[pfSense Support] pfSense with Dell PowerEdge 750 ?
Hello, I'm planning to run pfSense with the Dell PowerEdge 750 server, and seem my only concern is, pfSense native support with SATA drive? A brief spec. for the PowerEdge 750: Intel P4 processor, Intel E7210 chipset, dual embedded Gigabit NICs Thank you very much.
[pfSense Support] Please help
I install pfSense-Full-Update-0.75. And i want to know, how i can install Midnight Commander (eror gcc cc compiler)? And how i can install posrts for FreeBSD. This version can't find bsd on ftp.
[pfSense Support] Pfsense only router
Hi I would like to use Pfsense only like router (NAT) and traffic shapper. Maybe squid also. There are those functions stables or are beta ? Thanks in advance. roberto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Please help
How to get fbsd portcollection working: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html (personally I don't play with ports on my pfS boxes. There're precompiled packages often that are a _more_ safe option. Compiling can cause headache if you don't know what you're doin) and there are mc packages ready you can use. I suggest the light option if you don't want perl and loads of other pkgs. try something like # pkg_add -r mc-light-4.1.40.p9_5 /bkw On 8/17/05, Vladimir [EMAIL PROTECTED] wrote: I install pfSense-Full-Update-0.75. And i want to know, how i can install Midnight Commander (eror gcc cc compiler)? And how i can install posrts for FreeBSD. This version can't find bsd on ftp. -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Pfsense only router
squid is beta, there are no gui (yet...) but it should be ready for transperant proxy. AFAIK NAT works without any problems, I leave the trafficshaping for somebody else who tested it lately. (I'am sure there are earlier answers in the ML-archive) /bkw On 8/17/05, Roberto Pereyra [EMAIL PROTECTED] wrote: Hi I would like to use Pfsense only like router (NAT) and traffic shapper. Maybe squid also. There are those functions stables or are beta ? Thanks in advance. roberto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE: [pfSense Support] ISO problems ... still
I found that the 0.76.4.iso still hangs (Waiting for Backend on ANSI screen) EVEN when the CD HDD ARE on the same channel (ie: primary). I did successfully do an upgrade from 0.74.8 0.77 this morning and all went fine. I haven't seen a newer version of the iso (0.76.4 has been up on the mirrors for a couple of days now).--David L. StroutEngineering Systems Plus, LLC- Original Message -Subject: RE: [pfSense Support] ISO problems ... stillFrom: [EMAIL PROTECTED]To: [EMAIL PROTECTED]Date: 08-16-2005 9:28 pmNope, still a no go unless the CDROM is on the same channel..! . Dimitri RodisIntegrita Systems LLC-Original Message-From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 16, 2005 9:12 AMTo: Dimitri RodisCc: Wesley Joyce; support@pfsense.comSubject: Re: [pfSense Support] ISO problems ... stillTry the latest version that I posted last night.On 8/16/05, Dimitri Rodis [EMAIL PROTECTED] wrote: Any news on the issue with the installer? (Moving the CDROM to be on the same channel as the hard drive, etc.) Dimitri Rodis Integrita Systems LLC -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, August 11, 2005 3:05 PM To: Dimitri Rodis
Cc: Wesley Joyce; support@pfsense.com Subject: Re: [pfSense Support] ISO problems ... still On 8/11/05, Dimitri Rodis [EMAIL PROTECTED] wrote: Yup, that did it. All I did was move the CDROM from Secondary Master to Primary Slave and the install went right thru. This was on 0.73.8. Okay thanks. Let me see if this can help us narrow down the problem. Scott-To unsubscribe, e-mail: [EMAIL PROTECTED] For additionalcommands, e-mail: [EMAIL PROTECTED]-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Alert about pf rules syntax errors... again...
The problem is the previous version had a parser bug and I bet money your ipsec profiles are now corrupted. I had to readd my ipsec connections after the version in question (cannot recall which version it was). The web gui's job is to enforce data but if it becomes corrupted then it gets rather hard to enforce, no? Scott On 8/17/05, Randy B [EMAIL PROTECTED] wrote: Scott Ullrich wrote: I just tested the latest vpn.inc with my home firewall that has 4+ ipsec links and it works fine.I'll be releasing a new version soon. Please be on the lookout for it and give it a try. Scott I'm still showing this issue in 0.77. My last fix was to comment out a large swath of /etc/inc/filter.inc, but I tried to be a bit more pragmatic about it this time, and realized that I came to the precise same conclusions that M. Kohn came to. There needs to be some catch, some hook in vpn_ipsec.php (line 36 where the empty definition is created), filter.inc (see previously submitted patch), or vpn.inc. Something somewhere either has to stop making the empty tunnel or everything else has to be changed to be able to deal with it. Scott - you said a change to filter.inc is not the correct fix, and to make it in /etc/inc/vpn.inc. Why would that be? AFAICT, vpn.inc just sets up defined tunnels - very little error control in it. The specified code chunk in filter.inc (starting ~2093) seems to be the flawed one - it just happily chews right over definitions, uncaring whether they're empty or not. Shouldn't a process that's generating system commands be a bit more concerned about whether or not it's putting out proper syntax? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
SQUID should not be dying. If it is then I need to deactivate the package until a new one is released on the freebsd site. Scott On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: No need to file a ticket. Thanks for the swift action. I'll wait till next release then. Also, I am concerned of the Squid process dying for any reason and the rdr rule for transparent proxying is still in effect. This will block http traffic to the internet. Any solution for this? Thanks again. Miles --- Scott Ullrich [EMAIL PROTECTED] wrote: The solution here is to set the filter dirty flag in the squid startup script. This will force the rules to be reloaded and then squid will be running. I'll take care of it shortly. Scott On 8/16/05, Bill Marquette [EMAIL PROTECTED] wrote: Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ? I'd rather not delay boot until squid is up, but I suppose that's open for debate. Without looking at the code, I'm wondering if we're even starting up squid before the filter. Can you insert a sleep(); statement before the is_process_running statement and tell us how long you have to sleep for to get reliable results? Also, what speed hardware is this on? Thanks --Bill On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: I think it is actually a BUG in the script /etc/inc/filter.inc that checks for the squid process at boot time which will return FALSE because no package is loaded during this time yet. See the /etc/rc script for the loading sequence. The /etc/rc.bootup script that initializes the pf rules is called before executing rc.d items. Please see the /etc/rc script. As a solution, the if(is_process_running(squid)) at line no. 1134 of the file /etc/inc/filter.inc must be commented out. Cheers! --- Bachman Kharazmi [EMAIL PROTECTED] wrote: When the squid package has installed properly without any errors type: # pfctl -sr | grep rdr if that returns a rule and trans.proxy still doesn't work (make sure the squid process is running) then I would suggest you read the squid logs to findout why it doesn't cache. /bkw On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: Hi! The rdr (nat) rule for squid transparent proxy is missing on pfsense 0.76.2 which causes transparent proxying NOT to function properly. The corresponding pass rules are present however. The problem is corrected by commenting out line# 1134 of /etc/inc/filter.inc: if (is_package_installed(squid) == 1) //if (is_process_running(squid)) Could it be because this function was called at the time when squid has not fully loaded itself? If this is the case, then it would be better if the rc loader for squid be given enough time to sleep for a while before exiting. Thanks. Miles __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Alert about pf rules syntax errors... again...
I've had coworkers report the same issue. The solution was to remove the entire IPSEC section in the XML file (actually, if you know exactly what to remove, you don't need to, but this is the easier more generic way describing the fix). At some point in one of the versions right after the hackathon we accidentally set an empty tunnel in memory which got saved to the config file. Maybe in the next release we can update config file versions and clear any blank tunnel fields (if someone can send me a known bad config file exhibiting this behaviour). --Bill On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote: The problem is the previous version had a parser bug and I bet money your ipsec profiles are now corrupted. I had to readd my ipsec connections after the version in question (cannot recall which version it was). The web gui's job is to enforce data but if it becomes corrupted then it gets rather hard to enforce, no? Scott On 8/17/05, Randy B [EMAIL PROTECTED] wrote: Scott Ullrich wrote: I just tested the latest vpn.inc with my home firewall that has 4+ ipsec links and it works fine.I'll be releasing a new version soon. Please be on the lookout for it and give it a try. Scott I'm still showing this issue in 0.77. My last fix was to comment out a large swath of /etc/inc/filter.inc, but I tried to be a bit more pragmatic about it this time, and realized that I came to the precise same conclusions that M. Kohn came to. There needs to be some catch, some hook in vpn_ipsec.php (line 36 where the empty definition is created), filter.inc (see previously submitted patch), or vpn.inc. Something somewhere either has to stop making the empty tunnel or everything else has to be changed to be able to deal with it. Scott - you said a change to filter.inc is not the correct fix, and to make it in /etc/inc/vpn.inc. Why would that be? AFAICT, vpn.inc just sets up defined tunnels - very little error control in it. The specified code chunk in filter.inc (starting ~2093) seems to be the flawed one - it just happily chews right over definitions, uncaring whether they're empty or not. Shouldn't a process that's generating system commands be a bit more concerned about whether or not it's putting out proper syntax? RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
I've now tried squid. I works well for me running 0.76.4 The installation succeeds and the squid process starts in right order. The rdr rules 'DOES' exist in my rules.debug and has been enabled. I've read all squid logs and it does transperant caching out of the box. Now I'll leave the process running for a few hours while using inet and see what happens... /bkw On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote: SQUID should not be dying. If it is then I need to deactivate the package until a new one is released on the freebsd site. Scott On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: No need to file a ticket. Thanks for the swift action. I'll wait till next release then. Also, I am concerned of the Squid process dying for any reason and the rdr rule for transparent proxying is still in effect. This will block http traffic to the internet. Any solution for this? Thanks again. Miles --- Scott Ullrich [EMAIL PROTECTED] wrote: The solution here is to set the filter dirty flag in the squid startup script. This will force the rules to be reloaded and then squid will be running. I'll take care of it shortly. Scott On 8/16/05, Bill Marquette [EMAIL PROTECTED] wrote: Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ? I'd rather not delay boot until squid is up, but I suppose that's open for debate. Without looking at the code, I'm wondering if we're even starting up squid before the filter. Can you insert a sleep(); statement before the is_process_running statement and tell us how long you have to sleep for to get reliable results? Also, what speed hardware is this on? Thanks --Bill On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: I think it is actually a BUG in the script /etc/inc/filter.inc that checks for the squid process at boot time which will return FALSE because no package is loaded during this time yet. See the /etc/rc script for the loading sequence. The /etc/rc.bootup script that initializes the pf rules is called before executing rc.d items. Please see the /etc/rc script. As a solution, the if(is_process_running(squid)) at line no. 1134 of the file /etc/inc/filter.inc must be commented out. Cheers! --- Bachman Kharazmi [EMAIL PROTECTED] wrote: When the squid package has installed properly without any errors type: # pfctl -sr | grep rdr if that returns a rule and trans.proxy still doesn't work (make sure the squid process is running) then I would suggest you read the squid logs to findout why it doesn't cache. /bkw On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: Hi! The rdr (nat) rule for squid transparent proxy is missing on pfsense 0.76.2 which causes transparent proxying NOT to function properly. The corresponding pass rules are present however. The problem is corrected by commenting out line# 1134 of /etc/inc/filter.inc: if (is_package_installed(squid) == 1) //if (is_process_running(squid)) Could it be because this function was called at the time when squid has not fully loaded itself? If this is the case, then it would be better if the rc loader for squid be given enough time to sleep for a while before exiting. Thanks. Miles __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
BKW, Any chance of doing some type of automated web browsing from a machine and let it run overnight? IE: the client machine would keep randomly surfing to sites.. Scott On 8/17/05, Bachman Kharazmi [EMAIL PROTECTED] wrote: I've now tried squid. I works well for me running 0.76.4 The installation succeeds and the squid process starts in right order. The rdr rules 'DOES' exist in my rules.debug and has been enabled. I've read all squid logs and it does transperant caching out of the box. Now I'll leave the process running for a few hours while using inet and see what happens... /bkw On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote: SQUID should not be dying. If it is then I need to deactivate the package until a new one is released on the freebsd site. Scott On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: No need to file a ticket. Thanks for the swift action. I'll wait till next release then. Also, I am concerned of the Squid process dying for any reason and the rdr rule for transparent proxying is still in effect. This will block http traffic to the internet. Any solution for this? Thanks again. Miles --- Scott Ullrich [EMAIL PROTECTED] wrote: The solution here is to set the filter dirty flag in the squid startup script. This will force the rules to be reloaded and then squid will be running. I'll take care of it shortly. Scott On 8/16/05, Bill Marquette [EMAIL PROTECTED] wrote: Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ? I'd rather not delay boot until squid is up, but I suppose that's open for debate. Without looking at the code, I'm wondering if we're even starting up squid before the filter. Can you insert a sleep(); statement before the is_process_running statement and tell us how long you have to sleep for to get reliable results? Also, what speed hardware is this on? Thanks --Bill On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: I think it is actually a BUG in the script /etc/inc/filter.inc that checks for the squid process at boot time which will return FALSE because no package is loaded during this time yet. See the /etc/rc script for the loading sequence. The /etc/rc.bootup script that initializes the pf rules is called before executing rc.d items. Please see the /etc/rc script. As a solution, the if(is_process_running(squid)) at line no. 1134 of the file /etc/inc/filter.inc must be commented out. Cheers! --- Bachman Kharazmi [EMAIL PROTECTED] wrote: When the squid package has installed properly without any errors type: # pfctl -sr | grep rdr if that returns a rule and trans.proxy still doesn't work (make sure the squid process is running) then I would suggest you read the squid logs to findout why it doesn't cache. /bkw On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: Hi! The rdr (nat) rule for squid transparent proxy is missing on pfsense 0.76.2 which causes transparent proxying NOT to function properly. The corresponding pass rules are present however. The problem is corrected by commenting out line# 1134 of /etc/inc/filter.inc: if (is_package_installed(squid) == 1) //if (is_process_running(squid)) Could it be because this function was called at the time when squid has not fully loaded itself? If this is the case, then it would be better if the rc loader for squid be given enough time to sleep for a while before exiting. Thanks. Miles __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ## BKW - Bachman Kharazmi bahkha AT gmail DOT com uin: #24089491 SWEDEN ## - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense 0.76.2: No rdr rule for Squid Transparent Proxy
sounds fun and useful atm. I'll search and see what I can find, I'am pretty sure there are tools for that.. /bkw On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote: BKW, Any chance of doing some type of automated web browsing from a machine and let it run overnight? IE: the client machine would keep randomly surfing to sites.. Scott On 8/17/05, Bachman Kharazmi [EMAIL PROTECTED] wrote: I've now tried squid. I works well for me running 0.76.4 The installation succeeds and the squid process starts in right order. The rdr rules 'DOES' exist in my rules.debug and has been enabled. I've read all squid logs and it does transperant caching out of the box. Now I'll leave the process running for a few hours while using inet and see what happens... /bkw On 8/17/05, Scott Ullrich [EMAIL PROTECTED] wrote: SQUID should not be dying. If it is then I need to deactivate the package until a new one is released on the freebsd site. Scott On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: No need to file a ticket. Thanks for the swift action. I'll wait till next release then. Also, I am concerned of the Squid process dying for any reason and the rdr rule for transparent proxying is still in effect. This will block http traffic to the internet. Any solution for this? Thanks again. Miles --- Scott Ullrich [EMAIL PROTECTED] wrote: The solution here is to set the filter dirty flag in the squid startup script. This will force the rules to be reloaded and then squid will be running. I'll take care of it shortly. Scott On 8/16/05, Bill Marquette [EMAIL PROTECTED] wrote: Albert, can you file a ticket on this at http://cvstrac.pfsense.com/ ? I'd rather not delay boot until squid is up, but I suppose that's open for debate. Without looking at the code, I'm wondering if we're even starting up squid before the filter. Can you insert a sleep(); statement before the is_process_running statement and tell us how long you have to sleep for to get reliable results? Also, what speed hardware is this on? Thanks --Bill On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: I think it is actually a BUG in the script /etc/inc/filter.inc that checks for the squid process at boot time which will return FALSE because no package is loaded during this time yet. See the /etc/rc script for the loading sequence. The /etc/rc.bootup script that initializes the pf rules is called before executing rc.d items. Please see the /etc/rc script. As a solution, the if(is_process_running(squid)) at line no. 1134 of the file /etc/inc/filter.inc must be commented out. Cheers! --- Bachman Kharazmi [EMAIL PROTECTED] wrote: When the squid package has installed properly without any errors type: # pfctl -sr | grep rdr if that returns a rule and trans.proxy still doesn't work (make sure the squid process is running) then I would suggest you read the squid logs to findout why it doesn't cache. /bkw On 8/16/05, Albert Miles Enabe [EMAIL PROTECTED] wrote: Hi! The rdr (nat) rule for squid transparent proxy is missing on pfsense 0.76.2 which causes transparent proxying NOT to function properly. The corresponding pass rules are present however. The problem is corrected by commenting out line# 1134 of /etc/inc/filter.inc: if (is_package_installed(squid) == 1) //if (is_process_running(squid)) Could it be because this function was called at the time when squid has not fully loaded itself? If this is the case, then it would be better if the rc loader for squid be given enough time to sleep for a while before exiting. Thanks. Miles __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- ## BKW - Bachman Kharazmi bahkha AT gmail
[pfSense Support] Firewall is blocking traffic it shouldn't
Running pfsense 0.77. Getting messages like the following: pf: 140737 rule 111/0(match): block in on fxp2: yyy.yyy.yyy.yyy.4685 xxx.xxx.xxx.xxx:53.80: F 1151007775:1151007775(0) ack 682370803 win 3490 nop,nop,timestamp 42327615[|tcp] The yyy is the external IP. The xxx is an internal IP for a web site. There is a rule to allow traffic to the internal IP on port 80 from any source. Can someone tell me what rule 111 is and why it is blocking this traffic? Thanx, Roy
Re: [pfSense Support] Firewall is blocking traffic it shouldn't
pfctl -vvvsr from a command prompt (or status.php) lists the rules with rule numbers. On 8/17/05, Roy Walker [EMAIL PROTECTED] wrote: Running pfsense 0.77. Getting messages like the following: pf: 140737 rule 111/0(match): block in on fxp2: yyy.yyy.yyy.yyy.4685 xxx.xxx.xxx.xxx:53.80: F 1151007775:1151007775(0) ack 682370803 win 3490 nop,nop,timestamp 42327615[|tcp] The yyy is the external IP. The xxx is an internal IP for a web site. There is a rule to allow traffic to the internal IP on port 80 from any source. Can someone tell me what rule 111 is and why it is blocking this traffic? Thanx, Roy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Firewall is blocking traffic it shouldn't
Ok rule 111 is the default in bound block rule. Rule 78 is as follows: @78 pass in quick on fxp2 inet proto tcp from any to 172.20.1.53 port = http flags S/SA label USER_RULE: MAGIC1500 - HTTP [ Evaluations: 1029 Packets: 2642 Bytes: 922487 States: 121 ] This should allow the traffic that is being blocked by rule 111. I am getting entries like below from many IP addresses. For some reason some traffic is going through all right and some is not. As you can see there are packets making it through on rule 78. Any ideas? Roy -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 17, 2005 11:16 AM To: Roy Walker Cc: support@pfsense.com Subject: Re: [pfSense Support] Firewall is blocking traffic it shouldn't pfctl -vvvsr from a command prompt (or status.php) lists the rules with rule numbers. On 8/17/05, Roy Walker [EMAIL PROTECTED] wrote: Running pfsense 0.77. Getting messages like the following: pf: 140737 rule 111/0(match): block in on fxp2: yyy.yyy.yyy.yyy.4685 xxx.xxx.xxx.xxx:53.80: F 1151007775:1151007775(0) ack 682370803 win 3490 nop,nop,timestamp 42327615[|tcp] The yyy is the external IP. The xxx is an internal IP for a web site. There is a rule to allow traffic to the internal IP on port 80 from any source. Can someone tell me what rule 111 is and why it is blocking this traffic? Thanx, Roy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]