On Fri, Jun 01, 2012 at 06:55:10PM -0400, Sean Cavanaugh wrote:
> Real question. If you have actual internet IPs that are being 1:1 referenced
> to you, why are they doing static NAT on you in the first place instead of
> just routing all the way thru to you? Are you sure they are not sharing your
On Fri, Jun 1, 2012 at 5:11 PM, Seth Mos wrote:
> Hi,
>
> Op 1 jun 2012, om 23:03 heeft David Miller het volgende geschreven:
>
>> I have pfsense 2.01-release, built Mon Dec 12 17:53:52 EST 2011 running on a
>> soekris 6501.
>>
>> The WAN port is seeing duplicate icmp echo requests, and it happen
Real question. If you have actual internet IPs that are being 1:1 referenced
to you, why are they doing static NAT on you in the first place instead of
just routing all the way thru to you? Are you sure they are not sharing your
external IP with another customer and doing a "first-come-first-served
Hi,
Op 1 jun 2012, om 23:03 heeft David Miller het volgende geschreven:
> I have pfsense 2.01-release, built Mon Dec 12 17:53:52 EST 2011 running on a
> soekris 6501.
>
> The WAN port is seeing duplicate icmp echo requests, and it happens
> bi-directionally:
> tcpdump run on the pfsense box sh
On Fri, Jun 01, 2012 at 04:48:24PM -0400, Ian Bowers wrote:
> What people commonly think of as "NAT" is more correctly called "dynamic
> PAT". 1:1 mapping of network addresses is "static nat". Not trying to
> nitpick, just letting on why some people might be confused.
Thanks. Appreciated, I'm re
I have pfsense 2.01-release, built Mon Dec 12 17:53:52 EST 2011 running on a
soekris 6501.
The WAN port is seeing duplicate icmp echo requests, and it happens
bi-directionally:
root@gatekeeper# ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: icmp_seq=0 ttl=58 time=6.11
What people commonly think of as "NAT" is more correctly called "dynamic
PAT". 1:1 mapping of network addresses is "static nat". Not trying to
nitpick, just letting on why some people might be confused.
One problem might be the identity check ISAKMP does. Your ID in ISAKMP is
probably your priv
I'm not quite sure where to start with this one, but ever since we
migrated from version 1.2.3 to 2.0.1, our traffic shaping seems to fail
under many conditions where 1.2.3 'just worked'. The endgame is that
it's fouling up our VoIP telephony.
Essentially, everything's exactly the same as it
On Fri, Jun 01, 2012 at 03:03:31PM -0500, Tim Nelson wrote:
> > It's not NATed. They're rewriting the packet headers. The only
> > NAT there is is our own.
> >
>
> Isn't rewriting of the packet headers the exact definition of NAT aka
> "Network Address Translation" ?
It's a simple 1:1 mapping
- Original Message -
> On Fri, Jun 01, 2012 at 02:36:21PM -0400, Sean Cavanaugh wrote:
> > If provider is providing you NATed internet access...my best guess
> > is you
>
> It's not NATed. They're rewriting the packet headers. The only
> NAT there is is our own.
>
Isn't rewriting of the
On Fri, Jun 01, 2012 at 02:36:21PM -0400, Sean Cavanaugh wrote:
> If provider is providing you NATed internet access...my best guess is you
It's not NATed. They're rewriting the packet headers. The only
NAT there is is our own.
> also are being filtered. Take it up with ISP and they can prob help
If provider is providing you NATed internet access...my best guess is you
also are being filtered. Take it up with ISP and they can prob help, if not
inform you, with whats going on.
> -Original Message-
> From: list-boun...@lists.pfsense.org
[mailto:list-boun...@lists.pfsense.org]
> On Be
On Fri, Jun 01, 2012 at 12:42:44PM -0500, Ryan Rodrigue wrote:
> Is the vulgarity in the subject really necessary?
Sorry about triggering any sensibilities. Didn't realize
that was an actual cussword in some parts of the world.
Will try to stick strictly to rainbow- and pony-related
imagery. Optio
Is the vulgarity in the subject really necessary?
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
if you have an RFC1918 address, you're behind another layer 3 device before
you hit the internet. it could be that there's a an access control list or
something on that device in the outbound direction. I suppose looking into
that device would be your next step. especially if the guys at the oth
On Fri, Jun 01, 2012 at 12:55:21PM -0400, Ian Bowers wrote:
> If you can paste some debugs from the Cisco side I could probably tell you
> where the issue is.
>
> debug crypto isakmp
> debug crypto ipsec
> term mon
>
> and paste when the failure or retransmit loop happens.
Thanks -- I don't have
On Fri, Jun 01, 2012 at 12:53:08PM -0400, Sean Cavanaugh wrote:
> How are you connecting to your 10.x.x.x address if that address space is
Our provider is rewriting the traffic to originate from
our public address (yes, I know this is fucked up, and I complained bitterly,
but we're stuck with this
If you can paste some debugs from the Cisco side I could probably tell you
where the issue is.
debug crypto isakmp
debug crypto ipsec
term mon
and paste when the failure or retransmit loop happens.
-Ian
On Fri, Jun 1, 2012 at 12:53 PM, Sean Cavanaugh wrote:
> How are you connecting to your 10.
How are you connecting to your 10.x.x.x address if that address space is
non-routable over the internet? Are you NATing from the true internet edge
device you have?
> -Original Message-
> From: list-boun...@lists.pfsense.org
[mailto:list-boun...@lists.pfsense.org]
> On Behalf Of Eugen Leit
My WAN is on 10.0.2.6/30, and I can't get my tunnel up! Argh.
Same tunnel config on a different pfSense (2.1, actually)
and regular public IPs on WAN goes up green no issues.
A Cisco is on the other end.
I do have block private networks/bogon networks unchecked.
This is 2.0 stable. Halp! My inte
Hi all,
We've got server infrastructure at a colocation facility whose broadband
connections easily exceed 100Mbps. However, because they charge us based on
bandwidth utilization (at the 95th percentile), we throttle traffic on our
pfSense 2.01 core router to around 9 or 10Mbps. With that ban
Hi,
On pfSense 2.1 we name the gateways a little bit different now and we
never saved the actual IP version in our gateways causing all sorts of
double entries and other fun.
That field is now added on the gateway edit page. So if you see double
entries because of dynamic interface you shoul
- Forwarded message from Frank Bulk -
From: Frank Bulk
Date: Thu, 31 May 2012 22:16:54 -0500
To: ipv6-...@lists.cluenet.de
Subject: IPv6 site check
X-Mailer: Microsoft Outlook 14.0
It's less than a week away from World IPv6 Launch and our monitoring system
has seen some churn related to
23 matches
Mail list logo