Re: [pfSense Support] License
Looks nice! I would be interested in this also. Robert On Thursday 24 January 2008 14:40, Richard Sperry wrote: So if I wanted OSSIM.net integration, what would I pay? Give me and the group the sales pitch, please. Richard Sperry Director of Operations WrinkleBrain, Inc. [EMAIL PROTECTED] 206.729.4799 x13 MCP - Small Business Specialist WOT - Thawte Notary CONFIDENTIALITY NOTICE: The information in this electronic mail transmission is legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the transmission is strictly prohibited. If you have received this transmission in error, please delete the message and immediately notify us by telephone at 206.729.4799 or by responding to this email. If this email is signed or encrypted you may not forward to another party with out written permission in a signed email. Recycle Notice: This email was sent using recycled electrons. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, January 24, 2008 11:32 AM To: support@pfsense.com Subject: Re: [pfSense Support] License On 1/24/08, Eugen Leitl [EMAIL PROTECTED] wrote: The support is worth every penny, though (said as a paying customer). Thanks for the kind words!! Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] user interface bug with minimum font size set
I have had this issue also. The quickest fix to to use the CTRL + or CTRL - keys to change the font temporarily. This way you don't have to deal with a smaller size font all the time. Robert On Friday 04 January 2008 11:01, Chris Buechler wrote: Paul M wrote: is this a known feature/bug? using firefox on linux and setting minimum font size to 13, and the metallic theme on pfsense 1.2RC3, I find that the diagnostics tab wraps off the end and appears under the system tab, and then you can't access anything under the system tab any more. this confused me greatly until I stumbled across the reason just now - my laptop (whose small hires display) first exhibited the problem and I didn't realise the connection between my installing extra fonts and tweaking the minimum size. That's been known for a while. IIRC there isn't any easy fix, or at least it hasn't been a priority, so the stock reply is don't do that. :) If you know of a fix, patches are welcome. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Disabling Auto-REFRESH
It does get a bit annoying at times. At least being able to set/override the refresh rate would be nice. Robert On Tuesday 11 December 2007 09:29, Dziuk, Fred J wrote: Is there a setting to disable the automatic refresh of the many pages within the SYSTEM LOG. I try to look at the display and before I can complete a FIND or manually browse through the data, the auto-refresh kicks in and I am back at the top of the page and my FIND window disappears. How about a MANUAL refresh option? Fred Dziuk Univ. of Texas Health Science Center at San Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Disabling Auto-REFRESH
Thanks Scott! I entered a ticket for the request. Robert On Tuesday 11 December 2007 14:10, Scott Ullrich wrote: cvstrac.pfsense.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Checkin 20231
Great idea, can't wait to see it. Robert On Wednesday 28 November 2007 15:44, Scott Ullrich wrote: On 11/28/07, Ole Barnkob Kaas [EMAIL PROTECTED] wrote: A bit offtopic - but bogons jogged my memory. Anyone thought on implementing this: http://www.spamhaus.org/drop/index.lasso It will be supported in a future version. Currently HEAD has code to allow for a alias to download a URL every X minutes and populate its contents into the alias. This would allow someone to do what you wish to do but without hardcoding the information to once site. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DNS Issues with 1.2 RC2
I will try this later to see what the result is. Scott's suggestion of using a static route worked perfectly. The trouble seemed to come from using OPT1 and OPT2 DNS servers as the default. The pfsense machine was trying to resolve with those DNS servers using the WAN interface. I added entries for the LAN section of the firewall rules. This set the correct outbound interface for machines on the LAN but did not seem to help the pfsense machine itself. If the ISP used on the WAN interface did not has lousy DNS servers, I would never have noticed this issue. Robert On Friday 26 October 2007 05:36, Paul M wrote: Robert Goley wrote: based routing. DNS refuses to work. This is because the pfsense machine can I have no answer for you, but an idea to try. run tcpdump -l -n -i xxx udp and port 53 on the firewall for each interface xxx in turn whilst trying to resolve and see if any packets are seen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DNS Issues with 1.2 RC2
I have a multi wan setup with 3 WAN interfaces and 1 LAN. It is using policy based routing. DNS refuses to work. This is because the pfsense machine can not resolve anything. The DNS servers are correct. They are pingable from the pfsense machine. They are accessible from machines on the LAN. A traceroute shows that the pfsense machine is trying to access DNS servers for OPT1 and OPT2 using the WAN interface instead. I setup rules for the LAN interface so that all connections to the specific DNS server must go out over specific interfaces. This works for the LAN but does not work for the pfsense machine itself. Can some one provide some insight to this? Do I need to add static routes for these instead of LAN firewall entries? The warnings on the static routes page seems to indicate that I should not. I am sure that others are using multiple DNS servers from multiple ISPs in a multi-wan setup. What am I missing? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Strange issues with Fedex.com
I have had similar issues with the MTU that were unrelated to pfSense. The trouble I had was will an ISP supplied DSL modem that could not handle the MTU sizes in a bridged mode. We had to replace the ISP router with a Cisco model that would work correctly. the problem router was a SpeedStream. The problem manifested by certain sites not working and everything else appearing to work flawlessly. Robert On Wednesday 01 August 2007 14:53, Scott Ullrich wrote: On 8/1/07, Tim Dickson [EMAIL PROTECTED] wrote: Plain Text noted(thanks, just wanted to get the pass image in the rule :) ) Recommened MTU is 1504, so 1500 should be fine ( I switched to 1400 just for kicks to no avail) FYI, this is ONLY for fedex.com too... Am I right to assume it isn't the firewall? -Tim Hrm, I wouldn't be so sure as of yet. What version are you on? If you are not on a recent snapshot can you please try? We fixed a bug in PF w/ modulate state but I doubt that would help but it's worth a try. The only other thing that I can think of would be to try 1300 as a MTU. I have seen this problem when MTU issues are on the WAN link. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FTP and PFsense
This is probably not the recommended method, but I have FTP setup using NAT port forwards from our public address to the private one with the FTP helper disabled. I had to setup the FTP server to use a specific range of ports for the dynamic ports and them forwarded that range to the FTP server. Fairly simple and no fancy dynamic rules. The downside is that it does not work well with Mutil WAN and trying to access the same internal FTP server for 2 different public addresses. The FTP server has the limitation that it can only advertise a single public address based on the source address of the ftp client. It is easy to set this up for LAN and a single WAN though. Robert On Wednesday 11 July 2007 09:53, The Wells Family wrote: I have seen some discussion on this topic in the past and according to what I have read, it is supposed to be resolved. However I cannot get it to work. I know the ftp server is set up just fine because it is fully accessible from within my LAN (using its LAN address). However, no matter how I try and connect from the wan interface, it just times out. According to what I have read, setting up a NAT rule to forward the ftp port (21) from the WAN to the internal server and then letting pfsense create the firewall rules (it created two) and then turning on the ftp helper (un-checking it I believe) should get it done. But no luck. I have even tried creating NAT and firewall rules for the dynamic ports. My WAN IP is public and my ISP is very good at not blocking anything so I am pretty sure it is not my ISP. Any suggestions? As of this morning, I am running the latest stable version of pfsense. - Dan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] OK, I think this is simple...
Just leave off the steps for creating the pools and skip straight to setting your LAN rules. All you should have to do to send the traffic for the one application is define a couple of rules based on either source IP on the LAN, Destination IP, or destination ports that application uses. you will set these rules to the gateway of your OPT1 connection. This rule will need to be higher in the list than the default traffic rule. Leave the default traffic rule set to the gateway of your WAN connection. Robert On Thursday 05 April 2007 18:06, Jaye Mathisen wrote: Yeah, I read that. But I don't want load balancing or failover. Logging in via shell shows the routing is set right, in that the default route is still WAN. # netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default70.58.179.174 UGS 0 837 sis0 I created an OPT1 interface, set it to DHCP. Went to firewall rules and added a rule that sent proto:any, source:*, Port*, dest 4.2.2.2, port *, Gateway OPT1. # User-defined rules follow pass in quick on $lan from 192.168.0.0/24 to any keep state label USER_RULE: D efault LAN - any pass in log quick on $lan route-to ( sis2 192.168.100.1 ) from any to { 4.2.2. 2 } keep state label USER_RULE But all traffic is now going out the OPT1 interface, instead of just traffic to 4.2.2.2 Tracing route to pfsense.org [69.64.6.13] over a maximum of 30 hops: 11 ms1 ms1 ms 192.168.0.1 2 *** Request timed out. 338 ms38 ms39 ms 67.42.192.195 436 ms36 ms35 ms 67.42.192.125 535 ms36 ms35 ms 205.171.150.33 What's weirder is that the ISP on OPT1 is allowing the traffic packets with my WAN interface IP to pass through it. It doesn't appear to be nat'd to the OPT1 interface IP either... On Thu, Apr 05, 2007 at 11:38:27PM +0200, Holger Bauer wrote: http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing Holger -Original Message- From: Fuchs, Martin [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 11:13 PM To: support@pfsense.com Subject: AW: [pfSense Support] OK, I think this is simple... I don't have thos config, but i could imagine it works with the gateway option (select a gateway different than default) Perhaps it might be necessary to define a pool or else fort hat... Just try a bit :-) Regards, Martin -Urspr?ngliche Nachricht- Von: Jaye Mathisen [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 5. April 2007 22:53 An: support@pfsense.com Betreff: [pfSense Support] OK, I think this is simple... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Caching DNS Refuses client connections.
The DNS service running on the pfSense router is refusing connections. It is also unable to resolve DNS names locally. This was tested by sshing to the router and typing ping google.com. It never resolved the name to an address for ping to try to ping. There are DNS servers listed in the General page. The DNS servers are for the OPT1 and OPT2 internet connections. The default traffic rule has all traffic going out over OPT2 so that should not be a problem. I added the same DNS servers to the /etc/resolv.conf on several linux machines as a get by until this could be fixed. I know the DNS servers are reachable using the current routing because of this. I do not have an /etc/resolv.conf to look at or a nslookup command to test with on the pfsense router. Below is the output of the nslookup command from a linux server. The options Enable DNS forwarder, Register DHCP leases in DNS forwarder, and Register DHCP static mappings in DNS forwarder are all turned on. The Allow DNS server list to be overridden by DHCP/PPP on WAN option is turned off since all internet connections have static IP addresses. This was originally on and this DNS still failed. Robert ###Failed DNS attempt with pfsense router### [EMAIL PROTECTED]:~$ nslookup google.com Server: 10.0.0.1 Address:10.0.0.1#53 ** server can't find google.com: REFUSED ###Failed DNS attempt with pfsense router### ###Successful attempt with ISP DNS Server### [EMAIL PROTECTED]:/home/mbgui$ nslookup google.com Server: 68.87.68.162 Address:68.87.68.162#53 Non-authoritative answer: Name: google.com Address: 72.14.207.99 Name: google.com Address: 64.233.187.99 Name: google.com Address: 64.233.167.99 ###Successful attempt with ISP DNS Server### - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Caching DNS Refuses client connections.
Part of the DNS service is working. I create a static DNS entry on the pfSense router. Clients are able to resolv that static entry using the pfSense DNS service. I still do not know why the pfsense machine can not resolve using DNS servers that other client machines are using. With Multi-Wan setup, Do I have to specify a LAN gateway rule for these IP addresses to go out over? I don't want to do that, because 2 of my connections are from the same provider. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] NAT Mapping failure
Sorry, This particular issue turned out to be a typo in the virtual IP address. It was trying to do right but of course would not work. As for why the WAN connection did not work correctly when I tested using the interface address, I am not sure. I deleted and recreated all rules and forwards for that interface many times. After I made all the others work (which only took a couple of minutes), I redid the rules for WAN one more time. It started working better. Then I noticed the typo for 2 of the 5 IP addresses set for the device. The only remaining issues I have are DNS and a possible bug. The caching DNS server/service of pfsense is not working. It is refusing the clients that try to get DNS info from it. The pfsense router is unable to resolve any DNS names for the ping command either. The DNS servers are set for the interface. The same DNS servers are what the of clients on the network had to be set to and are working. The bug issue is a feature that is now missing. For the firewall/gateway rules for the LAN interface, you used to be able to add a rule based on the destination port. That is not longer on the page. You can use source port but that is useless in most cases. I need to direct outgoing traffic out different WANs based on the destination port. This worked in the 11-29-06 version I upgraded from. Thank you ffor your time. Again I apologize for my email behavior. It was late and I was running pretty low on fuel at that point. Robert On Friday 30 March 2007 02:04, Holger Bauer wrote: Please don't switch the topics of your mails concerning the same issue constantly. It's hard to follow/track a vonversation this way. Thank you. Holger -Original Message- From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Friday, March 30, 2007 2:42 AM To: support@pfsense.com Subject: [pfSense Support] NAT Mapping failure I did find that 1-1 mapping is breaking the outgoing connect of the machine that is being mapped. I verified this by switching a 1-1 NAT mapping between to machines. I was able to access before the map and could not after. on the other machine that had the map to start with, I could not access out. After switch the map to another machine I was able to access it from this machine. I have deleted all NAT port forward for the WAN interface and recreated 2 for testing SSH and HTTP. Neither work. The same portforwards for OPT1 and OPT2 work. The firewall rules were autocreated by pfSense. I an using any for the from IP addresses and ports. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Killing/Cutting off a TCP connection
Great, Glad to see that feature. I have not needed to do it with this snap shot. I had to do it previousy when changing NAT rules for client machines. I have not needed to with the new version. I am assuming this has been clean up more? Robert On Thursday 29 March 2007 22:38, Scott Ullrich wrote: On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote: I found the command. Here are some basics on it. pfctl [snip] Newer snapshots can kill the states from Diagnostics - States without the command line. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Connectivity Issue with second OPT interface
It seems we are both having the same basic issue. I am assuming that you are able to connect out via the same OPT2 interface you are trying to connect in thru. I wish I had more answer for you than I am having this trouble too. No one has responded to my emails. If I find the source of my problem, I will let you know. Robert On Thursday 29 March 2007 07:13, Vaughn L. Reid III wrote: I am running the 3-27 snapshot of pfsense. I've been testing out adding a 2nd OPT interface that goes to remote sites over a wireless link. A dedicated access point is doing all the wireless stuff, so that is not a responsibility of the pfsense box. Here's my problem though. I can ping remote hosts from the pfsense box and can ping the remote hosts from the LAN interface. Remote hosts show up in my arp table on the pfsense box and remote hosts can see the pfsense box in their arp tables. I have a firewall rule configured to all all traffic going into and coming out of the interface on the pfsense box (Once I get things working, I'll lock this down some). Firewall Rule: Proto * Source * Destination * Port * Gateway * The firewall log shows that the pfsense box is accepting inbound requests, but nothing happens. The remote hosts can't ping the pfsense machine, connect to it in any way, or access resources that lie behind it. I do not have a NAT rule set for this interface, and I'm using Advanced NAT. I don't want to perform NAT on this interface, just routing. The IP of the OPT interface on the pfsense box is 172.16.125.1/24 with no gateway defined for the interface. All of the remote hosts are in the 172.16.125.0/24 subnet and they have the pfsense box set up as their default gateway. The diagnostic = routes page shows the correct interface as for the route to the 172.16.125.0/24 network and also shows a route to each host. Am I missing something that I need to have configured that I don't? My other OPT interface to a dsl connection is working correctly. Thanks, Vaughn - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Error Message Adding 1-1 NAT entry for OPT3
Here is the message that I am receiving. Robert There were error(s) loading the rules: /tmp/rules.debug:54: macro 'opt3' not defined/tmp/rules.debug:54: syntax error pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [54]: binat on $opt3 from 10.0.0.51/32 to any - 74.95.24.50/32... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Connectivity Issue with second OPT interface
I know it works. You guys have done great with that. I have WAN, OPT1, and OPT2 working great. I do not know why OPT3 and OPT4 do not. I have tested and checked so much I don't know what else to look for. I have not seen this specific doc. I don't think it existed when I set this up originally. I will go over this one too. Robert On Thursday 29 March 2007 11:08, Scott Ullrich wrote: We have docs concerning multi-wan. Please ensure that you have double checked your settings. http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing I run multi-wan at work and it absolutely works. Scott On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote: It seems we are both having the same basic issue. I am assuming that you are able to connect out via the same OPT2 interface you are trying to connect in thru. I wish I had more answer for you than I am having this trouble too. No one has responded to my emails. If I find the source of my problem, I will let you know. Robert On Thursday 29 March 2007 07:13, Vaughn L. Reid III wrote: I am running the 3-27 snapshot of pfsense. I've been testing out adding a 2nd OPT interface that goes to remote sites over a wireless link. A dedicated access point is doing all the wireless stuff, so that is not a responsibility of the pfsense box. Here's my problem though. I can ping remote hosts from the pfsense box and can ping the remote hosts from the LAN interface. Remote hosts show up in my arp table on the pfsense box and remote hosts can see the pfsense box in their arp tables. I have a firewall rule configured to all all traffic going into and coming out of the interface on the pfsense box (Once I get things working, I'll lock this down some). Firewall Rule: Proto * Source * Destination * Port * Gateway * The firewall log shows that the pfsense box is accepting inbound requests, but nothing happens. The remote hosts can't ping the pfsense machine, connect to it in any way, or access resources that lie behind it. I do not have a NAT rule set for this interface, and I'm using Advanced NAT. I don't want to perform NAT on this interface, just routing. The IP of the OPT interface on the pfsense box is 172.16.125.1/24 with no gateway defined for the interface. All of the remote hosts are in the 172.16.125.0/24 subnet and they have the pfsense box set up as their default gateway. The diagnostic = routes page shows the correct interface as for the route to the 172.16.125.0/24 network and also shows a route to each host. Am I missing something that I need to have configured that I don't? My other OPT interface to a dsl connection is working correctly. Thanks, Vaughn - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Adding OPT3 and OPT4 WAN connections
On Thursday 29 March 2007 13:46, sai wrote: Use the same settings that you got working on your laptop? Yes, same settings. Can you ping the gateway in question from the pfsense firewall? I did not think that you could ping because of default traffic rules going out on WAN and then back in from the internet. I do have states that show outbound connections working properly. I am preparing to completely rebuild the setup now. The docs that Scott provided show that the pfsense version is behind the times. It is 1.0.1 but a 11-29-2006 snapshot. I am hoping this upgrade will fix the 1-1 NAT error I emailed to the list earlier. sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Web interface errors
I am entering the failover and load balancing rules. Rules look fine. Should there be blank rules there by default? There is one for the load balance and one for the pools. Robert Warning: unlink(/tmp/.pool): No such file or directory in /etc/inc/vslb.inc on line 58 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: unlink(/tmp/FailOverOPT2WAN.pool): No such file or directory in /etc/inc/vslb.inc on line 104 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 Warning: stristr(): Empty delimiter. in /etc/inc/pfsense-utils.inc on line 1227 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Web interface errors
Was not sure if it wa the same error. Thanks for the fix. Robert On Thursday 29 March 2007 18:17, Scott Ullrich wrote: This was fixed earlier. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Incoming portfords fail/disappear
I have reworked the firewall according to the docs Scott provided. Most things are working fine. OPT1 and OPT2 using the new cable modems that had trouble earlier are working. WAN however is not working right. I am having a similar problem to earlier. With WAN set to be the default route, I can access the internet. I verified that this traffic is going out over thew WAN. I can not access either a NAT portforward or 1-1 NAT on this connection. I have log entries for this interface and related IP addresses with the exception of IP addresses mentioned in NAT mappings. First note is that every rule is set to log right now. There are firewall logs for x.x.x.142 but not for x.x.x.141 or x.x.x.140 which are setup for incoming NAT. I am able to use the port forwards for the OP1 and OPT2 interfaces. All three interfaces have 80% the same rules. There is no difference between them. I am willing to provide screen shots etc. Thank you for your time. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] NAT Mapping failure
I did find that 1-1 mapping is breaking the outgoing connect of the machine that is being mapped. I verified this by switching a 1-1 NAT mapping between to machines. I was able to access before the map and could not after. on the other machine that had the map to start with, I could not access out. After switch the map to another machine I was able to access it from this machine. I have deleted all NAT port forward for the WAN interface and recreated 2 for testing SSH and HTTP. Neither work. The same portforwards for OPT1 and OPT2 work. The firewall rules were autocreated by pfSense. I an using any for the from IP addresses and ports. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Killing/Cutting off a TCP connection
Yes, You have to explicitly kill the state from a terminal on the pfSense router. I have done it a few times in the past but can not remember the command at the moment. Search google for pf kill state. I will email the command if I find it. Robert On Thursday 29 March 2007 21:01, Sally Janghos wrote: Is there a way to kill/cut off an established TCP session without doing a reset all state? Thanks, Sally - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Killing/Cutting off a TCP connection
I found the command. Here are some basics on it. pfctl -k host Kill all of the state entries originating from the specified host. A second -k host option may be specified, which will kill all the state entries from the first host to the second host. For example, to kill all of the state entries originating from host: # pfctl -k host To kill all of the state entries from host1 to host2: # pfctl -k host1 -k host2 On Thursday 29 March 2007 21:01, Sally Janghos wrote: Is there a way to kill/cut off an established TCP session without doing a reset all state? Thanks, Sally - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] [UPDATE] Adding OPT3 and OPT4 WAN connections
I am able to access the internet thru OPT3 using the x.x.x.49/29 for setting up the interface. It works great, outgoing anyway. I am not able to setup a port forward. I turned on logging for the port forward firewall rule. It shows the traffic passing. It just never goes any where. I am still testing using SSH. The SSH connection will try out while the firewall shows that it allowed the SSH connection. Does anyone have a suggestion? This interface and port forward is setup the same as the others that are working. It is using the correct gateway address. I am really stumped on this part. The states status page shows only the outgoing states. There are no incoming states for these IP addresses. If I connect out using SSH to an external server and type who, it shows the correct outbound IP address. Is there some OPT3--LAN default rule I am missing? I let pfsense create the firewall rule when I setup the portforward. Robert On Tuesday 27 March 2007 18:20, Robert Goley wrote: I have 1 existing DSL connection and 2 existing Cable connections. I am adding 2 more Cable connections as part of a phase-in/phase-out scenario. The current setup works great. It is using policy based routing on pfsense 1.0.1. I can not seem to get the additional interfaces to work. I have tested with my laptop and know the the ISP routers are setup and working correctly as bridges. On my laptop, all I have to do is enter the correct static IP information to use the internet. The ISP threw me off a little setting the router IP as the highest number in the assigned IP range. All other ISPs have used the lowest. I am not sure how to enter the static IP info for the OPTx interfaces because of this. I have been assigned x.x.x.49-x.x.x.53 with the default gateway being x.x.x.54. It is a /29 netblock with netmask 255.255.255.248. Would I enter this as x.x.x.49/29, x.x.x.53/29, or x.x.x.54/29? I am not getting any traffic thru the interface when I have tried using these. I setup a port forward for SSH to a test machine on the network. It does not go thru. Is there a default traffic rule I have missed adding somewhere? Any information you can provide would be appreciated. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dual WAN, but only 1 default route...
I had a setup similar to this for a while. Our cable company offers static IPs now. You will need to setup the Cable connection as your WAN connection. If I remember correctly, this is the only interface you can setup using DHCP. You will add your DSL as OPT1 and use you NAT rules to define what traffic goes out over each connection based on your needs. You will handle this with rules on the LAN interface for outgoing connections. Because one of the connections is DHCP you will have to use this as a policy based dual wan setup as it is labeled in the docs. Robert On Friday 19 January 2007 12:17, Tim Dickson wrote: Not quite sure what you are asking... but if I got it right: Setup everything like the DUAL WAN Manual shows Then set everything as the default gateway in your rules except for the IP you want to go out the cable... set that to the cable IP -Tim -Original Message- From: Jaye Mathisen [mailto:[EMAIL PROTECTED] Sent: Friday, January 19, 2007 12:47 AM To: support@pfsense.com Subject: [pfSense Support] Dual WAN, but only 1 default route... I have a DSL connection wiht 32 static IP's, and a cable connection. I have one very specific use for the cable connection and everythign else goes over the DSL. The Cable uses DHCP to assign IP's, and static is not an option for them. My office subnet is NAT'd behind one of the 32 static IP's. I want to continue NAT'ing 99% of the traffic out that interface, and out the cable interface, for the 1 connection to the 1 resource, I want it to be NAT'd, but use the cable for outbound traffic. The catch is, I don't want the cable DHCP info to over-write the default route info that I have configured... Can I do this? Or am I perhaps not asking the question clearly? Probably the latter. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfSense Webconfigurator -- correctly posted
Has anyone found the cause or a fix for the following error besides robooting? I am using a NFORCE2 based athlon system with 4 3com 905B NICS using the livecd version and config file on a floppy. I am unable to access firewall via the webface after I get this error. I keep getting this error. I usingually get it after viewing or trying to view the firewall settings screen. SIDE QUESTION: Is is possible to edit the config.xml file by and and issue a command to perform the same type of reload the webinterface does? Robert Fatal error: Unknown function: parse_config() in /etc/inc/config.inc on line 198 PS Sorry about posting wrong thread, I clicked reply to list on an existing thread without changing the subject. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Webconfigurator -- correctly posted
I have not had a chance to patch the cd iso. I did download the file and replace it using scp. The firewall had been unaccessible for a couple fo hours prior to switching the file. I was able to connect and configure the firewall by uploading the changed file. I know I will loose the change after reboot but need to find time to patch the cd. Thumbs up on this one so far. Robert On Wednesday 22 November 2006 12:04, Scott Ullrich wrote: Yes, test this patch: http://cvstrac.pfsense.com/chngview?cn=15427 If you do not know how to test/apply a patch then wait for the next version. Scott On 11/22/06, Robert Goley [EMAIL PROTECTED] wrote: It is not a ghost and I am not click happy. Anything specific you would like me to test and give results for? I found that entry before posting here. I was hoping someone found out more about it. Robert On Wednesday 22 November 2006 11:49, Scott Ullrich wrote: 2864 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RRD graph status.
I have a dual wan setup with one LAN using policy based routing. I have 2 questions. I noticed a while back that RRD graphs only partially worked for my OPT1 interface. Scott confirmed this and said that it was something that he wanted fixed but did not indicate when it might be. I am still using the RC1 version. I was awaiting the final before upgrading further. Have the RRD graphs for link quality been fixed in version 1.0? I also need to allow pinging of the firewall via both WAN/OPT1 interfaces. I have tried allowing all ICMP type traffic with any selected for source and destination but I am still not able to ping the firewall. I am having issues with one of my ISPs at the moment and need to run some basic tests. Thanks in advance for any information you can provide. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense using 4 nics?
Bus order is what changes the order here. It's certainly possible to have em0 be em1 after inserting another em card in the machine. Be thankful that BSD actually identifies the chipset here...I find it impossible to figure out wth happened in linux when adding/removing nics (and dmesg is useless when trying to figure out just what eth0 actually is). This can be corrected using udev and setting ethx based on the MAC address of the NICs. Then they are consistent even adding and removing hardware. Does BSD have an equivalent functionality? Not trying to bring up a BSD/Linux flame war, just want to know. Linux will autoassign or allow setting these to specific NICs. Does BSD have the forced assignment capabilities? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD graph status.
I plan on it this weekend. Internet usage depends on that router being up. Just noticed the final version was out yesterday, Do you have any news on the RRD graphs for OPTx interfaces? Robert On Tuesday 24 October 2006 13:07, Holger Bauer wrote: The final version is out now, so you really should upgrade, especially as you are still running RC1. I even would recommend a reinstall. Just backup your config.xml via the webgui and place it on an usb thumbdrive or a floppy in /conf/config.xml and boot the livecd with that media inserted and run option 99 from the shellmenu. You'll be up in minutes. Holger -Original Message- From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 24, 2006 5:56 PM To: support@pfsense.com Subject: [pfSense Support] RRD graph status. I have a dual wan setup with one LAN using policy based routing. I have 2 questions. I noticed a while back that RRD graphs only partially worked for my OPT1 interface. Scott confirmed this and said that it was something that he wanted fixed but did not indicate when it might be. I am still using the RC1 version. I was awaiting the final before upgrading further. Have the RRD graphs for link quality been fixed in version 1.0? I also need to allow pinging of the firewall via both WAN/OPT1 interfaces. I have tried allowing all ICMP type traffic with any selected for source and destination but I am still not able to ping the firewall. I am having issues with one of my ISPs at the moment and need to run some basic tests. Thanks in advance for any information you can provide. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Any NAT-T users out there?
For those curious and wanting to know. http://en.wikipedia.org/wiki/NAT-T On Tuesday 19 September 2006 14:00, Scott Ullrich wrote: NAT-T - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] automatic backup
I have been attempting to backup this information also. It is working for me using HTTP. I saw the answer for downloading via HTTPS. Using a browser you are allow to download just certain sections of the config. How would this be accessed via the wget command? For example, I would like to download just the Aliases for use on another firewall. Robert On Tuesday 27 June 2006 08:48, Imre Ispánovits wrote: Hi, On m0n0wall I've used a small script to backup configuration from cron time to time automatically. This doesn't work on pfSense. What is wrong with my script? Is there a way to do it on pfSense? ### part of the old script # wget --post-data 'Submit=download' https://admin:[EMAIL PROTECTED]/diag_backup.php -O $dir1/$file1 end # Best regards Imre - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Outbound NAT questions
I am still working with the advanced outbound NAT using pfsense a policy based dual wan router. The pfsense version is beta 4 but updated this using the cvs update script. I am attempting to specify a couple of machines that should show that they have the same IP (xxx.xxx.xxx.142). The interface IP is xxx.xxx.xxx.138. I have rules in advanced outbound nat that should set the outbound IP to be xxx.xxx.xxx.142 but it still shows xxx.xxx.xxx.138. I am using IP addresses that are setup as proxy arp. Should these be CARP or other for this to work? For that matter, what is the difference between the 3 types of virtual IP addresses? Really puzzled on this and I have not gotten any response to these direct questions on the list. I am not blaming, I know everyone has day jobs. Just need more information about how this works. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Direct traffic out over a second gateway / WAN?
What needs to be done to set the specific IP address that is seen/used for the traffic? For example, using a static arp address instead of the main interface address. Robert On Wednesday 14 June 2006 12:51, Scott Ullrich wrote: On 6/14/06, Steve Harman [EMAIL PROTECTED] wrote: Hi! We have a requirement to divert certain traffic out of our building (via pfsense) on a different route than that of our main ADSL feed. This is so we can present a different IP to the destination host we're connecting to from that of our main office IP. Is there a reasonably straightforward way in pfsense to rule that; If destination = xxx.xxx.xxx.xxx then use gateway xxx.xxx.xxx.xxx instead of default so effectively traffic heading for a specific destination leaves the building via a different route / external address? Yes, simply create a firewall rule for the desired traffic and set the gateway in the advanced section of the firewall rule. It's really that easy :) Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] alerts on WAN failure
It shouldn't be very had if he wants the pfsense machine to do all the work. A simple shell script using grep and msmtp would work. It could be setup in a couple of minutes. Not sure if msmtp is part of the default freebsd but would not be hard to compile at worst. It would be a great way to implement SMTP support from pfsense in general. It is small and simple to use. Robert On Tuesday 13 June 2006 04:48, Holger Bauer wrote: beta4 doesn't report this, but RC1 is sending some syslog info about the monitor IP: Jun 13 09:33:08 slbd[412]: Service wanpool changed status, reloading filter policy Jun 13 09:33:08 slbd[412]: ICMP poll succeeded for XX.XX.0.1, marking service UP Jun 13 09:33:03 slbd[412]: Service wanpool changed status, reloading filter policy Jun 13 09:33:03 slbd[412]: ICMP poll failed for XX.XX.0.1, marking service DOWN Jun 13 07:58:47 slbd[412]: Service wanpool changed status, reloading filter policy Easiest thing is to send the info to a remote syslogserver that generates the email on this event. Mailnotification from the pfSense itself can't be done without hacking in some smtp support. Holger -Original Message- From: Raja Subramanian [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 13, 2006 9:39 AM To: support@pfsense.com Subject: [pfSense Support] alerts on WAN failure Hi, I have a dual WAN setup on a BETA 4 box. I would like to be notified when a WAN connection fails. Is it possible to setup email notification or other? - Raja - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RRD Graphs for OPT1 Wan Connection.
I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RRD Graphs for OPT1 Wan Connection.
Thanks for the info. Is there somewhere I should add this to a wiki etc? Robert On Friday 09 June 2006 12:25, Scott Ullrich wrote: On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote: I have a dual wan setup using policy based routing. I have found the RRD graphs and really like them. Great job on these guys. These should help talking to an ISP or two I have noticed that the quality graphs for the OPT1 interface are not displaying. Do I have to enable this somewhere? I found the use_rrd_gateway option for the config.xml. Does this switch which interface it monitors or allow for providing a list to monitor? I can get traffic and packet graphs for this interface but not quality. This interface has static IPs and the WAN is DHCP. Does this make a difference? Some graphs only support the primary WAN. This will not be resolved in 1.0 but hopefully in the future. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Advanced Outbound NAT
I need to select the external proxy arp ip that is seen for several internal hosts on the lan. For example: 10.0.0.32 needs to be seen as xxx.xxx.xxx.139 and 10.0.0.34 needs to be seen as xxx.xxx.xxx.141. I tried setting this up using outbound NAT but looking at the states showed that the traffic for both 10.0.0.32 and 10.0.0.34 were translating to xxx.xxx.xxx.138. There is a default rules for 10.0.0.0/24 to go to xxx.xxx.xxx.138. I assumed that the higher rule in the list took precedence. Is this correct? Is there a switch I am missing somewhere? I looked at the FAQ but did not see what I was looking for. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Advanced Outbound NAT - more details
Just realized I forgot to include some details in this message. I have dual wan using policy based routing. Default traffic goes over a cable modem (WAN). OPT1 is a range of 5 static IP's (xxx.xxx.xxx.138/29). LAN firewall rule has 10.0.0.32 and 10.0.0.34 going over OPT1 interface. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] passive FTP
I have a similar situation and have not been able to make this work. I have a dual wan policy based setup. Wan interface is DHCP cable modem. OPT1 is DSL with static IPs. I have tried setting up a port forward for ftp from OPT1-LAN. This have failed several ways. What are the official steps for setting this up. I know Scott mentioned enabling ftpx for passive connections. Others have said to open other port ranges but not much details as to which ones. I am using wu-ftpd for the ftp server. Currently, turning pftpx seems to break things more than not having it. Without it some clients can connect and others such as wget can not. With it on, nothing can connect. Even telnet IP_ADDRESS 21 fails. It starts to connect to the port and then is immediately dropped. Any help or hints would be greatly appreciated. Robert On Thursday 01 June 2006 11:32, Scott Ullrich wrote: Enable the FTP helper on Interfaces - WAN. Reboot. On 6/1/06, Bernhard Ledermann [EMAIL PROTECTED] wrote: I am using an ftp-server behind pfsense (beta4) with NAT. I have problems with ftp-clients in passive mode witch are also behind a firewall with NAT to browse the ftp-directory. I know there were few discussions about this, but is there a solution or workaround to get it working? Regards Bernie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HW infos
Ignore my last email about specs. I must be blind Robert On Tue, 2006-03-07 at 17:06 -0500, Scott Ullrich wrote: So far I am testing http://linitx.com/product_info.php?cPath=4products_id=909 (Thanks LinITX) and its an amazing little box. Just got a RAL wireless card mounted. Neat box, check em out! On 12/16/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: At 11:47 AM 12/16/2005, Scott Ullrich wrote: On 12/16/05, Vivek Khera [EMAIL PROTECTED] wrote: Intel provides the NIC drivers for FreeBSD. They do not suck. They work exceptionally well. I agree. Never have had any issues with Intel nics + freebsd. Same here. Realtek, on the other hand :( - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper - VoIP
I will retest with Beta2. I had the same results that John reported with Vonage lines. I only had to test it with one of the lines. Robert On Sat, 2006-02-25 at 17:18 -0600, Bill Marquette wrote: Thanks for the update. I just spent a number of hours on the shaper and think I found the problem. This does appear to be an OS level bug but I've sort of worked around it in our config. Beta 2 is just around the corner, the fixes, which require the wizard to be re-run (I've enforced this for those upgrading), will show up there (or if anyones willing to apply a patch - http://www.pfsense.com/~billm/20060225-shaper-fixes.diff - requires re-running of wizard and possible reboot). I removed the upperlimit setting from the wizard - it's still available in the UI for those that wish to break their config as I'm hoping we'll get some resolution from the FreeBSD side on this soon. --Bill On 2/25/06, John Cianfarani [EMAIL PROTECTED] wrote: Finally got around to testing the shaper again today with VoIP on snapshot 02-19-06. Tried several things but I could not make it work. Setup is as follows: 4mbit/800kb cable modem, nothing else connected but a wrap pfsense and 1 phone. Phone is using SIP to connect to a remote asterisk box in a colo center codec is g711. Inside: LAN Download: 4000 Outside: WAN Upload: 600 (was a little more conservative with this number) Check prioritize voice, type = asterisk and allotted BW of 256Kbits. Nothing else selected just next to the end. Tested a fews calls just to the asterisk box (like voice mail) and the voice stutters several times a second. After a few calls after about 5-8secs it would clear up for maybe 2seconds and then resume stutter. This is a the same issue I've seen all my tests of the traffic shaper in the past. Watching the traffic queue screen during a call shows the qVOIPup and qVOIPDown queues with about 15kb or so each and the drops just keep counting higher. The qlandef and qwandef both show small amount of traffic of a few 1-2 kb a sec and no drops. All other queues show 0 traffic and 0 drops. If I turn off the shaper the voice is perfect again. If you need any more information just ask. I can probably even setup a temporary asterisk box if you need to connect to test stuff out. Thanks John Cianfarani - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper - VoIP
I am running the PC version installed to a HD. I have 3 3com 3c905 cards(bc's I think). It is a P II 450 with a 10 GB IDE drive. It has over 3??MB of RAM. I was running 2-19-06 and 2-19-06 with the latest update tarball applied. Robert On Mon, 2006-02-27 at 13:39 -0600, Bill Marquette wrote: On 2/27/06, Robert Goley [EMAIL PROTECTED] wrote: I will retest with Beta2. I had the same results that John reported with Vonage lines. I only had to test it with one of the lines. Robert Thanks...the workarounds kinda suck IMO and we're still seeing issues on WRAPs (but not all of them!?!?!?!) so I won't be entirely surprised if you come back and say it still sucks ass. This appears to be a FreeBSD issue, on same hardware (Soekris 4801) on OpenBSD, this works like it's supposed to. I've spent at least 12 hours this last weekend tracking this crap down. The source code between FreeBSD and OpenBSD for ALTQ is line by line nearly identical, the major differences have to do with locking differences and minor other porting items. Here's what we've learned so far: 2/15/06 snapshot w/ upperlimit set sucks on WRAP and 4801 (sis driver) 2/15/06 snapshot w/ upperlimit set works fine on Nexcom 1030 w/ Intel nics (fxp driver) 2/15/06 snapshot w/o upperlimit set works fine on 4801 (sis driver) 2/15/06 snapshot w/o upperlimit set works fine on Nexcom 1030 w/ Intel nics (fxp driver) Beta2 w/o upperlimit set works fine on 4801 (sis driver) Beta2 w/o upperlimit set sucks on 2 of 3 WRAPs we have (sis driver) Beta2 w/o upperlimit set works fine on Nexcom 1030 w/ Intel nics (fxp driver) OpenBSD 3.9-beta works fine w/ upperlimit set on 4801 (sis driver) OpenBSD 3.9-beta works fine w/o upperlimit set on 4801 (sis driver) The removal of upperlimit sucks because that means we can't limit the bandwidth any queue is allowed. We're seeing evidence of a 10x multiplier bug, but upperlimit isn't exposed to the NICs - 960Kbit upperlimit gives me great Vonage calls (92 or 96Kbit codec, can't recall). 128Kbit upperlimit gives crappy calls as does 512Kbit or 768Kbit. To me this is pointing to a multiplier broken somewhere, but I haven't yet found it and it _appears_ to mainly affect the sis driver (although I wouldn't be surprised in the least if it didn't affect others). What would be most helpful right now is a report of people running b1 snapshots and have tried the shaper. What we need is the hardware you're running on: CPU NIC(s) Install type (embedded, pc, iso, etc) Whether it works or sucks ass I'll resend this request on the blog and as a seperate email later today. Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper hints needed.
Alright, I have been schooled on connection terms I will look up more later. I have more of a hands on knowledge of these things and butchered it because of that. That you for the information on how to set the traffic shaper. I knew that I would have to adjust for the multiple lines. I was just not sure which value to use for one line. Again, thanks for the information and the work you put into this project. Robert On Tue, 2006-02-21 at 11:28 -0600, Bill Marquette wrote: You've horribly butchered bits vs bytes. Everything in the shaper wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes, hence the 600KByte download (notice the conversion I did?) FYI, if you have 5 lines, you probably want to reserve 5 x line rate - if line rate is 96Kb/sec then you want 480Kb (or whatever setting above that is close - say 512Kb) for the reservation. That will allow all 5 lines to be talking at the same time. --Bill On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may be making this harder on myself than it really is but I am not sure what values to put where. I know that as a rule of thumb you only get %10 of the advertised bandwidth. For example, I have a 6 MB download speed but only get about 600kb/s download rate from extremely fast servers. Vonage advertizes 90kb/s bandwidth usage per line. This is actually a 8-10kb/s upload/download rate. When using the traffic shaper wizard, I can specify the provider and optionally a IP address or alias. I chose Vonage and an alias that includes all 3 routers. The next itme is reserved bandwidth for VOIP. I don't know what I need to put here. Is it the advertised speed 768KB or 76KB/s? I don't want to accidentally assign more bandwidth than I have since that renders the traffic shaper useless. I did not have major problems with my VOIP traffic with the M0n0wall. Since switching, I have had quite a bit of broken voice etc. Could someone drop me a couple of hints on this? I am using the 2-8-06 version from sullrich. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper hints needed.
I care and will test. I will be using it at this site and testing it for my Vonage line at home too. what version would you like tested? Robert On Tue, 2006-02-21 at 13:10 -0500, Scott Ullrich wrote: As far as we know yes. Bill has put out repeated pleas for testing and feedback but nobody seems to care. Scott On 2/21/06, John Cianfarani [EMAIL PROTECTED] wrote: So is the traffic shaper working correctly now for voip in the latest snapshot? Thanks John -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 21, 2006 12:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaper hints needed. You've horribly butchered bits vs bytes. Everything in the shaper wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes, hence the 600KByte download (notice the conversion I did?) FYI, if you have 5 lines, you probably want to reserve 5 x line rate - if line rate is 96Kb/sec then you want 480Kb (or whatever setting above that is close - say 512Kb) for the reservation. That will allow all 5 lines to be talking at the same time. --Bill On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may be making this harder on myself than it really is but I am not sure what values to put where. I know that as a rule of thumb you only get %10 of the advertised bandwidth. For example, I have a 6 MB download speed but only get about 600kb/s download rate from extremely fast servers. Vonage advertizes 90kb/s bandwidth usage per line. This is actually a 8-10kb/s upload/download rate. When using the traffic shaper wizard, I can specify the provider and optionally a IP address or alias. I chose Vonage and an alias that includes all 3 routers. The next itme is reserved bandwidth for VOIP. I don't know what I need to put here. Is it the advertised speed 768KB or 76KB/s? I don't want to accidentally assign more bandwidth than I have since that renders the traffic shaper useless. I did not have major problems with my VOIP traffic with the M0n0wall. Since switching, I have had quite a bit of broken voice etc. Could someone drop me a couple of hints on this? I am using the 2-8-06 version from sullrich. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper hints needed.
As for as the traffic shaper testing, what do you want to specifically test? I had a rule previously on the M0n0wall that included all traffic TCP/UDP/etc from the vonage routers IP addresses. Do you want the default protocol rules, the new changes for IP address/Alias, or is it even limited to VOIP? Willing to test, just want some direction Robert
Re: [pfSense Support] Traffic Shaper hints needed.
I have not had a chance to load this yet. I did find an error in the system log related to the traffic shaping though. It is listed below. I will load the update after everyone leaves today. Are there any special steps to take after loading the update tarball? php: : There were error(s) loading the rules: pfctl: real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug:34: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug]: Robert On Tue, 2006-02-21 at 14:19 -0500, Scott Ullrich wrote: http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-20-06/ if you are running a full version, there are a couple of other testing directories in ~sullrich with other versions (embedded, etc). On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I care and will test. I will be using it at this site and testing it for my Vonage line at home too. what version would you like tested? Robert On Tue, 2006-02-21 at 13:10 -0500, Scott Ullrich wrote: As far as we know yes. Bill has put out repeated pleas for testing and feedback but nobody seems to care. Scott On 2/21/06, John Cianfarani [EMAIL PROTECTED] wrote: So is the traffic shaper working correctly now for voip in the latest snapshot? Thanks John -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 21, 2006 12:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaper hints needed. You've horribly butchered bits vs bytes. Everything in the shaper wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes, hence the 600KByte download (notice the conversion I did?) FYI, if you have 5 lines, you probably want to reserve 5 x line rate - if line rate is 96Kb/sec then you want 480Kb (or whatever setting above that is close - say 512Kb) for the reservation. That will allow all 5 lines to be talking at the same time. --Bill On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may be making this harder on myself than it really is but I am not sure what values to put where. I know that as a rule of thumb you only get %10 of the advertised bandwidth. For example, I have a 6 MB download speed but only get about 600kb/s download rate from extremely fast servers. Vonage advertizes 90kb/s bandwidth usage per line. This is actually a 8-10kb/s upload/download rate. When using the traffic shaper wizard, I can specify the provider and optionally a IP address or alias. I chose Vonage and an alias that includes all 3 routers. The next itme is reserved bandwidth for VOIP. I don't know what I need to put here. Is it the advertised speed 768KB or 76KB/s? I don't want to accidentally assign more bandwidth than I have since that renders the traffic shaper useless. I did not have major problems with my VOIP traffic with the M0n0wall. Since switching, I have had quite a bit of broken voice etc. Could someone drop me a couple of hints on this? I am using the 2-8-06 version from sullrich. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaper hints needed.
Have shell, Use shell. Was not aware the tarballs could be loaded from web interface. Last thing I remember reading said that the webupdate portions were not to be used until final 1.0. Since it seems to be recommended I would use the 2-8-06 iso and then update (using web interface) but it's not there anymore Robert On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote: Why did you do that? You should have feed the tarball to System - Firmware - Manual Update. On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: Will do later... I tried extracting the update but tar crashed because of libarchive.so. Do you have an iso of the latest and greatest? With it crashing midway thru I would just like to reload it to the correct version. Robert On Tue, 2006-02-21 at 17:48 -0500, Scott Ullrich wrote: Lower the bandwidth dedicated to VOIP some. On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have not had a chance to load this yet. I did find an error in the system log related to the traffic shaping though. It is listed below. I will load the update after everyone leaves today. Are there any special steps to take after loading the update tarball? php: : There were error(s) loading the rules: pfctl: real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug:34: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug]: Robert On Tue, 2006-02-21 at 14:19 -0500, Scott Ullrich wrote: http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-20-06/ if you are running a full version, there are a couple of other testing directories in ~sullrich with other versions (embedded, etc). On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I care and will test. I will be using it at this site and testing it for my Vonage line at home too. what version would you like tested? Robert On Tue, 2006-02-21 at 13:10 -0500, Scott Ullrich wrote: As far as we know yes. Bill has put out repeated pleas for testing and feedback but nobody seems to care. Scott On 2/21/06, John Cianfarani [EMAIL PROTECTED] wrote: So is the traffic shaper working correctly now for voip in the latest snapshot? Thanks John -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 21, 2006 12:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaper hints needed. You've horribly butchered bits vs bytes. Everything in the shaper wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes, hence the 600KByte download (notice the conversion I did?) FYI, if you have 5 lines, you probably want to reserve 5 x line rate - if line rate is 96Kb/sec then you want 480Kb (or whatever setting above that is close - say 512Kb) for the reservation. That will allow all 5 lines to be talking at the same time. --Bill On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may be making this harder on myself than it really is but I am not sure what values to put where. I know that as a rule of thumb you only get %10 of the advertised bandwidth. For example, I have a 6 MB download speed but only get about 600kb/s download rate from extremely fast servers. Vonage advertizes 90kb/s bandwidth usage per line. This is actually a 8-10kb/s upload/download rate. When using the traffic shaper wizard, I can specify the provider and optionally a IP address or alias. I chose Vonage and an alias that includes all 3 routers. The next itme is reserved bandwidth for VOIP. I don't know what I need to put here. Is it the advertised speed 768KB or 76KB/s? I don't want to accidentally assign more bandwidth than I have since that renders the traffic shaper useless. I did not have major problems with my VOIP traffic with the M0n0wall. Since switching, I have had quite a bit of broken voice etc. Could someone drop me a couple of hints on this? I am using the 2-8-06 version from sullrich. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e
Re: [pfSense Support] Traffic Shaper hints needed.
Ignore the last email, I see a 2-19-06 iso. Robert On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote: Why did you do that? You should have feed the tarball to System - Firmware - Manual Update. On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: Will do later... I tried extracting the update but tar crashed because of libarchive.so. Do you have an iso of the latest and greatest? With it crashing midway thru I would just like to reload it to the correct version. Robert On Tue, 2006-02-21 at 17:48 -0500, Scott Ullrich wrote: Lower the bandwidth dedicated to VOIP some. On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have not had a chance to load this yet. I did find an error in the system log related to the traffic shaping though. It is listed below. I will load the update after everyone leaves today. Are there any special steps to take after loading the update tarball? php: : There were error(s) loading the rules: pfctl: real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug:34: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded - The line in question reads [ real-time sc exceeds 80% of the interface bandwidth (491.52Kb) /tmp/rules.debug]: Robert On Tue, 2006-02-21 at 14:19 -0500, Scott Ullrich wrote: http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-20-06/ if you are running a full version, there are a couple of other testing directories in ~sullrich with other versions (embedded, etc). On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I care and will test. I will be using it at this site and testing it for my Vonage line at home too. what version would you like tested? Robert On Tue, 2006-02-21 at 13:10 -0500, Scott Ullrich wrote: As far as we know yes. Bill has put out repeated pleas for testing and feedback but nobody seems to care. Scott On 2/21/06, John Cianfarani [EMAIL PROTECTED] wrote: So is the traffic shaper working correctly now for voip in the latest snapshot? Thanks John -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 21, 2006 12:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Traffic Shaper hints needed. You've horribly butchered bits vs bytes. Everything in the shaper wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes, hence the 600KByte download (notice the conversion I did?) FYI, if you have 5 lines, you probably want to reserve 5 x line rate - if line rate is 96Kb/sec then you want 480Kb (or whatever setting above that is close - say 512Kb) for the reservation. That will allow all 5 lines to be talking at the same time. --Bill On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote: I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP traffic. I am replacing a M0n0wall firewall that had some traffic shaper config setup for the Vonage routers. I have 3 Vaonge routers carrying 5 phone lines across a 768KB/6MB (UP/DOWN) cable modem connection. I may be making this harder on myself than it really is but I am not sure what values to put where. I know that as a rule of thumb you only get %10 of the advertised bandwidth. For example, I have a 6 MB download speed but only get about 600kb/s download rate from extremely fast servers. Vonage advertizes 90kb/s bandwidth usage per line. This is actually a 8-10kb/s upload/download rate. When using the traffic shaper wizard, I can specify the provider and optionally a IP address or alias. I chose Vonage and an alias that includes all 3 routers. The next itme is reserved bandwidth for VOIP. I don't know what I need to put here. Is it the advertised speed 768KB or 76KB/s? I don't want to accidentally assign more bandwidth than I have since that renders the traffic shaper useless. I did not have major problems with my VOIP traffic with the M0n0wall. Since switching, I have had quite a bit of broken voice etc. Could someone drop me a couple of hints on this? I am using the 2-8-06 version from sullrich. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
[pfSense Support] Traffic Shaper.
I have reloaded the machine using the 02-19-06 iso and then upgraded it to 02-21-06. I restored my config file. I then ran the traffic shaper wizard. I changed the allocated bandwidth to 384 for VOIP to try to fix the previous error. It never finished loading the queues page. It basically sits there hung. I eventually clicked out into something else. I reset the states table. I tried viewing the queues again but same result, The first queue shows but basically hangs waiting on rest to appear. I have tried rebooting also but no luck. I just ditched the config file. Entering everything again manually. I reran the wizard and I was able to see the queues page. After the changes made by the wizard, VOIP sucks. The queue shows 32 kbit/s with no load at all on the connection. It also shows a lot of drops. I turned off the traffic shaper and the line is as clear as a bell. This was tried using 384 and 512 for upload reserved for VOIP. As another test, I reran the wizard without VOIP enabled. This had poor audio too. I reran the wizard again. This time I enabled the VOIP option for Vonage without alias or IP using 384Kbits/s reserved. I am getting the message about more than %80 of bandwidth again. I have specified 768up and 6000down for the WAN in the wizard. 384 is about half that, not more than %80. I am turning the traffic shaper off and going home for now. Let me know if you have anything you want me to try or if you would like logs etc. Robert
[pfSense Support] Static ARP entries
I am trying to replace a FireBox Firewall with pfsense. Our current setup has 5 static IP addresses. The range is xxx.xxx.xxx.138-142. On the firebox (which has a limited way of entering things anyway) this is specified 162.39.251.138/29 and thme it uses aliases. How should I set these up so that I can select the different IP addresses for NAT entries. I tried them individually and one the .139 works. and I tried them using the /29 like the firebox but that only shows one address. Could someone give me a clue here? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Static ARP entries
I tried adding the ARP entries. That is what this email is about. I was trying to make sure I was doing this correctly. When I added the addresses as single entry per IP (like xxx.xxx.xxx.139/32, xxx.xxx.xxx.140/32) the only one that pfsense answered to was the 139 address. I noticed you could enter these as a whole net, I tried this but only ended up with one alias. Kind of hard to map IPs via nat with only one ARP entry for all the addresses. If you have any andditional input I would appreciate it. Robert On Wed, 2005-11-09 at 13:51 -0500, Vivek Khera wrote: On Nov 9, 2005, at 11:05 AM, Robert Goley wrote: I am trying to replace a FireBox Firewall with pfsense. Our current setup has 5 static IP addresses. The range is xxx.xxx.xxx. 138-142. On I did this transition recently and it went very well. What you want to do is set up an ARP alias in pfsense for each of your IPs. I'd recommend also setting up an alias for each one of them so you can refer to them by name in the configs and make life easy if they ever change. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Static DHCP entry bug - solution...
Was this setup using the ppf Printer Port Forwarder package? This seems to be what you are looking for. Give me a bit of info and if I have the time, I will try to implement. I would like to see this feature in place also. Was there something specific about this board that was causing problems versus a generic pc? Robert On Thu, 2005-11-03 at 08:57 -0600, Jason J. Ellingson wrote: I may have not been clear as to where the problem was. At least I'm verse enough to find fixes for some of these bugs. What I still need (badly) is that package Colin (I think it was Colin) was working on that made the USB port on the Soekris 4801 show as a RAW printer port. I will use windows drivers... I just need the port 9100 (I think that's it). I was looking at the FreeBSD info on how to set it up. It looks like it shouldn't be much work since I'm not actually needing a processing queue or anything... but I'm stupid when it comes to *nix. Anyone that can make a package for printing from the USB port on a Seokris 4801 will receive CASH reward (via PayPal or Check or small unmarked bills... your pick). Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 03, 2005 8:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] Static DHCP entry bug - solution... Oh crap, no wonder I couldn't reproduce this bug. I had my head up my ass and thought you were referring to the DHCP Status screen which I did update. --Bill On 11/2/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: Static DHCP mapping issue (doesn't show any at bottom of DHCP Server page even though they exist). Broken: 0.90a 0.90 0.89.2 0.88 Works: 0.86.4 Figured out the bug... Line 404 in: services_dhcp.php v 1.38.2.4 2005/10/18 23:47:10 sullrich The line reads: ?php if($mapent['mac'] and $mapent['ipaddr'] ): ? It should read: ?php if($mapent['mac'] ): ? Reason: IP Address is not required for entry into the static DHCP table; only the MAC is. All my entries do not have IPs. Why do I not use IPs? Because I want them to still be dynamic, but I use the Deny unknown clients... which requires all the MAC addresses to be listed in this table. Jason J Ellingson 615.301.1682 : nashville 612.605.1132 : minneapolis www.ellingson.com [EMAIL PROTECTED] -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 01, 2005 8:21 AM To: support@pfsense.com Subject: Re: [pfSense Support] bug in 0.89.2 On 11/1/05, Jason J. Ellingson [EMAIL PROTECTED] wrote: I know it was working before the latest upgrade. If there is a repository of old upgrades, I'll keep going back until I see the version that first causes this. Perhaps then I'll mull through the code to see what changes were made. There were changes (although I don't think there were any to the parsing code for display), it's entirely possible. The old installs are at: http://www.pfsense.com/old/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]