Looks nice! I would be interested in this also.
Robert
On Thursday 24 January 2008 14:40, Richard Sperry wrote:
> So if I wanted OSSIM.net integration, what would I pay? Give me and the
> group the sales pitch, please.
>
> Richard Sperry
> Director of Operations
> WrinkleBrain, Inc.
> [EMAIL P
I have had this issue also. The quickest fix to to use the CTRL + or CTRL -
keys to change the font temporarily. This way you don't have to deal with a
smaller size font all the time.
Robert
On Friday 04 January 2008 11:01, Chris Buechler wrote:
> Paul M wrote:
> > is this a known feature/bu
Thanks Scott! I entered a ticket for the request.
Robert
On Tuesday 11 December 2007 14:10, Scott Ullrich wrote:
> cvstrac.pfsense.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTE
It does get a bit annoying at times. At least being able to set/override the
refresh rate would be nice.
Robert
On Tuesday 11 December 2007 09:29, Dziuk, Fred J wrote:
> Is there a setting to disable the automatic refresh of the many pages
> within the SYSTEM LOG. I try to look at the displa
Great idea, can't wait to see it.
Robert
On Wednesday 28 November 2007 15:44, Scott Ullrich wrote:
> On 11/28/07, Ole Barnkob Kaas <[EMAIL PROTECTED]> wrote:
> > A bit offtopic - but "bogons" jogged my memory. Anyone thought on
> > implementing this:
> >
> > http://www.spamhaus.org/drop/index.las
riday 26 October 2007 05:36, Paul M wrote:
> Robert Goley wrote:
> > based routing. DNS refuses to work. This is because the pfsense machine
> > can
>
> I have no answer for you, but an idea to try.
>
> run "tcpdump -l -n -i xxx udp and port 53" on the firewa
10/25/07, Robert Goley <[EMAIL PROTECTED]> wrote:
> [snip]
>
> > What am I missing?
>
> Static routes. See the multi-wan tutorials.
>
> Scott
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
I have a multi wan setup with 3 WAN interfaces and 1 LAN. It is using policy
based routing. DNS refuses to work. This is because the pfsense machine can
not resolve anything. The DNS servers are correct. They are pingable from
the pfsense machine. They are accessible from machines on the L
I have had similar issues with the MTU that were unrelated to pfSense. The
trouble I had was will an ISP supplied DSL modem that could not handle the
MTU sizes in a bridged mode. We had to replace the ISP router with a Cisco
model that would work correctly. the problem router was a "SpeedStre
This is probably not the recommended method, but I have FTP setup using NAT
port forwards from our public address to the private one with the FTP helper
disabled. I had to setup the FTP server to use a specific range of ports for
the dynamic ports and them forwarded that range to the FTP server
Just leave off the steps for creating the pools and skip straight to setting
your LAN rules. All you should have to do to send the traffic for the one
application is define a couple of rules based on either source IP on the LAN,
Destination IP, or destination ports that application uses. you w
Part of the DNS service is working. I create a static DNS entry on the
pfSense router. Clients are able to resolv that static entry using the
pfSense DNS service. I still do not know why the pfsense machine can not
resolve using DNS servers that other client machines are using. With
Multi-W
The DNS service running on the pfSense router is refusing connections. It is
also unable to resolve DNS names locally. This was tested by sshing to the
router and typing "ping google.com". It never resolved the name to an
address for ping to try to ping. There are DNS servers listed in the G
Thanks Scott. It just thru me off when it was not on the screen at all. I
guess I expected it to be greyed out.
Robert
On Tuesday 03 April 2007 13:56, Scott Ullrich wrote:
> Change the protocol to tcp or udp. Any does not support destination
> and source ports.
>
> On 4/3/07,
I am posting 2 screen shots as per Chris's request. You can view them using
the urls below. I was able to enter the destination port for outgoing
traffic and force it out over specific gateways using policy based Multi-WAN
routing. As you can see from these screen shots. There is no place t
I have not heard back on this issue. Is this broken? Was it broken on
purpose? The destination port range option is now totally missing from the
firewall screen. I am trying to add this to a LAN rule.
Robert
On Monday 02 April 2007 09:35, Robert Goley wrote:
> The bug issue is a feat
Ullrich wrote:
> On 3/29/07, Robert Goley <[EMAIL PROTECTED]> wrote:
> > I found the command. Here are some basics on it.
> >
> > pfctl
>
> [snip]
>
> Newer snapshots can kill the states from Diagnostics -> St
point.
Robert
On Friday 30 March 2007 02:04, Holger Bauer wrote:
> Please don't switch the topics of your mails concerning the same issue
> constantly. It's hard to follow/track a vonversation this way. Thank
> you.
>
> Holger
>
> > -----Original Message-
>
I found the command. Here are some basics on it.
pfctl
-k host
Kill all of the state entries originating from the specified
host. A second -k host option may be specified, which will kill
all the state entries from the first host to the second host.
For example, to kill all of the state entries
Yes, You have to explicitly kill the state from a terminal on the pfSense
router. I have done it a few times in the past but can not remember the
command at the moment. Search google for "pf kill state". I will email the
command if I find it.
Robert
On Thursday 29 March 2007 21:01, Sally J
I did find that 1-1 mapping is breaking the outgoing connect of the machine
that is being mapped. I verified this by switching a 1-1 NAT mapping between
to machines. I was able to access before the map and could not after. on
the other machine that had the map to start with, I could not acces
I have reworked the firewall according to the docs Scott provided. Most
things are working fine. OPT1 and OPT2 using the new cable modems that had
trouble earlier are working. WAN however is not working right. I am having
a similar problem to earlier. With WAN set to be the default route, I
Was not sure if it wa the same error. Thanks for the fix.
Robert
On Thursday 29 March 2007 18:17, Scott Ullrich wrote:
> This was fixed earlier.
>
> Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-
I am entering the failover and load balancing rules. Rules look fine. Should
there be blank rules there by default? There is one for the load balance and
one for the pools.
Robert
Warning: unlink(/tmp/.pool): No such file or directory in /etc/inc/vslb.inc on
line 58 Warning: stristr(): Empt
On Thursday 29 March 2007 13:46, sai wrote:
> Use the same settings that you got working on your laptop?
>
Yes, same settings.
> Can you ping the gateway in question from the pfsense firewall?
I did not think that you could ping because of default traffic rules going out
on WAN and then back in fr
run multi-wan at work and it absolutely works.
>
> Scott
>
> On 3/29/07, Robert Goley <[EMAIL PROTECTED]> wrote:
> > It seems we are both having the same basic issue. I am assuming that you
> > are able to connect out via the same OPT2 interface you are trying to
> &
Here is the message that I am receiving.
Robert
There were error(s) loading the rules: /tmp/rules.debug:54: macro 'opt3' not
defined/tmp/rules.debug:54: syntax error pfctl: Syntax error in config file:
pf rules not loaded - The line in question reads [54]: binat on $opt3 from
10.0.0.51/32 to a
It seems we are both having the same basic issue. I am assuming that you are
able to connect out via the same OPT2 interface you are trying to connect in
thru. I wish I had more answer for you than I am having this trouble too.
No one has responded to my emails. If I find the source of my pr
ssing? I let pfsense create the firewall
rule when I setup the portforward.
Robert
On Tuesday 27 March 2007 18:20, Robert Goley wrote:
> I have 1 existing DSL connection and 2 existing Cable connections. I am
> adding 2 more Cable connections as part of a phase-in/phase-out scenario.
> T
I have 1 existing DSL connection and 2 existing Cable connections. I am
adding 2 more Cable connections as part of a phase-in/phase-out scenario.
The current setup works great. It is using policy based routing on pfsense
1.0.1. I can not seem to get the additional interfaces to work. I hav
e
LAN rules.
> On 1/19/07, Robert Goley <[EMAIL PROTECTED]> wrote:
> > I had a setup similar to this for a while. Our cable company offers
> > static IPs now. You will need to setup the Cable connection as your WAN
> > connection. If I remember correctly, this is the on
I had a setup similar to this for a while. Our cable company offers static
IPs now. You will need to setup the Cable connection as your WAN connection.
If I remember correctly, this is the only interface you can setup using DHCP.
You will add your DSL as OPT1 and use you NAT rules to define
it for the next
> version.
>
> Scott
>
> On 11/22/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> > It is not a ghost and I am not click happy. Anything specific you would
> > like me to test and give results for? I found that entry before posting
> > here. I was
It is not a ghost and I am not click happy. Anything specific you would like
me to test and give results for? I found that entry before posting here. I
was hoping someone found out more about it.
Robert
On Wednesday 22 November 2006 11:49, Scott Ullrich wrote:
> 2864
-
Has anyone found the cause or a fix for the following error besides
robooting? I am using a NFORCE2 based athlon system with 4 3com 905B NICS
using the livecd version and config file on a floppy. I am unable to
access firewall via the webface after I get this error. I keep getting
this erro
Has anyone found the cause or a fix for the following error besides robooting?
I am using a NFORCE2 based athlon system with 4 3com 905B NICS using the
livecd version and config file on a floppy. I am unable to access firewall
via the webface after I get this error. I keep getting this err
m the shellmenu. You'll be up in minutes.
>
> Holger
>
> > -----Original Message-
> > From: Robert Goley [mailto:[EMAIL PROTECTED]
> > Sent: Tuesday, October 24, 2006 5:56 PM
> > To: support@pfsense.com
> > Subject: [pfSense Support] RRD graph status.
&g
> Bus order is what changes the order here. It's certainly possible to
> have em0 be em1 after inserting another em card in the machine. Be
> thankful that BSD actually identifies the chipset here...I find it
> impossible to figure out wth happened in linux when adding/removing
> nics (and dmesg
I have a dual wan setup with one LAN using policy based routing. I have 2
questions. I noticed a while back that RRD graphs only partially worked for
my OPT1 interface. Scott confirmed this and said that it was something that
he wanted fixed but did not indicate when it might be. I am still
For those curious and wanting to know.
http://en.wikipedia.org/wiki/NAT-T
On Tuesday 19 September 2006 14:00, Scott Ullrich wrote:
> NAT-T
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTE
Great. Thank you.
Robert
On Wednesday 28 June 2006 13:29, Scott Ullrich wrote:
> backuparea
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I have been attempting to backup this information also. It is working for me
using HTTP. I saw the answer for downloading via HTTPS. Using a browser you
are allow to download just certain sections of the config. How would this be
accessed via the wget command? For example, I would like to d
I am still working with the advanced outbound NAT using pfsense a policy based
dual wan router. The pfsense version is beta 4 but updated this using the
cvs update script. I am attempting to specify a couple of machines that
should show that they have the same IP (xxx.xxx.xxx.142). The interf
this
without setting up 1 to 1 NAT?
Robert
On Wednesday 14 June 2006 16:07, Scott Ullrich wrote:
> On 6/14/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> > What needs to be done to set the specific IP address that is seen/used
> > for the traffic? For example, using a stati
What needs to be done to set the specific IP address that is seen/used for the
traffic? For example, using a static arp address instead of the main
interface address.
Robert
On Wednesday 14 June 2006 12:51, Scott Ullrich wrote:
> On 6/14/06, Steve Harman <[EMAIL PROTECTED]> wrote:
> > Hi!
> >
It shouldn't be very had if he wants the pfsense machine to do all the work.
A simple shell script using grep and msmtp would work. It could be setup in
a couple of minutes. Not sure if msmtp is part of the default freebsd but
would not be hard to compile at worst. It would be a great way to
Thanks for the info. Is there somewhere I should add this to a wiki etc?
Robert
On Friday 09 June 2006 12:25, Scott Ullrich wrote:
> On 6/9/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> > I have a dual wan setup using policy based routing. I have found the RRD
> > graphs
I have a dual wan setup using policy based routing. I have found the RRD
graphs and really like them. Great job on these guys. These should help
talking to an ISP or two I have noticed that the quality graphs for the
OPT1 interface are not displaying. Do I have to enable this somewhere
Just realized I forgot to include some details in this message. I have dual
wan using policy based routing. Default traffic goes over a cable modem
(WAN). OPT1 is a range of 5 static IP's (xxx.xxx.xxx.138/29). LAN firewall
rule has 10.0.0.32 and 10.0.0.34 going over OPT1 interface.
---
I need to select the external proxy arp ip that is seen for several internal
hosts on the lan. For example: 10.0.0.32 needs to be seen as xxx.xxx.xxx.139
and 10.0.0.34 needs to be seen as xxx.xxx.xxx.141. I tried setting this up
using outbound NAT but looking at the states showed that the traf
ftp is a different story:
>
http://faq.pfsense.com/index.php?action=artikel&cat=1&id=142&artlang=en&highlight=userland
>
> Holger
>
> > -Original Message-
> > From: Robert Goley [mailto:[EMAIL PROTECTED]
> > Sent: Monday, June 05, 2006 11:
I have a similar situation and have not been able to make this work. I have a
dual wan policy based setup. Wan interface is DHCP cable modem. OPT1 is DSL
with static IPs. I have tried setting up a port forward for ftp from
OPT1->LAN. This have failed several ways. What are the official ste
Ignore my last email about specs. I must be blind
Robert
On Tue, 2006-03-07 at 17:06 -0500, Scott Ullrich wrote:
So far I am testing
http://linitx.com/product_info.php?cPath=4&products_id=909 (Thanks
LinITX) and its an amazing little box.
Just got a RAL wireless card mounted. Neat b
The provided link does not specify what the NIC chipsets are. Can you provide these? It does seem like a nice piece of equipment.
Robert
On Tue, 2006-03-07 at 17:06 -0500, Scott Ullrich wrote:
So far I am testing
http://linitx.com/product_info.php?cPath=4&products_id=909 (Thanks
LinITX)
wrote:
> On 2/27/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> > I will retest with Beta2. I had the same results that John reported
> > with Vonage lines. I only had to test it with one of the lines.
> >
> > Robert
>
> Thanks...the workarounds kinda suck
I will retest with Beta2. I had the same results that John reported
with Vonage lines. I only had to test it with one of the lines.
Robert
On Sat, 2006-02-25 at 17:18 -0600, Bill Marquette wrote:
> Thanks for the update. I just spent a number of hours on the shaper
> and think I found the prob
I have reloaded the machine using the 02-19-06 iso and then upgraded it to 02-21-06. I restored my config file. I then ran the traffic shaper wizard. I changed the allocated bandwidth to 384 for VOIP to try to fix the previous error. It never finished loading the queues page. It basically
Ignore the last email, I see a 2-19-06 iso.
Robert
On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote:
Why did you do that? You should have feed the tarball to System ->
Firmware -> Manual Update.
On 2/21/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> Will do la
) but it's not there anymore
Robert
On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote:
Why did you do that? You should have feed the tarball to System ->
Firmware -> Manual Update.
On 2/21/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> Will do later... I tried extra
:
Lower the bandwidth dedicated to VOIP some.
On 2/21/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> I have not had a chance to load this yet. I did find an error in the
> system log related to the traffic shaping though. It is listed below. I
> will load the update after everyone lea
ate - if line
> > rate is 96Kb/sec then you want 480Kb (or whatever setting above that
> > is close - say 512Kb) for the reservation. That will allow all 5
> > lines to be talking at the same time.
> >
> > --Bill
> >
> > On 2/21/06, Robert Goley <[EMAIL
As for as the traffic shaper testing, what do you want to specifically test? I had a rule previously on the M0n0wall that included all traffic TCP/UDP/etc from the vonage routers IP addresses. Do you want the default protocol rules, the new changes for IP address/Alias, or is it even limited
hence the 600KByte download (notice the conversion I did?) FYI, if
> you have 5 lines, you probably want to reserve 5 x line rate - if line
> rate is 96Kb/sec then you want 480Kb (or whatever setting above that
> is close - say 512Kb) for the reservation. That will allow all 5
> lines to
reservation. That will allow all 5
> lines to be talking at the same time.
>
> --Bill
>
> On 2/21/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> > I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP
> > traffic. I am replacing a M0n0wall firewa
I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may b
at 11:05 AM, Robert Goley wrote:
>
> > I am trying to replace a FireBox Firewall with pfsense. Our current
> > setup has 5 static IP addresses. The range is xxx.xxx.xxx.
> > 138-142. On
>
> I did this transition recently and it went very well. What you want
>
I am trying to replace a FireBox Firewall with pfsense. Our current
setup has 5 static IP addresses. The range is xxx.xxx.xxx.138-142. On
the firebox (which has a limited way of entering things anyway) this is
specified 162.39.251.138/29 and thme it uses aliases. How should I set
these up so th
I would like to see support for some form of the Verizon cards. I have
thought of making a wireless internet router using pfsense and the
Verizon cellular broadband service.
Robert
On Tue, 2005-11-08 at 03:01 -0600, Mojo Jojo wrote:
> Has anyone considered trying to get a WRAP and PfSense work
Was this setup using the "ppf" Printer Port Forwarder package? This seems to be what you are looking for. Give me a bit of info and if I have the time, I will try to implement. I would like to see this feature in place also. Was there something specific about this board that was causing pr
Just to trying to sum this up, You installed (1)binary packages from
freebsd, (2) binary packages compiled on a separate freebsd machine, or
(3) binaries compiled from the pfsense development version via the ports
system? That was not clear from the pluses and parenthesis. I would
appreciate the
I have been testing pssense to use it to replace a Firebox we currently
have on one of our connections. The Firebox currently does
webfiltering. I tried to get this working with pfsense and ran into
some issues. I installed the pfsense developer version (84 I think). I
loaded the ports info and
71 matches
Mail list logo