Re: [pfSense Support] pfsense 1.2.1 wizard bug
Chris Buechler wrote: Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. Ok, I have one additional bug (at least I'm considering that as bug). When creating port forwarding and also adding automatically apporpriate firewall rules and then deleting that port forward rule, the firewall rules are not deleted. I see that as possible security problem. -- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfsense 1.2.1 wizard bug
I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Wednesday, January 07, 2009 2:44 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense 1.2.1 wizard bug On Wed, Jan 7, 2009 at 2:20 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: I reinstalled my two machines and on both times the initial setup wizard asked for wan IP-s, but did not save the address. Later, when checking WAN interface configuration, the IP address field was empty, but gateway was filled correctly. Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
Christopher Iarocci wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. shouldn't the bogon list be auto-updated? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 5:16 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: Ok, I have one additional bug (at least I'm considering that as bug). When creating port forwarding and also adding automatically apporpriate firewall rules and then deleting that port forward rule, the firewall rules are not deleted. I see that as possible security problem. That's by design. There is a feature request open suggesting an improvement there. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 8:22 AM, Christopher Iarocci ciaro...@tfop.net wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. No reason that should have taken hours, always check your firewall logs when something doesn't work. The list is auto updated monthly if your firewall can get to the Internet. Clean installs aren't immediately updated. Send me what IP was listed there that shouldn't be and I'll make sure it isn't in the list. Every time I've checked on that for someone else, it had been removed months prior and their firewall didn't have DNS configured so it couldn't update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] pfsense 1.2.1 wizard bug
173.2.245.101 Upon going to diagnostics--ping, I put in google.com as the host and it resolved and returned pings. I believe my firewall can access the internet. I can say that I discovered the problem about 12 hours after the firewall was up and running. I'm not sure if that was enough time for the bogon networks to update. Maybe there should be a way force the update? Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Wednesday, January 07, 2009 10:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense 1.2.1 wizard bug On Wed, Jan 7, 2009 at 8:22 AM, Christopher Iarocci ciaro...@tfop.net wrote: I found that the bogon networks in 1.2.1 include at least one legit network. I found out the hard way when one of my VPN tunnels wouldn't establish and it drove me crazy for hours. Turned out unclicking the bogon network option fixed it. After realizing that that particular network couldn't communicate with mine at all, then I looked towards the bogon network option. I feel this option should at least list the networks affected so one can see exactly what they are blocking. No reason that should have taken hours, always check your firewall logs when something doesn't work. The list is auto updated monthly if your firewall can get to the Internet. Clean installs aren't immediately updated. Send me what IP was listed there that shouldn't be and I'll make sure it isn't in the list. Every time I've checked on that for someone else, it had been removed months prior and their firewall didn't have DNS configured so it couldn't update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 7:56 PM, Christopher Iarocci ciaro...@tfop.net wrote: 173.2.245.101 173.* doesn't exist in the bogons file. Upon going to diagnostics--ping, I put in google.com as the host and it resolved and returned pings. I believe my firewall can access the internet. I can say that I discovered the problem about 12 hours after the firewall was up and running. I'm not sure if that was enough time for the bogon networks to update. Maybe there should be a way force the update? Run /etc/rc.update_bogons from the console or a SSH session. It'll sleep for a while then update. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense 1.2.1 wizard bug
I reinstalled my two machines and on both times the initial setup wizard asked for wan IP-s, but did not save the address. Later, when checking WAN interface configuration, the IP address field was empty, but gateway was filled correctly. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2.1 wizard bug
On Wed, Jan 7, 2009 at 2:20 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: I reinstalled my two machines and on both times the initial setup wizard asked for wan IP-s, but did not save the address. Later, when checking WAN interface configuration, the IP address field was empty, but gateway was filled correctly. Yeah, 1.2.2 is coming sometime this week to fix that and 3 other things that have been fixed since 1.2.1. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
