On 9/13/06, Jesse Peterson [EMAIL PROTECTED] wrote:
On line 67 of vpn_pptp_users_edit.php of pfSense RC2 the preg_match()
to check for a valid password is too strict for my use. I
circumvented it by backup/manual edit of config/restoring the
config. Specifically I needed an exclamation point
On 9/9/06, Robert Carr [EMAIL PROTECTED] wrote:
I realize pfsense isn't SMP-capable, but would it run
on a core-duo (or core-solo processor)? Or are these
processors totally unsupported for now?
If FreeBSD 6.1 runs on it, pfSense should be able to.
--Bill
On 9/6/06, Robert Mortimer [EMAIL PROTECTED] wrote:
I accept that I have an unusual layout. In some ways it was based on the
CARP documentation so it is not a great surprise that it includes about the
_only_ legitimate use for this feature. I am OK with the fact that what I
am doing is
On 9/6/06, Pierre Frisch [EMAIL PROTECTED] wrote:
So if I understand correctly you are porting pfsense to 6.2 instead
of back porting the driver? That looks like a fabulous solution and
quite a bit more sustainable for the future.
Exactly. And takes the risk out of a backport (which looked
Robert has about the _only_ legitimate use for this feature. And an
interesting network layout to boot. I suspect we don't allow for
duplicate VHIDs though which would be required to make this work.
Other than that, in his case, I'd expect that this should more or less
do the right thing - as
a day or two (work is eating up a lot of
my hacking time right now) to retool our build/patch system - at that
point I can send a test kernel your way.
--Bill
On 9/1/06, Pierre Frisch [EMAIL PROTECTED] wrote:
Let me know your conclusions and will talk.
Pierre
On 1-Sep-06, at 4:17 PM, Bill
On 9/1/06, Pierre Frisch [EMAIL PROTECTED] wrote:
Hi Bill,
How much was the bounty?
Not sure...probably only $50 or so. The thread was removed from the
forum at some point.
I guess I don't understand the problem. Why had the driver got to be
backported for each version? How is pfsense
On 9/1/06, Pierre Frisch [EMAIL PROTECTED] wrote:
If all it takes is $50 I would be happy to oblige the board did cost
me $500 and it is worthless without a driver.
Understood, they aren't cheap boards. To be clear, what I'm offering
is to provide a replacement kernel (that can be uploaded as
Not sure how FAST_IPSEC solves this problem, but FWIW it's already
enabled in the pfSense kernel. Why doesn't the builtin IPSec work for
you (if it's due to the Cisco proprietary goo on the other end then no
need to answer)?
--Bill
On 8/30/06, Alvaro Pietrobono [EMAIL PROTECTED] wrote:
Hi,
Where's this log coming from? The NLB boxes, or the pfSense box?
--Bill
On 8/30/06, Scott Williamson [EMAIL PROTECTED] wrote:
Example of the log:
Aug 30 14:19:16 Grey_Skull 172.16.50.102:3292 172.16.50.109:443 TCP
-
On 8/25/06, Robert Mortimer [EMAIL PROTECTED] wrote:
Carp is the simple way to balance across this setup. Is there a way to use
the load balancer on the CAP NIC instead. All examples seem to have a 1
box solution
Is the ADSL PPPOE? If so, does the PPPOE terminate on the DSL modem,
or the
On 8/25/06, Robert Mortimer [EMAIL PROTECTED] wrote:
You'll want to reboot after making that change. This naturally isn't
supported, but if you understand how carp balancing works, it's still
configurable.
This is the case outlined in the Docs
Yeah, see, the problem is that most people
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote:
On 8/24/06, Robert Mortimer [EMAIL PROTECTED] wrote:
I have 2 ADSL lines each with it's own pfsense box.
I have set up CARP to provide a common LAN address shared
between the two
boxes
Should this configuration load balance? At
I'd post this on freebsd-net or an openbgp mailing list (is there
one?)...OpenBSD which develops openbgp has fixed numerous bugs since
OpenBSD 3.7 released, I'd be willing to bet that OpenBSD 3.9 w/
OpenBGP 3.9 (if we consider the version of OpenBGP to be the same as
the OS it was developed on)
On 8/18/06, Scott Ullrich [EMAIL PROTECTED] wrote:
On 8/18/06, Robert Mortimer [EMAIL PROTECTED] wrote:
Developer CD Questions
Is there fuller documentation on the use of the pfSense or similar
development setups around?
More specifically
1) Is the developer CD supposed to provide a jail
No reason this shouldn't work.
--Bill
On 8/17/06, Raja Subramanian [EMAIL PROTECTED] wrote:
I'm sorry if this is common knowledge, I did not get anywhere by
trawling the forum and mailing list archives.
I have a dual wan setup (WAN, OPT1), my ISP has provided me two
public IP addresses in
The DNS override only works for items querying pfsense, not for
pfsense itself. It and the daemon that does the DNS overriding
(dnsmasq) use resolv.conf which should be populated with your ISPs DNS
servers. You appear to have a bit of a catch-22. Since you have a
FULL resolver internal to your
On 8/12/06, Samer Chaer [EMAIL PROTECTED] wrote:
Dear Sirs,
I want to install PFsense 1RC2 on a 256MB USB KEYDRIVE is that possible?
Shall I use the same menu option 98 from the LiveCD?
Thanks,
Samer
Why don't you try it and report back?
--Bill
On 8/12/06, Samer Chaer [EMAIL PROTECTED] wrote:
Dear Sirs,
Where to download the squid package for PFsense, is there any documentation
about installing it and running it?
As you've been told on IRC, you need to be running a Full Install.
The LiveCD is basically for demo purposes.
--Bill
On 8/11/06, Robert Mortimer [EMAIL PROTECTED] wrote:
I want to check my changes against a running version of HEAD. I have a
running RC2 for development. What is the best way to update to HEAD now
cvs_sync.sh is no more?
Should I just nuke the box and install the developer edition?
If so is
On 8/10/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Hi all!
I've just installed RC2, and I've seen there is the demon l2tpd.. is it
working? I know there is not a menu section, but is it possible to use it?
Thank you!
Tom
The code for that is only in HEAD.
--Bill
On 8/10/06, Robert Mortimer [EMAIL PROTECTED] wrote:
I've had a quick look at the OpenBSD docs and they indicate it runs
dhclient-script in the same way as ISC's dhc client so all should be OK
can anyone tell me where the file containing the function
services_dhcpd_configure() and it's friends
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
I think it's in /etc/inc/services.inc - most of our non-GUI related
code is in /etc/inc.
--Bill
Where is the code that generates /tmp/rules.debug? I want to help find
the alias bug.
the alias bug ? I didn't
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
I think it's in /etc/inc/services.inc - most of our non-GUI related
code is in /etc/inc.
--Bill
Where is the code
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
On 8/10/06, Reuel ben Yisrael [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
I think it's in /etc/inc/services.inc - most of our non-GUI related
On 8/9/06, Scott Ullrich [EMAIL PROTECTED] wrote:
On 8/9/06, Robert Mortimer [EMAIL PROTECTED] wrote:
Flash of understanding
Updates are tied into DHCP CLIENT to update changes to pfsense's interfaces
Updates are not tried into DHCPD to update information on leases issued
Sorry for the
On 8/3/06, Jonathan Wanak [EMAIL PROTECTED] wrote:
Hi,
I'm trying to get the serial console to work. I'm running pfSense RC2, on the hard drive on
a PII Dell Optiplex, connected to my Windows XP machine with a null modem cable. Connection
settings are 9600/8/N/1/HW handshaking. I have
On 8/4/06, Nick Smith [EMAIL PROTECTED] wrote:
Gary Buckmaster wrote:
Scott Ullrich wrote:
On 8/3/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
Aren't those Opteron based? If so, then you're out of luck, because
pfSense is currently not an x64 platform.
Opterons will run just fine on 32
On 8/4/06, A. Jones [EMAIL PROTECTED] wrote:
I have a whole subnet, routing is what I need.
The computers also MUST have public IP addresses assigned to their
interfaces.
That will also screw me over when one of the subnets needs to talk to the
other subnet using public IPs
Not for inbound traffic it isn't.
--Bill
On 8/4/06, A. Jones [EMAIL PROTECTED] wrote:
The original rule on the firewall is already good for that.
From: Bill Marquette [EMAIL PROTECTED]
Reply-To: support@pfsense.com
To: support@pfsense.com
Subject: Re: [pfSense Support] Can't get basic routing
On 8/4/06, A. Jones [EMAIL PROTECTED] wrote:
When you send (initiate) a packet out on port abc, and it is allowed
through, the firewall opens up a hole (which is stored in the state table)
that allows a response from the IP the packet was sent to on the return port
specified in the packet.
You
On 8/2/06, Nick Smith [EMAIL PROTECTED] wrote:
Im getting this error when trying to reset the admin password via the
console:
Error: cannon determine root pwd in sync_webgui_passwords().
Effectively locking me out of the firewall.
Is there anyway to correct this?
I was hoping to upgrade to
On 8/2/06, Bill Marquette [EMAIL PROTECTED] wrote:
Not with that error message you aren't. That came from HEAD. Please
reinstall. Thanks
PS. for those still wondering why cvs_sync.sh is gone...here you go.
--Bill
On 8/2/06, Nick Smith [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
On 8/2/06, Bill Marquette [EMAIL PROTECTED] wrote:
Not with that error message you aren't. That came from HEAD. Please
reinstall. Thanks
PS. for those still wondering why cvs_sync.sh is gone...here you go.
--Bill
Works here on
6.0.2800.1106.xpsp2.050301-1526CO
SP1; Q822925; Q837009; Q867801; Q903235
--Bill
On 8/1/06, macafee [EMAIL PROTECTED] wrote:
My IE Browse version is 6.0.2900.2180.xpsp_sp2_rtm.040803-2158
The IE ERROR IS
Line:324
Char:1
Error:Object expected
Code:0
On 7/28/06, Jure Pečar [EMAIL PROTECTED] wrote:
On Fri, 28 Jul 2006 16:08:51 +0200Espen Johansen [EMAIL PROTECTED] wrote: The only time I have seen behaviour like this is when either the nic
or the cable has issue, when everything stopped it was the card trying to autosense half duplex because of
Post full dmesg please. Thanks--BillOn 7/27/06, Carlos Silva [EMAIL PROTECTED] wrote:
Hi Scott.Doesn't have Sound device on my machine.And not find pnp or Plug and Play entries on Bios Setup.I have two onboard network adapters.1) Intel PRO/100 82562GT.2) Broadcom Gigabit BCM5721KFBG.
freebsd#
On 7/27/06, David Strout [EMAIL PROTECTED] wrote:
http://forum.pfsense.org/index.php/topic,1383.0.htmlI am baffled by the above post on the forum.Likeit or not pfS devs ... PPTP is here to stay and
has it place in networking.I am not a bigsupporter of it personally and I am fully aware ofits
When we've confirmed that it works. You will want to install the full
update or reinstall (in fact, anyone that's used cvs_sync.sh should).
--Bill
On 7/26/06, Tunge2 [EMAIL PROTECTED] wrote:
When is RC2 available? if i run the cvs update, the version number chance to
RC2?
2006/7/25, Rob
On 7/24/06, Stéphane Karges [EMAIL PROTECTED] wrote:
Hello All,
Any known a solution for use the outgoing loadbalancer only in case off one
connexion is down, I want use connexion WAN and if this connexion is down
redirect all on OPT and reverse.
Is it possible ?
Not yet, that's work in
On 7/24/06, Stéphane Karges [EMAIL PROTECTED] wrote:
Thanks bill,
Tell me when it's ok in test version, I can make a test for you if you want
!
And tell how to ?
It's not going to be in a release version (in any format) for some
time. It's in our CVS tree however, so anyone willing to sync
Fixed, thanks for the tip! I've requested an MFC on this, so it
should show up in RELENG_1 shortly.
--Bill
On 7/20/06, Günter Müller [EMAIL PROTECTED] wrote:
Reply to myself ...
After further digging around and getting a better understanding of the code
I now realise that interfaces.inc is
was
not recognised as valid syntax for variable references. That is why I
logged it as a bug instead of a feature request. Just my 2 cents ...
Günter.
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Friday, 21 July 2006 10:51
To: support@pfsense.com
Subject: Re
On 7/19/06, Raja Subramanian [EMAIL PROTECTED] wrote:
Is there some place where we can peek at the new/exciting features
in the dev tree that are yet to make their way into public releases?
Are the official features webpage
http://www.pfsense.com/index.php?id=26
and the wiki
On 7/17/06, Charles Sprickman [EMAIL PROTECTED] wrote:
On Mon, 17 Jul 2006, Chris Buechler wrote:
I have a couple, but no USB CD-ROM drives. :/ Last I checked, they cost way
more than I'd be willing to spend on one.
Unless I'm confused, you can make any old CD-ROM a USB CD-ROM by
On 7/18/06, Tunge2 [EMAIL PROTECTED] wrote:
The Lan interface rules are:
TCP/UDP LAN net 22 (SSH) * * * SSH
LAN
* LAN net * * *Load Balance
Default LAN - any
Ive tryed to add rules to the WAN and OPT
On 7/18/06, Alastair Stevens [EMAIL PROTECTED] wrote:
Hi - I've seen that you can disable the *console* menu, but is it possible
to disable the menu for remote SSH connections, so that we get straight to a
shell? We'd like to be able to run a remote command from a script, for
testing and
the load balance option from PFsense
all traffic goes well (SSH, telnet) I don't get any messages in the log file
-Oorspronkelijk bericht-
Van: Bill Marquette [mailto: [EMAIL PROTECTED]
Verzonden: zaterdag 15 juli 2006 0:36
Aan: support@pfsense.com
Onderwerp: Re: [pfSense Support] load
On 7/17/06, Alastair Stevens [EMAIL PROTECTED] wrote:
Hi - well this sounds interesting, though not very encouraging! The whole
thing is set up on a test bench at the moment, and as it happens, we are
using *different* types of switches on different interfaces. The LANs are
using 24-port
Spanning tree port lockout will nail you pretty hard with CARP. Make
sure your switch ports (if managed switches) are in port fast. Also,
make sure that you haven't inadvertantly turned on port security and
limited the port to a single MAC (each CARP VHID uses a MAC along with
the physical
Fails in what way? You mean, when a WAN goes down you get
disconnected (to be expected)?
--Bill
On 7/14/06, Tunge2 [EMAIL PROTECTED] wrote:
hello,
We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006
machine. The load balance seams to work great at web traffic (if we
http://www.google.com/search?q=ftpsesamestart=0ie=utf-8oe=utf-8client=firefox-arls=org.mozilla:en-US:official
--Bill
On 7/12/06, Tunge2 [EMAIL PROTECTED] wrote:
What is ftpsesame for process/application? And why is it showing up in our
log files? Our rl2 interface is disabled so why is the
On 7/12/06, Tunge2 [EMAIL PROTECTED] wrote:
Ive download the cvs files, and upload them to our (test) PFsense machine
and select PPPOe on the OPT port. I know the files are still under
development. The error that we are getting if we select PPPOE on the OPT
port are:
The following input errors
On 7/12/06, Quirino Santilli [EMAIL PROTECTED] wrote:
Hi guys,
my head is crashing again with the connection problem between my pfSense
branch office firewall and my main Microsoft ISA 2004 trough IPSEC.
Yesterday in the microsoft docs i found informations about establishing
an IPSEC
On 7/10/06, Alastair Stevens [EMAIL PROTECTED] wrote:
Dear Scott (and other developers)
As I mentioned the other day, we're very interested in WAN failover
capability, and it appears that there are others who would also like this
functionality.
I'm interested to know whether this feature is
On 7/10/06, Bill Marquette [EMAIL PROTECTED] wrote:
At some point in the next few days I'll put up a blog entry as to what
I'm planning on working on if anyone is interested in donating to a
specific item.
http://hitormiss.ucsecurity.com/index.php/2006/07/10/pfsense-hackathon-2006-plans
One of our newer servers also takes PC3200 ECC memory. I believe these work:
http://www.newegg.com/Product/ProductList.asp?N=2010170147+1052308477+1052407862+1052507867+1052607868Submit=ENESubCategory=147
or two of KTH-DL385 1G kits would bring this box up to 3G (and allow
us to make some
On 7/7/06, Robert Carr [EMAIL PROTECTED] wrote:
I don't know how much better the performance will be,
but OpenBSD developers have repeatedly suggested using
Gig-E interfaces.
Larger on card buffers means less interrupts. Less interrupts means
more work done handling packets. Obviously you'll
On 7/6/06, Scott Ullrich [EMAIL PROTECTED] wrote:
On 7/6/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
Is there interest that we make a UPnP?
I have 0 interest in it but if someone wants to do the work, go for it.
I'd like to see someone do it...I think at least two
On 7/4/06, Angelo Turetta [EMAIL PROTECTED] wrote:
I get an error viewing this page
http://cvstrac.pfsense.com/rlog?f=pfSense/etc/inc/filter.inc
Note that replacing 'filter.inc' with any other file (e.g. system.inc)
works as expected.
Thanks, looking into it now. That's certainly a
On 7/3/06, Craig Silva [EMAIL PROTECTED] wrote:
Here's a bit of information on related:
RELATED packets are similar to ESTABLISHED packets, but something is
different. These are packets that are related to an established connection,
but are not part of the connection. So far, the only confirmed
On 7/2/06, Craig Silva [EMAIL PROTECTED] wrote:
Are there any example rule sets for a standard type firewall without the
default rule that allows all lan sourced traffic (if there is such a thing)
for a wan, lan and dmz type firewall?
That's certainly something we'd hoped people would do :)
On 6/30/06, Steve Spiker [EMAIL PROTECTED] wrote:
Does anyone know if the pfsense supports 2 LANS, Everything that I searched
for comes up as 2 WANS..I need to separate one pc from the rest of the
network please let me know if any one has done this…Thanks again. Steve
Yes...opt interfaces.
FWIW, after 1.0 this will break as we are no longer using HTTP Basic
auth. At that point you'll have to switch to using xmlrpc.
--Bill
On 6/27/06, Imre Ispánovits [EMAIL PROTECTED] wrote:
On Tue, 27 Jun 2006 10:59:39 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
Use exec_raw.php and simply
On 6/26/06, Tom Müller-Kortkamp [EMAIL PROTECTED] wrote:
IMHO you don't need CARP for a redundant Bridge when you enable stp
(which is enabled in PFSense)
I testet a Failoverbridge with an older version and it worked for
me...
Depends on if the 45 second STP lockout is quick enough for you :)
On 6/24/06, Steve Spiker [EMAIL PROTECTED] wrote:
Hello Holger,
Once again I wanted to say thanks. the reconfiguration works. I no
longer have errors with the traffic shaper. I just changed one setting
seemed to work.Im going to call my isp and demand a new modem. Does great I
just
On 6/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
My Cheap CF Card I was using to kida test PFSense
just Died. No fault to anything except that I
used cheap hardware. I am looking at spending a
little bit more money to get a transcend card to
install it on. I just wanted to see if anyone
Rules for question number one. And no, it's a 32-bit counter that
wraps at 4Gb - OS limitation, we're not going to be changing that.
On 6/20/06, toxikco2 [EMAIL PROTECTED] wrote:
pfSense Team,
I was wondering if there is a way to turn ICMP ping requests to the
WAN interface on. Also if there
On 6/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
I've just upgraded to RC-1 (embedded)
When traffic shaper enabled, I receive the following error messages:
There were error(s) loading the rules: /tmp/rules.debug:671: tags
cannot be used without keep state /tmp/rules.debug:671: skipping
On 6/13/06, Raja Subramanian [EMAIL PROTECTED] wrote:
On 6/13/06, Holger Bauer [EMAIL PROTECTED] wrote:
beta4 doesn't report this, but RC1 is sending some syslog info about the
monitor IP:
Jun 13 09:33:08 slbd[412]: Service wanpool changed status, reloading
filter policy
All the
Src port: *
Dst: 192.168.150.0/24
Dst port: *
Gateway: wan1 gw.
So the 192.168.150.0/24 is my remote pvn network, and the other the local LAN.
Is this what you propose?
Kind regards,
Bo
-Oprindelig meddelelse-
Fra: Bill Marquette [mailto:[EMAIL PROTECTED]
Sendt: 9. juni 2006 16:40
Til
You'll need a rule for the remote networks that bypasses the load
balance rule and just uses the default gateway. The way we have load
balancing working with multiple wans bypasses the kernel routing
table.
--Bill
On 6/9/06, Bo Rasmussen [EMAIL PROTECTED] wrote:
Hello all,
We have setup one
I answered this in another thread ([pfSense Support] pfsense beta-4
multiple ipsec clients from lan to wan) less than two hours ago.
--Bill
On 6/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
I just updated to latest releng_1 and it still has this same problem.
I have a carp+dual wan
ntop package or pfflowd package and use a collector.
--Bill
On 6/8/06, Oscar Rylin [EMAIL PROTECTED] wrote:
Hi,
We're running pfSense on our company LAN (public /24, no NAT), filtering out
unwanted traffic, using pptp VPN etc. - everything's working great!
That said,
I'd love being able to
Not sure that we enable tunnel to tunnel routing. Not sure if there's
an option either, but that's what I'd look for.
--Bill
On 6/7/06, Brad Bendy [EMAIL PROTECTED] wrote:
Hello,
I have a setup as follows:
Core-Firewall
- -
- -
? I hope that but for version
1.0 it has to be done this way.
Holger
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 07, 2006 7:56 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] IPSEC Firewall Rules
Not sure that we enable tunnel
On 6/6/06, Angelo Turetta [EMAIL PROTECTED] wrote:
I think filtering both before and after NAT is out of scope (pf is not
designed to do that).
correct
What could be easily done to alleviate 'the missing' would be to add to
the 'rdr' UI the possibility to specify the FROM part of the rule.
On 6/6/06, Lawrence Farr [EMAIL PROTECTED] wrote:
So do you set these up as virtual IP's then? Or is it a recent change
(im still on RELENG_1_SNAPSHOT_03-26-2006).
No, allowing source address to be used in the port forward syntax
isn't in RELENG_1 and won't be. I think it's a good idea and
On 6/5/06, Chris Buechler [EMAIL PROTECTED] wrote:
Ah, ok, yeah you're right on that. But that's useless. Who cares what
the destination port was prior to NAT? That only matters if you open
up, say, port 88 and 888 on the WAN, going to the same internal host on
the same internal port, say
Wow, I go off and have a few beers and this turns into a 25 message discussion!
On 6/1/06, Randy B [EMAIL PROTECTED] wrote:
I find it irrelevant to the discussion what others are doing, though :-).
Simply that this concept is alien to me, and I'm trying to grasp
context - the more outside
On 6/2/06, Molle Bestefich [EMAIL PROTECTED] wrote:
Eric, thanks for providing use cases!
Sadly, I think I can dismiss them as requiring per-interface rulebases.
At the least, I'll try. You be the judge :-).
Eric W. Bates wrote:
A small IT company. Has a DMZ for their web/mail etc. Has a
Anti-spoofing is important and a sufficient use case. Please try to
convince us why we're wrong. We're not going to spend any time trying
to convince you why we're right.
--Bill
On 6/1/06, Molle Bestefich [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
I agree with Bill.
Covered that one
traffic with a source IP from the network(s) directly connected
to the specified interface(s) from entering the system through any other
interface.
--Bill
PS. how many threads are we going to have for this?
On 6/1/06, Chris Buechler [EMAIL PROTECTED] wrote:
Molle Bestefich wrote:
Bill
Per the forum he's running Beta 2. He's been advised to upgrade to
the latest beta as there were numerous load balancer fixes commited
after beta 2.
--Bill
On 5/30/06, Ebay [EMAIL PROTECTED] wrote:
did you change the gateway in the FirewallRulesLan to the load balancer
you created? I only
Why are you sending DNS queries from the outside world to dnsmasq?
Shouldn't these be forwarded to your bind server so that the world
view gets matched instead of your internal view?
--Bill
On 5/27/06, Paul Willard [EMAIL PROTECTED] wrote:
I've got a dns server locally which uses views.
from
On 5/26/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Okay if nobody has anything else rolling I need hard numbers on what
to implement. What are we going with...?
Let's try to keep this from flaming each other and keep it
constructive if possible. Either way this issue must change for 1.1.
32bit 33Mhz PCI slots? 500Mbit...approx.
--Bill
On 5/18/06, Ebay [EMAIL PROTECTED] wrote:
I am using an MSI motherboard with a 2 gig Celeron processor, 512 megs ram,
and 3ea realtec gigabit network cards. Does anyone know what kinda
thoughput would be possible in this configuration. I
On 5/17/06, Chris Buechler [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
It's as secure as the switches vlan implementation.
That and your switch configuration. Refer to your switch vendor's
documentation on recommendations for secure VLAN configurations. Even
though Cisco has gone to great
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using dedicated (untagged) vlans for each port in a
trunk configuration is a good idea too if your switch supports this.
Trunked vlans? How this looks like?
Again, I think my terminology is getting the better of me.
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
On Wed, 17 May 2006 15:32:41 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using dedicated (untagged) vlans for each port in a
trunk configuration is a good idea
As previously mentioned, this is entirely unsupported.
Use your FreeBSD system admin skillz to do the following:
pkg_add -r quagga
And then configure to your hearts content. And this has absolutely
been discussed - two seconds of googling came up with this:
On 5/16/06, Peter Curran [EMAIL PROTECTED] wrote:
Bill
Thanls for that info - looks like all states are going to set most of these
data chunks, so are likely to be bumping the 1K mark.
On a related point. I have bumped my max state size to 100K states. My
master is running with around 33K
This...
struct pf_state {
u_int64_tid;
u_int32_tcreatorid;
struct pf_state_host lan;
struct pf_state_host gwy;
struct pf_state_host ext;
sa_family_t af;
u_int8_t proto;
u_int8_t direction;
Well for me...I have commit access to pfSense, I don't for Sonic or Cisco ;-P
For everyone else...
1. Good luck getting a quick patch for a small bug from Cisco -
personal experience tells me that unless it's a sev 1 (network down)
AND you have a good support contract with them, you won't get
On 5/12/06, thomas hahusseau [EMAIL PROTECTED] wrote:
Hello,
I would like to know if it's possible to run the OSPF protocol on PFSense
via a plug-in (in this case where is it ?) or via a routing daemon like
quagga or zebra (in this case how can i compile this demon on whith pfsense
? there is
This also has been answered before. Use google.
--Bill
On 5/12/06, thomas hahusseau [EMAIL PROTECTED] wrote:
Hello,
i would like yo install routing demons Quagga on pfsens i found quagga
package for freebsd and transfered it on pfsense the install it , but
quagga.info tell me to modify the
Sounds like you upgraded the box, but not the pfSense development
checkout. Follow the full directions for building an update and you
should get a beta4 tarball.
--Bill
On 5/11/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Hi guys!
Just a question: I'm compiling a modified version of
On 5/11/06, D.Pageau [EMAIL PROTECTED] wrote:
On 4/26/2006 10:03 AM, Henk van Kester wrote:
It looks like the OPENVPN log is not working? (Beta3)?
I confirm on BETA4 log are in system.log instead of openvpn.log
I've also found a cutpaste error in diag_logs_openvpn.php where
- ?php
Update /etc/platform to read pfSense instead of embedded I believe.
--Bill
On 5/10/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I run pfsense on a wrap platform. I'm aware of the differences in the image
(R/O CF mount, no packages, etc).
I'd like to replace my CF card with a 1GB (or larger)
On 5/4/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
Hello, I'm thinking about developing an IPS to pfsense. Does anybody knows
how to kill tcp connection or udp connection in pf based in string match?
For specific states, to use pf(4) to kill it you will need to add
401 - 500 of 769 matches
Mail list logo