x27;s gateway setting - if that is absent or
wrong the server reply goes nowhere.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing lis
gain to me).
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the pro
rt strategic scripts in your own
setup will probably be way faster in the long run.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailin
ipt
and squidguard error pages, but in the desirable configuration it's not,
though serving the error pages does seem to work partially anyway.
HTH,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not
my observation with SSDs. Which SSD models do you use?
Or better, how do you select your SSDs? That's be really good to know
from those doing well there.
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC
rs in SMART.
The SMART info is effectively a status collected over time. Sectors going
bad without detectable warning by necessitiy don't give SMART a chance.
Ditto disks that fail suddenly and catastrophically. SMART is not a
fix-all, but is is very very usful in many cases.
Volker
--
Volker
ve the solution: Don't touch primary OS-port names
or their braindead implementation. Create aliases based on MAC address.
Access port exclusively through alias name. Fix pfsense(!!) to keep
rules assigned to no interface accessible from the BUI, so the user can
manually re-assign them in bu
move those
that will/could be renumbered and run with the rest, without getting
surprises other than missing interfaces or failing to boot.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
tion having existed before, would it be
useful to mention it inthe release note?
Thanks Jim,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
but where is the download for
2.3.2-p1?
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mail
ing a user cares about).
In my case the USB interface runs the wifi. I can do without that
easily. But not getting access to pfsense on the LAN port on a headless
APU-4 because the USB dongle is unplugged, dead, or whatever and
therefore my wifi may be offline sure does look braindead to me. Sorr
electrostatic free environment and
observe all ESD protection rules, or you risk (invisibly!) destroying
other chips, or worse, damaging them so they go out of spec but at first
sight still "work".
Outsourcing is a possibility, but it may only be enconomic if the
Ethernet chip is OK.
HTH,
y good and doesn't run the hardware at
full speed (54M only). Then make sure the USB thingie is always plugged
in and doesn't fail, because if it isn't present, pfsense doesn't even
boot any more... so you can't even fix the rules or plug a new one in.
Volker
--
Volker Kuhl
r reason to
fix anything exists. The logical conclusion is that such "technology" is
unsafe.
VLAN switch with 100% open source firmware please...
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings t
rd you go connect a serial cable and diddle
around with interface assignments, where pfsesne decides to sit instead
of running with a missing interface. Quite a ridiculous design IMHO!
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/
how likely that is), it adds complexity, and it mixes physically
separate networks together on one cable. Perhaps it might be acceptable
to merge networks of the same security level, merging LAN and WAN
networks doesn't sound like a good idea to me.
Volker
--
Volker Kuhlmann
request does go through squid/squidguard. However I'd also like this to
be enforced.
pfsense 2.2.6, squid3
Thanks muchly,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC
ad its config onto different hardware and swap that into place
temporarily to see of the problems disappear?
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings
w the firewall's main
password.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
S
ss all by all, but
your redundancy might be easier and it seems a bit overkill to run an
openVPN server with all the routing capabilities when a simple encrypted
connection would do.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Ple
asy Install option",
> to retain the current LAN configuration
No. pfsense is not aware of any other firewalls' configuration files.
Start from scratch.
You can change the LAN interface's IP address somewhere during easy
install IIRC, it's on the console at the end of i
nd di not happen with 2.2.[234].
The package updates of squid3 0.4.3 and squidguard 1.9.17 within the
last few days fix it. Thanks!
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing l
ig (which recreates SG config and restarts
squid) fails.
Attempting to start squid succeeds.
Saving the squidguard config fails.
Starting squidguard fails.
Starting squid succeeds.
Not really good :-((
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list posti
n root's tcsh this works:
ls -d /{root,etc}
/etc/root
There is a workaround with newer rsyncs, but what is the cause of this
not owrking on pfsense (works on Linux)?
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.
issing directories and getting squid to re-create
the cache index.
And there isn't an answer yet for why this cache part has been deleted,
or is being deleted repeatedly after upgrade.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz
p?topic=9.msg557150#msg557150
The problem appears not to be with pfsense 2.2.4 but with the most
recent squid/squidguard package updates.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list p
2 40533 8011 yesno nonerejectmobilize 1
Yes, thanks muchly.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mail
ryone thinking the only secure way to configure the AP is
over the wifi!).
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing
figured to
> sync against.
Point taken, but it depends on how important it is (have another time
server), and it's not the issue here.
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
00.0000.000 0.000
On Linux, restarting (stop, start) ntpd gives the stratum info
immediately, and syncs to these servers in under 5 minutes. pfsense has
done nothing after 15 minutes.
There is a problem here. What could it be?
Thanks,
Volker
--
Volker Kuhlmann is
ngines APU1.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the projec
is
...T02:57:57.142885+12:00 xx syslogd: sendto: Operation not permitted
pfsense has been up since well before that.
TIA, and thanks for fixing that useless syslog format!!
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
. I don't know how well squidGuard-devel 1.5 works.
squid(3?)-devel has gone (good, there were too many confusing packages).
HTH,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
if everything stayed
up.
Minor point - my interfaces were called hme0-3 with the SUN quad port
100M card, and I don't know how that relates to qfe.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/
oked back
(smaller, less power, only pfsense 2.1 support of the hardware
temperature sensor sucks).
The old hardware is still standing around but out of date, so re-testing
is not straightforward.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.gee
ML and not
some proprietary effluent.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/li
ker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! ht
On Sun 08 Mar 2015 02:44:45 NZDT +1300, Tim Hogan wrote:
> I like your idea with using 1:1 NAT but just one question; If you
> use SSL with the certificate on the web server, will the 1:1 NAT
> mess with that?
No.
Volker
--
Volker Kuhlmann is list0570 with the domain
f if the flashing gadget indicates as such. Smaller/cheaper than having
two different cables too.
> FTDI chip, too.
Or what the Chinese make of that ;-)
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list pos
ell, although you
can unlock it if you know how and want to take your chances.
I noticed in some circumstances the reboot does not take place, but I
can't reliably predict when and it's not documented on the user
interface (unless I missed it).
Volker
--
Volker Kuhlmann
Pv6?
This is kind of crucial, and needs a reliable answer if one doesn't want
to back it all up with another deny rule. pfsense changed too, in 2.1
such rule could not be created
https://redmine.pfsense.org/issues/2452
but it can on 2.1.5.
Thanks,
Volker
--
Volker Kuhlmann
http://vol
involved. I'll make
another effort when I get the time. Open source on Linux only for me
though, unless it is on pfsense.
Thanks for thinking of the screenshots but I don't think they'd add much
to your description.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz
eeded, and basic config for each part?
Thanks,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
for different reasons). I'd really like to hear that I
missed something...
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailin
Perhaps more to the point, what port does the stream use? Is it one
handled by squid in the first place?
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/ma
s not difficult. That however will disappear with the next
package update too. Squidguard isn't yet a stable pfsense package...
> Sent from my U.S. Cellular® Smartphone
I couldn't care less, even if I tried very hard. ;-)
Volker
--
Volker Kuhlmann i
y usually tell you why something doesn't
start.
For example squidguard 1.4_4 pkg v.1.9.9 is broken with squid 2 because
it uses squid directives only available in squid 3. A look in the logs
and config files shows this easily.
Volker
--
Volker Kuhlmann is list0570 with the do
really useful if someone could update the descriptions that
show up on https://pfsense.localdomain/pkg_mgr.php for all these
packages.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
reproduce it here.
Trivial, just run it:
/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c
/var/etc/filterdns.conf -d 1
This incantation is run by pfsense. Doing the same from the command line
starts up a new instance of filterdns each time. It also updates aliases
immediately.
V
always starts up a new instance that keeps running. Is it
possible to tell it to terminate after one update iteration, or do I
need to write a script that kills it after 10 seconds? Thanks.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
DNS,
which is always annoying.
It is possible that other VPNs, in particular IPsec, have lower
overheads.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
iled!
Installation aborted.Removing package...
[...]
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
st. In whitelists the behaviour of pfsense 2.1 causes a DoS. DoSs
seem to be considered a security problem, e.g. the current openvpn
problems don't get anyone any access but can cause a DoS, and everyone
is quick to fix it.
Volker
--
Volker Kuhlmann is list0570 with the doma
t totally trustworthy it would be prudent to at least route
the DNS traffic through the tunnel, if not all traffic. The VPN should
protect from all MITM attacks and snooping between the VPN client and
server.
Volker
--
Volker Kuhlmann is list0570 with the domain in hea
showing the the table does not exist.
The pfctl man page mentions possible rule optimisations removing tables.
pfsense uses pfctl -o basic. Consider whether this may be a factor in
your case. Edit /etc/inc/filter.inc to -o none.
Cheers,
Volker
--
Volker Kuhlmann
http://volk
ing be
useful for then? Nothing could be done about the Internet going
offline.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
ually down), or to disable WAN gateway monitoring (I am not
sure what it actually does when there is only a single ISP).
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsens
this behaviour, and how do I fix it?
It used to work, but that may have been 2.1.3.
I just reinstalled 2.1.5 again to check if that fixes things, but it
doesn't. The problem occurs on a freshly installed system.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ P
grey area on the right side for a
complete waste of space.
Try temporarily reducing the browser text size (ctrl-scrollwheeldown) to
access the system menu.
Or try one of the other themes (System->General) if you're lucky enough
to get there.
Volker
--
Volker Kuhlmann
http://volker.top.
are mentioned by the OP because of
lack of experience.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsens
Smaller
spinning disks in good shape are frequently free from upgrade leftovers.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing li
it might still all fit into the case.
pfsense 2.1.5
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
h
uniq
wc -l cache.log*
98234680 cache.log
64153 cache.log-uniq
So I am still looking for the cause of this suicidal pfsense box. Any
pointers gratefully accepted.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
happen? The only change I've had
recently is that the internal SSD failed and got replaced with a 2.5"
SATA spinning platter.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
Li
but 'gettext-0.18.3' is installed
There are several other packages (and/or pfsense packages?) that trigger
the same warnings.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
f another interface.
--> RTL8152 no good with pfsense 2.1.3.
I can't find RTL8150 any more.
Does anyone have an Ethernet USB adapter working under pfsense 2.1?
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.
ker doesn't seem to be for pfsense packages, in lieu
of a better place I post it here.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
ocal/www/pkg_edit.php on line 570
Select the new position for this ACL item. ACLs are evaluated on a first-match
source basis.
The drop-down is empty.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
__
https://pfsense/diag_logs_settings.php
Has 3 fields for syslog servers. Says IP addresses must be entered. Does
accept names (corresponding entry exists in DHCP server or DNS
forwarder).
Either the comment is wrong, or error checking is absent (intentionally
or accidentally).
Volker
--
Volker
th wildcard name certificates
valid for "*.site".
What exactly should I be putting into the pfsense cert manager to get a
similar effect? And make the browser accept the IP address(es) too?
pfsense 2.1.3
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.
ea why.
The main reason I mentioned it is that "use the IP address to log in"
does not in fact provide a path for remedial action. It's a bit fishy to
me, but I'm also still having problems with the hme driver (on course
for replacement) which may interact.
Volker
--
Volker K
can disable this check if needed in
System -> Advanced -> Admin.
Which would be all good, if one could log in to change it.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing
olker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
heir
power specs had escaped me when I looked at them previously (some of
those similar models do guzzle it).
That's my plan B, but I really don't like to use VLANs when I can avoid
the clutter and complexity (more bugs, more time spent). A pfsense box
with more ports is much easier.
Thanks,
V
same results from pfsense's web gui restarting
interfaces, e.g. from changing dhcp server settings.
IOW pfsense 2.1 with hme driver is totally unusable. I am kind of forced
to replace the hardware now.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://vo
On Tue 22 Apr 2014 15:56:52 NZST +1200, Volker Kuhlmann wrote:
> I just had another runaway after adding a mac/ip in the wifi interface's
> dhcp server. Confirmed with trivial test of adding another test entry to
> the dhcp server.
I should have mentioned that the pfsense sys
ry to
the dhcp server.
Arrrghh.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
l though, because VLANs
are more complex and error prone, American propriatory network equipment
doesn't seem like a good choice any more, and that model appears to be
no longer for sale where I live.
I'll keep it in mind though - thanks.
Volker
--
Volker Kuhlmann is list05
: link state changed to UP
2014-04-21T10:48:56.407443+12:00 pfsense check_reload_status: Linkup starting
hme2
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
loop)
Thanks Jim! Doing now. rc.newwanip is featuring heavily in syslog with
the problematic interfaces.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.
good for
larger commercial networks, but just buying a VLAN capable switch costs
more than a suitable pfsense box and brings the power budget of the
combination to the same level as a scrapped PC - with the latter winning
hands down on cost.
TIA for any suggestions,
Volker
--
Volker Kuhlmann
http://vol
php installed?
Thanks for the hint Bryan.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
and goes into
run-away memory consumption.
How can I get this pfsense box back into the same reliable and
dependable system it used to be before 2.1?
Any suggestions appreciated. Happy to provide more info too - but where
do I start looking?
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.
ber the authors saying that they didn't have the
rights for the electronic version. Moot point, because...
> 2. Is there any ETA for the hard copy version of the new edition?
You are aware that it's available as an electronic version under the
gold program?
Volker
--
Volker Kuhlmann
ing to announce@ only happened, because of initial setup
problems, after I pointed out it was missing.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to
r
[1] Specifically, opensuse-security-announce http://lists.opensuse.org/
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@list
r of daily discussions. Like the Linux distro security lists,
they're well organised with no irrelevant drivel. To be honest, any
security announcement list that doesn't mention the kind of problem like
heartbleed looks like a complete waste of time to me!
Volker
--
Volker Kuhlmann
as to be used as a reliable source of critical
information, posting the 2.1.2 release announcement with the heartbleed
fix is not optional???
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postin
y issues with it. It works fine.
Well damn it, after the "windows-solution" (aka reboot) it works fine
now. Hmmm. There isn't anything I can think of that I changed, I changed
very little from the default. Looks like dnsmasq need a restart for some
reason. Never mind.
Thanks muchly Jim
e, but the package update mechanism was used to upgrade it from
the version from the ISO image.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
http://
inside VB?
find / | grep dnsm doesn't find any config files.
The only VB postings on the forum is from 2009 and deals with issues VB
has with itself.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
in, basically).
Are there other instructions I have missed?
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
up/restore page, on the bottom is a button to
clear the package lock.
What Iw ould like to know is how to prevent the package reloading after
restoring a config when there are no package changes.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net
00
xxx
10.x.x.x
24
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
__
is repeatable until using --no-cache once. After that the file
saved by wget remains a .tar.gz.
Is this expected behaviour? It's somewhat inconvenient.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings
95 matches
Mail list logo