On 7/25/05, Scott Ullrich [EMAIL PROTECTED] wrote:
This package is no longer available via freebsd's ftp servers and
we've never had a confirmation that it works so I am deactivating this
package.
upnp is junk anyway. Whoever decided it was a good idea to let some
application on your
On 8/2/05, alan walters [EMAIL PROTECTED] wrote:
Is it possible to route all traffic from opt1 across an ipsec vpn.
I think there's somebody doing this with m0n0wall. I recall it being
discussed on the list in the past. I believe how they accomplished it
was adding a site to
On 8/2/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Use execraw.php to issues shutdown -h now
that probably won't actually power off the machine though, will just
keep it running at the press any key to restart screen. there's a
way to make it power off if the machine supports it, though I
On 8/2/05, Paul Taylor [EMAIL PROTECTED] wrote:
I'm still getting the same problem with the USB keyboard on the
GX280 with the new build 73.2 from last night…
I verified with Scott this afternoon that I'm seeing the same thing on
a GX280. I'm even using a USB - PS/2 adapter
On 8/3/05, Simon SZE-To [EMAIL PROTECTED] wrote:
Hello,
I'm using m0n0wall and due to the issue between ipnat and bridging (
http://www.m0n0.ch/wall/docbook/faq-bridge.html ), I can't
access servers under bridged OPT1 from LAN. I would like to know is this
issue on pfSense too?
hard
On 8/1/05, Scott Ullrich [EMAIL PROTECTED] wrote:
[kernel: tl0: tx underrun -- increasing tx threshold to 512 bytes]
[kernel: tl0: tx underrun -- increasing tx threshold to 768 bytes]
[kernel: tl0: tx underrun -- increasing tx threshold to 1024 bytes]
[kernel: xl0: transmission error:
On 8/4/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Here's an update on the usb keyboard status. In a nutshell, known problem:
Scott must have missed a part of my email this morning re: this. This
works fine on FreeBSD 6.0 beta 1, but does *not* work with pfsense. I
tried it 3 times to make
On 8/4/05, Paul Taylor [EMAIL PROTECTED] wrote:
Success!
Nice!
We added the hint to the device.hints file and we pre-set the IP Addressing
for the interfaces we have in the config.xml file, burned this new CD, and
now we're up and running with a working USB keyboard on a Dell GX280!
On 8/8/05, Dimitri Rodis [EMAIL PROTECTED] wrote:
We are currently running monowall on Microsoft Virtual Server 2005 so far
with no problems at all-- it runs great, and does the job we need it to.
that actually surprises me... I haven't tried running FreeBSD with
the VS SP1 beta yet,
On 8/9/05, Dimitri Rodis [EMAIL PROTECTED] wrote:
By the way--
I just tested VS2005 (no service pack) on my Dell Dimension 4700 w/3ghz
running WinXP Pro SP2, and pfsense boots right up.
So, I think it's 1 of 3 things:
1. The E64MT support in the Xeon Processor we have
No, as I'm using
On 8/11/05, Scott Ullrich [EMAIL PROTECTED] wrote:
It could be possible but this all gets really hairy and sticky. Same
reason that its most likely no doable in m0n0wall in the first place.
There is a real chance of shooting yourself in the foot in this
configuration so consider yourself
On 8/11/05, Kerry Schrantz [EMAIL PROTECTED] wrote:
David, You are definately on to something with the IDE channels. I
have PFsense running just fine on my production box (Compaq) but I
have been having a heck of a time getting it installed on a particular
test machine (white box). I then
On 8/11/05, Tommaso Di Donato [EMAIL PROTECTED] wrote:
So... you all say that it is better to leave the things as they are.. Ok, I
trust you.
But in the remote possibility that I become crazy and start to develope
something like the thing I imagined, I will share it with you!
well not
On 8/12/05, Bill Marquette [EMAIL PROTECTED] wrote:
Let me guess, the hosts initiating the PING are running Windows? I'm
pretty sure we've recently fixed this bug. Care to try it?
With ipfilter 3.x (and hence m0n0wall) it doesn't matter if the hosts
are Windows or not. It isn't even as
On 8/17/05, Randy B [EMAIL PROTECTED] wrote:
I know this isn't likely the best forum for this question, but please
bear with me.
I've been seeing a lot of these iperf comments/questions, and decided to
try to track down why my connection to my home firewall seems *so slow*.
Installed the
On 8/18/05, Randy B [EMAIL PROTECTED] wrote:
Chris Buechler wrote:
Not unless you're running both a client and server at each end.
Unfortunately, not the case -
Yes it is. iperf doesn't test full duplex, it's one direction only
(with one connection, run a server and a client on each side
The specific command I ran was iperf -i 1 -N -d -P3 -c 192.168.0.1 -
from the options on my Gentoo box, -d says it does a bidirectional test
simultaneously, testing (I presumed) duplex.
ah yeah, it is full duplex with that option. I assumed you were doing
nothing but a -c and -s.
rl's
On 8/23/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
Currently you can only specify an IP address for entries. Some
clients (such as my belkin network KVM) don't pass a client
name. Others (such as my Series 2 TiVo) pass a less than useful one
(in this case, the serial number.) Is
On 8/25/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Please show an example if this is possible...
From what I understand the problem still exists.
sounds like it works on 1:1, but I do believe it's still an issue for
inbound and server NAT, or whatever we call it now.
People throw such
On 9/6/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
A couple of times I've inadvertantly sent to pfsense.org instead of
pfsense.com, and gotten the following bounce:
Hi. This is the qmail-send program at mail.livebsd.com.
I'm afraid I wasn't able to deliver your message to the following
no idea. if somebody knows a way, please let me know.
On 9/6/05, Gary Buckmaster [EMAIL PROTECTED] wrote:
Can ezmlm not be configured to allow the other two domains?
-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 06, 2005 11:34 AM
Cc
On 9/6/05, Lee J. Imber [EMAIL PROTECTED] wrote:
Hi,
Where can I get a gcc binary for 6.0?
I am trying to build some 3rd party packages and can't find one!
the full update in the developer's folder on all the mirrors should
have all that.
-cmb
dny wrote:
it's quite small hardware and doesnt take too much space.
i think, it's pretty good candidate to put into rack
rather than other expensive rackmounted hardware...
it's not going to work, as Scott said, but...really, you're kidding,
right? :) Expensive rack mounted hardware? A
Scott Ullrich wrote:
2- On the System Overview screen I show the following:
CPU usage: 67%
Memory usage: 29%
SWAP usage: 0%
Disk usage: 3%
Should be fixed in CVS Erik redid all of our meters in ajax.
I might add it's a display quirk that's been going on for a while now,
it wasn't
Vivek Khera wrote:
The failure was due to how 1:1 NAT rules are processed. It seems
that the NATing is done before rules are matched, so one must specify
the private IP in the allow rules for 1:1 hosts. On other firewalls
I've dealt with, one always specified the public IP as the
Mojo Jojo wrote:
Just some further info..
System died last night again after approx 6 hours of uptime.
I could still get to the GUI, could still SSH to it but it would pass
any traffic through to the OPT 2 (DMZ) interface.
I attempted to run /etc/rc.bootup at the command line which
sending your entire config.xml to the list or Scott directly if you need
to keep it private would likely help very much.
Scott Ullrich wrote:
On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote:
[snip]
I have no motive here other than to use the product and possibly help where
I can. It
Fleming, John (ZeroChaos) wrote:
3c509 or 3c905?
The 509 is an ISA card which means you need to run the 3com util
3c5x9cfg (I think that's what its called) to make sure you don't have
any irq/io conflicts.
might have jumpers on the card in lieu of that, a few of them did.
Might also
this isn't permitted (as of now) in the GUI, but you can run ntop on
multiple interfaces by using multiple -i flags.
Couple caveats - I wouldn't recommend running on WAN due to slightly
increased risk of something happening (though just running it on
internal networks doesn't make you
Jörgen Haraldsson wrote:
Yes that's correct.
The port 500 is because pfsense want a portnr.
I have used 50 to but it's just a protocolnr not a portnr that ipsec use.
Whenever you select ESP as protocol, the port boxes are all grayed out.
The only way the port boxes are available is if
Dan Swartzendruber wrote:
I'm not sure what the data is. I was monitoring WAN with ntop, and I
assumed it was my windows XP box. Maybe not? I don't see where ntop
calls out what the data was. Here's the screenshot:
much/most of it appears to be ARP traffic. i guess it's harmless to
John Cianfarani wrote:
Does that mean we won't be able to add anything at all other than the
base pfsense? Is it possible to try to build stuff ourself for this?
the system runs with a read-only file system, but there is a script in
/etc/ to mount rw. `ls /etc/|grep rw` to find it, I
Fleming, John (ZeroChaos) wrote:
I'm guessing we might need to do some mss fixup for ipsec tunnels.
and you'd be right. I'm not sure where it breaks down, but PMTUD is
b0rk over IPsec tunnels. Has always been an issue in m0n0wall. I've
looked at it some, but wasn't able to determine
and if you (or anyone else) don't know how to use the wiki, it's really
very simple once you know a few basic things. Just take a minute and
read through the HowToWiki entry I wrote yesterday.
http://wiki.pfsense.com/wikka.php?wakka=HowToWiki
Scott Ullrich wrote:
Yes, that would be
Bill Marquette wrote:
Probably cause it's impossible to buy a HD that is too small for
pfSense? CF isn't HD even if it might look like that to the PC - nor
do you want to use a CF as a HD (read the archives for reasons).
or the FAQ, I added an entry on this tonight per someone's suggested
Scott Ullrich wrote:
I access SQL, RDP and many other items through my ipsec tunnel and I
never change the MTU on the client. Thats a bad idea.The
solution is to find out why the packets are getting frag'd. Active
directory traffic does not work across my IPSEC tunnell but RDP and
Tommaso Di Donato wrote:
Maybe I explained myself not very well: ipsec natively do not permit
to bypass NAT gateway. So few solutions have been adopted, uone of
them is NAT-T (that is, ipsec over UDP). I do not mean that it is
pfsense that must do this: generally it is the OS ipsec
alan walters wrote:
Just wondering if someone can give the low down on wheather it is
possible to over come this problem.
Have a ipsec tunnel from remote location to lan of pfsense then using
routing allow traffic out the wan interface of pfsense.
Client --Remote pfsense
I'd agree with Alan's description.
for more detail, see:
http://doc.m0n0.ch/handbook/examples-filtered-bridge.html It should
work just like that.
alan walters wrote:
I have a similar configuration where the lan is bridged to the wan.
I just made a rule to allow access to the wan IP.
Ryan Neily wrote:
I'm still seing problems with both SSH clients I am using. On one, I
get a repated login attempt. With SecureCRT on Windows I get a
Unknown Authentication Method unless I check the box that says
keyboard interactive only??? I am not sure what is going on here?
If you
Scott Ullrich wrote:
That is correct as of the recent version that doesn't install
anti-spoof, anti-lockout rules, etc for the lan subnet.
I did some bridging testing this evening, with 0.89.6, a version that's
not publicly available yet. The above is still a problem, but with an
IP on
Forrest Aldrich wrote:
Oops sorry about that. ;-)
I was using Intel 10/100 cards (dual port). I also had Kensingtons.
It could also be due to other factors, such as my running FreeBSD's
natd. But, I did notice that SMB file browsing was much more fast
when I updated to the new machine.
Nate Davis wrote:
Howdy,
pfSense has been a solid firewall for home use, and now I am
implementing it as a firewall at work. I have run into a snag, and
not really sure what the problem is. I am running 89.2
Here is my Setup:
WAN (ATT-T1): 12.165.119.195
LAN: 192.168.40.1
I can use
Peter Zaitsev wrote:
On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote:
If you don't mind me asking, what hardware are you running pfsense on
for these tests?
This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz
2 Intel 1Gbit NICs
that seems reasonable to me. 50K
Lynn A. Roth wrote:
Some more info:
when I run atacontrol info, it appears that the disk is not attached.
what does 'camcontrol devlist' show? As a couple others have pointed
out, this drive might show up as SCSI.
I'd like to call your attention to:
http://pfsense.blogspot.com/2005/11/introducing-pfsense-support-forum.html
and
http://pfsense.blogspot.com/2005/11/addressing-confusion-which-system-to.html
-
To unsubscribe, e-mail:
Apologies to everyone for the 5 MB list attachment. I should have
instated a size limit on the list from the get go. Sending that out to
almost 300 people chewed up some serious Internet bandwidth (25 Mb, more
than half a T3).
http://chrisbuechler.com/temp/m0n0wall-wan-1day.png
/me is off
good grief. no forum, and people bitch moan and complain. offer a
forum, and different people bitch moan and complain. I think you should
all get over it. The list isn't going away. The forum is just another
support option.
ideally we could integrate all these disparate systems that we
http://forum.pfsense.org
announced last week on this list, on the blog, and on the main website.
Mojo Jojo wrote:
I am always a bigger fan of forums, where do I find this forum?
Of course, will take the PfSense help wherever it's offered :)
I just think forums have more features,
Szasz Revai Endre wrote:
No, a reboot doesn't fix the error.
The problem is, as I see, that no client is denied on the network
(none of those who have static ip addresses), everyone has access to
this machine (pfsense).
to the firewall itself, yeah. The anti-lockout rule assures that.
Scott Ullrich wrote:
I don't know of any developers going. We're mostly in the states.
yeah, but at least Scott and I should be at BSDCan 2006. A much more
affordable trip for most of us.
-
To unsubscribe, e-mail:
Kyle Mott wrote:
So, I've noticed that if I have a m0n0wall system configured to do
SNMP and Remote Syslog and I have a server in my DMZ behind pfSense
(and of course an IPSec tunnel between them), snmpwalk from the server
in the DMZ to the m0n0wall doesn't work, and nor does setting up the
Lists wrote:
uhhh broadcoms suck under FreeBSD also, well at least the GigE chipsets,
I would have agreed with anything prior to 6.0, but ever since upgrading
my one PowerEdge 2550 with a bge gig card to 6.0, it's been rock solid.
On 5.4, it wasn't too horribly bad, but it would drop
Lists wrote:
yeah, do a tcp thruput test between two boxes and tell me if you get
more then 800mbs, then slap intel cards in the box and do it again, been
there done that granted its better then it was in 5.x but still nothing
close to what it should be for the bandwidth your giving up, let me
Angelo Turetta wrote:
Yes, fine. And who's gonna tell your tunnel partner your address has
changed and their SPD must be changed? Do you have a protocol for doing
that in a standard way? What if you have a Cisco router on the other side?
it will be the same regardless of what you have on
Rainer Duffner wrote:
When you use it on (SuSE)-Linux (not sure about my FreeBSD6-box at
home), the fonts are that large by default.
At least in SuSE 9.2 + Firefox 1.1.
But pressing CTRL - once is not a big effort, it just took some time
before I realized that there was one more tab ;-)
Dimitri Rodis wrote:
Also (a little OT), a lot more people are going to be preferring MS
Virtual Server than vmware-- VS2005R2 is only $99 for standard edition
Yeah, until they actually try to run a production server on the piece of
trash. I tried MS VS in a real production environment,
Scott Ullrich wrote:
Yes, you can also use a USB memory stick to store config.xml on.
Simply format the stick as MSDOS and hook it up.
Not on any MS virtualization product, you can't! :) Another area where
VMware is miles ahead. No USB support whatsoever in MS VPC or VS, it's
been in
Scott Ullrich wrote:
Thats the junk.
yup, thanks for helping me make my point. :)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Rainer Duffner wrote:
Hi,
I looked unter limitations in the FAQ and didn't find anything.
it's there.
http://faq.pfsense.org/index.php?action=artikelcat=8id=101artlang=en
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
Bill Marquette wrote:
A VLAN is an interface, so interface limits apply.
exactly. there probably is a hard limit of some sort in FreeBSD, but
it's likely ridiculously high (like into the thousands or something of
that nature).
With that said,
the FAQ entry clearly states 32 is all
Jure Pečar wrote:
Hi all,
I've defined some vlans on both of my carp'ed pf boxes. Now I'm a bit confused
because they don't show up in web ui under interfaces. So how do I assign IPs
to them?
after you configure them (which appears to be done properly), in the
webgui, go to assign
Stephen Tsai wrote:
Hi,
I am testing pfSense Beta 1 from the LiveCD, and I found that it has
problem with download file from web pages. Here are two URL that you
can use to test.
http://h18023.www1.hp.com/support/files/server/us/download/23836.html
Emanuele Baglini wrote:
I tried BUGVALIDATION3 but firewall Log is always empty.
mine isn't empty, but I've noticed other issues and have opened a ticket
on it.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
Jeb Barger wrote:
I've seen this comment a couple of times. Is there a fix allowing FTP
clients from lan to connect to a server on the internet?
FTP had issues in b1, try B2-BVE3.
http://pfsense.org/~sullrich/BETA2-BUGVALIDATION3/
Scott Ullrich wrote:
More than one client. You may be able to search the mailing archives
for a very long drawn out conversation where basically someone was
using apachebench to test and it was not a ideal testing environment.
he's not doing any insane load testing like we've seen
David Strout wrote:
I have a ? / feature request. If pfS IS NOT the default GW on the LAN
then I suppose that the only way to direct all traffic out the
REAL/PRIMARY GW is to enter a static route for the LAN subnet to an
alternate IP address (that of the default GW for the LAN).
I believe
I'd do the same as Bill described.
But regardless, in the diagram you provided, you don't need or want a
default route on your LAN to accomplish this. You don't need any routes
on the VPN pfsense box, and on the primary at both sites you would need
routes pointing the remote VPN subnet to
Scott Ullrich wrote:
That is FreeBSD 6 release. That does not include all the new goodies
in -STABLE.
just wanted to add that this is only advisable if you're doing it for
good reason. in this case, you want -STABLE because of the relevant
changes you need for this particular purpose.
Lawrence Farr wrote:
I'm using pfsense to protect a number of web/mail/ftp
servers, which it does fantastically. Since upgrading
to the 1.0 Betas it seems to be running out of available
states very quickly. I've upped the state table to 2
and it's run out within a few hours. Most of the
Xavier Beaudouin wrote:
Hello,
We would like to prepare a captive portal solution for a customer that
is asking that every users should be invisible each others.
Is there a good solution for that ?
With wireless, no, not really feasible without a separate wireless
network for each user.
Bill Marquette wrote:
Personally, I'd have them drop both subnets down your pipe and just
deal with them on your end.
Yeah, and if that's what they do, you actually won't have to worry about
the gateway address for the other subnet. You can actually use two IP
subnets on the WAN side
pfSense Beta 2 was released to the mirrors last night, and is currently
available for download. Scott will be posting the change log and other
related information on the release on our blog some time today. He
tried last night, but blogger was down. Please watch
http://pfsense.blogspot.com
Alejandro Lengua wrote:
The problem would be, how much does ICSA Labs charge for their certification
and how the project could raise money to afford it.
$25K USD per year per certification. i.e. if you want a certified
firewall, and IPsec, then it's $50K. Add another $25K for each
Wesley K. Joyce wrote:
expensive
Indeed, but it's a requirement for some environments.
the opportunity to get certified isn't extremely unlikely, actually.
It's not very likely, but not unimaginable. There was an opportunity
for m0n0wall to get certified, completely at the cost of one
Bill Marquette wrote:
This is all done in /etc/inc/filter.inc.
Bill answered the hard part, here's the easy part he left out. :)
It's like this because it was inherited from m0n0wall and not changed
(yet).
-
To
Rainer Duffner wrote:
Scott Ullrich wrote:
Same as m0n0wall. Enabled filtering on bridges.
The old version didn't need this switch - what is switched off (or
on) by it?
Can I still do NAT for other optional interfaces when I enable it?
How it should work is when it's unchecked,
LJ Rand wrote:
Thanks, all those suggestions help and have been
observed.
But I still worry about some remote attacker tricking
the firewall into somehow sending or exposing the
contents of the config.xml file. It kind of feels
like having an /etc/passwd or /etc/shadow file where
the
Vivek Khera wrote:
However things go south when I hook up my powerbook running OS X 10.4
into the IPsec using mobile user. Basically, connected to the pfsense
remote endpoint everything works. I can copy large files via ssh no
problem. Normal ftp/http file transfer to all three works fine
just a thought (that might be way off), are there antispoofing rules on
bridged interfaces in pfsense? There was a bug in m0n0wall quite a
while back, but after pfsense forked, where antispoofing rules were
being applied to bridged interfaces. they shouldn't be applied at all
to any bridged
dny wrote:
any suggestion for a small fast smtp relay that i can use in
freebsd/pfsense??
something like esmtp in linux?
esmtp runs on FreeBSD (as does virtually everything that runs on
Linux). It's in ports. should be able to install it via 'pkg_add -r
esmtp'.
Bill Marquette wrote:
It's as secure as the switches vlan implementation.
That and your switch configuration. Refer to your switch vendor's
documentation on recommendations for secure VLAN configurations. Even
though Cisco has gone to great lengths to ensure their VLAN's are
secure, not
Chad Frerer wrote:
Hey list:
I’m a Comcast cable subscriber using PFSense as my gateway.
I have a device that MUST use upnp (*ducks*) to function correctly.
I’m sure that this isn’t supported now (or will be) so I’m opting to
get a second IP address. The device that needs the extra address
Molle Bestefich wrote:
Installing BETA4 on a Nokia IP110, I get this on the serial console:
Neither FreeBSD 5.x or 6.x will boot on these. Even m0n0wall 1.2b5-b7,
which were completely stripped of APIC and ACPI, and virtually every
other option that you could possibly remove and still have
Mailling wrote:
The script is working fine (all nice in one IE screen :) but the
password part doesn't work :(
yeah, username:password@ doesn't work in URL's anymore in IE because MS
removed it. too many stupid users falling for phishing schemes like
Molle Bestefich wrote:
Too bad I'm a complete BSD-newbie.
What do I need to do?
This isn't something I have the time to work on right now, but I'll give
you as many pointers as I can (which isn't much when it comes to kernel
debugging) if you want to dig into it.
Scott built this iso for
Michael Eales wrote:
Ethernet card is the Compaq Netelligent Dual 10/100 ethernet (Spares Number:
242560-001)
Pfsense is using the tl(4) -- Texas Instruments ThunderLAN Ethernet device
driver.
From 'man 4 altq':
SUPPORTED DEVICES
The driver modifications described in altq(9) are
Molle Bestefich wrote:
I'll go try and figure something out now, but as a suggestion, it
would be nice if the wiki could be replaced with something that
supports tables.
Already exists. You're welcome to use it for whatever you want.
http://doc.pfsense.org
Scott Ullrich wrote:
doc.pfsense.com is the official doc site. Wiki.pfsense.com is for
staging and for non-official docs.
That's our current official policy.
but...
On 5/31/06, Molle Bestefich [EMAIL PROTECTED] wrote:
But it wouldn't be nice of me to start adding developer docs to
my response to the m0n0wall list (and let's keep this on one list or the
other from now on):
Can you name a firewall vendor that doesn't do per-interface rulesets?
(I'm sure there are some, but virtually all do per-interface) Or one
good reason it shouldn't be this way?
The vast majority of
Molle Bestefich wrote:
Bill Marquette wrote:
anti-spoofing is _not_ automated...the antispoof rules/syntax only
protect the firewalls interfaces itself, not networks behind it.
I'm having a hard time grasping the exact automatic anti-spoofing
rules in pfSense, I think because they are not
Like I just said on the m0n0wall list, what this really comes down to is
a matter of personal preference. Cisco does per-interface, Check Point
and MS ISA do one long unmanageable ruleset. If you don't like
per-interface, go use Check Point or MS ISA. Obviously the developers
here prefer
[EMAIL PROTECTED] wrote:
While some users are well-disposed to understanding the concepts and
making changes in each “tab”, other users require a complete
visualization of the project.
heh this is the way m0n0wall used to be, a long list of rules on all
interfaces on a single page. Many
Jonathan Woodard wrote:
I was just wondering if there has been anymore work done this issue. I
updated to the June 4th build and I am still having problems. I run a
pptp server and connect to a pptp server remotely. I was initally able
to connect but re-connecting will not work and hangs with
Josh Stompro wrote:
Can anyone explain how to setup dhcpd to hand out leases in increasing
order rather than decreasing. I find that handing them out in
increasing order is easier to deal with in some cases. Is there a
good argument for doing them in descending order, or is it just
someones
Volker Kuhlmann wrote:
Yes that's what I meant - you can't restrict source IPs in connection
with original destination port. As soon as a source IP is allowed, it
can access on any WAN port for which there is a NAT rule, so you can't
force certain source IPs to use certain WAN ports only.
Volker Kuhlmann wrote:
As a side effect of the NAT-first, you can *NOT* limit access based on
the dest port of the incoming packet, as that has already been NATed
into oblivion by the time the packet reaches the filter rules.
Ah, ok, yeah you're right on that. But that's useless. Who cares
Bill Marquette wrote:
Sure :) I want port 443 from my work address to redirect to port 22
on my internal host, but for everyone else I want it to go to 443 on
my webserver. I've been meaning to change that behavior for some time
now, but it's never annoyed me enough as I've got 5 statics to
Tim Dickson wrote:
Also on boot up my interfaces peak at 200mbs and throw off my graphs
from that point on.
This is typical of SNMP monitoring (well, I'm assuming that's what the
RRD graphs use, though I really don't know offhand).
The only way to avoid that, per the Cacti developers where
Steve Harman wrote:
As it turns out GBit is something we need so I'd be interested if
Scott has any comment on support of GBit NICs (Intel or otherwise).
Look at:
Intel PWLA8492MT (dual port)
Intel PWLA8494MT (quad port)
those should be very common and easy to come by, and will work. I
1 - 100 of 1503 matches
Mail list logo