2007. 02. 9, péntek keltezéssel 14.01-kor Scott Ullrich ezt írta:
HEADS UP!
IPSEC Filtering is now present in the 1.0.X branch first appearing in
todays snapshot.
By default on upgrade we will install a default PASS rule for the
IPSEC interface to permit traffic. So basically anyone
On Sat, 24 Jun 2006 14:50:39 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
We recently fixed a number of wireless issues, please run cvs_sync.sh
releng_1 from a shell.
Can the above be applied on embedded version as well?
signature.asc
Description: PGP signature
Hi,
I've just upgraded to RC-1 (embedded)
When traffic shaper enabled, I receive the following error messages:
There were error(s) loading the rules: /tmp/rules.debug:671: tags
cannot be used without keep state /tmp/rules.debug:671: skipping rule due to
errors /tmp/rules.debug:671: rule expands
On Sat, 17 Jun 2006 08:06:15 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 6/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
I've just upgraded to RC-1 (embedded)
When traffic shaper enabled, I receive the following error messages:
There were error(s) loading the rules: /tmp
On Sat, 17 Jun 2006 13:11:20 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
From: Scott Ullrich [EMAIL PROTECTED] Mailed-By: gmail.com
To: support @ pfsense. com support@pfsense.com
Date: Jun 17, 2006 1:02 PM
Subject: 1.0-RC1 Embedded image reposted as 1.0-RC1a
Due to the traffic
Hi,
My setup is a dualwan carp cluster consisting of two machines. Now it seems to
work fine, but as I monitor the traffic graphs on the Master and Backup
machines, they shows the same traffic activity. I thought the Backup should be
inactive or am I wrong again?
Best regards
Imre
On Tue, 30 May 2006 12:34:22 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
We don't have a CARP wizard. What are you talking about?
Sorry, I meant the menu (Firewall--Virtual IP's)
signature.asc
Description: PGP signature
Hi,
Here I'm again with my notorious carp problem. :(
I have created an infinite time this dual wan load-balancing carp
configuration.
The problem is that whatever I do the carp3 on xl2 become MASTER-MASTER which
is my DMZ subnet.
It doesn't matter if it si with dial or single wan, or with, or
On Tue, 16 May 2006 19:15:08 +0200
Angelo Turetta [EMAIL PROTECTED] wrote:
Ispánovits Imre wrote:
If in this switch I dont't find any possibility to define that tagged port
ten it means that this switch is unable to do this kind of job, or maybe if
I
define a port which belongs to all
On Wed, 17 May 2006 14:31:50 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Chris Buechler [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
It's as secure as the switches vlan implementation.
That and your switch configuration. Refer to your switch vendor's
documentation on
On Wed, 17 May 2006 15:32:41 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using dedicated (untagged) vlans for each port in a
trunk configuration is a good idea too if your switch supports this.
Trunked vlans
On Wed, 17 May 2006 16:25:20 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
On Wed, 17 May 2006 15:32:41 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using
Hi,
I totally newbe in vlan word :(
If I define vlans on one of the pfSense box's NICs, then should I create vlan
groups of the switch's ports as well? (it's a D-Link DES-1024)
Regards
Imre
signature.asc
Description: PGP signature
, and all inbound packets on
the interface _must_ also be tagged.
--Bill
On 5/16/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
I totally newbe in vlan word :(
If I define vlans on one of the pfSense box's NICs, then should I create
vlan
groups of the switch's ports as well? (it's
On Tue, 16 May 2006 18:12:49 +0200
Angelo Turetta [EMAIL PROTECTED] wrote:
Ispánovits Imre wrote:
This switch is a 24 ports one, which can be configured to 6x4 trunks. So I
guess I have to set max. 3 vlans on a NIC in pfSense and connect it to a
trunk on the switch, 3 free ports
On Tue, 16 May 2006 19:15:08 +0200
Angelo Turetta [EMAIL PROTECTED] wrote:
Ispánovits Imre wrote:
If in this switch I dont't find any possibility to define that tagged port
ten it means that this switch is unable to do this kind of job, or maybe if
I
define a port which belongs to all
Hi,
Does anybody can recommend usb ethernet nic which works with pfsense?
O.K. I know that is not a correct solution ,but there is no way to put more
cards in my box (there are 5 nic's already)
Best regards
Imre
signature.asc
Description: PGP signature
On Fri, 12 May 2006 13:07:05 +0200
Holger Bauer [EMAIL PROTECTED] wrote:
http://catalog.belkin.com/IWCatProductPage.process?Merchant_Id=Section_
Id=201487pcount=Product_Id=104991 works, but don't expect too much
throughput. It utilizes the AUE driver and doesn't support
trafficshaping. I use
On Mon, 8 May 2006 19:49:52 +0200
Ispánovits Imre [EMAIL PROTECTED] wrote:
On Fri, 5 May 2006 19:25:24 +0200
Ispánovits Imre [EMAIL PROTECTED] wrote:
On Fri, 5 May 2006 11:18:52 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
On 5/5/06, Ispánovits Imre [EMAIL PROTECTED] wrote
Hi,
I have a carp setup where the CARP-VIP for WAN1 is xxx.xxx.xxx.165, the
CARP-VIP for WAN2 is xxx.xxx.xxx.116 (both subnets are .../29).
In the DMZ I have among others a mail server with an IP of xxx.xxx.xxx.162.
I have to make outbound NAT's for the CARP-VIP's, but if I add an outbound
NAT
Hi,
Is there an easy way to enter default block private and bogon networks on the
2nd (OPT) wan interface? On the main wan it is enough to enable it. The list
is somewhere stored in the system, so it would be nice to avoid that long
typing. I've already did, but for the future :)
Best regards
I did.
Thank you
Imre
On Tue, 9 May 2006 08:02:30 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
We can add that post 1.0. Put in a feature request ticket for this
item in cvstrac and assign it to me please.
--Bill
On 5/9/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi
On Fri, 5 May 2006 19:25:24 +0200
Ispánovits Imre [EMAIL PROTECTED] wrote:
On Fri, 5 May 2006 11:18:52 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
On 5/5/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
The WAN's are plugged into Cisco routers (SOHO series provided by the
ISP
On Thu, 4 May 2006 17:36:05 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
What about the switch where both the wan and lan interfaces plug into?
They also need to be able to communicate with each other directly.
The WAN's are plugged into Cisco routers (SOHO series provided by the ISP).
On
On Fri, 5 May 2006 09:18:01 +0200
Ispánovits Imre [EMAIL PROTECTED] wrote:
On Thu, 4 May 2006 17:36:05 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
What about the switch where both the wan and lan interfaces plug into?
They also need to be able to communicate with each other directly
On Fri, 5 May 2006 11:18:52 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
On 5/5/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
The WAN's are plugged into Cisco routers (SOHO series provided by the
ISP).
On the LAN there are several switches and also on the DMZ. But how could
affect
Hi all,
I found these warning messages in the logs.
How serious is it? Is the PCI bus or the card (3Com) is too slow?
May 3 15:54:53 kernel: xl3: tx underrun, increasing tx start threshold
to 120 bytes
May 3 15:54:53 kernel: xl3: transmission error: 90
Best regards
Imre
--
This is
Hi,
I'm testing the pfSense CARP configuration on version
BETA3-PLUS-11548-PLUS-11567. Everything seems working fine exept that
both machines in the carp cluster is master. It's like the preemption
weren't enabled. In this version this option is missing in GUI setup
and supposed to be set by
On Thu, 4 May 2006 07:54:27 -0500
Ebay [EMAIL PROTECTED] wrote:
Are you using a dedicated interface for CARP sync?
Yes of course.
--
Skype: ispanovits_imre
This is Linux Land.
In silent nights you can hear the windows machines rebooting
signature.asc
Description: PGP signature
On Thu, 04 May 2006 10:51:08 -0400
Chris Buechler [EMAIL PROTECTED] wrote:
Ispánovits Imre wrote:
Hi all,
I found these warning messages in the logs.
How serious is it? Is the PCI bus or the card (3Com) is too slow?
May 3 15:54:53 kernel: xl3: tx underrun, increasing tx start
On Thu, 4 May 2006 18:55:13 +0100
Peter Curran [EMAIL PROTECTED] wrote:
I can confirm Scott's words - I was one of the people with the problem.
My results where exactly the same as you are seeing (except mine was only on
one interface). Carp multicasts stuff on the interface at regualr
On Thu, 04 May 2006 21:07:48 +0200
Rainer Duffner [EMAIL PROTECTED] wrote:
Ispánovits Imre wrote:
In my case there is no switch between the two CARP boxes, but a Xover
cable. But I can suspect the cards, which are old 3Com ISA bus cards
That's probably why it's called the road
On Thu, 4 May 2006 15:46:12 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
Have you added allow all rules on the pfsync interfaces?
Yes, I did.
signature.asc
Description: PGP signature
On Tue, 2 May 2006 19:18:46 +0200
Ispánovits Imre [EMAIL PROTECTED] wrote:
On Tue, 2 May 2006 11:53:51 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
1.) Since pfsense1 which is originally the master was down and pfsense2
(backup)
took its role, both machines shows up in the carp
Hi,
CARP is now up and running :) It's great!
I noticed though some phenomena that I at least don't understand.
1.) Since pfsense1 which is originally the master was down and pfsense2 (backup)
took its role, both machines shows up in the carp status page as master.
2.) The CARP virtual IP's
On Tue, 2 May 2006 11:53:51 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
1.) Since pfsense1 which is originally the master was down and pfsense2
(backup)
took its role, both machines shows up in the carp status page as master.
run cvs_sync.sh releng_1 from a shell if this is a full
Hi,
I need help for setting up a CARP cluster.
I followed the tutorial. On the and I have a master which seems to be
O.K., and a slave? where the carp status is empty (except pfsync nodes
list). It seems if it weren't enabled.
In the system logs I fond the following:
Apr 28 13:48:35php: :
and for this great system. :)
Imre
On Fri, 28 Apr 2006 13:17:27 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
That error sounds like username / password / http/https mismatch
between the two firewalls.
On 4/28/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
I need help for setting up
On Tue, 18 Apr 2006 12:52:18 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
This happens during interface reload operations and shoudl return to
normal after a few seconds. Perhaps you where too impatient during
the load. I should add that this is really apparent when using slow
devices such
I reflashed a 64MB cf card with the new image. It's O.K. until I've
changed the LAN ip address. After it is done it didn't accepted any
keyboard input from serial console. It is strange. Any other experience
with it? Now I have returned to the latest snapshot, but will try again
in the evening.
Hi,
I'm using the embedded version. I like the feature RRD graphs. After a
reboot (it is frequent now due to different reasons) all my collected
data is lost. Is there a way to save the collected RRD data and restore
it like configuration?
Best regards
Imre
--
Skype: ispanovits_imre
This is
Hi list,
I'm using a pppoe connection with my pfSense box (generic pc/with a cf
card).
In the last month or so, it is disconnecting time to time from net.
These cases the WAN interface is up, but pppoe is down. I can't
connect it again by pushing the connect button, only reboot or
clicking the
Hi,
On the new 0.99 embedded version the ipsec vpn doesn't work for me, although the
same generic pc version works fine on the same hardware.
I don't see any wrong in the logs, but no SAD/SPD established :(
The other side is m0n0wall 1.2 for months (since issued) without changes.
Best regards
Thank you !
In 0.99a it is now corrected!
Merry Christmas!
Imre
On Sat, 24 Dec 2005 21:48:31 -0500
Scott Ullrich [EMAIL PROTECTED] wrote:
Woops. I just noticed setkey is not in place.
From a shell do a:
mv /usr/sbin/setkey /sbin/ chmod a+rx /sbin/*
--
This is Linux Land.
In silent
On Tue, 1 Nov 2005 23:15:23 +0100
Holger Bauer [EMAIL PROTECTED] wrote:
Well, I haven't tried that yet, but I would think that should work just
fine. If not just set the file back to the original state, reboot (so it
runs as rw filesystem again), upload firmware, set file back tp wrap and
On Fri, 16 Dec 2005 22:53:06 -0800
Jamy Klein [EMAIL PROTECTED] wrote:
Is there a way to get pfsesne to run from a compact flash crad like Monowall
does. I am currently running monwall and would love to move to pfsense. I
have tried writing the pfsense embedded image to my cf card using
On Sat, 10 Dec 2005 18:22:55 +0100 (CET)
Damien Dupertuis [EMAIL PROTECTED] wrote:
Hello,
It has been working for two days and a half now and
I'm not banned , my adress is upgraded correctly so I
assume the bug is killed...
Thank you!!!
Damien
Hi,
I can confirm as well. In v95.4
Hi,
I've got earlier the same problem with dyndns.
Since I've modified my /etc/crontab as follows, problem solved.
*/20 * * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
It seems to me that somehow the ip change on a pppoe line can't trigger the
dyndns update process. :-(
Of
Hi,
I've made a fresh install fro 0.90 LifeCD onto a 256MB CF card today.
Now I am trying to update the firmware to 0.90a and when entering to Firmware
page I receive the following error message instead of the page.
Warning: raiseerror(PEAR.inc): failed to open stream: No such file or
directory
Hi Holger,
Thanks for this hint. Great.
I've a probably very stupid question, after changed the platform to wrap, can
I upgrade the firmware with the generic PCs one?
Best regards
Imre
On Tue, 1 Nov 2005 12:21:46 +0100
Holger Bauer [EMAIL PROTECTED] wrote:
This FAQ-Entry adresses your
On Fri, 28 Oct 2005 13:43:42 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
This is the actual clog file. Please copy and paste from system logs.
Scott
Hi Scott,
I've attached 3 logs copied from the status/log page.
My experiences: dns record is updated when I reboot and also at 02:01 at
] -
165.165.60.126/1130520337
-Original Message-
From: Ispánovits Imre [mailto:[EMAIL PROTECTED]
Sent: Sunday, October 30, 2005 2:46 PM
To: Scott Ullrich
Cc: support@pfsense.com
Subject: Re: [pfSense Support] Dyndns and PPPoE Test... Reloaded!
On Fri, 28 Oct 2005 13:43:42 -0400
Scott
2005 13:04:16 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
I need to see portions of your system logs that include DynDns right
after dhclient.
Scott
On 10/28/05, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
The same at me. The system now works fine now , except the the dns update
, October 26, 2005 9:14 PM
To: Ispánovits Imre
Cc: support @ pfsense. com
Subject: Re: [pfSense Support] Dyndns and PPPoE
Test... Reloaded!
update_file.sh /etc/crontab shutdown -r now
From a shell.
On 10/26/05, Ispánovits Imre
[EMAIL PROTECTED] wrote
at night 02:01. But then
there wasn't ip change. It changed somewhere at 15:44, but dyndns_update didn't
start then.
What's strange in the logs, those lines dated from the previous day, but
inserted somewhere into the middle?!
On 10/28/05, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
The same
Hi Holger,
pppoe
Imre
On Thu, 27 Oct 2005 22:36:14 +0200
Holger Bauer [EMAIL PROTECTED] wrote:
What kind of WAN do you have? In case you have DHCP and are trying to trigger
the updateprocess by unhooking and replugging the interface you might not be
able to test this. There is a fix for
?
On 10/25/05, Ispánovits Imre [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 25 Oct 2005 15:37:02 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
update_file.sh /etc/inc/dyndns.class
Hi Scott,
THANKS!!!
For me this fixed it!
Best regards
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 25 Oct 2005 15:37:02 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
update_file.sh /etc/inc/dyndns.class
Hi Scott,
THANKS!!!
For me this fixed it!
Best regards
Imre
- --
This is Linux Land.
In silent nights you can hear the windows
58 matches
Mail list logo