We used openDNS at all our schools but we just finished putting all
our schools behind a single firewall so that didn't fly. We had to go
to a commercial filter product unfortunately. We did consider throwing
up DNS servers all over the place but it would have become ugly to
manage.
On Fri, Jun
Can anyone say from experience whether it's 'within scope' to keep pfSense
as the DHCP/DNS? In other words, is it feasible to have 2K8 server turn to
pfSense via something like DHCP relay? Never played with DHCP relay.
Hi Karl,
We are doing exactly this. I have my Win2008 server acting as
Hi folks,
Someone else just asked a question that I responded to, but it actually
triggered a question in my head and rather than highjack the thread I
thought I'd start a new one.
If you use OpenDNS to filter content, it works pretty seamlessly.
Lets say that you have 4 LAN connections on
Because OpenDNS does their filtering based on the source IP address, you
would have to have eat LAN have its own outgoing IP(s) using Outbound NAT
rules.
I've never actually done outbound NAT. So lets say I've got multiple IP
addresses bound as virtual IP's onto the physical WAN interface. I
Doesn't this create a ton of DNS traffic traversing the firewall?
Why does it create any more DNS traffic than doing it any other way?
I've actually got a decent sized block of public IP's to play with, so I
will get started on this later in the week. The reason I am concerned about
On Tue, Apr 6, 2010 at 3:05 AM, Paul Mansfield
it-admin-pfse...@taptu.comwrote:
On 02/04/10 20:12, Tim Dressel wrote:
super stable. But with the ntop package things goes south quickly. I've
I've found ntop to be hit and miss in terms of stability, when it works
it works well but for certain
Hi There,
I've built a couple of pfSense 1.2.3-Release boxes lately, they are super
stable. But with the ntop package things goes south quickly. I've got three
interfaces (all Intel GT class giganics) and ntop is listening to LAN and
OPT1. Once ntop starts, its good for about 5 minutes, then I
On Thu, Feb 25, 2010 at 5:43 AM, Bob Gustafson bob...@rcn.com wrote:
On Wed, 2010-02-24 at 18:16 -0800, Tim Dressel wrote:
Hi folks,
I have been interconnecting several schools into one big network via a
MAN over fiber, but in the end I'm going to have a couple of schools
that I can't afford
Hi folks,
I have been interconnecting several schools into one big network via a
MAN over fiber, but in the end I'm going to have a couple of schools
that I can't afford to hook up and/or just don't have the service
available. We are pushing out Windows 7 which via volume activation
requires
I'll just toss in a reason why I would like to see IPV6.
I've got a network with about 24 subnets,,, a combination of physical
and vlans. We have been rolling out Windows 7, and slowly been
upgrading our servers to 2008 R2. My tech team is very small and we
support a large number of clients in
Not that it helps much, but I have had severe problems with the fxp driver
under BSD/pfsense. I mentioned this a while back and Chris suggested that
this was only in a few snapshots. Not being one to argue with a
support/developer because I am in awe with this project, but I can replicate
traffic
Hi folks,
In a former like I replaced an overworked Firebox with an IPCop
installation (this was before I knew about pfSense, all my firewalls
are now pfSense now.
Anyways... the only thing I miss about that Firebox was this cool
little graphical traffic graph that updated in real time. On one
How is that for open source support!
You guys rock.
On Sat, Nov 7, 2009 at 10:05 AM, Scott Ullrich sullr...@gmail.com wrote:
On Fri, Nov 6, 2009 at 10:57 PM, Glenn Kelley gl...@typo3usa.com wrote:
Grace and Peace Friends:
In Snort we are seeing the following:
Fatal error: Allowed memory
I've run on a few x3400 and x3500's if you are all about IBM. They run
well, but you will have more stability by throwing in some GT class
intel giganics even if you are running low traffic.
I've got one machine on a simple network, 1 WAN, 2 LAN, 1 Wireless
with captive portal, various visibility
PRO 100's have serious problems in BSD7.
I know the PRO 1000 GT's work flawlessly.
On Sat, Oct 31, 2009 at 12:27 PM, Ugo Bellavance u...@lubik.ca wrote:
Chris Buechler wrote:
On Sat, Oct 31, 2009 at 10:39 AM, Ugo Bellavance u...@lubik.ca wrote:
Hi list,
We're currently running
This is the exact issue I had with the PRO100's. I never tried
disabling TSO or applying the patch.
http://security.freebsd.org/advisories/FreeBSD-EN-09:03.fxp.asc
On Sat, Oct 31, 2009 at 7:34 PM, Chris Buechler c...@pfsense.org wrote:
On Sat, Oct 31, 2009 at 10:13 PM, Tim Dressel tjdres
On Sun, Aug 9, 2009 at 6:47 PM, Cheyenne Dealcheye...@hsrvr.us wrote:
I have a small problem, I am trying to get some Zynx ZX414's and some ZX424's
working in pfSense 1.2.2 and it refuses to give a linkup. I know that the the
cards are good when using windows install on them but refuses to
On Mon, Aug 3, 2009 at 3:52 AM, Lennyfive2one.le...@gmail.com wrote:
On Sun, Aug 2, 2009 at 12:21 PM, Tim Dressel tjdres...@gmail.com wrote:
Install on both sides, not on pfsense.
i.e. install on a machine on the WAN side, and on the LAN site. Or if
you are testing between LAN and an OPT
Install on both sides, not on pfsense.
i.e. install on a machine on the WAN side, and on the LAN site. Or if
you are testing between LAN and an OPT interface, put a machine on
both subnets and test that way.
iPerf on pfsense will not give you a throughput of the firewall (at
least nothing that
On Fri, Jul 31, 2009 at 7:16 AM, Rainer Duffnerrai...@ultra-secure.de wrote:
Paul Mansfield schrieb:
boot a live linux disk like ubuntu
try a speed test website.
for network testing...
set up the interfaces
create a 1G test file, e.g. dd if=/dev/urandom of=/tmp/random bs=1024
Hi folks,
I'm building a reasonably high end firewall in the next month or so. I
will be routing up to gigabit speeds between 7 subnets, but the sort
of baseline noice will be in the 30 megabit sustained area.
I understand the corelation to the BSD 7 HCL and individual
components, but I have
Hi folks,
I just found this post from Chris in the forums:
http://forum.pfsense.org/index.php/topic,7675.0.html
It refers to the issue below being resolved in 1.3, which I now
understand is actually been point upped to 2.0. I'm snooping around in
the alpha snapshot section with the
, May 8, 2009 at 22:06, Tim Dressel tjdres...@gmail.com wrote:
Finally, I'd appreciate any feedback out there on installs with counts
on mac bypass entries topping a 1000 count. I am considering tying
together several of my networks and would like to know what the upper
end on the captive portal
: Re: [pfSense Support] Captive Portal Question
On Thu, May 7, 2009 at 15:55, Tim Dressel tjdres...@gmail.com wrote:
1. What is the limitation on the number of mac-bypass entries? And is
what I am seeing expected with 300 entries?
I'm sure someone will chime in with the precise ipfw limitation
Hi folks,
I've got a captive portal deployed on a simple LAN/WAN configured
current PFsense box.
All clients that I want to have transparent access to the internet
have a MAC bypass entry.
All other clients authenticate against the active portal.
The mac-bypass has over 300 entries in it.
I
this issue.
Its easily repeatable, so if someone wants to help me I can do any
sort of troublshooting you suggest.
Thanks folks...
On Fri, Apr 17, 2009 at 7:19 AM, Chris Buechler c...@pfsense.org wrote:
On Fri, Apr 17, 2009 at 12:42 AM, Tim Dressel tjdres...@gmail.com wrote:
Hi folks,
We've been
On Sat, Apr 18, 2009 at 11:09 AM, Chris Buechler c...@pfsense.org wrote:
On Sat, Apr 18, 2009 at 1:07 PM, Tim Dressel tjdres...@gmail.com wrote:
I had zero luck with this in the last few days. Here are some more details:
Internet -- PFSense -- procurve managed switch
I have tried three
On Sat, Apr 18, 2009 at 5:23 PM, Chris Buechler c...@pfsense.org wrote:
On Sat, Apr 18, 2009 at 2:33 PM, Tim Dressel tjdres...@gmail.com wrote:
There is definitely an upstream router, and I have physical access to
it but not console. I can power it off and on again, but it tends to
make
Hi folks,
We've been playing around at work with binding multiple IP's to the
WAN interface so that we can port forward the same ports from
different IP's to different services on the LAN side.
Has anyone ever seen when you add a second virtual IP, and then create
the NAT on the second (also
Thanks for the reply Chris.
On Wed, Apr 1, 2009 at 5:15 PM, Chris Buechler c...@pfsense.org wrote:
On Mon, Mar 30, 2009 at 11:32 PM, Tim Dressel tjdres...@gmail.com wrote:
Hi folks,
I have inherited about a dozen schools with internet connections
between 2Mbit and 10Mbit. Each school has
Hi folks,
I have inherited about a dozen schools with internet connections
between 2Mbit and 10Mbit. Each school has a PFSense box (standard PC,
hard disk, 1GB ram, 3 nics).
Each PFSense is configured as WAN, LAN, and OPT1 where OPT1 has
connected several unsecured access points to provide
Thanks for the reply Chris,,,
Off to VPNgui I guess. ;)
Cheers,
Tim
On Tue, Mar 10, 2009 at 12:15 AM, Chris Buechler c...@pfsense.org wrote:
On Sat, Mar 7, 2009 at 6:38 PM, Tim Dressel tjdres...@gmail.com wrote:
We just migrated a few of our firewalls from m0n0wall to PFsense (cool
We just migrated a few of our firewalls from m0n0wall to PFsense (cool
that that config files work btw devs!!!)
Anyways, now I can't PPTP out to another firewall from behind one of
the new PF boxes (this was not a problem with m0n0wall).
Some googling about found this from a few years back:
I had same problem burning at 48X dropped to 12X disc was fine.
Same also happened with Mythbuntu 8.10, but not with Ubuntu Server 8.04. Not
sure if this is a burner issue or how the iso's are being generated. All the
iso's worked fine with vmware.
On Mon, Dec 22, 2008 at 2:24 AM, Paul
Hi folks,
This is my first post to this list, I'm brand new to PFSense and mostly new
to BSD/Unix. I'm planning on moving to PF mainly for its dual WAN
capability. I've been using IPCop for years (at work and at home) and have
been very happy with it, minus of course its ability to deal easily
Hi folks,
Please ignore the question below.
I found the rules section and created my rule for wireless!
All is well, thanks for putting up with the newb question.
Cheers,
-tim
On Tue, Nov 25, 2008 at 9:54 PM, Tim Dressel [EMAIL PROTECTED] wrote:
Hi folks,
This is my first post
36 matches
Mail list logo
