[pfSense Support] pfSense with Dell PowerEdge 750 ?

[Simon SZE-To]

Hello,

I'm planning to run pfSense with the Dell PowerEdge 750 server, and
seem my only concern is, pfSense native support with SATA drive?
A brief spec. for the PowerEdge 750: Intel P4 processor, Intel E7210 chipset, dual embedded Gigabit NICs

Thank you very much.

[pfSense Support] Please help

[Vladimir]

I install 
pfSense-Full-Update-0.75. And i want to know, how i can install Midnight 
Commander (eror gcc  cc compiler)? And how i can install posrts for 
FreeBSD. This version can't find bsd on 
ftp.

[pfSense Support] Pfsense only router

[Roberto Pereyra]

Hi

I would like to use Pfsense only like router (NAT) and traffic
shapper. Maybe squid also.

There are those functions stables or are beta ?

Thanks in advance.

roberto

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Please help

[Bachman Kharazmi]

How to get fbsd portcollection working:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html
(personally I don't play with ports on my pfS boxes. There're
precompiled packages often that are a _more_ safe option. Compiling
can cause headache if you don't know what you're doin)

and there are mc packages ready you can use. I suggest the light
option if you don't want perl and loads of other pkgs.

try something like
# pkg_add -r mc-light-4.1.40.p9_5

/bkw

On 8/17/05, Vladimir [EMAIL PROTECTED] wrote:
  
 I install pfSense-Full-Update-0.75. And i want to know, how i can install
 Midnight Commander (eror gcc  cc compiler)? And how i can install posrts
 for FreeBSD. This version can't find bsd on ftp.
  


-- 
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Pfsense only router

[Bachman Kharazmi]

squid is beta, there are no gui (yet...) but it should be ready for
transperant proxy.
AFAIK NAT works without any problems, I leave the trafficshaping for
somebody else who tested it lately. (I'am sure there are earlier
answers in the ML-archive)

/bkw

On 8/17/05, Roberto Pereyra [EMAIL PROTECTED] wrote:
 Hi
 
 I would like to use Pfsense only like router (NAT) and traffic
 shapper. Maybe squid also.
 
 There are those functions stables or are beta ?
 
 Thanks in advance.
 
 roberto
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 


-- 
##
BKW - Bachman Kharazmi
bahkha AT gmail DOT com
uin: #24089491
SWEDEN
##

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RE: [pfSense Support] ISO problems ... still

[David Strout]

I found that the 0.76.4.iso still hangs (Waiting for Backend on ANSI screen) EVEN when the CD  HDD ARE on the same channel (ie: primary).  I did successfully do an upgrade from 0.74.8  0.77 this morning and all went fine.  I haven't seen a newer version of the iso (0.76.4 has been up on the mirrors for a couple of days now).--David L. StroutEngineering Systems Plus, LLC- Original Message -Subject: RE: [pfSense Support] ISO problems ... stillFrom: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Date: 08-16-2005 9:28 pmNope, still a no go unless the CDROM is on the same channel..!
 . Dimitri RodisIntegrita Systems LLC-Original Message-From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 9:12 AMTo: Dimitri RodisCc: Wesley Joyce; support@pfsense.comSubject: Re: [pfSense Support] ISO problems ... stillTry the latest version that I posted last night.On 8/16/05, Dimitri Rodis [EMAIL PROTECTED] wrote: Any news on the issue with the installer? (Moving the CDROM to be on  the same channel as the hard drive, etc.)   Dimitri Rodis Integrita Systems LLC  -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 3:05 PM To: Dimitri Rodis
Cc: Wesley Joyce; support@pfsense.com Subject: Re: [pfSense Support] ISO problems ... still  On 8/11/05, Dimitri Rodis [EMAIL PROTECTED] wrote:  Yup, that did it.   All I did was move the CDROM from Secondary Master to Primary Slave   and the install went right thru. This was on 0.73.8.  Okay thanks.  Let me see if this can help us narrow down the problem.  Scott-To unsubscribe, e-mail: [EMAIL PROTECTED] For additionalcommands, e-mail: [EMAIL PROTECTED]-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Alert about pf rules syntax errors... again...

[Scott Ullrich]

The problem is the previous version had a parser bug and I bet money
your ipsec profiles are now corrupted.   I had to readd my ipsec
connections after the version in question (cannot recall which version
it was).

The web gui's job is to enforce data but if it becomes corrupted then
it gets rather hard to enforce, no?

Scott


On 8/17/05, Randy B [EMAIL PROTECTED] wrote:
 Scott Ullrich wrote:
  I just tested the latest vpn.inc with my home firewall that has 4+
  ipsec links and it works fine.I'll be releasing a new version
  soon.  Please be on the lookout for it and give it a try.
 
  Scott
 
 I'm still showing this issue in 0.77.  My last fix was to comment out a
 large swath of /etc/inc/filter.inc, but I tried to be a bit more
 pragmatic about it this time, and realized that I came to the precise
 same conclusions that M. Kohn came to.  There needs to be some catch,
 some hook in vpn_ipsec.php (line 36 where the empty definition is
 created), filter.inc (see previously submitted patch), or vpn.inc.
 Something somewhere either has to stop making the empty tunnel or
 everything else has to be changed to be able to deal with it.
 
 Scott - you said a change to filter.inc is not the correct fix, and to
 make it in /etc/inc/vpn.inc.  Why would that be?  AFAICT, vpn.inc just
 sets up defined tunnels - very little error control in it.  The
 specified code chunk in filter.inc (starting ~2093) seems to be the
 flawed one - it just happily chews right over definitions, uncaring
 whether they're empty or not.  Shouldn't a process that's generating
 system commands be a bit more concerned about whether or not it's
 putting out proper syntax?
 
 RB
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy

[Scott Ullrich]

SQUID should not be dying.  If it is then I need to deactivate the
package until a new one is released on the freebsd site.

Scott


On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote:
 No need to file a ticket. Thanks for the swift action.
 I'll wait till next release then.
 
 Also, I am concerned of the Squid process dying for
 any reason and the rdr rule for transparent proxying
 is still in effect. This will block http traffic to
 the internet. Any solution for this?
 
 Thanks again.
 
 Miles
 
 --- Scott Ullrich [EMAIL PROTECTED] wrote:
 
  The solution here is to set the filter dirty flag in
  the squid startup
  script.  This will force the rules to be reloaded
  and then squid will
  be running.
 
  I'll take care of it shortly.
 
  Scott
 
 
  On 8/16/05, Bill Marquette
  [EMAIL PROTECTED] wrote:
   Albert, can you file a ticket on this at
  http://cvstrac.pfsense.com/ ?
   I'd rather not delay boot until squid is up, but I
  suppose that's open
   for debate.  Without looking at the code, I'm
  wondering if we're even
   starting up squid before the filter.
   Can you insert a sleep(); statement before the
  is_process_running
   statement and tell us how long you have to sleep
  for to get reliable
   results? Also, what speed hardware is this on?
  Thanks
  
   --Bill
  
   On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED]
  wrote:
I think it is actually a BUG in the script
/etc/inc/filter.inc that checks for the squid
  process
at boot time which will return FALSE because no
package is loaded during this time yet. See the
/etc/rc script for the loading sequence.
   
The /etc/rc.bootup script that initializes the
  pf
rules is called before executing rc.d items.
  Please
see the /etc/rc script.
   
As a solution, the
  if(is_process_running(squid))
at line no. 1134 of the file /etc/inc/filter.inc
  must
be commented out.
   
Cheers!
   
   
--- Bachman Kharazmi [EMAIL PROTECTED] wrote:
   
 When the squid package has installed properly
 without any errors type:
 # pfctl -sr | grep rdr
 if that returns a rule and trans.proxy still
  doesn't
 work (make sure
 the squid process is running) then I would
  suggest
 you read the squid
 logs to findout why it doesn't cache.

 /bkw


 On 8/16/05, Albert Miles Enabe
  [EMAIL PROTECTED]
 wrote:
  Hi!
 
  The rdr (nat) rule for squid transparent
  proxy is
  missing on pfsense 0.76.2 which causes
  transparent
  proxying NOT to function properly. The
 corresponding
  pass rules are present however.
 
  The problem is corrected by commenting out
  line#
 1134
  of /etc/inc/filter.inc:
 
  if (is_package_installed(squid) ==
  1)
  //if
  (is_process_running(squid))
 
  Could it be because this function was called
  at
 the
  time when squid has not fully loaded itself?
  If
 this
  is the case, then it would be better if the
  rc
 loader
  for squid be given enough time to sleep
  for a
 while
  before exiting.
 
  Thanks.
 
  Miles
 
 
  __
  Do You Yahoo!?
  Tired of spam?  Yahoo! Mail has the best
  spam
 protection around
  http://mail.yahoo.com
 
 

   
 
 -
  To unsubscribe, e-mail:
 [EMAIL PROTECTED]
  For additional commands, e-mail:
 [EMAIL PROTECTED]
 
 


 --
 ##
 BKW - Bachman Kharazmi
 bahkha AT gmail DOT com
 uin: #24089491
 SWEDEN
 ##


   
 
 -
 To unsubscribe, e-mail:
 [EMAIL PROTECTED]
 For additional commands, e-mail:
 [EMAIL PROTECTED]


   
   
   
   
   
  
Start your day with Yahoo! - make it your home
  page
http://www.yahoo.com/r/hs
   
   
   
 
 -
To unsubscribe, e-mail:
  [EMAIL PROTECTED]
For additional commands, e-mail:
  [EMAIL PROTECTED]
   
   
  
  
 
 -
   To unsubscribe, e-mail:
  [EMAIL PROTECTED]
   For additional commands, e-mail:
  [EMAIL PROTECTED]
  
  
 
 
 
 
 
 
 Start your day with Yahoo! - make it your home page
 http://www.yahoo.com/r/hs
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Alert about pf rules syntax errors... again...

[Bill Marquette]

I've had coworkers report the same issue.  The solution was to remove
the entire IPSEC section in the XML file (actually, if you know
exactly what to remove, you don't need to, but this is the easier more
generic way describing the fix).  At some point in one of the versions
right after the hackathon we accidentally set an empty tunnel in
memory which got saved to the config file.

Maybe in the next release we can update config file versions and clear
any blank tunnel fields (if someone can send me a known bad config
file exhibiting this behaviour).

--Bill

On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote:
 The problem is the previous version had a parser bug and I bet money
 your ipsec profiles are now corrupted.   I had to readd my ipsec
 connections after the version in question (cannot recall which version
 it was).
 
 The web gui's job is to enforce data but if it becomes corrupted then
 it gets rather hard to enforce, no?
 
 Scott
 
 
 On 8/17/05, Randy B [EMAIL PROTECTED] wrote:
  Scott Ullrich wrote:
   I just tested the latest vpn.inc with my home firewall that has 4+
   ipsec links and it works fine.I'll be releasing a new version
   soon.  Please be on the lookout for it and give it a try.
  
   Scott
 
  I'm still showing this issue in 0.77.  My last fix was to comment out a
  large swath of /etc/inc/filter.inc, but I tried to be a bit more
  pragmatic about it this time, and realized that I came to the precise
  same conclusions that M. Kohn came to.  There needs to be some catch,
  some hook in vpn_ipsec.php (line 36 where the empty definition is
  created), filter.inc (see previously submitted patch), or vpn.inc.
  Something somewhere either has to stop making the empty tunnel or
  everything else has to be changed to be able to deal with it.
 
  Scott - you said a change to filter.inc is not the correct fix, and to
  make it in /etc/inc/vpn.inc.  Why would that be?  AFAICT, vpn.inc just
  sets up defined tunnels - very little error control in it.  The
  specified code chunk in filter.inc (starting ~2093) seems to be the
  flawed one - it just happily chews right over definitions, uncaring
  whether they're empty or not.  Shouldn't a process that's generating
  system commands be a bit more concerned about whether or not it's
  putting out proper syntax?
 
  RB
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy

[Bachman Kharazmi]

I've now tried squid. I works well for me running  0.76.4 
The installation succeeds and the squid process starts in right order.
The rdr rules 'DOES' exist in my rules.debug and has been enabled.

I've read all squid logs and it does transperant caching out of the box.

Now I'll leave the process running for a few hours while using inet
and see what happens...

/bkw

On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote:
 SQUID should not be dying.  If it is then I need to deactivate the
 package until a new one is released on the freebsd site.
 
 Scott
 
 
 On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote:
  No need to file a ticket. Thanks for the swift action.
  I'll wait till next release then.
 
  Also, I am concerned of the Squid process dying for
  any reason and the rdr rule for transparent proxying
  is still in effect. This will block http traffic to
  the internet. Any solution for this?
 
  Thanks again.
 
  Miles
 
  --- Scott Ullrich [EMAIL PROTECTED] wrote:
 
   The solution here is to set the filter dirty flag in
   the squid startup
   script.  This will force the rules to be reloaded
   and then squid will
   be running.
  
   I'll take care of it shortly.
  
   Scott
  
  
   On 8/16/05, Bill Marquette
   [EMAIL PROTECTED] wrote:
Albert, can you file a ticket on this at
   http://cvstrac.pfsense.com/ ?
I'd rather not delay boot until squid is up, but I
   suppose that's open
for debate.  Without looking at the code, I'm
   wondering if we're even
starting up squid before the filter.
Can you insert a sleep(); statement before the
   is_process_running
statement and tell us how long you have to sleep
   for to get reliable
results? Also, what speed hardware is this on?
   Thanks
   
--Bill
   
On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED]
   wrote:
 I think it is actually a BUG in the script
 /etc/inc/filter.inc that checks for the squid
   process
 at boot time which will return FALSE because no
 package is loaded during this time yet. See the
 /etc/rc script for the loading sequence.

 The /etc/rc.bootup script that initializes the
   pf
 rules is called before executing rc.d items.
   Please
 see the /etc/rc script.

 As a solution, the
   if(is_process_running(squid))
 at line no. 1134 of the file /etc/inc/filter.inc
   must
 be commented out.

 Cheers!


 --- Bachman Kharazmi [EMAIL PROTECTED] wrote:

  When the squid package has installed properly
  without any errors type:
  # pfctl -sr | grep rdr
  if that returns a rule and trans.proxy still
   doesn't
  work (make sure
  the squid process is running) then I would
   suggest
  you read the squid
  logs to findout why it doesn't cache.
 
  /bkw
 
 
  On 8/16/05, Albert Miles Enabe
   [EMAIL PROTECTED]
  wrote:
   Hi!
  
   The rdr (nat) rule for squid transparent
   proxy is
   missing on pfsense 0.76.2 which causes
   transparent
   proxying NOT to function properly. The
  corresponding
   pass rules are present however.
  
   The problem is corrected by commenting out
   line#
  1134
   of /etc/inc/filter.inc:
  
   if (is_package_installed(squid) ==
   1)
   //if
   (is_process_running(squid))
  
   Could it be because this function was called
   at
  the
   time when squid has not fully loaded itself?
   If
  this
   is the case, then it would be better if the
   rc
  loader
   for squid be given enough time to sleep
   for a
  while
   before exiting.
  
   Thanks.
  
   Miles
  
  
   __
   Do You Yahoo!?
   Tired of spam?  Yahoo! Mail has the best
   spam
  protection around
   http://mail.yahoo.com
  
  
 

  
  -
   To unsubscribe, e-mail:
  [EMAIL PROTECTED]
   For additional commands, e-mail:
  [EMAIL PROTECTED]
  
  
 
 
  --
  ##
  BKW - Bachman Kharazmi
  bahkha AT gmail DOT com
  uin: #24089491
  SWEDEN
  ##
 
 

  
  -
  To unsubscribe, e-mail:
  [EMAIL PROTECTED]
  For additional commands, e-mail:
  [EMAIL PROTECTED]
 
 





   
 Start your day with Yahoo! - make it your home
   page
 http://www.yahoo.com/r/hs



  
  -
 To unsubscribe, e-mail:
   [EMAIL PROTECTED]
 For additional commands, e-mail:
   [EMAIL PROTECTED]


   
   
  
  

Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy

[Scott Ullrich]

BKW,

Any chance of doing some type of automated web browsing from a machine
and let it run overnight?   IE: the client machine would keep randomly
surfing to sites..

Scott


On 8/17/05, Bachman Kharazmi [EMAIL PROTECTED] wrote:
 I've now tried squid. I works well for me running  0.76.4
 The installation succeeds and the squid process starts in right order.
 The rdr rules 'DOES' exist in my rules.debug and has been enabled.
 
 I've read all squid logs and it does transperant caching out of the box.
 
 Now I'll leave the process running for a few hours while using inet
 and see what happens...
 
 /bkw
 
 On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote:
  SQUID should not be dying.  If it is then I need to deactivate the
  package until a new one is released on the freebsd site.
 
  Scott
 
 
  On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote:
   No need to file a ticket. Thanks for the swift action.
   I'll wait till next release then.
  
   Also, I am concerned of the Squid process dying for
   any reason and the rdr rule for transparent proxying
   is still in effect. This will block http traffic to
   the internet. Any solution for this?
  
   Thanks again.
  
   Miles
  
   --- Scott Ullrich [EMAIL PROTECTED] wrote:
  
The solution here is to set the filter dirty flag in
the squid startup
script.  This will force the rules to be reloaded
and then squid will
be running.
   
I'll take care of it shortly.
   
Scott
   
   
On 8/16/05, Bill Marquette
[EMAIL PROTECTED] wrote:
 Albert, can you file a ticket on this at
http://cvstrac.pfsense.com/ ?
 I'd rather not delay boot until squid is up, but I
suppose that's open
 for debate.  Without looking at the code, I'm
wondering if we're even
 starting up squid before the filter.
 Can you insert a sleep(); statement before the
is_process_running
 statement and tell us how long you have to sleep
for to get reliable
 results? Also, what speed hardware is this on?
Thanks

 --Bill

 On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED]
wrote:
  I think it is actually a BUG in the script
  /etc/inc/filter.inc that checks for the squid
process
  at boot time which will return FALSE because no
  package is loaded during this time yet. See the
  /etc/rc script for the loading sequence.
 
  The /etc/rc.bootup script that initializes the
pf
  rules is called before executing rc.d items.
Please
  see the /etc/rc script.
 
  As a solution, the
if(is_process_running(squid))
  at line no. 1134 of the file /etc/inc/filter.inc
must
  be commented out.
 
  Cheers!
 
 
  --- Bachman Kharazmi [EMAIL PROTECTED] wrote:
 
   When the squid package has installed properly
   without any errors type:
   # pfctl -sr | grep rdr
   if that returns a rule and trans.proxy still
doesn't
   work (make sure
   the squid process is running) then I would
suggest
   you read the squid
   logs to findout why it doesn't cache.
  
   /bkw
  
  
   On 8/16/05, Albert Miles Enabe
[EMAIL PROTECTED]
   wrote:
Hi!
   
The rdr (nat) rule for squid transparent
proxy is
missing on pfsense 0.76.2 which causes
transparent
proxying NOT to function properly. The
   corresponding
pass rules are present however.
   
The problem is corrected by commenting out
line#
   1134
of /etc/inc/filter.inc:
   
if (is_package_installed(squid) ==
1)
//if
(is_process_running(squid))
   
Could it be because this function was called
at
   the
time when squid has not fully loaded itself?
If
   this
is the case, then it would be better if the
rc
   loader
for squid be given enough time to sleep
for a
   while
before exiting.
   
Thanks.
   
Miles
   
   
__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best
spam
   protection around
http://mail.yahoo.com
   
   
  
 
   
   -
To unsubscribe, e-mail:
   [EMAIL PROTECTED]
For additional commands, e-mail:
   [EMAIL PROTECTED]
   
   
  
  
   --
   ##
   BKW - Bachman Kharazmi
   bahkha AT gmail DOT com
   uin: #24089491
   SWEDEN
   ##
  
  
 
   
   -
   To unsubscribe, e-mail:
   [EMAIL PROTECTED]
   For additional commands, e-mail:
   [EMAIL PROTECTED]
  
  
 
 
 
 
 

Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy

[Bachman Kharazmi]

sounds fun and useful atm.

I'll search and see what I can find, I'am pretty sure there are tools for that..
/bkw

On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote:
 BKW,
 
 Any chance of doing some type of automated web browsing from a machine
 and let it run overnight?   IE: the client machine would keep randomly
 surfing to sites..
 
 Scott
 
 
 On 8/17/05, Bachman Kharazmi [EMAIL PROTECTED] wrote:
  I've now tried squid. I works well for me running  0.76.4
  The installation succeeds and the squid process starts in right order.
  The rdr rules 'DOES' exist in my rules.debug and has been enabled.
 
  I've read all squid logs and it does transperant caching out of the box.
 
  Now I'll leave the process running for a few hours while using inet
  and see what happens...
 
  /bkw
 
  On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote:
   SQUID should not be dying.  If it is then I need to deactivate the
   package until a new one is released on the freebsd site.
  
   Scott
  
  
   On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote:
No need to file a ticket. Thanks for the swift action.
I'll wait till next release then.
   
Also, I am concerned of the Squid process dying for
any reason and the rdr rule for transparent proxying
is still in effect. This will block http traffic to
the internet. Any solution for this?
   
Thanks again.
   
Miles
   
--- Scott Ullrich [EMAIL PROTECTED] wrote:
   
 The solution here is to set the filter dirty flag in
 the squid startup
 script.  This will force the rules to be reloaded
 and then squid will
 be running.

 I'll take care of it shortly.

 Scott


 On 8/16/05, Bill Marquette
 [EMAIL PROTECTED] wrote:
  Albert, can you file a ticket on this at
 http://cvstrac.pfsense.com/ ?
  I'd rather not delay boot until squid is up, but I
 suppose that's open
  for debate.  Without looking at the code, I'm
 wondering if we're even
  starting up squid before the filter.
  Can you insert a sleep(); statement before the
 is_process_running
  statement and tell us how long you have to sleep
 for to get reliable
  results? Also, what speed hardware is this on?
 Thanks
 
  --Bill
 
  On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED]
 wrote:
   I think it is actually a BUG in the script
   /etc/inc/filter.inc that checks for the squid
 process
   at boot time which will return FALSE because no
   package is loaded during this time yet. See the
   /etc/rc script for the loading sequence.
  
   The /etc/rc.bootup script that initializes the
 pf
   rules is called before executing rc.d items.
 Please
   see the /etc/rc script.
  
   As a solution, the
 if(is_process_running(squid))
   at line no. 1134 of the file /etc/inc/filter.inc
 must
   be commented out.
  
   Cheers!
  
  
   --- Bachman Kharazmi [EMAIL PROTECTED] wrote:
  
When the squid package has installed properly
without any errors type:
# pfctl -sr | grep rdr
if that returns a rule and trans.proxy still
 doesn't
work (make sure
the squid process is running) then I would
 suggest
you read the squid
logs to findout why it doesn't cache.
   
/bkw
   
   
On 8/16/05, Albert Miles Enabe
 [EMAIL PROTECTED]
wrote:
 Hi!

 The rdr (nat) rule for squid transparent
 proxy is
 missing on pfsense 0.76.2 which causes
 transparent
 proxying NOT to function properly. The
corresponding
 pass rules are present however.

 The problem is corrected by commenting out
 line#
1134
 of /etc/inc/filter.inc:

 if (is_package_installed(squid) ==
 1)
 //if
 (is_process_running(squid))

 Could it be because this function was called
 at
the
 time when squid has not fully loaded itself?
 If
this
 is the case, then it would be better if the
 rc
loader
 for squid be given enough time to sleep
 for a
while
 before exiting.

 Thanks.

 Miles


 __
 Do You Yahoo!?
 Tired of spam?  Yahoo! Mail has the best
 spam
protection around
 http://mail.yahoo.com


   
  

-
 To unsubscribe, e-mail:
[EMAIL PROTECTED]
 For additional commands, e-mail:
[EMAIL PROTECTED]


   
   
--
##
BKW - Bachman Kharazmi
bahkha AT gmail 

[pfSense Support] Firewall is blocking traffic it shouldn't

[Roy Walker]

Running pfsense
0.77.



Getting messages like the following:



pf: 140737 rule 111/0(match):
block in on fxp2: yyy.yyy.yyy.yyy.4685  xxx.xxx.xxx.xxx:53.80: F
1151007775:1151007775(0) ack 682370803 win 3490 nop,nop,timestamp 42327615[|tcp]



The yyy is the external IP. The xxx is an internal IP for a web
site. There is a rule to allow
traffic to the internal IP on port 80 from any source. Can someone tell me what rule 111 is and
why it is blocking this traffic?



Thanx,

Roy

Re: [pfSense Support] Firewall is blocking traffic it shouldn't

[Scott Ullrich]

pfctl -vvvsr from a command prompt (or status.php) lists the rules
with rule numbers.

On 8/17/05, Roy Walker [EMAIL PROTECTED] wrote:
  
  
 
 Running pfsense 0.77. 
 
   
 
 Getting messages like the following: 
 
   
 
 pf: 140737 rule 111/0(match): block in on fxp2: yyy.yyy.yyy.yyy.4685 
 xxx.xxx.xxx.xxx:53.80: F 1151007775:1151007775(0) ack 682370803 win 3490
 nop,nop,timestamp 42327615[|tcp] 
 
   
 
 The yyy is the external IP.  The xxx is an internal IP for a web site. 
 There is a rule to allow traffic to the internal IP on port 80 from any
 source.  Can someone tell me what rule 111 is and why it is blocking this
 traffic? 
 
   
 
 Thanx, 
 
 Roy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Firewall is blocking traffic it shouldn't

[Roy Walker]

Ok rule 111 is the default in bound block rule.

Rule 78 is as follows:

@78 pass in quick on fxp2 inet proto tcp from any to 172.20.1.53 port =
http flags S/SA label USER_RULE: MAGIC1500 - HTTP
  [ Evaluations: 1029  Packets: 2642  Bytes: 922487  States:
121 ]

This should allow the traffic that is being blocked by rule 111.  I am
getting entries like below from many IP addresses.  For some reason some
traffic is going through all right and some is not.  As you can see
there are packets making it through on rule 78.

Any ideas?

Roy

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 17, 2005 11:16 AM
To: Roy Walker
Cc: support@pfsense.com
Subject: Re: [pfSense Support] Firewall is blocking traffic it shouldn't

pfctl -vvvsr from a command prompt (or status.php) lists the rules
with rule numbers.

On 8/17/05, Roy Walker [EMAIL PROTECTED] wrote:
  
  
 
 Running pfsense 0.77. 
 
   
 
 Getting messages like the following: 
 
   
 
 pf: 140737 rule 111/0(match): block in on fxp2: yyy.yyy.yyy.yyy.4685 
 xxx.xxx.xxx.xxx:53.80: F 1151007775:1151007775(0) ack 682370803 win
3490
 nop,nop,timestamp 42327615[|tcp] 
 
   
 
 The yyy is the external IP.  The xxx is an internal IP for a web site.

 There is a rule to allow traffic to the internal IP on port 80 from
any
 source.  Can someone tell me what rule 111 is and why it is blocking
this
 traffic? 
 
   
 
 Thanx, 
 
 Roy

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]