Re: [pfSense Support] Recent PPTP updates

2008-07-28 Thread Chris Buechler
Tim Nelson wrote: Sorry, I think I misread your response to my original post which you misread... ;-) I am not concerned about the multiple local devices PPTP out to the same remote PPTP server scenario. I was really just asking if the devices can PPTP outbound when the local PPTP server is

Re: [pfSense Support] 1.3 alpha2X on VMware server 1.0.5

2008-07-30 Thread Chris Buechler
On Wed, Jul 30, 2008 at 6:26 PM, DLStrout [EMAIL PROTECTED] wrote: Bill, Anyone, Would it be possible to get notified when you all feel this issue is resolved and ready for -re-testing?? I'd welcome the opportunity to dive into 1.3 A2X, but unfortunately we are short on standalone server

Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?

2008-07-30 Thread Chris Buechler
On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow [EMAIL PROTECTED] wrote: As an additional note, I've already tried the following to no avail: - tcp/udp tweaking (no change) Shouldn't be necessary anyway. Most of those settings are only relevant when the firewall is the endpoint of the connection.

Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue?

2008-07-30 Thread Chris Buechler
On Thu, Jul 31, 2008 at 12:58 AM, Anil Garg [EMAIL PROTECTED] wrote: I would love to try the new 1.2.1 but there are so many images Which one should be tested as most stable. They're built once a day. Most days RELENG_1_2 doesn't change, and any changes that do occur are minor. Just pick

Re: [pfSense Support] cannot update firmware

2008-07-31 Thread Chris Buechler
On Thu, Jul 31, 2008 at 9:38 AM, Sean Cavanaugh [EMAIL PROTECTED] wrote: I have a 1.2-RELEASE setup that runs perfectly fine. I wanted to install 1.2.1 on it to try it out but I cannot get the system to upgrade the firmware at all. Thru the web interface i get the usual hoops about the file

Re: [pfSense Support] DNS cache poisoning (solved)

2008-07-31 Thread Chris Buechler
On Thu, Jul 31, 2008 at 3:01 AM, Beat Siegenthaler [EMAIL PROTECTED] wrote: A bit Off-Topic... You can find no Information about DNS-Cache Poisoning at ZyXEL's Website. As manufacturer of NAT-Serializers this is poor behavior. Wow, indeed it is. I would suggest contacting them, I'm sure you

Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Chris Buechler
On Sat, Aug 2, 2008 at 7:15 PM, Tortise [EMAIL PROTECTED] wrote: Re: Any chance your rule is doing OS detection? Gosh I thought you were joking, however wise to first check the rule, bearing in mind your responses are invariably well founded, sure enough the ability to limit the OS is

Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Chris Buechler
On Sat, Aug 2, 2008 at 9:06 PM, Tortise [EMAIL PROTECTED] wrote: Chris I am not sure what you are getting at, I think so. (how else?) Meaning you're connecting to a port forward using the outside IP from your LAN interface. NAT reflection is a kludge, I would suggest just directly connecting,

Re: [pfSense Support] squidGuard not starting

2008-08-02 Thread Chris Buechler
On Sat, Aug 2, 2008 at 7:20 PM, Scott Ullrich [EMAIL PROTECTED] wrote: On Sat, Aug 2, 2008 at 7:18 PM, Michel Servaes [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any idea as why the squidguard won't start ? As soon as I add an url to download the blacklists, the

Re: [pfSense Support] TrafficShaper configuration for multiple LANs

2008-08-07 Thread Chris Buechler
Bastian Schern wrote: Hi, I'm very happy with the pfSense Project. Very great job. Thanks to all. But I have some Problems to configure the TrafficShaper for multiple LANs. It's only compatible with two interface systems (LAN and WAN) in 1.2. You'll have to wait for 1.3 for this.

Re: [pfSense Support] TrafficShaper configuration for multiple LANs

2008-08-07 Thread Chris Buechler
Bastian Schern wrote: Chris Buechler schrieb: [...] It's only compatible with two interface systems (LAN and WAN) in 1.2. You'll have to wait for 1.3 for this. Okay. What happens if I configure TrafficShaper only for VoIP-Interface and WAN and a big traffic is going from LAN to WAN? Does

Re: [pfSense Support] Per-user accounting

2008-08-07 Thread Chris Buechler
On Wed, Aug 6, 2008 at 8:59 AM, Johann Spies [EMAIL PROTECTED] wrote: I am investigating the possibility to use pfsense as our next enterprise-level firewall. I am new both to pfsense and openbsd (coming from a Linux background). Our users pay for internet traffic per Mb. Some of them use a

Re: [pfSense Support] Openvpn

2008-08-07 Thread Chris Buechler
On Thu, Aug 7, 2008 at 12:11 PM, Mikel Jimenez [EMAIL PROTECTED] wrote: Hello I have a Openvpn server in Debian. All the servers of my job are conected to this vpn (serves are in diferent locations). I want to put the PfSense in this VPN. I go to the web interface, Openvpn, client and I put

Re: [pfSense Support] 1.3Ax2 question

2008-08-16 Thread Chris Buechler
On Sat, Aug 16, 2008 at 8:52 AM, DLStrout [EMAIL PROTECTED] wrote: Is there a special list/forum for 1.3 Alpha/Alpha questions ... just don't want to muddy the water here with alpha testing questions. There's a board on the forum, but you're welcome to post here too. If posting here just make

Re: [pfSense Support] Pfsense blocking outside connections with NO_TRAFFIC:SINGLE

2008-08-19 Thread Chris Buechler
Aliet Santiesteban Sifontes wrote: Hi, all I'm using a new installed pfsense 1.2.1 with three attached newtoks, wan, lan and optional 1, I have defined rules on lan interface to allow all outgoing connections on that interface, but everything is blocked, a test in dns server query shows this on

Re: [pfSense Support] Pfsense blocking outside connections with NO_TRAFFIC:SINGLE

2008-08-20 Thread Chris Buechler
On Wed, Aug 20, 2008 at 11:56 AM, Aliet Santiesteban Sifontes [EMAIL PROTECTED] wrote: Found part of the problem, I installed a clean pfsense, and setup again the three interfaces. WAN-- Connected to our isp trought a /30 private newtork OP1-DMZ-- With the public range address assigned by our

Re: [pfSense Support] Pfsense blocking outside connections with NO_TRAFFIC:SINGLE

2008-08-20 Thread Chris Buechler
On Wed, Aug 20, 2008 at 6:12 PM, Tim Nelson [EMAIL PROTECTED] wrote: I probably shouldn't introduce any further issues here... but aren't there issues having a 192.168.1.0/30 and a 192.168.1.0/24 on the same router? If you ping 192.168.1.1 or 192.168.1.2 from your router, what interface will

Re: [pfSense Support] Re: Traffic Shaper: Giving priority to OpenVPN traffic?

2008-08-21 Thread Chris Buechler
On Thu, Aug 21, 2008 at 11:19 AM, Tim Nelson [EMAIL PROTECTED] wrote: I posted this a few days ago and haven't gotten any response. Am I the only one who wants to prioritize OpenVPN traffic? :-) As mentioned, I do not wish to shape the traffic inside the OpenVPN tunnel, just the tunnel

Re: [pfSense Support] OpenVPN firewall rules

2008-08-21 Thread Chris Buechler
On Thu, Aug 21, 2008 at 12:06 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: Sure you can. Outbound only, traffic coming in over OpenVPN is automatically allowed in 1.2. - To unsubscribe, e-mail: [EMAIL PROTECTED] For

Re: [pfSense Support] filesystem runs out of space

2008-08-22 Thread Chris Buechler
On Fri, Aug 22, 2008 at 8:33 AM, Fuchs, Martin [EMAIL PROTECTED] wrote: Hi ! At one of my systems I have a strange issue, the file-system runs out of space... So is there the possibility to have some ls combination or else that can check fort he biggest files in the fs instead of having me

Re: AW: [pfSense Support] filesystem runs out of space

2008-08-22 Thread Chris Buechler
On Fri, Aug 22, 2008 at 10:59 AM, David Meireles [EMAIL PROTECTED] wrote: you can use the switch -h (human readable). Also, try the following combination, and increase the value at your taste du -h --max-depth=1 Which is the same as du -hd1 that I suggested. :)

Re: [pfSense Support] PFSense and EDNS protocol suppor??

2008-08-22 Thread Chris Buechler
On Fri, Aug 22, 2008 at 4:18 PM, Aliet Santiesteban Sifontes [EMAIL PROTECTED] wrote: Hi list I'm currently migrating our dns server to new binds releases due to daminsky vulnerability, but I'm hitting a rock because of the disable of edns protocol, to do this test first I disable disable the

Re: [pfSense Support] update multiple dyndns hosts

2008-08-24 Thread Chris Buechler
On Sun, Aug 24, 2008 at 12:47 PM, chris [EMAIL PROTECTED] wrote: Is it possible to update multiple dyndns hosts with the Dynamic DNS service? Not with 1.2, it's in 1.3. - To unsubscribe, e-mail: [EMAIL PROTECTED] For

Re: [pfSense Support] PFSense and EDNS protocol suppor??

2008-08-24 Thread Chris Buechler
On Fri, Aug 22, 2008 at 10:11 PM, Aliet Santiesteban Sifontes [EMAIL PROTECTED] wrote: Chris, here I attached the capture file, you can see this with wireshark or etehreal, you will see the problem. Looks like the remote server is sending that back, and it doesn't have anything to do with your

Re: [pfSense Support] DHCP services

2008-08-26 Thread Chris Buechler
On Tue, Aug 26, 2008 at 2:08 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Will I have to change all my routing to make these changes? I want to do 202.0 – 205.250. Hard to say, depends on how this is configured in other parts of your network. If you expect to use a /21, your interface has to

Re: [pfSense Support] Traffic shaping WAN-DMZ ?

2008-09-03 Thread Chris Buechler
On Wed, Sep 3, 2008 at 6:18 PM, JJB [EMAIL PROTECTED] wrote: Hello, We have servers on our SHARED_DMZ interface and we would like to give priority to http requests to those servers from our web server over all other traffic. The bandwidth usage is tiny, a few kbits every few minutes. These

Re: [pfSense Support] DHCP services

2008-09-04 Thread Chris Buechler
On Thu, Sep 4, 2008 at 4:04 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: Does anyone have a recommendation for the DHCP default lease time? We have a Captive Portal Idle Timeout of 30 minutes and a Hard timeout of 720 minutes. Our DHCP lease is 43300 seconds or a little more than 12 hours.

Re: [pfSense Support] DHCP services

2008-09-04 Thread Chris Buechler
On Thu, Sep 4, 2008 at 10:03 PM, Atkins, Dwane P [EMAIL PROTECTED] wrote: What is the Maximum lease time on the DHCP server? It say that the lease time is for clients that ask for a specific expiration time. Should that be set as well? Yeah set that to the same. It likely won't be used.

Re: [pfSense Support] Port Forwarding issue.

2008-09-04 Thread Chris Buechler
On Thu, Sep 4, 2008 at 11:58 PM, JarekVB [EMAIL PROTECTED] wrote: Hello List. Here is my situation. I have been using pfSense for the last year and didn't have any problems till about 2 months ago. I change a job and decided that I needed to renew my IP to make sure that my co-worker does

Re: [pfSense Support] Port Forwarding issue.

2008-09-04 Thread Chris Buechler
On Fri, Sep 5, 2008 at 12:34 AM, JarekVB [EMAIL PROTECTED] wrote: So i change the Rules to be: Proto | Source | Port | Destination | Port | Gateway | Schedule | Description --++---+-+---+-+--+ TCP |*

Re: [pfSense Support] rule not working correctly

2008-09-05 Thread Chris Buechler
On Fri, Sep 5, 2008 at 10:17 PM, BSD Wiz [EMAIL PROTECTED] wrote: man O man still getting blocked, tried calling my VoIP phone from my cell phone and the traffic was blocked again by the default drop all rule. below is the log entry of the blocked traffic. WAN 216.181.136.7:5065

Re: [pfSense Support] Rules for a Port Forward

2008-09-10 Thread Chris Buechler
On Wed, Sep 10, 2008 at 6:06 PM, Joseph L. Casale [EMAIL PROTECTED] wrote: If I wanted some number x of hosts to be accepted to use a forwarded port, is not possible to enter a list of source ip's, or must I make a rule for each host? You can create an alias with the list of source IPs then

Re: [pfSense Support] a minor rfe

2008-09-11 Thread Chris Buechler
On Thu, Sep 11, 2008 at 11:21 AM, Randy Schultz [EMAIL PROTECTED] wrote: Heya, We use PFSense here, much to our delight. We are currently working on bringing up another to work in parallel. We use a lot of aliases, and some of the aliases are fairly big. The mouse-over is cool however

Re: [pfSense Support] transparent firewall dns behind not workign

2008-09-12 Thread Chris Buechler
On Fri, Sep 12, 2008 at 10:13 PM, Glenn Kelley [EMAIL PROTECTED] wrote: Greetings I have a transparent firewall running - (finally)however the only thing not working behind the firewall is dns resolution for servers behind the system doing a lookup. This caused all types of issues w/ mail

Re: [pfSense Support] packages not available

2008-09-12 Thread Chris Buechler
On Thu, Sep 11, 2008 at 11:35 PM, Glenn Kelley [EMAIL PROTECTED] wrote: On our latest install of pFsense - (thanks for everyones help w/ the transparent bridge - ended up being the nic cards were not liked much by the system ) Now we are unable to install packages - and get the error message

Re: [pfSense Support] sip proxy and embedded installation?

2008-09-13 Thread Chris Buechler
On Sat, Sep 13, 2008 at 11:22 AM, sp4rc [EMAIL PROTECTED] wrote: Hello list members I am running 1.2-RELEASE embedded on an alix2d3 board. This is what my network layout looks like: http://img257.imageshack.us/my.php?image=networkgu3.jpg The Linksys router is running in router-mode and

Re: [pfSense Support] sip proxy and embedded installation?

2008-09-14 Thread Chris Buechler
On Sun, Sep 14, 2008 at 6:57 AM, sp4rc [EMAIL PROTECTED] wrote: Thanks for your reply. I changed the Natting configuration. A first test I have made yesterday worked. But today I can not log in to my sipgate account anymore from the DMZ segment. (Although it works using ekiga from the LAN

Re: [pfSense Support] Re: Multiple gateways on the same network interface

2008-09-17 Thread Chris Buechler
On Wed, Sep 17, 2008 at 4:55 PM, Matias Surdi [EMAIL PROTECTED] wrote: Thanks for your help Wilson. That's not exactly what I'm trying to do. I've both DSL router on the same phisical WAN interface (with a switch, obviously). Then, on these DSL routers I've some port redirections to the

Re: [pfSense Support] Re: Multiple gateways on the same network interface

2008-09-17 Thread Chris Buechler
On Wed, Sep 17, 2008 at 5:43 PM, Matias Surdi [EMAIL PROTECTED] wrote: If I've more than one IP address on each of my internet connections (now each one on his own interface), Will I be able to do Port Forwardings for all the IPs? yes

Re: [pfSense Support] Re: Multiple gateways on the same network interface

2008-09-17 Thread Chris Buechler
On Wed, Sep 17, 2008 at 6:20 PM, Anil Garg [EMAIL PROTECTED] wrote: Is there a place to check what is new on the stove for 1.3 release. Ah goodies. A number of blog posts cover some things. More will be added with time. http://blog.pfsense.org/?tag=13-new-features

Re: [pfSense Support] VPN to two interfaces

2008-09-17 Thread Chris Buechler
On Wed, Sep 17, 2008 at 6:55 PM, Joe Laffey [EMAIL PROTECTED] wrote: I have pfsense set up with a WAN, a LAN, a DMZ, and a WIFI NIC (4 NICs). I would like to be able to use OpneVPN to connect from the WAN and access hosts on both the LAN and the DMZ (encrypted through the vpn). Is this

Re: [pfSense Support] OpenVPN Tunnel Quality with VoIP Applications

2008-09-19 Thread Chris Buechler
On Fri, Sep 19, 2008 at 7:29 AM, Paul Mansfield [EMAIL PROTECTED] wrote: Tim Nelson wrote: Any ideas on what I can do to decrease the effect OpenVPN is having on the traffic? All suggestions welcome and appreciated! a wild thought, but could you have a problem with MTU? try reducing it on

Re: [pfSense Support] blocking china

2008-09-23 Thread Chris Buechler
On Tue, Sep 23, 2008 at 10:40 AM, Derrick Conner [EMAIL PROTECTED] wrote: For some reason, some of the messages in here get sent to junk mail. Gmail has been sending about 10-20% of the list messages to spam the past week or so for me. I changed my filter for the lists to never move to spam,

Re: [pfSense Support] Vista's DHCP Issues

2008-09-23 Thread Chris Buechler
On Mon, Sep 22, 2008 at 12:06 PM, Tim Nelson [EMAIL PROTECTED] wrote: I recently ran into an issue where one of our client's laptops would/could not get an IP address from one of our boxes running pfSense 1.2-RELEASE. Connecting via wireless or wired made no difference and other machines

Re: [pfSense Support] random lock up - Now with high CPU usage

2008-09-24 Thread Chris Buechler
On Wed, Sep 24, 2008 at 1:43 PM, Matias Surdi [EMAIL PROTECTED] wrote: Finally, we've migrated to 1.2.1 RC1 and seems to be working, at least for now. But, we are seeing that the CPU keeps on 50% use, and a top shows that it's being used by interrupt. That's indicative of a maxed out box.

Re: [pfSense Support] Re: random lock up

2008-09-24 Thread Chris Buechler
On Wed, Sep 24, 2008 at 11:27 AM, Matias Surdi [EMAIL PROTECTED] wrote: The console is absolutely frozen.Can't do anything. That's one of two things: 1) Hardware problem, usually RAM, possibly any number of other things. 2) FreeBSD bug specific to your hardware. First I'd try 1.2.1, and if it

Re: [pfSense Support] ipv6 possibility

2008-09-24 Thread Chris Buechler
On Wed, Sep 24, 2008 at 3:23 AM, R. Th. Boots [EMAIL PROTECTED] wrote: Hello, As Pfsense is derived from Monowall and monowall has recently, in the 1.3beta12, incorporated ipv6, I was wondering how difficult it is going to be to port the changes in monowall to pfsense? The two are vastly

[pfSense Support] Re: RBL checks - was Re: [pfSense Support] blocking china

2008-09-24 Thread Chris Buechler
On Wed, Sep 24, 2008 at 5:57 AM, Paul Mansfield [EMAIL PROTECTED] wrote: Chris Buechler wrote: Gmail has been sending about 10-20% of the list messages to spam the http://www.robtex.com/rbl/ try wacking in IP addresses of relays and see what turns up Only one mail server sends out mail

Re: [pfSense Support] Doesnt work make install Command

2008-09-26 Thread Chris Buechler
On Fri, Sep 26, 2008 at 7:51 PM, Koray AGAYA [EMAIL PROTECTED] wrote: Hi All; I installed all freebsd ports collection under /usr/ports/*.* But I didnt use make install command How Can I do work it ? Please help me You can't. Use pkg_add.

Re: [pfSense Support] DHCP : interface not found

2008-09-26 Thread Chris Buechler
On Fri, Sep 26, 2008 at 7:17 PM, Alfred Sawaya [EMAIL PROTECTED] wrote: Hello, I've some troubles with pfsense : I would like to enable the DHCP server on one of my interface (xl0). I've 3 interfaces : 2 LAN (fxp0 and xl0), 1 WAN (rl0). I do everything right to enable DHCP but I've this in

Re: [pfSense Support] DHCP : interface not found

2008-09-27 Thread Chris Buechler
On Fri, Sep 26, 2008 at 10:36 PM, Alfred Sawaya [EMAIL PROTECTED] wrote: Sure : Config file of my interfaces : interfaces ... LAN and WAN ... opt1 ifxl0/if descrDINIAE/descr bridge/ ipaddr192.168.22.1/ipaddr subnet24/subnet gateway/

Re: [pfSense Support] ipv6 possibility

2008-09-27 Thread Chris Buechler
On Sat, Sep 27, 2008 at 3:48 PM, Scott Ullrich [EMAIL PROTECTED] wrote: On Sat, Sep 27, 2008 at 3:15 PM, Chris Bagnall [EMAIL PROTECTED] wrote: We use pfSense in client environments. We use ISPs that offer IP6 support at no extra charge. Does anyone know how much £/€/$ would be needed to

Re: [pfSense Support] DHCP : interface not found

2008-09-28 Thread Chris Buechler
On Sun, Sep 28, 2008 at 2:22 PM, Alfred Sawaya [EMAIL PROTECTED] wrote: Of course, this interface was enabled when i've tested the DHCP Server. I've disabled it after... So, It doesn't work when the interface is enabled That message from dhcpd means the interface does not have an IP assigned,

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-01 Thread Chris Buechler
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz [EMAIL PROTECTED] wrote: pfSense 1.2.1 RC1 only add-on package installed is iperf. I have rules to allow allow traffic out on port 80 and 443. I have also(just to be sure) allowed *ALL* traffic out from my static ip on my macbook. Problem is I can't

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-01 Thread Chris Buechler
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson [EMAIL PROTECTED] wrote: Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies on ICMP to automagically determine the proper MTU... On nearly all of my installations, I'm blocking EVERYTHING including ICMP on the WAN and PMTU still

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-01 Thread Chris Buechler
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz [EMAIL PROTECTED] wrote: do you guys think i should revert back to version 1.2 and test it? I would say there isn't a good chance that would change anything, but someone seems to be reporting a similar problem on the forum that reportedly didn't exist in

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-01 Thread Chris Buechler
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz [EMAIL PROTECTED] wrote: yep, i looked at it using tcpdump. i just see syn packets going out the door, i never get any syn-acks back. 22:50:47.417326 IP unixbox.gnet.49330 subaru.com.http: S 3917131801:3917131801(0) win 65535 mss 1460,nop,wscale

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-02 Thread Chris Buechler
On Thu, Oct 2, 2008 at 12:38 AM, BSD Wiz [EMAIL PROTECTED] wrote: i know, i just want to check out the new wrx's and sti!! tried messing with the mtu without any luck. ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you can see my request to subaru.com and then the reply

Re: [pfSense Support] Can't connect to subaru.com on port 80

2008-10-02 Thread Chris Buechler
Paul Mansfield wrote: BSD Wiz wrote: I never get a response from the firewall therefore I cannot connect via telnet over port 80. Telneting to the site from the de works but not from the client machine. it sounds a bit like the automatic bogons blocking list has subaru in it. That

Re: [pfSense Support] any comment or need to worry about the recent TCP/IP DoS found by Outpost24?

2008-10-03 Thread Chris Buechler
On Fri, Oct 3, 2008 at 10:57 AM, Vivek Khera [EMAIL PROTECTED] wrote: I've read a lot about how windows and linux are vulnerable, but not much info regarding FreeBSD. Does anyone know how worried we should be? Any comment on possible corrective measures being implemented by the dev team?

Re: [pfSense Support] rule label too long and ipsec?

2008-10-04 Thread Chris Buechler
On Fri, Sep 26, 2008 at 11:14 AM, Paul Mansfield [EMAIL PROTECTED] wrote: Rob Terhaar wrote: I know that the rule label too long bug has been around in varying 500 keep state label IPSEC: RDI -2nd lan - outbound isakmp try taking out the '', I have been bitten by a bug with it not quoting

Re: [pfSense Support] Too Many CARP VIP cause auto failover?

2008-10-07 Thread Chris Buechler
On Tue, Oct 7, 2008 at 9:24 AM, Tonix (Antonio Nati) [EMAIL PROTECTED] wrote: General question to developers: which are usually problems which make PF sense failover to anoter unit? The most common cause of failing over when it shouldn't is switches that hose or block multicast. Can an

Re: [pfSense Support] DMZ lan ping

2008-10-08 Thread Chris Buechler
2008/10/8 Paul Mansfield [EMAIL PROTECTED]: icmp echo request on DMZ interface, yes (in a firewall rule) as well as a route to LAN on DMZ which should be handled by the systems' default routes, assuming that's pfSense. machines, and advanced NAT so that LAN isn't natted to DMZ No, only

Re: [pfSense Support] Forum issues

2008-10-09 Thread Chris Buechler
On Thu, Oct 9, 2008 at 7:28 AM, Ronald L. Rosson Jr. [EMAIL PROTECTED] wrote: Can someone please point me to the proper person to get in contact with concerning the forums. Once I have logged in and try to post or modify one of my existing posts I keep getting this error. Session verification

Re: [pfSense Support] OpenVPN issues...

2008-10-10 Thread Chris Buechler
On Fri, Oct 10, 2008 at 3:34 PM, JJB [EMAIL PROTECTED] wrote: Hello, We just migrated our vpn users to our pf sense firewall. We have dual firewalls (CARP) and dual wan links - a 3mbit bonded t1 link and a 10mb dsl link. (not load balanced - a LAN router is determining what is going to which

Re: [pfSense Support] routing

2008-10-11 Thread Chris Buechler
2008/10/11 Curtis LaMasters [EMAIL PROTECTED]: A static route on pfsense for the 2.x network sending traffic to 0.245 should do the trick unless I'm missing something. And also check Bypass firewall rules for traffic on the same interface on the Advanced page since this will end up being

Re: [pfSense Support] routing

2008-10-11 Thread Chris Buechler
On Sat, Oct 11, 2008 at 11:11 PM, Bill Marquette [EMAIL PROTECTED] wrote: On Sat, Oct 11, 2008 at 12:39 PM, Chris Buechler [EMAIL PROTECTED] wrote: 2008/10/11 Curtis LaMasters [EMAIL PROTECTED]: A static route on pfsense for the 2.x network sending traffic to 0.245 should do the trick unless

Re: [pfSense Support] openvpn firewall

2008-10-12 Thread Chris Buechler
On Sun, Oct 12, 2008 at 9:52 PM, Mikel Jimenez [EMAIL PROTECTED] wrote: Is possible to define firewall rules and shapping rules on openvpn interfaces? In 1.2 no, in 1.3 it will be. - To unsubscribe, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Ipsec over LAN

2008-10-14 Thread Chris Buechler
On Tue, Oct 14, 2008 at 2:59 PM, BSD Wiz [EMAIL PROTECTED] wrote: To be clear, both boxes lans are different subnet of course but the WANs are on the same subnets. If they're on the same ISP with privately addressed WANs that will work, if they allow routing between customers. If it's two

Re: [pfSense Support] port redirect

2008-10-15 Thread Chris Buechler
On Wed, Oct 15, 2008 at 12:20 PM, Mikel Jimenez [EMAIL PROTECTED] wrote: Hello Is possible to redirect requests to xx port to aaa.bbb.ccc.ddd:xx? I have 192.168.1.0 LAN, my proxy is in 192.168.1.40 and pfsense LAN interface is 192.168.1.100. I want that, the clients (gateway 192.168.1.100)

Re: [pfSense Support] port redirect

2008-10-15 Thread Chris Buechler
On Wed, Oct 15, 2008 at 6:13 PM, Alfred Sawaya [EMAIL PROTECTED] wrote: Chris Buechler a écrit : Yes and no. You can add a port forward on LAN that will accomplish this. But it isn't source-specific, so the box you redirect the traffic to will have to reside on another interface otherwise its

Re: [pfSense Support] port redirect

2008-10-15 Thread Chris Buechler
On Wed, Oct 15, 2008 at 6:37 PM, Alfred Sawaya [EMAIL PROTECTED] wrote: yep, so you just have to add a rule from proxy:80 - any = pass and put it before the rule any:80 - proxy:81, no ? No because they're NAT rules not firewall rules and you cannot exclude anything on a single interface from

Re: [pfSense Support] port redirect

2008-10-17 Thread Chris Buechler
On Thu, Oct 16, 2008 at 6:12 AM, David Barbero [EMAIL PROTECTED] wrote: Not exactly, this will not happen if redirects all lan traffic except the traffic from the proxy: rdr on $int_if proto tcp from !192.168.1.40 to any port 80 - 192.168.1.40 port PROXY_PORT Yes but pfSense does not let

Re: [pfSense Support] pfsense 1.2.1 dude

2008-10-21 Thread Chris Buechler
On Mon, Oct 20, 2008 at 6:08 AM, Mikel Jimenez [EMAIL PROTECTED] wrote: Hello Is secure to put pfsense 1.2.1 in production enviroment? I think the others who replied may have misunderstood your intent, it appears you aren't a native English speaker, and may have intended to ask if it's safe,

Re: [pfSense Support] Running PFSense as XEN Guest

2008-10-21 Thread Chris Buechler
On Tue, Oct 21, 2008 at 8:49 PM, Nathan Eisenberg [EMAIL PROTECTED] wrote: Hello, I am looking at deploying a pair of virtual load balancers for a very specific application. I was wondering if anyone has managed to get PFSense installed and running under XEN in either para or full

Re: [pfSense Support] Maximum number of OpenVPN tunnels

2008-10-22 Thread Chris Buechler
On Wed, Oct 22, 2008 at 12:37 PM, Tim Nelson [EMAIL PROTECTED] wrote: Those were my 'assumptions' as well... :-) I was hoping someone could point me in the direction of any sort of 'soft limit' imposed by OpenVPN itself as was presented with IPSEC. Nothing that anyone knows of.

Re: [pfSense Support] jerky network streaming?

2008-10-22 Thread Chris Buechler
On Wed, Oct 22, 2008 at 9:58 PM, Graham Freeman [EMAIL PROTECTED] wrote: I've been meaning to post a follow-up to my similar post from last week... We had huge problems with traffic shaping that I was only able to resolve by switching to m0n0wall v1.3b15 (based on FreeBSD 6.x, vs. the

Re: [pfSense Support] jerky network streaming?

2008-10-22 Thread Chris Buechler
On Wed, Oct 22, 2008 at 10:19 PM, Glenn Kelley [EMAIL PROTECTED] wrote: not sure where I could find this answer --- googled it of all things... when do we expect 1.3 to be released? http://doc.pfsense.org/index.php/When_Will_A_Release_Occur

Re: [pfSense Support] jerky network streaming?

2008-10-22 Thread Chris Buechler
On Wed, Oct 22, 2008 at 11:14 PM, Tim Nelson [EMAIL PROTECTED] wrote: Maybe someone could update the content over at http://doc.pfsense.org/index.php/When_Will_The_pfSense_Book_Be_Released ? Hey, I just put an update on the blog a few days ago. :)

Re: [pfSense Support] jerky network streaming?

2008-10-22 Thread Chris Buechler
On Wed, Oct 22, 2008 at 11:19 PM, Tim Nelson [EMAIL PROTECTED] wrote: A few days ago? Over two weeks ago... and some of us are losing sleep, going bald, unable to concentrate, etc as a result of the wait... :-) sheesh, guess it has been that long. I'll have another update up in a couple weeks

Re: [pfSense Support] tcp tuning for pfsense?

2008-10-23 Thread Chris Buechler
JJB wrote: http://www.psc.edu/networking/projects/tcptune/ I'm wondering if any of this freebsd tuning info is relevant to pfsense, has it already been done, are there any benefits to setting any of these things Don't bother, these things are all only relevant to the endpoints of TCP

Re: [pfSense Support] OpenVPN super-slow upload speeds

2008-10-24 Thread Chris Buechler
On Fri, Oct 24, 2008 at 5:29 PM, JJB [EMAIL PROTECTED] wrote: Your architecture is somewhat unclear - do I correctly surmise that you have a pfSense server *somewhere* on a 3/3 connection, and that several users connect to it via OpenVPN? two pfsense servers using CARP for failover with a

Re: [pfSense Support] [OT] Fyrewall - Rebranded Spanish pfSense?

2008-10-24 Thread Chris Buechler
On Fri, Oct 24, 2008 at 11:12 PM, Tim Nelson [EMAIL PROTECTED] wrote: I stumbled upon a new open source firewall product this evening. Ever heard of Fyrewall? Some information from the Freshmeat project page at http://freshmeat.net/projects/fyrewall/?branch_id=76300release_id=287163 :

Re: [pfSense Support] [OT] Fyrewall - Rebranded Spanish pfSense?

2008-10-24 Thread Chris Buechler
On Fri, Oct 24, 2008 at 11:51 PM, RB [EMAIL PROTECTED] wrote: You beat me to the translation... Looking at their live demo (yes, they have one running in a VM) Which is going to be rooted in short order if they don't lock it down significantly more. They attempted to do so, but didn't do

Re: [pfSense Support] config.xml decrytp ???

2008-10-26 Thread Chris Buechler
On Sun, Oct 26, 2008 at 9:54 AM, DLStrout [EMAIL PROTECTED] wrote: Is there a default password to decrypt the config.xml file in the latest 1.3AA? I recently updated 1.3Ax2 and now get prompted for a password to decrypt the config.xml and if I CTRL-C out the box will only come up in single

Re: [pfSense Support] 1:1 nat followup

2008-10-27 Thread Chris Buechler
On Mon, Oct 27, 2008 at 2:14 PM, Robin Kauffman [EMAIL PROTECTED] wrote: Hi- My previous post was incorrect; 1:1 nat in fact works provided that traffic for all IPs is sent to the firewall's public-facing MAC address. However, if the route is merely '1.2.3.4/24 dev linktofw' from the

Re: [pfSense Support] Static routes

2008-10-27 Thread Chris Buechler
On Mon, Oct 27, 2008 at 7:56 AM, Paul Mansfield [EMAIL PROTECTED] wrote: in general, I've noticed that the interface setting makes no difference to what happens when using a gateway IP. It does - it opens the anti-spoofing rules appropriately and generates NAT rules according to which

Re: [pfSense Support] Adding more than two DNS servers in DHCP server?

2008-10-27 Thread Chris Buechler
On Mon, Oct 27, 2008 at 5:08 AM, Steve Harman [EMAIL PROTECTED] wrote: Hi! The subject line says it all really. ;-) Are we able to add more than two DNS servers in the pfSense DHCP server? There only appear to be two input boxes in the web interface but I wondered if perhaps multiple

Re: [pfSense Support] syslogd stuck at 100% cpu

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 1:20 PM, JJB [EMAIL PROTECTED] wrote: That is interesting - is there something unique about running pfsense on vmware that is different from running directly on hardware? No, this problem happened on both physical and virtual machines. There could be something specific

Re: [pfSense Support] Great work releasing 1.2.1 RC1

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 3:59 PM, [EMAIL PROTECTED] wrote: What will the migration path look like from 1.2 to 1.2.1? First Question: On an embedded system (Soekris Net5501), will I need to flash the CF card from scratch or will I be able to use the firmware 'feature' on the GUI? If the

Re: [pfSense Support] pfsense 1.2.1 dude

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 1:18 PM, JJB [EMAIL PROTECTED] wrote: 1. Were all the known 1.2.1 bugs resolved last weekend as you hoped in the above message? As far as we know, yes. Still one thing with grub to find a solution for, that's the last remaining 1.2.1 item. 2. Would you consider

Re: [pfSense Support] pfSense 1.2.1 - to which group do we belong

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 5:45 PM, Michel Servaes [EMAIL PROTECTED] wrote: When I'm going to install 1.2.1 tomorrow evening, do we still belong to this usergroup, or should one subscribe to another feed ? I believe another feed is available for the 1.3 branch, isn't it ? There isn't a different

Re: [pfSense Support] Streaming characters while install AFTER installed to HD

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 10:01 PM, Chris Flugstad [EMAIL PROTECTED] wrote: After booting from the live cd, and then installing to the HD, it starts to boot, bios goes by then bsd looks like its gonna boot, but then characters just stream the page really fast. It booted fine from the CD

Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 10:16 PM, Craig Silva [EMAIL PROTECTED] wrote: Having a look at 1.2.1 but can't see a full install for embedded 9maybe I'm blind) - only an update for RC1 - last time I tried to update it failed, so had to revert to 1.2 release. There isn't a different full install

Re: [pfSense Support] Full install for 1.2.1-RC1 embedded?

2008-10-28 Thread Chris Buechler
On Tue, Oct 28, 2008 at 10:29 PM, Craig Silva [EMAIL PROTECTED] wrote: Will have a look but trying to install onto wrap so the only way I know how to do this is to flash an image Use VMware and USB redirection, CF then shows up as a hard drive.

Re: [pfSense Support] Streaming characters while install AFTER installed to HD

2008-10-28 Thread Chris Buechler
On Wed, Oct 29, 2008 at 12:53 AM, Chris Flugstad [EMAIL PROTECTED] wrote: Installed with GRUB and now GRUB loads, then FREEBSD default startup, it starts to go , thing spins and then i get the same screen of random charchters streaming down the screen. Not the boot loader then. Try 1.2.1.

Re: [pfSense Support] openvpn client export

2008-10-29 Thread Chris Buechler
Mikel Jimenez wrote: Hello I have installed openvpn client export utility in Pfsense 1.2.1 but it no appears in the web interface. How can I run it? You can't in 1.2.1. - To unsubscribe, e-mail: [EMAIL PROTECTED] For

Re: [pfSense Support] Multipe WAN ip's, one not working with 1.2.1

2008-10-29 Thread Chris Buechler
clear the upstream ARP cache. On Wed, Oct 29, 2008 at 4:43 PM, Michel Servaes [EMAIL PROTECTED] wrote: I backed up my config.xml, took another computer, added the same network configuration... installed pfSense 1.2.1 (build of today). Restored config.xml, re-installed packages (within restore

Re: [pfSense Support] openvpn client export

2008-10-29 Thread Chris Buechler
On Wed, Oct 29, 2008 at 12:05 PM, Eugen Leitl [EMAIL PROTECTED] wrote: On Wed, Oct 29, 2008 at 05:00:40PM +0100, Mikel Jimenez wrote: OK But it is available in packets... And via console or alone? I want easy way to provide to clients acces to my VPN. Vpn client export utility is my best

Re: [pfSense Support] openvpn client export

2008-10-29 Thread Chris Buechler
On Wed, Oct 29, 2008 at 5:27 PM, Eugen Leitl [EMAIL PROTECTED] wrote: On Wed, Oct 29, 2008 at 05:15:59PM -0400, Chris Buechler wrote: Not even that is possible, well not without backporting all the user manager and OpenVPN changes in 1.3 (you'd be much, much better off just running 1.3

<    1   2   3   4   5   6   7   8   9   10   >