Okay... if I understand correctly, now it seems you are able to see the
authentication screen. But once authenticated, you still don't get out.
Try turning off MAC checking in pfSense's captive portal setup.
- Jason
From: ram [mailto:[EMAIL PROTECTED]
Sent:
As RB would say... I'm not contributing to the answer, but helping to
give understanding to the problem...
Untangle, while in bridged mode still really needs its own IP since one
of its primary features is to send daily reports as well as to provide
access to quarantined emails. This makes it
It is likely that they are doing as I do... Use pfSense for firewall and
VPN, while using Untangle for strictly filtering purposes (web, mail,
etc) and not firewalling.
- Jason
-Original Message-
From: RB [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2008 8:36 AM
To:
ram,
This is a bit of a shot in the dark, but try turning off services in
Untangle... until they are all off. It may be that one of them (like
the Intrusion Detection module) is detecting something it doesn't like.
- Jason
From: ram [mailto:[EMAIL PROTECTED]
I see on my RRD graphs for traffic (haven't looked elsewhere yet)...
that the last 6 month graph is showing Nov twice and skipping Feb.
At the bottom of the graph, I see:
Sep Oct Nov Nov Dec Jan Mar
Perhaps just mine doing this? I had this pfSense box offline for about
25 days (mid Jan
I decided to download the config XML for my firewall and noticed a weird
thing.
In the installedpackages section, I have the following:
menu/
service/
package/
Each of these precedes an actual normal menu/menu entry, etc..
(Excluding the package tag, which is long...)
menu/
menu
: Monday, December 03, 2007 1:59 PM
To: support@pfsense.com
Subject: Re: RE: [pfSense Support] Snort
On 12/3/07, Jason J. Ellingson [EMAIL PROTECTED] wrote:
Most excellent.
However (the ungrateful scum I am), now snort will not start at all...
the error is:
php: : Snort will not start. You must
Is there a way to change the IP monitored by the quality graphs? I know
it uses the gateway, but that is a router next to the pfSense box. I'd
rather it check the head from my ISP.
- Jason
-
To unsubscribe, e-mail: [EMAIL
Just tried out Snort on 1.2RC3...
So far, so good... just a couple of notes:
pfSense doesn't like:
dos.rules - multiple ports listed:
[135,137,138,139,445]
-and-
scan.rules - UDP protocol
So I disabled those for now.
Let's see how it goes...
- Jason
I have my Vonage box (made by LinkSys) on OPT1 and told it to
use DHCP. After it got its first IP (10.2.10.199), I clicked on the box to
set the DHCP to a static IP of 10.2.10.200.
I get a log full of this...
Nov 15 08:29:30
dhcpd: DHCPREQUEST for 10.2.10.200 from
Snort worked fine until I installed 1.0.1 (from 1.0)
Now, I see the normal startup messages for snort in the system logs and
get the usual memory and CPU use as before, but nothing seems to
actually trigger a snort alert or add anything to the blocked list.
I tried uninstalling and reinstalling
I picked reinstall package (using FireFox GRIN) and ended with an
error at the bottom of the page:
Fatal error: Call to undefined function: sync_package_snort_reinstall()
in /etc/inc/pkg-utils.inc(444) : eval()'d code on line 1
Snort seemed to be uninstalled.
Went to packages and installed it.
I would vote for:
A removal of an interface would just disable the appropriate NAT and rules.
Set the GUI to not allow reactivation of a NAT or rule that is for a
non-existing interface... You need to change the interface to an existing
one to re-enable it.
With the possibility of dynamically
Reboot any switches along with the routers and machines... I've seen
switches hold on to ARP entries for an looong time.
Just my 2 cents worth.
- Jason
-Original Message-
From: Derrick MacPherson [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 27, 2006 4:33 PM
To: support@pfsense.com
When I had Vonage problems, I cheated. I bought the LinkSys 2-line Router
(RT31P2) - it has Vonage service built in. I enabled the DMZ feature on the
LinkSys and pointed it to the pfSense box. Everything squeaky clean now!
Internet - Linksys - pfSense - LAN
Technically, it is double NAT'ing
Sorry... But I seem to be brain dead...
Co-location server (Downtown):
I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP Proxy
enabled only on OPT1 (disabled/checked on WAN).
Personal client (Home):
I have an FTP client behind a normal NAT on the LAN interface and FTP Proxy
a few days ago. cvs_sync.sh releng_1 or update to the latest
snapshot.
On 4/11/06, Jason J Ellingson [EMAIL PROTECTED] wrote:
Sorry... But I seem to be brain dead...
Co-location server (Downtown):
I have an FTP server behind a 1:1 NAT on the OPT1 interface and FTP
Proxy enabled only on OPT1
But, could the rules be applied to data being received from a tunnel?
With mobile IPSec clients (ignoring PPTP as an option), there is no way to
control data received. You can only have filters on what goes into a tunnel
and not what is coming out. If this could be overcome, that'd be great and
I guess I'm encountering a mental block on how to do this... Can anyone
help?
I have two pfSense boxes in different locations (and obviously on the
Internet).
I have a LAN to LAN IPSec between them.
192.168.1.x - 192.168.19.x
The far pfSense box also has a DMZ/OPT1 network:
10.0.0.x
Is there a
to still provide both
passive and active connections to internet connecting users.
Jason J Ellingson
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e
...
Jason J Ellingson
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 31, 2006 10:15 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] FTP and Tunnels
This was fixed after beta 1 (1:1
Sure... As usual, more stuff that doesn't work well for us stubborn IE
users.
I have no big love for IE, but plenty of clients out there have it as their
corporate standard.
Turn on script error reporting and you'll see IE toss up errors on
pfSense.com's mirror pages.
Same thing on this Octopus
I will try to implement. I would like to see
this feature in place also. Was there something specific about this board
that was causing problems versus a generic pc?RobertOn Thu,
2005-11-03 at 08:57 -0600, Jason J. Ellingson wrote:
I may have not been clear as to where the problem was. At least
for printing from the USB port on a Seokris
4801 will receive CASH reward (via PayPal or Check or small unmarked
bills... your pick).
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED
... which requires all the MAC addresses to be
listed in this table.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: Bill Marquette [mailto:[EMAIL
(before):
?php endif; ?
?php include(fend.inc); ?
Code (after):
?php endif; ?
/center
?php include(fend.inc); ?
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED
Since the pages are using IE7... do you plan to update from IE7 version
0.7.3 (alpha) to IE7 version 0.9 (alpha)?
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED
.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 10:39 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] bug in 0.89.2
On 10/31
debug this?
The PC is a standard generic Pentium II - 233 MHz with 256MB RAM. One Intel
NIC, one SIS NIC.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message
on all
other pages.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 8:16 AM
, it is there...
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands
and restarting it fixes the problem.
Also, it seems to also catch FTP connections going over the IPSec tunnel.
Shouldn't it only catch connections going over NAT (LAN-WAN)?
Jason J Ellingson
615.301.1682 : nashville
612.605.1132
allowing the connection through.
Jason J Ellingson
615.301.1682 : nashville
612.605.1132 : minneapolis
www.ellingson.com
[EMAIL PROTECTED]
-Original Message-
From: jonathan gonzalez [mailto:[EMAIL PROTECTED]
Sent: Monday, October
34 matches
Mail list logo
