I would enjoy this solution very much! But I think that should be
trickier because you need 2 web server running..
In my opinion, a faster solution could be to prepare a siple opening
page, with some statistics and graphs, and from there a link to the
real webgui
However, we are working in
Hello,
I'm planning to upgrade to 0.90
Do you want me to do a full new install or just an
upgrade???
regards...
Damien
___
Appel audio GRATUIT partout dans le monde avec le nouveau
I get the same when going to pkg_mgr.
-Original Message-
From: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 11:26 AM
To: support@pfsense.com
Subject: [pfSense Support] Problems in version 0.90
Hi guys!
In a fresh new install of pfSense 0.90, I have the
I got to this point just running about 500 requests/sec in apache
benchmark. No keepalive.
Strike me as inexperienced here, but wouldn't you want to tweak PF a bit
for your environment? Did you try the Firewall Optimization Options
and set it to aggressive?
Methinks one would have a
I even wiped the system and installed fresh from the 0.89.2 Live CD. I did
not further modifications (no rules, nothing)... just went straight to
adding MACs to the DHCP Server and they don't show up. They are saving in
the config... just not showing on the screen.
Anything I can do to help
Will look into it.
Scott
On 10/31/05, Ulrik S. Kofod [EMAIL PROTECTED] wrote:
I get the same error in pfSense 0.89.2, it worked at some point but then I
reinstalled it and it stoped working again.
Frimmel, Ivan (ISS South Africa) sagde:
I get the same when going to pkg_mgr.
Fixed in CVS. update_file.sh /etc/inc/services.inc
On 10/31/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
It's me again.
I have noticed another error in booting 0.90: I am running it in a
Virtual Machine, attached you can find the error in bootup sequence:
Warning: Invalid argument
On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote:
If you want to push 50,000 states do you think this box is enough
juice? With that amount of states it seems you want to use much
better hardware.
Well... I'm not going to have 50.000 states - I'm just stress testing
to see the limit.
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote:
If you want to push 50,000 states do you think this box is enough
juice? With that amount of states it seems you want to use much
better hardware.
Well... I'm not going to have
Please describe the hardware your using fully. NICS, etc. This is
not normal behavior.
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Sun, 2005-10-30 at 23:14 +0100, Espen Johansen wrote:
Hi Peter,
I have seen you have done a lot of testing with apache benchmarking.
I find it
I didn't see but are you using Nat? If so do things change with Nat
disabled? Also could you try disabling the Scrub option and seeing if
that makes a difference?
-Original Message-
From: Peter Zaitsev [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 10:55 AM
To:
On Mon, 2005-10-31 at 11:30 -0600, Fleming, John (ZeroChaos) wrote:
John,
I didn't see but are you using Nat? If so do things change with Nat
disabled? Also could you try disabling the Scrub option and seeing if
that makes a difference?
I'm using bridging - no NAT
What is SCRUB and how to
Edit /tmp/rules.debug and remove the scrub directives.
then run pfctl -f /tmp/rules.debug
Please submit the hardware type, interace nics, etc.
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 11:30 -0600, Fleming, John (ZeroChaos) wrote:
John,
I didn't see
On Mon, 2005-10-31 at 11:28 -0600, Fleming, John (ZeroChaos) wrote:
FYI a PIX 520 (the 300 mhz version) can not handle 50,000 entries in the
state table. It may on paper, but just because it has enough ram. I want
to say it starts to have problems at about 35,000, but then again all my
PIX
For my own reference please ..
The role of a firewall is supposed to be a filter rather than a router
or a front end load balancer? If there is this much inbound traffic
clearly other solutions would be appropriate? Or am I wrong?
-Original Message-
From: Peter Zaitsev [mailto:[EMAIL
Frimmel, Ivan (ISS South Africa) wrote:
For my own reference please ..
The role of a firewall is supposed to be a filter rather than a router
or a front end load balancer? If there is this much inbound traffic
clearly other solutions would be appropriate? Or am I wrong?
If you are an
BTW does anyone know how to change the way outlook quotes messages?
Go to tools - options - preferences tab
Click email options button
Under replies and forwards set however you want!
-Tim
-Original Message-
From: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED]
Sent: Monday,
Peter,
Why do you keep side-stepping my hardware messages?
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 20:20 +0200, Frimmel, Ivan (ISS South Africa)
wrote:
For my own reference please ..
The role of a firewall is supposed to be a filter rather than a
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 12:03 -0500, Scott Ullrich wrote:
Please describe the hardware your using fully. NICS, etc. This is
not normal behavior.
Sure It is Dell Poweredge 750
512MB RAM, SATA150 disk, Celeron 2.4Ghz
ACPI APIC Table:
Send the output.txt of...
date /tmp/output.txt
netstat -m /tmp/output.txt
netstat -in /tmp/output.txt
sysctl hw.em0.stats=1 /tmp/output.txt
sysctl hw.em1.stats=1 /tmp/output.txt
sysctl hw.em2.stats=1 /tmp/output.txt
Can you send these while the machine is normal and when the machine
On Mon, 2005-10-31 at 13:26 -0600, Fleming, John (ZeroChaos) wrote:
Benchmarking 111.111.111.158 (be patient) Completed 1 requests -
isn't 10,000 the default limit of the state table? That sure would
explain a lot.
I boosted it to 10 of course
I wonder if part of the problem is PF isn't seeing the TCP tear down. It
seems a little odd that the max gets hit and nothing else gets through.
I guess it could be the benchmark isn't shutting down the session right
after its down transferring data, but I would think it would kill the
benchmark
On 10/31/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote:
I wonder if part of the problem is PF isn't seeing the TCP tear down. It
seems a little odd that the max gets hit and nothing else gets through.
I guess it could be the benchmark isn't shutting down the session right
after its
Scott Ullrich wrote:
ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-0.90.tgz
It used this to upgrade my test-setup.
It shows the same symptoms Peter also sees.
ab timeouts after a very low number of completed requests.
Really strange.
(The pfSense-hardware is a
On 10/31/05, Rainer Duffner [EMAIL PROTECTED] wrote:
It used this to upgrade my test-setup.
It shows the same symptoms Peter also sees.
ab timeouts after a very low number of completed requests.
Really strange.
(The pfSense-hardware is a bit mediocre, but it should do its duty)
Maybe I
If you do not provide an address on the LAN ip then there is no
anti-lockout rule. To get around it, add a lan address.
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Hi,
After the tests today ( I guess I disabled firewall mode for test and
then enabled it back) I got locked out of my
Yea, you need to run all the command from the console (video, serial
whatever)
-Original Message-
From: Peter Zaitsev [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 1:57 PM
To: support@pfsense.com
Subject: [pfSense Support] Locked out in bridging mode
Hi,
After the tests
On Mon, 2005-10-31 at 15:04 -0500, Scott Ullrich wrote:
If you do not provide an address on the LAN ip then there is no
anti-lockout rule. To get around it, add a lan address.
I have LAN address at this point set to be the same as WAN address.
Also see below - pfctl was disabled after I
pfctl runs pfctl -f /tmp/rules.debug. What happens if you run this?
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 15:04 -0500, Scott Ullrich wrote:
If you do not provide an address on the LAN ip then there is no
anti-lockout rule. To get around it, add a lan
On Mon, 2005-10-31 at 15:12 -0500, Scott Ullrich wrote:
pfctl runs pfctl -f /tmp/rules.debug. What happens if you run this?
There is no rules.debug if you have disabled firewall in advanced
setting and rebooted.
That was my first surprise :)
So what your saying is after disabling the firewall and rebooting pf
is still enabled?
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 15:12 -0500, Scott Ullrich wrote:
pfctl runs pfctl -f /tmp/rules.debug. What happens if you run this?
There is no rules.debug if
Just upgraded to 0.90 and traffic shaping seems to be broken.
Even after rerunning the wizard I get:
# pfctl -f /tmp/rules.debug
bandwidth for qWANRoot higher than interface
/tmp/rules.debug:17: errors in queue definition
parent qWANRoot not found for qWANdef
/tmp/rules.debug:18: errors in queue
At 03:32 PM 10/31/2005, you wrote:
Just upgraded to 0.90 and traffic shaping seems to be broken.
Even after rerunning the wizard I get:
# pfctl -f /tmp/rules.debug
bandwidth for qWANRoot higher than interface
/tmp/rules.debug:17: errors in queue definition
parent qWANRoot not found for qWANdef
On Mon, 2005-10-31 at 15:33 -0500, Scott Ullrich wrote:
So what your saying is after disabling the firewall and rebooting pf
is still enabled?
No. That is what is the mystery. The firewall is disabled after I
reboot. pf is not running but I can't connect to the firewall host
(both SSH and
I still don't have any idea what your trying to do. Send me your
config.xml off-list.
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 15:33 -0500, Scott Ullrich wrote:
So what your saying is after disabling the firewall and rebooting pf
is still enabled?
At 03:41 PM 10/31/2005, you wrote:
I'm pretty sure that I am up to date on all MFC's. Did I miss one?
http://cvstrac.pfsense.com/chngview?cn=7245
fixed the problem where the shaper vaporizes the BW settings in the GUI.
-
On Mon, 2005-10-31 at 14:39 -0500, Scott Ullrich wrote:
On 10/31/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote:
I wonder if part of the problem is PF isn't seeing the TCP tear down. It
seems a little odd that the max gets hit and nothing else gets through.
I guess it could be the
Although...
# pfctl -f /tmp/rules.debug
bandwidth for qWANRoot higher than interface
Tells me that ummm, the bandwidth Peter told the system is more than
the interfaces bandwidth. Not much I can do to control that.
However, I did just make some changes to the shaper for .90 (I assume
the MFCs
Are you viewing the traffic queue status? This would be normal if you are...
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 14:39 -0500, Scott Ullrich wrote:
On 10/31/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote:
I wonder if part of the problem
At 03:46 PM 10/31/2005, you wrote:
Which appears to have been MFC'd at:
http://cvstrac.pfsense.com/chngview?cn=7254
So it sounds like the problem is not fixed entirely?
no, that's different. his errors referred to the BW being higher
than the iface BW, which implies it does know it?
On 10/31/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
no, that's different. his errors referred to the BW being higher
than the iface BW, which implies it does know it?
Which means that he needs to set the bandwidth correctly in WAN and
LAN I would guess.
Scott
On 10/31/05, Rainer Duffner [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-0.90.tgz
It used this to upgrade my test-setup.
It shows the same symptoms Peter also sees.
ab timeouts after a very low number of
On Mon, 2005-10-31 at 13:25 -0600, Fleming, John (ZeroChaos) wrote:
Can you send these while the machine is normal and when the machine is
choking? (send the output.txt file btw)
Normal:
# cat /tmp/output.txt
Mon Oct 31 07:50:52 PST 2005
564/336/900 mbufs in use (current/cache/total)
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Well... You obviously could have checked that and printed the error
during wizard run.
Patches accepted!
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
apr_poll: The timeout specified has expired (70007)
What is the above from? Your benchmark testing box?
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 15:48 -0500, Scott Ullrich wrote:
Are you viewing the traffic queue status? This would be normal if you
On Mon, 2005-10-31 at 16:20 -0500, Dan Swartzendruber wrote:
A
Why not to set it to 1000Mbit ? Seriously If you're looking for
something fail safe it could be fails safe.
this is not ever going to happen unless there is something
misdefined. very few people need to shape more than
On Mon, 2005-10-31 at 16:27 -0500, Scott Ullrich wrote:
Well for one your setting the _SAME_ ip on two interfaces, your wan
and LAN. Don't do this! Use a different IP or use a fake ip on
the LAN such as 192.168.1.1.
Scott,
I guess we're back to the reason why I set it this way :)
The
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
So whats wrong with this? If your not using the ip, whats the bother?
Well. My Lan is using IP 111.111.111.154/29 - this is the lan lockout
rule I'd like to see generated. If I enter there some fake IP it
breaks as well as few other
Have you seen this? https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=110887
Looks like a apachebench problem to me.
Scott
On 10/31/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Are we absolutely sure this program works as intended? Personally I
wouldn't trust anything like this but
On Mon, 2005-10-31 at 16:31 -0500, Scott Ullrich wrote:
Are we absolutely sure this program works as intended? Personally I
wouldn't trust anything like this but smartbits.
Well...
It works if filtering is disabled on pfsese - this is what worries me.
If the program would be broken it
Hi,
It looks like there is some newly added bug in 0.90 with empty LAN
address (WAN bridging)
# FTP proxy
rdr-anchor pftpx/*
rdr on em1 proto tcp from any to any port 21 - 127.0.0.1 port 8021
pass in on em1 proto tcp from /29 to any port 5900:5930 keep state tag
qOthersDownH
pass out on
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 16:04 -0500, Dan Swartzendruber wrote:
Well... You obviously could have checked that and printed the error
during wizard run.
dude, these guys are working their butts off, a little more civility
would be
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 16:20 -0500, Dan Swartzendruber wrote:
A
Why not to set it to 1000Mbit ? Seriously If you're looking for
something fail safe it could be fails safe.
Just like your very well thought out default deny? I'll put that
On Mon, 2005-10-31 at 17:51 -0500, Scott Ullrich wrote:
After all of the problems from the last couple days its obvious that
an IP address is required on the LAN interface so I have reinstalled
the code that prevents someone from not entering an IP address. The
shaper is another area that
Was missing before reboot.
Was missing after reboot.
Was missing after removing the cache.
Was missing after reboot after removing the cache.
No joy.
Also, noticed that the metallic theme... bottom of reboot screen, the grey
box, it is off center to the right about 20 pixels. Looks correct on
Hi All
I was wanting to use PFSense in a CF card setup on a i386 system when
the stable version is released. What I was wanting to know is:
1. Will a CF card version for i386 be available?
2. What will the differences between a CF card version of PFSense and
one that runs on a HDD be?
Hi Peter,
I'm sorry, but I for one have had quite enough emails from you by now.
You have clearly demonstrated that you do not understand enough about
firewalls, filtering, BSD etc. to use pfSense in it's current state.
And I have more then enough emails to read without this mailing list getting
On 10/31/05, Mark Wass [EMAIL PROTECTED] wrote:
I was wanting to use PFSense in a CF card setup on a i386 system when the
stable version is released. What I was wanting to know is:
1. Will a CF card version for i386 be available?
This would be a very interesting option! I'm really waiting to se it...
-Mensaje original-
De: Tommaso Di Donato [mailto:[EMAIL PROTECTED]
Enviado el: Lunes, 31 de Octubre de 2005 02:56 a.m.
Para: support@pfsense.com
Asunto: Re: [pfSense Support] wegGUI modification
I would enjoy this
Hi Scott
The link you sent me refers to Sokeris and WRAP users are these similar
to i386 machines?
Can you expand on what no package support means? Does it mean when
there is a new package to add to PFSense it won't be able to add to my
CF card install?
Thanks
Mark
Scott Ullrich wrote:
On 10/31/05, Wesley K. Joyce [EMAIL PROTECTED] wrote:
Are we still in feature freeze? If not, has it been considered to add
authentication straight to a LDAP directory server as an alternative to
Radius?
1.0 is frozen. 1.1 isn't, however at this time most devel work is
still going towards
On 10/31/05, Mark Wass [EMAIL PROTECTED] wrote:
Hi All
Sorry I posted to the wrong subject, here in my post again, with a more
appropriate subject.
I was wanting to use PFSense in a CF card setup on a i386 system when the
stable version is released. What I was wanting to know is:
1.
On 10/31/05, Jason J. Ellingson [EMAIL PROTECTED] wrote:
Was missing before reboot.
Was missing after reboot.
Was missing after removing the cache.
Was missing after reboot after removing the cache.
No joy.
Strange. Anyone else seeing this? I just finished powering off all
my hardware
On Tue, 2005-11-01 at 02:42 +0100, Espen Johansen wrote:
Hi Peter,
I'm sorry, but I for one have had quite enough emails from you by now.
You have clearly demonstrated that you do not understand enough about
firewalls, filtering, BSD etc. to use pfSense in it's current state.
Thank you. I
On Mon, 2005-10-31 at 17:14 -0600, Bill Marquette wrote:
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
The fact it is not production ready as you put it makes me cautious -
this is why I go in bridging mode as this way I can bypass firewall
physically by switching couple of cables
I'm using version 0.90a and when I try to open either system/firmware or
system/packages I got this error:
Warning: raiseerror(PEAR.inc): failed to open stream: No such file or
directory in /etc/inc/xmlrpc_client.inc on line 562 Warning: raiseerror():
Failed opening 'PEAR.inc' for inclusion
66 matches
Mail list logo