I really enjoy pfSense; it's an incredible project, and as I learn more
about using/administering *BSD systems, I hope to be able to contribute
more than my opinion. ;-)
That said, I'd love to see a couple of bits of functionality added, but
am really not sure how to go about it. The first i
Chris Buechler wrote:
CARP does L3. At this point it doesn't detect dead hosts so a
percentage of your requests will fail if one of the boxes dies, but
that's being worked on.
I'm not certain I understand what you're talking about - the only
load-balancing I can find described for CARP (net.in
Bill Marquette wrote:
Not sure why, but this seems to be a very popular feature request
these days, I can count at least 3 different requests for this in the
last week. No need to file a feature request for this feature unless
the code that comes out of the hackathon doesn't do what you want (no
Scott Ullrich wrote:
UHM, isnt that sasyncd which we already have!?!?!?!?
Scott
My thoughts precisely - there's no reason we can't do this very thing,
up to (and very nicely) using 4 machines and at least two ISPs - two
pfSense boxen at each end, synchronized over the [currently available on
M. Kohn wrote:
Hi,
I just updated to 0.74.6 and got a problem while loading
the rules: (Don't know if the problem was there before...)
-
Aug 10 09:36:07 192.xxx.xxx.xxx php: There were error(s)
loading the rules: [...] syntax error pfctl: Syntax error
in config file: pf rules not loaded - T
Just noting that the current LB package used is sldb and that it's a
very much dead project, actively seeking a new maintainer. I also note
that ipvs is in ports. Any potential (future, of course) switch? I
know the resource assigned might have to be me, but I was just curious...
RB
Scott Ullrich wrote:
> We have the source code to SLBD and have been making our own changes.
Any intent to add some of the nice features ipvs offers (that slbd
doesn't seem at first glance to), like multiple scheduling algorithms,
UDP, persistent connections, and such?
If it doesn't have tho
Scott Ullrich wrote:
Wait a second. I may be looking at the wrong thing.
Can you send a link of what ipvs is? I ended up on the linux virual
server page but now I'm wondering if your speaking of something else.
We are speaking of something of the same thing; I didn't do all of my
homework
Yes, I made it up. ;-) Thinking of nefariously sneaky ways to be very
transparent, and thought of a way to do this in IPtables, now would like
to try it with my pfSense boxen...
To make some horrendous puns, the intent is to make a firewall so Smooth
and Slick that all data (save what it wan
Bill Marquette wrote:
I have nearly zero idea what you're asking for, but I suspect you want
something like PF's dup-to functionality.
/dup-to/
The /dup-to/ option creates a duplicate of the packet and routes it
like /route-to/. The original packet gets routed as it
On top of that, statefully incrementing TTL by 1 each time a packet is
masqueraded would prevent even the most scrutinizing scan from
discerning that host B exists - the firewall IP would just look like
another NIC on host A. Host A, of course, would have to be complicit -
if
Is this the same concept in pfSense? If I have a 3 NIC setup can the
optional NIC (BLUE) see others on the BLUE and access the internet but
not access computers on the GREEN-Lan side?
This is my precise setup, so you should have absolutely no problem. I
have the standard WAN/LAN interfaces s
Here's something of a step-by-step
1. Boot off of pfSense LiveCD (don't bother getting too serious with
configuring just yet)
2. At the menu prompt, type "installer" and go through the process of
installing to your HD.
3. Remove CD; reboot (without NICs plugged in)
4. At configuration prom
Forrest Aldrich wrote:
I have a home-based SOHO network - so less computers are better. ;-)
Unless I found some smaller device that I could install this on - a
shuttle or something. I'll consider that.
I would highly recommend one of the SBCs like the Soekris boxes or a
WRAP engine. The
I like the current beep, but had written my own for a headless Linux box
some time ago. You guys might at least be entertained...
RB
#!/bin/bash
P=37
sN=150
eN=300
qN=600
hN=1200
C="261.6"
Cs="277.2"
D="293.7"
Ds="311.1"
E="329.6"
F="349.2"
Fs="370.0"
G="392.0"
Gs="415.3"
A="440.0"
As="466.2"
Why anyone would want to expose an unencrypted management GUI to the
outside world is completely beyond me; especially not knowing why it
wasn't accessible.
Scott Ullrich wrote:
Add a rule to allow traffic to port 80 on the WAN.
On 12/30/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Ok,
If some of you will recall, quite some time ago I complained that I
found that CARP was being transmitted on my untrusted interfaces between
a couple of test boxes in a lab instead of on their synchronization
interface; something that the rest of the list seemed to think a
non-issue. It has ar
Scott Ullrich wrote:
This was fixed right after b1.
Upgrade to http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-1-29-06/
Good enough; a step and a half in front of me. Thanks!
I'll bite; I'm not entirely familiar with pf, so [some of] these may
be red herrings:
- match extensions: recent, mark, layer7, multiport
- target extensions: connmark, ulog, route, tarpit, TTL, mirror
(added back myself)
- string match & mangling are nice, but I don't use them [yet].
I must ad
I've spent the last month making a grand tour of the firewall world -
tried everything from IPCop to Smoothwall, a fully-licensed PIX-515E
from work to m0n0wall, and I still come back to pfSense. Not only is
this my hobby, I oversee a flock of ~70 PIXen & FWSMs at work every
day.
There's just not
Not being very familiar with the traffic shaper, I find it hard to
fully grasp yet (all the queues and such), but something you might
consider adding eventually is an ultra-simple "shape by interface"
setup.
For example - I have a LAN, a DMZ, and an untrusted wireless DMZ. I
want the LAN and DMZ
Understood. Next month I'll have some free time and will try to sit
down and chew through it myself to understand better. Appreciate all
your work as-is!
RB
On 3/26/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 3/21/06, Josh Stompro <[EMAIL PROTECTED]> wrote:
> > I think this would be a gr
I like! I like!
Never knew how much I liked historical graphs on my firewall until I
saw these; it makes sense, since I stare at a 40" plasma running
ArcSight all day. Bravo!
I know there's a thread somewhere that Scott names the author, but I'm
too lazy to go pick it out. Kudos!
RB
> Looking at the dmesg from sifter - it looks pretty good -
Ironic - these are precisely the same specs as the box I'm running
pfSense on, but it's just an old HP. I've cobbled on a few extra
parts (like a 20GB drive, an extra fan, and an Athlon XP HSF), but it
runs very nicely and quietly.
K62
I hate GMail sometimes.
K62-300 +256M is nearly perfect - quiet, but plenty of power to handle
most network loads I can throw at it.
On 4/6/06, Randy B <[EMAIL PROTECTED]> wrote:
> > Looking at the dmesg from sifter - it looks pretty good -
>
> Ironic - these are precisely the
Any idea when/if we might go to version 4.3+? I've just set up a
full-on VPN with it's new TUN/TAP support on my Linux boxes, and I
must say it's got to be the easiest full-IP tunnel I've ever done -
I'd absolutely love to mess around with setting up pfSense support for
it (after, of course, fulf
So if I have two 512 adsl lines connected and setup using the load balancer, I
could in theory get download speeds of 1024 using a download manager.
Not sure why you're doubling that, but yes - each individual TCP
connection (SYN thru FIN-ACK) will be assigned to the "next" WAN line.
So you coul
27 matches
Mail list logo