ust not here yet?
> >>>
> >>> That also brings up a very general question... There's a few things
> >>> that I'd like to twiddle besides the squid config, including an
> >>> "illegal" dhcp setup where I hand my laptop the same IP via wired or
> >>> wireless. What are the plans, if any, to allow a user to override
> >>> the pfsense-generated configs?
> >>>
> >>> Thanks,
> >>>
> >>> Charles
> >>>
> >>> ___
> >>> Charles Sprickman
> >>> NetEng/SysAdmin
> >>> Bway.net - New York's Best Internet - www.bway.net
> >>> [EMAIL PROTECTED] - 212.655.9344
> >>>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Szasz-Revai Endre
Str. Marasesti No. 7
551058 Medias, Jud. Sibiu
Tel: +(40) 745 308638
Email: [EMAIL PROTECTED]
Anyone got it working?
I mean, as short as i can: you install it, then it says access denied,
then i add an acl for the local subnet, then even browsing doesnt work
anymore (no transparent proxy set).
Only a reboot fixes it, if I stop+restart squid, still doesn't work.
What are the steps necessary
Hmm doesn't freebsd have support for Motorola 68000 ? :)
On 3/5/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
> Make sure you are not running that on an amiga LOL
> (sorry couldn't resist)
>
> Holger
>
Yea, seemed that the only way it was by using the boot floppies, hey
those come in handy :)
On 3/5/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> I've seen that on IBMs before, so I won't be one bit surprised if it's
> not the IBM bios displaying that ;) Why, is a different story, but
> usually
I did burn it at low speed. Hmm the bootloader isn't a big floppy
then, that must be some stupid menu from IBM..
Usually I do test, but you replied faster than i imagined :D:D
Thanks!
On 3/5/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 3/5/06, Szasz Revai Endre <[EMAIL
I tried booting BETA2 today on an old ibm ~166mhz.
It goes up until the screen where a big floppy appears (when did you
change the bootloader ? :) ).
I have an option to press F1 .. And afterwards nothing happens.
Any idea?
Hmm I added a block rule before on the LAN fw rules tab, whose src is
all and dest is a WAN ip, but in /tmp/rules.debug it shows as "block
in .."
On 2/28/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Yes, add block rules on the LAN firewall rules tab.
>
> On 2/28/06,
Is there a way to filter (block) outgoing connections to specific ips
(aliases) in pfsense using pfsense, except by manually loading the
rules ?
for example "block out ..."
Thank you,
Endre
Static, as I hear it's some bug in the wi driver, I'll check more on the net.
On 2/20/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> How is the wireless interface configured? DHCP? Static?
>
> On 2/20/06, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> >
Hello,
This is latest beta from /~sullrich.
The wireless (wi) interface is turning `off` sometimes (just randomly)
like this:
wi0: flags=8803 mtu 1500
inet6 fe80::202:2dff:fec4:3de4%wi0 prefixlen 64 scopeid 0x5
ether 00:02:2d:c4:3d:e4
and I can't set it back. So if i save the wan se
Hi.
I have this problem, that the pfsense gateway at a point loses
internet connection (wi).
It starts with me not being able to ping anything outside, and windows
saying that the gateway is unreachable. So I try pinging google and it
says that the pfsense gateway is unreachable.
I also can't reac
Hello!
Beta1 here. When pfsense started up, it gave warnings, one warning
message per second which looked like this:
"Warning: wrong datatype for second argument in /etc/inc/config.inc"
But after a lot of warnings like this it finally starts up (5 minutes+).
I have done /etc/rc.firmware pfSenseupg
Thank you, all fixed now, i did have an old kernel.
On 1/18/06, Vivek Khera <[EMAIL PROTECTED]> wrote:
>
> On Jan 18, 2006, at 4:03 PM, Szasz Revai Endre wrote:
>
> > Hmm I have upgraded from 0.80 dev edition, but i kind of need that :(
>
> Make sure you're not
Yay, thank you!!
That means we'll be able to update to a new dev edition without losing
the packages we have installed or compiled?
On 1/18/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> I'll be updating the dev edition soon as well.
>
Hmm I have upgraded from 0.80 dev edition, but i kind of need that :(
On 1/18/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> If you have upgraded from a previous version you may need to do a full
> reinstall.
>
> On 1/18/06, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
Well I've waited for hours, and they didn't get applied.. Hmm I'll
check it out again though.
On 1/18/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Applying doesnt happen immediately. I can take up to 10 or more
> seconds depending on the speed of the machine.
>
Hi, I'm using BETA1.
I entered some rules in the firewall, and then some more, and only now
i noticed that they don't get applied, only after restarting the
machine. Even after I press apply, there's no trace of them in the
/tmp/rules.debug.
Is this only happening to me?
Thank you,
Endre
Sorry, I forgot to specify that this is BETA1
On 1/14/06, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> Hello!
>
> I don't know if this is a bug, I haven't tested it through.
> I've changed the external port of a NAT rule to something other than
> it prev
Hello!
I don't know if this is a bug, I haven't tested it through.
I've changed the external port of a NAT rule to something other than
it previously was. 1515 -> 5000. And I have saved the rule.
And I could still connect to port 1515 afterwards, from the outside,
but not to 5000.
Is that normal?
When upgrading from 0.80 dev edition to the latest beta :
# /etc/rc.firmware pfSenseupgrade /pfSense-Full-Update-1.0-BETA1.tgz
tar: Error opening archive: Failed to open '-U': No such file or directory
bzcat: Can't open input file /tmp/chflags.dist.bin.bz2: No such file
or directory.
bzcat: Can't
Thanks Scott!
Happy devving, good luck and happy holidays!!
On 12/27/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Sure, you can use the firmware update to bring the old one up to speed.
>
> -- Forwarded message --
> From: Szasz Revai Endre <[EMAIL PROTE
I've sticked 96 ram into it now, but it's still not going faster.
Either way it wasn't the swapping that made it do that and it's not
swapping now either.
And sorry, i had 64 megs on it, didn't know :D
On 12/27/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> 32 megs is not recommended. The minimum
That's great, but i prefer not to build world on this old piece of junk :D
So would upgrade to .80devedition -> upgrade to BETA1 work?
On 12/27/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> I followed and fixed
> http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense while building
> it.
>
>
0 0.0 0.0| ad0s1b 0 0 0 0 0.0
0 0 0.0 0.0| ad0s1cOn 12/27/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
It doesn't seem to know anything, no features :)Protocol ATA/ATAPI revision 0
device model WDC AC22100Hserial number
no nomicrocode download no no
security no nopower management no noadvanced power management no no 0/0x00automatic acoustic management no no 0/0x00 0/0x00
On 12/27/05, Szasz Revai Endre &l
# atacontrol mode ad0current mode = WDMA2WDMA? what's that?anyway max it goes, it's this :(This is a 2gb western digital caviar hdd.ad0: 2014MB at ata0-master WDMA2
Better than PIO I guess..On 12/27/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote:
Are you sure its running in
HelloHow do you build that custom image for pfsense developer's edition ?
I just want to get gcc up on that machine.. if i download and install
.80 dev edition and then re-update to BETA1, will that work?Thank you,Endre
HelloI have an old 233mhz computer w/ 32 ram, udma33 hdd, that's what i'm running pfsense on.I know this question doesn't relate to pfsense, but i'll ask it.When doing any bigger io operation, the computer tends to slow down, and execute everything at an astonishingly slow rate. For example and upd
ah right :DthanksOn 12/22/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
Use it and upload a new firmwareOn 12/22/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:> yes, but that's .80 :/> any other way to get a working cc/gcc in a non dev version ?
>>> On
yes, but that's .80 :/any other way to get a working cc/gcc in a non dev version ?On 12/22/05, Scott Ullrich <
[EMAIL PROTECTED]> wrote:Use the pfSense developers edition. It's in the downloads section.
On 12/22/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:> Any idea h
Any idea how to get a gcc / cc onto pfsense to be able to compile some stuff on it?pkg_add gcc would add the binaries, only it would stick a gccVERSION_NUMBER elf and would not set the ENV up correctly.also how to get cc onto it, because if i try to compile gcc it needs cc :)
thanks,endre
Oh okay, thanks Scott !On 12/19/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
Run a update_file.sh /etc/crontab then reboot your machine. Weremoved the periodic scripts.Scott
Oh thanks, I totally forgot about that..I was doing:# crontab -lcrontab: no crontab for root:)Still where does the `find` come from?On 12/19/05,
Rainer Duffner <[EMAIL PROTECTED]> wrote:
Szasz Revai Endre wrote:> Hello,>> What's pfsense doing at night? Sometimes pfsense st
Hello,What's pfsense doing at night? Sometimes pfsense starts a find command, and it keeps working on and on for a few minutes. I don't remember what the command was. Though I see no cron job or anything. What starts the find command?
Endre
Hello again!
About this old problem with the static arp entries..
20223 deny ip from 192.168.22.201 not MAC any 00:02:00:25:00:b6 any layer2 in
20223 deny ip from any to 192.168.22.201 not MAC 00:02:00:25:00:b6 any
layer2 out
There are these things in the ipfw list.. Don't these manage to get
the
No, it never turns 'permanent'.
Either way about the other unspecified entries.. shouldn't those cover
the rest of the subnet with bogus macs? Or they aren't supposed to
have access anyway?
On 11/14/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 11/14/05, Szasz
Unfortunately, that's not me :(
Anyway i don't know how the configuration is supposed to work ..
shouldn't the configuration be okay if the undefined clients are
defined too, but with bogus mac addresses (ip adress is defined, but
mac address is ff:ff:ff:ff:ff:ff for example(or random)) ?
An excer
Of course I fully understand they can be spoofed, and way too easily, too.
Anyway that's not the point, why did it let a client access the
captive portal, when there are static arp entries enabled, and that
client (ip and mac) isn't defined in any of the arp entries?
I have the arp table filled til
Niether the ARP nor the IP is in my DHCP list (static arp entries are
enabled, which actually don't seem to work, so i suppose it's from
there).
I have the 'anti-lockout rule' disabled too.
On 11/12/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote:
> spoofed ip/ar
22.
Nov 11 12:05:56 sshd[43739]: Received signal 15; terminating.
Endre
On 11/9/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> Of course, that is normal.
> But for example any client on the network has access to the captive
> portal and to echo request, which is norm
Of course, that is normal.
But for example any client on the network has access to the captive
portal and to echo request, which is normal?
If i turn that anti lockout rule off, this shouldn't be possible ?
On 11/9/05, Chris Buechler <[EMAIL PROTECTED]> wrote:
> to the firewall itself, yeah. The
No, a reboot doesn't fix the error.
The problem is, as I see, that no client is denied on the network
(none of those who have static ip addresses), everyone has access to
this machine (pfsense).
On 11/8/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 11/8/05, Szasz Revai Endre <
These are on LAN, it's weird..
For a client on the LAN, I have deleted a DHCP mac/ip entry, and that
client would still have access to the captive portal, or any other
service pfsense would offer.
On 11/8/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Interesting, sounds like a bug. Are these cl
Hello,Is this a bad
idea ?http://cvstrac.pfsense.com/tktview?tn=678I am aware that when a
new dhcp client is added, then the firewall rules would need to be updated
:(Sorry about the earlier email, i totally forgot that it's not yet
possible to filter by mac address.
Hello,
Why is it, when Static ARP entries are enabled, a user which is not in
the DHCP client list still `sees` the server ? (can ping, etc)
Even if the user uses an ip that is in the list, and the mac is
different, it can still connect to captive portal for example.
How to get around this ?
Than
Hello,
Today I noticed a user time out using the captive portal:
Oct 30 10:20:18 logportalauth[56054]: TIMEOUT: shimon, 00:07:95:d3:d2:97, 192.168.11.100
It is using an ip from the class of the lan.
The problem is, that I assign ip addresses to all the users of the LAN, with static arp entries
Yesss,
Finally the release which will fix those nasty stuff in the kernel now providing full uniprocessor usage. Because the kernel of the 5.x didn't really support uniprocessors from scratch, it was just a tare-down from SMP.
Okay first bug, even if it's not core pfsense, is the squid package,
Hello,
Sorry, I forgot who develops squid..
Well I just wanted to say that the error is still there,
pf_networks is included twice in the squid.conf,
so subnets get included twice that are in the acl.
I thought you fixed this, didn't you ?
Thank you.
i suppose I can't tell this phpF to load another php.ini, can I?
On 10/19/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> Hmm thanks !
>
> #!/bin/sh
> cp /usr/local/bin/php /usr/local/bin/phpF
> v=`find * /etc /usr/local/www`
> for i in $v; do
>if sed -
and i don't check if it has already been modified,
but it seems okay :)
On 10/19/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 10/19/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote:
> > Yes of course it would work, it's actually a freebsd system :D
> > Th
Yes of course it would work, it's actually a freebsd system :D
There are actually some problems when I added php4 to my
system(pkg_add), it wouldn't boot up normally, and diverse php errors
occured.
If I were to move the php binary somewhere else, how could I actually
tell the scripts of pfsense to
Can I make a normal php4 (pkg_add) package work with pfsense?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Anyway it's at a point where it only has minor erorrs, if any, even
so, easily fixable.
On 10/17/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> It may or may not work. It's still being refined.
>
-
To unsubscribe, e-mail: [EMAIL
Yeah, Scott pointed out that it should be working now.
Anyway try it, no harm can come from that.
On 10/17/05, Vinc Duran <[EMAIL PROTECTED]> wrote:
> Thanks, So I just install the squid package and ignore the *NOT
> WORKING* for now? I can edit the configuration and ACL if that's the
> only probl
"http_access allow
pf_networks" line.
On 10/16/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> iam kinda bad at the squid conf... what line did you remove?
>
> regards // Johan
>
>
>
>
>
> Szasz Revai Endre <[EMAIL PROTECTED]>
> 2005-10-15 11:26
&g
Sometimes it's good because people still have /some/ manual
configuration done. eg. squid :)
> Yes. A lot of times files are not upgraded like /etc/ttys, etc. I
> would suggest a clean install every month or so or when you suspect
> things are not correct. Obviously this need will disappear o
It seems to be working now, though I did have to edit the
configuration manually, cause there is an ACL line which overlaps with
the already configured local subnet, maybe just for me..
On 10/15/05, Vinc Duran <[EMAIL PROTECTED]> wrote:
> I'm curious about this too. The entry in Packages still ind
Hello
How is the squid gui integration into pfsense going? Is it working now?
Thank you,
Endre
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Okay :)
I still haven't had time to look through the generator code, but I
will, I am just too busy with the university now.
The MAN is actually over the internet (scattered public ip addresses
80.*.*.*, 194.*.*.*, etc)
http://www.pfsense.com/pastebin/245
Also right now what cannot be done is to cr
Thanks Bill!
It seems that if i get some free time I'll attempt to fix that
function to be recursive, and I'll let you know.
Meanwhile the config the wizard generates is a pretty good start for everything.
On 10/9/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 10/9/05
Okay, so I linked the qWanRoot and qLanRoot to the overallWan and
overallWan respectively, each of them being "parent queues" (parents
to the real root queue(hfsc))
but this is the generated config(rules.debug)
altq on fxp1 hfsc queue { qWANRoot }
altq on fxp0 hfsc queue { qLANRoot }
queue ove
So it should be possible to create 2 parent
queues(overall_lan,overall_wan), which under them would contain the
actual shaper wizard config, or create 2 more separate
queues(overall_lan,overall_wan) aside from what the shaper wizard
created..
Here's the problem:
I have generated a config with the w
On 10/9/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> > > Take a look at how the EZ Shaper wizard creates parent queues.
> > Either way I have to edit the created configuration manually, or there
> > is a possibilty to create parent queues with the webconfigurator ?
> Yes, via the webConfigurator.
On 10/8/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Take a look at how the EZ Shaper wizard creates parent queues.
Either way I have to edit the created configuration manually, or there
is a possibilty to create parent queues with the webconfigurator ?
> This is not possible at this time due to
1) Is it possible, in the traffic shaper
- to create another parent queue (parent to HFSC)
- and to add some rules to this queue, so that traffic coming and
going from specific ip adresses would go through this queue (which
would have separate bandwidth)?
My WAN consists of 2 types of speeds: a
65 matches
Mail list logo
