Hi,
I tried to setup pfSense and added some VPN IPSEC tunnels to their
DYNDNS name (instead of using an IP), and this seems to give a problem.
racoon.conf ke. syntax error
the dyndns name was somekind of xxke.dyndns.org
Is this possible to overcome somehow ?
kind regards,
Michel
this be taken into
consideration)
thank you for your reply
ps. i was trying to install bandwidthd that came with the packages to
install in pfsense itself... it states bandwidthd BETA 2.0.1.1 -
platform 1.0
Ugo Bellavance schreef:
Michel Servaes wrote:
I was intrested in this application, since
it.notsuitableforblockingthep2p.youmightwanttotrysnortforthat.
sai
On 3/8/08, Michel
Servaes [EMAIL PROTECTED]
wrote:
I
have installed pfSense 1.2 onto the box.
I already tried another on the list of the pfSense packages, the ntop
version, which also seems to give me the details I need (this ntop
I've just found a forum item - it seems 1.2 does not support dynamic
endpoints anyway... have to wait for 1.3
Michel Servaes schreef:
Hi,
I have setup my pfSense now for 3 days, and am quite happy with it (at
home I use a m0n0wall, since I don't want a running harddisk).
But, some of my
I am having somewhat the same problem here... I cannot simulate, but
some of my users are experiencing the same problem.
I don't have pfSense as a PPTP server however, I use the forwarding
function of pfSense - to forward PPTP requests to a Windows 2003 server...
The users are having timeouts
Hi,
I am investigating a bit about m0n0wall pfSense... to my knowledge, it
seems that a CF card is not really a good medium to have many writes
onto... so currently I am running m0n0wall for that reason.
I know the embedded version of pfSense is comparable with m0n0wall (eg.
loading into
lol, that is very possible - yes.
a 4GB model would be sufficiant for logging, using ntop imspector
??
I guess proxy is out of the question, since the access is not that fast
like a real HD
Paul M schreef:
Eugen Leitl wrote:
Noise: I think the microdrive is next to
What and where can I check why this has stopped working ???
I can't recall an option somewhere to enable/disable this graph...
I have no idea where to search first ;-)
Kind regards,
Michel
running version 1.2
-
To
I had a similar setup, eg. using the onboard NIC and another PCI NIC in
the machine...
They weren't gbits, but plain 100mbits...
Well, performance was dull... it simply did not perform like a 100mbit
card... as soon as I added a second NIC (the same as the other one),
performance was exactly
it in on the CF/IDE controller...
I guess the PentiumIII mobo just didn't give enough drive params
through, to make the installer work...
But I'll post my findings this evening on my P3 box at home...
thanks for the url, i'll check it out...
Paul M schreef:
Michel Servaes wrote:
microdrive
it doesn't show any drives like you gave me... I only see the cdrom
acd0, I presume that the disk should be very near that line? (but it
isn't)
tomorrow I'm going to buy a second card reader, and hook it up to this
machine... to see if that will load or not...
Chris Buechler schreef:
Michel
The Cisco 2950 has a fan... so that wouldn't be suitable for home use...
I have a Linksys SRW224 which has VLAN tagging, but somehow I can't make
it work with pfSense (I might be doing something wrong though)
Paul M schreef:
a second hand cisco 2950 would be quite cheap on ebay, the gigabit
Hi,
I just tried to install spamd today, but it seems to block all my messages.
I've waited 25 minutes, and still no mail arrives.
I also tried to add some blacklist servers from the openbsd/spamd page,
but it seems not to really work.
It just kept three entries in the greylist, and nothing
, and it successfully works during failover (although the
settings and spam database don't replicate -- but that's a given with
most of the add-on packages).
I believe that you may be experiencing problems because you don't have
your local email server white listed.
Vaughn Reid III
Michel Servaes wrote:
Hi
ss on fxp0 proto tcp from spamd-white to port smtp -
192.168.10.200 port smtp
192.168.10.200 is our local mailserver.
Scott Ullrich schreef:
On 5/1/08, Michel Servaes [EMAIL PROTECTED] wrote:
So you don't config anything in the SpamD settings at all ?
The nextMTA shouldn't be your
a spammer :) )
Michel Servaes schreef:
It still won't react... I waited more than 30 minutes, but it still
doesn't come through...
I see in the System log a lot of spamd(1080), disconnect after xxx
seconds...
This is the snip in my rules.debug :
spam table
table whitelist persist
table
Is there somewhere a nicer way to view incoming PPTP connections, than
to manually view in the System Logs ?
I'd like somekind of interface like IPSEC Status...
Kind regards,
Michel
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
Hi,
Does pfSense offer an alternative to the Juniper SSL VPN solutions ?
I am looking for a solution for web based SSL VPN traffic to (for
instance) a Citrix or Terminal server... since some of my collegues
don't want to install (or can't) a PPTP VPN, or IPSEC solution...
Or does someone
I totally agree with you, but you know what happens if an external IT
man enters your office, and tells your boss that a solution like Juniper
is better than anything else...
So I am going to use your comments to discourage this kind of use... I
still like to have control of what comes in, and
true; every now and then I had to restart ntop too.
I'm now using bandwidth - it isn't as complete as ntop, but at least I
don't have to restart it every time...
but in case of troubles, I re-install ntop - and I monitor closely for
shutdowns (of ntop that is)
Tim Dickson wrote:
Ntop can
I currently have a normal I386 pc (pentium IV - 1,6GHz with 512MB RAM
and a 20GB HDD)...
Let's say if I want to replace this with a Soekris unit... how should I
compare this to a normal pc ?
I have about 10 ipsec VPNs, 4 VLAN's, some traffic shaping and some
packages installed (I am planning
thanks for the great info - this gave me pretty good insight... ;) got
to remember the fridge option (darn, I bought my wife just a new
fridge, and threw the old one away at the recycling centre)
Chris Buechler wrote:
On Fri, Jul 25, 2008 at 5:40 PM, Michel Servaes [EMAIL PROTECTED] wrote
I guess this will be my last question on Alix...
I have bought myself a CF HDD (8GB) (some months ago), and tried to
install it on a regular mainboard... but FreeBSD does not seem to like
this kind of setup... as a result, it won't boot up when using an ATA/CF
convertor... tried with an
How should I implement PPPoE on my WAN side ?
I have some old SIP phones, that have PPPoE functionality... and I want
them to work at distance without having to buy a VPN capable router...
I can enable PPPoE on pfSense, and I can select WAN as incoming... but
how should I configure this,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Any idea as why the squidguard won't start ?
As soon as I add an url to download the blacklists, the squidguard won't
start anymore...
I can select the blacklists though, so it did download it alright... I
tried to deny pron, but it let's it just
Hi,
I have used pfSense for about 4 months now at our office, and must say
it is just great what you guys are doing...
Today a collegue of mine, came to me asking what about authenticating...
sure I said, use a captive portal... but then it struck me, this would
allow the IP of the machine
Today I tried to use a CF/HDD into a SATA/CF convertor, which worked
just fine for installing, but it won't boot up at all.
It's really odd, and don't add up :
I have a CF/512MB and a CF-HDD/8GB and a PentiumIII motherboard (they
tend to use around 17 watts, that's why I took a P3 600MHz).
Hi,
I have 2 questions :
1. captive portal - range of ip's :
I don't seem to be able adding a range to the allowed ip list for the
captive portal. (I have to add each ip indivdually).
I wanted to enable captive portal for my terminal server, so I don't
have to play in my proxy server by
correctly?
Michel Servaes schreef:
It's using about 9,4MB (which surprises me greatly, since there were
many (many) subdirectories in the cache directory)
The harddisk is about 18GB, so I shouldn't have an issue there
(according du, that is)
I'm du'ing other folders, to find the big chunk... I
yikes,
my system' disk is full, and every now and then internet is stalled.
of the installed packages, i have iperf, squid bandwidth... and
currently I checked for rotating the logs (which wasn't enabled), but
still my disk is 100%...
what and where (and what can I) do I need to delete
the ntop dnscache.db file, since I'm not using ntop anymore)
David Meireles schreef:
It happened to me before, the squid cache filling the whole disk
(/var/squid/cache). To check how much space is the cache using, go to
/var/squid and run du -h -d 1
Michel Servaes escreveu:
yikes,
my system
can have easier
access to the system than using everything via exec.php
kind regards,
michel
Michel Servaes schreef:
I tried to change the location of the cache folder to
/var/squid/cache1, so that the /var/squid/cache folder wouldn't be in
use... but I still cannot rmdir -r /var/squid/cache
there be another method ?
Michel Servaes schreef:
using rm -r /var/squid/cache seems to work, disk is getting freed,
as we speak :) 94% and counting.
this made me stumble upon trying to connect using WinSCP... in which I
failed, and I think because of not adding the key in the setup of
pfSense... how
, and the SSH server is there to be used, so
:) But after all, your problem was the squid cache or not? are there
any other dir's that are taking so much disk space? do the du I've
told you before in the / dir
Michel Servaes escreveu:
Okay, sorry for the posting overload here :)
I installed
Hi,
Today I have stumbled upon an intresting problem. I know I can
translate my ports the other way round from WAN to LAN, and with this
knowledge I've added a rule the other sense around.
What do I need ?
I have a customer, who has an FTP server running at port 10021 (his ISP
blocks any
When I'm going to install 1.2.1 tomorrow evening, do we still belong to
this usergroup, or should one subscribe to another feed ?
I believe another feed is available for the 1.3 branch, isn't it ?
I will be installing 1.2.1 on another machine, so if anything should go
faulty, I can quickly
I backed up my config.xml, took another computer, added the same network
configuration... installed pfSense 1.2.1 (build of today).
Restored config.xml, re-installed packages (within restore function)...
and the new config worked fine (including ipsec vpn and all)... but
We have a range of wan
, Michel Servaes [EMAIL PROTECTED] wrote:
wouldn't the ARP cache be cleared by rebooting the pfsense box ?? (i
rebooted 3 or 4 times)
He said upstream. You know, the next router / modem in line.
Scott
It seems I am missing my WOL list, after moving the config.xml to my new
box.
As you know, I didn't do an inplace upgrade, but I took a new machine to
install the 1.2.1 on, and restoring my config.xml from my old box.
It isn't much of a problem, but maybe something to know before doing the
Who maintains the nut package ?
If it is installed, you can't see who is maintaining the nut package
anymore...
I have a question about this option... there are several settings that I
don't quite understand for what they are there :
- are they there to control a network connected ups ?
-
Hi,
I was wondering if it would be possible to block websites from let's say
9am till 5pm...
I can block ip-adresses that way, but I want it to block websites (since
some sites use round-robins, blocking at IP level isn't always a smart
choice)
Kind regards,
Michel
I can only think of using a switch, being capable
of port bonding... 802.3ad capable switches like HP Procurve 1800's can
link multiple ports for better speed.
Don't know how they end up, using wireless bridges though ;-)
Ugo Bellavance schreef:
Sorry for
top-posting, but I realize this is
Hi,
I've upgraded to the 1.2.3 version on one end, and have a monowall at my
end... whenever I ping a host over the tunnel, they reply...
But doing anything else (http, rdp, ...) it simply does nothing at all !
(eventually, I got a timeout) - but the tunnel is up, and I can ping.
My rules
G R E A T, many thanks - this works out just like pointed out in this
forum!!!
On Sat, Jan 31, 2009 at 11:22 AM, Ermal Luçi ermal.l...@gmail.com wrote:
look at this http://forum.pfsense.org/index.php/topic,13847.0.html
On Sat, Jan 31, 2009 at 10:37 AM, Michel Servaes mic...@mcmc.be wrote
tate-table of pfsense ?
Kind regards,
Michel Servaes
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
I upgraded some days ago to 1.2.3 because of a problem between updates...
I am quite sure, that 1.2.1RC1 did resolve to my WAN IP... but I am
struggling with my FTP server here in my LAN ever since I upgraded to 1.2.3
So I was thinking about on how to solve this, checked out the FAQ about the
ftp
Don't know what your setup is, but I in general use a fixed WINS address in
my laptop.
So whenever I am at home or at the office, I can easily resolve my hostnames
of the office ;-) (obviously, I have a WINS server at the office)
But again, it depens on your setup, if your able to integrate a
Hi,
I was wondering, if there is a manual way of defining the traffic
shaper, instead of using the wizard ?
I actually just would like to assign just 128kbit to all SMTP traffic
(in/out, don't care) - and the rest is permitted like it is.
I could run the wizard, delete all rules afterwards
I just updated my pfSense 1.2.3 prerelease version through a webupdate.
Which just seems to be working fine, allthough I cannot access the
webinterface anymore ??
I already restarted the webconfigurator through telnetting into the box
- but still the webinterface won't come up again.
Where
This is a brilliant response... ROTFL !!!
I guess I can safely downgrade to 1.22 using SSH/Telnet ?
Bill Marquette schreef:
On Thu, Mar 19, 2009 at 6:56 AM, Michel Servaes mic...@mcmc.be wrote:
I just updated my pfSense 1.2.3 prerelease version through a webupdate.
Which just seems
Commonly it is said that both monowall pfsense are not really
recommended for direct WIFI access.
(I tried it some time ago too, and it worked now and then) - but when
just using the second LAN, and hooking up a plain AP (like the linksys
WAP54G) does the trick for me ;)
I have two Nokia E65
install an empty pfSense (ie. without any package) and make a
full backup using pfSense... can I truly revert to this backup and
have no package at all installed at the end ??
(okay, files will be there on the harddisk - but I assume they are
then just garbage)
kind regards,
michel servaes
Hi,
When reading several posts, I found much info about load balancing...
but this is something I don't need.
What I would like to have, is to route all internet traffic through
one interface (an PPPoE session), and some traffic (terminal server
smtp) from the other interface (incoming).
If I
To put it simple (I think), is that OPT1 should be treated as incoming
traffic, and WAN should only be used for outgoing traffic (eg.
internet, radio, downloading, ...)
Hope this makes sense... kind regards
It was indeed a sanity check... and it would be the first time actually
implementing a
I'm not quite finished yet, in comprehending on how to make things work...
I now have setup my WAN to be my ADSL dynamic IP address, to surf the web from
within the house.
But how should I now manage my mailserver, to only use the OPT3 (named SDSL
Fixed IP) for mail-related ports (in both
Hi,
I am wondering, if the following would be possible - and how to start with it.
I have this SDSL and ADSL connection - in where our ADSL has a
download limit of 25GB/month
If one bypasses the 25GB - the connection drops from 10mbits to 64kbits !
How can I make pfSense see this, so if this
Only if you want to write code or a script of some sort to detect that
and automatically switch. That's somewhat involved though. No easy way
to do that.
Thank you for the replies... guess I'll first see how things go from
here - might be better to upgrade the ADSL as soon as it reaches
Okay, I updated to 1.2.3 RC3, which seems to work just fine with
dynamic adresses :D
thanks for this RC3 update ;)
On Sun, Oct 18, 2009 at 12:06 AM, Michel Servaes mic...@mcmc.be wrote:
Hi,
I am trying (again) to configure IPSEC vpn to dynamic clients.
I have this central firewall
Hi,
I am wondering, if it would be possible to add more users to the webgui access ?
Currently I have a monowall pfsense - and in such, monowall does
allow me to do this...
But the pfSense seems to be missing this function.
What I want to do, is to offer regular users (with a bit of IT
Hi,
I have traffic shaper issue (that will be for the most of us).
I have one SDSL 1/1mbit, and one VDSL PPPoE connection (as thus, this
is the WAN, and the SDSL being the OPT1).
When using the traffic shaper wizard, and defining the SDSL (OPT1) as
being 1024/1024 - it also shapes my VDSL to a
Hi,
I was wondering, if there would be a way (by not installing third
party software) to monitor the uptime of your ipsec VPN tunnels.
Sure, I can ping every LAN printer that is in the other subnet - or
install third party software... but some kind of cronjob checking this
would also be a cool
Hi,
My pfSense setup ran for about 30 days without a problem.
I had a setup with all DLINK DI804 or DI824VUP (wireless variant of
the DI804), which ran smoothly. (exclluding mine at home a monowall
setup).
Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN
connections start to
Since I have added two IPSEC tunnels to both Linksys' RV042 - my VPN
connections start to die randomy, but stay active in both the webgui's
overview (both, I mean pfSense and the DLINK's) - but either way is
impossible to ping each other !!
Have you tried checking the Prefer old IPsec
I was wondering on how to enable WDS (Windows Deployment Server)
together with DHCP within pfSense.
Anyone being succesful with this ?
When using DHCP of Windows Server itself, it works just fine... but when
using the DHCP within pfSense, it seems the WDS cannot be found.
The bootfile would be
Might it be, that these options should be possible to add to pfSense.
I can add options 66 67 (boot-server boot-filename)... but option 60
would be the name which should be set to (PXEClient)
I guess that would be the reason, for not being able to boot via PXE, to
the WDS ? (it's all fairly
This seems to work fine...
But, is it normal that I can install packages if I want to ?
The option is just there, and I tried to install rate, which by the
way on an embedded system seems not to have the issue of cutting the
last digit of the IP !
I thought packages were not supported on an
On Mon, Dec 21, 2009 at 7:09 PM, Michel Servaes mic...@mcmc.be wrote:
This seems to work fine...
But, is it normal that I can install packages if I want to ?
Yes, see embedded switched to nanobsd here:
http://blog.pfsense.org/?p=531
Only the ones that can reasonably run from CF
I have a pool of ip-adresses... the gateway is x.y.18.17, and the
ending is x.y.18.22
I have two servers, that use the same outgoing protocol and the first
is working fine, as I have setup a rule to use the default gateway
.18.17 on the WAN side.
But I want to setup the second server to go out on
i have configured pfsense in new box having two lan cards on it. one
is lan and one is wan.
wan interface set to dhcp , i got public ip address from my isp, i
have set both dns.
but i can not ping google.com http://google.com from pfsense. i can
ping my isp dns
can please any one help
thanks for prompt reply
yes i got dns from my isp.
but can not ping google.com http://google.com from pfsense
And the option Allow DNS server list to be overridden... in general
setup is also enabled ?
Your public ip-adress isn't by any chance a natted one ?
- Go to Firewall Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add a rule for your outgoing server/ip, in the Translation
section you will find your x.y.18.20 ip address.
Raouf Daghbouche schreef:
On Sun, Dec 27, 2009 at 1:49 PM, Michel Servaes mic...@mcmc.be wrote:
- Go to Firewall Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add
Raouf Daghbouche schreef:
On Sun, Dec 27, 2009 at 1:49 PM, Michel Servaes mic...@mcmc.be wrote:
- Go to Firewall Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add
Raouf Daghbouche schreef:
On Sun, Dec 27, 2009 at 1:49 PM, Michel Servaes mic...@mcmc.be wrote:
- Go to Firewall Virtual IP and Create a Virtual IP as CARP, with
your x.y.18.20
- Go to Firewall NAT and set Manual Outbound NAT rule generation
(Advanced Outbound NAT (AON))
- Then add
Yes you have to setup eveything when changing to manual outbound, even
the default outbound for your LAN.
You can use outbound for a subnet (/24) or specific host only (/32)
That is a lot of work then...
I also have the distinct impression, that when using the manual rules,
internet is
Does the book cover my kind of issue... I guess I'd better buy one
very soon now :-)
If you understood what you were doing you would definitely save lots
of your time.
Evgeny.
Till now I understood what I was doing :-)
But I've never made use of the advanced outbound routing
I was wondering, and am going to try this, this evening... how would an
embedded-install go onto a normal pc system ?
I downloaded the 2.0 Beta, physdiskwrite'ed it to a CF card of 2GB
Going to place it in the CF to IDE adaptor (where monowall currently
runs fine, on another CF card).
And
My big question - how would I tell which network interface will be the LAN,
to run the WebGUI wizard on... (on an Alix, it's the first one - but how can
I tell on this P3-600 (old compaq) board, which would be the first one ?)
Or won't it run at all ? Any first thoughts here ?
Hook up a
a pfSense one.)
Thanks for your replies though !
On Mon, Dec 28, 2009 at 5:06 PM, Michel Servaes mic...@mcmc.be wrote:
My big question - how would I tell which network interface will be the LAN,
to run the WebGUI wizard on... (on an Alix, it's the first one - but how can
I tell on this P3-600 (old
The reason it works out of the box on ALIX/Soekris is because the
default network adapter names for those are vr0/vr1 on both platforms so
those are in the default configuration.
Jim
Jim,
I was experimenting with the pfSense embedded, but it does indeed use
the serial console to show
Is there a way to redirect a port 80 (wanside) to 443 (lanside).
I can do port translation, but the IIS doesn't seem to accept this way
of redirection...
I know I can alter IIS, to accept port 80 - but I just don't like any
IIS to be open on port 80 to the worldwide web.
I could install an
Also, the machine is acting as a Secure Gateway for Citrix - so I don't want
to tamper a lot on a (for the rest) working config...
I just want to avoid the obligation to let my users type 'https' :-)
The problem is that 'https' doesn't just specify the port, it also
tells the browser
That's exactly what I thought on first seeing this - there's
absolutely no difference. It makes no sense at all to use a different
port on the server for security reasons.
I would agree. And whether you like Microsoft or not, there are
thousands of IIS instances running on the net with
Would it be possible to setup a VPN network, but in such a way that all
nodes are inter-connected, without having to build-up each separate
vpn-networks ?
Site1 connects to Site2
Site2 connects to Site3
Site1 now can connect to Site3, through Site2, maybe even interchange
the parameters to
when using multiple
SIP devices behind NAT...
Any thoughts ?
Kind regards,
Michel Servaes
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support
I have a SIP solution behind pfSense now (this morning it was sitting
behind a monowall setup on a pentium3 computer).
PfSense being installed on an Alix 2D13 now, opened up ports 5060
tcp/udp and the SIP device (an SPA-2102) registers every 180 seconds.
But the ip-state is being deleted every
user authentication is somehow not working... I'll definitely made a
mistake, but don't see where.
I have some admin users defined into the userlist (and I am using the
integrated user-list within Squid).
For example :
I have added admin, user guest.
By ACL rules
Admin and User are allowed on
user authentication is somehow not working... I'll definitely made a
mistake, but don't see where.
I have some admin users defined into the userlist (and I am using the
integrated user-list within Squid).
For example :
I have added admin, user guest.
By ACL rules
Admin and User are allowed
Hi,
I stepped over to pfsense (using monowall before for years), because I
liked the extras :)
But my Voip device keeps disconnecting each and every 1,5 to 2 days...
and there is nothing I can do about on the sip-device itself...
rebooting won't help.
I always have to reboot the pfSense (1.2.3).
Michel,
I had the same problem
This is caused by a wrong entry in the state table.
The workaround is posted in
http://forum.pfsense.org/index.php/topic,18053.0.html
H.
Michel Servaes wrote:
Hi,
I stepped over to pfsense (using monowall before for years), because I
liked the extras
Hi,
I would like to ask how to setup Pfsense on a Vmware workstation on a
windows host, i have tested it but i cant access the LAN ip of the
pfsense web configurator, please help me on this. Thanks
--
Ruben
Ruben,
What I mostly do to test pfsense in a vmware (or virtualbox)
I suspect my Alix embedded appliance (500 MHz 586 class with 256 MB
RAM) is getting maxed out via either heat or traffic.
e. Rejecting UDP port 80 on LAN
f. Rejecting TCP 6667 (IIRC), 135 (MS RPC) on LAN
g. Rejecting TCP/UDP 445 (SMB/CIFS), 137-139 (NetBIOS) on LAN. My
imac and a PC laptop
Web surfing happens on port 80 and tcp only. There should be no udp port 80
traffic going out. I think I read it in the pfsense book which just came
out.
Didn't read it yet (but, then again - I'm only at page 147 ;-) )
In the meanwhile, I blocked 80/udp on my firewalls :)
How many walls do you have?
Mehma
===
On Mon, Feb 1, 2010 at 2:13 AM, Michel Servaes mic...@mcmc.be
mailto:mic...@mcmc.be wrote:
Web surfing happens on port 80 and tcp only. There should be no
udp port 80
traffic going out. I think I read it in the pfsense book which
Would there be an easy option to block or allow a certain country to a
pfSense box ?
Let's assume that I don't want any Korean traffic on my pfSense... or China.
As I see that most attempts to the firewall (blocked ones, so not really
an issue) are from chinese ip's... I was wondering, if I
I use pfSense and have it running well.
I just obtained a static block of IPs from my ISP
but they are handed out via DHCP to the ISP equipment.
Once I have an DHCP IP, then I can go into the ISP hardware
and change it to a public IP.
Ok. well with that in mind, I have 1 WAN NIC in the
There is a default check around 1h01 am, for an IP change ?
/usr/bin/nice -n20 /etc/rc.dyndns.update
Why is this there, and can I safely remove it ?
I do a pppoerestart around 4AM, and have rescheduled the above rule
around 4h04... but this seems to give me no advantage (instead an entry
in
The book explains, to divert some DNS'es via static routes to OPT1 (if
you have multiwan-setup).
And it also explains to put an entry for the other DNS, for clarity,
to your WAN (though not needed, just for documentation reasons).
But, what if your WAN is using PPPoE - and is a dynamic IP all
There is a default check around 1h01 am, for an IP change ?
/usr/bin/nice -n20 /etc/rc.dyndns.update
Why is this there, and can I safely remove it ?
I do a pppoerestart around 4AM, and have rescheduled the above rule
around 4h04... but this seems to give me no advantage (instead an
entry in
Hi,
I am trying to make OpenVPN work (for the very first time in my life).
At home I have a single WAN, at the office I have a DUAL WAN (one SDSL,
with fix IP - and one ADSL with a Dynamic IP).
MultiWAN in my case is only used for fast ADSL at the office, and
coworkers(vpn) mail all come
1 - 100 of 144 matches
Mail list logo
