On Jan 16, 2008 10:06 PM, Curtis LaMasters <[EMAIL PROTECTED]> wrote:
> I guess I'm failing to put this together802.11x is a wireless standard
> that has not yet been defined...and 802.1x is network access control...does
> Comcast require this?
Good point...I kinda assumed the 1x was meant and
We use miniupnpd, you might ask this question in their forums
http://miniupnp.tuxfamily.org/forum/ . I don't see that anyone else
has asked yet. Let us know what you find. Thanks
--Bill
On Jan 17, 2008 8:46 AM, tester <[EMAIL PROTECTED]> wrote:
> Hello,
> as subject, being worried I'd like to k
On Jan 17, 2008 3:57 PM, Curtis LaMasters <[EMAIL PROTECTED]> wrote:
> I have a client that that has an application server being installed very
> soon that will require them to send and email to a server that is on the
> same LAN, however, because of a limitation of the application, they require
>
On Jan 18, 2008 4:06 AM, Paul M <[EMAIL PROTECTED]> wrote:
> Curtis LaMasters wrote:
> > I have a client that that has an application server being installed very
> > soon that will require them to send and email to a server that is on the
>
> can't you use a different DNS server (or use "views" -
>
We're a first match system. Make sure your ACL allowing access to the
DMZ is in front of the load balancer rule.
--Bill
On Jan 18, 2008 6:04 AM, David Barbero <[EMAIL PROTECTED]> wrote:
>
> Hello everyone.
>
> I have a question regarding the load balancer system, the ip monitor
> has to be the r
On Jan 18, 2008 9:02 AM, Curtis LaMasters <[EMAIL PROTECTED]> wrote:
> I'm doing a 1:1 NAT for each of these servers; they are on the same VLAN if
> that matters. But it doesn't seem to matter weather or not NAT reflection
> is enabled.
The 1:1 NAT will do it, I assumed it was a port forward. It
Huh? Consider me annoyed, what the hell is this referring to? It
certainly isn't the return receipt crap.
--Bill
On Jan 22, 2008 3:30 AM, Richard Sperry <[EMAIL PROTECTED]> wrote:
> This is just a message to annoy everyone stating that I did learn to read,
> and don't need to have a nanny tell
On Jan 23, 2008 9:47 PM, Richard Sperry <[EMAIL PROTECTED]> wrote:
> Your NIC must support VLAN tagging. I'm sure the dev's would love to take
> your money, any open source project could use support (although I don't
> think this is GPL or other, I thinks it is directly under Scott Ulrich) .
BSD
On Jan 25, 2008 2:47 PM, Anil Garg <[EMAIL PROTECTED]> wrote:
>
> Ok. I will leave paging on. I just kind of think its silly that for one
> user at home I still hear my hdd constantly make noise of read-write... But
> then I am not technical enough to know what is causing that..
I'm reasonably co
FWIW, this method of install does work with 1.2RC4 as I just did it in
VMWare Server 1.0.4 on a 64bit Ubuntu host. Install was to a Sandisk
Extreme III 2G card that I no longer have any use for (too small for
my camera) via generic (slow) pile of crap USB -> CF card reader (not
sure where my good
If editing on the box, rm /tmp/config.cache to make sure you load up a
pristine copy of config.xml
--Bill
On Jan 28, 2008 9:40 PM, Michael Richardson <[EMAIL PROTECTED]> wrote:
> On 1.2 RC4 :(
>
> Really no other ideas but to reset? I have sooo much config time in this box
> that might make me cr
None known. I used to run pfflowd on OpenBSD for quite some time in
high throughput environments. It's worth noting that it only sends
events from the master box in the cluster.
--Bill
On Jan 29, 2008 7:16 AM, Angelo Turetta <[EMAIL PROTECTED]> wrote:
> The description says that pfflowd uses th
On Feb 11, 2008 9:25 AM, Holger Goetz <[EMAIL PROTECTED]> wrote:
>
> Hi Anders,
>
> This is no recommendation, just a FYI, but:
> Did you come across this website: http://www.myus.com/ - i never tried, but
> it might be a way. I know there are US based mail order companies willing to
> ship to
On Feb 7, 2008 12:03 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> You can accommodate for switch failure with CARP. Plug one firewall into
> one switch and the other into another.
FWIW, I do exactly this at work. A machine in each datacenter (a few
miles apart), connected to switches in their
I'm not sure what you are asking here so I'll give a couple possible answers.
a. I've used pfSense to connect to Nortel Contivities using branch
office tunnels - took longer to setup on the Nortel side than the
pfSense side.
b. Not sure if the Contivity client software could use pfSense as a
road
On Sat, Mar 22, 2008 at 7:22 PM, Eric Baenen <[EMAIL PROTECTED]> wrote:
> The VPN connections from each lab to the core are OpenVPN, UDP, shared key,
> AES 128bit (for now), LZO compression enabled.
> As I said before - all is working fine - except: when doing rsync's over
> ssh/scp from the lab
On Thu, Mar 27, 2008 at 9:44 AM, Paul M <[EMAIL PROTECTED]> wrote:
> Eric Baenen wrote:
> > Using scp -c blowfish definitely improved things - went from 60Mbps
> > transfer to 70Mbps and cpu load on the pfSense firewalls varied from 50%
> > to 70%.
>
> interesting, I tried this across our lanex
On Tue, Apr 1, 2008 at 9:44 AM, Anil Garg <[EMAIL PROTECTED]> wrote:
> However most examples are for WAN side traffic and for keeping internet
> alive. I will keep trying to find something that shows how servers can be
> balanced.
If balancing is what you need, then use the load balancer built in
On Sun, Apr 6, 2008 at 10:17 PM, Jared B. Griffith
<[EMAIL PROTECTED]> wrote:
> That's what we have already, which I would really prefer to not do this as
> it's more machines to maintain and more possiblities of something going
> wrong.
> I don't know why it's not part of it already since I know t
Sun engineers have a McDonalds down the hall.
http://blogs.sun.com/mikebelch/entry/ethernet_interfaces_what_s_in
--Bill
On Wed, Apr 9, 2008 at 3:46 PM, Tim Nelson <[EMAIL PROTECTED]> wrote:
> I'll have to check a few of my systems when I arrive home to double check
> the part number. The chipset
On Wed, Apr 9, 2008 at 6:36 PM, Andy Dills <[EMAIL PROTECTED]> wrote:
> On Wed, 9 Apr 2008, Chris Buechler wrote:
>
> > Andy Dills wrote:
> > > Good news, it appears my assumption was correct. There exists a flaw in
> > > the realtek chipset (as quoted earlier in the thread), and it appears
> t
On Thu, Apr 17, 2008 at 9:00 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Thu, Apr 17, 2008 at 8:50 PM, Dimitri Rodis
> <[EMAIL PROTECTED]> wrote:
> > One last thing:
> >
> > Is there currently any way to *not* assign an IP directly to the WAN
> > interface in a CARP config?
> >
>
>
On Wed, Apr 23, 2008 at 9:27 AM, Gary Buckmaster
<[EMAIL PROTECTED]> wrote:
> For public-facing services like email or web service, create a policy route
> to ensure that all traffic for those services from those services egresses
> your network on the Interface listed by your DNS response.
pfSen
On Wed, Apr 23, 2008 at 6:31 PM, Tortise <[EMAIL PROTECTED]> wrote:
>
>
> Hi
>
> I have been testing NAT with UDP and a port range of 10001 - 16383. This
> is on 1.2 final, embedded on i386.
You might want to disable NAT reflection (System->Advanced if my
memory serves) if you need to redirect
On Wed, Apr 23, 2008 at 7:15 PM, Tortise <[EMAIL PROTECTED]> wrote:
> As always thank you again Bill
>
> Now I think the penny has dropped and I now understand that message "Not
> installing nat reflection rules for a port range >500"
duh, yeah :) So yeah, the reflection rules aren't enabled fo
On Thu, Apr 24, 2008 at 4:22 AM, Martin Kruse Jensen <[EMAIL PROTECTED]> wrote:
> The /tmp/rules.debug can be found at http://pastebin.com/m39a0c097
>
> Before getting /tmp/rules.debug i did the following:
> - Created failover gateway in Services -> Load-balancer (loadbalancetowan)
> - Set the d
10483182 i did change it
yep, looks like we aren't installing the reply-to logic on WAN for
some reason (probably cause nobody had a setup where machines on wan2
tried to connect to services on wan). Can you file a bug on
cvstrac.pfsense.com for this, please? Thanks
--Bill
>
> Marti
On Wed, Apr 30, 2008 at 12:30 AM, Martin Kruse Jensen <[EMAIL PROTECTED]> wrote:
>
> I created Ticket #1706 regarding the load-balancing issue. Does anyone have
> an estimate of how long time before bugs are fixed? Could I do a workarround
> meanwhile?
Thanks for filing the ticket. I just got ba
On Mon, May 12, 2008 at 4:23 AM, Tortise <[EMAIL PROTECTED]> wrote:
> The above issue (and the earlier "pfSense hanging...") have not recurred
> since the upgrade.
Good to hear, thanks for the update.
> I was not aware of a particular fix that might have addressed this, however
> looking around i
On Thu, May 15, 2008 at 11:05 AM, Ron Lemon <[EMAIL PROTECTED]> wrote:
> I would like to take a reasonable machine and run some virtualization
> software on it so that I can run both pfSense and a copy of a standard
> workstation image so I can use it for remote testing. The workstation image
> wi
On Tue, May 6, 2008 at 5:30 PM, David Rees <[EMAIL PROTECTED]> wrote:
> OK, attached is a patch to /etc/config.inc that makes sure that the
> config.xml and config.cache is updated atomically. The patch adds a
> function function "write_safe_file" with 3 arguments: $file, $content,
> $force_binary.
On Tue, Jun 17, 2008 at 4:34 AM, Matias Surdi <[EMAIL PROTECTED]> wrote:
> In our current firewall (using iptables) we have a set of rules that makes a
> DNAT redirectin ALL outgoing udp port 53 (DNS) traffic to an internet DNS
> server, so that everybody is forces to use it.
>
> Is it possible to
On Tue, Jun 17, 2008 at 10:34 AM, Patrick M. Murray, M.F.A.
<[EMAIL PROTECTED]> wrote:
> I'm going to run the CF card and see how long it lasts :) they are cheaper
> each day - wouldn't be a big loss and i can always yank the card and back it
> up anytime.
It's not great uptime yet and I'm not ru
On Tue, Jun 17, 2008 at 2:54 PM, Patrick M. Murray, M.F.A.
<[EMAIL PROTECTED]> wrote:
> is there any noticeable speed increase or decrease?
Over an hdd given the box it's on, it boots WAY faster. I'm using a
2GB Sandisk Extreme II card, so it's pretty blazing fast for pfSense.
For normal operatio
On Tue, Jun 24, 2008 at 8:39 AM, Angelo Turetta
<[EMAIL PROTECTED]> wrote:
> I know there's a huge overhaul of the build system ongoing, I just wanted to
> be sure the obvious didn't go unnoticed. From
> http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/old/?C=M;O=A
>
> pfSense-20080524-1842.iso.gz
On Tue, Jun 24, 2008 at 8:52 AM, Bill Marquette
<[EMAIL PROTECTED]> wrote:
> Thanks for the report. I think we actually stopped building snaps
> until the dust settles a little (although our internal builds are
> looking a lot better now). We should be in good shape soon.
O
On Tue, Jun 24, 2008 at 2:46 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On Tue, Jun 24, 2008 at 9:54 AM, Bill Marquette
> There was a number of items in CVS (binaries) that have been nuked.
> Instead of just pointing out that the sizes are smaller, what is wrong
> with the
On Wed, Jun 25, 2008 at 9:36 AM, Hiren Joshi <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I've been going though the RDD graphs and noticed that at 2200ish yesterday
> the "wan-in" graph jumped from about 10Mbs to 40! It seems to be following
> the same pattern but with this 'extra' 30Mbs on top.
>
Two things...try your build again, you might have gotten tripped up
during an upstream FreeBSD commit. Second, check the kernel make flag
(MAKEJ_KERNEL) and lower it. I think we default to 4, it's been known
to cause (us) issues during kernel build, you might try -j1 or -j2.
--Bill
On Wed, Jun
On Thu, Jun 26, 2008 at 3:43 AM, Hiren Joshi <[EMAIL PROTECTED]> wrote:
> After a bit of investigation, our ISP has admitted to a routing problem
> with their switch. Thanks for the suggestions, it looks like pfsense was
> doing the correct thing!
>
> I do a have a slightly related question: does t
I'm not sure how up to date that document is (and it looks like we
have a couple of 'build' docs on the wiki). This one
http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso has been gone
through a number of times by myself and had various fixes applied to
it. You might try it out.
--Bill
On
On Tue, Jul 1, 2008 at 4:02 AM, Ahmed Abdallah <[EMAIL PROTECTED]> wrote:
> Is there no way of building pfSense now ? I need to do that urgently, so plz
> if anyone knows how to build it in this state advice me ?
Did you bother to try the document I pointed you at?
--Bill
---
I'm guessing this is more likely a bad regexp, looking at the fact
that all "block" rules listed are @2.* - it may or may not be related
to shaper changes, if so, it's likely that it's a trigger for the bug,
not the cause of the bug.
--Bill
On Mon, Jul 7, 2008 at 12:47 AM, sai <[EMAIL PROTECTED]>
On Tue, Jul 8, 2008 at 1:55 PM, RB <[EMAIL PROTECTED]> wrote:
>> Does pfSense offer an alternative to the Juniper SSL VPN solutions ?
>
> Furthermore, the "clientless" VPN solutions reduce the operator's
> control over the endpoints, degrading the overall security of the
> system. Some solutions
On Tue, Jul 8, 2008 at 6:06 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On 7/8/08, Bill Marquette <[EMAIL PROTECTED]> wrote:
>>
>> With OpenVPN, you only have control of the client at time of install.
>> With the "clientless" solutions from Ju
On Tue, Jul 8, 2008 at 6:01 PM, RB <[EMAIL PROTECTED]> wrote:
> Absolutely - that's the "...attempt mitigating controls..." I glossed over.
> I don't think I'm up to arguing the validity of HIDS and NAC right now, but
> it's the same concept: the software that runs on the client can only report
On Wed, Jul 9, 2008 at 2:54 AM, Ahmed Abdallah <[EMAIL PROTECTED]> wrote:
> I'm trying to get the HEAD version of pfSense, so I added the HEAD to
> PFSENSETAG in pfsense_local.sh. It worked but the resulting iso did not
> contain php and the initialization scripts failed to start.
We killed HEAD,
On Sun, Jul 13, 2008 at 2:40 PM, Boddin Gregory <[EMAIL PROTECTED]> wrote:
> 2. I setuped a virtual server with IP 10.85.9.40 (and also tried the
> # /sbin/pfctl -a slb -s nat
> rdr inet proto tcp from any to 10.85.9.254 port = isi-gl -> {
> 10.85.10.244, 10.85.10.245 } port 80 round-robin
Eithe
On Mon, Jul 21, 2008 at 3:39 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler
> <[EMAIL PROTECTED]> wrote:
>> Chris Buechler wrote:
>>
>>> No, pf has randomized source ports on all NATed TCP and UDP traffic for 8
>>> years. I was surprised to find o
On Mon, Jul 21, 2008 at 5:54 PM, Beat Siegenthaler
<[EMAIL PROTECTED]> wrote:
> done a dump on pfSense at the dmz-side. It looks that the source ports from
> BIND are very good in random. But at the wan-side, the ports are just
> ascending more or less. What about the mentioned UDP timeout?
Shoul
On Tue, Jul 22, 2008 at 1:02 AM, Beat Siegenthaler
<[EMAIL PROTECTED]> wrote:
> Chris Buechler wrote:
>
>>
>> How is your outbound NAT configured? Even static port won't rewrite
>> the source ports to something incremental, it just retains whatever
>> the source port is.
>
> Automatic outbound NAT
On Tue, Jul 22, 2008 at 1:17 AM, Beat Siegenthaler
<[EMAIL PROTECTED]> wrote:
> Beat Siegenthaler wrote:
>
> Upps, stop the press...
> I apologize for the hype. No cause for alarm.
>
> Packet Dump at the pfSense WAN side shows a excellent entropy.
>
> I did not realize that there is another DSL nat
On Mon, Jul 28, 2008 at 7:19 AM, DLStrout <[EMAIL PROTECTED]> wrote:
> I have been tinkering w/ the Shrew Soft VPN client and was wondering if
> there is anyway (maybe I'm missing it) to setup IPsec clients to be "dhcp
> over IPsec" or "IKE config pull/push" clients? I see in the Shrew docs that
>
On Mon, Jul 28, 2008 at 9:42 AM, DLStrout <[EMAIL PROTECTED]> wrote:
> Though this is a great idea (to test on 1.3) I/we aren't ready to put a 1.3
> alpha2x box into production at this site, and have had several scaving
> emails this morning at the suggestion from me to do so (ah ha ha, -- go
> fig
I think you ran into something we just noticed ourselves yesterday.
--Bill
On Mon, Jul 28, 2008 at 5:40 PM, DLStrout <[EMAIL PROTECTED]> wrote:
> et al,
>
> So I was inspired to dig into the newest Alpha2X 1.3 today and fired up the
> VM and was pleasantly greeted w/ an XML error:
>
> "XML error:
Nope, at this point, nothing necessary. Thanks
On Tue, Jul 29, 2008 at 8:09 PM, DLStrout <[EMAIL PROTECTED]> wrote:
> I see loads of errors when trying to configure interfaces/addresses. I can
> fire it up here in a bit and give you more details unless you've pinpointed
> the issue and need noth
On Wed, Jul 30, 2008 at 8:29 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow <[EMAIL PROTECTED]> wrote:
>> what I can see.
>> - the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN.
>>
>
> How are you testing? I've pushed more than that thr
Here's a suggestion somewhat out of left field. What about MTU? Any
chance the provider changed it on you? A machine right on the edge
would handle fragmentation somewhat more gracefully than a firewall
that might decide to drop certain inappropriately fragmented frames.
This would also cause po
On Sat, Aug 2, 2008 at 5:28 AM, Tortise <[EMAIL PROTECTED]> wrote:
> Hi
>
> When I run a connection thru pfSense (1.2 CF) almost immediately following
> successful connection WinSCP loses the connection with an "Server
> unexpectedly closed network connection" error message. Happens with client
>
On Sat, Aug 2, 2008 at 5:07 PM, Tortise <[EMAIL PROTECTED]> wrote:
> Thanks Bill
>
> WAN side for me meant a Path of:
>
> Client WinSCP ("WAN side") => Internet => pfSense / NAT => LAN Server
>
> LAN side was indirect, however to me should still work and has done in the
> past
>
> Client WinSCP on
On Thu, Aug 14, 2008 at 6:11 PM, RB <[EMAIL PROTECTED]> wrote:
> Two suggestions: search the list archives and find the multitude of
> answers to this question, and find out what your current PPS and
> bandwidth throughput is. Unless you're actually pushing Gig-E speeds,
> it's doubtful you'll eve
On Thu, Aug 14, 2008 at 10:14 PM, Aliet Santiesteban Sifontes
<[EMAIL PROTECTED]> wrote:
> Well, my pps requirements are 500 kpps, we expect to improve to 400
In lab testing of FreeBSD 6.2, I ran out of horsepower on my two test
boxes (HP DL145G2 - dual core Opteron boxes) generating around 400k
p
On Tue, Aug 19, 2008 at 4:07 PM, Aliet Santiesteban Sifontes
<[EMAIL PROTECTED]> wrote:
> Hi, all I'm using a new installed pfsense 1.2.1 with three attached
> newtoks, wan, lan and optional 1, I have defined rules on lan
> interface to allow all outgoing connections on that interface, but
> everyt
On Tue, Aug 19, 2008 at 7:03 PM, Bill Marquette
<[EMAIL PROTECTED]> wrote:
> On Tue, Aug 19, 2008 at 4:07 PM, Aliet Santiesteban Sifontes
> <[EMAIL PROTECTED]> wrote:
>> Hi, all I'm using a new installed pfsense 1.2.1 with three attached
>> newtoks, wan, lan and
On Wed, Aug 20, 2008 at 4:55 PM, Aliet Santiesteban Sifontes
<[EMAIL PROTECTED]> wrote:
> People, here I attach you an image with my current settings and the
> migration, is just replace one firewall with pfsense, without changing
> anything else. Notice that my wan is a private /30 network only fo
I think you're dancing all around the solution :)
You need an inbound NAT or port forward for UDP ports 1-65535 pointing
to 10.0.0.1.
Alternately, a 1:1 NAT using YOUR external IP, not the IP of the
service (ie. 216.181.136.7 in your example below should be whatever
your external IP is, not that
On Sat, Sep 6, 2008 at 3:23 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> after doing considerable research with tcpdump on my WAN interface and DMZ
> interface i see that the traffic is indeed passing but my phone is not
> ringing sometimes. i have no idea why this is happening but it appears that
> pf
On Sat, Sep 6, 2008 at 3:35 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On Sat, Sep 6, 2008 at 4:23 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
>> after doing considerable research with tcpdump on my WAN interface and DMZ
>> interface i see that the traffic is indeed passing but my phone is not
>> ri
On Sat, Sep 6, 2008 at 3:52 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
> i should enable static nat on the interface that my voip router is on, which
> is my dmz correct?
Nope, on your WAN interface. You'll put in a rule that is specific to
your VOIP provider and check the 'static nat' box. That wil
On Mon, Sep 29, 2008 at 11:03 AM, Rainer Duffner <[EMAIL PROTECTED]> wrote:
> Hi,
>
> my WRAP died and I finally managed to order an ALIX from PC-Engines.
> But I think I can't find a backup of my config - can I just take the
> config.xml from the old CF card and use the restore-option with that?
>
On Mon, Sep 29, 2008 at 10:15 AM, Ryan Rodrigue <[EMAIL PROTECTED]> wrote:
> Thanks for the super quick reply. I thought as much, but just wanted to
> confirm. Is there a limit to the number of processors it supports? Will a
> dual zeon quad core (8 processors) work? i really don't have a need
FWIW, I've said this before, I'll say it again. Open source works
because people have an itch to scratch and they scratch it. None of
the current devs have an IPv6 itch. It's a lot of work to convert a
predomenently IPv4 based system to work in an IPv6 world and none of
use have a need or desire
On Wed, Oct 1, 2008 at 11:12 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz <[EMAIL PROTECTED]> wrote:
>> yep, i looked at it using tcpdump. i just see syn packets going out the
>> door, i never get any syn-acks back.
>>
>> 22:50:47.417326 IP unixbox.gnet.4
On Sat, Oct 11, 2008 at 12:39 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> 2008/10/11 Curtis LaMasters <[EMAIL PROTECTED]>:
>> A static route on pfsense for the 2.x network sending traffic to 0.245
>> should do the trick unless I'm missing something.
>>
>
> And also check "Bypass firewall rules
On Sat, Oct 11, 2008 at 11:28 AM, David McNett <[EMAIL PROTECTED]> wrote:
> On Oct 1, 2008, at 5:18 PM, BSD Wiz wrote:
>>
>> have rules to allow allow traffic out on port 80 and 443. I have also(just
>> to be sure) allowed *ALL* traffic out from my static ip on my macbook.
>> Problem is I can't get
On Thu, Oct 30, 2008 at 6:32 AM, Angelo Turetta
<[EMAIL PROTECTED]> wrote:
> Olivier Nicole wrote:
>>
>> Hi,
>>
>> I get a bunch of errors like:
>>
>> acd0: FAILURE - PREVENT_ALLOW timed out
>>
>> or
>>
>> acd0: WARNING - SETFEATURES SET TRANSFER MODE taskqueue timeout -
>> completing reques direct
On Fri, Oct 31, 2008 at 1:13 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 31, 2008 at 6:57 AM, Olivier Nicole <[EMAIL PROTECTED]> wrote:
>> sai wrote:
>>> I just realised that I've been trusting random people I dont know to
>>> develop my production firewalls
>>
>> You are right,
On Fri, Nov 14, 2008 at 9:03 AM, David Meireles <[EMAIL PROTECTED]> wrote:
> Angelo, not joking, not crazy... Before having squid installed in the
> pfSense box, there was an IPCop Proxy with a direct connect to the web (2
> lan cards, one green, other red). To make the clients pass that server (in
On Wed, Nov 19, 2008 at 2:09 AM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Wed, Nov 19, 2008 at 1:58 AM, Olivier Nicole <[EMAIL PROTECTED]> wrote:
>> Hi Dimitri,
>>
>> Thanks for the clues, i will look at what i can do with the switch.
>>
>>> Is there a particular reason you are trying to do a
On Wed, Nov 19, 2008 at 8:07 AM, Veiko Kukk <[EMAIL PROTECTED]> wrote:
> Erwan David wrote:
>>
>> OpenBGPD is in the packages.
>
> Thank you, but is it stable enought (ALPHA)? Are there any plans to make
> Quagga package for pfSense?
The software itself is stable. The pfsense wrapper package is m
On Mon, Nov 24, 2008 at 1:55 PM, JJB <[EMAIL PROTECTED]> wrote:
> Tom Müller-Kortkamp wrote:
>>
>> Am 22.11.2008 um 00:22 schrieb JJB:
>>
>>> Is it possible with the pfsense load balancing to load balance between
>>> two database servers on port 3306?
>>
>> it should work with every tcp service
>>
On Tue, Nov 25, 2008 at 1:10 PM, mikel <[EMAIL PROTECTED]> wrote:
>
> Hello
> where i can add pf rules in pfsense ( manually editing, or creating one
> file), and mantaing this rules if I reload configuration throught web
> interface?
You don't (although you might be able to hijack some of our unu
On Tue, Nov 25, 2008 at 5:51 PM, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 25, 2008 at 6:45 PM, mikel <[EMAIL PROTECTED]> wrote:
>>
>> Dear Crish/Scot/Developers
>> I t will be possible modify this patch to adapt to 1.2RCx and 2.0?
>>
>> http://www.mail-archive.com/[EMAIL PROTECTED]/ms
On Tue, Nov 25, 2008 at 2:25 PM, mikel <[EMAIL PROTECTED]> wrote:
>
> Some ideas?
>
> Do you understand me?
Can we please keep this to one thread? My mailbox will thank you.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Fo
Can you post the error at step 10? Or the entire serial boot log so
we can see where you are getting stuck? Thanks
--Bill
On Wed, Nov 26, 2008 at 8:26 AM, Patrick M. Murray, M.F.A.
<[EMAIL PROTECTED]> wrote:
> Hi, I followed these instructions (pasted below), and I cannot get the file
> system
specification:
: Mount using filesystem
eg. ufs:da0s1a
? List valid disk boot devices
Abort manual input
mountroot>
END LOG 2
---
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2008 10:
On Mon, Dec 1, 2008 at 2:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote:
> Hi,
>
> Can somebody please explain to me exactly how this works. I am having an
> argument with my superior. He is insistent on setting the monitor IP
> addresses in my load balancer pool to the same IP address. In his mind it
On Mon, Dec 1, 2008 at 3:06 PM, Mike Lever <[EMAIL PROTECTED]> wrote:
> Thanks for the explanation Bill.
>
> Can you please elaborate where you mention:
>
> "You'll actually lose link failure detection"
>
> What exactly is link failure detection ? I understand the meaning of the
> words in isolatio
On Mon, Dec 1, 2008 at 3:09 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> On Mon, Dec 1, 2008 at 3:41 PM, Mike Lever <[EMAIL PROTECTED]> wrote:
>>
>> I have 5 WAN ports. The load balancer will constantly ping WAN1, WAN2,WAN3,
>> WAN4 & WAN5 simultaneously. Depending on which has the quickest resp
On Mon, Dec 1, 2008 at 4:42 PM, Mike Lever <[EMAIL PROTECTED]> wrote:
> Great, thank you very much Bill.
>
> One point for clarification purposes... please define a flow ?
Any given TCP connection (from connection setup, to teardown). Or UDP
(say a VOIP call) stream of sufficient packet frequency
On Wed, Dec 3, 2008 at 10:12 AM, Gary Buckmaster
<[EMAIL PROTECTED]> wrote:
> It can be done, although not if the proxy machine is inside your LAN. It
> would need to live on a separate network segment (ie: DMZ). In this case,
> yes, its possible to redirect outbound traffic for TCP 80 to the pro
On Wed, Dec 3, 2008 at 5:12 PM, Ermal Luçi <[EMAIL PROTECTED]> wrote:
> On Wed, Dec 3, 2008 at 5:40 PM, Bill Marquette <[EMAIL PROTECTED]> wrote:
>> On Wed, Dec 3, 2008 at 10:12 AM, Gary Buckmaster
>> <[EMAIL PROTECTED]> wrote:
>>> It can be done, althou
On Fri, Dec 5, 2008 at 10:43 AM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Commodity PC hardware of any type may not be able to push that. It's
> not about Gbps, it's about pps and the kind of traffic you're pushing.
> You're going to max out at probably 1 Mpps (million packets per
> second). 1 M
On Fri, Dec 5, 2008 at 11:38 AM, RB <[EMAIL PROTECTED]> wrote:
> On Fri, Dec 5, 2008 at 09:59, Curtis Maurand <[EMAIL PROTECTED]> wrote:
>> the last time I checked out the guts of a Cisco PIX, I found that it was
>> nothing more than commodity PC hardware with an Intel processor.
>
> I can't speak
On Fri, Dec 5, 2008 at 3:14 PM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> Along those lines - one of the "in the future" items on the list for
> the autoconfigbackup is an option to email when the configuration
> changes. For some environments that would be nothing more than an
> annoyance, but c
On Mon, Dec 8, 2008 at 2:32 PM, Tim Roberts <[EMAIL PROTECTED]> wrote:
> Do VHIDs have to be unuique per IP on the same physical wire to avoid
> conflicts with other CARP servers? We had similar floods when we first setup
> Pair1 to carp sync on LAN. It was flooding certain linksys and belkin WAPs
On Wed, Dec 10, 2008 at 10:05 AM, Tim Roberts <[EMAIL PROTECTED]> wrote:
> Im still trying to track this issue down. I have one of the two new nodes up
> finally without blowing up the network. I re-arranged VHIDs on all PFSense
> servers on the network so they are unique and that did the trick for
On Sun, Dec 14, 2008 at 3:24 AM, Angelo Turetta
wrote:
> You either:
> - have don't have the same IP/mask for the Virtual IP in all nodes
> - have reused the same vhid for more than one virtual IP
> - You Virtual IP/Mask don't match the subnet of the real if.
- have multiple carps assigned to
On Thu, Dec 18, 2008 at 7:00 AM, a800 wrote:
> The FreeBSD advisory says one has to upgrade to 7.0-RELEASE-p6 to get he
> bug fixed. pfSense 1.2.1-RC4 image I have downloaded couple days ago
> says it runs 7.0-RELEASE-p5.
>
> Do you mean this flaw was fixed in the source tree of pfSense,
> indepen
Sounds like this may have been part of your issue. It sounds like you
had multiple machines acting as carp master. Not a good idea.
--Bill
On Thu, Dec 18, 2008 at 6:11 PM, JJB wrote:
>
> Tim Nelson wrote:
>>
>> Check the 'Advanced Options' for any rules you have related to SSH or your
>> web h
801 - 900 of 974 matches
Mail list logo