Re: [pfSense Support] 0.71.2 on WRAP
On 7/29/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 7/29/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: - I created a Virtual IP using the same IP address as my WAN interface, trying to get the router to accept (or redirect) ICMP (I want my system pingable). I failed in doing that. (1) How do I make my router pingable from the outside world? (2) In making that change above, I wasn't able to remove the interface. The error always said that that VIP was in use by a NAT rule. In order to remove it, I needed to remove all my NAT rules, delete the VIP, and re-enter all the NAT rules by hand. Painful! I'll let Bill chime in here but to get ICMP working you need to allow the protocol in the interface rules. Hrm, I'll check this out. I've got a code change that I need to commit for this stuff anyway. The VIP code does check to see if you've used the VIP in a NAT entry (probably cause the only reason you need a VIP is if you don't use the interface address in your NAT), I don't see that changing. I can probably easily add code to not allow a VIP that is the same IP as the interface address though. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] captive portal
They are kept in pf tables. The table in question is captiveportal. Try this command at a command prompt after you have some ppl auth'd: pfctl -t captiveportal -T show Scott On 7/29/05, alan walters [EMAIL PROTECTED] wrote: Just was reviewing the captive portal implementation. All the port forwards work great now but I don't know where the rules are being kept for the ip's allowed section. Checked out rules debug and they are not there??? Where do they live at the moment??? Regards alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense shell accounts ???
Are these accounts allowed SSH remote access from a host on either the local LAN segment or an OPT segment (of course there is a rule in place to allow this). I assumed that these were the passwords but I get failed authentication on bith accounts and an error in the logs .. sshd[791]: error: PAM: authentication error for root from 192.168.1.xxx (OPT/WLAN segment) sshd[791]: error: PAM: authentication error for root from 192.168.100.xxx (LAN segmant) Scott Ullrich wrote: SSH: root / pfsense WEB: admin / pfsense On 7/29/05, DLStrout [EMAIL PROTECTED] wrote: Everyone, I am sure this ? has been asked before, but I can't seem to find any reference in the mail-archive or the discussion-archive. What are the fresh-install passwords for the root and toor accounts? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- avast! Antivirus: Inbound message clean. Virus Database (VPS): 0530-3, 07/29/2005 Tested on: 7/29/2005 6:44:27 PM avast! - copyright (c) 2000-2004 ALWIL Software. http://www.avast.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] captive portal
On 7/29/05, alan walters [EMAIL PROTECTED] wrote: Ok the allowed ip addresses are in that table, but what I really wanted Was the rule that was being applied to the captive portal for allowed ip addresses and active clients. # cat /tmp/rules.debug | grep captiveportal no rdr on fxp2 proto tcp from captiveportal to any table captiveportal pass in on fxp2 from captiveportal to any keep state label allow captive portal authd users ok thanks it looks ok for allowed IP's, is the rule the same for captive portal clients that are being authenticated through the captive portal or are they authenticated on there mac address I had a problem before where some clients are connected through a wireless repeater and the mac address is the same for each client. Even though there ip address is different. Thats normal if the device is doing nat. No it is a bridge. Within the ip subnet but seems to nat or mask the mac address. It sucks big time Scott alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] captive portal
On 7/29/05, alan walters [EMAIL PROTECTED] wrote: ok thanks it looks ok for allowed IP's, is the rule the same for captive portal clients that are being authenticated through the captive portal or are they authenticated on there mac address Yes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]