Angelo wrote:
> > I have a weird wireless connection issue with my new Nokia N97, hope
...
> > Yesterday I bought a Nokia N97 and as soon as I came back home I started
> > playing with it. I joined my wireless network and typed the PSK and the
Hi Angelo,
there's definitely something odd in the lat
Joe Laffey wrote:
I am transferring about one thousand smaller (1.4Mb) files - SD video
frames.
Have you sufficient states enabled in pfsense?
I'd suggest switching to using rsync IIWY... however, where you have to
use ftp then leechftp is quite good as it can be set to only download
files
Nathan Eisenberg wrote:
> The error I am seeing is "em0: Watchdog Timeout -- Resetting", which
> seems to have several root causes. I have tried disabling ACPI, both in
we had this, it was very odd, it only started happening when we upgraded
the bios on a tyan motherboard to fix other problems,
gt; dev tun
> dev-node ovpn
> #proto tcp-client
> remote x.x.x.x 1194
> ping 10
> persist-tun
> persist-key
> tls-client
> ca ezat.crt
> cert ezat.crt
> key ezat.key
> ns-cert-type server
> comp-lzo
> pull
> verb 4
>
> Off to get some shuteye... 2am here in
Ezat wrote:
> Thanks Paul,
>
> The config looks sane to me.. Ive rebooted the device but still no go.
I've compared your config closely with mine, so it has to be the client
config. Here's my definitively working client config:
client
log /etc/openvpn/client.log
status /etc
>>> on OpenVPN from home - using Tunnelblick on my DSL (6mbit down 768 up).
OT: we've started switching Mac OSX users to viscosity, much
nicer/easier to use - a proper OSX application instead of a simple GUI
to openvpn executable.
It will also import tunnelblick settings too.
It does have a pro
Tim Nelson wrote:
MTU doesn't appear to be the problem here.
in this case X-Lite. Soft phones
maybe try SJPhone instead? Or boot a linux CD and try k-phone (or ekiga
or jingle or whatever its called these days)?
-
To unsub
[EMAIL PROTECTED] wrote:
Have you some URL about installation of syslog-ng ?
thank you !
search the mailing list?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Xhark wrote:
It's not configured in conf file ?
Possible to syslog loopback 127.0.0.1 with special package ?
future releases will make syslog bind only to 127.0.0.1 so that you can
have syslog-ng running in parallel - see my other posts about this.
--
Gary Buckmaster wrote:
This is intentional as part of the design of m0n0wall, which pfSense
inherited. pfSense uses clog for system logging and all logs are kept
in a circular format so as not to consume limited disk space available
to embedded systems. The work-around for this is to use a re
Make Windows Vista more reliable and secure with Windows Vista Service
I thought it was one of those witty tag-lines along "Make Vista more
http://www.flickr.com/photos/[EMAIL PROTECTED]/2146586273/
-
To unsubscribe, e-mail:
Timo Schoeler wrote:
thus Chris Buechler spake:
On Fri, May 9, 2008 at 5:32 AM, Timo Schoeler
<[EMAIL PROTECTED]> wrote:
Hi there,
I'm about to sell a bunch of pfSense-based Firewalls to a customer (who
wants to run a nice loadbalanced setup).
What about commercial support? bsdperimeter.com i
Merul Patel wrote:
If my PHP were worth more than diddly squat I'd be tempted to write
something.
sounds like an excuse to learn a bit of php!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMA
people have already suggested booting the live CD with the config on
USB, so that problem's solved.
try www.bootdisk.com for useful stuff, and I recommend Ultimate Boot CD
as a valuable resource. http://www.ultimatebootcd.com/
--
Toto wrote:
> help me !!!
>
> i want ip 192.168.1.2 colud not open web but only do mail access. how to
> setup in pfsense to do it?
>
> thank for your help
you probably want to consider a simple solution like a linksys router as
it seems pfsense is going to be too complex for you at the moment
Daniel Rapp wrote:
> Hi, we have two firewalls running pfsense, theay are running version 1.2-rc2
> embedded
1.2 release has been out for quite a while and you should strong
consider updating, even though it wont fix your bridging
Wade Blackwell wrote:
> -intelligent load balancing of TCP services (fail a load balanced
> node/server out of the pool when the service fails)
the load balancing does detect failed back-ends but only if they cease
listening on their TCP sockets, there's no content checking, so you
can't detect,
Paul M wrote:
> to answer my own question, no, you can't use shared key and have
> multiple clients. OK, so I was being lazy!!!
>
> I generated the keys using the instructions here:
> http://openvpn.net/howto.html#pki
>
> note. I found I had two sets of easy-rsa scrip
Curtis LaMasters wrote:
> status.php probably has it somewhere. If not you could issue a command
> via the GUI in the diagnostic menu.
it does. it would probably be useful to have the system time on the
index.php system summary page?
how would you browse to status.php, there doesn't seem to be
Volker Kuhlmann wrote:
> I am looking to get more Ethernet ports into a pfsense box, and can see 2
> options.
>
> 1: Buy a 4-port PCI card (not those which only have a hub, obviously).
> They're pretty expensive compared with single cards that also just work. Can
> someone recommend a cheap one wh
because you can't specify filters on openvpn clients, we simply built a
separate box which is a dedicated openvpn server; this also means we can
keep our main firewalls locked down better and the openvpn clients come
in via a DMZ which gives better tracking.
--
I'm surprised noone's mentioned any of the Dell's, which I believe are
rebranded Huawei.
Some people rate them highly, but the professional net engineers I know
consider them to be a bit troublesome. They're also nowhere near as
cheap as they used to be.
--
Eugen Leitl wrote:
> I have a Netgear ProSafe GS108T-xy, which is GBit, managed,
> and fanless. You might have to upgrade the latest firmware,
> as Netgear consumer stuff is typically buggy in the first
> generation, and the support sucks.
let me help you...
s/first generation//g
a second hand cisco 2950 would be quite cheap on ebay, the gigabit 2960g
(I think) might be getting too pricey.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Paul M wrote:
> Curtis LaMasters wrote:
>> Is this client connected over wireless? That looks like a TKIP replay
>> error and not really anything to do with OpenVPN. To have multiple
>> people connecting with the same key in OpenVPN you will need to use
>> "duplic
Curtis LaMasters wrote:
> Is this client connected over wireless? That looks like a TKIP replay
> error and not really anything to do with OpenVPN. To have multiple
> people connecting with the same key in OpenVPN you will need to use
> "duplicate-cn" on the server side under custom options.
no,
I've set up a bunch of openvpn daemons on a separate server, so that
each person who connects gets a distinct IP address allowing me to give
very fin-grained control over who can access what when connecting remotely.
I am using shared keys for simplicity.
I allocated a /29 (block of 8) IPs to ea
Chris Flugstad wrote:
> In my colo, where I have lots of public IPs, and my openvpn server, id
> like to use these ip's at a remote location on the other end of a vpn
I think you'd have to use a userspace redirection program like jumpgate.
-
Tim Nelson wrote:
> I'd throw a nice big "ALLOW ANY PROTOCOL ANY DESTINATION ANYWHERE AND
> EVERYWHERE" at the top of your rules and see if the problem is fixed. If not,
> you've got bigger problems. If so, check your rules a bit more carefully.
>
ouch! don't you come near my firewalls!
if you
Eric Baenen wrote:
> Using scp -c blowfish definitely improved things - went from 60Mbps
> transfer to 70Mbps and cpu load on the pfSense firewalls varied from 50%
> to 70%.
interesting, I tried this across our lanex and got 20MB/s default
(3des), 24MB using blowfish, and 29MB/s using plain old de
Michel Servaes wrote:
> microdrive)... but it seems the drive cannot be found with the installer
> of pfsense.
> I can however format and install Windows 2003 if I want to (I cancelled
> the install, since this is not the use I intended it to be on this
> machine- but this is just to mention that t
Curtis Maurand wrote:
> No iptables. wasn't even installed until 2 minutes ago. No http proxy
> statements very generic gentoo installation on the laptop. I have not
> tried wget, but I did try telnet to a host on port 80 and the connection
> hung. I had to do a ^] to get out of it. I have not
Eugen Leitl wrote:
>> Noise: I think the microdrive is next to silent.
>
> IIRC reliability is a problem.
I've never heard the microdrive in my zaurus c3100, and I can't remember
the last time I heard of one fail!
damn, I've just doomed myself, haven't I?
--
Sean Cavanaugh wrote:
> FreeSBIE also freezes. it sits at the line "Trying to mount root from
> cd9660:/dev/iso9660/FreeSBIE"
> I can scroll back thru the loader but it will not go any farther and I
> don't see any activity on the CD drive.
have you got 32bit access enabled in the BIOS? can you c
Ugo Bellavance wrote:
> Jason J. Ellingson wrote:
>> I see on my RRD graphs for traffic (haven't looked elsewhere yet)...
>> that the last 6 month graph is showing "Nov" twice and skipping "Feb".
>>
>> At the bottom of the graph, I see:
>>
>> Sep Oct Nov Nov Dec Jan Mar
>>
>> Perhaps just min
Bryan Derman wrote:
> If curl is available on the development disk (or somewhere) and was
> installed on the production version, the script could easily be modified
login as root and install it thus?
# curl
curl: Command not found.
# pkg_add -r curl
Fetching
ftp://ftp.freebsd.org/pub/FreeBSD/por
Nuno Gonçalves wrote:
> DELL PowerEdge R200
> Quad Core Intel® Xeon® X3210, 2.13GHz OR Quad Core Intel® Xeon® X3210,
> 2.13GHz
> 2 Gigabit nics
> 2GB RAM 667MHz dual rank ECC (2x1GB)
> 160GB SATA 7200rpm
probably far more than you need, though admittedly we are running with
pairs of machines of
http://www.pfsense.org/index.php?option=com_content&task=view&id=66&Itemid=71
the unsubscribe email address is incorrect in the href for
support-unsubscribe, it's the same as the subscribe one!
HTH
Paul
-
To unsubscribe, e-mail:
Anil Garg wrote:
> In my pass-through for PPTP and IPSEC, I had a rule that allowed
> any...all..any for only TCP IP protocol.
> I have now changed that to any protocol all the way to the end any.
> Is this ok on the VPN interfaces like PPTP and IPSEC?
adding rules which permit any-any, even i
Scott Ullrich wrote:
> On 2/21/08, Paul M <[EMAIL PROTECTED]> wrote:
>> apparently since kernel 2.6.17 linux auto-tunes, so this advice is a bit
>> out of date... in fact it might be really bad advice because usign
>> setsockopt and setting RCVBUF and SNDBUF will
Ngawang Sangye wrote:
> There were error(s) loading the rules: /tmp/rules.debug:191: rule label
> too long (max 63 chars) pfctl: Syntax error in config file: pf rules not
> loaded - The line in question reads [191]: pass in quick on $wan proto {
> tcp udp } from any to { 192.168.2.58 } port = 36239
William Armstrong wrote:
> Squeeze Your Gigabit NIC for Top Performance
>
> http://www.enterprisenetworkingplanet.com/nethub/article.php/3485486
apparently since kernel 2.6.17 linux auto-tunes, so this advice is a bit
out of date... in fact it might be really bad advice because usign
setsockopt
Scott Ullrich wrote:
> I will look into it. In the future, please see this for submitting
> patches: http://devwiki.pfsense.org/SubmittingPatches
sorry I stand corrected
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For addition
Ermal Luçi wrote:
> Can you please open a ticket for this!
done
http://cvstrac.pfsense.com/tktview?tn=1652,6
>
> On Thu, Feb 14, 2008 at 5:03 PM, Paul M <[EMAIL PROTECTED]> wrote:
>> Is this a known bug?
>>
>> when you remove a network device from a work
can the system script be modified, please to tell syslogd to only bind
to localhost?
# diff system.inc.orig system.inc
412c412
< $retval = mwexec("/usr/sbin/syslogd -s -f
{$g['varetc_path']}/syslog.conf");
---
> $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.1 -s -f
{$
Is this a known bug?
when you remove a network device from a working configured pfsense
1.2rc4 machine, it still boots up, and the web UI interface summary says
the device is up, but has no details (no mac, no IP, etc)
we discovered this when one of our firewall servers died, and problem
was the
http://www.psc.edu/networking/projects/tcptune/#FreeBSD
this has some recommendations for setting options in freebsd to improve
network performance; I don't know whether it's current wisdom though.
the stuff about linux kernel autotuning is quite interesting, especvally
where it says to not use
Hi,
would it be possible to have the carp status page also show the carp
description field, as as the moment it's not very informative.
AtDhVaAnNkCsE
Paul
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-m
Hi,
given the a number of minor bug fixes, we will be seeing a 1.2RC5
variant sometime, or is the next step a full release?
thanks
Paul
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED
Royce Mitchell III wrote:
> Is the BGP package for pfsense available, yet?
>
> Also, does it play nice with CARP, or is CARP even necessary when you
> have BGP?
I think CARP is a very different thing - BGP is a way of having multiple
circuits to different ISPs to get resilience internet connectiv
I'm not 100% sure, but I've noticed that if you create a new CARP entry
on the WAN, the nat reflection doesn't get set up until you make some
other change.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-m
Curtis LaMasters wrote:
> I've been operating in this configuration for 6 months in two locations
> without a problem. The version upgrade went very nicely as well because
> I could fail over to the 2nd firewall, do the upgrade and reboot without
> taking down the network. We are running on Dell
on the nat page, the buttons to the right of the nat look like this
E
< +
on the rules page, the buttons to the right are
< E
X +
maybe I'm being fussy, but could the nat page be changed to suit the rules?
thanks!
Paul
Gary Buckmaster wrote:
> Paul M wrote:
>> I've noticed that if I have a pair of firewalls - master/slave - and
>> have a comment in the filter rules which contains a colon or a fullstop,
>> they are replaced by spaces when the rules are replicated.
>>
>> is t
I've noticed that if I have a pair of firewalls - master/slave - and
have a comment in the filter rules which contains a colon or a fullstop,
they are replaced by spaces when the rules are replicated.
is this a known bug?
-
To u
Eugen Leitl wrote:
> On Wed, Jan 30, 2008 at 09:19:21PM +0200, Graham Beneke wrote:
>> While I can appreciate that this is an issue of supply vs demand - I
>> would like to say that I think that it would be in the best interests of
>> the project to aim for at least an IPv6 capable beta release b
Jack Doyle wrote:
> I've just reinstalled (fresh this time) 1.2-RC4 and logging has, once
> again, stopped. The last log entry I have anywhere is at 16:22 (it is
> now 18:28). I just generated some traffic that should be logged and
> it is not. This includes the system log, firewall log, DHCP lo
Chris Buechler wrote:
>> There were error(s) loading the rules: /tmp/rules.debug:149: rule label
...
> Looks like a missing or incorrect input validation check, can you open a
> ticket at http://cvstrac.pfsense.org please?
done!
http://cvstrac.pfsense.com/tktview?tn=1619
--
I was created a nat rule's equivalent filter rule and got the error
below. Is this a known bug?
There were error(s) loading the rules: /tmp/rules.debug:149: rule label
too long (max 63 chars)pfctl: Syntax error in config file: pf rules not
loaded - The line in question reads [149]: pass in quick o
Paul Cockings wrote:
> Many thanks for the quick responses :-)
>
p.s. the twin-port gigabit NIC cards work very well too. oh, yes, I am
using PCI-X cards, the single-port ones are modest price, the dual-port
ones are quite pricey (GBP110-ish or US$220).
I have also used some broadcom twin-port N
Curtis LaMasters wrote:
> I agree with Ngawang, Intel is the way to go for a well supported NIC.
> The pfSense website has a HCL on it for FreeBSD at
> http://pfsense.com/index.php?id=37. Let us know if you have any issues.
>
> Curtis
me too!
however, be warned, if you need jumbo frame support
Marco Henggeler wrote:
> Now without Cert...
>
> -Ursprüngliche Nachricht-
> Von: Marco Henggeler
> Gesendet: Dienstag, 29. Januar 2008 11:11
> An: 'support@pfsense.com'
> Betreff: WG: Why there is no possibility to Filter the Firewallogs per
> Day/Week/Source IP etc.?
>
> Under "Diagno
[EMAIL PROTECTED] wrote:
> I am trying to do a full install of pfSense onto a CF card. I have
could you create a file of the right size, loopback mount it as a file
system and install to that, tweak it as much as you want, and then 'dd'
it to the CF card?
Scott Ullrich wrote:
>> turned blue with a top grey bar saying "F10 to refresh" and a bar at the
>> bottom saying "Waiting for backed".
>> any ideas what to look for?
>
> Not sure but please tell us every step of the boot process you take.
> What assigned interfaces you selected, etc.
>
> Also i
we had a test core2due/1.8G tyan machine running 1.2rc3 which upgraded
without a hitch, however, we wanted to use it for something else, so it
got wiped. we then tried to install 1.2rc4, booted fine from cdrom,
chose option99 (no network cables being plugged in) and the screen
turned blue with a t
Scott Ullrich wrote:
> That portion of the installer takes quite a while depending on speed
> of the CF card, etc. Give it a bit longer.
I presume the CF card is mounted noatime,async (or whatever it is in
freebsd, I am thinking linux here)? I found that async makes a huge
difference in speed -
Jack Doyle wrote:
> Yes, I did that with the old version, too, and it stopped logging
> after a short while.
what happens if you kill and restart syslogd? does logging restart, or
is the problem upstream?
-
To unsubscribe, e-mai
Richard Sperry wrote:
> FYI Godaddy has certs for 14.95USD vs verisign, etc at 150ish. Other than
> making sure the chain is right, I have had no issues.
I bought a wildcard ssl cert for not much more than that, and so I could
use in all my firewalls as well as mail servers etc.
--
Ryan Neily wrote:
> *_Return Receipt_*
I emailed the guy to suggest he turn off his auto-acknowledge. sigh.
But I wish people wouldn't post to the list with delivery status
notifications and html etc etc.
-
To unsubscribe, e-ma
Curtis LaMasters wrote:
> I have a client that that has an application server being installed very
> soon that will require them to send and email to a server that is on the
can't you use a different DNS server (or use "views" -
http://www.zytrax.com/books/dns/ch7/view.html ), or hack the hosts fi
Ron Lemon wrote:
> I have a satellite internet connection, both in and out, attached to a
> pfSense 1.2RC3 box.
long ago when I played with a satellite internet link, it was windows
only, and required some special software on the windows box which
spoofed the 3 way handshake and also ACKs to give
Scott Ullrich wrote:
> hearing of this problem and 1.2-RC4 has been downloaded thousands of
> times already. I know that you may have encountered a problem but
> please do not spread FUD, thanks.
1.2RC4 upgrade on a regular server worked for us faultlessly; pfSense
gets better and better!
The c
Scott Ullrich wrote:
> Replace pfSense's syslogd with a stock FreeBSD's syslog and then edit
> /etc/rc and remove the clog statements. Just remember every time you
> update you'll have to go through this song and dance.
might I offer this patch to the /etc/rc file which detects if syslog-ng
is in
Scott Ullrich wrote:
> pfSense does not use newsyslog. It uses clog + syslogd.
>
>> is there any way, even with a slight kludge, to have regular log files
>> which rotate in a normal way with pfsense?
>
> Replace pfSense's syslogd with a stock FreeBSD's syslog and then edit
ah, marvellous, thank
sorry to bring this up again, there was a brief discussion a while back,
but I just wanted to clarify.
we've got lots of disk space on our firewalls (100+ GB!), so that we
don't need to worry about minimising logging, and also so that old logs
can be archived at our leisure.
however, pfsense roll
is this a known feature/bug?
using firefox on linux and setting minimum font size to 13, and the
metallic theme on pfsense 1.2RC3, I find that the diagnostics "tab"
wraps off the end and appears under the system tab, and then you can't
access anything under the system tab any more.
this confused
Christopher Iarocci wrote:
> I entered in a ticket because they are currently in RC status and I thought
...
> Devs,
>
> Please slap me if I did the wrong thing. My heart was in the right place.
just publish your pfSense box's IP, and then your punishment can then be
to have your firewall tes
Scott Ullrich wrote:
> On Dec 20, 2007 6:01 AM, Paul M <[EMAIL PROTECTED]> wrote:
>> if relayd exists in freebsd ports, I will consider looking into doing
> I can get it ported over for you very easily. Should not be hard to
> turn it into a FreeBSD port as well. I just d
Scott Ullrich wrote:
> Well now it would be relayd since hostated has been renamed. I would
> love to add this for 1.3 but unfortunately a lot of projects are
> piling up that might prevent me from working on this particular item
> in time for 1.3.
if relayd exists in freebsd ports, I will consi
Scott Ullrich wrote:
> On Nov 22, 2007 5:29 AM, Paul M <[EMAIL PROTECTED]> wrote:
>> is there a port of haproxy (or equivalent) to run on pfsense, and if so
>> does it work reliably?
...
>> we previously used pound as a load balancer and it works well, but we
...
>
Richard Sperry wrote:
> Did you change the “use default gateway.”
>
arrggghhh! HTML and advertising! stop the pain!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tim Nelson wrote:
> Does pfSense (any version) support any of Intel's quad port gigabit cards for
> PCI-E? I'm looking specifically at the PRO/1000PT that uses the 82571GB
> chipset. The FreeBSD HCL lists this controller but I was hoping to see if
> anyone had used it successfully on pfSense. Th
Jason J. Ellingson wrote:
> in /var/etc/openvpn_client0.conf:14: remote (2.0.6)
...
> remote
the syntax for a typical remote line would be
remote a.b.c.d 1194
where a.b.c.d would be a public IP address.
try editing the entry for the first vpn server or client?
-
1.2-rc1 I found was totally unusable with carp.
1.2-rc2 was OK once running, but it was vital to ensure you knew how to
recover from crash/reboot/loss of config.xml if you were changing carp
1.2-rc3 has been much much better, you still need to be careful
overall, for us CARP is a vital component o
Curtis LaMasters wrote:
> This weekend I've been reading a lot about OpenVPN on pfSense and
> OpenVPN in general. I guess I still have a few missing parts in my head
> because I can't connect the dots. Is OpenVPN a viable replacement for
> the Cisco VPN software and IPSec services on a PIX/ASA or
Scott Ullrich wrote:
> On Nov 23, 2007 7:34 AM, Christian Krützfeldt
> <[EMAIL PROTECTED]> wrote:
>> The other day I had an unexpected power outage and then when it was back on
>> pfsense (1.2 RC2) didn't work.
>>
>> It booted fine until the point where it wanted to start pfsense. The hard
>> disk
Volker Kuhlmann wrote:
> On Thu 22 Nov 2007 17:04:02 NZDT +1300, Jaye Mathisen wrote:
>
>> Use split-horizon DNS,
>
> Sure, how do I do this with pfsense? I can't find any docs about it and the
> DNS forwarder config page doesn't mention any interfaces (1.2RC3).
just use different views?
http://
is there a port of haproxy (or equivalent) to run on pfsense, and if so
does it work reliably?
we previously used pound as a load balancer and it works well, but we
need a load balancer which can do more than just detect that there's a
tcp listener, in case our web app stops working but still list
Tom Bishop wrote:
> I have done a tcpdump, I don't see the return packets...thats the
> troubling part
>
> On Nov 20, 2007 8:13 AM, Paul M <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> Tom Bishop wrote:
> > Ok this one
Angelo Turetta wrote:
> Curtis LaMasters wrote:
>> and Firewall myself, however, I'm still having problems with the VLAN
>> config. I would like the LAN interface to be VLAN1. Please let me
>> know if you have any questions, or if I missed something.
>
> Curtis, this is quite easy to do. I manag
Chris Buechler wrote:
> Scott Ullrich wrote:
>> On 11/20/07, Paul M <[EMAIL PROTECTED]> wrote:
>>> two firewalls, fwa, fwb, fwa is the master and replicated to fwb
>>> Could there be added in the UI (advanced options maybe) a flag to
>>> indicate that this
Tom Bishop wrote:
> Ok this one has been bugging me for sometime, I'm new to Pfsense (looks
> nice btw ;) I have been testing several of the firewall products to
> find one that will meet most of my needs for some work that I need
> done. One of the issues I have come across is that when I try t
two firewalls, fwa, fwb, fwa is the master and replicated to fwb
I made the mistake of modifying something on
fwb, and then of course had to go back and reproduce the changes on fwa.
Could there be added in the UI (advanced options maybe) a flag to
indicate that this FW is a slave, and then grey
Joe Laffey wrote:
> Hi,
>
>
> When I ping www.apple.com at 17.112.152.32 from my pfsense box (from the
> shell) I am getting rtts of around 500ms. When I ping the same ip (not
> dnsname) from a box on my DMZ I am getting 50ms rtts.
>
> Any clue what is causing this? I tried disabling the traffic
Bill Marquette wrote:
On 9/25/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
no, it says the IP is already in the list and refuses to add it; I guess
that javascript could be changed to say "are you sure" and make it possible.
Hmmm, the hackathon is coming up in a couple weeks. I'll take a loo
Jarkka Kivikanta wrote:
> Fail-over of the virtual ip's work correctly if I create the rules manually.
>
> The following error can be found in the MASTER's system log:
> Nov 6 11:20:32 php: : New alert found: An error code was received
> while attempting XMLRPC sync with username admin
> http://1
Bill Marquette wrote:
> JA: Taking into account the limitations imposed by hardware, what is
> the maximum packet rate pf can be expected to handle?
>
> Daniel Hartmeier: The smallest legal ethernet frame is 84 bytes, which
...
> not fast enough. But real traffic consists of larger packets on
> av
Graham Beneke wrote:
> Hi
>
> I have an openVPN connection to a VPN server and i have a single IP from
> the server. I need to NAT my local subnet before putting the traffic
> over the VPN.
>
> I'm not so clued up on custom config files but it looks like I can do
> everything that I need to in th
Sean Cavanaugh wrote:
> I personally use OpenDNS for everything since theyre outside of what the
> ISP handles.
surely it's easier to simply run your own caching resolvers? that way
you can force a cache flush if you're changing your own DNS.
the only time either your or my strategy fails is when
Robert Goley wrote:
> based routing. DNS refuses to work. This is because the pfsense machine can
I have no answer for you, but an idea to try.
run "tcpdump -l -n -i xxx udp and port 53" on the firewall for each
interface xxx in turn whilst trying to resolve and see if any packets
are seen.
1 - 100 of 136 matches
Mail list logo
