Was this setup using the ppf Printer Port Forwarder package? This seems to be what you are looking for. Give me a bit of info and if I have the time, I will try to implement. I would like to see this feature in place also. Was there something specific about this board that was causing problems
I am trying to replace a FireBox Firewall with pfsense. Our current
setup has 5 static IP addresses. The range is xxx.xxx.xxx.138-142. On
the firebox (which has a limited way of entering things anyway) this is
specified 162.39.251.138/29 and thme it uses aliases. How should I set
these up so
, at 11:05 AM, Robert Goley wrote:
I am trying to replace a FireBox Firewall with pfsense. Our current
setup has 5 static IP addresses. The range is xxx.xxx.xxx.
138-142. On
I did this transition recently and it went very well. What you want
to do is set up an ARP alias in pfsense
5
lines to be talking at the same time.
--Bill
On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote:
I have a pfsense firewall setup that I am trying to prioritize Vonage VOIP
traffic. I am replacing a M0n0wall firewall that had some traffic shaper
config setup for the Vonage routers. I
lines, you probably want to reserve 5 x line rate - if line
rate is 96Kb/sec then you want 480Kb (or whatever setting above that
is close - say 512Kb) for the reservation. That will allow all 5
lines to be talking at the same time.
--Bill
On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote
As for as the traffic shaper testing, what do you want to specifically test? I had a rule previously on the M0n0wall that included all traffic TCP/UDP/etc from the vonage routers IP addresses. Do you want the default protocol rules, the new changes for IP address/Alias, or is it even limited
]:
Robert
On Tue, 2006-02-21 at 14:19 -0500, Scott Ullrich wrote:
http://www.pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-20-06/
if you are running a full version, there are a couple of other testing
directories in ~sullrich with other versions (embedded, etc).
On 2/21/06, Robert Goley
) but it's not there anymore
Robert
On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote:
Why did you do that? You should have feed the tarball to System -
Firmware - Manual Update.
On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote:
Will do later... I tried extracting the update but tar
Ignore the last email, I see a 2-19-06 iso.
Robert
On Tue, 2006-02-21 at 17:59 -0500, Scott Ullrich wrote:
Why did you do that? You should have feed the tarball to System -
Firmware - Manual Update.
On 2/21/06, Robert Goley [EMAIL PROTECTED] wrote:
Will do later... I tried
I have reloaded the machine using the 02-19-06 iso and then upgraded it to 02-21-06. I restored my config file. I then ran the traffic shaper wizard. I changed the allocated bandwidth to 384 for VOIP to try to fix the previous error. It never finished loading the queues page. It basically sits
I will retest with Beta2. I had the same results that John reported
with Vonage lines. I only had to test it with one of the lines.
Robert
On Sat, 2006-02-25 at 17:18 -0600, Bill Marquette wrote:
Thanks for the update. I just spent a number of hours on the shaper
and think I found the
:
On 2/27/06, Robert Goley [EMAIL PROTECTED] wrote:
I will retest with Beta2. I had the same results that John reported
with Vonage lines. I only had to test it with one of the lines.
Robert
Thanks...the workarounds kinda suck IMO and we're still seeing issues
on WRAPs (but not all
Ignore my last email about specs. I must be blind
Robert
On Tue, 2006-03-07 at 17:06 -0500, Scott Ullrich wrote:
So far I am testing
http://linitx.com/product_info.php?cPath=4products_id=909 (Thanks
LinITX) and its an amazing little box.
Just got a RAL wireless card mounted. Neat
I have a similar situation and have not been able to make this work. I have a
dual wan policy based setup. Wan interface is DHCP cable modem. OPT1 is DSL
with static IPs. I have tried setting up a port forward for ftp from
OPT1-LAN. This have failed several ways. What are the official
I need to select the external proxy arp ip that is seen for several internal
hosts on the lan. For example: 10.0.0.32 needs to be seen as xxx.xxx.xxx.139
and 10.0.0.34 needs to be seen as xxx.xxx.xxx.141. I tried setting this up
using outbound NAT but looking at the states showed that the
Just realized I forgot to include some details in this message. I have dual
wan using policy based routing. Default traffic goes over a cable modem
(WAN). OPT1 is a range of 5 static IP's (xxx.xxx.xxx.138/29). LAN firewall
rule has 10.0.0.32 and 10.0.0.34 going over OPT1 interface.
I have a dual wan setup using policy based routing. I have found the RRD
graphs and really like them. Great job on these guys. These should help
talking to an ISP or two I have noticed that the quality graphs for the
OPT1 interface are not displaying. Do I have to enable this
Thanks for the info. Is there somewhere I should add this to a wiki etc?
Robert
On Friday 09 June 2006 12:25, Scott Ullrich wrote:
On 6/9/06, Robert Goley [EMAIL PROTECTED] wrote:
I have a dual wan setup using policy based routing. I have found the RRD
graphs and really like them. Great
It shouldn't be very had if he wants the pfsense machine to do all the work.
A simple shell script using grep and msmtp would work. It could be setup in
a couple of minutes. Not sure if msmtp is part of the default freebsd but
would not be hard to compile at worst. It would be a great way
What needs to be done to set the specific IP address that is seen/used for the
traffic? For example, using a static arp address instead of the main
interface address.
Robert
On Wednesday 14 June 2006 12:51, Scott Ullrich wrote:
On 6/14/06, Steve Harman [EMAIL PROTECTED] wrote:
Hi!
We
I am still working with the advanced outbound NAT using pfsense a policy based
dual wan router. The pfsense version is beta 4 but updated this using the
cvs update script. I am attempting to specify a couple of machines that
should show that they have the same IP (xxx.xxx.xxx.142). The
I have been attempting to backup this information also. It is working for me
using HTTP. I saw the answer for downloading via HTTPS. Using a browser you
are allow to download just certain sections of the config. How would this be
accessed via the wget command? For example, I would like to
For those curious and wanting to know.
http://en.wikipedia.org/wiki/NAT-T
On Tuesday 19 September 2006 14:00, Scott Ullrich wrote:
NAT-T
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
I have a dual wan setup with one LAN using policy based routing. I have 2
questions. I noticed a while back that RRD graphs only partially worked for
my OPT1 interface. Scott confirmed this and said that it was something that
he wanted fixed but did not indicate when it might be. I am still
Bus order is what changes the order here. It's certainly possible to
have em0 be em1 after inserting another em card in the machine. Be
thankful that BSD actually identifies the chipset here...I find it
impossible to figure out wth happened in linux when adding/removing
nics (and dmesg is
be up in minutes.
Holger
-Original Message-
From: Robert Goley [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 24, 2006 5:56 PM
To: support@pfsense.com
Subject: [pfSense Support] RRD graph status.
I have a dual wan setup with one LAN using policy based
routing. I have 2
Has anyone found the cause or a fix for the following error besides
robooting? I am using a NFORCE2 based athlon system with 4 3com 905B NICS
using the livecd version and config file on a floppy. I am unable to
access firewall via the webface after I get this error. I keep getting
this
.
Scott
On 11/22/06, Robert Goley [EMAIL PROTECTED] wrote:
It is not a ghost and I am not click happy. Anything specific you would
like me to test and give results for? I found that entry before posting
here. I was hoping someone found out more about it.
Robert
On Wednesday 22
I had a setup similar to this for a while. Our cable company offers static
IPs now. You will need to setup the Cable connection as your WAN connection.
If I remember correctly, this is the only interface you can setup using DHCP.
You will add your DSL as OPT1 and use you NAT rules to define
create the firewall
rule when I setup the portforward.
Robert
On Tuesday 27 March 2007 18:20, Robert Goley wrote:
I have 1 existing DSL connection and 2 existing Cable connections. I am
adding 2 more Cable connections as part of a phase-in/phase-out scenario.
The current setup works great
It seems we are both having the same basic issue. I am assuming that you are
able to connect out via the same OPT2 interface you are trying to connect in
thru. I wish I had more answer for you than I am having this trouble too.
No one has responded to my emails. If I find the source of my
Here is the message that I am receiving.
Robert
There were error(s) loading the rules: /tmp/rules.debug:54: macro 'opt3' not
defined/tmp/rules.debug:54: syntax error pfctl: Syntax error in config file:
pf rules not loaded - The line in question reads [54]: binat on $opt3 from
10.0.0.51/32 to
works.
Scott
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
It seems we are both having the same basic issue. I am assuming that you
are able to connect out via the same OPT2 interface you are trying to
connect in thru. I wish I had more answer for you than I am having this
trouble
On Thursday 29 March 2007 13:46, sai wrote:
Use the same settings that you got working on your laptop?
Yes, same settings.
Can you ping the gateway in question from the pfsense firewall?
I did not think that you could ping because of default traffic rules going out
on WAN and then back in from
I am entering the failover and load balancing rules. Rules look fine. Should
there be blank rules there by default? There is one for the load balance and
one for the pools.
Robert
Warning: unlink(/tmp/.pool): No such file or directory in /etc/inc/vslb.inc on
line 58 Warning: stristr():
Was not sure if it wa the same error. Thanks for the fix.
Robert
On Thursday 29 March 2007 18:17, Scott Ullrich wrote:
This was fixed earlier.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
I have reworked the firewall according to the docs Scott provided. Most
things are working fine. OPT1 and OPT2 using the new cable modems that had
trouble earlier are working. WAN however is not working right. I am having
a similar problem to earlier. With WAN set to be the default route,
I did find that 1-1 mapping is breaking the outgoing connect of the machine
that is being mapped. I verified this by switching a 1-1 NAT mapping between
to machines. I was able to access before the map and could not after. on
the other machine that had the map to start with, I could not
Yes, You have to explicitly kill the state from a terminal on the pfSense
router. I have done it a few times in the past but can not remember the
command at the moment. Search google for pf kill state. I will email the
command if I find it.
Robert
On Thursday 29 March 2007 21:01, Sally
I found the command. Here are some basics on it.
pfctl
-k host
Kill all of the state entries originating from the specified
host. A second -k host option may be specified, which will kill
all the state entries from the first host to the second host.
For example, to kill all of the state entries
at that point.
Robert
On Friday 30 March 2007 02:04, Holger Bauer wrote:
Please don't switch the topics of your mails concerning the same issue
constantly. It's hard to follow/track a vonversation this way. Thank
you.
Holger
-Original Message-
From: Robert Goley [mailto:[EMAIL PROTECTED
Ullrich wrote:
On 3/29/07, Robert Goley [EMAIL PROTECTED] wrote:
I found the command. Here are some basics on it.
pfctl
[snip]
Newer snapshots can kill the states from Diagnostics - States without
the command line.
Scott
The DNS service running on the pfSense router is refusing connections. It is
also unable to resolve DNS names locally. This was tested by sshing to the
router and typing ping google.com. It never resolved the name to an
address for ping to try to ping. There are DNS servers listed in the
Part of the DNS service is working. I create a static DNS entry on the
pfSense router. Clients are able to resolv that static entry using the
pfSense DNS service. I still do not know why the pfsense machine can not
resolve using DNS servers that other client machines are using. With
Just leave off the steps for creating the pools and skip straight to setting
your LAN rules. All you should have to do to send the traffic for the one
application is define a couple of rules based on either source IP on the LAN,
Destination IP, or destination ports that application uses. you
This is probably not the recommended method, but I have FTP setup using NAT
port forwards from our public address to the private one with the FTP helper
disabled. I had to setup the FTP server to use a specific range of ports for
the dynamic ports and them forwarded that range to the FTP
I have had similar issues with the MTU that were unrelated to pfSense. The
trouble I had was will an ISP supplied DSL modem that could not handle the
MTU sizes in a bridged mode. We had to replace the ISP router with a Cisco
model that would work correctly. the problem router was a
I have a multi wan setup with 3 WAN interfaces and 1 LAN. It is using policy
based routing. DNS refuses to work. This is because the pfsense machine can
not resolve anything. The DNS servers are correct. They are pingable from
the pfsense machine. They are accessible from machines on the
26 October 2007 05:36, Paul M wrote:
Robert Goley wrote:
based routing. DNS refuses to work. This is because the pfsense machine
can
I have no answer for you, but an idea to try.
run tcpdump -l -n -i xxx udp and port 53 on the firewall for each
interface xxx in turn whilst trying
Great idea, can't wait to see it.
Robert
On Wednesday 28 November 2007 15:44, Scott Ullrich wrote:
On 11/28/07, Ole Barnkob Kaas [EMAIL PROTECTED] wrote:
A bit offtopic - but bogons jogged my memory. Anyone thought on
implementing this:
http://www.spamhaus.org/drop/index.lasso
It will
It does get a bit annoying at times. At least being able to set/override the
refresh rate would be nice.
Robert
On Tuesday 11 December 2007 09:29, Dziuk, Fred J wrote:
Is there a setting to disable the automatic refresh of the many pages
within the SYSTEM LOG. I try to look at the display
Thanks Scott! I entered a ticket for the request.
Robert
On Tuesday 11 December 2007 14:10, Scott Ullrich wrote:
cvstrac.pfsense.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL
I have had this issue also. The quickest fix to to use the CTRL + or CTRL -
keys to change the font temporarily. This way you don't have to deal with a
smaller size font all the time.
Robert
On Friday 04 January 2008 11:01, Chris Buechler wrote:
Paul M wrote:
is this a known feature/bug?
Looks nice! I would be interested in this also.
Robert
On Thursday 24 January 2008 14:40, Richard Sperry wrote:
So if I wanted OSSIM.net integration, what would I pay? Give me and the
group the sales pitch, please.
Richard Sperry
Director of Operations
WrinkleBrain, Inc.
[EMAIL
54 matches
Mail list logo