Re: [pfSense Support] Outbound port forward
Op 6 sep 2011, om 21:12 heeft David Burgess het volgende geschreven: > On Tue, Sep 6, 2011 at 1:08 PM, Arquivos wrote: > >> i need to forward all the requests going out by the port 53 (DNS) to a >> single external DNS server, in dispite off the DNS configured in the >> clients. Can someone help me in that? > > > What you want is a NAT Port Forward entry on your LAN interface to > destination port 53 and a redirect target IP of the server you want to > force. I haven't tried this but I believe it will do what you are > asking. This should work, i've been doing this a while back where I had a combination of a port forward on the LAN and a outbound NAT rule on the LAN interface to mangle traffic. That was 1.2.3 or a early 2.0 beta. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multiple internet connections - balancing not working
Hi Greg, On 26-8-2011 16:45, greg whynott wrote: ?...i'm not sure what you are saying. the documentation does not indicate i have to have each modem hanging off its own interface directly connected the the pfsense box, and from a network perspective there isn't anything wrong with having 2 gateways on the same network. they each have a unique IP and go to different ISPs. Am I wrong here? Yeah, that should theoretically work as intended. Can you send me that part for the /tmp/rules.debug to me (private email)? If you could send the part of the config.xml that contains the gateway items and gateway groups that would be swell. Atleast, that's way I intended it to work and why I added the gateways format in the first place. I was misunderstanding that you were using the same Gateway IP address on 2 different interfaces. Which is something which didn't work in 1.2 and still won't in 2.0. Regards, Seth http://imageshack.us/photo/my-images/508/smallnet.jpg/ is what the set up looks like. thanks again, greg On Fri, Aug 26, 2011 at 10:05 AM, Younes EL AMRAOUI mailto:oun...@gmail.com>> wrote: You don't have right to do this because there are all in the same network 192.168.2.0 ( /24 = 255.255.255.0). 2011/8/26 greg whynott mailto:greg.whyn...@gmail.com>> they are all /24 networks.all interfaces are configured with the same mask/network on that side of the device. Should it help, the setup works(fail over) when one of the gateways fail, but they don't appear to ballance with both are up. -g On Fri, Aug 26, 2011 at 9:55 AM, Younes EL AMRAOUI mailto:oun...@gmail.com>> wrote: what the CIDR of every gateway? 2011/8/26 greg whynott mailto:greg.whyn...@gmail.com>> why are you saying this? I don't belive i am. the gateways are .1 and .2. there is only 2 interfaces on the box, one on a 10.x network and the other in the 192.x network. -g You can not use the same gateway address on multiple interfaces. -- Younes EL AMRAOUI /Engineering Student at ESIREM./ /Computer Science Engineering School./ /+33629153757 / /Dijon ,FRANCE ./ -- Younes EL AMRAOUI /Engineering Student at ESIREM./ /Computer Science Engineering School./ /+33629153757 / /Dijon ,FRANCE ./ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multiple internet connections - balancing not working
On 26-8-2011 15:40, greg whynott wrote: Hi, Yes I did. I mentioned this in my post. thanks, greg You can not use the same gateway address on multiple interfaces. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN with cable modem (dhcp) and ADSL (pppoe) with static IP (and IPv6)
Op 1-8-2011 16:06, Eugen Leitl schreef: > > The ADSL is PPPoE with static IP but also offers IPv6 > (local provider MNet). Latter appears to require some > modifications The current 2.1 code should allow you to configure the DHCP6 client on your PPPoE WAN. I've done some basic testing that it works. > 2) Any chances with getting IPv6 with ADSL working, >given above complications? > Yes. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] How to add the WAN DHCP
Op 21 aug 2011, om 08:42 heeft suresh suresh het volgende geschreven: > HI All, > > My internet connection service provider connection has been changed. They are > not given the static ip. they are DHCP. please help me. how to configure the > WAN DHCP. please help. > i have attached my previous configuration files. where i need to be edit?.. > please help me. Just enter the UI, navigate to interfaces WAN and set the thing to DHCP and save. Good luck. Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Prelimenary DHCP6 support with Prefix Delegation in 2.1-DEVELOPMENT
Hi, For those people that are tracking the current 2.1 DEVELOPMENT branch because they need IPv6 support. I've just committed a number of changes that should make it possible to use the DHCP6 client with Prefix Delegation. For example: On the WAN interface, select "IPv6 configuration type" "DHCP6". You can then select the Prefix Delegation size as provided by your ISP. The most common sizes are listed here, being 48, 52, 56, 60 and 64. The DHCPv6 Unique Identifier (DUID) field is not used yet, ignore it. Save this configuration and it should start the DHCPv6 client on that interface. This should also work properly for people on PPPoE which is currently the largest active base that deploys DHCPv6 Prefix Delegation. On the LAN interface you can select "IPv6 configuration type" "Static IPv6". You can configure a IPv6 address here of fe80::1/64 since it's used for prefix delegation. The drop down below the address allows you to select a network ID from the prefix delegation. So, if the ISP gives you a 2001:db8:::/48 network you could select "7" from this list. The Prefix Delegation process would then configure the prefix 2001:db8::7::/64 on the LAN. The number selected from the drop down is reflected here. Kind regards, Seth Mos Then - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Upgrade from pfsense 1.2.3 to 2.0
Op 15-8-2011 12:21, Aymen Belkhiria schreef: > Hi all, > > > After upgrade to pfsense 2.0 RC3 I have a problem to manage the WAN > interface. > > I have a port forward work fine with pfsense 1.2.3 but when I upgraded > to 2.0, something block the traffic > and I can't access to the application from outside. Please confirm that you have a allow firewall rule on the WAN interface from source any, port any to WAN IP port . It should just work. Kind regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN Failover Backup
Hi, Op 15-8-2011 1:54, Chris Buechler schreef: > On Sat, Aug 13, 2011 at 11:04 PM, David Miller wrote: > This sounds like the kind of scenario where you could benefit greatly > from a few hours of our time to go over your entire network design and > implement an appropriate solution. We have numerous customers in > similar scenarios, responsible for a thousand different things with > minimal time to work on such projects, and we can make your life a lot > easier in that regard and save you a bunch of time. Also an in-depth > network review is generally beyond what you'll be able to get thorough > assistance with on a mailing list as it's time consuming (and probably > more than you want to publicly divulge). See commercial support link > in the footer for info. I second that. Also, purchase "Designing Large Scale Networks" from O'reilly from your favourite book store. I can recommend it highly to figure out what direction you want to venture in, I've found it to be a great help. It handles L2 switching, aggregation and redundancy as well as all the routing solutions. Since then I've implemented routing at work. pfSense being the internal VLAN router. I'm using Dell R310 servers as the firewalls. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] hardware suggestions
Lanner inc has a 6 port gigabit desktop model. Fanless that does 230 mbit duplex. I believe they have a uk sales representative you can contact that will ship you a unit. I know they also have rackmount units of those. Or. Since the chassis is basically a brick of aluminium. Attach rack ears. Regards seth typed on a tiny touchscreen, why exactly? Nick Upson schreef: >ok, I'm close to giving up with installing pfsense 1.2.3 or 2.0rc3 onto the >FX5624 harddrive, > >Does anyone have suggestions for similiar hardware (6 lan ports, preferably >rack mount) that is available in the UK > >-- >Nick Upson (01799 533252)
Re: [pfSense Support] Dual WAN with cable modem (dhcp) and ADSL (pppoe) with static IP (and IPv6)
> The ADSL is PPPoE with static IP but also offers IPv6 > (local provider MNet). Latter appears to require some > modifications > > http://carsten.schoene.cc/2011/03/natives-ipv6-auf-einem-m-net-dsl-anschluss/ > > (ppp, pppoe, wide-dhcpv6, radvd, etc.). > > 1) Will pfSense be able to handle the simple case > (dual-WAN with load-leveling, one interface DHCP, > another PPPOE)? For v4, yes. Because of NAT. > 2) Any chances with getting IPv6 with ADSL working, > given above complications? Some ISPs statically route your ipv6 space on your circuit, then it will just work even without the dhcp6 client. You can then manually configure a v6 address on your PPPoE. Provided you know what the prefix will be. The dhcp6 client is started for DHCP interfaces but in your case the 2nd WAN interface needs the dhcp6 client. And running two dhcp6 clients appears to be a problem when I tested during development. The interfaces page needs to really have this split out so that you can toggle the dhcp6 client for quite a number of types. As this is going to be the preferred method of configuring by ISPs. I manually launched a dhcp6 client on a native v6 pppoe I had access too in .nl. I quickly discovered that this caused a recursing reconfiguration which made accessing the box remotely really hard. Load balancing with v6 is tricky and requires NPtv6, of which we have support but the page is missing proper validation. I've stopped working on the v6 code about 2 months ago through intervention. I hope to come back to it "soon". Regards, Seth > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > __ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] install headaches
Normally that is called virus protwction in the bios. And yes that would prevent the boot loader from being installed. Seth typed on a tiny touchscreen, why exactly? Bart Grefte schreef: >Is there a security setting enabled in the BIOS that might prevent >installing the bootloader on the HDD? > > > > > > _ > >Van: Nick Upson [mailto:n...@telensa.com] >Verzonden: maandag 1 augustus 2011 14:03 >Aan: support pfsense >Onderwerp: [pfSense Support] install headaches > > > > >Hi, > >I'm trying to install 1.2.3 or 2.0rc3 (tried both) from dvd onto a HD, in >both cases it all appears to install fine but when I attempt to boot from >the HD it fails > >without touching the keyboard the 2.0 says: (1.2.3 is similiar) > >error 1 lba 378986767 >No /boot/loader > >and then goes back to the "boot:" prompt > >-- >Nick Upson (01799 533252) >
Re: [pfSense Support] PPTP 2.0 RC3
Op 8 jul 2011, om 09:27 heeft Johan Hendriks het volgende geschreven: > WAN PPTP. > WAN ip adres 10.0.0.100 > Connect to 10.0.0.138, the ip address of the ADSL modem. > > I see a lot of drops on 10.0.0.100 to 10.0.0138 and visa versa in the > firewall logs. > some show TCP, enght. 1. Disable the "block private networks" on the WAN. 2. You are not still really using a Alcatel Lucent/Thomson Speedtouch Home are you? It uses a 10/8 subnet mask for the LAN causing havoc with VPNs. All the new models use 192.168.x.1 for the LAN side of things. 3. Configure the modem with a different configuration file that sets the modem up as a PPPoA bridge device, you then get the public IP on pfSense using PPPoE or DHCP. The KPN website has a couple of these and installer files for instructions. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cant access Cisco.com through pfSense
Op 22 jun 2011, om 09:28 heeft Shali K.R. het volgende geschreven: > Dear All, > > i cant access Cisco site through pfSense yesterday i enabled ipv6 traffic in > System-> Advanced page but today its not working,any idea??? Do you actually have IPv6 addressing from your ISP? Just blindly enabling it will do nothing. Cisco.com did have a quad A record for the domain for ipv6 day, but not currently. what does host www.cisco.com tell you? Does it return a quad A record? Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Current Production Version
Op 19 jun 2011, om 12:41 heeft Volker Kuhlmann het volgende geschreven: > On Sun 19 Jun 2011 14:35:56 NZST +1200, David Burgess wrote: > >> The images are labelled RC1, but if you install them they will show up >> in your dashboard and console as RC2, for several weeks now. > > Thanks. Who would have thought that > pfSense-2.0-RC1-i386-20110226-1530.iso.gz is RC2 7Jun and > not RC1 26Feb... > That is one WEIRD versioning scheme. That's a issue with the snapshot builders, we need to manually touch a file to change the filenames. That's what's causing it. But this way, when people report issues, they send the version displayed in the UI which is the most important. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense Brindge only IPv6
You can find a exerimental image in the welcome message of the ipv6 board in the pfsense forum. The images on http://iserv.nl/files/pfsense/ ipv6/rc1/ explicitly support ipv6 with prefix delegation on the wan. The images built on the pfsense snapshots do not support this. Regards seth Malek Haïssous schreef: >Hello, > >First, Pfsense do not automaticaly configure its IPv6 with my Freebox >(Modem/Router native IPv6) like any computers directly connected to the >Freebox. I have a /64 IPv6, and i want to use it on the LAN network. >Then, how can I bridge only IPv6 on WAN1 <-> Lan (I have 2 WANs). > >Thank you, > >NB/ Excuse-me about my AWFUL English. > > >- >To unsubscribe, e-mail: support-unsubscr...@pfsense.com >For additional commands, e-mail: support-h...@pfsense.com > >Commercial support available - https://portal.pfsense.org >
Re: [pfSense Support] IPSEC problem on pfSense 1.2.3
yes, ipad works. the settings are finicky. Op 1 jun 2011, om 19:12 heeft Carlos Vicente het volgende geschreven: > That's what I thought. Will the version 2.0 support NAT-T and IPSEC VPN > supported by iPhone and iPad? > > Thank you very much for your help. > > On Wed, Jun 1, 2011 at 5:18 PM, Vick Khera wrote: > On Wed, Jun 1, 2011 at 11:47 AM, Carlos Vicente wrote: > My pfSense box is behind a ISP modem router, which forwards ports UDP 500 and > UDP 4500 (just in case) to the WAN interface of my box (which is on the LAN > interface of the router). I use DynDns (on the ISP router) to access my > pfSense from internet. On the client side i use the virtual adapter and gave > it an IP 192.168.13.1 (doesn't overlap the LAN on the pfSense side). > > 1.2.3 does not support NAT-T, which you would seem to need for this case. > OpenVPN is the way to go. > > > > -- > > * > http://www.sebastiaoguerra.com > http://www.atelierdamoto.com > http://www.blocoa3.com > -- > Este e-mail e quaisquer ficheiros a ele anexados são confidenciais e > destinados, > exclusivamente, à pessoa ou entidade a quem foi endereçado. Se recebeu este > e-mail por > erro, por favor, contacte-nos. Obrigado. > This e-mail and any files transmitted with it are confidential and intended > solely for the use of > the individual or entity to whom they are addressed. If you have received > this e-mail in error > please notify us. > > > > Antes de imprimir este e-mail pense se necessita mesmo de o fazer
Re: [pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)
Have not gotten round to debugging yet. Regards, Seth Op 24 mei 2011, om 17:26 heeft Joshua Schmidlkofer het volgende geschreven: > Anyone have any movement on this issue? > > Sincerely, > Joshua > > On Thu, May 19, 2011 at 22:16, Seth Mos wrote: >> I had one of those moments yesterday that I can only terminate on the OPT >> interface, but not the WAN. I will check too. >> >> Regards, >> >> Seth >> >> Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven: >> >>> I'm wondering if I'm seeing something closely-related: I also have a VIP >>> (CARP) setup where IPSec will not work properly. I never thought to >>> examine the actual IPs that closely, though... I'll see off I can replicate >>> the problem tomorrow. >>> -Adam >>> >>> >>> Joshua Schmidlkofer wrote: >>> >>>> Dear Support, >>>> >>>> I have multiple WANs at one site, and it I have a few different >>>> places which I am connecting tunnels to. It appears that creating new >>>> connections to the end points is a little unpredictable. >>>> >>>> I can't seem to control which interface the initial contact packets >>>> comes from. I don't know how to explain this, but let's say I have >>>> two WAN connections. I have named them CABLE and LEASED. >>>> >>>> Several tunnels work fine, but these last two have been completely >>>> out of control. No matter what, in one case I am going down the wrong >>>> line. According to IPsec policy this tunnel is configured for >>>> Interface "CABLE", and everything else set properly. Site-A has two >>>> lines. Site-B has only one. Site-B can instatiate successful VPN >>>> connection, Site-A cannot. Site-A persistently, in this one tunnels >>>> case, is using the wrong line. >>>> >>>> I cannot determine a good method for forcibly routing the traffic, >>>> and racoon doesn't seem to honor the source-interface configuration. >>>> Racoon is binding to the correct IP addresses. >>>> >>>> On the same topic, I was unable to successfully convince racoon to >>>> bind to a virtual IP as well. I have been forced to use the Interface >>>> IPs. >>>> >>>> Advice, help, ideas? >>>> >>>> Sincerely, >>>> Joshua >>>> >>>> - >>>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>>> For additional commands, e-mail: support-h...@pfsense.com >>>> >>>> Commercial support available - https://portal.pfsense.org >>>> >> >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)
Op 20-5-2011 9:22, A Mohan Rao schreef: > not able to do client side open vpn setup properly any body can help for > which open vpn client i have to download and install run properly i have > to do server side setup which is i have to attached video. Do not Hijack threads. Please don't send attachments to the list, post it somewhere on the internet. > Awaiting for positive response .! Negative. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPsec, Multi-WAN Session Setup Problems. (2.0 RC1)
I had one of those moments yesterday that I can only terminate on the OPT interface, but not the WAN. I will check too. Regards, Seth Op 20 mei 2011, om 01:39 heeft Adam Thompson het volgende geschreven: > I'm wondering if I'm seeing something closely-related: I also have a VIP > (CARP) setup where IPSec will not work properly. I never thought to examine > the actual IPs that closely, though... I'll see off I can replicate the > problem tomorrow. > -Adam > > > Joshua Schmidlkofer wrote: > >> Dear Support, >> >> I have multiple WANs at one site, and it I have a few different >> places which I am connecting tunnels to. It appears that creating new >> connections to the end points is a little unpredictable. >> >> I can't seem to control which interface the initial contact packets >> comes from. I don't know how to explain this, but let's say I have >> two WAN connections. I have named them CABLE and LEASED. >> >> Several tunnels work fine, but these last two have been completely >> out of control. No matter what, in one case I am going down the wrong >> line. According to IPsec policy this tunnel is configured for >> Interface "CABLE", and everything else set properly. Site-A has two >> lines. Site-B has only one. Site-B can instatiate successful VPN >> connection, Site-A cannot. Site-A persistently, in this one tunnels >> case, is using the wrong line. >> >> I cannot determine a good method for forcibly routing the traffic, >> and racoon doesn't seem to honor the source-interface configuration. >> Racoon is binding to the correct IP addresses. >> >> On the same topic, I was unable to successfully convince racoon to >> bind to a virtual IP as well. I have been forced to use the Interface >> IPs. >> >> Advice, help, ideas? >> >> Sincerely, >> Joshua >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Mac based VLANs
Op 18-5-2011 10:48, Giacomo Di Ciocco schreef: > Hello everyone, > having a non-vlan-capable switch i'm wondering if it would be possible > to make pfsense consider this untagged traffic belonging to different > VLANs according to its source MAC address. No. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense 2.0 RC1 IPv6 build with DHCP-PD support
Hi, Here are prelimenary images that have IPv6 enabled and also support DHCP-PD for the WAN. I am in need of someone that has a DHCP WAN where they also provide DHCP-PD for IPv6. This is by no means a production image, my suggestion is to try this as a LiveCD and get back to me if it works for your ISP if they provide native IPv6. Select the correct "Delegated Prefix Length" from the dropdown on the WAN interface if it is set to DHCP. Select a network Prefix ID on the LAN interface for automatic setup of the LAN interface. If it doesn't work for native IPv6 with DHCP-PD I'd like to know. http://iserv.nl/files/pfsense/ipv6/rc1/ These builds have a newer ISC DHCP server integrated that hopefully doesn't implode with a leases database. The kernel is patched to allow for Router advertisments on the WAN so that a default route to the internet exists. Kind regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Comcast IPv6 Users
Hi, Op 6 mei 2011, om 17:06 heeft Oliver Hansen het volgende geschreven: > I signed up for the IPv6 trial and was accepted. I then signed into the > Comcast trial website but am really at a loss whether it is available to me > or not. I'm willing to help test things if I can be of any help. I've just committed DHCP-PD support for pfSense 2.0 IPv6 which is what Comcast is using for it's IPv6 deployment. The only missing part at this point is integration of a FreeBSD patch [1] into FreeBSD 8.0 so that we can accept router advertisement even when forwarding is enabled. I've confirmed on my work bench that pfSense requests a DHCPv6 address and correctly handles the prefix delegation for the networks behind it. A windows laptop got the correct prefix assigned and ping was possible to the upstream router. I am now looking for pfSense users on Comcast with access to a IPv6 enabled connection. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Comcast IPv6 Users
Hello, I would like to know if there is anyone on this list with a Comcast cable internet subscription that has already had his/her connection IPv6 enabled. Kind regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] different network cards with different ip's all served by dhcp server.
Op 6-5-2011 10:57, J. Echter schreef: > Hi, > > i used IPCop before i switched to pfsense. in ipcop i had 3 network > interfaces (lan,wan,wlan) which all had different ip (192.168.0. , > 192.168.1. , 192.168.2.). these interfaces where served by the dhcp server. > > is this possible to achieve with pfsense 1.x? Yes > the goal is to keep wlan users away from our wired lan. See "Firewall Rules" Cheers Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Small hardware
Op 4-5-2011 10:49, Peter van Arkel schreef: > Hi all, > > I'm looking for something new to replace my current hardware (a very old > Dell-desktop, which breaks if I'm torrenting a bit too hard), preferrably > with low-power usage, 4x LAN (doesn't have to be > Gigabit) and with a bit of luck, also wifi. I have no problems with putting > the > thing together myself and if possible I'd like it to be as kind to my budget > as > possible :) Alix 2D13 with a VLAN switch. A procurve 8 port managed gig switch is 75. The Alix 2D13 is ~100 euro. Works fine for me. Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 2.0-RC1 installation problem
Op 29-4-2011 0:55, Lupel schreef: > Thanks for your answer Jim. My Dell R210 has the Broadcom NetXtreme > BCM5709, so I've been digging list archives for FreeBSD and pfSense > trying to find solutions related to this hardware. I've found this: > http://lists.freebsd.org/pipermail/freebsd-drivers/2009-June/000949.html > > I've disabled the management firmware but the problem persists: > installation hangs right after the ncurses interface starts at "waiting > for backend" message. > I've also tried to boot and install with pfSense 1.2.3 image and > everything worked just fine. Seems to be a problem with pfSense-2.0-RC1 > or at least with its installer. Is it possible? I have this on a variety of Dell servers with 2.0 RC1. PowerEdge 850 PowerEdge 860 All of these get stuck at 38% or so. The R310 I have here has a raid controller and seems to be doing better. The 850 and 860 models refuse to install to the single sata drive on the intel ahci controller. I've installed 1.2.3 and then upgraded that to 2.0 RC1. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] site-to-site VPNs not working under 2.0RC1 - maybe HA-related?
Op 24 apr 2011, om 23:34 heeft athom...@athompso.net het volgende geschreven: > On one end, amd64 2.0RC1 in HA (CARP cluster), April 21st build. Strange, I'm running both amd64 carps and i386 carps and I've had no issues. Since a number of IPsec changes have been made over the months I've found that sometimes pressing save after a reboot brings them online. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Question on vlan
Op 14-4-2011 10:26, Chris Buechler schreef: > On Thu, Apr 14, 2011 at 4:01 AM, Dave LaLong wrote: >> Hello List! >> >> I setup a vlan and am using dhcp-relay on my pfsense box. I cannot seem to >> setup a rule that will block the dhcp request. > > You can't, short of manually hacking the source. On interfaces where > the DHCP server or relay is enabled, a rule is automatically added to > allow traffic to it. May I suggest using "Deny unknown client"? Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 IPsec on Mac OS X 10.6
Op 11-4-2011 22:46, Paul Mather schreef: > On Apr 11, 2011, at 12:19 PM, Vick Khera wrote: > > Funnily enough, I had tried OpenVPN in this environment quite a while > ago (not with pfSense, though) but gave up because I couldn't get > Tunnelblick working smoothly. I don't remember exactly what problems I > was having, but I think routing and private DNS resolution seem to ring > a bell. Has the Tunnelblick client improved in the last two years or so? Viscosity works really well for me. No issues resuming from sleeping or hibernating either. Split DNS works fine too. > I figured folks would suggest using OpenVPN instead of IPsec. :-) I had > hoped to avoid doing that because I want to minimise the amount of > third-party client software I need to deploy. Plus, I don't know how > well-supported OpenVPN is on devices such as the iPad and iPhone. But, There is no support for OpenVPN on the idevices. Blame apple for not including tun tap support in their ios. My suggestion would be to contact Apple on getting that supported. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] can't block https://facebook.com via firefox
That's why you have firewall rules, you can block all outbound network access. In 2.0 you can use the hostname(s) as well. That should help. Deny all outbound access to ports 80 and 443, except from the proxy server. This has also proved to be a great deterent against malware as this blocks some drive by downloads. Direct http connections will then fail. Not something that blocks everything, but it works well regardless. Seth Op 22 mrt 2011, om 17:53 heeft Luke Jaeger het volgende geschreven: > Hello, > > I have squid configured as transparent proxy on my network. > > Students have figured out that if they use Firefox and set its internal > network settings to "no proxy", they can get to banned sites such as facebook > via https. > > Firefox is the only browser I know of that lets you override system proxy > settings, which we keep locked down. > > Is there any way to fix this? > > thanks - > > > Luke Jaeger | Technology Coordinator > Pioneer Valley Performing Arts Charter Public School > www.pvpa.org > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Problem with pfSense and curl
Op 20-3-2011 22:40, Adam Thompson schreef: > I don't doubt that Seth _has_ had success using one technique and not > another, but I would also like to know what kind of "state" he's talking > about. > Using the curl functions from inside PHP _should_ be equivalent to > invoking curl(1) from the command-line. There may be some difference in > default options, or perhaps the web UI tracks HTTP REFERER values...? As a variable to the curl commands. I use the previous url as a referrer and that works. State here being a script. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Problem with pfSense and curl
I use curl from within PHP with cookies and can succesfully login to the ui with that. You need something that keeps state and cookies won't do. Regards, Seth. Op 20 mrt 2011, om 21:45 heeft Jostein Elvaker Haande het volgende geschreven: > Hello, > > This isn't really directly related to pfSense, and isn't really an > error, just me trying to interact with pfSense in a non traditional > manner. In this case, I'm trying to use curl to semi automate some > minor tasks, but I'm already stopped at the entrance trying to log on. > > pfSense and its lighttpd installation doesn't seem to use basic auth > for logon, but instead relies on it's own built in authentication > mechanism through the PHP based web interface. And from what I see, it > uses the PHPSESSID stored in a cookie locally to verify the validity > of the current login. I've been able to send the login form, and store > the cookie, but when I try to access consecutive pages it just sends > back the «index.php» page as if the login had failed. > > This is what I'm using so far: > > curl -k --data-urlencode "usernamefld=admin&passwordfld=pfsense" -c > cookies.txt https://xxx.xxx.xxx.1/index.php -v > curl -k -c cookies.txt https://xxx.xxx.xxx.1/status_services.php -v > > Where «usernamefld» and «passwordfld» are the form fields for username > and password. The file «cookies.txt» was deleted prior to the > initialization of the commands, to make sure the file wasn't stale. It > doesn't matter which page I try to access, pfSense still sends back > what seems to be the login page. > > Now I might be going around this all wrong, and thus, I'm open to > suggestions to the method of approach I'm taking here. > > Thanks in advance. > > -- > Yours sincerely Jostein Elvaker Haande > "A free society is a place where it is safe to be unpopular" > - Adlai Stevenson > > http://tolecnal.net -- tolecnal at tolecnal dot net > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] AW: update bogons
Op 19 mrt 2011, om 05:41 heeft Chris Buechler het volgende geschreven: > There is an IPv6 bogons list that I think Seth may have in the IPv6 > branch already, if not it'll be there when it's merged for 2.1. Yes there is, it is actively updated once a month, together with the ipv4 bogons update. Beware though that the current IPv6 bogons table isa about 30k entries. We're going back to the internet of 1999 here, things are moving quite a lot. I would like to point out that the IPv6 branch has made significant headway since I started it in october last year. As always, because I needed the functionality. Still missing important dhcp6 client support or stateless autoconf on the WAN. That's not something I can easily chew off by myself. It doesn't help that I have no access to any Internet connections using it either. For people trying the IPv6 branch or images, all the v4 connectivity is maintained as it was before. If you want to setup and connect your LAN to the IPv6 internet the free tunnelbroker services are your best bet. There is no reason not to connect to the IPv6 internet, except for being lazy. Like most ISPs, with the useful exception ofcourse. I know it is something that should have been done sooner then later. It can't be helped with the sparse resources available. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RRD quits collecting
Op 9 mrt 2011, om 23:51 heeft David Burgess het volgende geschreven: > On Wed, Mar 9, 2011 at 3:49 PM, k_o_l wrote: >> Since I installed 2.0-RC1 last Friday I’ve noticed RRD at least on two >> different occasion stopped collecting data see attached. > > http://forum.pfsense.org/index.php/topic,33154.0.html I wish it made sense really, somehow processes are getting stuck with no apparent visible clue as to the cause. Most notably top which I use for gathering the CPU stats and sometimes rrdtool waiting for a lock on a rrd. We've been using this approach for the better part of 3 years and why it's stopped working now as it is astounds me. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 RC1 Nanobsd Problem
Op 6-3-2011 23:26, Bao Ha schreef: Hi Bart, Thanks for the note. According to the forum, it should not be a problem. :-( It is not. When we first got the reports of corrupted CFs, we just overnighted new ones. Then, those died shortly, within a week or two. We replaced a complete system: systemboard, memory and CF. Why are you shipping cheap CF cards without wear levelling? I have run a full install on a Lexar 1GB CF for over 4 years before the CF card died. I've also run into the "CF without wear levelling" issue. Get a proper CF card. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: throughput tuning in 2.0
Op 4-3-2011 7:30, David Burgess schreef: On Wed, Mar 2, 2011 at 11:21 PM, David Burgess wrote: On Wed, Mar 2, 2011 at 2:44 AM, David Burgess wrote: the NIC is sending and receiving a total of about 530 mbit x2 during the test. This gets worse I'm afraid. Well, some good news. I have reinstalled this system fresh (after trying 1.2.3--no NIC driver :( ), and I'm now seeing the expected LAN>WAN throughput of 900+ mbps sustained. Either something has changed in the latest snaps, or I had a bad setting. I had done not much besides tighten up non-LAN firewall rules a bit and turn on powerd. Now I'm wondering if I had enabled NIC checksumming. I'll play a bit and find out what difference that makes. The current 2.0 snapshots have a different driver for the Intel gigabit cards. We switched to the Yandex drivers to debug driver issues with the Intel supplied ones. This has fixed performance issues for a number of people but introduced other issues for a number of others. You can't win them all. We'll leave this for atleast a week or so until we have a larger sample set. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput tuning in 2.0
Op 2-3-2011 3:44, David Burgess schreef: 2.0-RC1 (amd64) built on Tue Mar 1 15:52:28 EST 2011 Core i3 550 3.2 GHz 4GB RAM Intel GBE I'm seeing atleast 600mbit of iscsi throughput through a Dell R310 with this processor, 4 port igb card and 2 bce onboard. I'm routing it from one interface to another although it's destination is also a VLAN on that other interface. Maybe that's where the issue lies. I have not performed testing from one interface to another without vlans. I am seeing roughly 200mbit sustained during the backups at night. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 2.0-RC1 now available!
Op 1-3-2011 12:42, Jorge Fábregas schreef: On 02/28/2011 11:02 PM, Chris Buechler wrote: http://blog.pfsense.org/?p=585 Thanks Chris. I've been using the beta for a while (updating it thru the WebGUI). By updating this beta...will it be the same as this RC1? or is RC1 from another tree now? RC1 is the same branch as before, what used to be tagged as BETA5 became RC1 over the weekend. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP IP Not Registering MAC Address or Switch Disregarding CARP MAC Address -- Maybe???
Op 10-2-2011 4:18, Vaughn L. Reid III schreef: 1. All the Master and backup status notifications in the web interface on both PFSense boxes show the correct status 2. I'll do a packet capture tomorrow and see if the carp-heartbeat shows up I was unaware that any Carp related traffic passed between any of the interfaces except the one designated as the synchronization interface. I need to double-check the multi-cast configuration on the switch tomorrow also ( I think I have multi-cast enabled on the switch, but need to confirm that). Yes, some switch support multicast filtering, I know from experience with HP switches that it works with the setting on. So I know they have it implemented correctly. This way not all switch ports get the carp traffic unless they participate in the multicast group. This cuts down on broadcast a lot. I recommend the HP switches, they have never given me any grief as long as I've worked with them. I even have a carp cluster spanning 2 building across the street over a fiber connection. It just works. If you need a managed switch on a budget I can confirm that the HP Procurve 1810-8G works well. It's web managed, supports vlans and basic traffic counters. It is also fanless. The smallest I have in use on a carp cluster is a Procurcve 2650 in combination with a 2900-48G. The biggest I have is a 8212zl. Do note that the software in the 1810 differs a lot from the other managed switches. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE : [pfSense Support] Bug in PfSense 1.2.2 with 2 default routes
Op 27-1-2011 12:56, VAUCOURT Johan schreef: Should I understand this is not fixed in 1.2.3? If so I better keep the fix closely as we're planning the move to 1.2.3. Correct, this is not in 1.2.3 either, you will need to make the same fix there. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Got ipv6 working
Op 26 jan 2011, om 21:54 heeft Charles N Wyble het volgende geschreven: > Now I want to utilize my /48 and do prefix delegation, multiple vlans > etc. Anyone doing this with pfsense? Also is anyone doing firewalling of > v6 in pfsense? Does the pfsense book cover any of this? I saw your post on NANOG and your mention of pfSense. Yes, I'm doing that. I have a IPv6 carp in the Xs4all DC in .nl where our webserver, NS and mailserver lives. It's not a HE.net tunnel but native ipv6 connectivity there but it works just the same. At home I just have the /64 from HE.net. At my work place we have 3 networks, a /56 and 2 /48 from HE.net tunnelbrokers. You can just assing /64 networks out of that /48 or /56 on your LAN as long as the upstream has a route for your networks. In the case of HE.net that is already handled through their tunnel broker. At work though I needed the manually create a static route on the upstream to point the networks back in so the internet can find them. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bug in PfSense 1.2.2 with 2 default routes
Op 26 jan 2011, om 21:02 heeft VAUCOURT Johan het volgende geschreven: > > I temporarily fixed it by getting only the IPv4 default route (add "-f inet" > to the netstat options). That did the trick for me. This is what the code in 2.0 currently does as well. I committed that just a few weeks ago. In my pfSense 2.0 tree with ipv6 support I also do this. You can keep track of the progress in the pfSense IPv6 board on the forum. Kind regards, Seth
Re: [pfSense Support] outgoing gw to be vip
Op 24-1-2011 14:39, Shibashish schreef: Hi, I have a mail server running on a vip which is natted to a real-lan ip. I have added the VIP in load-balancer option and added my lan server as the virtual-server-pool. But now my outgoing traffic is taking the ip of firewall as the firewall is its gateway. I want to set the vip as the outgoing ip for all the mail traffic... how do i change/set this? Have you tried using 1:1 NAT? That should make the traffic use the correct VIP. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense routing
Op 21-1-2011 13:19, Danny schreef: Yes. ip route 0.0.0.0 0.0.0.0 FasthEthernet 0/0 err, no, there should be route to the public netblock you are using on the LAN behind pfsense, pointing to the WAN of pfSense which will be in the Cisco LAN subnet. Also note that Ciscos have really long arp timeouts of 15 minutes by default which can cause long delays before it is being picked up. I bet you didn't reboot the Cisco yet. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] MHz myth?
Op 18-1-2011 4:32, David Burgess schreef: Putting encryption and the various pfsense packages aside, can anybody tell me (based on theory and/or experience) what kind of comparative routing throughput I could expect to see from say an Athlon X2, Athlon II X2, Phenom 2, Atom D510, Pentium D, Celeron D, Core Duo, Core 2 Duo, Pentium G6950 and a Core i7, all dual-core and controlling for NIC and core clock differences? They are not comparable, a Geode 500Mhz is good for about 70, a 500Mhz PIII was good for about 250, a intel D510 is good for about 400, a C2D (2.13) should be able to do 600-800 depending on motherboard. I now have Core i3 3.2Ghz firewalls, clockspeed rules, not in the absolute sense, but prefer clockspeed over cores. I have no idea how fast these go yet. It has just 6 gig ports so I really don't know what the fastest it can do is. It should easily do gigabit wirespeed. If you can choose between a higher clocked dual core or a lower clocked quad. Take the higher clocked dual core. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ftphelper in 2.0-Beta5
Hi, Op 16 jan 2011, om 18:16 heeft Christoph Hanle het volgende geschreven: > On 16.01.2011 17:55 Seth Mos wrote: > >> I do know that passive FTP on a router without NAT is currently a issue. >> Active works. >> >> Regards, >> >> Seth > THX, changing to active ftp did the job, but this wuergaround was not > the desired answer (-: . I know it isn't. > You wrote that it passive ftp on a router without NAT is an issue, but > my testing box has NAT. Since I first reported the issue I assume someone is attempting to fix and has changed the effects :-) Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] ftphelper in 2.0-Beta5
hi, Op 16 jan 2011, om 11:46 heeft Christoph Hanle het volgende geschreven: > Hi all, > What am I missing ? In 2.0 we have a in-kernel ftp helper. The old userspace program is gone. Try switching passive ftp on or off. I do know that passive FTP on a router without NAT is currently a issue. Active works. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Blank RRD traffic graphs with VLANs in router mode
Op 11-1-2011 18:00, Lan Tran schreef:
ello,
I'm running version 2.0-BETA5 (amd64) built on Fri Jan 7 02:54:00 EST
2011 and builtin RRD traffic graphs are blank when pfSense is acting as
a router ("Disable all packet filtering" option is checked). The graphs
work fine when I run it as firewall. I need to be able to get traffic
(bandwidth usage) stats on the VLANs with pfSense acting as a router.
WAN port is assigned with a static ip and untagged. "VLANS" port is
trunked and connected to Cisco switch. Please let me know if more info
is needed. TIA.
We started using the pf counters for the traffic statistics because they
are 64bit and do not wrap as easily as the OS counters do.
Regards,
Seth
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Embedded hardware recommendation - Fan-less andmany NIC ports
Op 5 jan 2011, om 05:14 heeft Angus Scott-Fleming het volgende geschreven: > On 17 Dec 2010 at 3:26, Kevin Tollison wrote: > >> I had a quote for the 7535 a few months ago. $459 IIRC barebones. This was >> from the >> manufacturer. If you want the guys info I will forward it. I do plan to try >> one of these soon. > > Would love to see the quote. Forward off-list if you can't post the entire > thing here. Our is in production for a while now at work and it's performing to expectations. The power consumption wasn't too bad, but easily 20 or 30 watts. I benchmarked the performance of the thing in the forum. You should be able to find it. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Auto-update Check fails
Op 24-12-2010 13:03, Eugen Leitl schreef: On Thu, Dec 23, 2010 at 10:42:34PM -0500, Jim Pingle wrote: This should be working again now. If it doesn't, let me know. There was an issue with the update server, but it should be fixed now. No 2.0 as Xmas present this year? I've been upgrade testing my carp cluster this week and found some glaring issues. I don't see this happening really, a RC could be possible, but that's unlikely too. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Hi Sean, Op 23-12-2010 14:01, Sean Cavanaugh schreef: ?>-Original Message- From: Sean Cavanaugh Sent: Wednesday, December 22, 2010 7:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6? Verified with wireshark that the DHCPv6 requests are going out but I am not seeing any response from pfsense for them. DHCP Log shows (blanked out part of address): Dec 23 07:18:36 dhcpd: Listening on Socket/14/em1/2001:470:7:XXXx::/64 Dec 23 07:18:36 dhcpd: Sending on Socket/14/em1/2001:470:7:::/64 Thanks for helping out with this, I've had a heck of a time troubleshooting this in my test setup and had been unable to verify it's operation. I do have rtadvd configured to tell the hosts to use "managed" e.g. dhcp for ipv6 configuration, but it always falls back to autoconfig. and no other DHCPv6 entries I think I need to add other firewall rules for traffic to leave the pfsense box, specifically for dhcp v6. I am not sure what rules I exactly need for that. What I have not tried yet is disabling pf using "pf -d". Maybe that dhcp succeeds without pf in between. I think that dhcp v6 uses port 567 but I'm unsure. Your help in troubleshooting is greatly appreciated. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPsec tunnels and failover.
Op 22-12-2010 16:15, Vincent Hoffman schreef: I'm already using a CARP address as the VPN endpoint. So the failover will fire up racoon on the backup node, or do i need to have racoon started on the backup node already and it just wont negotiate until its master for that CARP interface? The carp backup always has racoon started and configured but the backup will never see the traffic until failover. At that point negotiation should just start over and go. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Op 21-12-2010 22:50, Sean Cavanaugh schreef: ?ok. I got past the gitsync by hitting enter and letting it actually continue. now after the sync I get the nice error "Parse error: syntax error, unexpected T_SL in /etc/inc/vslb.inc on line 291 " Oops my bad. I merged up with the current 2.0 code and I butched the merge. Fixed. this shows up in both console mode and in the web interface as well as shuts down all firewall services. I also noticed that lighty and apinger are still the wrong versions and don't include ipv6. To replace lighty and apinger. cd /usr/local/sbin fetch http://iserv.nl/files/pfsense/apinger fetch http://iserv.nl/files/pfsense/lighttpd cd /usr/local/lib/lighttpd fetch http://iserv.nl/files/pfsense/lighty.so.tgz tar -xzf lighty.so.tgz restart webconfigurator using option 11. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPsec tunnels and failover.
Op 22-12-2010 11:22, Vincent Hoffman schreef: At work we've a couple of servers running a synced pfsense cluster with IPsec tunnels to 2 other pfsense firewalls. While I can see that CARP syncs the configs across within the cluster I cant find anything that specifically says that if the primary node dies the ipsec (racoon) demon will start up automatically on the backup, and since its in production now I cant easily get permission to test. Can anyone confirm that if the primary dies the secondary will start up racoon and re-establish the IPsec tunnels, or if this is a manual process? So far management has been very impressed with pfsense so I can finally sneak FreeBSD into production here;) Use one of the CARP IP addresses as the endpoints, then it will negotiate the tunnel again with the other node. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
Op 21-12-2010 1:52, Sean Cavanaugh schreef: after that, it asks if I want to sync with master which doesn’t do anything. It says press enter if done. Press enter. ;-) The procedure for entering custom urls is that you enter it the 1st time, accept and then press enter to signal it to start. After that it should promptly start syncing. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 BETA4 : IPv6?
There is a post in the forum, to my git branch and instructions for support on 2.0 BETA http://iserv.nl/files/pfsense/ipv6/ I'm currently using it in production on a carp cluster and appears to work fine for basic firewalling. Regards, Seth Op 20 dec 2010, om 20:19 heeft Bart Grefte het volgende geschreven: > IPv6 support does not get in pfSense till v2.1 > pfSense itself does not offer support (yet), the underlying OS (FreeBSD 7.2 > in my case) does :) -> > I managed to get an IPv6 tunnel working in pfSense 1.2.3, while the clients > hooked up to my network can use that tunnel. > > > Bart > > -Oorspronkelijk bericht- > Van: Xavier Beaudouin [mailto:k...@oav.net] > Verzonden: maandag 20 december 2010 18:45 > Aan: support > Onderwerp: [pfSense Support] pfSense 2.0 BETA4 : IPv6? > > Hi there, > > I have update my gateway from m0n0wall to pfSense 2.0 BETA4 to make a better > and faster gateway (moved from a wrap to a amd 4020e)... But I have saw that > Beta 2.0 should have IPv6 support but no luck I didn't found it... > > Cheers and happy xmas. > > Xavier > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > __ NOD32 5718 (20101220) Informatie __ > > Dit bericht is gecontroleerd door het NOD32 Antivirus Systeem. > http://www.nod32.nl > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Embedded hardware recommendation - Fan-less andmany NIC ports
There are pictures and a thread of mine on the forum for the dual core 7535 unit with 6 ge ports. It's currently in production to full satisfaction. Regards, Seth Op 17 dec 2010, om 04:26 heeft Kevin Tollison het volgende geschreven: > I had a quote for the 7535 a few months ago. $459 IIRC barebones. This was > from the manufacturer. If you want the guys info I will forward it. I do plan > to try one of these soon. > -- > Kevin Tollison > > Sent from my Blackberry > > From: Bruce B > Date: Thu, 16 Dec 2010 22:19:50 -0500 > To: > ReplyTo: support@pfsense.com > Subject: Re: [pfSense Support] Embedded hardware recommendation - Fan-less > and many NIC ports > > Thanks guys. I never seen these devices. They seem promising. I don't think > they can do a PCI(x) card right? Not miniPCI. But I am very interested to > know the price for these units. I don't see it listed on their site. Do you > know their main distributers and online resellers? > > P.S. If this an Atom board/Intel CPU, how come there are 6 NIC ports on them? > Have you guys pried open one of these? > > Thanks again > > On Thu, Dec 16, 2010 at 7:10 PM, Maik Heinelt wrote: > On 2010/12/17 8:55, Bruce B wrote: > Hi Everyone, > > I am looking for an idea board which would include 4 or more NIC ports, > support PCI(e) card, 1GB embedded RAM, fanless, 1U format fitable, CF card > support, fit two pfsense in one case for CARP. > > I think above are too idea and I might not be able to find any. But I am > giving this a lucky shot here. The closest I found is the Alix2d13 and > Sockeris net5501. > > Alix2d13 has only 3 NIC ports and not really idea. But it has built in > support for VPN AES-128-CBC which works great and I use a lot of VPN for > admin. It's also of great price. But it lacks a PCI slot. I was thinking of > adding a PCI(x) card to the board. > > Sockeris is a little over-board with the price specially with it's case and > everything. But it does have 4 NIC ports and a PCI slot bu I think VPN is yet > another miniPCI card purchase which puts the price for this close to a Via > (with FAN) board. > > I am open to any and all suggestions for anything close, exact, or above the > specs I have asked for. > > I want to stay away from anything with FAN as there are more components to > die. Oh, and I would really like some sort of RAID for CF card or IDE support > as it will make the ultimate router box. > > I also like Adapters made in a smart way which take less space, and stuck to > the power bar rather than being chunky and falling of the power bar in the > data center. > > > Please enlighten me with your suggestions. > > Thanks > > > Do you know about the Lanner devices? > We use it for some costumers and would say it is really good quality. > It has 2x Gbe & 4x 10/100 ports and speedy 1.6 GHz CPU. > > Take a look on it! You can use an IDE HDD, nor CF-Card. > Memory with some devices max 4GB, but for almost of all of it 2GB DDR2 > Here is a link: http://www.lannerinc.com/Network_Security/FW-7530 > > Maik > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org >
Re: [pfSense Support] MAC based Access Control
Op 29-11-2010 10:51, James Bensley schreef: I think it would be an useful feature to have; if you have a pfsense box at the end of a leased line, private virtual circuit or vpn, it would be good to check the device at the other has x MAC address to try and rule out any security features like a MITM attack or something like that... Just my two pence on that anyway. pf can not filter by MAC address. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] LCD driver for TEAK 3035S
Op 22-11-2010 10:43, bsd schreef: Hello Gavin, From my point of view (and as far as I am informed) you will have to build your own LCD driver. As a reseller of this hardware, I was in touch with the manufacturer, and I think you will have to use the provided C program and example (provided with the driver CD) in order to build your own drivers (unless you know the LCD chipset and ref they are using, but It looks like they might be using some not so common HW)… If you want we can try to sponsor something in order to have It work… ? I'll try to get in touch again with the manufacturer to try to have precise info about the LCD model they are using. Try to find out what sort of emulation the screen uses, most likely it will use one of the existing drivers for output. Each driver is specific to a display, most communicate via serial, usb serial or parallel port interfaces. You will need to find out if it uses a existing signaling method via the supplier. If it does not use some sort of existing signaling I would press the vendor for providing a lcdproc driver. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RRD graphs / Quality - Shows 2 WANs
Op 22-11-2010 9:03, Jeppe Øland schreef: $ ls -l /var/db/rrd/ total 5000 -rw-r--r-- 1 nobody wheel 47608 Nov 22 00:01 WAN-quality.rrd -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 ipsec-packets.rrd -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 ipsec-traffic.rrd -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 lan-packets.rrd -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 lan-traffic.rrd -rw-r--r-- 1 nobody wheel 727424 Nov 22 00:01 system-memory.rrd -rw-r--r-- 1 nobody wheel 243328 Nov 22 00:01 system-processor.rrd -rw-r--r-- 1 nobody wheel 243328 Nov 22 00:01 system-states.rrd -rw-r--r-- 1 rootwheel3465 Nov 21 22:56 updaterrd.sh -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 wan-packets.rrd -rw-r--r-- 1 nobody wheel 47608 Nov 21 22:52 wan-quality.rrd -rw-r--r-- 1 nobody wheel 194776 Nov 22 00:01 wan-traffic.rrd Looks like something decided to change the WAN interface name to all caps ... Where is that name stored? I think that's a change that was done recently where the interface name has been pulled through strupper(). That will need to be reverted. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RRD graphs / Quality - Shows 2 WANs
Op 22-11-2010 8:38, Jeppe Øland schreef: Never seen this one before. Hi, Now when I look at the RRD graphs, something is funky. Traffic and Packets show as expected ... but Quality has 2 sets of graphs. The drop-down to select an interface shows 2 WAN entries. What version are you on? I assume it's a bug ... maybe related to the move and WAN getting a new MAC. Can I clear one set of the values? (or merge it to the other?) Merge, No. You can however delete on of the 2 databases from /var/db/rrd/ Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] how to manage 2 subnets for LAN ?
Hi, As we use an Alix 2d3 board with 3 ethernet interfaces, there is one free at now : could we use this OPT interface to manage backbone network, with an address in its subnet 192.168.1.0/24, and put an address from 192.168.2.0/24 subnet on the LAN interface to serve clients, provided these two LAN and OPT will be connected through a switch to the first antenna of the backbone where all traffic is passing ? I think you want a managed switch that has vlan support. You can then use the 3rd port on the alix for connecting all the vlans. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] LCD driver for TEAK 3035S
Op 10-11-2010 10:39, bsd schreef: Hello, I am reselling hardwawre on my website http://www.osnet.eu/ One of my client has requested to have the ability to use the LCD display for this device. Hardware manufacturer has provided me an application in C which allows communication with the LCD and has added the following informations: "About the application, I have attached an application code for your reference. The Teak 3035 uses the serial port 1 to communicate with the LCM. So, there is no need of extra driver, just use the built-in driver. Modify this application to meet your customer's application OR use this code to test the LCM." There is a LCD proc package, if the serial port is detected by pfSense you can succesfully configure it by installing the lcdproc package. Kind regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Assign custom Gateway
Hi Ryan, Sorry, no, that is currently not possible. I doubt there is much demand for this feature. Regards, Seth Op 5 nov 2010, om 22:31 heeft Ryan Rodrigue het volgende geschreven: > > From: Ryan L. Rodrigue [mailto:radiote...@aaremail.com] > Sent: Friday, November 05, 2010 9:16 AM > To: support@pfsense.com > Subject: [pfSense Support] Assign custom Gateway > > Is there a way in PF to have dhcp assign a custom gateway in the static dhcp > setup. > > A little info on what I am trying to accomplish > Most users get IP address for normal gateway with normal restrictions and all. > Some special users get an IP on the same network, but a different router with > different restrictions and captive portal login. > The easiest way I could see to do this is to simply use two routers and > assign them accordingly. > I suppose 1 router would work, but I want only a few specific machines to use > captive portal and most machines to bypass CP. This is kind of opposite to > what most people do. > I could also use VLAN and segrigate this computer, but I want them to share > all network resourses expecially itunes and a weird network printer that > doesn’t seem to like traversing routers. (The printer doesn’t even have a > place for a default gateway, how weird is that?) > > I am really just trying to keep things simple. > Thanks for any suggestions. > > > > Sorry, I read what I wrote and realize clarity is not one of my strengths. > Under the dhcp server I can add a static map. Is there a way to add a > different gateway just for this static map. > I am running PF 1.2.3 Release. Perhaps in version 2? > Thanks for reading and any help you might be able to provide. > > > __ Information from ESET NOD32 Antivirus, version of virus signature > database 5593 (20101105) __ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com
Re: [pfSense Support] IPv6 support
Oops, forgot. It's the thread, not the exact post. But that should get you started. http://forum.pfsense.org/index.php/topic,26469.0.html Regards, Seth Op 31 okt 2010, om 21:41 heeft Nathan Eisenberg het volgende geschreven: >> The entire instruction for getting my code are in the forum post, basically >> just run option 12 from the shell and then playback gitsync. >> Enter the custom Git url and it should take just 5 minutes. > > Cool! Link to the forum post? I searched, but did not find. > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IPv6 support
Op 31 okt 2010, om 21:16 heeft Nathan Eisenberg het volgende geschreven: > > That's all I need - interface addresses and firewall rules! Thank you! Thank > you! Thank you! Come to Seattle, and I will buy you a beer! > > When can I have it? :D Right now, gitsync against my git repo and it should just work, over the next couple of weeks you should see more support coming. The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. If at some point you are not satisfied you can just run gitsync against the official url or just run the autoupdate. Regards, Seth
Re: [pfSense Support] IPv6 support
Op 31 okt 2010, om 21:16 heeft Nathan Eisenberg het volgende geschreven: > > That's all I need - interface addresses and firewall rules! Thank you! Thank > you! Thank you! Come to Seattle, and I will buy you a beer! > > When can I have it? :D Right now, gitsync against my git repo and it should just work, over the next couple of weeks you should see more support coming. The entire instruction for getting my code are in the forum post, basically just run option 12 from the shell and then playback gitsync. Enter the custom Git url and it should take just 5 minutes. If at some point you are not satisfied you can just run gitsync against the official url or just run the autoupdate. Regards, Seth
[pfSense Support] IPv6 support
Hello, I've been working on IPv6 support for pfSense over the past week and have some questions on the importance off certain bits. Ofcourse I can't do everything at once but I can certainly work in some order. What I have now does: native ipv6 static on wan and lan. Route announcement on LAN if you enable DHCPv6 this does stateless config ability to terminate a he.net ipv6 over ipv4 tunnel and use the public subnet on the lan. Ability to add firewall rules for ipv4 and ipv6 on the wan and lan Things I do not have support for: Pretty much everything else ;-) No stateless autoconfig support for wan (or dhcpv6) Announcing dns servers on the LAN All the vpn and openvpn services need fixing. I havn't tried yet. I am trying to get some feeling for what people need first before diving off into the deep end. If you have interest you can find the ipv6 post in the 2.0 forum. Feedback appreciated. Regards, Seth. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Cannot achieve 100 mbps Full Duplex (C2D, Intel NICs)
Hi, Op 21 okt 2010, om 20:06 heeft Christian Borchert het volgende geschreven: > I have a Dell Optiplex 745 SFF (Core 2 Duo) with an Intel PRO/1000 MT Dual > Port Server Adapter What might be happening here is the somewhat peculiar setup of the pci slot(s) on the Dell optiplex machines. For example, the x16 slot is not x16, it is x1. There are a number of odd shortcuts where I've hit those sort of limits before. I'd blame the optiplex. You might find that a bios update might sometimes bright a negligable improvement. I've bumped into a number of those things when I test with dell optiplexes which work fine in a entry level poweredge 850 but hit odd performance limits in the optiplex. The processor shouldn't be a issue. The 2.13 xeon in the poweredge 860 does 600mbps with a iscsi connection. I've also hit issues with a gx240 p4 box that wouldn't boot with 2 intel dual port mt cards in it. Regards, Seth
Re: [pfSense Support] Simply Query: Custom Definitions in pfSense?
Op 21-10-2010 15:20, James Bensley schreef: Hello All :D You are looking for aliases. Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
Op 16-10-2010 19:38, Glenn Kelley schreef: does anyone now a US based vendor for these items? their website lists a US phone number, perhaps that is a good starting point? http://www.lannerinc.com/Embedded_Systems/FW-7535 Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Enclosure recommendations for a Mini ITX Motherboard
Hi, Op 16 okt 2010, om 03:49 heeft Mehma Sarja het volgende geschreven: > This is getting interesting, someone on the list mentions that 2.5" drives > are not reliable for 24x7x365 situations - so are you using a 3.5" drive? My > setup is at home as well and it is just not fan noise - we see MUCH more dust > than a traditional server room. That fan is not going to last long. There are arguments back and forth about the use of notebook drives 24x7. They are designed to withstand shocks, most of the time the disk head is parked instead of flying over the platter. The also perform admirably without ventilation, I havn't seen a notebook with proper ventilation years. I think that all things considered the argument is moot. Everything fails at some points, even "enterprise" quality gear that costs a decent sized car. Fanless though, those things likely fail, you can buy a expensive consumer product fan but that will most likely still fail. I've used Pabst fans before and never ever seen one fail. Then again they cost a lot more as well. I believe a single 12cm is about 35 euros. I've recently built a Lanner Inc. FW7535 that will most likely outlast me. It's a dual core atom with 6 gig ports and runs from a 4GB Sandisk extreme 3 flash. I've loaded the full install on it instead of the nanonbsd version for my own reasons. It's silent, rugged, fast and it works really well. It's about 500 euros ex VAT though. It is proper industrial quality built. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Op 13-10-2010 23:55, James Bensley schreef: Thank you too all for your input. I think running two VMs on top of the host OS (although it would be nice) is too much overhead for my liking given the spec of the box. I like the sound of jailctl, I will give this a go and report back my findings ;) Approach it not from the overhead part, but from the flexible part. If, at some point, they require another server solution that wasn't available before you can setup a new VM instead. Since your budget is 0 to begin with that might not be such a bad starting point. VMs also allow for easy updates, upgrades and snapshots. That is, a firmware/software update gone wrong can easily rolled back. I've had a few awful experiences with home built all in one linux machines. And upgrades then tended to break everything at once. Joy. Depends on the person, skills and luck involved ofcourse. My all in one wonder is a Dell Optiplex 755 with a C2D 2.33Ghz and 8GB ram. A rather modest ESX machine if I say so myself. It runs ESXi 3.5 still. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense 2.0 and SpamAssassin
Hi, Yeah if you can run VMware ESXi on the box and then run whatever VMs you need, that's a good solution. Or you can look at the jailctl package and run a full jail for spamassassin and whatever else you want to throw on it. This is in production at one site atleast, a all in one wonder with VMs. The ESX box has just 1 network plug to the outside network, it runs 2 VMs for a carp setup and a virtual switch network where the server VMs run. It's done so perfectly well for over a year now. The carp is there so that firmware upgrades don't break connectivity. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN + Firewall Redundancy + UPS Redundancy (?) at entrance
Hi, Op 11 okt 2010, om 21:22 heeft Jim Cheetham het volgende geschreven: > > You'd be better off explicitly floating the idea of an R&D test rig, > where you can play with things in order to prove which will be best for > production later ... > > -jim On that point, I rebuilt and duplicated my entire work network from the inside vlan router to the external carp in ESX with pfSense. Makes testing, upgrading and debugging a cinch. The Free ESX variant is good enough for that. It lets you create virtual switches which is good enough to duplicate the entire setup. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN + Firewall Redundancy + UPS Redundancy (?) at entrance
Hi again, Op 11 okt 2010, om 20:23 heeft Andy Graybeal het volgende geschreven: > > Andrew, > From reading the PFSense book, I have now gathered that, like you just said, > having two ADSL providers is not a good way to go about redundancy. In my > case, one ADSL connection is free.. and I'm already in a 2 year contract with > the other ADSL provider. Note the different provider part. We have 2 50/50 business fiber connections from KPN which is the dutch ATT equivalent. Murphy works wonders when their entire PPPoA infrastructure fell over that took out all their FTTO and Business DSL. We also have 350 shops with that particular business DSL. Our only remaining connection at that point was a 6mbit sdsl from a different provider. Lucky us. Not so good for the shops where payment traffic halted. Bugger that. Shoot murhpy. > We don't have the luxury of fiber in my area, but cable is, we even have an > option for some type of radio and cell. I did kick myself this morning while > reading the book when I came to that section. Thank you for pointing it out; > it's duly noted and won't be forgotten. I'll chalk it up to newbness. You > were very kind in your message pointing it out like you did, not making me > feel worse than I already do. Cable is fine, our PR office in amsterdam has a 60/6 fiber for the VPN connection the main office and a 2nd business DSL wan from said provider for backup. > I admit, I've been lucky so far... the problems must have been on the > premises of the ISPs when the internet has gone down independently of > one-another a week a part recently. I had to manually switch our network > over, obviously. Not so lucky on my part, over the past 2 years they have backhoe'd through our sdsl (8 years ago) which was fixed in 4 hours. Which happened when we were getting our first fiber. Then through out existing fiber last year when laying a empty fiber pipe for a connection we already had. That was a bit harder to fix when they had to blow 2 kilometers of new fiber from the local PoP. We had to get by on 2 dsl connections for 2 days. Sucks having just 2mbit of upstream with 250 users and 350 shops. Then we got bit where their PPPoA service died a horrible death and 150 (then) shops were offline for almost 3 days. Heavy losses occured over those days. > Another funny thing, when our internet is down our credit card machines roll > over to using their modems.. which as I understand it doesn't make any > difference when the Hungry Backhoe strikes. We prefer IP traffic for everything, it's easy to bend the laws of physics with weird NAT shit and pfSense and make it think it's still connected and route it over wireless. Or the payment traffic from shops over backup isdn to route it around brain dead payment traffic firewalls. Going for broke here. > I fall in love with specific pieces of hardware way too much. We just buy dells, restoring xml configs is easy enough. Else run from the livecd instead ;-) Prepare for anything is my advice, shit will break in new and interesting ways that will not be covered by your containment. That said, Good luck! Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN + Firewall Redundancy + UPS Redundancy (?) at entrance
I'll have 2 firewalls, and 2 UPS's one for each firewall. As suggested before, cross the power supply cords between the 2 ups's. If you have the option of 2 power feeds in your DC then put each UPS on one specific. Alternatively there are great breaker strips that take 2 feeds and can put it into one plug so that you can still have both ups systems powered on if the A or B feed fails. These are about 150 euro or so. Each firewall will have: 1. a hot swap raid array (only two HD's set to RAID 1, mirroring). 2. two hot swap power supplies. Makes perfect sense, that's what I have. Now for the networking... I'll have two dsl modems. I'm going to guess that I should have two switches, one per modem. 2 connections coming from each switch, one per firewall. One switch with vlans work, but if you can get 2 seperate ones that works too. I havn't had HP Procurve switches die on me for years. In fact, there is still a 2424M out there servicing after 10 years. I'll need two IP addresses assigned to each firewall from my providers (total of 4 ip addresses from providers). These will be the CARP IP addresses so that firewall failover works. You will want to add more for splitting services perhaps. You might want to terminate lan -> internet traffic on a seperate carp ip to prevent nat overloading. You will need 1 extra IP address per WAN connection for each part of the firewall that participates in the CARP. If you have a /29 assigned by the ISP per DSL modem you are safe. Then I'll need a connection between each firewall for the pfsync. That is a total of 3 ethernet ports per firewall (2 wan, 1 pfsync) just for the redundancy; not including LANs. That is correct. Can the pfsync connection be a simple cross-over cable, to get away from needing another switch? Yes, some ports have cable length issues but 1meter is safe. I know CARP is in the equation, I'll get to that after I understand how I'm gonna hook this stuff up physically. See the book, it's recommended. No. Really. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Proxy Question
Op 5-10-2010 20:58, Anil Garg schreef: At my work, I have to enter: proxy.sucks.com:80 under the Tools>Options>network>connections>settings I would suggest setting up a proxy wpad host at work that provides the clients with that information. Setup a wpad.sucks.com website that has a wpad.dat file with the javascript proxy configuration script. When you get home the site doesn't exist and it just works. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: Allow Traffic Between Interfaces
Op 20-9-2010 1:16, Dave Warren schreef: In message Chris Buechler was claimed to have wrote: Firewall> Aliases. You should really get a copy of the book. :) http://pfsense.org/book Kindle? I like my dead tree edition when my internet isn't working. ;-) Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BGP
FYI, in pfSense 2.0 we stopped doing that and became a bit smarter about it. But hey, it was a version 1 product. Regards, Seth Op 18 sep 2010, om 17:21 heeft Nathan Eisenberg het volgende geschreven: > The interface rebuilds was an absolute killer for me. I've had to move our > shared firewall option on our dedicated servers to a different product, > because everytime I added a new customer and vlan, it dropped everyone on > that firewall for 10 seconds. Totally untenable. > >> -Original Message- >> From: Aarno Aukia [mailto:aarnoau...@gmail.com] >> Sent: Saturday, September 18, 2010 7:28 AM >> To: support@pfsense.com >> Subject: Re: [pfSense Support] BGP >> >> Hello Ermal, >> >> On Sat, Sep 18, 2010 at 14:38, Ermal Luçi wrote: We had full tables on pfsense for almost 2 years, but have now moved on to custom openbsd routers for that. Since you only want to use the >>> Any reason you switched to OpenBSD? >> >> Not specifically, I just disliked the way pfsense 1.2.3 handled interface >> (e.g. vlan >> interface) adds, where it removes all interfaces and rebuilds them again, >> dropping all neighbour sessions. That, and some quirks in the gui with full >> tables (static route add/delete wont work and status->interfaces hangs) and >> we >> got someone with openbsd know-how led to the decision for the routers. We're >> still running lots of pfsense firewalls though and are happy with them. >> >> Regards, >> Aarno >> -- >> Aarno Aukia >> Atrila GmbH >> Switzerland >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional >> commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> >> > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Benchmark tool
Hi, Op 7 sep 2010, om 21:24 heeft bsd het volgende geschreven: > > Results are somewhat similar… > > My main question is why when filtering is enabled do we loose 75% of the > throughput… When i benchmarked the atom D510 I got in the office last week with 6 intel nics I had 480mbit throughput with pf enabled, and 210mbit in full duplex. So maybe a bios update could possibly fix this. One of the thing to keep in mind is ofcourse that no Atom mainboard is the same, although they do commonly share the ICH8 or ICH9 or even the ICH9R on the supermicro. How many pci-e lanes they connect to the nics can differ between boards and models. Here is the benchmarks I did on that specific box. http://forum.pfsense.org/index.php/topic,27780.msg144750.html#msg144750 > Is this normal figures or not ? It should possibly be faster. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Appliance Recommendation for 100 Mbps (DOCSIS 3.0) Service
Hi, Op 1-9-2010 17:00, Michael Riglin schreef: have enough CPU power to support 100 Mbps and above. (Quality and future-proofing is more important than cost.) Well, if you search the forum for the Lanner FW7535 you should be able to find the benchmarks. This firewall platform is sold with either a single or dual core atom N410 or N510 respectively. The price is hefty though at about 600 euros without taxes. You do get a 6 gigabit port firewall that can do 480Mbps in one direction or 210 in both. You can add either a CF or a 2.5 inch notebook disk for installing pfSense. I'm pretty sure that there are way cheaper mini itx boards with dual gig ports and a atom processor. I saw a mini itx case with power supply for 59 euros. Alternatively a mini itx with a single gig port and a managed vlan switch like the Procurve 1810G-8 would still be cheaper alltogether and give you a nice gigabit lan switch in the process. Regards, Seth Thanks in advance to anyone who replies. Best regards, Michael Service link, in case there is an interest: http://www.shaw.ca/en-ca/ProductsServices/Internet/Nitro/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Large Aliases
Hi, Op 23 aug 2010, om 21:08 heeft Jim Cheetham het volgende geschreven: > Perhaps there's another way; what are you doing this for? Instead of > basing rules on a large set of aliases that you have to update > regularly, is there some other characteristic you can group your rules > by? (AKA 'describe the original problem, not just the one step you're > stuck on') Also, in 2.0 we have support for nested aliases. What you can do with this is pretty straightforward ofcourse. You can then update 1 specific alias which is part of the parent alias. This should make management a lot easier, the chances of error smaller and possibly the number of firewall rules smaller. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FW: Issues after update to 1.2.3-RELEASE
Hi, Do you have a firewall rule that allows traffic on the IPsec interface under firewall rules? Regards, Seth Op 12 aug 2010, om 20:17 heeft Austin G. Smith het volgende geschreven: > > I just performed an update on a 1.2.0-RELEASE-FULL firewall last night. > > Today we started having issues with traffic being denied from IPSEC VPN sites > outside of the internal pfsense networks. However, traffic is passing fine > from inside pfsense to the external IPSEC VPN sites. I can port scan from a > remote site to inside pfsense and show open ports, however nothing can > sustain a connection to the remote site. > > From what I can tell, It appears that Pfsense is not loading all of the > rules. I ONLY have a pass any rule for all of the internal networks, but yet > traffic is getting denied. The offending rule that generates the log entry > is “default drop all”. > > > Also, The dynamic view for the firewall rules is not functioning either… > > > Any help is mucho appreciated! > > Austin Smith, A+, NET+, SMBE, MCSA > (770) 543-0444 Direct Line >
Re: [pfSense Support] IPSec dies after more reconnects
Op 11-8-2010 9:17, Fuchs, Martin schreef: Hi ! I have 3 ipsec tunnels. One of these endpoints has bad wan-connectivity, so it connects some times day. This problem exists since a week. I had to restart my raccoon-service on the central firewall every day, because it is stopped there ? I have a firewall with ~380 dynamic tunnels and I see about ~10 updates for different tunnels per day on average and it appears to be working for me. It is also running 1.2.3-RELEASE. What might be happening for me is that it even if racoon dies, another update will start it again if it is down. So I might not be noticing it enough. What I do see is that once every month or so the IPsec stack will get confused and setkey fails until I restart the machine. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi WAN - Failover doubts.
Op 11-8-2010 7:09, Chris Buechler schreef: On Tue, Aug 10, 2010 at 5:08 PM, Fabricio Ferreira wrote: Thanks Everyone! Actually I made it work, but not using the same monitoring address on both interfaces. Yeah you can't do that, as the monitor IP always is forced out only one connection (I think the book is probably the only place that documents that). 2.0 adds input validation to not allow such configurations. That probably means that the check I coded for 2.0 isn't kicking in. I used to have input validation that would deny a monitor IP which was used before. Although I think it will fail in some fashion with multi dhcp wan where the gateway is the same. I can probably easily test that. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Help with Wireless Setup
Op 11-8-2010 6:12, Chris Buechler schreef: On Tue, Aug 10, 2010 at 11:10 AM, Chris TheEnd wrote: Hi, You can try different settings on the card, like if you're using channel 'auto', try picking a specific channel and see if it persists. Also may want to try 2.0 as it has a much newer FreeBSD base and its ath driver may not suffer from whatever problem you're encountering. That reminds me, somewhere on a early 8.0 build I had my Alix crash when I tried to configure a AccessPoint with the channel set to auto. Iirc I did file a report somewhere. Can't recall if anything came from it. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Monitoring pfSense
Hi, I still need to write some curl code to monitor my own pfSense 2.0 systems at work. Hopefully I'll get round to that tomorrow and i'll post some PHP curl code to do so. Regards, Seth Op 10 aug 2010, om 17:42 heeft Chris Buechler het volgende geschreven: > On Tue, Aug 10, 2010 at 7:59 AM, Mark Wiater wrote: >> Hi, >> >> I use Rancid (http://www.shrubbery.net/rancid/) to keep track of changes to >> my firewalls. >> >> To make Rancid work with web based tools, I wrote a script for Rancid that >> accesses the web interface's diag_backup.php. That worked fine wth 1.2.x but >> no longer works with 2.0, (login issue). >> > > That will still work, just not in the same way. > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] iPad ssl vpn client
Hello, Just inquiring here, does anybody already know of a SSL vpn client that works on the Apple iPad devices? Viscosity on the Mac works great, but that doesn't apply to iOS. I see mentions of a Cisco and Juniper client, but no idea if these can be made to work with pfSense. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PFSENSE 2.0
Hi, Op 4-8-2010 17:40, Curtis Maurand schreef: On 8/3/2010 11:15 AM, Eugen Leitl wrote: You could probably mitigate some of the writes to disk by having the logging sent to a syslog server elsewhere inside the house that is using traditional write media. That should lengthen the life of the SSD at least until the next generation of SSD comes along that has no write limitations. Really, the whole SSD write issue is not too relevant based on the size of your SSD drive/CF card. It is widely known that flash has limited write cycles, 10.000 is common for current MLC flash. So if you have a 8GB flash card, of which 200MB is allocated by a pfSense image that leaves ~7.5GB free unused cells. The wear levelling in Flash Drives and CF cards will use these unused cells to spread the writes. What this effectively means is that the with 10k write cycles per cell the actual longevity is multiplied by a factor of 7.5. The situation with even larger ssd drives is even better. You install pfSense to a 40GB Intel X25-V, which effectively means that you won't live long enough to see it fail. Do note, that if you ever write the device from start to end that this negates the wear levelling. It then only has the spare cells on the drive or card to remap blocks (~7%). On that note, my much used 1GB lexar 133x CF card I bought when I joined the pfSense project in late 2005 is still fine after running pfSense versions from pre 1.0 to current 2.0BETA4. It's been reflashed a lot, and it's always been running a full install. Because then I can gitsync the installation. According to the pessimists the card should have stopped working atleast 3 years ago. Luckily the world isn't so grim. The CF cards I purchased with a few Alix systems at work though, they stopped working within 3 months. That was with the embedded image that doesn't write to the CF. Which leads me to believe they were exceptionally bad. The Kingston 8GB premium cards in there appear to be perfectly fine. It also seems to have rid them from lockups. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] problem with 2.0BETA[34] and usb
Hi, Op 3-8-2010 20:16, Nenhum_de_Nos schreef: hail, all tests now are on BETA4. anyone has any clue ? this is a via mini itx crusoe based mobo. Have you considered a bios update? Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Finding patch rejects...
no, if it finds any it will stop. Regards, Seth Op 25 jul 2010, om 03:01 heeft support-pfsense het volgende geschreven: > Hi all > when i follow the document > http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso > install freebsd 8.1 , update source, etc > then run > #./set_version.sh RELENG_8_1 cvsup.sg.freebsd.com > # ./apply_kernel_patches.sh > it says: Finding patch rejects... > > Is there something wrong? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bandwdith usage since start of month?
Op 19-7-2010 8:42, David Burgess schreef: On Mon, Jul 19, 2010 at 12:34 AM, Seth Mos wrote: Except the monthly graph shows a gap from the previous week when looking at the current month. Screenshot in the forum: http://forum.pfsense.org/index.php/topic,26789.0.html No screenshot, but that should not be related to the graphing. May have something to do with me updating the firmware right at the end of the gap. Unsure, what I do see is that my week graph is not working either way. That needs to be fixed regardless. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bandwdith usage since start of month?
Op 19-7-2010 7:34, David Burgess schreef: On Sun, Jul 18, 2010 at 10:30 AM, Seth Mos wrote: So at first glance the RRD Summary could be reconcilable with my ISP's figures, while the RRD Graph numbers cannot be. Intruiging, I'll have to look into it. Interesting that RRD Summary reports In traffic as higher, but out traffic as lower. Also, I appear to be missing all the graph data from last week. There might have been a math bug that meant you went 1 period forward instead of backwards. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bandwdith usage since start of month?
Hi, Op 18 jul 2010, om 09:14 heeft David Burgess het volgende geschreven: > On Wed, Jul 14, 2010 at 1:06 AM, David Burgess wrote: > >> July 23: Same thing, package will neither function nor delete. I see >> this at the bottom of the page when trying to remove the package, even >> after doing a /etc/rc.conf_mount_rw on the command line: > > I just updated to the July 17 snapshot, installed the package, and it > appears to be working and reporting correct figures. Thank you. In other news, the RRD graph presentation in 2.0 has changed over the weekend. You can now select the graph from start of the month as well as the previous full month. I need some verification that the numbers add up though. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] root not found on cold boot 2.0
Op 10-6-2010 9:29, David Burgess schreef: On Thu, Jun 10, 2010 at 1:21 AM, Seth Mos wrote: I just got mine back from a 7/8 repair, so I'm going to assume they did their job and that's not my issue at this point. What I was seeing before the repair was the disk light coming on solid on a cold boot. I would have to very quickly cycle the power, interrupting it for less than a second, then it would boot fine. I also had some corruption on the console, like repeated or random characters. Maybe your problem has something to do with this? Looks my issue is http://www.soekris.com/issue0005.htm I'll whip out the soldering iron and have a look. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] root not found on cold boot 2.0
Op 10-6-2010 3:26, David Burgess schreef: Hardware is a Soekris net5501 bios 1.33c with a Lexar 2G CF and no added hardware. I suppose the issue is more software than hardware related though, since the boot loader is found and a reboot functions as expected. Intruiging, I have a Soekris net5501 from one of the first series. It always fails to cold boot when it's been off for an hour or so. All the LEDs on the front of the Soekris stay lit. Then I pull the plug and reinsert after 10 seconds or so and it boots fine. No idea if it's related. I should really update the bios on this thing. Mine has a 1G lexar CF (133x). Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] XBOX live not working with public IPS on MY LAN
Op 12-5-2010 3:13, Chris Flugstad schreef: Cool. I didnt think anything special would have to be done. Its prolly a "personal" problem that the client isn't hookin up with there freinds on xbox live. i havent a clue. never had a problem like this before Like Chris said, you should have a rule that allow traffic from the internet to the public lan subnet. Do make sure to add a block entry above it for the webui if you are doing this. I've run such a configuration before, my /27 was delivered via a /30. Create a block rule on wan from source any, port any to pfSense addresses on the webui ports. Create a allow rule on wan from source any, port any to lan subnet, port any. That way the internet can connect to anything on the lan subnet without actually being able to connect to your pfsense. I didn't see a allow rule on wan whilst skimming your config?! Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-release rebooting
Op 12-4-2010 17:56, Charles Goldsmith schreef: The computer its running on is about 2 years old, a Cyrix 1ghz with Oh noes, a Cyrix. I thought they all died in 1997. I've seen no end of problems with those with either windows or linux. But then again, intel chips and cheap SiS chipsets were pretty horrid in those days too. 512meg of ram. This has been going on for a few days, and I've been Run atleast a memtest86, a it seems there are a number of bootable cds out there with it shipping. Perhaps we should consider a memtest86 on our LiveCDs for diagnostics. It happens enough. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CPU Throttle
The cpu will automatically throttle when the cooler fails to prevent a burnout. You should also see a message when it does. Regards, Seth Op 1-4-2010 18:38, J.D. Bronson schreef: I have noticed when I boot up pfsense 1.2.3, I see stuff like this on dmesg: kernel: acpi_throttle0: on cpu0 I have an Intel Core 2 Quad and have disabled IntelSpeedStep in the BIOS but want to make sure nothing in pfsense throttles or reduces CPU speed or power. Is there anything I need to change/tweak to make sure this doesnt happen or is this message simply stating a feature that isnt necessarily used? Thanks, - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
