I thought "surely it's easy", having only recently implemented traffic
shaping for a voip service we signed up to a few months ago... I
originally used the traffic shaper, but people still complained about
quality, so what I did was to simply prioritise all traffic to and from
the voip provider's
On 25/10/10 16:33, James Bensley wrote:
> pfSense doesn't allow you to configure an IP address, mask and gateway
> for every interface on the box, only the interfaces assigned as LAN
> and WAN.
for the sake of the record, that's entirely wrong... the web ui allows
you add new interfaces and renam
On 13/11/10 02:01, Karsten Becker wrote:
> Hi all.
>
> I have the problem that if I'm connected with OpenVPN (Ubuntu 10.04), I
> get stalled copies when doing scp. CIFS copies work.
>
> Has anybody an idea where to start fire fighting or by what this could
> be caused?
try reducing MTU, or, unbl
On 17/11/10 04:01, Chris Buechler wrote:
> On Tue, Nov 16, 2010 at 1:13 PM, Paul Mansfield
> wrote:
>> On 16/11/10 14:48, James Bensley wrote:
>>> After completing it I installed Tunnelblick on my MacBook Pro running
>>
>> it works, but dns is not set,
>
On 16/11/10 14:48, James Bensley wrote:
> After completing it I installed Tunnelblick on my MacBook Pro running
it works, but dns is not set, you have to use tap device and then dhcp
on the Mac does its trick... otherwise you have to create a special
network profile called "openvpn" or something w
argh, sorry, I didn't see the "2.0" bit... don't know which version it
uses, but the same would apply, use pkg_add and if needed set the env
var so it can find the package repository.
but I would advise grabbing the appropriate version of freebsd and using
that as a build platform rather than klu
On 21/10/10 14:23, James Bensley wrote:
> If anyone comes across this on the archives, due to the lack of a
> compiler et all I found no way to achieve compiling SA on pfSense
pfsense is based on freebsd 7.2, get a copy here...
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/7.2-RELEASE/
you ca
On 19/10/10 13:36, Vincent Hoffman wrote:
> On 19/10/2010 12:32, Paul Mansfield wrote:
>> On 15/10/10 18:15, Gavin Spurgeon wrote:
>>> Does pfSense support the RTL8100CL Nic ?
>> possibly yes, possibly no
>>
>> a year ago I used a dell vostro 220 as a fir
On 15/10/10 18:15, Gavin Spurgeon wrote:
> Does pfSense support the RTL8100CL Nic ?
possibly yes, possibly no
a year ago I used a dell vostro 220 as a firewall for a satellite
office, the realtek onboard interface worked fine
then I used a vostro 230, and freebsd refused to recognise the onboard
On 15/10/10 15:17, Luke Jaeger wrote:
> Certain sites refuse to fully load behind our pfsense 1.2.2 firewall.
it sounds a bit like MTU being broken
try reducing mtu to 1400?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense
> On 14/10/10 23:44, Gavin Spurgeon wrote:
>> Just stumbled upon this cool little PCI card over @ LinITX.com
> ...
>> mode, If I had a pfSense unit that could use this (or similar) PCI card
>> I could scrap my current Cheap Home Router and just have a pfSense box
>> connected direct to my ISP.
>
On 28/09/10 17:53, Chuck Mariotti wrote:
> I purchased an Internet Connected Samsung HDTV for my home in Canada and
as Chris B says, get a VPS in geographic area of choice and set up a VPN
on local network, set up VPN end point with a routing policy to send
traffic from your TV to the VPS. you mi
On 17/09/10 09:43, Rabeendran, Rajeevan wrote:
> Hello
>
>
>
> Does anybody knows how to send from the DHCP Server the suffiix Domain
> (Search Domain)?
>
>
>
> I need that under TCP/IP Settings –> DNS by the Clients.
>
it appears to be taken from the domain setting in the /system.php pag
On 10/09/10 03:02, Kevin Tollison wrote:
> I would look at the brand of CF card. ... I remember Kingston being one of
> them
I will never use kingston after reading this:
http://www.bunniestudios.com/blog/?p=918
-
To unsubscrib
On 07/09/10 20:24, bsd wrote:
> Here are the results of the test you have asked :
great, thanks for that, useful to know that linux and freebsd give
similar performance as a basic router.
I'd imagine using a kernel customised for the specific processor you
could get a performance boost with both
On 07/09/10 09:41, Rabeendran, Rajeevan wrote:
> Hello
>
> I have a problem when i copy a huge File over 2GB between WAN -LAN -WAN.
> The Firewall breaks the connection. Is there a limit?
>
> It is not a FTP connection, just a normal NFS connecion.
I've been able to download DVD ISOs (suse linu
On 06/09/10 21:58, bsd wrote:
> I have made a simple configuration which looks like that :
>
> Station_1 <<< WAN >>> pfSense_FW <<< LAN >>> Station_2
it'd be interesting to compare the same hardware running linux; if you
don't feel like installing, boot a live CD; just ifconfig the
interfaces, a
On 12/08/10 23:51, RB wrote:
> Pretty much any port you allow out (or even SSL websites) raw will
> have this problem and you'll never reach 100% closure. You can
> approximate 100% with application proxies that monitor for and cut off
> abberrant behavior, but they'll never be perfect.
indeed, b
On 01/09/10 16:00, Michael Riglin wrote:
> options, I wanted to ask the list for any experience-based
> recommendations on low power consumption appliances for purchase that
> have enough CPU power to support 100 Mbps and above. (Quality and
> future-proofing is more important than cost.)
the jet
On 02/09/10 19:52, Karl Fife wrote:
did you login to try tcpdump, and use "ntpq -c lpeers" and similar?
> Has anyone else has seen OpenNTPD fail similarly? I've never seen my
> other pfSense instances drift by more than a few hundred milliseconds.
> We have some market traders that rely on a ve
On 04/08/10 12:49, Stefan Baur wrote:
> I know that I could log to an external syslog server, however, in my
follow the changes I suggested previously on this list, whereby you bind
existing syslog to localhost and newsyslogd to LAN and get existing
syslog to repeat logging to newsyslogd
On 10/08/10 12:59, Mark Wiater wrote:
> I'd actually prefer however to access information in the system from the CLI.
> This would actually allow me to gather other information like states per host
> for instance, on an automated basis.
I would suggest setting up munin, install munin-node on yr
On 10/08/10 03:32, Chris Buechler wrote:
>> if your provider provides ipv6 as well as ipv4 and devices on your lan
>> are also ipv6, then you're more likely to have a major security breach??
> has IPv6, you can end up with a public IPv6 address either via
> stateless autoconfiguration or DHCPv6 and
On 09/08/10 17:57, Nathan Eisenberg wrote:
>> thinking aloud...
>>
>> if your provider provides ipv6 as well as ipv4 and devices on your lan
>> are also ipv6, then you're more likely to have a major security
>> breach??
>
> It's only really thinking out loud if you including your reasoning, otherw
On 07/08/10 06:06, Tortise wrote:
>>> My ISP advised us not use common private LAN addresses for this
> Woops - sorry for being misleading. I meant (and use) random numbers
> taken from within the private address ranges. (10.x.x.x etc)
rfc1918, IIRC, actually says to choose a random range.
at $
thinking aloud...
if your provider provides ipv6 as well as ipv4 and devices on your lan
are also ipv6, then you're more likely to have a major security breach??
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For addi
On 05/08/10 07:53, Seth Mos wrote:
> Do note, that if you ever write the device from start to end that this
> negates the wear levelling. It then only has the spare cells on the
> drive or card to remap blocks (~7%).
does freeBSD support trim with SSDs?
-
On 05/08/10 06:51, David Burgess wrote:
> my DSL and LAN ports will be on the same switch, different vlans. This
...
> what are my risks? I know it has been said on this list that WAN and
if you can clearly label the switch so that you yourself "cannot" make a
mistake when connecting cables
if yo
On 04/08/10 18:31, Tim Nelson wrote:
> There is no option for legacy mode in the BIOS. :-(
presumably there's no PS2 keyboard port?
or if there is, your keyboard isn't the type which can turn into a ps2
keyboard using the oversized purple usb-to-ps2 plug thing that some come
with?
I have a ps2 K
On 05/07/10 16:37, David Rees wrote:
> I've got a system (1.2.3, set up in a cluster) which has a couple of
...
> "phantom" rules - rules that exist in the config.xml file, but don't
...
> It appears that somehow they lost their interface element and since
it occurred to me, could you not re-creat
On 30/06/10 21:29, Luke Jaeger wrote:
> thanks Jim -
>
> I got the impression from reading the pfsense forum that there is a way
> to block https for specific domains by denying the connect method - am I
> understanding this wrong?
you should definitely be able to create an ACL for access to fac
On 28/06/10 07:56, bsd wrote:
> Hello,
>
> I have configured couple of devices for clients based on large disk size (160
> Go or 250Go) - I would like to know if It is possible to increase the size of
> the "clog" limit for log rotation… or if it is possible to entirely remove
> the clog syste
On 14/06/10 16:16, Paul Mansfield wrote:
> On 09/06/10 21:58, John Busch wrote:
>> - I could SSH into 192.168.9.1, and the session would last 5-10
>> seconds before freezing (^C, ^Z did nothing).
it sounds as if you had two openvpn clients running at the same time,
are you using sh
On 01/06/10 18:05, Ian Bowers wrote:
> But all a router is
> really doing is passing traffic from the ISP into the LAN. As long as
> you configure it to just pass traffic and allow telnet/ssh access from
> the LAN only, there is really very little to exploit.
>
> a simple cisco 2600 series router
On 31/05/10 08:23, bsd wrote:
> I am looking for a guide or an answer that could help me to understand how
> pfSense is architectured
maybe buy the book off amazon?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For a
On 01/06/10 11:29, Adam Egan wrote:
> Hi all,
>
> Odd problem.
>
> Attachments take an AGE to download from Hotmail.
>
> As far as I can tell it does not affect our POP3 mail or Google Mail.
>
> I have pfSense 1.2.2 with squid running as a transparent proxy. No
> fancy routing, just NAT.
MTU p
On 26/04/10 08:39, Barkat ali wrote:
> we have Lan
> and Wan
> How to install Pfsense and what is the usage?
you take the round/flat shiny disk which is labelled "pfsense 1.2.3" and
put it in the pop-out sliding drawer thingummy (having taken your coffee
cup off it) in the front of your computer,
On 12/04/10 16:56, Charles Goldsmith wrote:
> My home pfsense has been rebooting on me periodically and I haven't
> been able to figure out why. It seems to be on a 36 hour schedule.
>
> From the logs, I don't see much:
the logs seem to show only what happened after reboot
consider setting up a
On 08/04/10 12:33, innocent.mayu...@pccb.go.tz wrote:
> Dear support,
>
> We are using pfsense and with a subscribed bandwidth of 1 Mb up and down.
> While monitoring through the RRD Graphs we are not going past 600 bits/s
>
> Kindly advice what we can amend or configure in order to monitor our t
On 06/04/10 17:39, Tim Dressel wrote:
> On Tue, Apr 6, 2010 at 3:05 AM, Paul Mansfield
> I've found ntop to be hit and miss in terms of stability, when it works
...
> I found darkstat to be more reliable if a bit basic
[trimmed old text; please also consider trimming when
On 05/04/10 21:57, Brent Clark wrote:
> On the network there are other FreeBSD servers that is using Carp. Im
> finding that my solution is every now and then becoming unresponsive.
> Could it be that my setup is clashing or is being affected.
don't re-use VHIDs - the mac address is algorithmicall
On 05/04/10 16:55, Chris Buechler wrote:
> Without a pcap showing the actual traffic, there's no telling what's
> happening. The only sure thing is neither the client or server is
> closing the TCP connection if you see it as ESTABLISHED:ESTABLISHED.
worth using TCPDUMP on the firewall and looking
On 02/04/10 20:12, Tim Dressel wrote:
> super stable. But with the ntop package things goes south quickly. I've
I've found ntop to be hit and miss in terms of stability, when it works
it works well but for certain combinations of
environment/build/phase-of-the-moon it's unstable to the point of
us
On 30/03/10 17:06, Bastian Schern wrote:
> Do you have an idea how to find out were the problem with asymmetric
> routing is?
traceroute from each endpoint to the other and use tcpdump on firewalls
to observe if the packets go where you expect them?
---
On 18/03/10 16:21, Joseph Rotan wrote:
> Hi,
>
> i'm curently jammed in setting up VPN on my pfsense box been reading all
> the discussion it seems most have achieved a VPN configuration. I not
> specialise on IT pros but interested to learn. Is there anyone could
> please help me out in setting
I would like to fix/break wpad as suggested here:
http://www.mercenary.net/blog/index.php?/archives/42-HOWTO-WPAD.html
is there any way to insert the additional dhcp configuration options
into pfsense's dhcp configuration - there's no text field to allow
arbitrary insertion of my own config - so w
On 26/02/10 10:38, Abdulrehman wrote:
> I need to setup an OpenVPN scenario with pfsense. I want to connect to a
> remote network and also want to use the gateway of that remote network.
> Means if i am connected to VPN then all my internet traffic will go out
> through gateway of that network. Is
On 16/02/10 05:42, Chris Buechler wrote:
> This depends on how much you trust your switches, and more so, how
> much you trust your admins. It's usually easier to inadvertently
> configure something on the wrong VLAN than it is to plug something
> into the wrong switch. Especially if you have peopl
yes, it works. for each WAN, specify a gateway. in NAT specify advanced
outbound rules and have a rule for each WAN
on the rules for each LAN, ensure that you specify the outbound interface
-
To unsubscribe, e-mail: support-unsu
On 02/02/10 14:41, Zhu Sha Zang wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm receiving a lot of this typo of messages in my wan:
>
> 1. 692357 rule 39/0(match): block in on re0: 0.0.0.0.68 >
> 255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
stick a rule at the top to quietly
just a heads-up really about new IPv4 blocks now in use, so check your
bogon filter update scripts are working and you don't drop 1/8 and 27/8
Paul
-- Forwarded message --
From: Leo Vegoda
Date: 2010/1/21
Hi,
The IANA IPv4 registry has been updated to reflect the allocation
of t
> On Tue, Jan 12, 2010 at 8:50 PM, Ugo Bellavance wrote:
> I'm running pfsense 1.2.2 on a pentium 4, 3.0 ghz, 1 GB RAM. HDD install.
>
> When I start a download from a nearby centos mirror, directly from the
> firewall (using fetch), I get the full bandwith available from my ISP (60
> mbps). How
On 08/01/10 18:39, Ruben Lacumba wrote:
> Hi,
>
> new comer to pfsense, hearing interesting to pfsense, i plan to deploy
please don't hijack threads
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional comman
I tweak /etc/inc/system.inc so that syslogd is bound ONLY to localhost,
and then I can set pfsense to also log to another local IP, then install
syslog-ng on that IP so that I can do interesting things to the logs and
also push them remotely.
Please can you change the default configuration by twe
On 08/01/10 16:21, Tim Nelson wrote:
> - "Paul Mansfield" wrote:
>> if you put multiple lines of configuration in an openvpn server
>> config,
>> all the end of lines are lost and the whole lot is run together on
>> one
>> line when you look at t
if you put multiple lines of configuration in an openvpn server config,
all the end of lines are lost and the whole lot is run together on one
line when you look at the generated /var/run/openvpn_serverXX.conf file
am running the full pfsense1.2.3-release, upgraded from previous versions
is this
On 07/01/10 15:13, Robert Mortimer wrote:
>> Agreed - Though in our case they aren't supposed to be grownups as
>> this is a grade 7 thru 12 secondary school. And the students using Tor
sounds like you ought to be signing them up to a CIA training school
instead :-)
> You can still personal la
can't see why not, connect its WAN to your LAN, and in wan port rules
permit access to squid from the "WAN", you'll have to configure clients
to point to it, or adjust existing firewall rules
you'd probably want to configure its GUI and SSH to be permitted from
the WAN port too.
-
On 06/01/10 16:46, Robert Mortimer wrote:
>>> On 05/01/10 16:11, Luke Jaeger wrote:
Has anyone had any success blocking Tor thru pfsense/squidguard?
>> Some
>>> of
our savvier students are starting to use it to get around the
>> content
filters ...
>>>
>>> that's a classic case of ha
On 05/01/10 16:11, Luke Jaeger wrote:
> Has anyone had any success blocking Tor thru pfsense/squidguard? Some of
> our savvier students are starting to use it to get around the content
> filters ...
that's a classic case of having a "permit any + deny specific" policy.
You'll have to turn it round
On 18/12/09 07:26, Seth Mos wrote:
> Op 17-12-2009 11:35, Paul Mansfield schreef:
>> has anyone upgraded a pfsense cluster running 1.2.2-release to 1.2.3?
>
> Yes.
>
>> am using many CARP addresses on WAN and LAN ports, IPSEC, OpenVPN, and
>> advanced outbound nat
On 18/12/09 10:58, Tapani Tarvainen wrote:
> On Fri, Dec 18, 2009 at 11:13:45AM +0200, Tapani Tarvainen
> (pfse...@tapanitarvai
>
>> I took a stab at hacking filter.inc and modified it so that if
>> there's modifier in the nat rule, it uses it
>> as source in the rdr entry.
>
> Does anybody thi
has anyone upgraded a pfsense cluster running 1.2.2-release to 1.2.3?
am using many CARP addresses on WAN and LAN ports, IPSEC, OpenVPN, and
advanced outbound nat.
am just being uber cautios!
-
To unsubscribe, e-mail: support-un
On 15/12/09 14:35, Seth Mos wrote:
> Paul Mansfield schreef:
>> On 14/12/09 23:47, Jeppe Øland wrote:
>>> As for the PCIe wireless card: it's a MSI brand card, using a Ralink
>>> NIC.
>>> (MS-6894, Ralink chip: RTL8187SE)
>>> I guess thats a Real
On 14/12/09 23:47, Jeppe Øland wrote:
> As for the PCIe wireless card: it's a MSI brand card, using a Ralink NIC.
> (MS-6894, Ralink chip: RTL8187SE)
> I guess thats a RealTek wireless card ... probably next to useless for
> pfSense or?
realtek != ralink
yup, that's a realtek
since reading some
On 14/12/09 14:13, Duncan Hall wrote:
> Today I had an issue where the pfsense firewall (1.2.3RC3) could not
> access the remote syslog on another server because of a network fault
> (dead switch).
>
> The end result of this was the firewall stopped responding after
> behaving intermittently. I im
On 12/12/09 16:19, Nenhum_de_Nos wrote:
> > I couldn't upgrade from webui from 1.2.3-RC1 to Release
I upgraded a 1.2.3-RC1 to -Release this morning, uploading the full
update via web ui and it "just worked" (TM), so you must have been
unlucky :-/
--
On 13/12/09 05:07, Jeppe Øland wrote:
> Just stumbled over this:
> MSI Industrial WindBOXII
> http://www.logicsupply.com/products/ms_9a25
>
> Not cheap - but it's got everything in a nice pre-packaged box.
nice! it has an Intel NIC. not sure what options there are for mini-PCIe
cards with gigabit
On 11/12/09 15:50, David Burgess wrote:
> I've been happily using 1.2.3-RC1 for many months now on a Soekris
> net5501 and a 100GB 2.5" SATA drive. I like the idea of an embedded
> system on a CF card, but that's not possible or advisable for me as
> I'm running the squid and freeswitch packages.
On 11/12/09 15:00, R. M. Molenaar wrote:
> > How did you update youir box?
> > With an update file or new full installation?
with the update file using the web ui.
> >
> > -Oorspronkelijk bericht-
> > Van: Paul Mansfield [mailto:it-admin-pfse...@taptu.
I just upgraded a 1.2.1-release directly to 1.2.3-release with no
hitches at all. wasn't a particularly busy box but still relatively
important, and no complaints so far!
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
you'll have to renumber, or some some horrendous bodging with multiple
nat boxes at both sites which will cause more pain!
meanwhile, a message from 13 years ago in rfc1918.
http://www.faqs.org/rfcs/rfc1918.html
"If two (or more) organizations follow the address allocation
specified in this d
On 06/12/09 07:21, mehma sarja wrote:
> 64GB SSD is under a hundred bucks now and it seems a fanless REGULAR
> system (Atom 323) is do-able which should make for an awesome pfsense
> application. Any Atom smashers out there?
see mail archives, there was a flurry of discussion about ita few months
On 04/12/09 16:08, Joseph L. Casale wrote:
> > I have been asked to monitor traffic, per user through our openvpn
pfsense setup, as its
> > setup for filtering (Therefor I know what ip each user uses), I
presume this can easily be
> > done by looking at traffic between the opt int and the lan int.
snipped excess quoting - please learn to trim!
On 04/12/09 11:02, Gabriel - IP Guys wrote:
> Basically, what I want to do is have traffic come in on my secondary
> ISP, and return packets return out the correct interface, instead of
> being blocked. Is that possible?
what people initially though
* cost
you can build as many pfsense boxes as you like without incurring any
costs, or any additional costs over a single support fee
you can keep cheap PC-type spares around, with cisco keeping spares
duplicates hardware and license costs
software upgrades are free
hardware upgrades are at com
our order arrived from Amazon today, woohoo! it's quite a tome!
looks very packed with information, and should function well as a LART
for any member of staff who fiddles with firewall settings :-D
-
To unsubscribe, e-mail: su
On 11/11/09 20:29, Vick Khera wrote:
my traffic over it. That is, I'd like to configure firefox to use a
local proxy (either socks5 or regular proxy, what have you) that then
uses the "privacy" forwarding via one of these services.
I find proxyproxy firefox extension/plugin is very powerful, y
On 11/11/09 01:12, Chris Buechler wrote:
On Tue, Nov 10, 2009 at 8:04 PM, Matt wrote:
Hi,
I have a router behind pfsense with multiple internal subnets behind that.
Will a pfsense port forward from the WAN to any of my internal subnets work
? Assuming pfsense can route to the internal subnet
On 11/11/09 15:39, Scott Ullrich wrote:
On Wed, Nov 11, 2009 at 10:21 AM, Rainer Duffner wrote:
varnish also works in 32bit FreeBSD.
At least for test-purposes, it did for me.
You have to limit the amount of RAM it grabs, though, or it will crash
immediately.
Even with enough memory it can ca
I'd be very interested if there was a project to add varnish reverse
proxy to pfsense. It claims to be both linux and freebsd compatible.
http://varnish.projects.linpro.no/
One could of course hack it in manually but having it as even the
simplest package would be nice.
Paul
---
On 27/10/09 15:42, Jeppe Øland wrote:
Has anybody tried pfSense with a board like this?
http://www.avalue.com.tw/products/ECM-945GSE.cfm
"Dual Marvell 88E8053 Gigabit Ehternet"
hmmm.
-
To unsubscribe, e-mail: support-unsubs
On 22/10/09 20:04, Chris Flugstad wrote:
I cant reach an endpoint from 1 location, but can reach it from
somewhere farther up the stream. It's not dying on my end. The admin for
the other end is scratching his head.
sounds like someone upstream has an out of date bogons filter?
So. anyone ev
On 16/10/09 17:27, Curtis Maurand wrote:
Check this one out. It should work just fine. Very inexpensive.
http://www.newegg.com/Product/Product.aspx?Item=N82E16816101262
pretty good box at the price; I guess it would be a bit noisy for a home
or office environment, 1U server fans tend to be
On 16/10/09 16:41, Eugen Leitl wrote:
On Fri, Oct 16, 2009 at 04:35:07PM +0100, Paul Mansfield wrote:
I built a box with a jetway atom board and triple intel gigE daughter
board - search the mail archives - pfSense booted fine and detected the
onboard realtek as re0 and the intels as em0 to
On 15/10/09 18:25, Ryan wrote:
Does anyone make an atom board with intel onboard. I'd rather intel if
i had my choice. I have seen a couple of flexatx atom boards that look
real promising, but they don't have intel nics.
I built a box with a jetway atom board and triple intel gigE daughter
b
On 13/10/09 15:32, Luke Jaeger wrote:
I have all my users (teachers & students) on the same LAN. I'd like to
block students from Facebook but still allow it for teachers. Can I do
this without an additional LAN segment? Maybe by means of LDAP groups?
use squid, implement username/passwords and
On 09/10/09 07:58, Curtis LaMasters wrote:
I would also like to note that I am only having this issue on 2
interfaces which both happen to be VLAN interfaces. I hope that
helps.
if you're using a managed switch, is it reporting any errors?
if Ciscos see bpdus incorrectly they can go into bloc
On 08/10/09 02:13, Anil Garg wrote:
Will something like this work and be secure enough.
no.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial suppo
On 07/10/09 18:47, Evgeny Yurchenko wrote:
Has anybody noticed this behavior?
The simplest set up: two pfSenses with LAN WAN and CARP on both
interfaces (with separate interface for SYNC).
When there is little traffic active pfSense sends CARP packets with
priority 0 every second, everything is o
On 04/10/09 20:26, Teletreff wrote:
Best Choice for small Switches is Netgear (Many Models in all Categories)
personally I'd rather take my chance with a second-hand Cisco off ebay
(which is what I did at home) - a 24 x 10/100 port switch with a couple
of gigabit uplinks for home file server
On 05/10/09 10:26, Jeremy Bennett wrote:
Is there a way to flush everything stored on the device but the config?
open a shell and take a peek in /var/named and see if there's anything
obvious; be careful to delete only files and not directories otherwise
things will break.
sorry to be vagu
I assume you're retyping the config rather than giving us
"grep -v ^# squid.conf"
you sure the cache size 1500 is 1500MB and not 1500KB? is it using
sufficient disk space? if the disk cache is too small it'll be pointless
having it.
also, have you turned logging level up too far, if you log
On 01/10/09 08:38, mayak chunder-qwern wrote:
hi all,
any reason (or what can i look at) to see why squid transparent proxying
is heavily slowing web access ... (w/out proxy, dell.fr takes 3-5 secs,
with proxy, dell.fr takes 20+ or more)
have you restricted the amount of memory squid can use?
On 30/09/09 12:57, Chris Bagnall wrote:
So, a couple of questions for other multi-WAN users if I may:
1) is this workaround still necessary in more recent versions of pfSense
(>=1.2.3)?
2) if so, is there any way to work around the two limitations above?
use sftp instead?
:-P
---
On 28/09/09 15:20, Joseph L. Casale wrote:
...
> Interface VLAN tagDescription
> em2 50 NegriBossi
>
> In the Interface Assignment Tab, I have:
> Interface Network port
> LAN em0
> WAN bge0
> OPT1em1
> OPT2VLAN 50 on em2
On 26/09/09 03:59, Joseph L. Casale wrote:
>> Does the vlan interface have an allow rule?
>> You said opt2 does, but what about your vlan interface
>
> Yes, only Opt2, I didn't know you could create rules for
> the vlan interface itself? R u sure you can do this?
yes, play with the Interfaces->As
On 22/09/09 17:36, Scott Ullrich wrote:
>
> That is normal. Traffic on the firewall itself prefers the system
> routing table. Clients behind the firewall will prefer the IPSEC
> tunnel. Pretty sure that is documented somewhere on the doc site.
>
if you want connections initiated by the fir
On 22/09/09 11:00, Jure Pečar wrote:
> I have a simple pfsense setup that does NAT for our office.
we found that desktop streaming clients were quite tolerant of
nat-related issues but mobile phones were not, and as a consequence when
we set up darwin streaming server behind pfsense with port for
please can /etc/inc/system.inc be changed so that syslogd ONLY binds to
127.0.0.1 rather than *.*.*.*
this makes it much easier to also install syslog-ng so that you can
supplement the local clog stuff with a full log and reflect it to a
remote site (you'd install syslog-ng, make it bind to, say,
1 - 100 of 287 matches
Mail list logo
