Robert Fantini wrote:
Thanks.
btw, what does the 'AW:' mean in the reply subject?
It means aw, shucks, I'm using Outlook and it even translates my headers.
SCNR.
cu,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Hello,
we need to allow access to a certain subnet from *, except for some
hosts, which should only be allowed from specific IPs.
I have, in rules.debug:
pass in quick on $wan proto tcp from $FIRSTEXTIP to $hostalias1 flags
S/SA keep state label USER_RULE: allow anything from FIRST
Bill Marquette wrote:
On 1/30/06, Rainer Duffner [EMAIL PROTECTED] wrote:
Hello,
we need to allow access to a certain subnet from *, except for some
hosts, which should only be allowed from specific IPs.
I have, in rules.debug:
What's wrong here?
At first glance, nothing
Chris Buechler wrote:
Rainer Duffner wrote:
Hi,
I looked unter limitations in the FAQ and didn't find anything.
it's there.
http://faq.pfsense.org/index.php?action=artikelcat=8id=101artlang=en
That's the number of interfaces - I already found that.
But I'm pretty sure I read about
Hi,
I looked unter limitations in the FAQ and didn't find anything.
Does anybody know?
In case it's adapter-dependend: em(4) is used.
cheers,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
Bill Marquette wrote:
Is FreeBSD even supported in MS VS2005? :) I wouldn't consider it
even a FreeBSD bug until then (heck, it's not even supported in the
VMWare server versions - fbsd 6 that is)
Adding to that: is there any reason not to use VMware, now that the free
player has been
Hi,
in OpenBSD-land, one can enter
brconfig bridge0 addr
do display the list of learned addresses.
Is there an equivalent in FreeBSD6?
cheers,
Rainer
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
Szasz Revai Endre wrote:
Hello,
What's pfsense doing at night? Sometimes pfsense starts a find
command, and it keeps working on and on for a few minutes. I don't
remember what the command was. Though I see no cron job or anything.
What starts the find command?
Endre
lbe8010# cat
Lee Hetherington wrote:
I use Intel Dual Port 10/100 Server adaptors with great success. I
wouldn't use any non-server-class NIC in my firewall e.g. RealTek,
Netgear etc. Look at the hardware compatability on the FAQ.
It should be noted that these Dual-Port Intel cards can also be
Hi,
in my setup, I want/need to bridge the WAN-interface to different VLANs.
Is that possible?
One problem may be that the IP-ranges are different (i.e. the WAN-IP is
on a different subnet than the net I want to bridge - but if the router
knows what to do with the packets, it should not be a
Hi,
how are the proxy-arp settings sync'ed to the other box?
In the config, it says:
Synchronize Virtual IPs
When this option is enabled, this system will automatically sync the
Virtual IP (minus proxyarp) settings over to the other carp host when
changes are made.
So, how do I setup
Scott Ullrich wrote:
Proxy ARP is not sync'd. Only carp settings + ip's are.
OK, but does that mean I cannot use CARP in such a setup (multiple
subnets protected by the firewall with real IPs)?
Or do I just setup the proxyarp-entries on both boxes? They're static
anyway.
Does the
Scott Ullrich wrote:
Proxy ARP entries are not compatible with sync. Only Carp IP's.
On 11/30/05, Rainer Duffner [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
Proxy ARP is not sync'd. Only carp settings + ip's are.
Hm. Does that mean I can really only have one external
Scott Ullrich wrote:
On 11/30/05, Rainer Duffner [EMAIL PROTECTED] wrote:
Hm. Does that mean I can really only have one external IP with CARP,
currently?
I have 15, so it works fine.
And how do you do that, if I may ask?
cheers,
Rainer
Rainer Duffner wrote:
Scott Ullrich wrote:
Yeah, I would give that a shot.
Doesn't seem to work.
Or I'm doing something wrong.
But inbound works, so the 1:1 mapping should be correct (I can get to
the webserver on VLAN102 and the ssh-server on VLAN103, but I can't
login due to dns
Bill Marquette wrote:
On 11/24/05, Rainer Duffner [EMAIL PROTECTED] wrote:
OK, I finally solved it.
The key to 1:1 NAT is that you also need to proxy-arp for the IPs in
question.
Otherwise, the router wouldn't know what to do with the packets...
Yeah, that's a bug, we should
Rainer Duffner wrote:
Scott Ullrich wrote:
Yeah, I would give that a shot.
OK, I disabled the DNS-checks in sshd_config and I can now login and
paste you the rules.debug:
# cat rules.debug |egrep -v ^$
# System Aliases
lan = { ste0 }
wan = { ste3 }
pptp = { ng1 ng2 ng3 ng4 ng5
Scott Ullrich wrote:
Yeah, I would give that a shot.
Doesn't seem to work.
Or I'm doing something wrong.
But inbound works, so the 1:1 mapping should be correct (I can get to
the webserver on VLAN102 and the ssh-server on VLAN103, but I can't
login due to dns-timeouts).
Looks like
Hi,
I tried installing the 0.90 that was on the mirrors this morning on a
Dual 1.2 GHz Tualation (a Supermicro P3TDE6) with 4 GB RAM.
Both FreeBSD6 and that 0.90 snapshot paniced relatively early in the
boot-sequence.
Both FreeBSD6 and 0.90 boot with 1 GB and 2 GB RAM on virtually the same
Hi,
anybody attending EuroBSDCon later this month (25-27. Nov. 2005) in
Basel, Switzerland?
I've just registered and thought it would be nice to have some sort of
informal gathering (hopefully with some of the senior devs) to ask many
of the wanted to ask anyway and does it actually
Frimmel, Ivan (ISS South Africa) wrote:
For my own reference please ..
The role of a firewall is supposed to be a filter rather than a router
or a front end load balancer? If there is this much inbound traffic
clearly other solutions would be appropriate? Or am I wrong?
If you are an
Scott Ullrich wrote:
ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-0.90.tgz
It used this to upgrade my test-setup.
It shows the same symptoms Peter also sees.
ab timeouts after a very low number of completed requests.
Really strange.
(The pfSense-hardware is a
Ryan Neily wrote:
I'm still seing problems with both SSH clients I am using. On one, I
get a repated login attempt. With SecureCRT on Windows I get a
Unknown Authentication Method unless I check the box that says
keyboard interactive only??? I am not sure what is going on here?
I
Dan Swartzendruber wrote:
so check keyboard interactive instead of password. i use
securecrt and did the same. works fine now. ???
OK, will try sometime.
I don't have SecureCRT, as it only runs on Windows.
Rainer
-
To
alan walters wrote:
Your aren’t going to terminate the ssl connections on
The firewall ??? what benefit would ssl accelerators provide.
We are planning something similar at the moment. My present thoughts are to use
opteron processors on the vpn servers. And run pfsense on that hardware.
Hi,
I've installed 0.88 onto my hard-disk (9 GB, will try the 20GB this
evening at home) and configured LAN and WAN.
I can ping the internal interface's IP, but I cannot connect to the
webserver - though I can see that the http-server is up and listening on
port 80.
But I cannot connect to
Scott Ullrich wrote:
I would say this commit may be related from FreeBSD:
I fixed it now by swapping cables.
I don't know why it didn't work, but after swapping cables of LAN and
WAN it worked again.
Very strange.
I'm now digging into why my VLAN-interfaces are not created (they don't
Scott Ullrich wrote:
Revisit assign interfaces - VLAN
I rebooted and now they seem to be there.
I'll continue here tomorrow.
Now, on to the pfSense @ home ;-)
cheers,
Rainer
-
To unsubscribe, e-mail: [EMAIL
Vivek Khera wrote:
Anyhow, i've read before about the older soekris cards that the
benefit you get is not speed but the RNG is better.
That, too, yes.
a modern CPU can do the SSL/IPSEC about as fast. not sure about the
current soekris cards.
when i get around to it and buy some
Scott Ullrich wrote:
Thanks!!
The HD in the 2nd-try server is a 80GB Maxtor.
I tried again with a 40GB Maxtor - still no luck.
I then went and removed all IDE-HDs from the 1st-try server
(2*IDE,2*SCSI) and installed it on the 1st SCSI-disk, which is some 9GB
Quantum Atlas.
That worked.
Hi,
I'm trying to install pfsense (0.86.2) to a hard-disk
When running the cpdup-part that supposedly writes dev, it exits with
error-code 139.
What does that mean?
The hard-disk is 9 GB SCSI. Tthe machine has multiple IDE and SCSI-disks
inside (test-machine), but I want to boot from da0.
Rainer Duffner wrote:
Scott Ullrich wrote:
From the limited google searches I found:
1 SIGSEGV segmentation violation
Which may have been cpdup being killed during the file copy. How
much ram is in the machine in question?
Don't know. ;-)
One GB, I think.
(It's off currently
Scott Ullrich wrote:
Did you try dmesg -a ?Also I believe the system makes a copy of
dmesg.log to /var/log
OK, that is where it was.
But the command itself didn't show anything.
See the ticket for updates.
Rainer
101 - 133 of 133 matches
Mail list logo