I put in a rule on my LAN rules tab to block outbound TPC/IP to port 25 that
was not from a group of machines called MailServers. I moved the rule to the
top of the table and applied the rules.
Unfortunately my desktop (not in MailServers) can still telnet to our ISP's
mailserver [telnet
First of all, it would be helpful to tell us what version you are on.
Second of all, I just tested this on beta3 and it works just fine.
On 4/27/06, Robert Mortimer [EMAIL PROTECTED] wrote:
I put in a rule on my LAN rules tab to block outbound TPC/IP to port 25 that
was not from a group of
I'm pretty sure this isn't the biggest install of pfSense, but we run
pfSense as our primary firewall for a 10M fiber connection, continually
utilized at about 6Mb/s. This includes load balancing an Internet
facing database cluster which handles approximately 35 million
transactions a day.
This question was just asked, and answered by me on this mailing list
last week. Please see the archives.
Pedro H. Braz wrote:
Hello Folks,
There's a way to configure personalized groups, instead of those
standard and extended, using the squid package? Another question I
have, there's a
I found a solution for this problem:
I had to add the following entries to activate both
interfaces below /etc/inc/interfaces.inc in the section /* media */:
mwexec(/sbin/ifconfig dc0 media
100baseTX mediaopt full-duplex);
mwexec(/sbin/ifconfig dc1 media
100baseTX mediaopt
You can do this, and it will work, but it will be whiped out on the
next major update. I would utilize the hidden-options feature to
insert these commands on bootup by config.xml.
Scott
On 4/27/06, Bernhard Ledermann [EMAIL PROTECTED] wrote:
I found a solution for this problem:
I had
It should work fine, but keep in mind only individual port forwards work.
Scott
On 4/27/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
All-
I've been off the list for a while, my apologies if this has been covered,
searching was fruitless.
I would like to do NAT reflection for UDP, but it
All,
Have been trying to upgrade our AP systems from a pebble based system
to something newer and stable. Just finshed a several day trial of a
newer m0n0wall based distro called pfsense. Loved advanced FW and
traffic shaping available. Configured simple bridge shaper and put
it inline with
I'm giving SpamD and have it all basically configured, although I'm
stuck at the NextMTA setting. This setting appears to assume only a
single MTA behind pfSense. Is this correct? Is there a way to specify
multiple transport mappings for multiple MTAs or would this require me
installing
While I cannot speak for the CF-IDE converter, I can speak for CF
media. Over the years (about 5+ now) I have used SanDISK media in
both Soekris units and also PC-Engines WRAPs (only in the last 1.5
years have I used WRAPS) and I cannot recall one SanDISK CF card going
bad as of yet.Pretty
Ouch. That's not good. Can you describe the hardware itself? What
components are in it, chipsets, etc?
On 4/27/06, rabbtux rabbtux [EMAIL PROTECTED] wrote:
All,
Have been trying to upgrade our AP systems from a pebble based system
to something newer and stable. Just finshed a several day
On 4/27/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
I'm giving SpamD and have it all basically configured, although I'm
stuck at the NextMTA setting. This setting appears to assume only a
single MTA behind pfSense. Is this correct? Is there a way to specify
multiple transport mappings for
The test system is a WRAP 2c. It has 128M of ram, 2 ethernet nics. I
plugged in an MP2111 mini pci 802.11b radio into the board. This was
necessary so that I could assign the 2 nics to LAN and OPT for
bridging. The radio was unconfigured and assigned to WAN.
On 4/27/06, Scott Ullrich [EMAIL
Scott,
Both of those additions would be truly awesome and I'm willing to offer
up some testing resources for when you have free time to mess with these
additions. Thanks very much!
-Gary
Scott Ullrich wrote:
On 4/27/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
I'm giving SpamD and
Thats very strange. I have 2 WRAPs at home that have been running
solid since beta3 was released.
On 4/27/06, rabbtux rabbtux [EMAIL PROTECTED] wrote:
The test system is a WRAP 2c. It has 128M of ram, 2 ethernet nics. I
plugged in an MP2111 mini pci 802.11b radio into the board. This was
How difficult would it be to compile the kernel with the SC1100
watchtog module? I think thats the one used on the WRAP boards. I
really want to use pfsense, but on remote systems it should never go
'dark' just burp from the dog.
On 4/27/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Thats very
Its technically compiled now for this. It just lacks a little glue to
get it working.
I'll get this going now. It'll be in the next beta.
Scott
On 4/27/06, rabbtux rabbtux [EMAIL PROTECTED] wrote:
How difficult would it be to compile the kernel with the SC1100
watchtog module? I think
great! Just let me know when you need any testing.
On 4/27/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Its technically compiled now for this. It just lacks a little glue to
get it working.
I'll get this going now. It'll be in the next beta.
Scott
On 4/27/06, rabbtux rabbtux [EMAIL
I'm using a modified version of pfsense in a very large hospital with a
155MB/s fiber link and with around 70% occupation.
-Mensagem original-
De: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 27 de abril de 2006 10:42
Para: support@pfsense.com
Assunto: Re:
Now thats interesting. What kind of hardware is this running on?
On 4/27/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
I'm using a modified version of pfsense in a very large hospital with a
155MB/s fiber link and with around 70% occupation.
-Mensagem
Sun Ultra 20
Dual Gigabit PCI-X
2GB RAM
-Mensagem original-
De: Scott Ullrich [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 27 de abril de 2006 13:58
Para: support@pfsense.com
Assunto: Re: [pfSense Support] Biggest pfSense install
Now thats interesting. What kind of hardware is
Thats rather nice. Anyone else pushing some serious bits? We're
pushing about 45 megabit at Bluegrass.net from time to time on our
private firewalls (not much, but its something). :)
On 4/27/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
Sun Ultra 20
Dual Gigabit
I would like to terminate a SixXS IPv6 tunnel on
an OpenWRT devices (say, connnected to the DMZ port of
a wrap running pfsense or m0n0wall).
Would this work in principle, or am I smoking crack here?
If you got this working, or at least think it would work,
can you give me hints?
The tunnel
Very impressive. I'd love to hear more, keep the reports coming in!
On 4/27/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
Remember I asked Bill if he could rent his perf meter
We can handle 90mbps ipsec DES with this hardware
-Mensagem original-
De:
On Thu, Apr 27, 2006 at 11:58:58AM -0400, Scott Ullrich wrote:
While I cannot speak for the CF-IDE converter, I can speak for CF
media. Over the years (about 5+ now) I have used SanDISK media in
both Soekris units and also PC-Engines WRAPs (only in the last 1.5
years have I used WRAPS) and
I'll put a 3DES accelerator on it and try ASAP
-Mensagem original-
De: Scott Ullrich [mailto:[EMAIL PROTECTED]
Enviada em: quinta-feira, 27 de abril de 2006 14:14
Para: support@pfsense.com
Assunto: Re: [pfSense Support] Biggest pfSense install
Very impressive. I'd love to hear more,
On 4/27/06, Eugen Leitl [EMAIL PROTECTED] wrote:
Did I get you correct: you used a swap space or a real r/w partion
on a CF card, and never had a failure in 5+ years?
No swap drive. Not a good idea to do this.
I'm wondering what the r/w behaviour for a non-busy swap partition
is. I suspect
Hi.
I want to have a pfsense firewall with 3 DSL links but i want to limit
the maximum data transfer limit to each one.
Is it possible in pfSense ? I thaught about queues or something ... :-/
Thanks in advance !
-
To
Do you mean once a WAN pipe has reached X amount of traffic it simply
stops? If so, no there are no facilities in place for this.
On 4/27/06, Guilherme Oliveira [EMAIL PROTECTED] wrote:
Hi.
I want to have a pfsense firewall with 3 DSL links but i want to limit
the maximum data transfer limit
Yap :-(
Thanks!
On 4/27/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Do you mean once a WAN pipe has reached X amount of traffic it simply
stops? If so, no there are no facilities in place for this.
On 4/27/06, Guilherme Oliveira [EMAIL PROTECTED] wrote:
Hi.
I want to have a pfsense
On 4/27/06, Eugen Leitl [EMAIL PROTECTED] wrote:
I would like to terminate a SixXS IPv6 tunnel on
an OpenWRT devices (say, connnected to the DMZ port of
a wrap running pfsense or m0n0wall).
Would this work in principle, or am I smoking crack here?
If you got this working, or at least think
I've got a box in the DMZ as a test, it works fine, when I move my ftp
server into the DMZ, the firewall is not letting traffic back to the ftp
server it seems.
What info can I send to debug this?
-
To unsubscribe, e-mail:
What version?
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I've got a box in the DMZ as a test, it works fine, when I move my ftp
server into the DMZ, the firewall is not letting traffic back to the ftp
server it seems.
What info can I send to debug this?
BETA4
built on Mon Apr 17 22:46:52 UTC 2006
On Thu, 2006-04-27 at 16:30 -0400, Scott Ullrich wrote:
What version?
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
I've got a box in the DMZ as a test, it works fine, when I move my ftp
server into the DMZ, the firewall is not
Check the system logs. I am pretty sure that all FTP bugs have been squashed.
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
BETA4
built on Mon Apr 17 22:46:52 UTC 2006
On Thu, 2006-04-27 at 16:30 -0400, Scott Ullrich wrote:
What version?
On 4/27/06, Derrick MacPherson [EMAIL
it's not just FTP traffic, it's all traffic
On Thu, 2006-04-27 at 16:37 -0400, Scott Ullrich wrote:
Check the system logs. I am pretty sure that all FTP bugs have been squashed.
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
BETA4
built on Mon Apr 17 22:46:52 UTC 2006
On
it looks to be related to binat.
On Thu, 2006-04-27 at 13:39 -0700, Derrick MacPherson wrote:
it's not just FTP traffic, it's all traffic
On Thu, 2006-04-27 at 16:37 -0400, Scott Ullrich wrote:
Check the system logs. I am pretty sure that all FTP bugs have been
squashed.
On
We haven't changed binat since before beta 1. Are you seeing any blockage?
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
it looks to be related to binat.
On Thu, 2006-04-27 at 13:39 -0700, Derrick MacPherson wrote:
it's not just FTP traffic, it's all traffic
On Thu,
I've got 2 machines set up (what I think is) identical and they are
working.. not this one thought..
Logging seems strange, I've got pass rules showing yet none with logging
turned on.. ? more info shortly
On Thu, 2006-04-27 at 16:41 -0400, Scott Ullrich wrote:
We haven't changed binat since
No blocking in the logs, it almost seems like the traffics being
dropped? I've got DHCP turned on, and this ftp server was not using
DHCP, I've since turned it on, and set a static mapping, like I've done
with my other boxes that are working
On Thu, 2006-04-27 at 13:54 -0700, Derrick MacPherson
ya this is weird. It works to my 2 test machines, but not my ftp server.
I've checked routing on the boxes, and it looks the same.
Any suggestions?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
Not really, that is strange.
Scott
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
ya this is weird. It works to my 2 test machines, but not my ftp server.
I've checked routing on the boxes, and it looks the same.
Any suggestions?
Well it seems to be just for this one IP. that's what I find really odd
On Thu, 2006-04-27 at 17:09 -0400, Scott Ullrich wrote:
Not really, that is strange.
Scott
On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote:
ya this is weird. It works to my 2 test machines, but not my ftp
Reboot any switches along with the routers and machines... I've seen
switches hold on to ARP entries for an looong time.
Just my 2 cents worth.
- Jason
-Original Message-
From: Derrick MacPherson [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 27, 2006 4:33 PM
To: support@pfsense.com
Ya the only thing I couldn't restart was the firewall..
On Thu, 2006-04-27 at 16:49 -0500, Jason J Ellingson wrote:
Reboot any switches along with the routers and machines... I've seen
switches hold on to ARP entries for an looong time.
Just my 2 cents worth.
- Jason
-Original
Hi Guys, I'm back again... I'll have some time in the next months to play either with radius and squid. Maybe cleaning out the useless features of squid module and writing some simple but usefull ones will make someone happy.
I´m working on a project to interconnect 20 hotels using pfSense with
46 matches
Mail list logo
