RE: [pfSense Support] PF and UT not working
Okay... if I understand correctly, now it seems you are able to see the authentication screen. But once authenticated, you still don't get out. Try turning off MAC checking in pfSense's captive portal setup. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2008 12:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters [EMAIL PROTECTED] wrote: This may have been beaten to death now but if UT is truely in a bridge mode, you shouldn't need an IP address on it except for management. If that is the case, I could change the IP of UT to something in the private range and see if your issues clear up. What is your internet connection. I am going to assume a cable or DSL modem of some sort. What may be happeing is your cable modem sees the IP of your PF box and the MAC of your UT box and somehow not getting the rest of the ARP information. Hi yes as per the suggestion i have changed UT box IP to another range for checking but still i get authentication success, and takes lot of time to resolve domain, and lost the connection. I have Dedicated Internet, and own DNS Server in my network. If i remove UT from network i can get all the things working perfect with out any issue but when i involve UT in bridge mode i am having this problem.. but when i add UT in bridge mode with CP, it works charm but iam adding Pfsense in my network for loadbalance and failover and capitive portal since UT does not have capabilities to do the same job what iam looking any suggestions or most welcome ram
RE: [pfSense Support] PF and UT not working
As RB would say... I'm not contributing to the answer, but helping to give understanding to the problem... Untangle, while in bridged mode still really needs its own IP since one of its primary features is to send daily reports as well as to provide access to quarantined emails. This makes it difficult to put a bridged Untangle outside of pfSense in a normal home environment as most ISPs will only provide one IP (which pfSense would use). Also, another reason to keep Untangle on the inside is to allow per-IP (or per-user if the Active Directory module is installed) rules and reporting features. If ram wants to keep these features (and he likely does) he may need to look into switching Untangle into standard router mode (instead of bridged) and then choose to either double-NAT'ing (easy but I shudder at double NAT'ing) or setting up routes in both boxes allowing only pfSense to do the NAT (a bit more work, and ram may not know how to set it up). - Jason -Original Message- From: sai [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 12:12 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working how is your network setup? 1 PC ---switch UT ---pfsense or 2 PC ---switch ---pfsense UT I would suggest trying 2 since you just want the CP on pfsense sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
It is likely that they are doing as I do... Use pfSense for firewall and VPN, while using Untangle for strictly filtering purposes (web, mail, etc) and not firewalling. - Jason -Original Message- From: RB [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 8:36 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working any one have idea, where iam doing wrong ? Perhaps if you made it a little more clear why you're using two firewall products in-line of each other and what role they're each expected to play. There's likely some unexpected interplay between the two, particularly with the effective MITM a captive portal is. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] PF and UT not working
ram, This is a bit of a shot in the dark, but try turning off services in Untangle... until they are all off. It may be that one of them (like the Intrusion Detection module) is detecting something it doesn't like. - Jason From: ram [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2008 3:41 AM To: support@pfsense.com Subject: Re: [pfSense Support] PF and UT not working On Thu, Jul 24, 2008 at 6:18 PM, Tim Nelson [EMAIL PROTECTED] wrote: It sounds like google.com http://google.com/ is not resolving when you have captive portal enabled. Make sure you have the DNS servers that are assigned to your users in the list of allowed outbound IPs in captive portal. Hi thanks for the reply I have added that IP address in to that Allow IP place but still no success... any other suggestions, looks like some where the packets are dropping. any one have idea, where iam doing wrong ? ram
[pfSense Support] Typo in 1.2 Release RRD?
I see on my RRD graphs for traffic (haven't looked elsewhere yet)... that the last 6 month graph is showing Nov twice and skipping Feb. At the bottom of the graph, I see: Sep Oct Nov Nov Dec Jan Mar Perhaps just mine doing this? I had this pfSense box offline for about 25 days (mid Jan to mid Feb) to test a different box. - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Interesting config XML
I decided to download the config XML for my firewall and noticed a weird thing. In the installedpackages section, I have the following: menu/ service/ package/ Each of these precedes an actual normal menu/menu entry, etc.. (Excluding the package tag, which is long...) menu/ menu nameSnort/name tooltiptextSetup snort specific settings/tooltiptext sectionServices/section url/pkg_edit.php?xml=snort.xmlamp;id=0/url /menu service/ service namesnort/name rcfilesnort.sh/rcfile executablesnort/executable /service They seem unnecessary. - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RE: [pfSense Support] Snort
:87:d0:bd:97 Dec 3 15:00:17 kernel: acpi_button1: Sleep Button on acpi0 Dec 3 15:00:17 kernel: speaker0: PC speaker port 0x61 on acpi0 Dec 3 15:00:17 kernel: fdc0: floppy drive controller port 0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 Dec 3 15:00:17 kernel: fdc0: does not respond Dec 3 15:00:17 kernel: device_attach: fdc0 attach returned 6 Dec 3 15:00:17 kernel: fdc0: floppy drive controller port 0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 Dec 3 15:00:17 kernel: fdc0: does not respond Dec 3 15:00:17 kernel: device_attach: fdc0 attach returned 6 Dec 3 15:00:17 kernel: pmtimer0 on isa0 Dec 3 15:00:17 kernel: orm0: ISA Option ROMs at iomem 0xc-0xcbfff,0xcc000-0xdbfff on isa0 Dec 3 15:00:17 kernel: atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0 Dec 3 15:00:17 kernel: atkbd0: AT Keyboard irq 1 on atkbdc0 Dec 3 15:00:17 kernel: kbd0 at atkbd0 Dec 3 15:00:17 kernel: atkbd0: [GIANT-LOCKED] Dec 3 15:00:17 kernel: ppc0: parallel port not found. Dec 3 15:00:17 kernel: sc0: System console at flags 0x100 on isa0 Dec 3 15:00:17 kernel: sc0: VGA 16 virtual consoles, flags=0x300 Dec 3 15:00:17 kernel: sio0: configured irq 4 not in bitmap of probed irqs 0 Dec 3 15:00:17 kernel: sio0: port may not be enabled Dec 3 15:00:17 kernel: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 Dec 3 15:00:17 kernel: sio0: type 8250 or not responding Dec 3 15:00:17 kernel: sio1: configured irq 3 not in bitmap of probed irqs 0 Dec 3 15:00:17 kernel: sio1: port may not be enabled Dec 3 15:00:17 kernel: vga0: Generic ISA VGA at port 0x3c0-0x3df iomem 0xa-0xb on isa0 Dec 3 15:00:17 kernel: Timecounter TSC frequency 1666738912 Hz quality 800 Dec 3 15:00:17 kernel: Timecounters tick every 1.000 msec Dec 3 15:00:17 kernel: Fast IPsec: Initialized Security Association Processing. Dec 3 15:00:17 kernel: ad0: 3079MB WDC AC23200L 09.09M08 at ata0-master UDMA33 Dec 3 15:00:17 kernel: acd0: DMA limited to UDMA33, device found non-ATA66 cable Dec 3 15:00:17 kernel: acd0: DVDR DVD-RW IDE1008/VER 0057 at ata1-master UDMA33 Dec 3 15:00:17 kernel: Trying to mount root from ufs:/dev/ad0s1a Dec 3 15:00:17 kernel: fxp0: link state changed to UP Dec 3 15:00:17 kernel: sis0: link state changed to UP Dec 3 15:00:17 kernel: vr0: link state changed to UP Dec 3 15:00:17 kernel: fxp0: link state changed to DOWN Dec 3 15:00:19 kernel: fxp0: link state changed to UP Dec 3 15:00:59 kernel: pflog0: promiscuous mode enabled Dec 3 15:01:09 pftpx[420]: listening on 127.0.0.1 port 8021 Dec 3 15:01:09 pftpx[420]: listening on 127.0.0.1 port 8021 Dec 3 15:01:09 pftpx[444]: listening on 127.0.0.1 port 8022 Dec 3 15:01:09 pftpx[444]: listening on 127.0.0.1 port 8022 Dec 3 15:01:13 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Dec 3 15:01:13 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Dec 3 15:01:13 dhcpd: All rights reserved. Dec 3 15:01:13 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Dec 3 15:02:10 php: : Creating rrd update script Dec 3 15:02:10 dhcpd: Internet Systems Consortium DHCP Server V3.0.5 Dec 3 15:02:10 dhcpd: Copyright 2004-2006 Internet Systems Consortium. Dec 3 15:02:10 dhcpd: All rights reserved. Dec 3 15:02:10 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/ Dec 3 15:02:12 php: miniupnpd: Starting service on interface: lan, opt1 Dec 3 15:02:12 miniupnpd[841]: HTTP listening on port 2189 Dec 3 15:02:13 php: : Resyncing configuration for all packages. Dec 3 15:02:13 php: : XML error: not well-formed (invalid token) at line 1 Dec 3 15:02:33 SnortStartup[927]: Ram free BEFORE starting Snort: 12M -- Ram free AFTER starting Snort: 12M -- Mode ac-sparsebands -- Snort memory usage: Dec 3 15:02:33 miniupnpd[841]: received signal 15, good-bye Dec 3 15:02:34 check_reload_status: check_reload_status is starting Dec 3 15:02:34 miniupnpd[969]: HTTP listening on port 2189 Dec 3 15:02:35 login: login on ttyv0 as root Dec 3 15:02:35 sshlockout[973]: sshlockout starting up Dec 3 15:02:35 sshlockout[973]: sshlockout starting up Dec 3 15:02:50 SnortStartup[998]: Ram free BEFORE starting Snort: 12M -- Ram free AFTER starting Snort: 13M -- Mode ac-sparsebands -- Snort memory usage: -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, December 03, 2007 1:59 PM To: support@pfsense.com Subject: Re: RE: [pfSense Support] Snort On 12/3/07, Jason J. Ellingson [EMAIL PROTECTED] wrote: Most excellent. However (the ungrateful scum I am), now snort will not start at all... the error is: php: : Snort will not start. You must select an interface for it to listen on. I have double checked and the WAN is selected. Perhaps I
[pfSense Support] Change Quality IP?
Is there a way to change the IP monitored by the quality graphs? I know it uses the gateway, but that is a router next to the pfSense box. I'd rather it check the head from my ISP. - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Snort
Just tried out Snort on 1.2RC3... So far, so good... just a couple of notes: pfSense doesn't like: dos.rules - multiple ports listed: [135,137,138,139,445] -and- scan.rules - UDP protocol So I disabled those for now. Let's see how it goes... - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DHCP on OPT1
I have my Vonage box (made by LinkSys) on OPT1 and told it to use DHCP. After it got its first IP (10.2.10.199), I clicked on the box to set the DHCP to a static IP of 10.2.10.200. I get a log full of this... Nov 15 08:29:30 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:29:30 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:29:39 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:29:39 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:29:39 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:29:48 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:29:48 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:29:48 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:29:57 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:29:57 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:29:57 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:06 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:06 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:06 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:15 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:15 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:15 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:24 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:24 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:24 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:33 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:33 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:33 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:42 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:42 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:42 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:30:51 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:30:51 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:30:51 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:00 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:00 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:00 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:09 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:09 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:09 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:18 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:18 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:18 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:27 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:27 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:27 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:36 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:36 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:36 dhcpd: DHCPACK on 10.2.10.200 to 00:12:17:23:b5:3a via vr0 Nov 15 08:31:45 dhcpd: uid lease 10.2.10.199 for client 00:12:17:23:b5:3a is duplicate on 10.2.10/24 Nov 15 08:31:45 dhcpd: DHCPREQUEST for 10.2.10.200 from 00:12:17:23:b5:3a via vr0 Nov 15 08:31:45
[pfSense Support] 1.0.1 and snort
Snort worked fine until I installed 1.0.1 (from 1.0) Now, I see the normal startup messages for snort in the system logs and get the usual memory and CPU use as before, but nothing seems to actually trigger a snort alert or add anything to the blocked list. I tried uninstalling and reinstalling the package, but that didn't help. I also tried different modes (ac, lowmem, and sparseband) Is there something I can run to help figure this out? - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfsense - Speed up SNORT blocked rules page?
I picked reinstall package (using FireFox GRIN) and ended with an error at the bottom of the page: Fatal error: Call to undefined function: sync_package_snort_reinstall() in /etc/inc/pkg-utils.inc(444) : eval()'d code on line 1 Snort seemed to be uninstalled. Went to packages and installed it. Works. - Jason -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, October 27, 2006 12:10 PM To: support@pfsense.com Subject: Re: [pfSense Support] pfsense - Speed up SNORT blocked rules page? I fixed this recently. Reinstall snort. On 10/27/06, Darren Cockburn [EMAIL PROTECTED] wrote: Hi, I love pfsense - really - I've been using it for about 5 months and it's the best software gateway I have ever used! Any way ... Any idea how to Speed up the snort blocked rules page? It takes 5-10 minutes to display the blocked IP's. Using pfsense 1.0-RELEASE - Running snort in MWM mode - 'Associate events on Blocked tab' is NOT checked - The machine's not overloaded CPU is at 40% Memory is at 80% - Darren. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] interface deletion breaks pf.conf rules
I would vote for: A removal of an interface would just disable the appropriate NAT and rules. Set the GUI to not allow reactivation of a NAT or rule that is for a non-existing interface... You need to change the interface to an existing one to re-enable it. With the possibility of dynamically appearing interfaces (including possibly hot swap of NICs), there should actually be 2 (two) disable settings. The existing disable could be labeled user disabled and the second as system disabled. This means that if you have some rules for an interface and some of them are disabled already by the user When the system has to disable all the rules because of a interface removal, it would only check the system disabled flags. Then, when the interface comes back (or another is created with same name), the system can re-enable all of the system disabled rules while maintaining the user disabled status of those same rules. My ramblings on the subject anyhow - Jason -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, August 06, 2006 5:05 PM To: support@pfsense.com Subject: Re: [pfSense Support] interface deletion breaks pf.conf rules On 8/6/06, Raja Subramanian [EMAIL PROTECTED] wrote: I have an RC2 setup with load balancing going on multiple WAN interfaces (WAN, OPT1, 2). I deleted the OPT3 interfacee, but did not delete the corresponding NAT rules associated with OPT3. Upon applying changes, I realised that I had shot myself in the foot! My /tmp/rules.debug had a line like: nat on $ from ... Note that the interface name is just $. Consequently, this broke the pf rules and completely locked me out of the box. I could ping the LAN interface, but no ssh/http. I had to restore the config on console to bring it back. I can also confirm that deleting the NAT rules *before* deleting the interface causes no problems what so ever. I did not have any filter rules or altq specified on OPT3, so the same problem may also occur outside of the NAT rules. Can the pf rule generator be made smarter to compensate for my stupidity? Perhaps we could automagically disable rules that have lost their interfaces. Sorry for not reproducing exact error messages or logs. I don't have the pfsense box around atm. I've opened a ticket for this. We either need to: * Not allow the removal of an interface when existing references are in place (rules or nat entries) or * Detect removed interfaces correctly and do not install rules for that item or * Have assign interfaces automatically remove any nat or firewall rule entries upon deleting an interface but that does not allow you to simply insert a new nic and reassign and have all of your nat and or firewall entries automagically change over I'll have to give this some thought of what is the best method for getting rid of this problem. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] NAT 1:1 and routing issue
Reboot any switches along with the routers and machines... I've seen switches hold on to ARP entries for an looong time. Just my 2 cents worth. - Jason -Original Message- From: Derrick MacPherson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 27, 2006 4:33 PM To: support@pfsense.com Subject: Re: [pfSense Support] NAT 1:1 and routing issue Well it seems to be just for this one IP. that's what I find really odd On Thu, 2006-04-27 at 17:09 -0400, Scott Ullrich wrote: Not really, that is strange. Scott On 4/27/06, Derrick MacPherson [EMAIL PROTECTED] wrote: ya this is weird. It works to my 2 test machines, but not my ftp server. I've checked routing on the boxes, and it looks the same. Any suggestions? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Vonage vs. Bittorrent (QoS question)
When I had Vonage problems, I cheated. I bought the LinkSys 2-line Router (RT31P2) - it has Vonage service built in. I enabled the DMZ feature on the LinkSys and pointed it to the pfSense box. Everything squeaky clean now! Internet - Linksys - pfSense - LAN Technically, it is double NAT'ing your LAN data, but that's AOK for me. I don't know if the LinkSys will forward Internet initiated non - TCP/UDP data. But I do know it does from pfSense side. This is only an issue if you like to use your pfSense box for mobile IPSec (where the remote user is mobile, but your pfSense is static -- the other way works fine). - Jason -Original Message- From: mOjO [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 26, 2006 3:13 AM To: support@pfsense.com Subject: [pfSense Support] Vonage vs. Bittorrent (QoS question) the epic struggle continues... i have Cable internet with a 8mb download and 768kb upload. my pfSense box is an old AMD K6-2 350mhz box with 128MB ram. i used the traffic shaper wizard (god bless the wizard) to configure my QoS and it does work but i want to even further prioritize the Vonage because when the torrents are really going i sometimes hear weird audio artifacts and while I hear the other end fine (plenty of downstream b/w) the other end complains of me breaking up and there is definitely a noticable 1-2 sec. delay in their response. I just got off the phone and it was usable but a bit choppy on his end and it cut me off twice. Right now I have 3 active torrents and 2 seeding with total download around 90KB/sec and upload around 53KB/sec, pfSense shows 1500 states, 29% memory usage, and a steady 15-25% CPU usage. everything appears to be registering in the appropriate queues (I can see the VoIP queue go up when i talk and the P2P queue is active as well). So I want the Vonage to work flawlessly despite the abuse i put my WAN link through. I have opened and forwarded UDP 5060-5061 to the vonage router which is on my regular internal lan. The QoS settings are really greek to me and i've perused some docs which do explain the settings to some degree but i'm still not sure what really helps vonage work smoothly. Can anybody reccomend any settings changes beyond what the wizard sets for vonage? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Passive FTP - sorry
Sorry... But I seem to be brain dead... Co-location server (Downtown): I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP Proxy enabled only on OPT1 (disabled/checked on WAN). Personal client (Home): I have an FTP client behind a normal NAT on the LAN interface and FTP Proxy enabled only on LAN (disabled/checked on WAN). Active FTP works fine. However, passive does not. The PASV is sent by the client and seen by the server just fine. The 227 Entering Passive Mode (10,0,0,2,5,24) is sent back by the sever, but the client does not see it at all. Is the 1:1 NAT confusing the OPT1 FTP Proxy? Perhaps the proxy is resending the packet out the WAN using the pfSense WAN IP and not the external IP in the 1:1 NAT that it should. Sound right? It would explain why the client isn't seeing it... The packet is coming from the wrong IP. - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Passive FTP - sorry
Both pfSense boxes are using 4-08-2006 snapshot. I'll give the sync command a try. - Jason -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 11, 2006 3:21 PM To: support@pfsense.com Subject: Re: [pfSense Support] Passive FTP - sorry This was fixed a few days ago. cvs_sync.sh releng_1 or update to the latest snapshot. On 4/11/06, Jason J Ellingson [EMAIL PROTECTED] wrote: Sorry... But I seem to be brain dead... Co-location server (Downtown): I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP Proxy enabled only on OPT1 (disabled/checked on WAN). Personal client (Home): I have an FTP client behind a normal NAT on the LAN interface and FTP Proxy enabled only on LAN (disabled/checked on WAN). Active FTP works fine. However, passive does not. The PASV is sent by the client and seen by the server just fine. The 227 Entering Passive Mode (10,0,0,2,5,24) is sent back by the sever, but the client does not see it at all. Is the 1:1 NAT confusing the OPT1 FTP Proxy? Perhaps the proxy is resending the packet out the WAN using the pfSense WAN IP and not the external IP in the 1:1 NAT that it should. Sound right? It would explain why the client isn't seeing it... The packet is coming from the wrong IP. - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Static routes over IPSec
But, could the rules be applied to data being received from a tunnel? With mobile IPSec clients (ignoring PPTP as an option), there is no way to control data received. You can only have filters on what goes into a tunnel and not what is coming out. If this could be overcome, that'd be great and I could move more people from PPTP to IPSec. - Jason -Original Message- From: Peter Curran [mailto:[EMAIL PROTECTED] Sent: Thursday, March 30, 2006 8:53 AM To: support@pfsense.com Subject: Re: [pfSense Support] Static routes over IPSec This problem is caused because IPsec tunnel mode creates 'implicit' tunnels. These are not visible to the rest of the IP layer, because the decision to tunnel the traffic is made after the packet has been forwarded. One easy solution is to create an 'explicit' tunnel, using something like GRE, and then secure this using IPsec transport mode. I did have this working fine on a hacked version of m0n0wall a year or so ago, and I daresay that it could be implemented on pfsense. To be honest, I thought it was (using gif tunnels) as I am sure it appeared in an earlier release. From a usage viewpoint you would just see a new optional interface that you could route stuff to (also apply firewall and traffic shaper rules). The basic characteristics are the same (GRE has higher overheads, so the MTU would be reduced a little. IP-in-IP using GIF is the same overhead as IPsec tunnel mode). /Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Static routes over IPSec
I guess I'm encountering a mental block on how to do this... Can anyone help? I have two pfSense boxes in different locations (and obviously on the Internet). I have a LAN to LAN IPSec between them. 192.168.1.x - 192.168.19.x The far pfSense box also has a DMZ/OPT1 network: 10.0.0.x Is there a way to have traffic from my 192.168.1.x network go over the IPSec tunnel to talk to the 10.0.0.x network? Perhaps I need to look at establishing a second IPSec tunnel? 192.168.1.x - 10.0.0.x I have tried setting up a static route on the local box (192.168.1.x) that points 10.0.0.x traffic to gateway of 192.168.1.1 (remote LAN gateway), but that didn't seem to work. Thanks all! - Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] FTP and Tunnels
I have an FTP server behind 1:1 NAT pfSense I have internet users connecting through the WAN to LAN (1:1 NAT). I have myself connecting to the FTP server via an IPSec tunnel. FTP userland works great for external connections to the server. However, the userland helper catches data headed to an IPSec tunnel as well. This breaks things as it rewrites the IP address with the WAN IP. That is great if it was going out the WAN port, but it isn't. Is there a way to disable FTP userland helper for tunnels, but keep them for non-tunneled traffic? Currently, I have the LAN and WAN helpers turned on for the pfSense protecting the FTP server and only have the WAN helper turned on at my home pfSense box. -- This allows me only Active connections to my FTP server over the IPSec tunnel and only Passive connections to FTP servers I connect to on the internet. It also allows the FTP server to still provide both passive and active connections to internet connecting users. Jason J Ellingson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] FTP and Tunnels
Downloaded and installed: 1.0-BETA1-TESTING-SNAPSHOT-1-29-06 on both firewalls (colocation and home). Slightly different problem now... With the helper on the LAN (home pfSense), no FTP connection is possible... the connection attempt never even gets through the tunnel. Perhaps it is now always catching destination port 21 and always pushing it over the WAN (and not allowing it over the tunnel at all)? At least before, the connection worked, but port commands got changed with when they should have been left alone. Disabling my home pfSense LAN helper allows me to do as before... Jason J Ellingson -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 31, 2006 10:15 AM To: support@pfsense.com Subject: Re: [pfSense Support] FTP and Tunnels This was fixed after beta 1 (1:1 and FTP). Please upgrade to one of the testing versions. On 1/31/06, Jason J. Ellingson [EMAIL PROTECTED] wrote: I have an FTP server behind 1:1 NAT pfSense I have internet users connecting through the WAN to LAN (1:1 NAT). I have myself connecting to the FTP server via an IPSec tunnel. FTP userland works great for external connections to the server. However, the userland helper catches data headed to an IPSec tunnel as well. This breaks things as it rewrites the IP address with the WAN IP. That is great if it was going out the WAN port, but it isn't. Is there a way to disable FTP userland helper for tunnels, but keep them for non-tunneled traffic? Currently, I have the LAN and WAN helpers turned on for the pfSense protecting the FTP server and only have the WAN helper turned on at my home pfSense box. -- This allows me only Active connections to my FTP server over the IPSec tunnel and only Passive connections to FTP servers I connect to on the internet. It also allows the FTP server to still provide both passive and active connections to internet connecting users. Jason J Ellingson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] themes
Sure... As usual, more stuff that doesn't work well for us stubborn IE users. I have no big love for IE, but plenty of clients out there have it as their corporate standard. Turn on script error reporting and you'll see IE toss up errors on pfSense.com's mirror pages. Same thing on this Octopus page... The demos toss out scripting errors. Maybe I bitch too much, but if I don't, you guys may not ever know the problem exists. - Jason -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, January 16, 2006 12:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] themes Yummm! Let's get this in 1.1 pronto! :) Scott On 1/16/06, Rajkumar S [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Send them to me directly and I will see what Erik thinks. Done, from my gmail address. While we are at it, saw a nifty link in digg today. http://www.dragon-labs.com/articles/octopus/ The Octopus Engine attempts to unify techniques for rounded corners, drop shadows, custom borders and faux columns, all in one pretty package. It's an all-in-one, one in all approach, encompassing whatever effects one needs. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Static DHCP entry bug - solution...
I don't remember. We are using 4801 boxes because of space and cost limitations. Jason J Ellingson615.301.1682 : nashville612.605.1132 : minneapoliswww.ellingson.com[EMAIL PROTECTED] From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Friday, November 04, 2005 3:24 PMTo: support@pfsense.comSubject: RE: [pfSense Support] Static DHCP entry bug - solution... Was this setup using the "ppf" Printer Port Forwarder package? This seems to be what you are looking for. Give me a bit of info and if I have the time, I will try to implement. I would like to see this feature in place also. Was there something specific about this board that was causing problems versus a generic pc?RobertOn Thu, 2005-11-03 at 08:57 -0600, Jason J. Ellingson wrote: I may have not been clear as to where the problem was. At least I'm verse enough to find fixes for some of these bugs. What I still need (badly) is that package Colin (I think it was Colin) was working on that made the USB port on the Soekris 4801 show as a RAW printer port. I will use windows drivers... I just need the port 9100 (I think that's it). I was looking at the FreeBSD info on how to set it up. It "looks" like it shouldn't be much work since I'm not actually needing a processing queue or anything... but I'm stupid when it comes to *nix. Anyone that can make a package for printing from the USB port on a Seokris 4801 will receive CASH reward (via PayPal or Check or small unmarked bills... your pick). -------- Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 03, 2005 8:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] Static DHCP entry bug - solution... Oh crap, no wonder I couldn't reproduce this bug. I had my head up my ass and thought you were referring to the DHCP Status screen which I did update. --Bill On 11/2/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: Static DHCP mapping issue (doesn't show any at bottom of DHCP Server page even though they exist). Broken: 0.90a 0.90 0.89.2 0.88 Works: 0.86.4 Figured out the bug... Line 404 in: services_dhcp.php v 1.38.2.4 2005/10/18 23:47:10 sullrich The line reads: ?php if($mapent['mac'] "" and $mapent['ipaddr'] ""): ? It should read: ?php if($mapent['mac'] ""): ? Reason: IP Address is not required for entry into the static DHCP table; only the MAC is. All my entries do not have IPs. Why do I not use IPs? Because I want them to still be dynamic, but I use the "Deny unknown clients"... which requires all the MAC addresses to be listed in this table. -------- Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 01, 2005 8:21 AM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 On 11/1/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: I know it was working before the latest upgrade. If there is a repository of old upgrades, I'll keep going back until I see the version that first causes this. Perhaps then I'll mull through the code to see what changes were made. There were changes (although I don't think there were any to the parsing code for display), it's entirely possible. The old installs are at: http://www.pfsense.com/old/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Static DHCP entry bug - solution...
I may have not been clear as to where the problem was. At least I'm verse enough to find fixes for some of these bugs. What I still need (badly) is that package Colin (I think it was Colin) was working on that made the USB port on the Soekris 4801 show as a RAW printer port. I will use windows drivers... I just need the port 9100 (I think that's it). I was looking at the FreeBSD info on how to set it up. It looks like it shouldn't be much work since I'm not actually needing a processing queue or anything... but I'm stupid when it comes to *nix. Anyone that can make a package for printing from the USB port on a Seokris 4801 will receive CASH reward (via PayPal or Check or small unmarked bills... your pick). Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, November 03, 2005 8:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] Static DHCP entry bug - solution... Oh crap, no wonder I couldn't reproduce this bug. I had my head up my ass and thought you were referring to the DHCP Status screen which I did update. --Bill On 11/2/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: Static DHCP mapping issue (doesn't show any at bottom of DHCP Server page even though they exist). Broken: 0.90a 0.90 0.89.2 0.88 Works: 0.86.4 Figured out the bug... Line 404 in: services_dhcp.php v 1.38.2.4 2005/10/18 23:47:10 sullrich The line reads: ?php if($mapent['mac'] and $mapent['ipaddr'] ): ? It should read: ?php if($mapent['mac'] ): ? Reason: IP Address is not required for entry into the static DHCP table; only the MAC is. All my entries do not have IPs. Why do I not use IPs? Because I want them to still be dynamic, but I use the Deny unknown clients... which requires all the MAC addresses to be listed in this table. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 8:21 AM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 On 11/1/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: I know it was working before the latest upgrade. If there is a repository of old upgrades, I'll keep going back until I see the version that first causes this. Perhaps then I'll mull through the code to see what changes were made. There were changes (although I don't think there were any to the parsing code for display), it's entirely possible. The old installs are at: http://www.pfsense.com/old/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Static DHCP entry bug - solution...
Static DHCP mapping issue (doesn't show any at bottom of DHCP Server page even though they exist). Broken: 0.90a 0.90 0.89.2 0.88 Works: 0.86.4 Figured out the bug... Line 404 in: services_dhcp.php v 1.38.2.4 2005/10/18 23:47:10 sullrich The line reads: ?php if($mapent['mac'] and $mapent['ipaddr'] ): ? It should read: ?php if($mapent['mac'] ): ? Reason: IP Address is not required for entry into the static DHCP table; only the MAC is. All my entries do not have IPs. Why do I not use IPs? Because I want them to still be dynamic, but I use the Deny unknown clients... which requires all the MAC addresses to be listed in this table. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 8:21 AM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 On 11/1/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: I know it was working before the latest upgrade. If there is a repository of old upgrades, I'll keep going back until I see the version that first causes this. Perhaps then I'll mull through the code to see what changes were made. There were changes (although I don't think there were any to the parsing code for display), it's entirely possible. The old installs are at: http://www.pfsense.com/old/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] BUG: reboot.php metallic theme looks wrong. Fix inside...
File: reboot.php Vers: 1.7 Date: 2005/09/18 User: sullrich Problem: Bottom of page looks wrong in metallic theme. The gray bar is off to the right. Bug: center tag is missing its matching closing /center tag. Solution: Between lines 57 and 58 add the closing /center tag. Code (before): ?php endif; ? ?php include(fend.inc); ? Code (after): ?php endif; ? /center ?php include(fend.inc); ? Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IE7 update?
Since the pages are using IE7... do you plan to update from IE7 version 0.7.3 (alpha) to IE7 version 0.9 (alpha)? Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] bug in 0.89.2
I know it was working before the latest upgrade. If there is a repository of old upgrades, I'll keep going back until I see the version that first causes this. Perhaps then I'll mull through the code to see what changes were made. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 10:39 PM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 On 10/31/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: Was missing before reboot. Was missing after reboot. Was missing after removing the cache. Was missing after reboot after removing the cache. No joy. Strange. Anyone else seeing this? I just finished powering off all my hardware (eerie how quiet the house became too!) so can't check this. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] bug in 0.89.2
I even wiped the system and installed fresh from the 0.89.2 Live CD. I did not further modifications (no rules, nothing)... just went straight to adding MACs to the DHCP Server and they don't show up. They are saving in the config... just not showing on the screen. Anything I can do to help debug this? The PC is a standard generic Pentium II - 233 MHz with 256MB RAM. One Intel NIC, one SIS NIC. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 2:22 AM To: support@pfsense.com Subject: RE: [pfSense Support] bug in 0.89.2 Strange... It works perfectly for me... --- Jason J. Ellingson [EMAIL PROTECTED] a écrit : DHCP Server... can't see the registered MACs at the bottom of the page. It is empty, even when you've added a MAC for DHCP... attempts to add a MAC twice results in error... MAC already exists. looking in config.xml and, yup, it is there... Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] bug in 0.89.2
Was missing before reboot. Was missing after reboot. Was missing after removing the cache. Was missing after reboot after removing the cache. No joy. Also, noticed that the metallic theme... bottom of reboot screen, the grey box, it is off center to the right about 20 pixels. Looks correct on all other pages. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 8:16 AM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 rm /tmp/config.cache and see if they show up afterwards. Also, have you rebooted since the DHCP change (other than rm /tmp/config.cache this shouldn't make any other difference, so don't get your hopes up :)) --Bill On 10/31/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: I even wiped the system and installed fresh from the 0.89.2 Live CD. I did not further modifications (no rules, nothing)... just went straight to adding MACs to the DHCP Server and they don't show up. They are saving in the config... just not showing on the screen. Anything I can do to help debug this? The PC is a standard generic Pentium II - 233 MHz with 256MB RAM. One Intel NIC, one SIS NIC. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 2:22 AM To: support@pfsense.com Subject: RE: [pfSense Support] bug in 0.89.2 Strange... It works perfectly for me... --- Jason J. Ellingson [EMAIL PROTECTED] a écrit : DHCP Server... can't see the registered MACs at the bottom of the page. It is empty, even when you've added a MAC for DHCP... attempts to add a MAC twice results in error... MAC already exists. looking in config.xml and, yup, it is there... Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] bug in 0.89.2
DHCP Server... can't see the registered MACs at the bottom of the page. It is empty, even when you've added a MAC for DHCP... attempts to add a MAC twice results in error... MAC already exists. looking in config.xml and, yup, it is there... Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 1 to 1 NAT
I have several servers behind a 1:1 NAT. All I did was map IP to IP and add the rules. I did not use virtual IPs or anything else. It works great... HOWEVER, you have to do it for EACH IP... it doesn't work when you try to do a block. Make a 1:1 NAT for each and every IP individually. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] FTP Helper problem
Lately I've been having problems with the FTP-helper. It works initially, but then something times out when you aren't active and FTP connections no longer make it out. Example, I use the DOS FTP command to connect to an ftp server. My PC - LAN - pfSense - WAN - Internet - FTP server Works great... but I stop issuing commands for a few minutes... At that point further attempts to connect to any FTP server from my PC fails. I watched the remote servers and they never get a connect attempt even. Clearing the states and NAT tables doesn't fix it. Only stopping the FTP-Helper on pfSense and restarting it fixes the problem. Also, it seems to also catch FTP connections going over the IPSec tunnel. Shouldn't it only catch connections going over NAT (LAN-WAN)? Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] passive ftp (strike 2)
I had to use a passive port range (I chose 5000-5099) on the FTP server software and then open a firewall rule for those ports to that server. I don't like it, but at least it works for me for now. I see the FTP helper/proxy correctly changing the PORT commands, but the firewall states aren't allowing the connection through. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: jonathan gonzalez [mailto:[EMAIL PROTECTED] Sent: Monday, October 24, 2005 4:18 PM To: support@pfsense.com Subject: Re: [pfSense Support] passive ftp (strike 2) Scott, i put a rule as you told me but this doesn't seems to work. The only way to enable ftp (active) is de-activating the ftp-helper. This is a snippet of the ftp window in my workstation: SNIP 220-Local time is now 23:05. Server port: 21. 220-This is a private system - No anonymous login 220 You will be disconnected after 15 minutes of inactivity. [...] ftp ls 200 PORT command successful 150 Connecting to port 3378 [...] ftp passive Passive mode on. ftp ls -l 227 Entering Passive Mode (192,168,1,11,237,181) ftp: connect: No route to host ftp ftp ftp passive Passive mode off. ftp ls -l 200 PORT command successful 150 Connecting to port 3380 [...] 226-Options: -l 226 4 matches total /SNIP As you can see active connections works but passive don't. The negotiated port within the connection is 60853 ((256*237) + 181). My ftp server (pure-ftpd) is allowing passive ports from 49000 to 65000 (49000 that is the first port that pfSense understands as available for passive transfers as i saw in the internal code) so it shows the passive ftp is not yet working :( Any ideas? Hope this helps. Regards, jonathan Scott Ullrich wrote: Do you have a rule permitting traffic from the WAN interface to 127.0.0.1? If not, try this. On 10/24/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Scott, 0.89.2 built on Sat Oct 22 22:16:29 UTC 2005 jonathan Scott Ullrich wrote: What version? On 10/24/05, jonathan gonzalez [EMAIL PROTECTED] wrote: Hi group, i keep on having trouble while access my ftp server on one of my lan's from internet. Active ftp works fine, but, even if we have discussed this in the past and a ticket in the cvs were opened to solve somehow this issue something seems to be present yet arround this theme. I tried, as i said, to ftp from internet to my ftp server but i'm unable. If i disable ftp-helper it works in active mode but passive ftp won't (of course there's not ftp-helper running). Also i think (i should test it more times) that the pftpx command do not update the ip address in the '-b' flag (the public ip) when the wan interface is dynamic, so in some cases the pftpx command is running in the pfSense box with an ip address for the '-b' flag that is not the configured in the WAN interface. I think you should take this into consideration for future releases. I look forward someone to help me telling me if someone else is having the same behaviour in their boxes. Thanks in advance. jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]