Not to take anything away from pfSense. Because
pfSense rocks at
layer 2 3.
But you might look at IPcop w/ L7-filter.
http://l7-filter.sourceforge.net/
http://www.ipcop.org/index.php?module=pnWikkatag=IPCopAddons
In fact we use pfSense with this very same
add-on(s) (IPcop
L7-Filter) at
I did as you'd said below and found no difference,
but one thing I did notice is that when doing the
upgrade that (I thought) broke reflective
routing appears to have unchecked the option
under the advanced section about bypassing rules
for networks that share the same interface.
I have always
So let's see if I am getting this
If the intermediate router sees the destination
address as part of its connected network then
it passes the packet to the destination directly.
Then the destination host sees its default
gateway as the pfSense box and passes the return
traffic to it and
I just updated our 1.2.1-RC2 to the newest SNAP:
1.2.1-RC2
built on Thu Nov 27 13:35:44 EST 2008
I had been having issues w/ reflective routing in
past 1.2.1 SNAPs but it got resolved back a couple
weeks ago with a new SNAP.
After this morning update I see that it is broken
again. I preform
As a follow up to this post ... here is the ticket
that fixed this issue earlier in the 1.2.1 testing
SNAP
http://cvstrac.pfsense.org/chngview?cn=26056
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: [pfSense Support] Reflective routing
broken in newest
Message -
SUBJECT: Re: [pfSense Support] Reflective routing
broken in newest
1.2.1-RC2 SNAP
FROM:[EMAIL PROTECTED]
TO:[EMAIL PROTECTED]
DATE: 11-27-2008 11:22 am
On Thu, Nov 27, 2008 at 10:55 AM, DLStrout wrote:
I just updated our 1.2.1-RC2 to the newest SNAP:
1.2.1-RC2
built on Thu Nov 27 13
If I back down (using the console UG method - 13)
to the image below (from mirror) and restore the
backed-up configuration (interfaces portion only)
... all seems to work as before.
pfSense-Full-Update-1.2.1-RC2.tgz 19-Nov-2008
21:5439M
--
David L. Strout
Engineering Systems Plus,
-
Subject: Re: Re: [pfSense Support] Reflective
routing broken in newest 1.2.1-RC2 SNAP
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-27-2008 7:34 pm
On Thu, Nov 27, 2008 at 6:16 PM, DLStrout
[EMAIL PROTECTED] wrote:
Let me know if I can provide anything else.
I want to see
It looks like it is getting hung up on the way
back out of the virtual (test) environment
Nov 27 21:41:55 LAN 192.168.22.22:5900
192.168.1.2:33150 TCP
The rule that triggered this action is:
@62 block drop in log quick all label Default
deny rule
And I have the
Turn off automatic NAT and check your NAT rules w/
status.php page.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: [pfSense Support] Routed Subnet
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-23-2008 11:46 am
Hi All,
I'm trying to
Absolutely NOT disappointed at all, just pointing
out an issue ... quite the contrary in fact, and I
am as anxious as any to see some of the fantastic
new features of 2.0 in a STABLE release. Really
just try to provide some input into 2.0 from our
prospective.
So just so I have this straight ..
--
On Tue, Nov 11, 2008 at 8:31 PM, DLStrout [EMAIL
PROTECTED] wrote:
Excellent .. is this change committed to both
1.2.1 and 2.0 versions?
Yes.
--
David L. Strout
Engineering Systems Plus, LLC
I've notice in recent releases that reflective
routing is broken.
Most notably all releases 1.2 STABLE.
The most notable is having multiple routers on one
network and being
able to default gateeways the host of that network
and place static
routes on the gateway (pfSense) and have it
reflect
PM, DLStrout wrote:
I've notice in recent releases that reflective
routing is broken.
Most
notably all releases 1.2 STABLE.
Fixed.
http://cvstrac.pfsense.org/chngview?cn=26056
-
To unsubscribe, e-mail:
[EMAIL PROTECTED
I've been running CP on a 1.2 install for about 6
months now and we now are noticing that there is
no authentication happening.
Thing we've tried:
Moving the CP to another interface (ie WLAN (WAP
connected ethernet)).
Starting and restarting the CP service (fails
the webConfigurator when we
us that use this setup and
know it
IMHO .. as always!
- Original Message -
Subject: Re: Re: [pfSense Support] Force
Speed/Duplex on NIC
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 11-06-2008 9:53 pm
On Thu, Nov 6, 2008 at 6:21 AM, DLStrout
[EMAIL PROTECTED] wrote
Is there a default password to decrypt the
config.xml file in the
latest 1.3AA?
I recently updated 1.3Ax2 and now get prompted for
a password to
decrypt the config.xml and if I CTRL-C out the box
will only come up
in single user mode.
Any insight is great appreciated
-
Subject: Re: [pfSense Support] config.xml decrytp
???
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 10-26-2008 10:54 am
On Sun, Oct 26, 2008 at 9:54 AM, DLStrout
[EMAIL PROTECTED] wrote:
Is there a default password to decrypt the
config.xml file in the latest
1.3AA?
I recently updated
Is there a special list/forum for 1.3 Alpha/Alpha
questions ... just
don't want to muddy the water here with alpha
testing questions.
Thanks!
Just a small this time through on ...
pfSense-20080803-1138.iso.gz
/libexec/ld-elf.so.1:
/usr/local/lib/php/20060613/xml.so: Undefined
symbol XML_ParseCreate_MM
Just wanted to keep up with testing.
--
David L. Strout
Engineering Systems Plus, LLC
Bill, Anyone,
Would it be possible to get notified when you all
feel this issue is
resolved and ready for -re-testing??
I'd welcome the opportunity to dive into 1.3 A2X,
but unfortunately
we are short on standalone server hardware ... so
VM is my only
option now.
--
David L. Strout
Engineering
I was just wondering if there was something
drastically broke in the
past latest release? Why the removal (just to
far out of date?)
I uninstalled on a test box and I can't even get
it back in its old
version/state ... is there a reason that the older
version wasn't left
available? Seem that
:26 PM, DLStrout wrote:
Bill, Anyone,
Would it be possible to get notified when you
all feel this issue
is
resolved and ready for -re-testing??
I'd welcome the opportunity to dive into 1.3
A2X, but unfortunately
we are
short on standalone server hardware ... so VM is
my only option
now.
It's
, DLStrout wrote:
et al,
So I was inspired to dig into the newest Alpha2X
1.3 today and
fired up the
VM and was pleasantly greeted w/ an XML error:
XML error: no pfSense object found!
Any thoughts anyone???
--
David L. Strout
Engineering Systems Plus, LLC
I have been tinkering w/ the Shrew Soft VPN
client and was wondering
if there is anyway (maybe I'm missing it) to setup
IPsec clients to be
dhcp over IPsec or IKE config pull/push
clients? I see in the
Shrew docs that this method is supported by the
client, but I don't
see any options
of development (i.e. alpha-alpha).
SIDE NOTE:
Anyone having issues running 1.3 on VMware w/
Ubuntu 6.06LTS as the
host. I can start a seperate thread if there is
cause to.
Thanks again ALL !!!
DLStrout- Original Message -
SUBJECT: Re: [pfSense Support] IPsec VPN (Shrew
et al,
So I was inspired to dig into the newest Alpha2X
1.3 today and fired
up the VM and was pleasantly greeted w/ an XML
error:
XML error: no pfSense object found!
Any thoughts anyone???
--
David L. Strout
Engineering Systems Plus, LLC
I've watched the stream all afternoon and just
wanted to offer my .02
worth on the matter as we have a rather large
multi-VPN deployment
with a mix of solutioning to fit the appropriate
needs.
Point I:
I agree whole-heartedly that if you are in control
of the
workstations/laptops abroad and the
I upgraded a pfS box over vacation to SNAP:
1.2-RC3
built on Sat Dec 29 09:06:06 EST 2007
and I have several users that are complaining
(well not complaining .. cheering actually) that
they never get challenged for UN/PW. I just
confirmed this with my WiFi laptop and sure enough
... no UN/PW
Another complexity seems to be that when I restart
or stop/start the lighttpd service it chokes the
webConfigurator (ie. no web management service)
and I have to restart the webConfigurator with the
shell option 11.
Just an added FYI.
--
David L. Strout
Engineering Systems Plus, LLC
-
the purpose I suspect.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] CP broken ??
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 01-04-2008 6:33 pm
DLStrout wrote:
I upgraded a pfS box over vacation to SNAP:
1.2-RC3
built
Good evening all
Just wondering if there are any plans for URL
aliases? I see that it was planned or has been
introduced into the HEAD build but I am
running 1.2 RC3.
I have several users that I would like to restrict
to several web sites ONLY and also apply a
schedule (using the
Just wondering if this is a known issue or is
there anyone who might lend some advice?
Should I submit a ticket on this issue? Has
anyone been able to reproduce? Should I upgrade
again to a more current build?
Thoughts, suggestions, feedback ?
- Original Message -
Has anyone
Has anyone experienced VIP/NAT issues w/ the
current rel?
1.2-RC3 built on Wed Oct 10 05:44:26 EDT 2007
=== HERE'S THE SETUP ===
OPT1-[host=10.0.0.100]
|
LAN--[net=192.168.1.0/24][pfSense=192.168.1.1/VIP=192.168.1.200]
|
WAN--[net=x.x.x.x]
=== HERE'S THE VIP SETUP ===
Nice .. THANKS
--
-- David L. Strout
-- ENGINEERING SYSTEMS PLUS, LLC
-- [EMAIL PROTECTED]
--
-Original Message-
From: Fuchs, Martin [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 19, 2007 12:23 PM
To: support@pfsense.com
Subject: AW: [pfSense Support] Squid package ?
Use the
This and other mail-list issues related to this NAT/routing/IPSec question
begs the question is/are there any plans to integrate NAT-T into
pfSense? I see there has been some brief chatter on this in the past, but I
was more looking for an update (if any) on what has been, or is being, done
-01/msg00035.html
-Original Message-
From: DLStrout [mailto:[EMAIL PROTECTED]
Sent: Monday, July 16, 2007 4:41 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] spoke and hub ipsec vpn?
This and other mail-list issues related to this NAT/routing/IPSec question
begs the question
Interesting I have tried opening up the IPsec policy to ANY ANY on
both the pfS1/2 boxes. I still see the traceroute (ICMP) packets heading to
INET from NET1 when tracing to a NET4 address.
Maybe a combo of IPsec policys and static routes??? Not quite sure, not
having any luck in trying
NOTE:
I wouldn't recommend trying to edit either of these 2 files through the
[webConfigurator: Diagnostics: Edit File] screen. I ssh'd to the
pfSense box and entered the shell and made the edits the old fashion way
w/ 'vi'.
Would it be possible to fix the following to files in the next
Would it be possible to fix the following to files in the next update?
/usr/local/www/diag_ipsec_sad.php
/usr/local/www/diag_ipsec_spd.php
Here is what I came up with ... let me know if I am wrong.
==
TYPE: File Modification
FILE:
Scott Ullrich wrote:
Please try 0.79.4 and report back if you have had problems with
previous LiveCD's.
I have just done update (0.79.2 0.79.4), and the first thing I noticed
is that you lose all states in the table after the update reboot (ie:
all connections broken - http, IPSec,
I am running 0.74.8 - had a little issue w/ the rules in porting the
config backup, but all-in-all everything is stable.
alan walters wrote:
Have no probs with ipsec on 0.74.6
-Original Message-
From: David Strout [mailto:[EMAIL PROTECTED]
Sent: 15 August 2005 18:55
To: [EMAIL
/usr/local/bin/lua50c51 /usr/local/share/dfuibe_lua/main.lua
dir.root=/FreeSBIE/ option.booted_from_install_media=true
[Fri Aug 12 15:50:31 2005]
Loading configuration file '/usr/local/share/dfuibe_lua/conf/uinavctl.lua'...
BSD Installer started
Loading configuration file
Is ther a fix or a plan for a fix?...and has anyone considered a
RRDTools replacement such as ifGraph as an alternative to SVG?
Bill Marquette wrote:
Yup. IE 6 apparently doesn't love us.
--Bill
On 8/12/05, David Strout [EMAIL PROTECTED] wrote:
Yes, I am running the WebGUI in https
As per the BLOG you want to know about any bugs uncovered in
testing the current ALPHA version (0.73.0).
I reported this in an earlier post but the issue
remains:
On the IPSec SPD page the delete and arrows still do not
show up in either IE6 or FireFox 1.0.6
Just thought you
Are there any plans for assigning multiple IP
addresses to the WAN interface?
]: error: PAM: authentication error for root from 192.168.1.xxx
(OPT/WLAN segment)
sshd[791]: error: PAM: authentication error for root from
192.168.100.xxx (LAN segmant)
Scott Ullrich wrote:
SSH: root / pfsense
WEB: admin / pfsense
On 7/29/05, DLStrout [EMAIL PROTECTED] wrote:
Everyone,
I am
47 matches
Mail list logo