forum are complaining of the same thing.  Has anyone found a
solution that allows my pfsense to keep a real public ip address?

Thanks for your help, Ryan

Dec 28 16:36:04  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:04  mpd: MAGICNUM 00ea7190
Dec 28 16:36:04  mpd: MRU 1500
Dec 28 16:36:04  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:04  mpd: MRU 1492
Dec 28 16:36:04  mpd: MAGICNUM b778760b
Dec 28 16:36:04  mpd: Name: "nworlama73w"
Dec 28 16:36:04  mpd: Using authname "[EMAIL PROTECTED]"
Dec 28 16:36:04  mpd: IPADDR 0.0.0.0
Dec 28 16:36:04  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:04  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:04  mpd: SECDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 68.216.208.91
Dec 28 16:36:04  mpd: 68.216.208.91 is OK
Dec 28 16:36:04  mpd: IPADDR 68.216.208.91
Dec 28 16:36:04  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:04  mpd: SECDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 0.0.0.0
Dec 28 16:36:04  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:04  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:04  mpd: IPADDR 68.212.94.9
Dec 28 16:36:04  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: MRU 1492
Dec 28 16:36:10  mpd: MAGICNUM 14307b03
Dec 28 16:36:10  mpd: MAGICNUM 2092d69f
Dec 28 16:36:10  mpd: MRU 1500
Dec 28 16:36:10  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:10  mpd: MAGICNUM 2092d69f
Dec 28 16:36:10  mpd: MRU 1500
Dec 28 16:36:10  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:10  mpd: MRU 1492
Dec 28 16:36:10  mpd: MAGICNUM 14307b03
Dec 28 16:36:10  mpd: Name: "nworlama73w"
Dec 28 16:36:10  mpd: Using authname "[EMAIL PROTECTED]"
Dec 28 16:36:10  mpd: IPADDR 0.0.0.0
Dec 28 16:36:10  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:10  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:10  mpd: SECDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 68.216.208.91
Dec 28 16:36:10  mpd: 68.216.208.91 is OK
Dec 28 16:36:10  mpd: IPADDR 68.216.208.91
Dec 28 16:36:10  mpd: COMPPROTO VJCOMP, 16 comp. channels, no comp-cid
Dec 28 16:36:10  mpd: SECDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 0.0.0.0
Dec 28 16:36:10  mpd: PRIDNS 0.0.0.0
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:10  mpd: PRIDNS 205.152.132.23
Dec 28 16:36:10  mpd: IPADDR 68.212.94.9
Dec 28 16:36:10  mpd: 68.212.94.9 is OK
Dec 28 16:36:15  mpd: MRU 1492
Dec 28 16:36:15  mpd: MAGICNUM d605ae0c
Dec 28 16:36:15  mpd: MAGICNUM 4581f731
Dec 28 16:36:15  mpd: MRU 1500
Dec 28 16:36:15  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:15  mpd: MAGICNUM 4581f731
Dec 28 16:36:15  mpd: MRU 1500
Dec 28 16:36:15  mpd: AUTHPROTO CHAP MD5
Dec 28 16:36:15 

RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

[Ryan Rodrigue]

Thanks,.  In the forum they speak of an outdated MPD in pfsense.  I searched
and found it an updated version.  How do i install it, if it is even
possible?

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 10:43 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> I have a pfsence that has been working great for a year and a half.  When
I
> got beck wendesday, my pppoe will not connect.
> I have my dslmodem in bridge mode.  If i switch it and let it be the
router
> everything works.  If i connect the modem bridge mode to a laptop and
pppoe
> from the laptop, it works.  I tried changing network cards and upgrading
to
> the lastest version and even blowong away my config and making a new one.
> nothing works.  this is a post of the system logs.  I found that other
> people in the forum are complaining of the same thing.  Has anyone found a
> solution that allows my pfsense to keep a real public ip address?
>
> Thanks for your help, Ryan
[snip]

 This appears to be a recurring issue with Bellsouth/Death Star
(AT&T).   Check the forum there is thread open on it.  In the meantime
call and tell them that they have been breaking folks connections with
this change.  Not that they give a crap anyways.

http://forum.pfsense.org/index.php/topic,7248.0/topicseen.html

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

[Ryan Rodrigue]

Alright.  I am definatly not an expert on this.  I was just looking at the
FreeBSD and found the have a version 5.0r2.  I am just trying to help.  I
don't undestand why windows would still work though.  I figured id do
somethign, even if it was wrong.  Thanks, Ryan

http://www.freebsd.org/cgi/ports.cgi?query=mpd&stype=name&sektion=net

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:18 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Thanks,.  In the forum they speak of an outdated MPD in pfsense.  I
searched
> and found it an updated version.  How do i install it, if it is even
> possible?

We are already on the latest version of MPD (3 branch).  Same as m0n0wall.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

[Ryan Rodrigue]

You are correct.  My ISP is on crack and that is the problem.  I can't fix
them so I was hoping for another soultion.  I guess i will just have to
leave it in the mode it is in until  i get a better sollution.  Thanks
again,   Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:36 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Alright.  do you think this could possibly be the problem?
> Thanks again for all of your help.  I will try to leave you alone now.

No,  Your ISP changing out their gear without proper notice to the
customers is the cause of your grief.  As you said, this worked for a
long time prior to the ISP deciding that it is in your best interest
to change out the way their equipment works, etc.

I don't know what to tell you beyond this, honestly.  We cannot switch
MPD versions during a release candidate cycle so I am afraid that this
issue will not be solved for you soon if that is what you are implying
with these questions.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] AA$T PPPOE OUT? What's the world comming to?

[Ryan Rodrigue]

Alright.  do you think this could possibly be the problem?
Thanks again for all of your help.  I will try to leave you alone now.

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Friday, December 28, 2007 11:28 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] AA$T PPPOE OUT? What's the world comming
to?


On 12/28/07, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Alright.  I am definatly not an expert on this.  I was just looking at the
> FreeBSD and found the have a version 5.0r2.  I am just trying to help.  I
> don't undestand why windows would still work though.  I figured id do
> somethign, even if it was wrong.  Thanks, Ryan
>
> http://www.freebsd.org/cgi/ports.cgi?query=mpd&stype=name&sektion=net

We plan to move to a more recent version in the future.  But at the
moment both pfSense and m0n0wall are still on the 3 branch.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2754 (20071228) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Port 80

[Ryan Rodrigue]

I am not sure why the LAN has an ip address and is bridged.  I am not sure
if this would really work.  Are you trying to do nat and have some things
that do not nat?  If you are, i would use another interface (if you have
that option).  Also, alot of the stupid DSL routers still do filtering.
this may be your problem.

-Original Message-
From: Paul Cockings [mailto:[EMAIL PROTECTED]
Sent: Monday, January 07, 2008 4:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Port 80


Bridging is possible (and it works for everything I tested except port
80), but I don't think many people are using this configuration.  My
reason to use this method is I hold a belief that NAT buggers about with
things, and wanted to cut NAT out the loop.  Just to use pfsense as a
firewall.  (maybe there is a better way?)

I'm not that dandy with IIS so I suspected IIS or the windows firewall.
The IIS box only has one interface and that is assigned the public ip.
I happen to have another test box on this network 78.32.32.11, and from
that I can happily browse the test page a http://78.32.32.14:80
As a further test, I did enable the windows firewall, and only allow my
RDP session in, with logging on.  No dropped packets reported to port 80
for the windows firewall therefore my conclusion is the packets never
get past pfsense.

Hope all that made sense.

The problem is quite repeatable, I thought it might be 1.2-BETA-2, so I
upgraded to 1.2-RC3 ealrier today - fresh start and wiped the box
clean.  It displays the same results.

Would it help if I posted a 'pfctl -sa' ?Any pf bridging gurus around?

Kind Regards,
Paul


Hoos, Stephen wrote:
> Crazy me but, can you see the IIS box on port 80 from the LAN?  Do you
> have the IIS box set up to answer on the public IP you are assigning it?
> Can you ping the box from the outside?  I would give the IIS box a
> private address and use aliases to port forward port 80.  I am not sure
> but I don't think you can BRIDGE your WAN and LAN.
>
> -Original Message-
> From: Paul Cockings [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 07, 2008 1:02 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Port 80
>
> Hi Pfsense list, (first time poster - I'm loving pfsense)
>
> I have followed the updated tutorial for transparent firewall
> http://pfsense.trendchiller.com/transparent_firewall.pdf
>
> I've tried with 1.2-BETA-2 and 1.2-RC3,  it all just about makes sense
> expect I cannot get port 80 to open up.  I'd like to open up port 80 to
> a windows IIS6 machine
>
> Heres the test rig: (yes real ip address's!)
>
> My Location = external to all this on another connection
>
> ADSL MODEM (transparent dumb box) 78.32.32.9 pfsense WAN 78.32.32.10/29
> pfsense Gateway: 78.32.32.9 pfsense LAN 192.168.1.1 + BRIDGE with WAN
> webGUI Port: 10443 webGUI protocol: HTTPS Enable filtering bridge = on
> Disable webGUI anti-lock out = on Block private networks = on (tried
> off, no change) Disable userlanbd ftp proxy = on NAT Outbound = Manual
> NAT Outbound Rule = No nat (NOT)
>
> Windows Box does not have windows firewall switch on = absolutely
> confirmed.
> IIS is on port 80
> RDP port 3389
> windows ip address: 78.32.32.14
> windows subnet: 255.255.255.248
> windows gateway: 78.32.32.9
>
> LAN RULE = Allow anything out (this is just a testing box)
>
> If I create a WAN RULE
> TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 3389 -
> gateway any Then I can RDP into the box, I have logging switched on and
> I see the entry in the firewall log
>
> If I create a WAN RULE
> TCP - Any Source - Any port - dest 78.32.32.14 - dest port TCP 80 -
> gateway any Then I cannot see the IIS test page from my browser, logging
> is switched on, but I never see an entry in the firewall log
>
> If I delete the rules, and try
>
> http://78.32.32.14:3389 - I see firewall logs http://78.32.32.14:4000 -
> I see firewall logs http://78.32.32.14:80 - I see no firewall logs
>
> 'netstat -an' confirms that nothing appears to be using port 80 if i try
> a packet capture for 78.32.32.14:80 - I see nothing
>
> It appears to me that the traffic could be being dropping before being
> evaluated by the firewall rules?
>
> Whats going on?
> Any help, guideance, direction, or request for more info would be
> greatly appreciated.   I hope I give enough information.
>
> Kind Regards,
> Paul
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
> commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2772 (20080107) Information __

This message was checked by NOD32 antivirus 

[pfSense Support] PPPOE with static IP

[Ryan Rodrigue]

i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] PPPOE with static IP

[Ryan Rodrigue]

Thanks for the replys.  First, i corrected the issue with the lack of a
second DNS last week.  My internet is up and working.  The thing is that i
am not getting the same IP address i used to.  I think this is yet another
stupid change.  I tried a cheap linksys router that lets me manually put in
an IP address in the PPPoe settings and it all works well.
I put the IP into the Virtual IP settings, but it doesn't work.  I tried it
as an ARP and Other.  Then i went to the NAT settings and setup a 1:1 nat
with my machine and it doesnt want to work.  Im not sure what else to try.

Argg,  Why did Att have to change things?  Everything worked fine.  I am
very much looking for a new ISP.  Maybe I'll get a Real ISP this time.
 -Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 15, 2008 6:01 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP



Check out http://blog.pfsense.org.  One of the latest posts I believe fixes
your problem.

Curtis


On Jan 15, 2008 3:33 PM, Ryan Rodrigue <  <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]> wrote:


i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: [EMAIL PROTECTED]






--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

RE: [pfSense Support] PPPOE with static IP

[Ryan Rodrigue]

I am on
1.2-RC3
built on Wed Nov 7 19:02:16 EST 2007
why do you say that?  is the ability to put ip in PPPOE supposed to be
added?

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 9:31 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP


It appears you are on an older version of pfSense.  Try upgrading to 1.2rc3
or wait till 1.2rc4 comes out within the next couple of weeks.

Curtis


On Jan 16, 2008 9:27 AM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


Thanks for the replys.  First, i corrected the issue with the lack of a
second DNS last week.  My internet is up and working.  The thing is that i
am not getting the same IP address i used to.  I think this is yet another
stupid change.  I tried a cheap linksys router that lets me manually put in
an IP address in the PPPoe settings and it all works well.
I put the IP into the Virtual IP settings, but it doesn't work.  I tried it
as an ARP and Other.  Then i went to the NAT settings and setup a 1:1 nat
with my machine and it doesnt want to work.  Im not sure what else to try.

Argg,  Why did Att have to change things?  Everything worked fine.  I am
very much looking for a new ISP.  Maybe I'll get a Real ISP this time.
 -Original Message-
From: Curtis LaMasters [mailto: [EMAIL PROTECTED]
Sent: Tuesday, January 15, 2008 6:01 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] PPPOE with static IP



Check out http://blog.pfsense.org.  One of the latest posts I believe fixes
your problem.

Curtis


On Jan 15, 2008 3:33 PM, Ryan Rodrigue <  <mailto:[EMAIL PROTECTED]>
[EMAIL PROTECTED]> wrote:


i have a dsl account with a pppoe connection and a static ip address given
by at&t.  unfortunatly, the pppoe doesn't get the correct ip address.  a
ceap linksys router i have lets me put the ip address in and everything
works as expected.  Is there a way to do this in pfsense?  I'd much rather
not have this linksys router on my network.  Thanks, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: [EMAIL PROTECTED]






--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com




--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

[pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

[Ryan Rodrigue]

Has anyne downloaded this successfully?  I have, but i keep getting an
error.  unexpected end of archive.  Im using WinRar which has always worked
in the past.  I even tried from different mirrors.

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 12:36 PM
To: [EMAIL PROTECTED]
Subject: [pfSense-discussion] 1.2-RC4 released!


The pfSense development team is happy to bring you the final release
candidate in the 1.2 series!

Info here:
http://blog.pfsense.org/?p=164

__ NOD32 2798 (20080116) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

[Ryan Rodrigue]

using forefox.  i will try IE

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 4:36 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 5:34 PM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


Has anyne downloaded this successfully?  I have, but i keep getting an
error.  unexpected end of archive.  Im using WinRar which has always worked
in the past.  I even tried from different mirrors.



This seems to occur every release.  Are you using IE?  If so, then IE
automatically decompresses the file and forgets to change the filename
suffix.

Scott
PS: If you are using IE, try firefox.

RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

[Ryan Rodrigue]

At least its not just me.  I think i'll get it from my house tonight.  I
have cable there.  um..  I was trying to get the update, not the full
install.  Thanks for your help.  Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 4:51 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 5:39 PM, Jeroen < [EMAIL PROTECTED]> wrote:

Same here with FF. Downloaded from http://pfsense.iserv.nl/updates/.



Sigh.  I'll gzip -d the file on the server and allow the .iso to be
populated to the mirros without any type of compression.  Sorry ISP's!

Scott

RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

[Ryan Rodrigue]

alright.  Im goofy.  I guess i just got used to decompressing the image
before burning to cd.  And the 7zip works fine for the ISO.  thanks, Ryan

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 5:03 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!




On Jan 16, 2008 6:16 PM, Ryan Rodrigue < [EMAIL PROTECTED]> wrote:


At least its not just me.  I think i'll get it from my house tonight.  I
have cable there.  um..  I was trying to get the update, not the full
install.  Thanks for your help.  Ryan


You do not need to extract the update file.  Simply feed it to pfSense's
webConfigurator.

Scott

RE: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!

[Ryan Rodrigue]

Log in and on the first sceen it should show the version.  Or you can go to
Status >System

-Original Message-
From: Ngawang Sangye [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 16, 2008 6:33 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!


i did the firmware upgrade with the update, I don't see that it has been
upgraded? How can you see if the upgrade was successful?

Thanks

Sangye


On 17/01/2008, Jeroen < [EMAIL PROTECTED]> wrote:



On Jan 17, 2008 12:35 AM, Ryan Rodrigue < [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> > wrote:


alright.  Im goofy.  I guess i just got used to decompressing the image
before burning to cd.  And the 7zip works fine for the ISO.  thanks, Ryan


Not really, it's also just smart to check whether the archive is in mint
condition before you feed it to the box :) pfSense will probably
also double-check it, but you never know.


Time to go to sleep. Will report if I find any bugs tomorrow.

--
Jeroen

RE: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade

[Ryan Rodrigue]

My firware upgrade worked great.  Been up 6 days and 14 hours.  Not even
anything resembling a problem here.  I haven't read too many problems with
the upgrade.  Im sure if there was a real problem, many people would have
posted about it by now.  Have faith in the PFsense team.  Backup your image
first.  and go ahead and download the full iso if you want.  That being
said, id still do the upgrade.

-Original Message-
From: Ngawang Sangye [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 4:17 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade


The upgrade to 1.2RC4 didn't work - via firmware upload. I backed up the
settings, installed fresh from ISO image I downloaded of RC4 and restored
the settings and it was a good result.

So I recommend you avoid the firmware upgrade.

Regards

Sangye


On 23/01/2008, Gabriel Green < [EMAIL PROTECTED]> wrote:

Hi all:

I have 1.2RC2-beta1 on a PC installed to HD and want to upgrade to 1.2-RC2.
However, after picking the appropriate interfaces, the LiveCD halts on
"Configuring WAN interface..." - I try ALT+FunctionKeys to see debugging
information; nothing.  Then I also tried Ctrl+Alt+Del; again nothing.

LAN card is fxp0
WAN card is rl0

Any ideas?  Can I use the "firmware upgrade" option (even though, as such,
there is no "firmware" on a PC; only a HDD.)

Thanks -
Gabe

RE: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade

[Ryan Rodrigue]

alright.  Im stupid.  What is FUD?

-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 23, 2008 8:34 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] 1.2-RC2 beta1 -> 1.2-RC4 upgrade


Please stop spreading FUD (this is the second request).  The firmware
upgrade is working very well for almost everyone.  You had a specific
issue, we would have been interested to know the details of your issue
so it could have been resolved.  Simply because you, personally, had an
issue doesn't mean that an otherwise functional component should be avoided.

-Gary

Ngawang Sangye wrote:
> The upgrade to 1.2RC4 didn't work - via firmware upload. I backed up
> the settings, installed fresh from ISO image I downloaded of RC4 and
> restored the settings and it was a good result.
>
> So I recommend you avoid the firmware upgrade.
>
> Regards
>
> Sangye
>
>
> On 23/01/2008, *Gabriel Green* <[EMAIL PROTECTED]
> > wrote:
>
> Hi all:
>
> I have 1.2RC2-beta1 on a PC installed to HD and want to upgrade to
> 1.2-RC2.  However, after picking the appropriate interfaces, the
> LiveCD halts on "Configuring WAN interface..." - I try
> ALT+FunctionKeys to see debugging information; nothing.  Then I
> also tried Ctrl+Alt+Del; again nothing.
>
> LAN card is fxp0
> WAN card is rl0
>
> Any ideas?  Can I use the "firmware upgrade" option (even though,
> as such, there is no "firmware" on a PC; only a HDD.)
>
> Thanks -
> Gabe
>
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__ NOD32 2817 (20080123) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Web Console Quits responding

[Ryan Rodrigue]

I think this is what I am looking for.  Thanks for the information.  Is
there any limitiation to the number of OPENVPN connections I can have in
PFsense?



Oh.  I changed my display name on my email address from Radio Tech to Ryan
Rodrigue.  Sorry, I didn't realise it was setup that way..

-Original Message-
From: Neal Lawson [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 12:38 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Web Console Quits responding


ok, it seems that web console will only work if you have a machine on
the same subnet, even tho there are routes for the other networks on my
lan side..


On Sun, 2008-03-16 at 15:44 -0700, Neal Lawson wrote:
> im using firefox, and it happens with http and https
>
> On Sun, 2008-03-16 at 16:44 -0500, Curtis LaMasters wrote:
> > Neil,
> >
> > What browser are you using? I've had some similar issues with IE6 in
> > the past but I was able to clear it up by cleaning out the cache of
> > IE.  Are you using http or https to access the firewall?
> >
> >
> > --
> > Curtis LaMasters
> > http://www.curtis-lamasters.com
> > http://www.builtnetworks.com
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 2953 (20080317) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Multiple VPN compatible with Micro$oft

[Ryan Rodrigue]

I think this is what I am looking for. Thanks for the information. Is there
any limitiation to the number of OPENVPN connections I can have in PFsense?





Oh. I changed my display name on my email address from Radio Tech to Ryan
Rodrigue. Sorry, I didn't realise it was setup that way..

and i am very goofy.  I replied to the wrong message.  Sorry for any
confusion.

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 11:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I believe you want to have remote access users connect to the pfSense box
with a VPN and authenticate with Active Directoryif so try OpenVPN with
reference to this forum topic:

http://forum.pfsense.org/index.php/topic,4105.0.html

Please let me know if this is not what you are looking for.

--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

RE: [pfSense Support] Multiple VPN compatible with Micro$oft

[Ryan Rodrigue]

Thanks a bunch Curtis.  I can test to see if it works , but i have no way of
testing more than a few connections.  I at least have a good place to start
now.  Thanks again, Ryan

-Original Message-
From: Curtis LaMasters [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 1:24 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I'm not sure that OpenVPN truly has an upper limit.  I think you are only
limited to the bandwidth you have available or the cpu/memory resources on
the server you are connected to.

Curtis


On Mon, Mar 17, 2008 at 1:07 PM, Ryan Rodrigue < [EMAIL PROTECTED]>
wrote:


I think this is what I am looking for. Thanks for the information. Is there
any limitiation to the number of OPENVPN connections I can have in PFsense?





Oh. I changed my display name on my email address from Radio Tech to Ryan
Rodrigue. Sorry, I didn't realise it was setup that way..

and i am very goofy.  I replied to the wrong message.  Sorry for any
confusion.

-Original Message-
From: Curtis LaMasters [mailto: [EMAIL PROTECTED]
Sent: Monday, March 17, 2008 11:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


I believe you want to have remote access users connect to the pfSense box
with a VPN and authenticate with Active Directoryif so try OpenVPN with
reference to this forum topic:

http://forum.pfsense.org/index.php/topic,4105.0.html

Please let me know if this is not what you are looking for.

--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com




--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com

RE: [pfSense Support] Multiple VPN compatible with Micro$oft

[Ryan Rodrigue]

Chris, Thanks for the reply.  Will PPTP work with MS Active Directory?  I
was kinda thinking it would using radius.  I may be incorrect in this
though.

-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Monday, March 17, 2008 6:30 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Multiple VPN compatible with Micro$oft


Radio Tech wrote:
> Hello all.  I am looking for some information.  I need to implement a
> wireless connection using VPN access.  I am kinda green on VPN and really
> dont know the way to go.   The kicker is, it need to be able to support up
> to 300 user and have the ability to intergrate with Microsoft Active
> Directory.  Will anything on PFsense do this.  I really like this router
and
> feel it is possible, but I don't know what the best way to go it.  I can
try
> it on a test box.  I would give more information, but I don't know what
> other questions are important.  Thanks for your help, Ryan
>

What Curtis pointed you to should work, but you might prefer PPTP
because the client is built into Windows, and it's a heck of a lot
easier to configure. It's much less firewall friendly and less secure,
so it's suitability depends on your environment and its requirements.

No problem supporting that many users with PPTP or OpenVPN as long as
you have adequate CPU power for however much traffic you need to push.
Unless it's a significant amount ( > 15 Mb), basically anything will
suffice.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 2956 (20080318) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] More Ethernet ports on a pfsense box

[Ryan Rodrigue]

What are the cost on these boxes?  Does anyone know where they can be 
purchased?  Thanks

-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 08, 2008 7:38 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] More Ethernet ports on a pfsense box


Depends on how flexible you are; if you're not tied to a particular
piece of hardware, you could do something like this:

http://www.win-enterprises.com/index.php?option=com_content&task=view&id=52&Itemid=60

10x copper 10/100/1000 interfaces and 4x copper 10/100.  In fact, a
search for (less quotes) "1u network appliance" nets quite a few
similar ones from various sources.

Would a VLAN-capable switch do what you need?  There's every
possibility your requirements may exceed your physical port's
throughput, but if not, trunking could essentially turn an N-port
switch into N-1 unique interfaces on your system.  For that matter,
I'm curious what kind of port-density you're looking for.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3012 (20080409) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] More Ethernet ports on a pfsense box

[Ryan Rodrigue]

thanks for the info.  I searched a litle bit and found the same thing.  I was 
hoping for a site that had real prices.  I hate the -email me 3 or 4 times and 
I might give you a quote- game.  It leads me to believe that company is 
embarassed of thier own prices.  lol.  Thanks again

-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 09, 2008 9:29 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] More Ethernet ports on a pfsense box


On 4/9/08, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> What are the cost on these boxes?  Does anyone know where they can be 
> purchased?  Thanks

Seems a lot of these manufacturers OEM the boxes for appliance
vendors; most I've contacted have been pretty willing to sell to
individuals, however.  The only thing is they often want to conduct
initial business via email and don't often put quotes on their sites
(not very forthcoming of them).  If you choose a particular model, you
can often search for that number and find a site or two that are
re-selling them.  I usually expect $600-$1200, depending on the
hardware.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3013 (20080409) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] System Time

[Ryan Rodrigue]

I love these machines.  Aside from a person steping on one and breaking the
motherboard, I don't think i have had any unit fail in the field.  Thanks, I
have just a quick question.
Is there any place to see the system time on the webgui?  I was looking at
some logs and the time was off.  I couldnt figure out what time it thought
it was so I could figure out what time the logs were really talking about.
I fixed the time issue using NTP, but was just curious in case I ever saw
this in the future.  Thanks for your help, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] System Time

[Ryan Rodrigue]

great.  I knew there was a simple way to do this.  Thanks.  >Ryan

-Original Message-
From: Tortise [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 10, 2008 5:09 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] System Time


Hey I know the answer to this one!
Go to Command menu under Diagnostics and type date, bingo!
http://[pfsenseIP]/status.php also gives it!
Kewl eh!
Kind regards
David Hingston 


- Original Message - 
From: "Paul M" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 10, 2008 9:33 PM
Subject: Re: [pfSense Support] System Time


Curtis LaMasters wrote:
> status.php probably has it somewhere.  If not you could issue a command
> via the GUI in the diagnostic menu.

it does.  it would probably be useful to have the system time on the
index.php system summary page?

how would you browse to status.php, there doesn't seem to be a link to
it on from the menus?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3015 (20080410) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] portforward

[Ryan Rodrigue]

did you set the nat forwarding?

-Original Message-
From: Peter Todorov [mailto:[EMAIL PROTECTED]
Sent: Friday, May 30, 2008 11:31 AM
To: support@pfsense.com
Subject: [pfSense Support] portforward


Hello can somebody help me with port forward with pfsense. I enable port
forward for wan and computers from internet (external) can access my apache
server on DMZ, but I cannot access my apache server from LAN.

--
?? ?? ? ?

RE: [pfSense Support] Review New Hardware Setup

[Ryan Rodrigue]

Sorry to butt in to this question, but i think it kinda goes along.  Has
anybody tried the new Inet atom based processors for something like this?
They have made a few ITX boards for a pretty cheap price.  They even have
intel chipsets.
http://www.malabs.com/product.asp?product_sku=76171&item_no=MB-945GCLF&show=
b&pass=&shopid=
looks interesting.

Thant and a good intel quad nic may be the way too go.  Too bad it has a
realtek nic onboard.  An intel would have made this unit much better IMO.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 12, 2008 9:59 AM
To: support@pfsense.com
Subject: [pfSense Support] Review New Hardware Setup


We are currently using Sokrisis 5501 with the embedded version of
PFsense, they work great, but we are noticing that around 150-200 users
the CPU starts maxing out.

So we need to build a stronger box, here are the specs an employee came
up with. With this box we want to have up to 1,000 users. Using captive
portal, and traffic shaper.

I have already recommend we use a Intel pro 10/100 nic, and not a SMC
nic. Anything else that is not supported, or known to be flaky?

Also have people had better luck with Intel or AMD based boards?

Thanks
Adam


pfSense High Scalability Platform
Dual-Core 1.8GHz Athlon x64 CPUs
1 GB RAM
SATA II Hard Disk @ 160GB

HARDWARE:
-
1 $ 94.99 ARK IPC-4806 Black Steel 4U Server
http://www.newegg.com/Product/Product.aspx?item=N82E16811128015

1 $216.99 TYAN S3970G2N-U-RS 1207(F) ServerWorks HT1000 ATX Server
Motherboard
http://www.newegg.com/Product/Product.aspx?item=N82E16813151071


1 $174.00 AMD Opteron 2210 Santa Rosa 1.8GHz Socket F 95W Dual-Core
Processor Model OSA2210GAA6CQ
http://www.newegg.com/Product/Product.aspx?item=N82E16819105030


1 $ 34.99 Dynatron F558 77mm 2 Ball CPU Cooler
http://www.newegg.com/Product/Product.aspx?item=N82E16835114068


1 $ 59.99 Kingston 1GB (2 x 512MB) 240-Pin DDR2 FB-DIMM DDR2 667 (PC2
5300) ECC Fully Buffered Dual Channel Kit Server Memory Model
KVR667D2S8F5K2/1G
http://www.newegg.com/Product/Product.aspx?item=N82E16820134340


1 $ 13.99 LITE-ON Black IDE CD-ROM Drive Model DH-52N2P-04
http://www.newegg.com/Product/Product.aspx?item=N82E16827106086


1 $  7.49 SAMSUNG Black Internal Floppy Drive Model SFD321B/LBL1
http://www.newegg.com/Product/Product.aspx?item=N82E16821103203


2 $ 37.98 SMC SMC9452TX-1 10/ 100/ 1000Mbps PCI EZ Card Copper Gigabit Card
http://www.newegg.com/Product/Product.aspx?item=N82E16833129144


1 $ 10.99 ICY DOCK MB449SK-B 5.25" internal Hard drive mobile rack
http://www.newegg.com/Product/Product.aspx?item=N82E16817994047


1 $ 41.99 HITACHI Deskstar 7K160 HDS721616PLA380 (0Y30006) 160GB 7200
RPM SATA 3.0Gb/s Hard Drive
http://www.newegg.com/Product/Product.aspx?item=N82E16822145162


1 $ 59.99  COOLMAX CP-500T 500W EPS12V Power Supply
http://www.newegg.com/Product/Product.aspx?item=N82E16817159040


SOFTWARE:
-
1 $ 0.00 FreeBSD/pfSense
Free with self-support

TOTAL:

$753.39

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3181 (20080612) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Review New Hardware Setup

[Ryan Rodrigue]

I have a board on order and will let you know how well it works with
pfsense.

-Original Message-
From: Simon Dick [mailto:[EMAIL PROTECTED]
Sent: Friday, June 13, 2008 6:02 AM
To: support@pfsense.com; support@pfsense.com
Subject: Re: [pfSense Support] Review New Hardware Setup



On Fri, 13 Jun 2008 10:55:51 +0100, "Paul Mansfield"
<[EMAIL PROTECTED]> said:
> Simon Dick wrote:
> > I have an Atom 230 based system I've just put together, unfortunately
> > it's not one I'm planning to install BSD nevermind pfSense on, I'll
> > actually be using it for VMWare (one of the guests will be pfSense, but
> > this is only for a small home network, I'm trying to combine old low
> > powered systems)
>
>
> would you be able to do at least a minimal network performance test, eg,
> boot linux and use "netcat" to test raw throughput?

It's running centos 5 anyway, so I'll do that shortly, bear in mind I'm
using a quad port 100Mb fxp type pci card, not the onboard Realtek one
though (centos doesn't come with a driver to support it for some strange
reason)
--
Simon Dick
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3184 (20080613) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Tracking Individual Users

[Ryan Rodrigue]

I know there was a thread similar to this, but I started a new message
because I don't feel it is the same.

Is there any way anyone knows of to get a list of who went were on PFsense?
I mainly would like to log traffic per user.  If it did a resolution of the
websites name instead of IP, that would be great also.  What my goal is is
to just keep an eye on where my kids are going on the internet.  I'd like to
get an easy to understand list.  PF may do this already, but if it does, I
don't know where.  I think this can be done with squid, but I am using CF
(full install of CF) and have heard that squid isn't good for CF.  I really
don't want it to slow down my connection either if possible.  Thanks for all
of your help,  This is a great product.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] PFsense on P4 Hyperthreading

[Ryan Rodrigue]

Will PF sense work with a P4 using hypthreading?  I know I can disable it in
the BIOS, but i was just wondering if I could use it.  If I can, in the
install, should I tell it I have a single CPU or a multi CPU setup?  Thanks
for the help, Ryan


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] PFsense on P4 Hyperthreading

[Ryan Rodrigue]

Thanks for the super quick reply.  I thought as much, but just wanted to
confirm.  Is there a limit to the number of processors it supports?  Will a
dual zeon quad core (8 processors) work?  i really don't have a need for
that much, but I was just curious while I have you here.

-Original Message-
From: Vivek Khera [mailto:[EMAIL PROTECTED]
Sent: Monday, September 29, 2008 10:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] PFsense on P4 Hyperthreading


On Mon, Sep 29, 2008 at 10:58 AM, Ryan Rodrigue <[EMAIL PROTECTED]>
wrote:
> Will PF sense work with a P4 using hypthreading?  I know I can disable it
in
> the BIOS, but i was just wondering if I could use it.  If I can, in the
> install, should I tell it I have a single CPU or a multi CPU setup?
Thanks
> for the help, Ryan
>

FreeBSD treats it as multiple CPUs, so use the SMP kernel.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



__ NOD32 3480 (20080929) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Assign custom Gateway

[Ryan Rodrigue]

 

From: Ryan L. Rodrigue [mailto:radiote...@aaremail.com] 
Sent: Friday, November 05, 2010 9:16 AM
To: support@pfsense.com
Subject: [pfSense Support] Assign custom Gateway

 

Is there a way in PF to have dhcp assign a custom gateway in the static dhcp
setup.  

 

A little info on what I am trying to accomplish

Most users get IP address for normal gateway with normal restrictions and
all. 

Some special users get an IP on the same network, but a different router
with different restrictions and captive portal login. 

 The easiest way I could see to do this is to simply use two routers and
assign them accordingly.

I suppose 1 router would work, but I want only a few specific machines to
use captive portal and most machines to bypass CP.  This is kind of opposite
to what most people do.

I could also use VLAN and segrigate this computer, but I want them to share
all network resourses expecially itunes and a weird network printer that
doesn't seem to like traversing routers. (The printer doesn't even have a
place for a default gateway, how weird is that?)

 

I am really just trying to keep things simple.

Thanks for any suggestions.

 

 

 

Sorry, I read what I wrote and realize clarity is not one of my strengths.

Under the dhcp server I can add a static map.  Is there a way to add a
different gateway just for this static map.

I am running PF 1.2.3 Release.  Perhaps in version 2?  

Thanks for reading and any help you might be able to provide.



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5593 (20101105) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

RE: [pfSense Support] Assign custom Gateway

[Ryan Rodrigue]

 


-Original Message-
From: Tim Dickson [mailto:tdick...@aubergeresorts.com] 
Sent: Friday, November 05, 2010 4:54 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] Assign custom Gateway


> Is there a way in PF to have dhcp assign a custom gateway in the 
> static dhcp setup.

Why don't you whitelist the IPs you want to pass in the captive portal
configuration.
They would all go through the captive portal, but those IPs assigned to
bypass wouldn't be blocked.
-Tim
I guess I could do that.  I want to pass all office pc's and block 2 semi
public pc's.  If it wasn't for this printer, I would have a separate network
for these pc's.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5595 (20101105) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] MAC based Access Control

[Ryan Rodrigue]

I there a way to manually specify an IP to a mac in the ARP tables.  That
way you could filter based on IP and if someone changed their IP to avoid
the filters, there internet access wouldn't work.  You could then take it a
step further and lockdown the switch port to only that one mac and if they
got cleaver and changed their mac, that wouldn't work either.  Just a
thought.  Feel free to blast away.

 

Description: Description: Description:
C:\Users\Ryan\AppData\Roaming\Microsoft\Signatures\AARElectronics3.gifRyan
Rodrigue
P.O. Box 4336
Systems Technician
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma, LA 70360
Fax (985) 853-1034
  radiote...@aaremail.com
 www.aarelectronics.com 

 

 

 

 

From: stephen at stephenjc [mailto:step...@stephenjc.com] 
Sent: Monday, November 29, 2010 8:19 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] MAC based Access Control

 

I was under the impression that pfsense was  layer 3 software. Imo, I don't
think it should be dealing with layer 2. You can always use a switch with
port security.

On Nov 29, 2010 8:21 AM, "Vick Khera"  wrote:
> On Mon, Nov 29, 2010 at 8:11 AM, Adam Piasecki
>  wrote:
>> I understand it's a false sense of security, but I can see how it would
be
>> helpful.  Maybe a package can be made with the understanding that its not
>> 100% full proof.
>>
> 
> So you have a security feature that works, except when it doesn't.
> The problem is there is no way to tell when it is not working, so how
> do you "deal with it then"?
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 

<><>

RE: [pfSense Support] changing LAN to WAN

[Ryan Rodrigue]

-Original Message-
From: Chris Buechler [mailto:cbuech...@gmail.com] 
Sent: Wednesday, January 19, 2011 10:51 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] changing LAN to WAN

On Wed, Jan 19, 2011 at 5:55 AM, Nick Upson  wrote:
> Hi,
>
> I have an existing pfsense setup with 5 Lan & 1 Wan, I need to change
> LAN3 (the only unused one) to become a second WAN (connected to an 
> adsl modem) Please could someone give me some idea how to achieve 
> this, I've got the book but the part about configuring a second WAN 
> doesn't cover changing an existing setup.
>

Just change the interface's IP config as needed, then configure it however
desired as an additional WAN.

Agreed - Don't forget the Outbound Nat settings.  Though you did say you
have the book.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5800 (20110119) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Hardware not supported

[Ryan Rodrigue]

 

2011/1/26 İhsan Doğan :
>>> I've bought recently a Shuttle XPC-35 and unfortunately this 
>>> hardware does not run with FreeBSD 8.1, but it does with FreeBSD 8.2.
>>>
>>> Are there any plans to run pfSense 2.0 with FreeBSD 8.2?
>>
Not my first choice, but you could try to load some hypervisor on it like 
VMware ESXi and run it as a VM.  I have had PF running for over 6 months in a 
VM and it works great.




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Firewall security compromised by auxillary programs?

[Ryan Rodrigue]

-Original Message-
From: Sean Cavanaugh [mailto:millenia2...@hotmail.com] 
Sent: Friday, February 04, 2011 6:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Firewall security compromised by auxillary
programs?

?-Original Message-
From: Mark Jones
Sent: Friday, February 04, 2011 2:54 PM
To: support@pfsense.com
Subject: [pfSense Support] Firewall security compromised by auxillary
programs?

Well, I hear of people running pfSense in a VM, and I wonder how do you
avoid exposing the host OS to the network?  How can a firewall be run in a
VM and not leave the host OS hanging out to be attacked?  Or, go the
otherway and put the VM in the FreeBSD used by pfSense since there is plenty
of excess CPU and memory to do the trick.  Only getting vmware to run on
pfSense FreeBSD might be difficult (I haven't actually tried it) given the
very few pieces of FreeBSD that are present in a pfSense environment.

I am just a big dummy, but I would say that if the interfaces used for
PFsense are dedicated to interfaces in VMware (with separate Vswitches
each)without a service console connection, then you are OK.  Esxpecially on
ESX because it is has a firewall and is pretty well locked down.  Don't be
stupid and try to do so on a single interface.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Multiple WAN subnets

[Ryan Rodrigue]

Could you use virtual IPs assigned to the wan interface?  I use them now for
a different subnet and it works fine for me.  I assign the virtual IP and
use 1:1 nat.

 
Ryan
Rodrigue
        P.O. Box
4336
Systems
Technician  
       Houma, LA 70361
A A R Electronics,
Inc 
   Phone (985) 876-4096
510 West Tunnel
Blvd
    Phone (800) 649-7346
Houma, LA
70360   
     Fax (985) 853-1034
radiote...@aaremail.com 
 www.aarelectronics.com 

 


-Original Message-
From: JASON JAMES [mailto:jam...@milton.k12.wi.us] 
Sent: Tuesday, March 01, 2011 11:02 AM
To: support@pfsense.com
Subject: [pfSense Support] Multiple WAN subnets

We currently use PFSense as a perimeter firewall it does all of our NAT as
well. We recently ran out of public ip's and had another subnet issued to
us. The problem is whether I add a new interface or set it up as a static
route we can't get it to be reachable from outside. I know I am missing
something small, I have been skimming through the pFsense book again and
nothing is popping out. Anyone have any ideas? If I add it as an interface,
I can ping whatever ip address I bind that interface too but adding virtual
ips and then setting up NAT for additional ips in that block are not
routeable. 




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 5917 (20110301) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

RE: [pfSense Support] can't block https://facebook.com via firefox

[Ryan Rodrigue]

-Original Message-
From: Luke Jaeger [mailto:ad...@pvpa.org] 
Sent: Wednesday, March 23, 2011 8:59 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] can't block https://facebook.com via firefox
>
>Yes, I'm sure - facebook.com is explicitly blocked in my squid blacklist
and the shallalist 'socialnet' category is blocked too in squidguard. I also
set up a firewall rule blocking any >traffic >on any port to
>
>66.220.147.0/24
>66.220.149.0/24
>66.220.153.0/24
>69.63.176.0/24
>69.63.181.0/24
>69.63.184.0/24
>69.63.187.0/24
>69.63.189.0/24
>69.63.190.0/24

>But it's still possible to get to facebook, ONLY via https and ONLY in
Firefox when set to bypass system proxy settings.


You did put the block list above any allow list and you did put it on the
LAN port.  Correct?
I personally would set anything on the local network on Https, and Http to
block thus forcing them to use your squid proxy.  (Allow squid proxy of
course)



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] can't block https://facebook.com via firefox

[Ryan Rodrigue]

-Original Message-
From: Raylund Lai [mailto:raylund@kankanwoo.com] 
Sent: Wednesday, March 23, 2011 11:14 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] can't block https://facebook.com via firefox

I think the best is to combine DNS and firewall rule.

Using something like OpenDNS for all the DNS inquiry on your network and
then setup firewall rule so that only DNS inquiry are allowed to OpenDNS.
Then, going to OpenDNS to set your own blocking/allowing rule(s).

-Raylund
 This is a good approach too.  Rather than only allow dns to opendns you
could redirect all dns request to opendns in the nat settings.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Blocking Windows Machines

[Ryan Rodrigue]

>In addition to this, and to controlling DHCP, as another poster mentioned, 
>there is an audit method that may take some time, but can be automated to some 
>degree.
>
>It's an interesting use of TTLs I saw discussed on another list - you have to 
>keep track of the TTLs by the hosts on your network and notice the anomalies. 
>Most OSes use a starting >TTL of either 64 or 128. If you notice packets with 
>a TTL of 63 or 127 coming from a particular IP address through your 
>router/firewall, you have an indicator that that IP address is a >router or 
>NAT device itself. I would also suspect that if you see mixed TTLs coming from 
>a single IP address, that might also signal something to investigate.
>
>Kurt 


And while this is correct if it goes through a router, I don't think a simple 
access point will change (decrement) the TTL.  I remember Mikrotik would let 
you override the TTL to 1 so that any router hanging off would discard the 
packets.  Thank is unless they used another Mikrotik router that would simple 
modify the TTL again.  They did this in a mangle rule.


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Blocking Windows Machines

[Ryan Rodrigue]

>In addition to this, and to controlling DHCP, as another poster mentioned, 
>there is an audit method that may take some time, but can be automated to some 
>degree.
>
>It's an interesting use of TTLs I saw discussed on another list - you have to 
>keep track of the TTLs by the hosts on your network and notice the anomalies. 
>Most OSes use a starting >TTL of either 64 or 128. If you notice packets with 
>a TTL of 63 or 127 coming from a particular IP address through your 
>router/firewall, you have an indicator that that IP address is a >router or 
>NAT device itself. I would also suspect that if you see mixed TTLs coming from 
>a single IP address, that might also signal something to investigate.
>
>Kurt 


And while this is correct if it goes through a router, I don't think a simple 
access point will change (decrement) the TTL.  I remember Mikrotik would let 
you override the TTL to 1 so that any router hanging off would discard the 
packets.  That is unless they used another Mikrotik router that would simple 
modify the TTL again.  They did this in a mangle rule.

(Sorry I correct a fat finger issue above)


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] allow/deny users by MAC address?

[Ryan Rodrigue]

->Original Message-
>From: Luke Jaeger [mailto:ad...@pvpa.org] 
>Sent: Monday, June 06, 2011 8:31 AM
>To: support@pfsense.com
>Subject: [pfSense Support] allow/deny users by MAC address?
>
>I run a school network where students and teachers sometimes bring in
personal laptops.
>
I>s there a way to filter these by MAC address so that teachers get access
to certain resources (such as printing) and students don't?
>Or do I have to set up a separate wireless network for teachers only?
>
>Luke Jaeger | Technology Coordinator
>Pioneer Valley Performing Arts Charter Public School www.pvpa.org
>

Short answer - No.
Possible solution: 
Some of your better Wi-Fi access points allow you to set multiple SSID's
with a separate VLAN for each.  I would do that and setup an SSID for
Teachers with their passcode and an SSID for students with their passcode.
That way you could setup the access they have with the VLAN.  This way you
also don't have to worry about the limited number of Wi-Fi channels because
both SSIDs work in conjunction with each other on the same channel.  I do
this and I also setup an SSID for IT login with a non-broadcasting SSID and
a separate passcode.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Diffrent Gateway Adress ( External )

[Ryan Rodrigue]

 

 

From: Shibashish [mailto:shi...@gmail.com] 
Sent: Tuesday, June 14, 2011 3:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Diffrent Gateway Adress ( External )

 

 

2011/6/14 Koray AGAYA 

Thank you for your information

 

I added 1:1 NAT section like bellow I tested same result external gateway not 
changed. Gateway adresses is 2.2.2.2 What is my mistake ?

 


MAIL 

2.2.2.4/32 

10.0.1.12/32 

mail.mems.metu.edu.tr  

 

 

It is an external IP, not an external gateway you are looking for.  You need to 
Specify the IP in 1:1 NAT which it appears you did.  You also need to specify 
the External IP in Virtual IPs.  At the bottom of the 1:1 NAT Page it says you 
may also need to specify them as virtual IPs with a link.

 

Each interface must have a unique gateway.  

Step 1: I would think that you need to remove the Mail interface all together 
if you have not already done so.

Step 2: Go to Firewall – Virtual Ip’s and specify the Type ( I use proxy arp 
usually) interface it will resides on (Probably the WAN unless you have 2 
ISP’s), and IP address.

Step 3: Go to Firewall – NAT and Choose the 1:1 Tab. And click the + sign. (or 
edit if you already have one there)

Step 4:  Select the interface (same one you selected for virtual IP) External 
IP, Internal IP, Destination type (I use any).

Step 5: Click Save.

 

RE: [pfSense Support] Re: install headache (part 2)

[Ryan Rodrigue]

 

From: Nick Upson [mailto:n...@telensa.com] 
Sent: Tuesday, August 02, 2011 6:56 AM
To: support pfsense
Subject: [pfSense Support] Re: install headache (part 2)

 

 

On 2 August 2011 11:19, Nick Upson  wrote:

Hi,

I am trying to be systamatic about trying the combinations of variables, so
far nothing works properly

(2.0 rc3, go straight into install rather than run pfsense from the cd)

a) quick install, uni processor - hangs at the spinner after boot prompt 
b) block mode off, uni processor - error about no boot loader
c) quick install, SMP processor - hangs at the spinner after boot prompt 
d) quick install, SMP processor - hangs at the spinner after boot prompt 


(boot into pfsense, option 99 to install)

e) quick install, uni processor - error about no /boot/loader

disabled LBA in BIOS

( go straight into install rather than run pfsense from the cd)

f) quick install, uni processor - hangs at the spinner after boot prompt 

(boot into pfsense, option 99 to install)

g) quick install, uni processor - error about no /boot/loader
h) block mode off, uni processor - error about no /boot/loader

enable  LBA in BIOS
( go straight into install rather than run pfsense from the cd)

i) block mode off, uni processor - error about no /boot/loader

-- 
Nick Upson (01799 533252)

 

What kind of hardware are you trying to install on?

RE: [pfSense Support] hardware suggestions

[Ryan Rodrigue]

I'm installing onto a seagate 320GB 2.5" hard drive, from a CD, both
connected via sata. I boot from the CD and have attempted to install
directly (press I) and continue (press C) into the liveCD boot, do a minimal
configuration (1 lan & 1 wan) and install from there (option 99). I'm using
the non-embedded version, both 1.2.3 and 2.0rc3.

I have 2 possible outcomes when I boot from disk, depending upon the options
used to install

- A menu is visible on the screen which after a few seconds attempts to
boot, this is what I finish up with on the screen
F1  pfSense
Boot:  F1
\<- non-moving spinner

- the other outcome is that I get an error message like this:
default 0:ad(0,a)/boot/kernel/kernel
no /boot/loader
boot:
 

I would change the setting in the bios for the hard drive to ATA or legacy
mode if it has such a setting.  

 

It appears as though it doesn't like the hard drive for some reason.  

 

I have had that problem with some compact flash modules and 1 SATA drive
that I fixed by setting my BIOS to what it called legacy mode. (Basically it
presented the SATA drive as IDE I think.)




-- 
Nick Upson (01799 533252)

RE: [pfSense Support] how to add the wifi

[Ryan Rodrigue]

You probably need to login to the Linksys and take it out of router mode and
put it in AP mode. Or at least turn of DHCP on the Linksys and connect it to
the LAN port instead of the WAN port.  If you don't have a wifi card, you
will not have any WiFi setting in PFsense.

 


Ryan Rodrigue

P.O. Box 4336


Chief Technical Manager

Houma, LA 70361


A A R Electronics, Inc

Phone (985) 876-4096


510 West Tunnel Blvd

Phone (800) 649-7346


Houma, LA 70360

Fax (985) 853-0134


radiote...@aaremail.com

 <http://www.aarelectronics.com/> www.aarelectronics.com

 

 

From: suresh suresh [mailto:suresh.notion...@gmail.com] 
Sent: Thursday, September 01, 2011 9:13 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] how to add the wifi

 

No,.. i dont have wifi card.if i configure the wifi router. that goes to the
differnt network. like am pfsense using 192.18.7.10 in wifi coonected
systemshows ip 192.168.1.1 at that time i cant take print or scan both will
come on 7.1 series. how to solve this problem.and also more question how to
block the bit torrent. am using pfsense 1.2.3.

 

Thank you,

 

Regards,

Suresh

 

 

On Thu, Sep 1, 2011 at 7:22 PM, RB  wrote:

On Thu, Sep 1, 2011 at 07:48, suresh suresh 
wrote:
> Hi All,
> how to add the wifi in pfsense. i am having the linksys home router.how to
> setup wifi in the pf sense. please help me.

Do you have a wifi card in your pfSense machine?  Are you wanting it
to be a wireless client or an access point?

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

 

RE: [pfSense Support] how to add the wifi

[Ryan Rodrigue]

 

ok..please help me. how to block the bit torrent in pfsense 1.2.3

 

Thank you,

 

There is not a 100% definite answer to this.  What I do is open the ports I
need (80 for http, 25 for smtp, ect and then put a block all rule below
these.  This usually works for 99% of the bit torrent traffic.  The problem
is that PFsense blocks based on ports, bit torrent can be intelligent and
change ports.  You could also do the traffic shaper and put bit torrent in a
very low spped queue, but I have never tried that.

RE: [pfSense Support] how to add the wifi

[Ryan Rodrigue]

-Original Message-
From: RB [mailto:aoz@gmail.com] 
Sent: Thursday, September 01, 2011 9:36 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] how to add the wifi

On Thu, Sep 1, 2011 at 08:31, Ryan Rodrigue  wrote:
> There is not a 100% definite answer to this.  What I do is open the 
> ports I need (80 for http, 25 for smtp, ect and then put a block all 
> rule below these.  This usually works for 99% of the bit torrent 
> traffic.  The problem is that PFsense blocks based on ports, bit 
> torrent can be intelligent and change ports.  You could also do the 
> traffic shaper and put bit torrent in a very low spped queue, but I have 
> never tried that.

pfSense 2.0 has the capability to categorize traffic at "layer 7", but even 
that isn't foolproof against bittorrent.

You are correct.  I haven't played with these features yet.  My method works 
for me and I think it is a good method in general.  Allow what you need, Block 
everything else.  Yes, It gets aggravating sometimes, but it also helps prevent 
the next dumb thing the users decide to try.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional 
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature 
database 6427 (20110901) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] how to block the bit torrent

[Ryan Rodrigue]

Get it, Read It.  It will help a lot I think.

 

http://www.amazon.com/pfSense-Definitive-Christopher-M-Buechler/dp/097903428
0

RE: [pfSense Support] how to block the bit torrent

[Ryan Rodrigue]

On Fri, Sep 2, 2011 at 12:23 PM, Glenn Kelley  wrote:
> There is a PFSense 2 book available for the Kindle or paperback - in 
> Amazon Store - just search for PFSENSE


I recommended the 1.2 book because he said he was running 1.2



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Outbound port forward

[Ryan Rodrigue]

What if you enabled DNS Forwarder and forwarded All DNS Request to PFsense.

Ryan Rodrigue
P.O. Box 4336
Chief Technical Manager
Houma, LA 70361
A A R Electronics, Inc
Phone (985) 876-4096
510 West Tunnel Blvd
Phone (800) 649-7346
Houma, LA 70360
Fax (985) 853-0134
radiote...@aaremail.com
www.aarelectronics.com


-Original Message-
From: Arquivos [mailto:arqui...@otv.com.br] 
Sent: Tuesday, September 06, 2011 2:34 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Outbound port forward

> What you want is a NAT Port Forward entry on your LAN interface to 
> destination port 53 and a redirect target IP of the server you want to 
> force. I haven't tried this but I believe it will do what you are 
> asking.

I´ve tried this config and it didn´t work :( In NAT por forward only
internal IP´s can be specified and i need an external DNS server, so i´m
still in the dark.
Tks..

Danilo



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional
commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



__ Information from ESET NOD32 Antivirus, version of virus signature
database 6441 (20110906) __

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org