http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso/
is how to setup a developers machine.
I just used this http://www.thoughtpolice.co.uk/vmware/#freebsd7.0
vmware image to setup a VM and then ran the script from the wiki.
sai
On Sat, Mar 21, 2009 at 12:38 AM, Alexsander Loula alex.lo
, I really need to have wan failover.
---
Veiko
provide a network diagram with ip addresses and maybe screen shots of
the web interface.
sai
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e
post your firewall rules. you do not need static routes or arp-proxy
for what you are trying to do.
also your clients need to have EntA clients to have 192.168.10.128 as
the gateway and dns server.
can .129 ping .130 ?
sai
On Mon, Dec 15, 2008 at 4:19 PM, Thomas Elsgaard
thomas.elsga
upstream arp cache.
that means the arp cache on the machines connected to the pfSense
machine, not the pfSense machine itself.
sai
On Thu, Oct 30, 2008 at 12:10 AM, Michel Servaes [EMAIL PROTECTED] wrote:
wouldn't the ARP cache be cleared by rebooting the pfsense box ?? (i
rebooted 3 or 4
, it is secure enough for you. If you really want to know if it is
secure, you need to do your own testing.
:-)
I just realised that I've been trusting random people I dont know to
develop my production firewalls
sai
arp caching can produce problems like this. solution is to reboot the
switches, the firewall and everything else connected to them. I have
wasted whole days debugging problems like this
sai
On Tue, Sep 9, 2008 at 3:34 PM, Glenn Kelley [EMAIL PROTECTED] wrote:
well still no go - have tried all
how is your network setup?
1 PC ---switch UT ---pfsense
or
2 PC ---switch ---pfsense UT
I would suggest trying 2 since you just want the CP on pfsense
sai
On Sun, Jul 27, 2008 at 9:53 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Sun, Jul 27, 2008 at 12:04 PM, Curtis LaMasters
is
quite limited, but it looks ok.
could one of the devs confirm that dns cache problem is mitigated ?
sai
refs:
[1] http://seclists.org/fulldisclosure/2008/Jul/0104.html
[2] http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html
[3] https://www.dns-oarc.net/oarc/services
nothing wrong. just different. it may have side effects, which needs
some thinking.
sai
On 7/7/08, Ermal Luçi [EMAIL PROTECTED] wrote:
On Mon, Jul 7, 2008 at 7:47 AM, sai [EMAIL PROTECTED] wrote:
I tested this and it looks like this is a side effect of the new shaper.
What's the wrong
I tested this and it looks like this is a side effect of the new shaper.
sai
On 6/19/08, sai [EMAIL PROTECTED] wrote:
Is this normal? I just opened my log files and clicked on one of the
red icons. I seem to remember that blocked packets only had one
associated rule. I get
if you add descriptions to the rules, the text of the description
comes up in the popup window when you click on the pass/block icon.
sai
On 6/22/08, Craig Silva [EMAIL PROTECTED] wrote:
I'm looking at my logs trying to work out which rule number 262 is?
is there a way or relating the log
Is this normal? I just opened my log files and clicked on one of the
red icons. I seem to remember that blocked packets only had one
associated rule. I get this:
10.10.10.10
The rule that triggered this action is:
@2 block drop in log all label Default deny rule
@20 block drop in on ! rl1 inet
start off by downloading the dev iso
http://mirror.qubenet.net/mirror/pfsense/downloads/developers/pfSense-1.2-BETA-1.iso.gz
and installing it.
sai
On 6/18/08, Matias Surdi [EMAIL PROTECTED] wrote:
Hi,
I'm an experienced web developer and I have some FreeBSD systems
administration knowledge
http://imageshack.us/
http://www.freeimagehosting.net/
On 5/30/08, Peter Todorov [EMAIL PROTECTED] wrote:
Where I can upload screanshots to show ?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
On 5/29/08, Scott Ullrich [EMAIL PROTECTED] wrote:
On 5/29/08, sai [EMAIL PROTECTED] wrote:
custom overlay was not working for me (used to work until a few weeks
ago).
in builder-scripts/builder_common.sh the overlay directory
is copied across to $CVS_CO_DIR. I changed this so
you should probably be using a 6.2 or 6.3 kernel on pfsense 1.2
the 7 kernel would not be a good idea.
sai
On 5/28/08, Aziz THRAYA [EMAIL PROTECTED] wrote:
Hi all,
I modify some FreeBSD kernel without problems but modding pfsense Kernel it
is to hard without docs.
So I want to mod
up on me at a critical point in time?
sai
.
sai
destination port: SMTP
This will allow sending of email.
You can add other rules to allow other protocols like POP, secure SMTP ...
HTH
sai
On 4/23/08, Toto [EMAIL PROTECTED] wrote:
help me !!!
i want ip 192.168.1.2 colud not open web but only do mail access. how to
setup in pfsense
I think that there is a bug in the bandwidthd package. the xml states that
bandwidthd REQUIRES pfsense 2.0
this package will NOT filter out p2p, it will just try to detect
it. not suitable for blocking the p2p. you might want to try snort for that.
sai
On 3/8/08, Michel Servaes [EMAIL
take a look at http://en.wikipedia.org/wiki/Stateful_firewall
On 3/6/08, Mike Lever [EMAIL PROTECTED] wrote:
Thanks Sean for the clarification.
One point of clarification.. can you please define exactly what a 'state' is
?
Regards,
Mike Lever
Tenacity Films (Pty) Ltd t/a
bandwidthd or darkstats packages might help. they show download/upload
by IP address.
sai
On 2/26/08, Bosco [EMAIL PROTECTED] wrote:
Hi all,
I am using pfSense solution for a while (about 6 months) - version
1.2 with 1 LAN + 3 WANs - and sometimes the Download or Upload traffic
for a reinstall from scratch.
sai
On 2/28/08, Michael Richardson [EMAIL PROTECTED] wrote:
I've got a dual-wan setup and I want to cause traffic between an internal
machine, and external machine to occur over WAN2 (I could use source or
destination as criteria). Both public IPs would share a gateway
.
If you are loadbalancing for users in the LAN then you just need to
worry about the LAN interface rules, the WAN rules are not needed.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
if the m0n0 is known to work then you could install the m0n0 image and
then use the gui to change the firmware to pfSense.
sai
On 1/28/08, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I've modified the configuration file to point to vr0/vr1/vr2 as
appropriate, however there is no active IP
Yes, paid support is available, but a lot of support is provided by
the devs is free.
sai
On 1/24/08, Sean Cavanaugh [EMAIL PROTECTED] wrote:
technically it already is. if you want elevated support, they charge for it.
but out of that comes upgrades and feature enhancements of the software
I saw this after upgrading to RC4
Fix:
using exec.php
rm -rf /var/db/rrd*
Then in the Execute PHP command box type in:
enable_rrd_graphing();
This will delete all your rrd data :-(
sai
On 1/25/08, Wade Blackwell [EMAIL PROTECTED] wrote:
It seems very random,
Anyone
Recommended Hardware Vendors : http://pfsense.org/index.php?id=40
sai
On Nov 5, 2007 9:00 AM, Jeremy Bennett [EMAIL PROTECTED] wrote:
I've been running PFsense successfully on a handbuilt PC for about a
year now, and am stoked that it works so well. I'd like to move onto
the next step and do
...
The System page tells you which version and the build date. The build
date is useful for tracking snapshots.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
,port : any,any
gateway WAN2
hth
sai
On 10/2/07, Ingvald Grimstveit [EMAIL PROTECTED] wrote:
Current setup:
1x WAN PPPoE
(running PPTP VPN server on pfSense with local user db.)
Need:
1x Additional WAN
Configuration would be:
-Different GW for computers on same LAN (inside
Can you not just use a crossed cable for the CARP interfaces?
sai
On 9/27/07, Shane B [EMAIL PROTECTED] wrote:
Are these unmanaged switches?
Yeap, little 5 port workgroup switches (Linksys EZXS55W
http://www.linksys.com/servlet/Satellite?c=L_Product_C2childpagename=US%2FLayoutcid
There have been some problems discussed in the forum with some
ISPs/cable operators. Maybe that wil help.
Does the WAN have an IP address when it goes down? It might be a
problem with ip address renewal in DHCP.
sai
On 9/16/07, Chris Lasater [EMAIL PROTECTED] wrote:
Nothing worth while
How do you know that the ISP isnṫ acting up or maybe your ISPs modem?
sai
On 9/16/07, Chris Lasater [EMAIL PROTECTED] wrote:
It does have an DHCP address still, but it happens multiple times a
day... should I be losing the IP that quickly? and it is usually at
irregular intervals
WAN is DHCP? What do you mean by for all interfaces ? Anything in
the System log?
sai
On 9/15/07, Chris Lasater [EMAIL PROTECTED] wrote:
I have been using PFSense on a Soekris Net5501 box for about a month now
and it has been working perfectly. Recently it has been losing
connection
It was all working before and now its all messed up?
Ah, that be the Networking Gremlins. :-)
When this sort of thing happens I usually have to restart from the
begining - probably missed a small but vital bit of config. Maybe even
reinstall.
sai
On 9/14/07, Shane B [EMAIL PROTECTED] wrote
with no delays whatsoever.
Is this a Vista thing we should look out for? If so, whats the fix
that worked here?
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
addresses you can run a traceroute or use something like nmap.
You can even use google.com as a monitor.
sai
On 7/20/07, William Smith [EMAIL PROTECTED] wrote:
Hi Again,
I've asked questions about this previously and have gotten much help, Thank
You. Now I have some questions that will help me
.
sai
On 7/18/07, Volker Kuhlmann [EMAIL PROTECTED] wrote:
I have installed pfsense 1.2beta1 built on Mon Apr 30 10:47:18 EDT 2007, LAN
with half a dozen XP and a few Linux machines. ADSL. Primary name server on
the general setup tab is fixed to the ISP's name server, secondary name
server is set
a CF installed as hard disk
(cf-ide converter). That works fine.
Since your board doesn't detect the card then probably a problem with
your BIOS settings.
sai
On 7/14/07, Dave Cabot [EMAIL PROTECTED] wrote:
I've tried to install pfsense onto the CF as if it was a hard drive, but
apparently the OS
!) and
the response was that that this was fixed several days ago.
:-(
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
and will help.
sai
On 7/5/07, William Smith [EMAIL PROTECTED] wrote:
Hi,
I have 3 WANS. Each has a static ip assigned by the ISP based on login. I
have the router/modems set to login and give each of my WAN interfaces an
IP. 192.168.2.10, 192.168.1.10 and 192.168.0.10. (I also DMZed those IPs
i currently install Freebsd pfSense.local 6.1RELEASE-p10 and do all the
package installation + configuration
TQ
Diagnostics Backup/restore will save your configuration and allow
you to copy it across to another installation.
sai
this to 200,000 with no problems.
Is your WAN ip static or DHCP? My cable ISP (motorola surfboard modem)
gives me no end of grief with DHCP.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
snapshots are not too stable. the one produced after 2 hours might be
a bit different to the current one.
if you are new to pfSense then try a BETA or RELEASE version.
sai
On 6/7/07, Quirino Santilli [EMAIL PROTECTED] wrote:
I just downloaded and burned the pfsense snapshot from
If they have the same gateway, I would use 'other' for setting up a
different monitor ip. Use the ISPs DNS server or web server.
If both lines have the same monitor ip you will have problems.
sai
On 5/19/07, Chris Flugstad [EMAIL PROTECTED] wrote:
Much Easier, thanks Scott.
Also, I did
172.16.0.2:80 - 192.168.0.200:80 - 192.168.0.36:4196
SYN_SENT:ESTABLISHED.
This is a connection from your LAN not from OPT.
sai
On 5/8/07, Quirino Santilli [EMAIL PROTECTED] wrote:
Hi All,
I'm dealing again with the task of publishing my servers' services over two
different internet
You mean that you can access the web site using one IP address, but
not the other IP address? Or are you using the domain name?
What does the states page show about the connections that are made/attempted?
sai
On 5/2/07, Quirino Santilli [EMAIL PROTECTED] wrote:
Hello,
I was trying
Everytime a packet comes in that might match the rule, you would have
to do a DNS lookup. Not a good idea, as this would REALLY screw up the
latency on your firewall.
sai
On 4/22/07, Rob Terhaar [EMAIL PROTECTED] wrote:
don't think this is possible, or a good idea ether.
On 4/21/07, Volker
the firewall to send the request down the correct interface.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
? Any information you can provide would
be appreciated.
Robert
Use the same settings that you got working on your laptop?
Can you ping the gateway in question from the pfsense firewall?
sai
-
To unsubscribe, e-mail: [EMAIL
http://www.notetab.com/ is an excellent windows text editor that can
save in Unix format.
sai
On 3/27/07, Sean Cavanaugh [EMAIL PROTECTED] wrote:
what are you using to edit it? Notepad is notorious for adding hidden
characters that screw up *nix txt files.
Try editing it in WordPad and see
to the kernel config
file.
do post a howto if you get it to work :-)
sai
ps. I dont know too much about this FreeBSD stuff either!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
a rule for the subnet2 interface that allows the traffic.
post the config for the interface and also the firewall rules for subnet2
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
duplicate packets might be generated more than once.
not sure about the State options
sai
On 3/3/07, Brookenmire [EMAIL PROTECTED] wrote:
Thanks Sai, but the it raises a couple of questions:
Why am I seeing multiple blocks from the same IP and port if it is the last
packet ?
Also, if I
http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
.
sai
On 1/30/07, AngChorEng [EMAIL PROTECTED] wrote:
Hi Sai,
Do you have any other recommendation for better solution, please advice.
Thank you.
From:
CE Ang
- Original Message -
From: AngChorEng
To: support@pfsense.com
Sent: Monday, January 29, 2007 3:51 PM
Subject: Fw
that if something
is messed up you can put the Netscreen back in and your network works
again.
sai
On 1/29/07, AngChorEng [EMAIL PROTECTED] wrote:
Hi Sai,
Thanks for your message, i had successfully installed the PFSENSE with
lastest snap, thank you.
By the way, do you come cross a solution
Wade, can you explain in more detail? How would the rules be subverted
and how would the firewall know that this has happened? Maybe give us
an example.
sai
On 1/27/07, Wade Blackwell [EMAIL PROTECTED] wrote:
No a little fancier than that,
I am taking the layered security approach, I
-Installer.iso.gz.md5
I hope that this is what you were asking for
sai
On 1/26/07, AngChorEng [EMAIL PROTECTED] wrote:
Hi Scott,
Thanks for your information, sorry for the same question, do you have any
source of address in LIVECD.iso download for my PFSENSE installation, by
using livecd, it is much
the latest snapshots would be here:
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ which have improved
the load balancing user interface.
On 1/26/07, sai [EMAIL PROTECTED] wrote:
the download mirrors are here:
http://pfsense.com/mirror.php?section=downloads
a copy of the Live iso is here
This is probably what you are looking for:
http://pfsense.trendchiller.com/transparent_firewall.pdf
sai
On 12/20/06, Brad Bendy [EMAIL PROTECTED] wrote:
Hi List,
I was wondering if pfSense can handle this:
WAN connection with a /28
LAN block of /24, being NAT'ed to 1 or more public IPs
a DMZ
On 11/18/06, Angelo Turetta [EMAIL PROTECTED] wrote:
sai wrote:
Your Passive Mode setting should have your real ip address, not your
private ip address.
Well, we are talking about NAT, so how do you think the internal ftp
server is going to know what's the public address the clients
Interface : Lan
source: however you wan to specify Your 192.168.0.51 subnet
gateway: your second 2024 isp
You will want to make the rules a bit more secure by specifying
destination ports.
hth
sai
On 11/3/06, Gerente Técnico ERP [EMAIL PROTECTED] wrote:
I excuse me, I not write English perfect
thanks - never used fwe or even firewire before so wasn't sure about
it. will keep on trying.
I see the fwe interface fine, just can't use it.
sai
On 10/4/06, Espen Johansen [EMAIL PROTECTED] wrote:
I have used it sucessfully with pfsense but not recently, and no there is no
special cable
and no viruses exist.
I would say your ISP's virus checker is acting up?
Scott
what AV is the isp using?
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
need to have some idea of the network layout. where is the ip phone ,
where is the asterisk server?
sai
On 9/22/06, Guillaume Mathieu-Thérien [EMAIL PROTECTED] wrote:
Hi,
I'm having a problem with my SIP Phones and Asterisk.
I think it's due to a timeout.
If I boot my phones, everything
Trying to access forum.pfsense.com, I get
Stop it. Trying to hide in a proxy makes me cranky..
My ISP is probably using a proxy :-(
How do I get my forum fix for the day?
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED
Never seen this before - been using this same ISP for a few months.
sai
On 9/8/06, Holger Bauer [EMAIL PROTECTED] wrote:
It's not a problem with proxies in general. This is happening when the proxy
has some strange configuration. Not too sure about what is causing this but I
have heard
The forums are now working for me...the ISP was giving me DNS problems
so that might have been related.
sorry for the OT noise
sai
On 9/8/06, sai [EMAIL PROTECTED] wrote:
Never seen this before - been using this same ISP for a few months.
sai
On 9/8/06, Holger Bauer [EMAIL PROTECTED] wrote
Ah, right. I messed up the outbound NAT.
Thanks Holger.
sai
On 5/9/06, Holger Bauer [EMAIL PROTECTED] wrote:
You have to use advanced outbound NAT and the tutorial covers this. Otherwise
your connections from your node one will be natted to the REAL IP of the
interface, not the CARP VIP
you cant boot from a floppy. You can only use a CD-ROM or harddisk.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Holger,
I dont really understand the question (!) , but I am not using
advanced outbound NAT.
I just followed the tutorial on
http://www.pfsense.org/mirror.php?section=tutorials/carp/carp-cluster-new.htm
sai
On 5/6/06, Holger Bauer [EMAIL PROTECTED] wrote:
Are you using advanced outbound nat
Enabled
Synchronize rules
Synchronize aliases
Synchronize nat
Synchronize Virtual IPs
Synchronize DNS Forwarder
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
restore the config if your floppy dies.
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
carp interface and have only allowed traffic between
the 2 pfsense machines on this interface.
I see failover work, and I see rules added to the master being
propogated to the slave.
I do not see any carp traffic on my other interfaces being blocked.
sai
and source port as *
sai
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
76 matches
Mail list logo