Alan,
You
want to create outbound allow rules for the NIC facing the particular machines
in question. Assuming OPT1 is your internet-facing NIC and you want a
machine on the network segment serviced by OPT2 to be able to make outbound
connections, your allow rule will need to be applied to
Can ezmlm not be configured to allow the other two domains?
-Original Message-
From: Chris Buechler [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 06, 2005 11:34 AM
Cc: support@pfsense.com
Subject: Re: [pfSense Support] mail alias weirdness?
On 9/6/05, Dan Swartzendruber [EMAIL
Is there going to be a newer developer's release? Or should everyone start
with the 0.80 developer's release and then upgrade firmware as appropriate?
-Gary
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 06, 2005 9:28 PM
To: Chris Buechler
Cc:
I just noticed this on an installed 0.84 box. The system logs (see
attached) are completely illegible, and seem to be complaining about
something happening in the kernel. I have no idea what caused this to
happen, and unfortunately, since the system log is rotary, how long this has
been going
Todd,
It's been covered several times already on the mailing list, and on the
blog. You do read the blog right? http://pfsense.blogspot.com/
-Gary
-Original Message-
From: Mojo Jojo [mailto:[EMAIL PROTECTED]
Sent: Monday, September 19, 2005 2:59 PM
To: PfSense Support List
Subject:
Dan,
You're opening up a real potential for DoSing the firewall if you have an
especially busy Exchange server that gets hit by some mass mailer worm. I
would rather have a separate instance of clamav running on my postfix (or
whatever MTA you choose to love) box.
-Gary
-Original
Oh, I understood you.
-Original Message-
From: Dan Swartzendruber [mailto:[EMAIL PROTECTED]
Sent: Friday, September 23, 2005 7:48 PM
To: support@pfsense.com
Subject: RE: [pfSense Support] antivirus and etc
At 08:45 PM 9/23/2005, you wrote:
So you're opening up a port on the firewall to
That's the good thing about pfSense and its developers. They do everything
they can to discourage people from shooting themselves in the foot, but if
you are bound and determined . . .
-Original Message-
From: Dan Swartzendruber [mailto:[EMAIL PROTECTED]
Sent: Friday, September 23, 2005
No, m0n0wall config files are not compatible with pfSense anymore.
Fortunately, unless you have a massively complex configuration, it should be
reasonably straightforward to set up your pfSense box to work as your
m0n0wall did without too much drama.
-Gary
-Original Message-
From:
, without using iproute and tc), so I always configured my squid
as transproxy, and used the iptables redirection.
Anyway, I understand you are speaking about a totally different way of
doing it (and in my opinion, both the ways can work.), so I am very
happy to learn smthg new!
On 10/26/05, Gary
http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing
-Original Message-
From: Michael Lednev [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 2:52 AM
To: support@pfsense.com
Subject: [pfSense Support] 2 default routes
Hello.
I have 2 ethernet links from different
I have two machines set up with 0.93.2, each with 3 NICS, OPT is bridged to
WAN and handles a small DMZ. CARP synchronization happens on the LAN
interface.
I configured CARP failover as per the tutorial and found that while the
rules and configuration changes are synching properly, the backup
When attempting to add a cache administrator email address the following
error gets puked out:
Warning: fopen(/usr/local/etc/squid/advanced/acls/src_subnets.acl): failed
to open stream: No such file or directory in /usr/local/pkg/squid_ng.inc on
line 487 Warning: fwrite(): supplied argument is
10:52 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] 0.93.2 CARP Failover issues
You now do not have any proxy arp entries, correct?
I run CARP in 5+ locations now with no issues.
On 11/17/05, Gary Buckmaster [EMAIL PROTECTED] wrote:
I have two machines set up with 0.93.2, each
It would be helpful to understand what's causing the issue here. I'd really
like to see about making this work, but a pointer in the right direction
would be good.
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 17, 2005 1:13 PM
To:
Rainer,
Are you allowing DNS traffic outbound on the NIC facing your DNS servers?
-Original Message-
From: Rainer Duffner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 22, 2005 2:26 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Question about NAT
Scott Ullrich wrote:
This is a known issue in the way the GUI code handles the ACLs in
squid.conf. The solutions for this have been covered exhaustively on both
this list and the forums. Since Mike Capp has already indicated that he is
completely re-writing this package, the best solution would be to wait until
his
I'd be perfectly content with the theme from Army of Darkness, or maybe
Knight Rider. . .
-Original Message-
From: Jonathan Woodard [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 04, 2006 2:19 AM
To: support@pfsense.com
Subject: Re: AW: AW: [pfSense Support] beeps gone?
It was just
Sweet! Thanks for making this. Can't wait to check it out.
-Original Message-
From: Rajkumar S [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 04, 2006 9:16 AM
To: support@pfsense.com
Subject: [pfSense Support] Adding a New theme
Hi all,
I am attaching a new theme called Orange,
going to have to have a 'beep' theme! Anyone writes
alternate beeps and I'll add the option (but ONLY after I get Sweet
child of mine) ;-P
--Bill
On 1/4/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
I'd be perfectly content with the theme from Army of Darkness, or maybe
Knight
as the sysop page
themeanyone care to figure that one out? Oh god, I can see it
now, we're going to have to have a 'beep' theme! Anyone writes
alternate beeps and I'll add the option (but ONLY after I get Sweet
child of mine) ;-P
--Bill
On 1/4/06, Gary Buckmaster [EMAIL
David,
You have to understand that this project is a labor of love and since
everyone is doing this as a volunteer basis, adding features that
aren't interesting, that up until now, nobody has asked for, especially
when they're working very hard to get 1.0 released is pretty
unrewarding. It's
A cleaner solution would be to introduce proxy settings into the user's
browsers (assuming Windows you can do this with a group policy) and its
fairly trivial to set up NTLM authentication with squid so that you
don't have to prompt the users for authentication credentials. The same
can be
The most current snapshot (today anyhow) is here:
http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/
Eric W. Bates wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary Buckmaster wrote:
PS: You're still using Beta-2. Upgrade to the most recent snapshot.
Where do
I just noticed my pfSense (now upgraded to Beta3, thanks guys!) machine
multicasting pfsync traffic of biblical proportions. This was a
surprise to me because I don't have CARP enabled on this box. In poking
around in my machine's config file I see the following entry:
- # carpsettings
- #
-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 18, 2006 4:26 PM
To: support@pfsense.com
Subject: [pfSense Support] Massive amounts of pfsync traffic when CARP
is turned off
I just noticed my pfSense (now upgraded to Beta3, thanks
guys!) machine
be a reinstall from scratch :-/ but you
might want to wait for scott's or bill's thoughts on this behavior first.
Holger
-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Tuesday, April 18, 2006 4:45 PM
To: support@pfsense.com
Subject: Re: [pfSense Support
Ullrich wrote:
Should be safe. But then again turning off pfSync should remove the
tag as well.
On 4/18/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
Scott,
I agree that that's how it *should* be working, but that's not what's
currently happening on this box. I'd like, very much to stop
So after saving the page with pfsync disabled, I need to reboot the
firewall to completely turn it off?
Scott Ullrich wrote:
It most likely will not change the pfsync association until the next reboot.
On 4/18/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
Yeah and I tried that, it had
[EMAIL PROTECTED] wrote:
Yep. Why was it on to begin with?
On 4/18/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
So after saving the page with pfsync disabled, I need to reboot the
firewall to completely turn it off?
Scott Ullrich wrote:
It most likely will not change
Charles,
The Squid package was started by someone who stubbed in a lot of
functionality and then promptly fell off the face of the earth. As a
result, a lot of what's in the user interface including the tie-in to
squidGuard isn't there. That's not to say that you couldn't install
Is this the bug where it accidentally defines an ACL called all as the
same network/netmask as the LAN? If so, I swear I thought that was fixed.
Charles Sprickman wrote:
On Mon, 24 Apr 2006, Gary Buckmaster wrote:
Charles,
The Squid package was started by someone who stubbed in a lot
I'm pretty sure this isn't the biggest install of pfSense, but we run
pfSense as our primary firewall for a 10M fiber connection, continually
utilized at about 6Mb/s. This includes load balancing an Internet
facing database cluster which handles approximately 35 million
transactions a day.
This question was just asked, and answered by me on this mailing list
last week. Please see the archives.
Pedro H. Braz wrote:
Hello Folks,
There's a way to configure personalized groups, instead of those
standard and extended, using the squid package? Another question I
have, there's a
I'm giving SpamD and have it all basically configured, although I'm
stuck at the NextMTA setting. This setting appears to assume only a
single MTA behind pfSense. Is this correct? Is there a way to specify
multiple transport mappings for multiple MTAs or would this require me
installing
Scott,
Both of those additions would be truly awesome and I'm willing to offer
up some testing resources for when you have free time to mess with these
additions. Thanks very much!
-Gary
Scott Ullrich wrote:
On 4/27/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
I'm giving SpamD
Not sure about your definitions of small and fast, but Postfix makes a
very nice SMTP relay/gateway/content filter and it'll install into
pfSense without much drama.
dny wrote:
any suggestion for a small fast smtp relay that i can use in
freebsd/pfsense??
something like esmtp in linux?
This is a known problem. Scott and I are working on it with the
ftpsesame developer. I realize its tempting to say well this works for
m0n0wall, so it should work for pfSense, its not a really fair
comparison. Yes, pfSense is a fork of m0n0, but a lot has changed.
pfSense should still be
Ah, see that's news to me. thanks. now why is that the first time this
has been brought up as a posibility?
Because we've been working on the problem on IRC since the problem was
first noticed. A lot of little problems (and some big ones) are solved
before they ever make the list. In
Jeff,
The appropriate hardware for various connections has been discussed
myriad times on this list and in the FAQ. For your situation a WRAP
would probably handle most things, although the VPN traffic could be a
bit more than the CPU on a WRAP could handle. Certainly you could do
To anyone having problems with the ftphelper working in active mode over
a bridge, please reply to this email with the ftpd software you're using
and whether or not that ftpd returns 200 ... in response to a PORT
command. It appears that some ftpd's are not RFC compliant and this is
what's
First off, thanks for the HAVP and ClamAV packages, they look as though
they're off to a good start. I have, however, run into a few errors
that are show-stoppers at this time.
When editing the HAVP configurations, the settings aren't saved in the
WebGUI. When you view havp.config you see
. Maybe putting an example or two in
the WebGUI instructions for the page might be in order?
-Gary
Rajkumar S wrote:
Gary Buckmaster wrote:
When editing the HAVP configurations, the settings aren't saved in
the WebGUI. When you view havp.config you see that the settings are
actually being
Raj,
I think I found the issue. It appears that you've defined havp.config
as living in /etc/havp.config and sure enough, you've written a very
nice havp.config file in /etc. If you change that to /usr/local/etc/ I
think you win.
-Gary
Gary Buckmaster wrote:
Raj,
Thanks for jumping
Molle Bestefich wrote:
Let's do that, then :-).
I don't mind spending some time doing that to help pfSense and m0n0wall.
Too bad I'm a complete BSD-newbie.
What do I need to do?
1. Take the harddrive to a modern laptop
2. Install FreeBSD 6
3. ?? Modify which options to enable serial-line
First and foremost, if you installed the HAVP package and don't have the
ClamAV package installed, you'll need to install that. ClamAV will
update its definitions automatically so you can safely ignore that
part. Once you have HAVP set up and configured (transparent mode
doesn't currently
that, but everywhere I add protection is a good thing *
-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Friday, May 26, 2006 8:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] HAVP
First and foremost, if you installed the HAVP package and don't have
I suspect he's seeing clamav-freshclam running which should happen by
default 5 times a day. This is, of course, configurable in the
configuration file.
Oh, and should ClamAV always be running. Mine runs for a little
while and then shuts down. I don't know if this is normal.
clamd
Raj,
I wouldn't run freshclam from cron. It's a very small daemon and very
efficient. Much better to let it run and update all on its own
according to its configuration file. Just my opinion, however.
-Gary
Rajkumar S wrote:
I haven't enabled clamav-freshclam also, I am running
Rajkumar S wrote:
I chose to run from cron because that was easy from a package writers
point of view. I also agree that making it a daemon is better, because
currently there is no safe way to remove a cron entry when a package
is removed. I will update the package to run freshclam as a
You're not thinking this problem out nearly well enough. A master rule
set, especially for those of us with more complex networks would be
unmanageable. Right now, I have a 3 NIC firewall configuration handling
over 65 publicly addressable machines, and when you factor in VPN
interfaces,
On pfSense its called 1:1 NAT and it works swimmingly.
Kyle Mott wrote:
Hi,
Quick question, is it possible to do SNAT somehow that I'm just not
thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1
(Interface IP of LAN), so when connections are made to other hosts in
the LAN
mapping:
192.168.100.122 - 10.20.100.122
And added a rule to allow any from WAN - 10.20.100.122, any protocol.
Still can't get to it, :
-Kyle
Gary Buckmaster wrote:
On pfSense its called 1:1 NAT and it works swimmingly.
Kyle Mott wrote:
Hi,
Quick question, is it possible to do SNAT somehow
Scott,
Bridging and CARP don't play nicely together, so you're going to have to
go another route.
-Gary
Scott Williamson wrote:
Ok so here is the question, I have 2 Wan Links Sprint 3MB connection and
Verizon 1.5 MB connection. I am wanting to Load Balance across both
connections and use
-Wan Load
Balancing Failover
1:1 Nat Accept ALL:ALL?
There are 10 types of people in this world, those who can read binary,
and those who cannot.
-Original Message-
From: Gary Buckmaster [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 03, 2006 9:44 AM
To: support@pfsense.com
Subject: Re
Scott Ullrich wrote:
On 8/3/06, Gary Buckmaster [EMAIL PROTECTED] wrote:
Aren't those Opteron based? If so, then you're out of luck, because
pfSense is currently not an x64 platform.
Opterons will run just fine on 32 bit as well as 64 bit. One of our
builder servers is a dual Opteron
If they're broken now, they were broken then. No packages have suffered
any regression (at least not yet). ClamAV and HAVP are both known to be
broken at this time. There are reports that Scott's recent patches have
brought Squid to a working state. SpamD works great!
Nick Smith wrote:
That's the whole point. Please read the documentation, and research 1:1
NAT to see why it will work for this purpose.
A. Jones wrote:
I can't set up a 1:1 as the wan interface is on a different subnet
than my lan interface
From: Tim Dickson [EMAIL PROTECTED]
Reply-To:
This has been answered repeatedly in the mailing list.
Kyle Mott wrote:
Hi,
I think I already know the answer to this, but figured I'd ask anyways.
Does pfSense work on SPARC32/SPARC64 platforms?
-Kyle
-
To unsubscribe,
HAVP and ClamAV have both been marked as Alpha software and should be
treated as such. To the best of my knowledge, HAVP is currently broken
and will not install, but Raj (the package author) has been busy and
unavailable to chase down the problem.
-Gary
Ryan Rodrigue wrote:
Does anyone
Actually, that won't work. The proper incantation is:
fetch -q -o - http://www.pfsense.com/~sullrich/update_to_rc2a.sh | sh -
More information is helpfully provided by Scott here:
http://forum.pfsense.org/index.php/topic,1820.0.html
Holger Bauer wrote:
run fetch -q -o
Also, upgrade your pfSense box. Beta4 is very out of date.
Holger Bauer wrote:
Add a portforward at interface OPT2, external adress any (not interface
adress), protocol TCP, external port range 80, NAT IP proxy at OPT6, local port
80. Save, apply.
Holger
-Original Message-
Were you trying to run captive portal on the LAN interface or something
along those lines? The issue you described sounds a little like you had
captive portal enabled and all your outbound traffic was bouncing up
against it. This would account for all the lighty and php processes you
were
Tim,
By default, squid will block everything. You need to create an ACL for
your LAN subnet(s) to allow access. Add the ACL and you should be good.
-Gary
Tim Roberts wrote:
Sorry in advance - I've plundered around and read the post from a ways
back that some of the packages were broken,
questions - I have configured Squid in
the past on a linux box and managed to make it work but Im ashamed to
say it was from a specific how to.
Thanks
Tim
- Original Message - From: Gary Buckmaster
[EMAIL PROTECTED]
To: support@pfsense.com
Sent: Friday, October 20, 2006 3:41 PM
Subject: Re
See the previous thread regarding solving Access Denied issues in squid.
Ken Bringa wrote:
Hello,
Thanks to all for the work being done on this terrific application.
I had squid working on previous releases and through upgrades to 1.0.
After 1.0 was released, I decided to do a fresh install
, both get the same thing.
Thanks
Tim
- Original Message - From: Gary Buckmaster
[EMAIL PROTECTED]
To: support@pfsense.com
Sent: Monday, October 23, 2006 9:43 AM
Subject: Re: [pfSense Support] Squid Access Denied
Tim,
I'm not sure where you're seeing that you don't need to put your
Alexandre Blardone wrote:
Hello,
I am currently running PFsense on a LinITX FX5620 6 NIC Firewall. I
have a 20Mbps WAN and 3 gigabit local subnets connected to it. I am
going to upgrade our WAN to 100Mbps and i was wondering if pfsense
coud support such a speed for WAN ? is my linitx box
Vaughn L. Reid III wrote:
I'm not sure this is the correct forum for this sort of item, but I'll
ask anyway.
Is there any sort of extension available to provide a logoff capability
from the web gui? I need this capability for HIPAA compliance. If not,
how would I go about offering a bounty to
saidy wrote:
Hi,
1. How to make/confiigured a multiple LAN (ie. 172.168.x.x and
192.168.x.x) with one WAN connection.
2. How to make network available in time configured (ie. User allow to
surf to internet within office hour 8am until 6pm)
Thank you
David Strout wrote:
Getting back into it here and I have been looking to grab the latest
SNAP and test it in the lab ... but they seem to have disappeared fron
Scott's dir. Can someone point me to them?
--
David L. Strout
Engineering Systems Plus, LLC
As has been discussed myriad times
Diego Morato wrote:
Hi All,
I would like to know how pfsense rotate the log files, how days it
is stored and how do I configure this. I need to know this because we
have auditors that from time to time do audits in this logs. In other
systems I rotate the logs monthly and keep in HD for
Prior to trying to install this into production, I had this entire
scenario working perfectly in a test environment. Something, it seems,
has changed between testing and production.
I have a cluster of 15 web servers which I intend to load balance with a
CARP'd cluster. I've created a CARP
.
Bill Marquette wrote:
Both boxes are likely polling the web servers in question, hence the
traffic from both machines.
You might confirm that you have rules loaded to allow this traffic.
--Bill
On 4/24/07, Gary Buckmaster [EMAIL PROTECTED] wrote:
Prior to trying to install this into production, I
Bill Marquette wrote:
On 4/24/07, Gary Buckmaster [EMAIL PROTECTED] wrote:
This issue turned out to be primarily a configuration problem, although
it serves as a good lesson for others to learn from so I'll post the
reply for the sake of posterity.
background
We currently have 16 web servers
Holger Bauer wrote:
This will be a feature of 1.3 (like the dashboard) as well. However we
are using our own implementation, not the one m0n0 has.
Holger
From: Mohd Saidy [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 10, 2007 10:23 AM
To:
Marco Vinella wrote:
I need to have some information about configuring pfSense's proxy.
We have a LAN Active Directory (W Server 2003) managed. We have to filtering
internet (WAN), from LAN, access with pfSense's proxy.
We want to authorize only Users which are in a specific Active Directory's
Mohd Saidy wrote:
Hi,
Need to know how to. How can i save all cache (squid) file to second
HDD. Sorry for dummy question. TQ
-saidy-
This question is best answered by reading the squid documentation on the
squid website. Look up the cache_dir directive for squid.conf and the
answer
I believe the tutorial linked in a previous email addresses this. You
can do one of two things. Either you bridge OPT1 to WAN and then all
the machines in your DMZ will have public-addressable IP addresses, or
you'll want to configure 1:1 NAT. Either solution will work, it just
depends on
Echo what Tim said. Given this new set of information about your
network setup, 1:1 NAT would be a much more appropriate choice for this
particular network.
PS... I opted for 1:1 rather than bridging. This gives the servers
public addresses, but also allows me to expand in ways not possible
This is a shot in the dark, but is there a chance that you're on a PPPoE
(or similar) connection, even with a statically assigned IP? Is there a
chance that your connection becomes dormant enough for your ISP to time
out your connection, obligating you to re-dial?
Tortise wrote:
Thanks
Many managed switches also allow you to specify a monitor or span port.
You may then capture any/all traffic running across your switch
backplane on that port. Idea for IDS applications or whatever it is
you're wanting to do with all that traffic. Keep in mind that it takes
a lot of
I know this has been discussed before, but I can't find the relevant
discussion and apparently its becoming an issue in the support IRC
channel. Can someone provide an explanation of what the other Virtual
IP type is, and what its use is? Several times now, people have tried
to set up 1:1
Roberto Greiner wrote:
Hi,
I;m trying to install 1.2Beta in a test machine that already has other
systems installed (a Debian 4.0). The problem I'm having is that in the
partitioning step, the installer does not accept the size of the linux
partitions, saying that they are not a multiple of
Don't install the developer edition on a CF-system.
Karl DeLyria wrote:
How,
Do I keep the compact flash from filling up with developer stuff? I reloaded it
twice thinking I left a capture on or my logs were overly active.
Karl DeLyria
221 SW Texas St.
Portland, OR 97219
503-245-4190
It should also be noted that CARP doesn't work with bridged interfaces,
so if you want CARP (which for a data center environment, you probably
do) you'll want to use the setup that Chris suggested.
Chris Daniel wrote:
If you think you will ever need failover using CARP, 1:1 NAT with
virtual
Karl DeLyria wrote:
Where can I find it?
Karl DeLyria
Metaskills Consulting
221 SW Texas St.
Portland, OR 97219
503-245-4190
503-816-1127 cell
-
To
I hear this question come up just about every day and frankly it
frustrates me greatly. We've been using pfSense in production since
pre-version 1. We've had 1.2-Beta snapshots in production load
balancing a database cluster which handles 35 million requests daily,
and which is responsible
Igor Parsadanov wrote:
Hello,
I have lightsquid and squid installed, and I have lightsquid set to
rotate logs, but it doesn't do it. After looking at the cron job this
is what I found the crontab entry to say:
0 0 * * */1 root/usr/local/etc/squid
Scott Williamson wrote:
I just upgraded to 1.0.1 from a 1.0 beta. I have noticed looking at
the Firewall logs that I am showing I am dropping a lot of packets
that I have rules built to allow. I have not had any problems with
communication through the firewall so I believe it is just false
Scott Williamson wrote:
I tried right after upgrading to 1.0.1. Whenever I told it to upgrade, I just got a
page cannot be displayed error.
You'll probably have to go with a fresh install of 1.2-RC1. On the plus
side, your config file *should* still work fine so you'll limit the
jamona perez wrote:
Hi,
I know this topic comes over regularly, but searching through the
archives, thread often ends with I'll post the results, but...
So here is my question : I plan on getting a pair of Dell PE 860 for
building a high-availability high-performance transparent firewall. I
Denny,
We currently use a 3-NIC, bridged DMZ setup for our firewall here. This
solution works very well for the large number of Internet facing
servers. The benefits are exactly what you mentioned and there is no
performance issue at all. LAN clients can access the DMZ servers
without any
be a bit outdated on my knowledge of this... but last time I checked...
in a bridged situation, LAN clients were unable to access anything on the
bridged interface. Has this changed?
Tim Nelson
Technical Consultant
Rockbochs Inc.
- Original Message -
From: Gary Buckmaster [EMAIL PROTECTED
Steve Harman wrote:
Hi!
Could someone update me on where things are (if anywhere!) with AV or
AS provision inside pfSense please?
Is there a 3^rd -party package or internal facility under development
at all?
Thanks,
Steve
Centipede Networks has sponsored the creation
Jonathan Horne wrote:
i have a client, who has been running pfsense since january. i recently
updated him to 1.2-RC1, and since then, his internet browsing for his site
has been really poor. when a browser is opened, the initial connection to
the site takes 10-15 seconds, then the site
also, NAT-T is not supported in the current version of pfSense. This
will be fixed after 1.2 is released.
Fuchs, Martin wrote:
Due IPSec is not supported officially to run between 2 dynamic
adresses, pfsense does not support it…
Have a look in the forum, there are some approaches…
*Von:*
Russ,
It sounds like you're vastly over-thinking this. Setting up a 1:1 NAT
is relatively straightforward.
1) Create a VIP (type CARP or type Proxy ARP) this is a VIP attached to
your WAN and should reflect a public (see also: routable) IP address
that the Internet will use to contact the
Steve,
You really should not be running 1.0.1 anymore for production. There
have been literally thousands of bugs fixed (including a number of them
within the VPN implementations) and pfSense has had RCs out for quite
some time. Before you go too far down this road, you should really upgrade.
Steve Harman wrote:
Hi!
We just updated to 1.2 RC3 from 1.01 and I was delighted to see
OpenNTPD is now available.
I’ve enabled it on two of our LAN interfaces but when I attempt to
have Windows XP sync-up via its date time control panel I’m told
“The time sample was rejected because;
1 - 100 of 232 matches
Mail list logo
