Thanks that worked. Is the OAN preferred over static routes because
either way i have to add a manual entry. Do you also happen to know
why all my external trace routes resolve to the firewall and not the
host?
-Phil
On Jul 23, 2009, at 12:34 PM, Chris Buechler wrote:
On Thu, Jul 23,
ahh, i see now.
On Nov 18, 2008, at 5:35 PM, Scott Ullrich wrote:
On Tue, Nov 18, 2008 at 6:32 PM, Dimitri Rodis
<[EMAIL PROTECTED]> wrote:
How long will pfSense hold onto the states required to maintain a tcp
connection/udp "session", and can this be changed?
It seems like connections on
go to 'systems' , 'advanced functions', and check out: Firewall
Optimization Options. you can change the timing there.
i'm not sure as to the exact timing. i believe this has to do with
freebsd's implementation of tcp/ip??
-phil
On Nov 18, 2008, at 5:32 PM, Dimitri Rodis wrote:
How lo
Which is probably why I haven't seen it since upgrading :)
-Phil G
On Oct 28, 2008, at 11:03 AM, "Scott Ullrich" <[EMAIL PROTECTED]>
wrote:
On 10/28/08, Ian Levesque <[EMAIL PROTECTED]> wrote:
Hello,
I'm running 1.2.1-RC1 (built on Sat Sep 13 03:53:42 EDT 2008).
After about
10 days o
Not that this helps but I have seen what you describe only while
running in a VM Ware environment.
-Phil G
On Oct 28, 2008, at 10:45 AM, Ian Levesque <[EMAIL PROTECTED]>
wrote:
Hello,
I'm running 1.2.1-RC1 (built on Sat Sep 13 03:53:42 EDT 2008). After
about 10 days of uptime, I not
To bad it's for v10.5 only.
-Phil G
On Oct 25, 2008, at 3:41 PM, Paul M <[EMAIL PROTECTED]> wrote:
on OpenVPN from home - using Tunnelblick on my DSL (6mbit down
768 up).
OT: we've started switching Mac OSX users to viscosity, much
nicer/easier to use - a proper OSX application instead
here's a thought, you could setup iperf on your src machine and pfsense.
then ssh into the pfsense box and see what speeds your actually getting.
that way you will at least know if it's openvpn or not.
-phil
On Oct 24, 2008, at 4:29 PM, JJB wrote:
Your architecture is somewhat unclear - d
static routes.
Unless there's some very specific reason for needing the encryption.
-Gary
BSD Wiz wrote:
it's on my corporate network, both wan interfaces of the pfsense
box are on the same private ip subnet. we built 2 labs using
pfsense and now we want to connect the two labs. i h
ve several site to
site vpn's over the internet up and running and never had any
problems with them but i can't get this lan setup to work. so if i
know it's should work i'll keep playing with it.
thanks,
-phil
On Oct 14, 2008, at 4:30 PM, Chris Buechler wrote:
O
So your saying that the wan interfaces on the boxes need diff subnets?
-Phil G
On Oct 14, 2008, at 1:49 PM, "Scott Ullrich" <[EMAIL PROTECTED]> wrote:
On Tue, Oct 14, 2008 at 2:46 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
With 1.2 is it possible to connect to pfs
To be clear, both boxes lans are different subnet of course but the
WANs are on the same subnets.
-Phil G
On Oct 14, 2008, at 1:49 PM, "Scott Ullrich" <[EMAIL PROTECTED]> wrote:
On Tue, Oct 14, 2008 at 2:46 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
With 1.2 is it
With 1.2 is it possible to connect to pfsense boxes on the same subnet
via an ipsec tunnel? Both boxes wan interfaces are private ip's.
Thanks
-Phil
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-ma
sites with no problems.
thanks,
-phil
On Oct 9, 2008, at 8:03 PM, Chris Buechler wrote:
On Thu, Oct 9, 2008 at 8:44 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
so your telling me that 3 hosts machines on my network running mac
OS 10.4
and 10.5 tcp/ip stack is messed up?
That would appea
so your telling me that 3 hosts machines on my network running mac OS
10.4 and 10.5 tcp/ip stack is messed up?
On Oct 9, 2008, at 7:26 PM, Ermal Luçi wrote:
On Fri, Oct 10, 2008 at 2:01 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
going back a few weeks ago when i posted my issues gett
going back a few weeks ago when i posted my issues getting to
subaru.com.. i came across another site that i could not get to
behind pfsense(cisco.com).
i installed squid proxy and then i was able to get to subaru.com and
cisco.com
to refresh your memory, there are no rules blocking traffic
to ExternalIP:13389 -> forwarded to Host B:3389
Ist possible through the port-forward tab in NAT Rules
cheers
michael
2008/10/8 BSD Wiz <[EMAIL PROTECTED]>
Damn, I was afraid of that.
-Phil G
On Oct 8, 2008, at 2:36 PM, RB <[EMAIL PROTECTED]> wrote:
so user A can connect to
Damn, I was afraid of that.
-Phil G
On Oct 8, 2008, at 2:36 PM, RB <[EMAIL PROTECTED]> wrote:
so user A can connect to host A behind pfsense box via port 3389
and user B
can connect to host B via port 3389 behind the pfsense firewall and
so on
and so forth.
what should be my approach?
Sorry, didn't mean to come off like an a-hole.
-Phil G
On Oct 3, 2008, at 10:43 AM, "Vivek Khera" <[EMAIL PROTECTED]> wrote:
On Fri, Oct 3, 2008 at 11:06 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
And how could the dev team implement a fix if we don't know the
And how could the dev team implement a fix if we don't know the
specifics of the exploit? This will be something that the freebsd dev
team will need to fix and I'm sure they will asap.
-Phil G
On Oct 3, 2008, at 9:57 AM, "Vivek Khera" <[EMAIL PROTECTED]> wrote:
I've read a lot about how
Yes, according to Robert Lee all versions of BSD including freebsd are
affected. And they say going to ipv6 makes it even more vulnerable.
-Phil G
On Oct 3, 2008, at 9:57 AM, "Vivek Khera" <[EMAIL PROTECTED]> wrote:
I've read a lot about how windows and linux are vulnerable, but not
much
ump on the WAN
and see what hits it...
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "Paul Mansfield" <[EMAIL PROTECTED]> wrote:
BSD Wiz wrote:
Yep. Tcpdump. Traffic doesn't come back from fw.
-Phil G
so, the firewall is passing the traff
No, the firewall does not pass the traffic.
-Phil G
On Oct 2, 2008, at 12:12 PM, Paul Mansfield [EMAIL PROTECTED]> wrote:
BSD Wiz wrote:
Yep. Tcpdump. Traffic doesn't come back from fw.
-Phil G
so, the firewall is passing the traffic, web server responds but the
originating
pppoe and see if that fixes the problem.
> > I was having the same problems with mail.yahoo/hotmail/msn
messenger
> > and some other sites on one installation and that fixed it.
> > I think its worth a try.
> >
> > Other than that it might be a timestamp handling issue
to open the site.
On Thu, Oct 2, 2008 at 6:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet).
you can
see my request to su
I never get a response from the firewall therefore I cannot connect
via telnet over port 80. Telneting to the site from the de works but
not from the client machine.
-Phil G
On Oct 2, 2008, at 4:14 AM, Paul Mansfield [EMAIL PROTECTED]> wrote:
try doing "telnet subaru.com 80", then "GET
No, there are not any drops in the logs.
-Phil G
On Oct 2, 2008, at 1:02 AM, "Chris Buechler" <[EMAIL PROTECTED]>
wrote:
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz <[EMAIL PROTECTED]> wrote:
i know, i just want to check out the new wrx's and sti!!
tried messi
:12 PM, Chris Buechler
<[EMAIL PROTECTED]> wrote:
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
yep, i looked at it using tcpdump. i just see syn packets going
out the
door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330 > subaru
hler wrote:
On Wed, Oct 1, 2008 at 11:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
yeah, 1.2 doesn't work either. the problem does in fact appear to
only
affect certain hosts as other machines on my network can reach the
site.
specifically, an iphone and freebsd server
no, macs, 10.4 and 10.5 tried it on both, neither works.
-phil
On Oct 1, 2008, at 10:27 PM, Scott Ullrich wrote:
On Wed, Oct 1, 2008 at 11:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hos
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hosts as other machines on my network can reach
the site. specifically, an iphone and freebsd server.
-phil
On Oct 1, 2008, at 10:04 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 9:23 PM, BS
do you guys think i should revert back to version 1.2 and test it?
-phil
On Oct 1, 2008, at 6:59 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson <[EMAIL PROTECTED]>
wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery)
relies on ICMP to automagically deter
.. :-)
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "BSD Wiz" wrote:
>
sure, but i'm not filtering traffic on port 80 by IP and all www
traffic seems to work fine. please let me know if you prefer this
an another format.
>
this has me stumped...
>
>
thanks!
>
-phil
>
>
here's the WAN Rules;
>
>
s in your state table when users on the lan try to go to
the site?
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:29 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
i can only telnet to port 80 from the pfsense box. i cannot telnet
from my mach
yourself by bypassing the firewall.
Adam
BSD Wiz wrote:
logging is already turned on for the drop all rule. it doesn't
show anything getting blocked when i go to subaru.com.
let me try the any to any rule.
thanks!
-phil
On Oct 1, 2008, at 6:19 PM, Tim Nelson wrote:
And a big '
i can only telnet to port 80 from the pfsense box. i cannot telnet
from my machines on the lan.
if i try and ping subaru.com it resolves to 67.202.194.73 but it
seems that they drop ICMP traffic.
thanks,
-phil
On Oct 1, 2008, at 6:24 PM, Curtis LaMasters wrote:
Can you telnet to port 80
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any rule.
thanks!
-phil
On Oct 1, 2008, at 6:19 PM, Tim Nelson wrote:
And a big 'Sorry' to the list for not removing that huge chunk of
XML from my
Subject: Re: [pfSense Support] Can't connect to subaru.com on port 80
It may be helpful to see your rulesets on your LAN and WAN
interfaces... or paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- "BSD Wiz&qu
helpful to see your rulesets on your LAN and WAN
interfaces... or paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
----- "BSD Wiz" <[EMAIL PROTECTED]> wrote:
i'm connected via cable modem, mtu is set to
i'm connected via cable modem, mtu is set to 1500.
thanks
-phil
On Oct 1, 2008, at 5:23 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port 80 and 443. I have
also(just to be sure) allowed *ALL* traffic out from my static ip on
my macbook. Problem is I can't get to the site subaru.com.
I don't see anything in the logs and I
Amen.
-phil
On Sep 24, 2008, at 5:22 PM, RB wrote:
As Pfsense is derived from Monowall and monowall has recently, in
the
1.3beta12, incorporated ipv6, I was wondering how difficult it is
going to
be to port the changes in monowall to pfsense?
This question comes back up every few month
Yep, I see that. My bad.
Thanks!
-Phil G
On Sep 8, 2008, at 9:56 AM, Angelo Turetta <[EMAIL PROTECTED]
> wrote:
BSD Wiz wrote:
yep, that is how i created the rule, on the WAN interface and so
far so good. i've made about 20 calls and none of them failed so
we'
yep, that is how i created the rule, on the WAN interface and so far
so good. i've made about 20 calls and none of them failed so we're
looking good...
thanks!
-phil
On Sep 6, 2008, at 7:20 PM, Bill Marquette wrote:
On Sat, Sep 6, 2008 at 3:52 PM, BSD Wiz <[EMAIL PROTECT
i should enable static nat on the interface that my voip router is
on, which is my dmz correct?
thanks,
On Sep 6, 2008, at 3:35 PM, Scott Ullrich wrote:
On Sat, Sep 6, 2008 at 4:23 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
after doing considerable research with tcpdump on my WAN int
a 1:1 NAT using YOUR external IP, not the IP of the
service (ie. 216.181.136.7 in your example below should be whatever
your external IP is, not that of Lingo). The internal is still
10.0.0.1 (assuming that's your internal machine doing Lingo VOIP).
--Bill
On Fri, Sep 5, 2008 at 9:17 PM, BSD W
below should be whatever
your external IP is, not that of Lingo). The internal is still
10.0.0.1 (assuming that's your internal machine doing Lingo VOIP).
--Bill
On Fri, Sep 5, 2008 at 9:17 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
man O man still getting blocked,
tried calling my Vo
ternal is still
10.0.0.1 (assuming that's your internal machine doing Lingo VOIP).
--Bill
On Fri, Sep 5, 2008 at 9:17 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
man O man still getting blocked,
tried calling my VoIP phone from my cell phone and the traffic was
blocked
again by
a 1:1 NAT using YOUR external IP, not the IP of the
service (ie. 216.181.136.7 in your example below should be whatever
your external IP is, not that of Lingo). The internal is still
10.0.0.1 (assuming that's your internal machine doing Lingo VOIP).
--Bill
On Fri, Sep 5, 2008 at 9:17 PM,
IPSEC -> vpn
block
enc0
keep state
Drop All Packets
Thanks!
-phil
rough?
thanks gents.
-phil
On Sep 5, 2008, at 8:12 AM, Paul Mansfield wrote:
BSD Wiz wrote:
ah, i don't have any 1:1 nat entries, or static routes for this
firewall
issue. so when the traffic hits the WAN interface perhaps it's not
always finding it's way to the voip box in th
ow traffic from 216.181.136.7 but no port
forwarding, static routes or 1:1 nat entries.
thanks,
-phil
On Sep 4, 2008, at 7:21 AM, Paul Mansfield wrote:
BSD Wiz wrote:
please allow me to pose this question again. i am trying to allow all
traffic from a specific source ip into my DMZ(10.0.0.0/24
ssues you're having.
Hope this helps,
-Reza
-----Original Message-
From: BSD Wiz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 5:36 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] rule not working correctly
yes, it's causing problems. my phone won't ri
;t
horrid, but kinda overkill. I've always loved how Vonage doesn't need
any special firewall rules to work.
-Original Message-
From: BSD Wiz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 03, 2008 10:41 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] rule not
single IP.
-phil
On Sep 3, 2008, at 10:24 PM, Christopher B. Uthe wrote:
What kind of VOIP are you working with, can specific ports be
used/configured? Better Idea to forward specific ports vs all traffic
if you can do it.
Chris
-Original Message-----
From: BSD Wiz [mailto:[EMAIL
was getting blocked.
thanks,
-phil
On Sep 3, 2008, at 7:10 PM, Chris Buechler wrote:
On Wed, Sep 3, 2008 at 7:54 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
please allow me to pose this question again. i am trying to allow all
traffic from a specific source ip into my DMZ(10.0.0.0/24
please allow me to pose this question again. i am trying to allow all
traffic from a specific source ip into my DMZ(10.0.0.0/24) for my
VoIP phone. the problem is that it's not always passing the traffic
and some times it's getting blocked.
i have created a rule on my WAN interface as follo
i made all the changes you suggested and restarted the server and
client but still to no avail. here is my current config files;
Server:
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
dev tun
proto tcp-server
cipher BF-CBC
up /etc/rc.filter_configure
down /etc/rc.filter_configu
UDP?
If you try it just don't forget to open the correct protocol in your
firewall rules.
Regards
Mark
-Original Message-
From: BSD Wiz [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 3 September 2008 2:01 PM
To: support@pfsense.com
Subject: [pfSense Support] openvpn and road warrior
hi,
i'm trying to get openvpn running on pfsense 1.2 working with
tunnelblick on my macbook. the link below shows my server config,
client config, and client log file. any suggestions are appreciated.
http://pastebin.com/d50a50091
thanks,
-phil
---
59 matches
Mail list logo
