Okay... if I understand correctly, now it seems you are able to see the
authentication screen. But once authenticated, you still don't get out.
Try turning off MAC checking in pfSense's captive portal setup.
- Jason
From: ram [mailto:[EMAIL PROTECTED]
Sent:
As RB would say... I'm not contributing to the answer, but helping to
give understanding to the problem...
Untangle, while in bridged mode still really needs its own IP since one
of its primary features is to send daily reports as well as to provide
access to quarantined emails. This makes it dif
ram,
This is a bit of a shot in the dark, but try turning off services in
Untangle... until they are all off. It may be that one of them (like
the Intrusion Detection module) is detecting something it doesn't like.
- Jason
From: ram [mailto:[EMAIL PROTECTED]
It is likely that they are doing as I do... Use pfSense for firewall and
VPN, while using Untangle for strictly filtering purposes (web, mail,
etc) and not firewalling.
- Jason
-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2008 8:36 AM
To: support@pfsense.
I see on my RRD graphs for traffic (haven't looked elsewhere yet)...
that the last 6 month graph is showing "Nov" twice and skipping "Feb".
At the bottom of the graph, I see:
Sep Oct Nov Nov Dec Jan Mar
Perhaps just mine doing this? I had this pfSense box offline for about
25 days (mid Ja
I decided to download the config XML for my firewall and noticed a weird
thing.
In the section, I have the following:
Each of these precedes an actual normal entry, etc..
(Excluding the package tag, which is long...)
Snort
Setup snort specific settings
Services
Dec 3 15:02:50 SnortStartup[998]: Ram free BEFORE starting Snort: 12M
-- Ram free AFTER starting Snort: 13M -- Mode ac-sparsebands -- Snort
memory usage:
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, December 03, 2007 1:59 PM
To: support@pfsense.com
Most excellent.
However (the ungrateful scum I am), now snort will not start at all...
the error is:
php: : Snort will not start. You must select an interface for it to
listen on.
I have double checked and the WAN is selected. Perhaps I need to
completely scratch the config for snort and start
ard Sperry [mailto:[EMAIL PROTECTED]
Sent: Monday, December 03, 2007 8:32 AM
To: support@pfsense.com
Cc: Jason J. Ellingson
Subject: RE: RE: [pfSense Support] Snort
It appears that the rules last week 11-29 work but the ones that are up
today do not.
-Original Message-
From: Richard Sper
I'm having more problems with Snort now...
I had it working fine. I unchecked all the rules it complained about...
mostly those with:
"Cannot check flow connection for non-TCP traffic"
But as it updated the rules this week, it seems that I can't track down
all the rules now making snort unhappy
New error message I don't recall seeing before upgrading to RC3...
openvpn[310]: Options error: Unrecognized option or missing parameter(s)
in /var/etc/openvpn_client0.conf:14: remote (2.0.6)
openvpn[310]: Use --help for more information.
That file has the following in it...
writepid /var/run/o
Is there a way to change the IP monitored by the quality graphs? I know
it uses the gateway, but that is a router next to the pfSense box. I'd
rather it check the head from my ISP.
- Jason
-
To unsubscribe, e-mail: [EMAIL PROTE
Just tried out Snort on 1.2RC3...
So far, so good... just a couple of notes:
pfSense doesn't like:
dos.rules - multiple ports listed:
[135,137,138,139,445]
-and-
scan.rules - UDP protocol
So I disabled those for now.
Let's see how it goes...
- Jason
I have my Vonage box (made by LinkSys) on OPT1 and told it to
use DHCP. After it got its first IP (10.2.10.199), I clicked on the box to
set the DHCP to a static IP of 10.2.10.200.
I get a log full of this...
Nov 15 08:29:30
dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:
I see TUN0 is gone from the interfaces, therefore also the filtering
abilities. Confirmed this in the forums. What was the final
disposition of it? It is gone forever? Will there be future efforts at
returning filtering capabilities to OpenVPN Server?
I have clients accessing my network and wa
Snort worked fine until I installed 1.0.1 (from 1.0)
Now, I see the normal startup messages for snort in the system logs and
get the usual memory and CPU use as before, but nothing seems to
actually trigger a snort alert or add anything to the blocked list.
I tried uninstalling and reinstalling t
I picked "reinstall package" (using FireFox ) and ended with an
error at the bottom of the page:
Fatal error: Call to undefined function: sync_package_snort_reinstall()
in /etc/inc/pkg-utils.inc(444) : eval()'d code on line 1
Snort seemed to be uninstalled.
Went to packages and installed it. Wo
I would vote for:
A removal of an interface would just disable the appropriate NAT and rules.
Set the GUI to not allow reactivation of a NAT or rule that is for a
non-existing interface... You need to change the interface to an existing
one to re-enable it.
With the possibility of dynamically ap
Reboot any switches along with the routers and machines... I've seen
switches hold on to ARP entries for an looong time.
Just my 2 cents worth.
- Jason
-Original Message-
From: Derrick MacPherson [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 27, 2006 4:33 PM
To: support@pfsense.com
When I had Vonage problems, I cheated. I bought the LinkSys 2-line Router
(RT31P2) - it has Vonage service built in. I enabled the DMZ feature on the
LinkSys and pointed it to the pfSense box. Everything squeaky clean now!
Internet <-> Linksys <-> pfSense <-> LAN
Technically, it is double NAT'
fixed a few days ago. cvs_sync.sh releng_1 or update to the latest
snapshot.
On 4/11/06, Jason J Ellingson <[EMAIL PROTECTED]> wrote:
> Sorry... But I seem to be brain dead...
>
> Co-location server (Downtown):
> I have an FTP server behind a 1:1 NAT on the OPT1 interface and FT
Sorry... But I seem to be brain dead...
Co-location server (Downtown):
I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP Proxy
enabled only on OPT1 (disabled/checked on WAN).
Personal client (Home):
I have an FTP client behind a normal NAT on the LAN interface and FTP Proxy
enab
But, could the rules be applied to data being received from a tunnel?
With mobile IPSec clients (ignoring PPTP as an option), there is no way to
control data received. You can only have filters on what goes into a tunnel
and not what is coming out. If this could be overcome, that'd be great and
I guess I'm encountering a mental block on how to do this... Can anyone
help?
I have two pfSense boxes in different locations (and obviously on the
Internet).
I have a LAN to LAN IPSec between them.
192.168.1.x <-> 192.168.19.x
The far pfSense box also has a DMZ/OPT1 network:
10.0.0.x
Is there
27;t NAT'd).
--------
Jason J Ellingson
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
...
Jason J Ellingson
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 31, 2006 10:15 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] FTP and Tunnels
This was fixed after beta 1 (1:1 and
er to still provide both
passive and active connections to internet connecting users.
Jason J Ellingson
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional comman
Sure... As usual, more stuff that doesn't work well for us stubborn IE
users.
I have no big love for IE, but plenty of clients out there have it as their
"corporate standard".
Turn on script error reporting and you'll see IE toss up errors on
pfSense.com's mirror pages.
Same thing on this Octopu
me to upload a new
image.
--------
Jason J Ellingson
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
hough.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
he time, I will try to implement. I would like to see
this feature in place also. Was there something specific about this board
that was causing problems versus a generic pc?RobertOn Thu,
2005-11-03 at 08:57 -0600, Jason J. Ellingson wrote:
I may have not been clear as to where the problem was
Anyone that can make a package for printing from the USB port on a Seokris
4801 will receive CASH reward (via PayPal or Check or small unmarked
bills... your pick).
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
Since the pages are using IE7... do you plan to update from "IE7 version
0.7.3 (alpha)" to "IE7 version 0.9 (alpha)"?
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.
):
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
the "Deny unknown clients"... which requires all the MAC addresses to be
listed in this table.
----
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message
were made.
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 10:39 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] bug in 0.89.2
all
other pages.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 8:16 AM
help debug this?
The PC is a standard generic Pentium II - 233 MHz with 256MB RAM. One Intel
NIC, one SIS NIC.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Me
t is there...
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
ually.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional com
ren't allowing the connection through.
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: jonathan gonzalez [mailto:[EMAIL PROTECTED]
Sent: Monda
Ignore me. I drank a bottle of "stupification" this morning. I should be
well later today.
--------
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message
nly stopping the
FTP-Helper on pfSense and restarting it fixes the problem.
Also, it seems to also catch FTP connections going over the IPSec tunnel.
Shouldn't it only catch connections going over NAT (LAN<->WAN)?
--------
Jason J Ellings
I have dual Intel 10/100 NICs in mine. Works fine.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: jonathan gonzalez [mailto:[EMAIL PROTECTED
I got it to work, but did NOT use Proxy ARP. Just
used the 1:1 NAT.
Jason
J Ellingson
From: Simon SZE-To [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 28, 2005 9:43 PMTo:
support@pfsense.comSubject: [pfSense Support] 1:1
I can access LAN boxes from the LAN by WAN IP when using 1:1 NAT.
Jason J Ellingson
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 25, 2005 9:08 PM
To: Dan Swartzendruber
Cc: Dimitri
46 matches
Mail list logo