Re: [pfSense Support] /rescue directory
Mmhh... I have something wrong, then: # du -h /rescue/ 356M /rescue/ What do I have to do? This night maybe I will try a new installation, but I am a bit worried, because this one too is a fresh install...On 9/10/05, Bill Marquette [EMAIL PROTECTED] wrote:They all have the same size cause they're all the same file (hard link). rm'ing that directory will save you a whopping 2.9 or so MB. # ls -la rescue/ |wc -l 131 # du -sk rescue/ 2891 rescue/ # du -sk rescue/* 2880 rescue/[ 7 rescue/dhclient-script 1 rescue/nextboot.sh # ls -li rescue/s* 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/savecore 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sconfig 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/setfacl 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sh 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/slattach 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/spppcontrol 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/startslip 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/stty 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/swapon 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sync 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sysctl Note the first field is the inode...notice how they're all identical? :) If they aren't identical on your machine, it sounds like you copied them at some point which would create individual files. --Bill On 9/10/05, Scott Ullrich [EMAIL PROTECTED] wrote: Say what!? It shouldn't be that big.# du -h2.8M.# pwd/rescueScottOn 9/10/05, Tommaso Di Donato [EMAIL PROTECTED] wrote: Sorry... I am trying to shrink a bit my pfsense installation.. in order to stay in less then 512Mb..So I took a walkabout, and I found that /rescue dir il very big (about 350MB), full of files all ow them of the same size: 2937504 bites. Could anyone explain me how can that be usefull, and why all af them are so big?ThanxTom- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Hang at the end of bootup
Also seems to do it fairly consistently with a USB mouse attached. ( its attached to a KVM switch so I was compelled to connect it ;) ... ) Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED] -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 11 September 2005 06:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Hang at the end of bootup This happens on USB keyboards for some reason. If you can, use a PC keyboard. Scott On 9/10/05, John Cianfarani [EMAIL PROTECTED] wrote: I'm working on install version 0.82.4 / 0.84 and seem to be having some troubles. I have gotten it to work fine under vmware though now that I'm trying to move it to a real machine it doesn't seem to like it. Essentially after the LiveCD boots and I do my entire interface configuration it comes to the end with Bootup complete and then hangs. During the initial load there are few error messages that I can see: This repeats several times: acd0: FAILURE - READ_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4ABORTED A few lines before the option to setup interfaces I get: mount: /: unknown special file or file system No Swap on CDROM After configuring the interfaces there is a line: kbdcontrol: cannot open /dev/ukbd0: Device Busy This and reading some posts in the list made me think the CDROM could be the problem, I moved it to the secondary ide and changed the cable, also reburned the cd at 4x. I set my dhcp server to statically give out ip to see if I could ssh into it but I still could not get it after it hangs. System specs CPU: Celeron 2.6Ghz Board: Asus P4P800-MX (All hardware except for NIC is disabled, IDE mode is set to compatible) Memory: 512Meg CDROM: LG GCE-8526B HD: WD160GB Mouse Keyboard are USB (Gyration) If anyone knows anything else I could try that would be great as I'd like to start testing it on a real box. Wish I could post more output but I have to way to copy it out only retyping L Thanks John Cianfarani - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Gentoo Rsync allowed past the Captive Portal
HI all So I spent most of yesterday trying to figure out why I couldnt emerge a new Gentoo box on my network, weirdly enough emerge ---sync managed to get through the captive portal but then when it came time to d/l via ftp or wget it would start downloading and then the files would fail on MD5 hash after the download had completed.. I eventually realized what was going on when I did an update last night to 0.84 and saw the foreign machine being captured by the portal. I quickly added a captive portal mac passthrough rule and all the MD5 checksum errors when away. But why did pf let the rsync stuff through and why did it look like it was downloading stuff, all be it rubbish ? Was it just downloading the captive portal redirect URL all the time and padding the files out with the contents? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
[pfSense Support] Re: [pfSense-discussion] L3 load balancer
Re: [pfSense-discussion] L3 load balancer Scott Ullrich Wed, 31 Aug 2005 16:12:20 -0700 On 8/31/05, Randy B [EMAIL PROTECTED] wrote: Just noting that the current LB package used is sldb and that it's a very much dead project, actively seeking a new maintainer. I also note that ipvs is in ports. Any potential (future, of course) switch? I know the resource assigned might have to be me, but I was just curious... We have the source code to SLBD and have been making our own changes. It's no longer dead from this perspective. Scott What about pound as LB? It works greate on several Sites !(http:// www.apsis.ch/pound/) -- kommunity GmbH Co.KG Tom Müller-Kortkamp Netzwerke Internet Goseriede 4 D-30159 Hannover Phone +49 (0)5 11 - 80 72 58 0 Fax +49 (0)5 11 - 80 72 58 10 http://www.kommunity.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: [pfSense-discussion] L3 load balancer
On 9/12/05, Tom Müller-Kortkamp [EMAIL PROTECTED] wrote: What about pound as LB? It works greate on several Sites !(http://www.apsis.ch/pound/) One of the requirements was that we didn't proxy the traffic. It appears that pound proxies the traffic. Feel free to make a package for this. --Bill
Re: [pfSense Support] Gentoo Rsync allowed past the Captive Portal
It was downloading the captive portal login page. Scott On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI all So I spent most of yesterday trying to figure out why I couldn't emerge a new Gentoo box on my network, weirdly enough emerge ---sync managed to get through the captive portal … but then when it came time to d/l via ftp or wget it would start downloading and then the files would fail on MD5 hash after the download had completed.. I eventually realized what was going on when I did an update last night to 0.84 and saw the foreign machine being captured by the portal. I quickly added a captive portal mac passthrough rule and all the MD5 checksum errors when away. But why did pf let the rsync stuff through and why did it look like it was downloading stuff, all be it rubbish ? Was it just downloading the captive portal redirect URL all the time and padding the files out with the contents? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
Re: [pfSense Support] /rescue directory
Try a reinstall. All of my boxes are ~3 megs. Scott On 9/12/05, Tommaso Di Donato [EMAIL PROTECTED] wrote: Mmhh... I have something wrong, then: # du -h /rescue/ 356M/rescue/ What do I have to do? This night maybe I will try a new installation, but I am a bit worried, because this one too is a fresh install... On 9/10/05, Bill Marquette [EMAIL PROTECTED] wrote: They all have the same size cause they're all the same file (hard link). rm'ing that directory will save you a whopping 2.9 or so MB. # ls -la rescue/ |wc -l 131 # du -sk rescue/ 2891rescue/ # du -sk rescue/* 2880rescue/[ 7 rescue/dhclient-script 1 rescue/nextboot.sh # ls -li rescue/s* 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/savecore 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sconfig 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/setfacl 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sh 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/slattach 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/spppcontrol 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/startslip 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/stty 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/swapon 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sync 301254 -r-xr-xr-x 126 root wheel 2937504 Sep 8 18:11 rescue/sysctl Note the first field is the inode...notice how they're all identical? :) If they aren't identical on your machine, it sounds like you copied them at some point which would create individual files. --Bill On 9/10/05, Scott Ullrich [EMAIL PROTECTED] wrote: Say what!? It shouldn't be that big. # du -h 2.8M. # pwd /rescue Scott On 9/10/05, Tommaso Di Donato [EMAIL PROTECTED] wrote: Sorry... I am trying to shrink a bit my pfsense installation.. in order to stay in less then 512Mb.. So I took a walkabout, and I found that /rescue dir il very big (about 350MB), full of files all ow them of the same size: 2937504 bites. Could anyone explain me how can that be usefull, and why all af them are so big? Thanx Tom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unable setting all 13 channels of Europe (ETSI) 13 Channels : 2.412GHz~2.472GHz
Wireless is currently being overhauled completely. Please report back problems in 2 weeks if you still see them. Scott On 9/11/05, Robo.K. [EMAIL PROTECTED] wrote: In version 0.84 PFsense is unable set with Atheros 5004 based card /CM-9/ the Europe (ETSI) 13 Channels : 2.412GHz~2.472GHz 13 Channels : 2.412GHz~2.472GHz . in mode hostap and standard 802.11b and g. In menu is channels available,but after save don`t works. Works only channels 1-11. When change to channel 12 or 13 is made, works last used channel 1-11. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.21/96 - Release Date: 10.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Error in Services: PFStat Settings
From the shell run update_file.sh /usr/local/www/pkg_edit.php Scott On 9/11/05, Robo.K. [EMAIL PROTECTED] wrote: In item Services: PFStat Settings _(http://192.168.202.253/pkg_edit.php?xml=pfstat.xml after filling settings and then save, occurs error as bellow: http://192.168.202.253/pkg_edit.php $value = $_POST['location0']; $value = $_POST['counters0']; $value = $_POST['color0']; $value = $_POST['appearance0']; $value = $_POST['location1']; $value = $_POST['counters1']; $value = $_POST['color1']; $value = $_POST['appearance1']; $value = $_POST['location2']; $value = $_POST['counters2']; $value = $_POST['color2']; $value = $_POST['appearance2']; $value = $_POST['location3']; $value = $_POST['counters3']; $value = $_POST['color3']; $value = $_POST['appearance3']; $value = $_POST['location4']; $value = $_POST['counters4']; $value = $_POST['color4']; $value = $_POST['appearance4']; $value = $_POST['location5']; $value = $_POST['counters5']; $value = $_POST['color5']; $value = $_POST['appearance5']; $value = $_POST['location6']; $value = $_POST['counters6']; $value = $_POST['color6']; $value = $_POST['appearance6']; $value = $_POST['location7']; $value = $_POST['counters7']; $value = $_POST['color7']; $value = $_POST['appearance7']; $value = $_POST['location8']; $value = $_POST['counters8']; $value = $_POST['color8']; $value = $_POST['appearance8']; $value = $_POST['location9']; $value = $_POST['counters9']; $value = $_POST['color9']; $value = $_POST['appearance9']; $value = $_POST['location10']; $value = $_POST['counters10']; $value = $_POST['color10']; $value = $_POST['appearance10']; $value = $_POST['location11']; $value = $_POST['counters11']; $value = $_POST['color11']; $value = $_POST['appearance11']; $value = $_POST['location12']; $value = $_POST['counters12']; $value = $_POST['color12']; $value = $_POST['appearance12']; $value = $_POST['location13']; $value = $_POST['counters13']; $value = $_POST['color13']; $value = $_POST['appearance13']; $value = $_POST['location14']; $value = $_POST['counters14']; $value = $_POST['color14']; $value = $_POST['appearance14']; $value = $_POST['location15']; $value = $_POST['counters15']; $value = $_POST['color15']; $value = $_POST['appearance15']; $value = $_POST['location16']; $value = $_POST['counters16']; $value = $_POST['color16']; $value = $_POST['appearance16']; $value = $_POST['location17']; $value = $_POST['counters17']; $value = $_POST['color17']; $value = $_POST['appearance17']; $value = $_POST['location18']; $value = $_POST['counters18']; $value = $_POST['color18']; $value = $_POST['appearance18']; $value = $_POST['location19']; $value = $_POST['counters19']; $value = $_POST['color19']; $value = $_POST['appearance19']; $value = $_POST['location20']; $value = $_POST['counters20']; $value = $_POST['color20']; $value = $_POST['appearance20']; $value = $_POST['location21']; $value = $_POST['counters21']; $value = $_POST['color21']; $value = $_POST['appearance21']; $value = $_POST['location22']; $value = $_POST['counters22']; $value = $_POST['color22']; $value = $_POST['appearance22']; $value = $_POST['location23']; $value = $_POST['counters23']; $value = $_POST['color23']; $value = $_POST['appearance23']; $value = $_POST['location24']; $value = $_POST['counters24']; $value = $_POST['color24']; $value = $_POST['appearance24']; $value = $_POST['location25']; $value = $_POST['counters25']; $value = $_POST['color25']; $value = $_POST['appearance25']; $value = $_POST['location26']; $value = $_POST['counters26']; $value = $_POST['color26']; $value = $_POST['appearance26']; $value = $_POST['location27']; $value = $_POST['counters27']; $value = $_POST['color27']; $value = $_POST['appearance27']; $value = $_POST['location28']; $value = $_POST['counters28']; $value = $_POST['color28']; $value = $_POST['appearance28']; $value = $_POST['location29']; $value = $_POST['counters29']; $value = $_POST['color29']; $value = $_POST['appearance29']; $value = $_POST['location30']; $value = $_POST['counters30']; $value = $_POST['color30']; $value = $_POST['appearance30']; $value = $_POST['location31']; $value = $_POST['counters31']; $value = $_POST['color31']; $value = $_POST['appearance31']; $value = $_POST['location32']; $value = $_POST['counters32']; $value = $_POST['color32']; $value = $_POST['appearance32']; $value = $_POST['location33']; $value = $_POST['counters33']; $value = $_POST['color33']; $value = $_POST['appearance33']; $value = $_POST['location34']; $value = $_POST['counters34']; $value = $_POST['color34']; $value = $_POST['appearance34']; $value = $_POST['location35']; $value = $_POST['counters35']; $value = $_POST['color35']; $value = $_POST['appearance35']; $value = $_POST['location36']; $value = $_POST['counters36']; $value = $_POST['color36']; $value = $_POST['appearance36']; $value
[pfSense Support] Carp Weirdness - Always reboots to INIT
CARP is very cool. 3 things .. 1) kill power on both routers .. 1 is setup with lower advert. Freq than other. Power them up together. BOTH go into INIT mode always and the virtual gateway doesnt get created. .Only way to fix this is to disable carp on Master then enable .. it becomes master , disable carp on slave, it becomes slave. Carp is up! Any ideas why they dont automagically figure these things out ? first node up should always be master? 2) I only have 2 servers but everytime I reboot one to test it another carp id gets created in the list ? 3) dhcp rules and others are replicating across LB rules are not ? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
RE: [pfSense Support] Gentoo Rsync allowed past the Captive Portal
Fragged both routers playing around with CARP remotely to write my previous mail so I cant get in right now .. but no .. I should have any .. since thats the traffic I want to limit. Everything is denied unless the client is passed-through via a mac mapping. There are NAT rules in, but all outbound traffic is stopped as per the default rules created during install. From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 12 September 2005 03:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] Gentoo Rsync allowed past the Captive Portal Do you have a pass any rule on that interface? It's overriding the captive portal rules (with exception to the port 80 redirect which uses different logic). --Bill On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI all So I spent most of yesterday trying to figure out why I couldn't emerge a new Gentoo box on my network, weirdly enough emerge ---sync managed to get through the captive portal but then when it came time to d/l via ftp or wget it would start downloading and then the files would fail on MD5 hash after the download had completed.. I eventually realized what was going on when I did an update last night to 0.84 and saw the foreign machine being captured by the portal. I quickly added a captive portal mac passthrough rule and all the MD5 checksum errors when away. But why did pf let the rsync stuff through and why did it look like it was downloading stuff, all be it rubbish ? Was it just downloading the captive portal redirect URL all the time and padding the files out with the contents? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile : +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
Re: [pfSense Support] Carp Weirdness - Always reboots to INIT
On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: 1) kill power on both routers .. 1 is setup with lower advert. Freq than other. Power them up together. BOTH go into INIT mode always and the virtual gateway doesn't get created. .Only way to fix this is to disable carp on Master then enable .. it becomes master , disable carp on slave, it becomes slave. Carp is up! Any ideas why they don't automagically figure these things out ? first node up should always be master? I do not show this behavior here. Are you perhaps using PPPoE on the WAN? A ip must be bound to the interface on the same subnet as the CARP ip's. 2) I only have 2 servers but everytime I reboot one to test it another carp id gets created in the list ? This has been covered in the list. Each time machines boot they create a random creator id. This is how pfsync works. 3) dhcp rules and others are replicating across LB rules are not ? I'll look into it. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dyndns and PPPoE
This has been a very interesting problem that we are continually trying to fix. Since there isn't anyone on the development team that has PPPoE it has been a slow process. I use DynDNS personally (however I am not using a PPPoE connection) and DynDNS is working very well for me. My pfSense install just did a successful update to my DynDNS yesterday, I even checked my account to make sure. I made a change to the dyndns.class that resides in the /etc/inc directory yesterday or the day before. Make sure you have the lastest of that file on your system and try seeing if you can get it to update. If it does not work please get the contents of /var/etc/dyndns.debug AND /var/etc/dyndns.cache and paste them in a response to this message. I have added some extra debugging to help figure this problem out. Regards. -Erik On Mon, 12 Sep 2005 16:56:57 +0200, Frimmel, Ivan \(ISS South Africa\) wrote Running 0.84 Dyndns(dynamic) seems to still be flaky .. last week I registered a custom dns with dnydns .. and it works 100% of the time. I have one router setup with one PPPoE dialout and another set with a different one. I load balanance incoming traffic by giving half of the people I meet one dyndns address which the one machine registers, and the other half the other dnydns ( custom ). SO : The custom dyndns is always upto date.. the dynamic one is a problem. But only recently .. I think from around 0.82 Its been unreliable. My IP gets changed every 24-48 hours and the problem is because I have multiple outbounds so I can't use a update client cause it won't know which gateway to use. Updating the dyndns (dynamic) setting manually gives me: Sep 12 16:26:01 php: /services_dyndns.php: phpDynDNS: No Change In My IP Address and/or 28 Days Has Not Past. Not Updating Dynamic DNS Entry. Dynamic DNS client Enable Service type DynDNS (dynamic) DynDNS (static) DynDNS (custom) DHS DyNS HN.ORG ZoneEdit easyDNS No-IP ODS.org Hostname MX Set this option only if you need a special MX record. Not all services support this. Wildcards Enable Wildcard Username Password Doing a reboot doesn't help either - only way is to do it manually by going to the dyndns page and putting in WAN IP. Which I did on Friday .. played a bit now and this is the date I get of my last update: IP in Database/DNS: 165.165.217.60 Last Updated: Fri Sep 9 11:17:28 2005 Looking at my DynDns account I notice that my wildcard is set to ON on PF and OFF on dynDns .. I wonder if this can be the cause ? Need to do some more testing locally... Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] extra '!' in NOT rules
thanks. it seems to work okay when its applied to my LAN subnet (192.168.x.x) but not for opt1 or opt2 subnets (both 10.x.x.x.) so it may have something to do with the routine that looks up the subnets for those interfaces themselves or the nature of the subnets (i.e. it doesn't like 10. subs or maybe the fact that the first octet is only 2 digits), or a third possibility that it has something to do with the fact that i've renamed those interfaces... just trying to be helpful... i'll try to take a peek at the code later tonight. i also get a php error when trying to add ipsec certs... i'll post about it later (assuming its not fixed in sundays new build), havent tried yet). Scott Ullrich wrote: Seth mentioned that not currently is not working and he planned on digging in soon. Scott On 9/11/05, mOjO [EMAIL PROTECTED] wrote: oh... just noticed the new release.. will try that and get back to you guys on this... mOjO wrote: I've got an interesting bug to report... i'm not sure if my rules logic is smart from a best-practices standpoint (suggestions welcome) but i have 4 NICs in my pfSense box: LAN (rl2), WAN (rl1), DMZ0 (rl0 = opt1), and VOIP (ep0 = opt2). All are realtek chips except VOIP which is an old ISA 3com 10baseT. I just a few moments ago realized a fatal flaw in my plan to give my vonage router its own interface in that pfSense just now informed me that the old 3com nic's driver doesnt support AltQ (doh!) but that has no bearing on this issue. my strategy was to make rules that would allow the DMZ and VOIP interfaces full access out to the internet but no access to each other or the LAN interface (pretty standard setup really) but LAN int can go anywhere. So I made some rules stating the following on the DMZ0 interface: -Allow all outbound ports/protocols on DMZ0 that is not destined for the LAN subnet. (this one works fine) -Allow all outbound ports/protocols on DMZ0 that is not destined for the VOIP subnet. (this one generates an error) then i got a parsing error from pfsense in the system log, reason for which is obvious below. (email me direct if you want the uncensored version of the subnets or any other somewhat security sensitive debug info). notice the extra '!' in the rules below (from /tmp/rules.debug): pass in quick on $VOIP from 10.x.x.x/30 to !192.168.x.x/24 keep state label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $VOIP from 10.x.x.x/30 to ! !10.y.y.y/24 keep state label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $DMZ0 from any to !192.168.x.x/24 keep state label "USER_RULE: Allow ALL outbound traffic except to LAN subnet" pass in quick on $DMZ0 from any to ! !10.x.x.x/30 keep state label "USER_RULE: Allow ALL outbound traffic except to OPT2 subnet" pass in quick on $lan proto tcp from 192.168.x.x/24 to any flags S/SA synproxy state queue (qLANdef, qLANacks) label "USER_RULE: Default LAN - any" i hope thats enough info for you to debug... let me know if you are unable to reproduce. btw, i installed with 80.2 and updated to 82.4 if that makes a difference. oh and also i have the same bug i noticed someone else mention where my WAN interface always shows DHCP to be down even though its not. Hitting "renew" works fine and shows it properly for a little while but it always goes back to being down... This is strictly cosmetic as I have no issues on that interface and although its DHCP my ISP (comcast) does some kind of MAC registration so as to stop us from pulling multiple real IP addies, so my WAN IP will never change really unless I swap NICs or change the MAC. TIA, mOjO - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FW: Cosmetic Bug in Trafficshaper?
I just edited a record and the value was saved correctly!? Also, please use plain-text emails, not HTML emails on lists. Scott On 9/11/05, Robo.K. [EMAIL PROTECTED] wrote: Any ideas? From: Robo.K. [mailto:[EMAIL PROTECTED] Sent: Sunday, September 11, 2005 1:14 AM To: 'support@pfsense.com' Subject: Cosmetic Bug in Trafficshaper? After complete the traffic shaper wizard I go into any item of Queue and change anything , only save queue, then in /firewall_shaper_queues.php in culmn Bandwidth dismiss value of amount persents or kilobits. This box remains empty. 10 REDECN5No 1 % qGamesDown 11 REDECN4No 1% qOthersUpH 12 REDECN4No 1% qOthersDownH 13 REDECN2No qOthersUpL 14 REDECN2No qOthersDownL 15 REDECN5No pokusssnaaa -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.21/96 - Release Date: 10.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.inshop.sk - virtualna obchodna galeria s viac ako 230 obchodmi! * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper?
We just amended this Traffic Shaper screens. Do a update_file.sh -all or refer to this screenshot for more information: http://www.pfsense.com/~sullrich/HFSC2.PNG Scott On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Thank you, for very usefull explanation. And what does mean Parent queue (CBQ or HFSC only) and Default queue ? For example, if I have a line 1024kbit/s download. I will want create a queues 64, 128, 256, 284,384,512 kbit/s, where I want share just non used /in time/ bandwidth between queues. Some example? :-} Thanks. Bob. From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, September 11, 2005 1:57 AM To: Robo.K. Cc: support@pfsense.com Subject: Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper? I'm still somewhat working on the shaper and since I've taken about a much needed 2 month break from it, I'm going to have to do a little re-education. Here's a little info right from the pf.conf man page: The hfsc scheduler supports some additional options: realtime _sc_ The minimum required bandwidth for the queue. upperlimit _sc _ The maximum allowed bandwidth for the queue. linkshare _sc_ The bandwidth share of a backlogged queue. sc is an acronym for service curve. The format for service curve specifications is (m1, d, m2). m2 controls the bandwidth assigned to the queue. m1 and d are optional and can be used to control the initial bandwidth assignment. For the first d mil- liseconds the queue gets the bandwidth given as m1, afterwards the value given in m2. In some cases percentages were easier or more right to enter, in other cases the KB values were the right thing to do...the decision for each had nothing to do with what valid values for those fields were, but what my experience showed as useful. --Bill On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Plan author of TrafficShaper some expanation of use the traffic shaper? Because one thing is theory of HFSC and other thing is filling boxes Upperlimit Real time Link share Parent queue ...? There http://wiki.pfsense.com/wikka.php?wakka=HFSCBandwidthShapingNotes is some explanation, but not complete. In boxes Upperlimit Realtime Link share are used three values and once percents and once Kbite/s... What is for?what is what? Can explain anybody this more complex? Thank you. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense on mac mini?
yes i know you guys so lucky with so many platform to choose from... in my country (indonesia), i cant find any mini-itx. no epia either. no soekris. no routerboard. no wrap. only expensive barebones from asus, that the closest things i can have here. and the tax and shipping charge is s high i cant even think to buy from online store... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense on mac mini?
btw. i read somewhere, freebsd does run on mac i even seen the screenshoots... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper?
Did the update_file.sh -all And now all I get is: Warning: main(includes/functions.inc.php): failed to open stream: No such file or directory in /usr/local/www/index.php on line 41 Fatal error: main(): Failed opening required 'includes/functions.inc.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal') in /usr/local/www/index.php on line 41 Running build 0.84 John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, September 12, 2005 11:26 PM To: Robo.K. Cc: [EMAIL PROTECTED]; support@pfsense.com Subject: Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper? We just amended this Traffic Shaper screens. Do a update_file.sh -all or refer to this screenshot for more information: http://www.pfsense.com/~sullrich/HFSC2.PNG Scott On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Thank you, for very usefull explanation. And what does mean Parent queue (CBQ or HFSC only) and Default queue ? For example, if I have a line 1024kbit/s download. I will want create a queues 64, 128, 256, 284,384,512 kbit/s, where I want share just non used /in time/ bandwidth between queues. Some example? :-} Thanks. Bob. From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, September 11, 2005 1:57 AM To: Robo.K. Cc: support@pfsense.com Subject: Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper? I'm still somewhat working on the shaper and since I've taken about a much needed 2 month break from it, I'm going to have to do a little re-education. Here's a little info right from the pf.conf man page: The hfsc scheduler supports some additional options: realtime _sc_ The minimum required bandwidth for the queue. upperlimit _sc _ The maximum allowed bandwidth for the queue. linkshare _sc_ The bandwidth share of a backlogged queue. sc is an acronym for service curve. The format for service curve specifications is (m1, d, m2). m2 controls the bandwidth assigned to the queue. m1 and d are optional and can be used to control the initial bandwidth assignment. For the first d mil- liseconds the queue gets the bandwidth given as m1, afterwards the value given in m2. In some cases percentages were easier or more right to enter, in other cases the KB values were the right thing to do...the decision for each had nothing to do with what valid values for those fields were, but what my experience showed as useful. --Bill On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Plan author of TrafficShaper some expanation of use the traffic shaper? Because one thing is theory of HFSC and other thing is filling boxes Upperlimit Real time Link share Parent queue ...? There http://wiki.pfsense.com/wikka.php?wakka=HFSCBandwidthShapingNotes is some explanation, but not complete. In boxes Upperlimit Realtime Link share are used three values and once percents and once Kbite/s... What is for?what is what? Can explain anybody this more complex? Thank you. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper?
Try feeding this update to your installation. http://www.pfsense.com/~sullrich/pfSense-Mini-Update-0.84.2.tgz Scott On 9/12/05, John Cianfarani [EMAIL PROTECTED] wrote: Did the update_file.sh -all And now all I get is: Warning: main(includes/functions.inc.php): failed to open stream: No such file or directory in /usr/local/www/index.php on line 41 Fatal error: main(): Failed opening required 'includes/functions.inc.php' (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal') in /usr/local/www/index.php on line 41 Running build 0.84 John -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, September 12, 2005 11:26 PM To: Robo.K. Cc: [EMAIL PROTECTED]; support@pfsense.com Subject: Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper? We just amended this Traffic Shaper screens. Do a update_file.sh -all or refer to this screenshot for more information: http://www.pfsense.com/~sullrich/HFSC2.PNG Scott On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Thank you, for very usefull explanation. And what does mean Parent queue (CBQ or HFSC only) and Default queue ? For example, if I have a line 1024kbit/s download. I will want create a queues 64, 128, 256, 284,384,512 kbit/s, where I want share just non used /in time/ bandwidth between queues. Some example? :-} Thanks. Bob. From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, September 11, 2005 1:57 AM To: Robo.K. Cc: support@pfsense.com Subject: Re: [pfSense Support] Plan author of TrafficShaper some expanation of use the traffic shaper? I'm still somewhat working on the shaper and since I've taken about a much needed 2 month break from it, I'm going to have to do a little re-education. Here's a little info right from the pf.conf man page: The hfsc scheduler supports some additional options: realtime _sc_ The minimum required bandwidth for the queue. upperlimit _sc _ The maximum allowed bandwidth for the queue. linkshare _sc_ The bandwidth share of a backlogged queue. sc is an acronym for service curve. The format for service curve specifications is (m1, d, m2). m2 controls the bandwidth assigned to the queue. m1 and d are optional and can be used to control the initial bandwidth assignment. For the first d mil- liseconds the queue gets the bandwidth given as m1, afterwards the value given in m2. In some cases percentages were easier or more right to enter, in other cases the KB values were the right thing to do...the decision for each had nothing to do with what valid values for those fields were, but what my experience showed as useful. --Bill On 9/10/05, Robo.K. [EMAIL PROTECTED] wrote: Plan author of TrafficShaper some expanation of use the traffic shaper? Because one thing is theory of HFSC and other thing is filling boxes Upperlimit Real time Link share Parent queue ...? There http://wiki.pfsense.com/wikka.php?wakka=HFSCBandwidthShapingNotes is some explanation, but not complete. In boxes Upperlimit Realtime Link share are used three values and once percents and once Kbite/s... What is for?what is what? Can explain anybody this more complex? Thank you. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.20/95 - Release Date: 9.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.EuropskaDomena.sk - bezplatna predregistracia domen .EU * www.ZonerPress.sk - pocitacova literatura, zameranie na webdesign a grafiku - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]