RE: [pfSense Support] filtered bridge
Alan, You want to create outbound allow rules for the NIC facing the particular machines in question. Assuming OPT1 is your internet-facing NIC and you want a machine on the network segment serviced by OPT2 to be able to make outbound connections, your allow rule will need to be applied to OPT2. Always remember to create the rules for the NIC that will see the traffic first. Cheers, Gary -Original Message-From: alan walters [mailto:[EMAIL PROTECTED]Sent: Monday, September 05, 2005 6:15 PMTo: support@pfsense.comSubject: [pfSense Support] filtered bridge I havea query about filtered bridges. I have opt2 bridged to opt1 I have rules on opt1 to all certain IP addresses to access the internet Ie if interface opt1 allow 192.168.1.100 to all I have 1 ip address on opt2 that I want to allow onto opt1 and access the internet What rules should work? I have tried Ie if interface opt2 allow 192.168.1.200 to all But this does not seem to work I cannot ping opt gateway Any ideas on the ruleset suggested for this to work well??
Re: [pfSense Support] filtered bridge
On 9/6/05, Gary Buckmaster [EMAIL PROTECTED] wrote: Alan, You want to create outbound allow rules for the NIC facing the particular machines in question. Assuming OPT1 is your internet-facing NIC and you want a machine on the network segment serviced by OPT2 to be able to make outbound connections, your allow rule will need to be applied to OPT2. Always remember to create the rules for the NIC that will see the traffic first. I'm not so sure this is the answer. Since he doesn't have the interfaces bridged to a WAN port it would be no different from needing NAT for your optional interfaces. So it sounds like it needs a NAT mapping for each of the subnets behind the bridges (since its not bridged to a wan port). Maybe I misread, I was very sick yesterday. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Multiple WANs
Technically, we do put the interface in the rule when it's created. But I can guarantee we'll only snag the first one. So, while you can enter the same IP multiple times in a pool (artificially creating a ratio based round robin) I'd be willing to bet that we don't correctly support this on one device. --BillOn 9/5/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 9/5/05, Holger Bauer [EMAIL PROTECTED] wrote: using the same gateway for both wans won't work as you can't specify rules for this I think. the rules are applied to a gateway and with both gateways the same... :-/ you might have to come up with a workaround like having a nated router in front of one connection to use this as gateway on one wan and put the pfsense in the dmz of this router.You *possibly* could create a load balancing pool with 1 device in it.Select this as your gateway from the rules. Again, haven't testedthis so I'm not sure if it will work or not.Scott -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] mail alias weirdness?
A couple of times I've inadvertantly sent to pfsense.org instead of pfsense.com, and gotten the following bounce: Hi. This is the qmail-send program at mail.livebsd.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. discussion@pfsense.com: ezmlm-reject: fatal: List address must be in To: or Cc: (#5.7.0) (this is somewhat non-intuitive, to say the least!) Obviously the mail *is* being forwarded, but the headers are obviously being munged irretrievably in the process? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] mail alias weirdness?
The lists are only setup for .com. I'm pretty sure it shows this on the website? Scott On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: A couple of times I've inadvertantly sent to pfsense.org instead of pfsense.com, and gotten the following bounce: Hi. This is the qmail-send program at mail.livebsd.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. discussion@pfsense.com: ezmlm-reject: fatal: List address must be in To: or Cc: (#5.7.0) (this is somewhat non-intuitive, to say the least!) Obviously the mail *is* being forwarded, but the headers are obviously being munged irretrievably in the process? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] mail alias weirdness?
On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: A couple of times I've inadvertantly sent to pfsense.org instead of pfsense.com, and gotten the following bounce: Hi. This is the qmail-send program at mail.livebsd.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. discussion@pfsense.com: ezmlm-reject: fatal: List address must be in To: or Cc: (#5.7.0) (this is somewhat non-intuitive, to say the least!) Obviously the mail *is* being forwarded, but the headers are obviously being munged irretrievably in the process? yep, [EMAIL PROTECTED] and .net forwards to [EMAIL PROTECTED] But, ezmlm will bounce list messages that don't have the list address in the To or CC lines, as you see. As is, it doesn't do any address rewriting. Personally, I'd prefer to stick with .org for everything, but we got started putting out a lot of stuff on .com for whatever reason, so we're kind of stuck on that at least for the time being. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] mail alias weirdness?
Can ezmlm not be configured to allow the other two domains? -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 11:34 AM Cc: support@pfsense.com Subject: Re: [pfSense Support] mail alias weirdness? On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: A couple of times I've inadvertantly sent to pfsense.org instead of pfsense.com, and gotten the following bounce: Hi. This is the qmail-send program at mail.livebsd.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. discussion@pfsense.com: ezmlm-reject: fatal: List address must be in To: or Cc: (#5.7.0) (this is somewhat non-intuitive, to say the least!) Obviously the mail *is* being forwarded, but the headers are obviously being munged irretrievably in the process? yep, [EMAIL PROTECTED] and .net forwards to [EMAIL PROTECTED] But, ezmlm will bounce list messages that don't have the list address in the To or CC lines, as you see. As is, it doesn't do any address rewriting. Personally, I'd prefer to stick with .org for everything, but we got started putting out a lot of stuff on .com for whatever reason, so we're kind of stuck on that at least for the time being. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] mail alias weirdness?
no idea. if somebody knows a way, please let me know. On 9/6/05, Gary Buckmaster [EMAIL PROTECTED] wrote: Can ezmlm not be configured to allow the other two domains? -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 11:34 AM Cc: support@pfsense.com Subject: Re: [pfSense Support] mail alias weirdness? On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: A couple of times I've inadvertantly sent to pfsense.org instead of pfsense.com, and gotten the following bounce: Hi. This is the qmail-send program at mail.livebsd.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. discussion@pfsense.com: ezmlm-reject: fatal: List address must be in To: or Cc: (#5.7.0) (this is somewhat non-intuitive, to say the least!) Obviously the mail *is* being forwarded, but the headers are obviously being munged irretrievably in the process? yep, [EMAIL PROTECTED] and .net forwards to [EMAIL PROTECTED] But, ezmlm will bounce list messages that don't have the list address in the To or CC lines, as you see. As is, it doesn't do any address rewriting. Personally, I'd prefer to stick with .org for everything, but we got started putting out a lot of stuff on .com for whatever reason, so we're kind of stuck on that at least for the time being. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Wireless Access Problem
Hello All, I'm using pfSense-Embedded-82.4.bin on a Soekris net4801 with a miniPCI Wireless Card. I configure de wireless interface to work as an access point and configure dhcp server for this interface. I used the same configuration to do the same with m0n0wall 1.2b9, and it works fine. But with pfsense, when I try to connect a laptop with WinXP SP2 I reach the wireless network fine, but it can't get an ip address. Any suggestions ? Thanks, Alejandro. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Wireless Access Problem
If you have stationname filled out, remove it. On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: Hello All, I'm using pfSense-Embedded-82.4.bin on a Soekris net4801 with a miniPCI Wireless Card. I configure de wireless interface to work as an access point and configure dhcp server for this interface. I used the same configuration to do the same with m0n0wall 1.2b9, and it works fine. But with pfsense, when I try to connect a laptop with WinXP SP2 I reach the wireless network fine, but it can't get an ip address. Any suggestions ? Thanks, Alejandro. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] startup problem
At 03:27 PM 9/6/2005, Richard Davis wrote: This is probably a newbie question but I have loaded pfsense on the hard drive on PC A and have a cross over cable going to another PC(PC B). I configured the PC B with an IP in the same range(192.168.1.10\24 .the default on the pfsense box is 192.168.1.1\24). I can not http or ping box A from box B so I told box A to ping its IP address(192.168.1.1). I get a no route to host. I know that the 2 PC's and their ethernet cards work because I loaded Star-os on one and pinged it from the other(Win 2000). My install was stright from the installer command off a CD that booted. Normally I don't have this type of problem. I figured that an generic install from the CD would not cause problems. Any suggestions? Thanks in advance i've had the same issue if i didn't configure the WAN port first. try that... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] startup problem
I had 2 NIC's in the pfsense(Box A) and one in the Win(Box B). To make thing even simpler I pulled the second NIC in Box A. I was just trying to communicate on the same subnet so I didn't think the Wan was required. I will put the NIC back in Box A and put an IP on it. Thx Richard -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:30 PM To: Richard Davis Cc: support@pfsense.com Subject: Re: [pfSense Support] startup problem You do have 2 nics in each box, right? On 9/6/05, Richard Davis [EMAIL PROTECTED] wrote: This is probably a newbie question but I have loaded pfsense on the hard drive on PC A and have a cross over cable going to another PC(PC B). I configured the PC B with an IP in the same range(192.168.1.10\24 .the default on the pfsense box is 192.168.1.1\24). I can not http or ping box A from box B so I told box A to ping its IP address(192.168.1.1). I get a no route to host. I know that the 2 PC's and their ethernet cards work because I loaded Star-os on one and pinged it from the other(Win 2000). My install was stright from the installer command off a CD that booted. Normally I don't have this type of problem. I figured that an generic install from the CD would not cause problems. Any suggestions? Thanks in advance Richard [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] startup problem
You need two nics minimum. It just won't even setup correctly with one nic. Scott On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: At 03:36 PM 9/6/2005, Richard Davis wrote: I had 2 NIC's in the pfsense(Box A) and one in the Win(Box B). To make thing even simpler I pulled the second NIC in Box A. I was just trying to communicate on the same subnet so I didn't think the Wan was required. I will put the NIC back in Box A and put an IP on it. yes, as i alluded to in my earlier post, you do need to config the WAN nic, or it seems something doesn't get set up all the way. drove me nuts the first time, as i couldn't figure out what was wrong, and out of desperation, i put the static IP on it it usually gets, and voila... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Wireless Access Problem
Hello, One thing I configure the wireless interface with NO WEP and it works fine with dhcp ... I tested all possible combination of web keys and did not work. Only works with NO WEP. I will try with an atheros miniPCI instead of the current one if this make any change... Any other suggestion will be very welcome Thank you very much for your help. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 3:23 PM To: Alejandro Galue Subject: Re: [pfSense Support] Wireless Access Problem I dont have the eqipment to test with. This works for many others so I really dont know the answer. Sorry. On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: I did it and it does not work. I have two CF one of 32Mb with m0n0wall 1.2b7 and other of 256Mb with pfSense (latest embedded version). Using the same soekris box, the wireless configuracion with m0n0wall works fine. I use the same settings for Interface, DHCP and Firewall Rules to configure pfsense, and you know the results. I can send you the xml configuration files (m0n0wall and pfsense) if you need that. Any other thing that can be checked ? I appretiate your help, Thank you very much... Alejandro. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:53 PM To: Alejandro Galue Subject: Re: [pfSense Support] Wireless Access Problem The only other thing I can think of is make sure the DHCP server is setup correctly. Also, setup a machine manually with the ip information, wep key, etc and make sure the connection even works. If the connection works, of course you wont have dhcp ;) On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: Sorry, 0xsyncc was wrong ... I use the tool that pfsense provide with the link WLAN Strong key generator; at the end I generate the hex key for my ascii key (syncc) and I put this on the wep key 0x73796e6363. The configuration was accepted, but I still have the problem with dhcp... Any other tip? Thanks for your help, Alejandro. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:32 PM To: Alejandro Galue Subject: Re: [pfSense Support] Wireless Access Problem Then your key is not long enough? On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: Scott, When I do that (0xsyncc as wep key) and click save it says: The following input errors were detected: * Invalid wep key size. Sizes should be 40 (64) bit keys or 104 (128) bit. Please help me ... Thanks, Alejandro -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:15 PM To: Alejandro Galue Subject: Re: [pfSense Support] Wireless Access Problem Add a 0x to the front of your wep key. On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: Hello Scott, Thanks for your help, ifconfig wi0 wi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 inet6 fe80::202:6fff:fe34:51ad%wi0 prefixlen 64 scopeid 0x4 inet 172.17.0.1 netmask 0xff00 broadcast 172.17.0.255 ether 00:02:6f:34:51:ad media: IEEE 802.11 Wireless Ethernet autoselect mode 11b hostap (DS/2M bps hostap) status: associated ssid sync channel 3 bssid 00:02:6f:34:51:ad stationname FreeBSD WaveLAN/IEEE node authmode OPEN privacy ON deftxkey 1 wepkey 1:40-bit txpowmax 100 dtimperiod 1 bintval 100 And the content of /tmp/ifconfig_wireless /sbin/ifconfig 'wi0' ssid 'sync' channel '0' wepmode on wepkey '1:syncc' weptxke y 1 mode 11b -mediaopt adhoc mediaopt hostap -hidessid -pureg up A question: why channel is configured to 0 when I select 'auto' ?? Again... thanks, Alejandro. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:06 PM To: Alejandro Galue Cc: support@pfsense.com Subject: Re: [pfSense Support] Wireless Access Problem issue a ifconfig from option 8 shell in the form of: ifconfig ath0 (if its a ath card) ifconfig wi0 (if its a non ath card) Also, there will be a file in /tmp/ which was used to initialize the card, please provide its contents. It will be named something like ifconfig_wireless_$interface Scott On 9/6/05, Alejandro Galue [EMAIL PROTECTED] wrote: Hello, The stationname on wireless interface is empty ... Any other tip ? Thanks, Alejandro. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 2:00 PM To: Alejandro Galue Cc: support@pfsense.com
Re: [pfSense Support] ifconfig: interface ng0 does not exist???
What do you do actually when you if I go from accessing the internet to accessing my server on the LAN, then try to access the internet again, the connection drops. Please provide the steps your taking. Something is killing of the netgraph interface for PPPoE and this is not normal behavior. On 9/6/05, Nelson Papel [EMAIL PROTECTED] wrote: I have 4 interfaces setup (WAN, LAN, DMZ, WIFI) and everything is fine when I'm on any interface except my laptop on the WIFI network, with the WIFI interface, if I go from accessing the internet to accessing my server on the LAN, then try to access the internet again, the connection drops. When I go to the interfaces screen, the WAN status is down. PPPoE is up though, with the disconnect button next to it, although no MAC or IP address are shown. Above the WAN interface table it says 'ifconfig: interface ng0 does not exist'. The NIC is fine, I even changed it out for an identical card. The link light on both the card and DSL modem are on as well. If I restart the firewall it's fine until I do the same thing on my laptop again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] ifconfig: interface ng0 does not exist???
Sorry about that description.anyway, I'm on my laptop which is on the WIFI network accessing a webpage out on the internet, everything is fine. If I access a webpage on my server in the LAN network from the laptop, it's fine. As soon as I go back to another internet site, it times out. When I go to the interfaces page, what I described happens. Now for some more info, everything seemed pretty much fine until I started placing firewall rules. I wanted to block the WIFI network traffic from getting to the firewall itself (in this order): -I allowed traffic to the server on my LAN network -I blocked traffic to my LAN network -I blocked traffic to my DMZ network -I allowed traffic anywhere else. Oddly enough I'm not able to recreate this scenario anymore, last night it was consistent and predictable. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 06, 2005 17:13 To: Nelson Papel Cc: support@pfsense.com Subject: Re: [pfSense Support] ifconfig: interface ng0 does not exist??? What do you do actually when you if I go from accessing the internet to accessing my server on the LAN, then try to access the internet again, the connection drops. Please provide the steps your taking. Something is killing of the netgraph interface for PPPoE and this is not normal behavior. On 9/6/05, Nelson Papel [EMAIL PROTECTED] wrote: I have 4 interfaces setup (WAN, LAN, DMZ, WIFI) and everything is fine when I'm on any interface except my laptop on the WIFI network, with the WIFI interface, if I go from accessing the internet to accessing my server on the LAN, then try to access the internet again, the connection drops. When I go to the interfaces screen, the WAN status is down. PPPoE is up though, with the disconnect button next to it, although no MAC or IP address are shown. Above the WAN interface table it says 'ifconfig: interface ng0 does not exist'. The NIC is fine, I even changed it out for an identical card. The link light on both the card and DSL modem are on as well. If I restart the firewall it's fine until I do the same thing on my laptop again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] a compiler binary for 6.0
Hi, Where can I get a gcc binary for 6.0? I am trying to build some 3rd party packages and can't find one! Any ideas? Thanks, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] a compiler binary for 6.0
On 9/6/05, Lee J. Imber [EMAIL PROTECTED] wrote: Hi, Where can I get a gcc binary for 6.0? I am trying to build some 3rd party packages and can't find one! the full update in the developer's folder on all the mirrors should have all that. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] a compiler binary for 6.0
First download the developers edition then upgrade to the latest. This includes gcc and friends. Scott On 9/6/05, Chris Buechler [EMAIL PROTECTED] wrote: On 9/6/05, Lee J. Imber [EMAIL PROTECTED] wrote: Hi, Where can I get a gcc binary for 6.0? I am trying to build some 3rd party packages and can't find one! the full update in the developer's folder on all the mirrors should have all that. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] a compiler binary for 6.0
Thanks guys! L. On Sep 6, 2005, at 10:28 PM, Scott Ullrich wrote: First download the developers edition then upgrade to the latest. This includes gcc and friends. Scott On 9/6/05, Chris Buechler [EMAIL PROTECTED] wrote: On 9/6/05, Lee J. Imber [EMAIL PROTECTED] wrote: Hi, Where can I get a gcc binary for 6.0? I am trying to build some 3rd party packages and can't find one! the full update in the developer's folder on all the mirrors should have all that. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]