On 11/14/06, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill,
1. I am confused. The pfsense_local.sh I am using is Revision 1.39. I can't
find any revision newer than this. Besides, even if I find it, you mentioned
that it will screw up the firewall, which I don't think I want to do so.
The b
On 11/14/06, levy16 <[EMAIL PROTECTED]> wrote:
Hi
Useing www interface... several times I get:
Fatal error: Unknown function: parse_config() in /etc/inc/config.inc on
line 198
after that.. i cant use tha interface.. the only solution is down the
router and start it again
did anyone has such an
Neither, it's hardcoded.
--Bill
On 11/17/06, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi,
If I create the web GUI SSL certificate before I activate the HTTPS,
connecting to the web GUI using https uses the SSL certificate I created.
However, if I activate web GUI HTTPS access without creatin
I'm sure it's the same issue.
--Bill
On 11/27/06, Chris Allen <[EMAIL PROTECTED]> wrote:
Hi guys,
It seems that setting the "modulate state" option rather than "keep
state" for TCP connections doesn't work across bridged interfaces in
pfSense (rel 1.0.1, filtering bridge). The packets never
When the IP cameras stop working, what's the state table size? It's
displayed on the initial status screen when you login to pfSense. If
it's closing on 10,000, you might want to raise the limit in
System->Advanced.
--Bill
On 11/27/06, Daniel Orcutt <[EMAIL PROTECTED]> wrote:
Hello,
I curren
Technically speaking you can IP alias on a single interface, but we
don't currently support that. I believe we (pfSense) only support 255
VHIDs (actually, I wouldn't be the least bit surprised if we blow up
long before that) total for the box (our own checks enforce that)
while carp could in theo
On 11/30/06, Mark Kane <[EMAIL PROTECTED]> wrote:
On Thu, Nov 30, 2006, at 14:16:57 -0500, Scott Ullrich wrote:
> Not sure what to tell you then. It works correctly in my case. Maybe
> you have entered the wrong ips?
I appreciate you trying to help. The IPs are definitely correct. The
VoIP ser
On 11/30/06, Mark Kane <[EMAIL PROTECTED]> wrote:
On Thu, Nov 30, 2006, at 15:49:46 -0600, Bill Marquette wrote:
> Code logic that takes advantage of the way pf uses ALTQ. I'm
> surprised your VOIP is making it into this queue at all as it's only
> ever used for empty
Are you using Adv. Outbound NAT? If so, double check your NAT rules
and make sure that you are NATing ICMP for WLAN.
--Bill
On 12/4/06, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
Hi !
I have a LAN and a WAN Interface and a WLAN Interface, too.
There are NO bridges.
I have assigned rules that a
On 12/4/06, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
No outbound nat :-(
Any other hints ?
Can you ping from WLAN to LAN? If that works, then it could be a NAT
issue, if it doesn't work then I'm at a bit of a loss.
--Bill
-
Probably those machines had 192.168.125.65's mac address still cached.
Knowing what the MAC was, they didn't need to do an arp lookup for
their default gateway to send the traffic on. Expect those machines
to stop working before too long ;-P
--Bill
On 12/9/06, Jonathan Horne <[EMAIL PROTECTED]>
worked ok and others didn't might make an
interesting point of research for the curious. of course why anyone
would want to setup networks like that is beyond me but i've always been
curious how in the heck that worked at all...
Bill Marquette wrote:
> Probably those machines had 192.1
On 12/22/06, Josep Pujadas i Jubany <[EMAIL PROTECTED]> wrote:
> Why defragment pfSense ? This is not needed and FreeBSD ffs2 has
> near zero fragmentation... (this doesn't runs on M$ filesystems).
>
> /Xavier
If you are running embedded version in a Compact Flash the system file is
FAT.
Nope
On 1/1/07, Tim Martin <[EMAIL PROTECTED]> wrote:
I installed the latest squid package on 1.0.1 and on a later snapshot and
kept getting some kind of syntax error and PfSense wouldn't load the rules
for the opt1 interface. At first I thought it was because it was
incompatible with the traffic s
On 1/3/07, Tim Martin <[EMAIL PROTECTED]> wrote:
Excuse me for saying anything at all!
You're excused.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On 1/4/07, Holger Bauer <[EMAIL PROTECTED]> wrote:
Do you mean the pfSense itself has to go to the internet through a
proxy? This is not supported and there are no settings for it. The
package manager tries to access the package repository at pfsense.com
and is not able to utilize a proxy for tha
On 1/4/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
Actually, not entirely true :) If you feel like editing code, this is
a simple change.
/etc/inc/xmlrpc_client.inc around line 645 you should see:
/**
* The name of the proxy server to use, if any
* @var string
*/
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi,
Is the modified "globals.inc" file kept anywhere that can be downloaded? I tried
modifying the xmlrpc_client.inc file myself but keep getting an error when I
attempt to access the packages. A complete example would be appreciated. This
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Thanks alot Bill! I've tried the changes but I still get an error, although
different. I have no control over the proxy machine so I can't get much info
from that box to help me understand what doesn't work. I'm going to upgrade the
release
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi,
The list of available packages gets displayed just fine, but the installation
procedure produces a regular error on all of the packages I've tried to
installed.
This is what kind of appear on screen :
Downloading package configuration
ne.
> Downloading nmap and its dependencies... done.
> Checking for successful package installation... failed!
>
> Installation aborted.
>
> Did you successfully install any of the packages?
>
>
> Cheers
>
> Joe
>
>
>
> Scrive Bill Marquette <[EMAIL PROTECTED]
On 1/5/07, Tim Dickson <[EMAIL PROTECTED]> wrote:
I'm not certain about the BSD users... (although it seems logical that
it would work)
I do know that a multiuser environment is being developed and tested and
eventually this will be a feature in PFSense. What release depends on
what bugs arise I
Looks like he's trying RELENG_6 not 6_1. That patch looks reasonable
(I think) Angelo.
--Bill
On 1/11/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:
I believe you have a stale file somewhere. We are not patching
ip_input.c on RELENG_6_1.
Scott
On 1/11/07, Angelo Turetta <[EMAIL PROTECTED]>
On 1/12/07, Joseph Favia Jr. <[EMAIL PROTECTED]> wrote:
Is there any update on this issue? have you done any testing to see if
the packages get installed? All my attempts were unsuccessful.
Thanks
Joe
Nope. I know what the problem is though...when calling pkg_add -r we
need to set the http/
Looks like FreeBSD updated the package on 12/24. I'll commit a fix to
our package repository tonight. Thanks
--Bill
On 1/18/07, Jeremy Rempel <[EMAIL PROTECTED]> wrote:
It installed fine for me in the past, just in the last couple days the
installs failed. I removed the install files, tried
On 1/26/07, Wade Blackwell <[EMAIL PROTECTED]> wrote:
Good afternoon all,
Can PF can support blackholing by routing to /dev/null? It doesn't
look like the web configurator will let me do that magic, how would one go
about adding and deleting routes for that purpose?
Add a static route (Sy
what I expected). So I am sure that i could add an 8,000 line
route add to the rc.local script I was just wondering if there is a more
elegant way to do that. Thanks.
Wade B
On 1/27/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
>
> On 1/26/07, Wade Blackwell <[EMAIL PROTEC
On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
Has anyone thought of adding pfflowd to the embedded image. With some
hackery I have shoe horned it in. So far after running about a week I see
no increaed writes to the CF and thhe data appears to be coming across with
Makes sense, i
On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
On Jan 29, 2007, at 8:40 AM, Bill Marquette wrote:
> On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
>> Has anyone thought of adding pfflowd to the embedded image. With some
>> hackery I hav
On 2/4/07, kevin hawkins <[EMAIL PROTECTED]> wrote:
I see where it replys back from 00:0f:35:46:d0:54 for both nics. I don't see
how that can be I have cable mod 1 pluged into nic one and modem 2 pluged
into nic 2
and switch plugged into nic 3 I have balencing between dc1 and x10
Same provider?
On 2/4/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
Bill Marquette wrote:
>
> Same provider? I'd be willing to bet that both those modems are on
> the same layer 2 ethernet segment and using the same physical router
> with multiple IPs assigned to it's interface.
Is reflection enabled?
--Bill
On 2/4/07, kevin hawkins <[EMAIL PROTECTED]> wrote:
I still can not make it work. I am sitting behind it though that might be
the problem.
On 2/4/07, Holger Bauer < [EMAIL PROTECTED]> wrote:
> It uses 5500 for reverse connection, 5800 for the http serverapplet an
On 2/5/07, Darren Cockburn <[EMAIL PROTECTED]> wrote:
Hi,
Can someone assist me with allowing access back to the console?
And perhaps increasing the logging?
Using:
Version 1.0.1
built on Sun Oct 29 01:13:05 UTC 2006
PlatformpfSense
On the weekend the system went down. It's
On 2/5/07, Darren Cockburn <[EMAIL PROTECTED]> wrote:
Silly me,
Using /usr/sbin/clog shows log entries after the "crash" for ALL logs
(nothing before)
Is there anything I can turn on (newsyslog as an example) that would
keep a better history of events?
You probably want to syslog to a remote
On 2/6/07, Matt Cohen <[EMAIL PROTECTED]> wrote:
Topell.com
The Topell boxes are some nice units (surprisingly light for a rack
mount box too!). Front swappable CF card slot - makes for REALLY easy
upgrades (and rollback) :) I did give them some feedback on the box
which will hopefully help t
On 2/12/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote:
I have posted a $400.00 USD bounty for implementing a logoff feature in
the fourms. Also, I have added a $100.00 USD bonus for the
implementation of a checkbox that will enable or disable https access
via the WAN interface.
Vaughn Reid I
On 2/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
I've got a question associated with multi-wan load balancing. I have 2
physical network interface connected to 2 different network. I have
configured it with Load Balancing. I monitored that behavior of the Load
Balancing and I realized that
On 2/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, thank you for the response. I did not create any specific rules
or NAT to support this. All I did was create a pool of 2 gateways. If I
have 2 outgoing sessions from 2 computers, is it supposed to put each
session on each Internet link
On 2/20/07, John Cianfarani <[EMAIL PROTECTED]> wrote:
Catching up on the list here and I saw this, that awesome work!
Curious does this mean we are any closer to doing NAT for traffic in/out of
a IPSec tunnel.
For some form of closer. Sadly, not really. IPSec policy takes
affect before filte
od work anyhow.
Thanks
John
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, February 26, 2007 10:44 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] HEADS UP -- IPSEC Filtering now in recent
snapshots
On 2/20/07, John Cianfarani <[EMAIL PROTECTED]
On 2/28/07, Sloan Miller <[EMAIL PROTECTED]> wrote:
Users of Small Office and Home Office networks are quickly finding the
need for more advanced features such as VLAN's
These people are graduating from the basic Netgear and Linksys gear, and
needing the features of pfSense. pf docs are not clear
Will the switch send vlan 1 tagged or untagged? If it's tagged, just
create vlan1 on the pfsense box. If it's going to send it untagged
(most switches will for "native" vlans), then you'll need an IP on the
physical interface (I'm not entirely sure if we support that setup).
--Bill
On 2/22/07,
On 3/1/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:
firewalls, so I could reconfigure the firewalls via the serial console (I used
minicom, which is in the Debian depository -- anyone knows anything more
basic?).
tip/cu? :)
Moral: networking is unsuitable for dumb people.
Ahahaha, yep :-P G
On 3/7/07, Odd Kåre Qvam Trøen <[EMAIL PROTECTED]> wrote:
Hi!
I've been using m0n0wall for several years, but now I've ported to
pfsense. The firewall is great, but now I'm stuck with a problem. I
cannot connect to an ftp that got high ports.
The initial login port is done on 21, and data ports
On 3/7/07, Odd Kåre Qvam Trøen <[EMAIL PROTECTED]> wrote:
I agree, but since the ftp service I connect to is setup by another
party I must use the settings they dictate. If I were the admin for the
ftpserver port 21 & 20 would be my pick also.
BTW, is this 1.0.1 or a snapshot build?
--Bill
-
On 3/10/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
I have a question regarding the function to "Disable Console Menu" I
realized that even if I activate this function (to disable console menu) in
the System/Advanced menu, I am still able to see the console menu via SSH
connection. Is this fun
On 3/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I have question that may be basic and stupid. What're the differences of
"Proxy ARP" and "Other" Virtual IP? As what I am aware, Virtual IP based on
Proxy ARP replies to ARP requests. Does it mean that "Other" does not? If it
does not, what
On 3/13/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, is there a document somewhere that I can read and understand about the
mechanism for Traffic Shaper? Or if someone can verify whether my concept is
right:
1. Before anything can be defined, we must first define a pair of Parent
Queues, o
On 3/13/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill,
Thank you for the replies, it has been very helpful. For clarification:
For Item 6: When you said that it does nothing, did you mean thet the
"Direction" field in traffic shaping rules does nothing at all? Whether
it is "any", "in" a
On 3/13/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill,
I realized the error message associated with the traffic shaping rules
was caused by the script (that writes the rule files onto the disk)
called when the user press the "Save" button in the traffic shaping rule
definition page.
The
On 3/13/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, sorry to trouble u again... How many Parent Queues can we
define?
All queues have to tie back into the root queues, which are "parent"
queues, outside of that, there shouldn't be any limitations. It's
useful to note that the wizard
On 3/14/07, Pablo Montoro Escaño <[EMAIL PROTECTED]> wrote:
> I believe HFSC has a limitation of 64 queues compiled in
> by default so beware that you don't go past that.
Could anyone confirm this?
Yes
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/altq/altq/altq_hfsc.h?annotate=1.1.1.
On 3/15/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I have a question related to Traffic Shaper and Polic based Routing
Suppose that I have 3 interfaces, LAN, WAN and LAN2, and Traffic Shaper has
been enabled between WAN/LAN interfaces. It seems to me that it also affects
the bandwidth be
and inbound
queues refers to only the queue associated with the WAN interface? May
be the attachment can explain my question.
Regards,
Kelvin
-----Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 14, 2007 2:02 AM
To: support@pfsense.com
Subject: Re: [
On 3/15/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, one more questions. Does the traffic shaper work if the LAN
interface is "Bridged" to the WAN interface?
It won't work correctly. This has been discussed on the lists and in
the forums in the past. Some people claim it works for th
On 3/16/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I've got a question on outbound NAT. Can anyone help?
In the outbound NAT definition page, the "Translation" has 2 options, 1)
Interface Address and 2) Any. In what kind of circumstances that we need to
use Any? Does it still do a transl
scription).
--Bill
On 3/16/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, yes, I refer to the part about "redirect connectiosn on the
LAN". In which application scenerio that we need to redirect connection
on the LAN?
Regards,
Kelvin
-Original Message-
From: Bill
According to a quick google search.
Random Early Drop (RED) routers drop
packets at random, with probability
proportional to router queue size
RIO uses different probability curves for in
and out packets
It's two REDs in one!
On 3/17/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Does anyone kn
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote:
I'm not trying to beat a dead horse, but I am wondering if something obvious
has perhaps been overlooked here.
It has been said several times by the pfSense folks that traffic shaping
combined with bridging doesn't work. However, there are fol
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote:
Of course it's a code thing (what isn't ;) .. I was trying to gain some
technical insight as to why it doesn't function, and why it works with
NAT as opposed to a bridge. From my (I'm sure, oversimplified)
impression, if packets are passing fr
On 3/22/07, Dimitri Rodis <[EMAIL PROTECTED]> wrote:
I don't mean the traffic shaper *wizard*, I'm talking about the traffic
shaper itself. (I can config the rules myself if that means it will
function on bridged connections)
I know what you're asking. Since the wizard is the supported method
http://atm.tut.fi/list-archive/snap-users/msg00951.html Sounds like it is
vendor config like say a Cisco (which I also happen to notice in your log).
I believe that's the "vendor lock-in" flag.
--Bill
On 3/23/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I am still figuring out how to get
On 3/24/07, Matthew Grooms <[EMAIL PROTECTED]> wrote:
Bill Marquette wrote:
> http://atm.tut.fi/list-archive/snap-users/msg00951.html Sounds like it
> is vendor config like say a Cisco (which I also happen to notice in your
> log). I believe that's the "vendor lock-in
You mean /etc/rc.initial?
--Bill
On 3/26/07, Bassam A. Al-Khaffaf <[EMAIL PROTECTED]> wrote:
Dear All,
I posted this question in the form 5 days ago and I did not get any single
reply, and then I decided to post it here thought I may get a concern about
it.
I am trying to customize the co
ct: RE: [pfSense Support] not able to cutomize the console menue
Yes, that is the file that I was looking for - Thanks a lot
Regards
Bassam
-----Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 27, 2007 11:14 AM
To: support@pfsense.com
Subject: Re: [pfSense
Thanks, I'll check out the RIP issue.
--Bill
On 4/5/07, Samer Chaer <[EMAIL PROTECTED]> wrote:
Hello,
I have PFsense snapshot 27-3-2007, but when I click "save" on the RIP routed
package the system shows a WARNING message saying:
Warning: fopen(/usr/local/pkg/routed.xml): failed to open
strea
Fixed, check the next snapshot in a couple hours. The last embedded
build that I see has a date of 2007-Apr-04 03:12:30, you'll want
something after that (in the process of building now).
--Bill
On 4/5/07, Samer Chaer <[EMAIL PROTECTED]> wrote:
Hello,
I have PFsense snapshot 27-3-2007, but w
On 4/5/07, Samer Chaer <[EMAIL PROTECTED]> wrote:
Dear Bill,
did you fix the rip down after pfsense restart problem?
Good point, probably not. I'll check it out in a couple hours.
--Bill
-
To unsubscribe, e-mail: [EMAIL PRO
Heads up for those that are using snapshots - I just commited the
usermanager code from the HEAD branch to the RELENG_1 branch (this
won't go into 1.2). There may be some breakage in the tree - it was
tested pre-commit, but the diff was rather ugly so I'm not 100% sure
until the next snap run tha
On 4/12/07, Rob Terhaar <[EMAIL PROTECTED]> wrote:
so does this mean 1.2 is close?!?!?
The message in itself doesn't, no. 1.2 has already been branched
though, so yes it's "close".
--Bill
-
To unsubscribe, e-mail: [EMAIL P
On 4/18/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, when I run the script to rebuild an iso image, it reported the following
error:
./pfsense_local.sh: 69: Syntax error: redirection unexpected
Line 69 of pfsense_local.sh shows the following:
<<< pfsense_local.sh
Does any of you know
On 4/18/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, what did you mean by local changes? Did you mean that the
builder download the latest pfsense_local.sh and try to merge with the
current pfsense_local.sh in my builder_scripts folder?
yes
--Bill
On 4/19/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, my webConfigurator failed to start after a new installation (newly
compiled binary). The error messages found in the system log are:
Error: cannot determine root pwd in sync_webgui_passwords(). Root user
struct follows:
Unable to determi
On 4/19/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
please see my email about releng_1 being somewhat unstable right now.
also, see the many emails on "roll your own, you're on your own". I'd
expect that anyone running their own builds is following the CVS tree
a
On 4/21/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I have some issue with implmenting VLAN, can someone help to comment?
I have 2 boxes of pfsense. I connected the LAN interfaces of both boxes with
a crossover cable and I defined VLAN 1 (Tag 1) on both LAN interfaces. From
the interfaces
On 4/21/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill,
I suppose I did, unless there are something I was not aware. I created a
VLAN on the NIC, and assign the VLAN ID to OPT1 in the interface menu.
Well, I dunno what rules you have, so I can't comment on whether you
did it right or not
Both boxes are likely polling the web servers in question, hence the
traffic from both machines.
You might confirm that you have rules loaded to allow this traffic.
--Bill
On 4/24/07, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
Prior to trying to install this into production, I had this entire
On 4/24/07, Gary Buckmaster <[EMAIL PROTECTED]> wrote:
This issue turned out to be primarily a configuration problem, although
it serves as a good lesson for others to learn from so I'll post the
reply for the sake of posterity.
We currently have 16 web servers in production handling requests.
The telnet server probably has no route back to 192.168.1.0/24.
You'll need to either add a route on that machine pointing back at
your OPT interface or use advanced outbound nat and nat the traffic
from your 192.168.1.0/24 network to something (like the 172.22.99.197
address of your firewall) tha
This was committed to the RELENG_1 branch (sponsored by two different
entities) right after the branch point for 1.2 and will be in our next
release after 1.2.
--Bill
On 5/6/07, David Strout <[EMAIL PROTECTED]> wrote:
As usual, I installed the newest 1.2-BETA-1 and
found it to work great for my
On 5/5/07, Daniel Lloyd <[EMAIL PROTECTED]> wrote:
Are the rules generated by miniupnpd supposed to bypass traffic shaping?
After a few weeks of bashing my head against pftop and pfctl trying to
figure out why one client was able to completely bypass all traffic shaping,
I disabled miniupnpd, res
Move the servers to an OPT interface - I believe that will work. The
way the port forwards (rdr in pf terminology) works it can't change
the destination address/port for a packet and send it back out the
same interface.
--Bill
On 5/5/07, Matthias Hertzog <[EMAIL PROTECTED]> wrote:
Hi Scott
Th
On 5/7/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
Until then, this is a function of your browser, you can look at ways to
get your browser to clear HTTP basic authentication credentials without
closing the browser.
Unfortunately, short of closing the browser (assuming the "save
credentials"
I think the issue is that Pablo has no IP for the MAC in question. He
wants it to get a dynamic allocation from DHCP. The problem I believe
is that you have to static assign an IP to the MAC hence, his setup
cannot work. We shouldn't allow for MACs w/out static IPs to be
configured, I'd conside
On 4/27/07, RB <[EMAIL PROTECTED]> wrote:
> Authentication by IP is a bad idea, restricting who can connect in the
> first place and proceed to authentication stage is a further line of
Having been an enterprise firewall admin in the midst of previously
established enterprise firewall admins, th
I suspect he's talking about NAT-PMP
(http://files.dns-sd.org/draft-cheshire-nat-pmp.txt)
--Bill
On 5/11/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
Alexander Norman - XH.se wrote:
> Hi
>
> Does anyone know if PFSense supports NAT hairpin translation?
This is what reflection is for. Though t
t might be related but it may also be due to an outdated
version of the framework or something with the rendevouz-server. Will
investigate further.
Best regards
Alexander Norman
Chris Buechler skrev:
> Bill Marquette wrote:
>> I suspect he's talking about NAT-PMP
>> (http:
Which interface is rl1..ditto for rl2. Also, any chance that both
sides of the firewall are plugged into the same switch? I've had the
same modem you mention running on pfsense without any problems, so
this smells of a different issue to me.
--Bill
On 5/16/07, Tortise <[EMAIL PROTECTED]> wrote
On 5/17/07, Tortise <[EMAIL PROTECTED]> wrote:
Hi Bill
for me
rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing.
rl2 = LAN and connected to LAN switches.
Can I presume that means you have checked and confirmed there are no similar
messages in your System Logs?
I
Nowhere, there's no RC1 yet. You might mean Beta 1, it can be pulled
down from any of our official mirrors, listed on the downloads page.
--Bill
On 5/17/07, Anil garg <[EMAIL PROTECTED]> wrote:
-
To unsubscribe, e-mail: [E
Once you create the vlan's, you'll go in and add another opt interface
that will correspond to the vlan you added to the physical interface.
I don't have a box in front of me to walk through the menu's, but the
bottom line is that what you want to do is doable in pfSense and is
all configured unde
Do both WANs have the same layer 3 gateway (ie are they on the same
subnet) or are you just purely talking about the upstream IP you wish
to monitor. If the same gateway, you'll likely run into some wierd
problems, if it works at all. If that's the case, you should insert
one more routing device
Won't work. The same upstream gateway IP will result in all traffic
being sent down one link or the other (whichever one is the primary
WAN). As I previously mentioned, you will need another device between
WAN2 and the upstream gateway to provide pfSense with a different
subnet and different uni
I agree with Chris, increase your state table size, that'll probably
fix your issue. The CPU _should_ be enough for 100Mbit, but 'top'
should tell you cpu usage at peak loads easily enough, or use the RRD
graphs after the fact to look at CPU load. I'd recommend replacing
those 3com NICs with Int
On 5/28/07, David Strout <[EMAIL PROTECTED]> wrote:
I have a specific need to allow clients of a
private net (connected to OPT3 w/ 10.10.10.0/24
reserved DHCP addresses) to connect to the LAN net
(145.191.112.0/20 > static addresses via DHCP
reservations). BTW only a small supernet of
address ar
State table filling? Try increasing it in System->Advanced.
--Bill
On 6/3/07, Tortise <[EMAIL PROTECTED]> wrote:
Hi
I am finding pfSense hangs in the sense that the connection between WAN and LAN
just vanishes and can only be fixed by rebooting.
I suspected hardware, replaced a NIC and thou
1.2 beta has many load balancing related fixes and features, you
really want to use the beta or one of the recent snaps.
--Bill
On 6/7/07, Quirino Santilli <[EMAIL PROTECTED]> wrote:
Hello,
I'm finally going to install pfsense in production for his load-balancing
and fail-over features.
It's too late for 1.2, we're already in the beta cycle for that
branch. I have backported this code to the releng_1 branch however,
so we'll see it in 1.3. To keep confusion down, there are no 1.3
snaps currently so you'll need a dev install to build this I'm afraid.
--Bill
On 6/9/07, David St
On 6/9/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Is the snapshot site
> down this morning? Having some trouble getting to
> it.
Not that I'm aware of, it's working for me right now, but Scott may have
been doing something with it earlier.
It was down, Scott was working on it :)
--Bill
On 6/10/07, David Strout <[EMAIL PROTECTED]> wrote:
Is there any way to snap the features into a current branch?? I looked for
As previously mentioned, you'll need a dev iso and roll your own
releng_1 install.
the RELENG_1 like someone replied, but I can seem to find them. I have a
right.
601 - 700 of 974 matches
Mail list logo
