RE: [pfSense Support] 050.2 CARP won't go Master or Backup
Ok, so I spent sometime on this, this morning. One of the problems I had yesterday during update_file.sh (on 085.4).. it somehow broke OPT1(sync) and kept making it disabled. So carp would never come up, once I got this sorted by going to 085.6 I could go forward. So .. 1) I brought router2 back up and did all upgrades and reconfigured CARP; 2) CARP still behaves badly 3) Did another update_file.sh after 085.6, CARP haves badly. It may go master/backup first time, but when doing disable/enable it stays init on BOTH routers. I dropped to a shell .. and simply did a ifconfig carp0 up on both. CARP comes up in the appropriate mode(master/backup) and virtual IPs work again as expected. i.e. this fixes the issue. Disable/enable button breaks it again. i.e. a working server as Master will go back to init after hitting enable/disable. Hope this helps? Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 1:49 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup ok, I have experienced some strange problems bringing up CARP-Interfaces here as well (quite reproducable but also a bit sporadic). Scott did several changes and he finally came up with something that now is running on my systems without any problems any more (my systems are also syncing via a crossover-cable, no switch in between). Ivan, if you can please crosslink your systems again and do a update_file.sh /etc/inc/interfaces.inc on both system before testing again. To have a switch between two machines is needed if you have more than 2 machines in the cluster but with only two machines it's an additional point of failure if the switch dies or only has powerfailure. Syncing should work with crosslink-cables too. So if you can give it a try and report back we would appreciate it. Thank you in advance, Holger -Ursprüngliche Nachricht- Von: Bill Marquette [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 20:20 An: support@pfsense.com Betreff: Re: [pfSense Support] 050.2 CARP won't go Master or Backup On 9/27/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1. OK so you guys are going to laugh at me. I do feel stupid. As a fault finding procedure and just to get connectivity back I halted router2, which is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is down. (no link since you need both nic up to have link). CARP will NOT come up without link on OPT1. My suggestion in terms of best practice is to have a switch on OPT(sync) when using CARP. It has wasted a lot of my time and it IS my fault cause I was cheap just using cross over cable. Tx all .. Hrm...I'll have to test this out at home :-/ At work everything is always plugged into a switch (the machines are miles apart), but at home I'm using a crossover cable for the dedicated sync network. But I didn't think that CARP would stay down forever if the sync interface was down :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] How to configure Pfsense to d what i do wit iptables
First of all, little description of my situation. I am in a Hight school room, where we acces to the lan via dhcp througt a proxy. I have also behind the school connection and adsl connection (ppp0) I am using a Server (connected to the school lan, to the adsl and to my computer) to determine the connection I use. I 've set up iptables rules who works fine for me. I am planning moving to pfsense and i would like to know if he is capable of doing the same thing my iptable's script is capable of. I've installed pfsense in my wrap and want to set up the rules, but i dont find what i want in the nat section (can't put the oubound interface i want to use) In few words, i want to use the adsl for some connections and internal connection for others. I also want to redirect some inbound connection to the adsl connection. Here is my script -- #!/bin/sh #- #eth0-- 00:0C:6E:2B:CF:94 Internal LAN (my Pc to server) IP fixe#eth1-- 00:02:44:29:C7:45 School LAN DHCPD#eth2-- 00:26:54:0C:04:18 ADSL#- # Configuration des routesroute del default gw 10.133.15.254route add -host 10.133.15.254 dev eth1route add -net 10.0.0.0/8 gw 10.133.15.254route add -net 192.168.2.0/24 gw 10.133.15.254route add default gw 84.97.32.1# On efface toutiptables -Fiptables -t nat -F # Regles pour le NATiptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.0.0.0/8 -o eth1-j MASQUERADEiptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 192.168.2.0/24 -oeth1 -j MASQUERADEiptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE # Anti Ping OF Deathiptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit1/s -j ACCEPT#---# ETH1#--# Refuser les ports sur eth1 iptables -A INPUT -i eth1 -m state --state NEW,INVALID -j REJECTiptables -A FORWARD -i eth1 -m state --state NEW,INVALID -j REJECT#Ouverture de portsiptables -I INPUT -i eth1 -p tcp --dport 80 -j ACCEPT iptables -I INPUT -i eth1 -p udp --dport 80 -j ACCEPTiptables -I INPUT -i eth1 -p tcp --dport 20:21 -j ACCEPTiptables -I INPUT -i eth1 -p udp --dport 20:21 -j ACCEPTiptables -I INPUT -i eth1 -p tcp --dport :6670 -j ACCEPT iptables -I INPUT -i eth1 -p tcp --dport 7000 -j ACCEPT#---# PPP0#--# Refuser les ports sur ppp0iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP#Ouverture de portsiptables -I INPUT -i ppp0 -p tcp --dport 80 -j ACCEPTiptables -I INPUT -i ppp0 -p udp --dport 80 -j ACCEPTiptables -I INPUT -i ppp0 -p tcp --dport 20:21 -j ACCEPT iptables -I INPUT -i ppp0 -p udp --dport 20:21 -j ACCEPTiptables -I INPUT -i eth1 -p tcp --dport :6670 -j ACCEPTiptables -I INPUT -i eth1 -p tcp --dport 7000 -j ACCEPTiptables -I INPUT -i eth1 -p tcp --dport 4000 -j ACCEPT iptables -I INPUT -i eth1 -p tcp --dport 6112:6119 -j ACCEPTiptables -I INPUT -i eth1 -p udp --dport 4000 -j ACCEPTiptables -I INPUT -i eth1 -p udp --dport 6112:6119 -j ACCEPT#- # Routage Programmes## Partage Direct Connectiptables -I FORWARD -i eth1 -p tcp --dport 4120:4121 -j ACCEPTiptables -I FORWARD -i eth1 -p udp --dport 4120:4121 -j ACCEPTiptables -A PREROUTING -t nat -i eth1 -p tcp --dport 4120 -j DNAT --to 192.168.1.111:4120iptables -A PREROUTING -t nat -i eth1 -p tcp --dport 4121 -j DNAT --to 192.168.1.111:4121iptables -A PREROUTING -t nat -i eth1 -p udp --dport 4120 -j DNAT --to192.168.1.111:4120 iptables -A PREROUTING -t nat -i eth1 -p udp --dport 4121 -j DNAT --to192.168.1.111:4121 # Routage Emule iptables -I FORWARD -i ppp0 -p tcp --dport 4662 -j ACCEPTiptables -I FORWARD -i ppp0 -p udp --dport 4672 -j ACCEPTiptables -I FORWARD -i ppp0 -p udp --dport 4665 -j ACCEPTiptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 4662 -j DNAT --to 192.168.1.111:4662iptables -A PREROUTING -t nat -i ppp0 -p udp --dport 4672 -j DNAT --to 192.168.1.111:4672iptables -A PREROUTING -t nat -i ppp0 -p udp --dport 4665 -j DNAT --to192.168.1.111:4665 # Routage BitTorrentiptables -I FORWARD -i ppp0 -p tcp --dport 6881:6889 -j ACCEPTiptables -I FORWARD -i ppp0 -p udp --dport 6881:6889 -j ACCEPTiptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6881 -j DNAT --to 192.168.1.111:6881iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6882 -j DNAT --to 192.168.1.111:6882iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6883 -j DNAT --to192.168.1.111:6883 iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6884 -j DNAT --to192.168.1.111:6884iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6885 -j DNAT --to 192.168.1.111:6885iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6886 -j DNAT --to 192.168.1.111:6886iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6887 -j DNAT --to192.168.1.111:6887 iptables -A PREROUTING -t nat -i ppp0 -p tcp --dport 6888 -j DNAT
[pfSense Support] unexpected dhcp lease
Hi, I have a problem with pfSense's dhcp server since 0.85.x (I guess it wasn't an issue in 0.84.6). I have two lan interfaces and both serves as dhcp server, of course not overlapping. My problem is that on lan2 (opt2 - xl0) a dynamic ip address is always issued despite it shouldn't be because only fixed leases expected. This is the only address I have to configure for the dhcp servers range. What's more strange for that mac address (00:12:79:ad:c6:fc) is a fixed lease reserved on the other (fxp0) interface. Which as I see in the logs once offered, but the other address picked up. This never happened on the other interface. In syslog I have: Sep 28 14:35:04 last message repeated 2 times Sep 28 14:35:03 kernel: arp: 192.168.2.254 is on xl0 but got reply from 00:12:79:ad:c6:fc on fxp0 Sep 28 14:34:49 last message repeated 5 times Sep 28 14:34:36 dhcpd: send_packet: Invalid argument and in dhcp logs: Sep 28 14:35:03 dhcpd: DHCPNAK on 192.168.2.254 to 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0: wrong network. Sep 28 14:35:03 dhcpd: DHCPACK on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPOFFER on 192.168.0.22 to 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPDISCOVER from 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPOFFER on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPDISCOVER from 00:12:79:ad:c6:fc via xl0 Sep 28 14:34:51 dhcpd: DHCPRELEASE of 192.168.2.254 from 00:12:79:ad:c6:fc via fxp0 (found) Sep 28 14:34:51 dhcpd: DHCPRELEASE of 192.168.2.254 from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 (found) Sep 28 14:34:49 dhcpd: send_packet: Invalid argument Sep 28 14:34:49 dhcpd: DHCPACK on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0 Sep 28 14:34:49 dhcpd: DHCPREQUEST for 192.168.2.254 from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0 Sep 28 14:34:49 dhcpd: send_packet: Invalid argument ## My two lan inrefaces are as below: interfaces lan iffxp0/if ipaddr192.168.0.3/ipaddr subnet24/subnet media/ mediaopt/ bridge/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype /lan opt2 descrLAN2/descr ifxl0/if bridge/ enable/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype ipaddr192.168.2.4/ipaddr subnet24/subnet gateway/ spoofmac/ mtu/ /opt2 /interfaces and dhcp servers : dhcpd lan range from192.168.0.250/from to192.168.0.250/to /range defaultleasetime/ maxleasetime/ denyunknown/ failover_peerip/ gateway/ staticmap mac00:14:c2:0b:95:49/mac ipaddr192.168.0.21/ipaddr descrlvc-felsorec/descr /staticmap staticmap mac00:08:02:d8:1f:eb/mac ipaddr192.168.0.130/ipaddr descrI.I. nc6000/descr /staticmap staticmap mac00:12:79:ad:c6:fc/mac ipaddr192.168.0.22/ipaddr descrdc5100 teszt/descr /staticmap staticarp/ enable/ dnsserver192.168.1.5/dnsserver dnsserver192.168.1.1/dnsserver /lan opt2 range from192.168.2.254/from to192.168.2.254/to /range defaultleasetime/ maxleasetime/ failover_peerip/ gateway/ staticmap mac00:08:02:d8:ae:23/mac ipaddr192.168.2.130/ipaddr descrKris nc6000/descr /staticmap staticarp/ denyunknown/ enable/ dnsserver192.168.3.3/dnsserver dnsserver192.168.3.1/dnsserver /opt2 /dhcpd -- This email is made from 100% recycled electrons
Re: [pfSense Support] unexpected dhcp lease
Are these two logical networks on the same physical network? I'm noticing the request came in on both fxp0 and xl0 - that seems kinda odd. Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0: wrong network. Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 --Bill On 9/28/05, Imre Ispanovits [EMAIL PROTECTED] wrote: Hi, I have a problem with pfSense's dhcp server since 0.85.x (I guess it wasn't an issue in 0.84.6). I have two lan interfaces and both serves as dhcp server, of course not overlapping. My problem is that on lan2 (opt2 - xl0) a dynamic ip address is always issued despite it shouldn't be because only fixed leases expected. This is the only address I have to configure for the dhcp servers range. What's more strange for that mac address (00:12:79:ad:c6:fc) is a fixed lease reserved on the other (fxp0) interface. Which as I see in the logs once offered, but the other address picked up. This never happened on the other interface. In syslog I have: Sep 28 14:35:04 last message repeated 2 times Sep 28 14:35:03 kernel: arp: 192.168.2.254 is on xl0 but got reply from 00:12:79:ad:c6:fc on fxp0 Sep 28 14:34:49 last message repeated 5 times Sep 28 14:34:36 dhcpd: send_packet: Invalid argument and in dhcp logs: Sep 28 14:35:03 dhcpd: DHCPNAK on 192.168.2.254 to 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0: wrong network. Sep 28 14:35:03 dhcpd: DHCPACK on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPOFFER on 192.168.0.22 to 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPDISCOVER from 00:12:79:ad:c6:fc via fxp0 Sep 28 14:35:03 dhcpd: DHCPOFFER on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 Sep 28 14:35:03 dhcpd: DHCPDISCOVER from 00:12:79:ad:c6:fc via xl0 Sep 28 14:34:51 dhcpd: DHCPRELEASE of 192.168.2.254 from 00:12:79:ad:c6:fc via fxp0 (found) Sep 28 14:34:51 dhcpd: DHCPRELEASE of 192.168.2.254 from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 (found) Sep 28 14:34:49 dhcpd: send_packet: Invalid argument Sep 28 14:34:49 dhcpd: DHCPACK on 192.168.2.254 to 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0 Sep 28 14:34:49 dhcpd: DHCPREQUEST for 192.168.2.254 from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0 Sep 28 14:34:49 dhcpd: send_packet: Invalid argument ## My two lan inrefaces are as below: interfaces lan iffxp0/if ipaddr192.168.0.3/ipaddr subnet24/subnet media/ mediaopt/ bridge/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype /lan opt2 descrLAN2/descr ifxl0/if bridge/ enable/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype ipaddr192.168.2.4/ipaddr subnet24/subnet gateway/ spoofmac/ mtu/ /opt2 /interfaces and dhcp servers : dhcpd lan range from192.168.0.250/from to192.168.0.250/to /range defaultleasetime/ maxleasetime/ denyunknown/ failover_peerip/ gateway/ staticmap mac00:14:c2:0b:95:49/mac ipaddr192.168.0.21/ipaddr descrlvc-felsorec/descr /staticmap staticmap mac00:08:02:d8:1f:eb/mac ipaddr192.168.0.130/ipaddr descrI.I. nc6000/descr /staticmap staticmap mac00:12:79:ad:c6:fc/mac ipaddr192.168.0.22/ipaddr descrdc5100 teszt/descr /staticmap staticarp/ enable/ dnsserver192.168.1.5/dnsserver dnsserver192.168.1.1/dnsserver /lan opt2 range from192.168.2.254/from to192.168.2.254/to /range defaultleasetime/ maxleasetime/ failover_peerip/
Re: [pfSense Support] unexpected dhcp lease
On Wed, 28 Sep 2005 08:26:28 -0500 Bill Marquette [EMAIL PROTECTED] wrote: Are these two logical networks on the same physical network? I'm noticing the request came in on both fxp0 and xl0 - that seems kinda odd. Yes, both network cards are connected to the same switch, but I guess as the deny unknown clients option is enabled on both interfaces (static arp as well) this shouldn't happen. (Not to mention the netmasks.) Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via fxp0: wrong network. Sep 28 14:35:03 dhcpd: DHCPREQUEST for 192.168.2.254 (192.168.2.4) from 00:12:79:ad:c6:fc (TRC-dc5100) via xl0 --Bill -- This email is made from 100% recycled electrons - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPv6 tunnel BUG
On 9/21/05, Scott Ullrich [EMAIL PROTECTED] wrote: That is a portion that I have not converted as of yet. I don't have any type of ipv6 devices to test with, etc. I'll see what I can do but this may be feature that is marked for removing. Could it be that this is fixed in the latest version? I no longer have this problem. Hopefully the tunnel will not die on me anymore. -- Jeroen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 050.2 CARP won't go Master or Backup
You need to update_file.sh /etc/rc.bootup as well. The carp interfacs are brought up at the very end now. Scott On 9/28/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: Ok, so I spent sometime on this, this morning. One of the problems I had yesterday during update_file.sh (on 085.4).. it somehow broke OPT1(sync) and kept making it disabled. So carp would never come up, once I got this sorted by going to 085.6 I could go forward. So .. 1) I brought router2 back up and did all upgrades and reconfigured CARP; 2) CARP still behaves badly 3) Did another update_file.sh after 085.6, CARP haves badly. It may go master/backup first time, but when doing disable/enable it stays init on BOTH routers. I dropped to a shell .. and simply did a ifconfig carp0 up on both. CARP comes up in the appropriate mode(master/backup) and virtual IPs work again as expected. i.e. this fixes the issue. Disable/enable button breaks it again. i.e. a working server as Master will go back to init after hitting enable/disable. Hope this helps? Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 1:49 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup ok, I have experienced some strange problems bringing up CARP-Interfaces here as well (quite reproducable but also a bit sporadic). Scott did several changes and he finally came up with something that now is running on my systems without any problems any more (my systems are also syncing via a crossover-cable, no switch in between). Ivan, if you can please crosslink your systems again and do a update_file.sh /etc/inc/interfaces.inc on both system before testing again. To have a switch between two machines is needed if you have more than 2 machines in the cluster but with only two machines it's an additional point of failure if the switch dies or only has powerfailure. Syncing should work with crosslink-cables too. So if you can give it a try and report back we would appreciate it. Thank you in advance, Holger -Ursprüngliche Nachricht- Von: Bill Marquette [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 20:20 An: support@pfsense.com Betreff: Re: [pfSense Support] 050.2 CARP won't go Master or Backup On 9/27/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1. OK so you guys are going to laugh at me. I do feel stupid. As a fault finding procedure and just to get connectivity back I halted router2, which is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is down. (no link since you need both nic up to have link). CARP will NOT come up without link on OPT1. My suggestion in terms of best practice is to have a switch on OPT(sync) when using CARP. It has wasted a lot of my time and it IS my fault cause I was cheap just using cross over cable. Tx all .. Hrm...I'll have to test this out at home :-/ At work everything is always plugged into a switch (the machines are miles apart), but at home I'm using a crossover cable for the dedicated sync network. But I didn't think that CARP would stay down forever if the sync interface was down :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CDROM Version Install
On 9/28/05, Scott Ullrich [EMAIL PROTECTED] wrote: The only thing left to try is: http://wiki.pfsense.com/wikka.php?wakka=BootTroubleShooting I had the same problem with different machines. Only in my case if i wait (5 minutes or so) it will finally come through. -- Jeroen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Trouble/Questions about the development version.
I'm guessing something from gcc is missing. I've seen this error before when include files are missing (/usr/include). See if something very simple will compile. vi test.c #include stdio.h main (){ printf(hello yorld\n); } I think that will compile ;) gcc -o test test.c ./test Should spit out hello yorld -Original Message- From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 12:17 PM To: support@pfsense.com Subject: [pfSense Support] Trouble/Questions about the development version. I have been testing pssense to use it to replace a Firebox we currently have on one of our connections. The Firebox currently does webfiltering. I tried to get this working with pfsense and ran into some issues. I installed the pfsense developer version (84 I think). I loaded the ports info and tried to compile dansguardian. I got a message that I have never seen from gcc. Something to the affect that it could not create an executable. Has something been restricted? What do I need to do to get this comiled properly under pfsense/FreeBSD? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Proxy Arp
First some background. I have a multinat configuration working in monowall (mutiple wan IP addresses to 1 or many internal IPs) so pfsense is not so foreign to me. I've tried setting up a similar environment in pfSense 0.85.2. For simplicity, I first tried a basic http port forwarding nat configuration. It didn't work. I setup a virtual IP for the external IP using proxy arp (seems like the proxy arp and server nat settings from monowall combined). Under NAT: Port Forward I set the newly created VIP to point to the internal IP (checked the box to make the rule). Everything looks like it should work but it doesn't. I also tried 1 to 1 with no luck. An external ethereal cap with monowall shows monowall answering arp requests for the virtual IP. The same external capture with pfsense shows no arp replies from pfsense. Besides the radio button on the virtual IP menu, is there another setting for proxy arp? Thanks James Roberson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Trouble/Questions about the development version.
I use a squid 2.5.Stable10 ( install from freebsd 6.0-beta3 and ports/ make package ) + SquidGuard ( install from freebsd 6.0-beta3 and ports make package ) + DB3 ( install from freebsd 6.0-beta3 and ports make package ) + bigurlblacklist. Work very well for web filtering and I use a rule on pf for block default traffic to port 80-83 and 8080-8083 and force use a NCSA authentication from squid. and create a list of users from allowed and dennyed types of sites ( Default ) Work fine. I use the file editor from pfsense for include or remove a clients because htpasswd not more include in pfsense install If you can try this I send for you my squid .conf and squidGuard.conf my 2 cents. flames /dev/null []'s -- -=-=-=-=-=-=-=-=-=- William David Armstrong Bio Systems Security. ICQ 10253747 MSN [EMAIL PROTECTED] -- Ninguém nasce sabendo de tudo. Mas tudo pode ser Aprendido; E principalmente porque tudo pode ser Ensinado By Bio. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Source based routing
Is the Pfsense capable of source based routing as is described here http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/iproute2.html? /this is only for description of problem, i know that Pfsense is no Linux :-}/ Thank you. Regards-Robo. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.6/111 - Release Date: 23.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO
Re: [pfSense Support] Proxy Arp
Well that should be responding to proxy arp.. Weird. If you need this working now change the virtual ip to a carp type. In the meantime I'll run some tests. On 9/28/05, James Roberson [EMAIL PROTECTED] wrote: Its running for the VIP, vr0 is the wan (I added the x's). root 485 0.0 0.3 1192 764 ?? Ss1:30PM 0:00.00 /usr/local/sbin/choparp vr0 auto xxx.xxx.149.241/27 At 12:51 PM 9/28/2005, you wrote: Is choparp running on your system? ps awux | grep chop from a shell will tell us. Scott On 9/28/05, James Roberson [EMAIL PROTECTED] wrote: First some background. I have a multinat configuration working in monowall (mutiple wan IP addresses to 1 or many internal IPs) so pfsense is not so foreign to me. I've tried setting up a similar environment in pfSense 0.85.2. For simplicity, I first tried a basic http port forwarding nat configuration. It didn't work. I setup a virtual IP for the external IP using proxy arp (seems like the proxy arp and server nat settings from monowall combined). Under NAT: Port Forward I set the newly created VIP to point to the internal IP (checked the box to make the rule). Everything looks like it should work but it doesn't. I also tried 1 to 1 with no luck. An external ethereal cap with monowall shows monowall answering arp requests for the virtual IP. The same external capture with pfsense shows no arp replies from pfsense. Besides the radio button on the virtual IP menu, is there another setting for proxy arp? Thanks James Roberson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Source based routing
In a multi-wan environment on pfSense this can be handled using advanced outbound nat. Scott On 9/28/05, Robo.K. [EMAIL PROTECTED] wrote: Is the Pfsense capable of source based routing as is described here http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/iproute2.html? /this is only for description of problem, i know that Pfsense is no Linux :-}/ Thank you. Regards-Robo. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.6/111 - Release Date: 23.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * Zoner Photo Studio 7 - Spoznajte kuzlo digitalnej fotografie! http://www.zoner.cz/photo-studio * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Proxy Arp
I think I know what's going on. I just noticed the cidr/27. Should be /32. The subnet is /27, but I'm pretty sure this should be /32 (255.255.255.255). I'll check. At 01:58 PM 9/28/2005, you wrote: Well that should be responding to proxy arp.. Weird. If you need this working now change the virtual ip to a carp type. In the meantime I'll run some tests. On 9/28/05, James Roberson [EMAIL PROTECTED] wrote: Its running for the VIP, vr0 is the wan (I added the x's). root 485 0.0 0.3 1192 764 ?? Ss1:30PM 0:00.00 /usr/local/sbin/choparp vr0 auto xxx.xxx.149.241/27 At 12:51 PM 9/28/2005, you wrote: Is choparp running on your system? ps awux | grep chop from a shell will tell us. Scott On 9/28/05, James Roberson [EMAIL PROTECTED] wrote: First some background. I have a multinat configuration working in monowall (mutiple wan IP addresses to 1 or many internal IPs) so pfsense is not so foreign to me. I've tried setting up a similar environment in pfSense 0.85.2. For simplicity, I first tried a basic http port forwarding nat configuration. It didn't work. I setup a virtual IP for the external IP using proxy arp (seems like the proxy arp and server nat settings from monowall combined). Under NAT: Port Forward I set the newly created VIP to point to the internal IP (checked the box to make the rule). Everything looks like it should work but it doesn't. I also tried 1 to 1 with no luck. An external ethereal cap with monowall shows monowall answering arp requests for the virtual IP. The same external capture with pfsense shows no arp replies from pfsense. Besides the radio button on the virtual IP menu, is there another setting for proxy arp? Thanks James Roberson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] James Roberson TDI Library Services, Inc. (www.tdico.com) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 1:1 NAT loopback
Hello, I had read the thread at Aug 26 and found that some pfSense's user able to access 1:1 NATTed service in LAN segment, but when I try it today, it's failed. My testing environment: - the public IP xx.xx.xx.46 1:1 NAT to 10.0.138.9 - proxy ARP the xx.xx.xx.46 - allow any to any access to xx.xx.xx.46 in firewall rule - my workstation IP is 10.0.138.130 - pfSense's IP is xx.xx.xx.42 I did the following steps: - telnet xx.xx.xx.46 110 (of cos. I have POP3 service listening) - I've got connection failed after around 20sec - the states got the following 2 lines: self tcp 10.0.138.130:1941 - xx.xx.xx.42:51404 - xx.xx.xx.46:110 SYN_SENT:CLOSED self tcp xx.xx.xx.46:110 - 10.0.138.130:1941 CLOSED:SYN_SENT Thanks! Simon SZE-To
Re: [pfSense Support] CDROM Version Install
i think, it's the vlan stuffs. if i dont choose to setup vlan, everything went fine. if i choose to setup vlan, it ask to reboot. i think the vlan config is not yet saved when it reboot. so, after reboot, it comes up with vlan setup again... On 9/29/05, Mike [EMAIL PROTECTED] wrote: Well I did everything that the wiki support said to do with no luck. Just for the record I went ahead and installed M0n0Wall on it with no issues. I would rather use PFSense and really need to find a fix. I am scheduled to put this box in place tomorrow so any more help would be greatly appreciated. Thanks, Mike -- --- ... but that which cometh out of the mouth, this defileth a man. Mat 15:11 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] import monowall xml files
i know this has probably been answered in previous posts but i didn't see them. i'm wondering if / how i can move my monowall xml file over to pfsense. i tried to just restore, thinking that i had seen a previous post saying it was ok, it but killed everything and i had to re-install. i would love to try pfsense and most likely will when i have more time. i just really hoped that all my configurations are not lost when moving over. thanks and i apologize if i wasn't detailed enough. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]