On Sat, 2005-10-22 at 14:39 -0500, Randy B wrote:
Basically I'm concerned about what if it fails? - keeping same as
external IPs would allow me to simply take of pfSense and temporary use
local firewalls. It is not great but better than having it down.
After thinking further, I
Hi,
I see pfsense is moving fast. I got 0.88 yesterday and today 0.89.2 was
available...
This makes me to ask couple of questions
1) Is there changelog available somewhere so I could decide it I should
upgrade to recent version ?
2) Firmware upgrade is still broken in 0.89.2, or am I only
On Sat, 2005-10-22 at 19:02 -0500, Bill Marquette wrote:
Then bridge the interfaces.
Any advice how exactly it should work ?
Yep. Take the WAN interface and bridge it to the LAN interface. Now
your internal machines are directly on the internet with pfSense
transparently
Hi,
I'm still struggling to set up pfsense in transparent mode - to make it
act only as Firewall without doing NAT for me or something.
I have network 111.111.111.152/29 assigned to me by provider,
111.111.111.153 is gateway.
I set WAN interface of pfsense to 111.111.111.154 and
LAN
On Sun, 2005-10-23 at 09:23 -0500, Bill Marquette wrote:
O
Is there any way I could have pfsense ip at .154 and use .155-158 for
my applications ?
Yes, configure the pfSense LAN IP to .154 (and configure it for the
full subnet - you'll need to set the default gateway too) and then
Hi,
I seems to have found why the following happens for me on system
firmware check as well as on packages page:
Warning: raiseerror(PEAR.php): failed to open stream: No such file or
directory in /etc/inc/xmlrpc_client.inc on line 562 Warning:
raiseerror(): Failed opening 'PEAR.php' for
On Mon, 2005-10-24 at 10:34 -0400, Chris Buechler wrote:
I'd agree with Alan's description.
for more detail, see:
http://doc.m0n0.ch/handbook/examples-filtered-bridge.html It should
work just like that.
Chris,
Thanks for writing. I've read in FAQ and I was wondering what was your
Hi,
Might be this one would point out why it works for everyone but not for
me.
As I mentioned firewall rules fail to load in such configuration, which
is obviously the problem but it looks like it is not the only one.
I've replaced real IP prefix with 111.111.111. in this example
#
On Tue, 2005-10-25 at 00:41 +0100, alan walters wrote:
You should really disable this check and add the rules manually
afterward.
How should I do that ? In FAQ it is written /tmp/rules.debug is
generated by scripts every few minutes so it is not right place to edit.
I've checked config.xml
On Tue, 2005-10-25 at 00:46 +0100, alan walters wrote:
Could this be an issue with the duplex. Maybe different speeds on the
lan the wan and switches?
Well... to be honest I do not understand why it would be - ifconfig
em1 up brought it up without any problems so I guess the problem is
Hi,
I'm running 0.89.6
I tried to experiment with traffic shaping today. I'm to use it for
collocation so my goal is to avoid long traffic spikes, as this is what
I'll need to pay for. So lets say I have 100MB connection and I want to
cap it at 15Mbit or something.
Anyway at this point I
features.
It looks like you can't simply continue with Wizard to the end without
setting any shaping - it will create wrong rules.
Also in remote access services I did not find SSH - very surprising
omission for FreeBSD based product. There is VNC, RDP but not SSH.
--Bill
On 10/25/05, Peter
ACK corresponds to IP packets with ACK
flag.
- So SSH is not in ? (If you put ssh in...)
- What is bulk
- Why it would kill all other ssh traffic and what it suppose to mean ?
On 10/25/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Tue, 2005-10-25 at 19:52 -0500, Bill Marquette wrote
as possible. This is detected
as ACK flag in IP packets and such packets are routed with high
priority ?
Does it mean however any application which does same socket set up will
obey the same rule ?
On 10/26/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Tue, 2005-10-25 at 23:50 -0400
Hi,
I've recently tried number of variants of setting pfsense in Bridging
mode of my small subnet and I guess here is the state of things as it is
now.
Scott was going to fix some of these issues but I guess it is good to
summarize them anyway.
So running in bridging mode you set
Hi,
As I mentioned I'm trying to deploy pfsense for colocation
envinronment.
Today I did some performance tests, using main type of the traffic -
HTTP requests - apache benchmark from my laptop to Linux server with
only pfsense firewall in between
firewall is with 2 Gbit nicks and
On Thu, 2005-10-27 at 23:32 -0700, Peter Zaitsev wrote:
Hi,
As I mentioned I'm trying to deploy pfsense for colocation
envinronment.
Small followup,
Even agressive mode does not seems to keep up with traffic well.
In apache benchmark it works with concurrency=1 but fails with 30
or same as WAN ?
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Hi,
I've recently tried number of variants of setting pfsense in Bridging
mode of my small subnet and I guess here is the state of things as it is
now.
Scott was going to fix some of these issues but I guess
and check how it works in
all 3 cases.
Scott
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Fri, 2005-10-28 at 12:11 -0400, Scott Ullrich wrote:
All these issues have been fixed. Please wait until the next version.
Sure. I'm checking mirrors and your home directory every day
On Fri, 2005-10-28 at 13:42 -0400, Scott Ullrich wrote:
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Fri, 2005-10-28 at 13:05 -0400, Scott Ullrich wrote:
I think it will work better with a dummy ip. But it will work
without a ip as well now.
Hm. Dummy IP looks like ugliest
On Sat, 2005-10-29 at 23:05 -0500, Bill Marquette wrote:
Fixed.
update_file.sh /usr/local/www/system_advanced.php
and re-run shaper wizard or add:
schedulertypehfsc/schedulertype
to shaper tag in /conf/config.xml and reboot.
Thanks. I actually simply rerun traffic shaper.
Anyway this
On Sun, 2005-10-30 at 14:29 -0400, Scott Ullrich wrote:
With that amount of states it does not surprise me. You're most
likely better of doing a pfctl -ss and using grep to find what your
looking for.
Yes... It is however not total excuse for web page simply not loading.
It would look like a
it is not the case - if I'm not happy
with it for some reason I can try different firewall solution or simply
put OpenBSD or any other OS on it and set it up as firewall.
I love flexibility and hate vendor lockin
Scott
On 10/30/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Sun, 2005-10-30 at 14
On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote:
If you don't mind me asking, what hardware are you running pfsense on
for these tests?
This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz
2 Intel 1Gbit NICs
This seems to be much better than all firewalls below 5K$ have :)
On Sun, 2005-10-30 at 04:08 -0400, Scott Ullrich wrote:
This is not a release to test. Wait for OFFICIAL release around monday.
Yes I know it is still RC1 based...
I just need to ship the box around Monday for installation so I'm
testing each new release, to increase the chance of all my
offloading but also
have extra features such as deep packet inspections etc.
On 10/30/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote:
If you don't mind me asking, what hardware are you running pfsense on
for these tests?
This is Dell
On Mon, 2005-10-31 at 11:30 -0600, Fleming, John (ZeroChaos) wrote:
John,
I didn't see but are you using Nat? If so do things change with Nat
disabled? Also could you try disabling the Scrub option and seeing if
that makes a difference?
I'm using bridging - no NAT
What is SCRUB and how to
rule in this test)
And I guess 300Mhz CPU is a lot different from 2.4Ghz I have :)
Kind of funny to boot a 520 and hear a video failure beep code.
:)
-Original Message-
From: Peter Zaitsev [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 10:48 AM
To: support
On Mon, 2005-10-31 at 13:26 -0600, Fleming, John (ZeroChaos) wrote:
Benchmarking 111.111.111.158 (be patient) Completed 1 requests -
isn't 10,000 the default limit of the state table? That sure would
explain a lot.
I boosted it to 10 of course
booted and I could not
connect. (I initially tried to add the rule to lock me out) and
after pfctl -e I did not even need the rule.
So I guess something else triggered it.
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Hi,
After the tests today ( I guess I disabled firewall
On Mon, 2005-10-31 at 15:12 -0500, Scott Ullrich wrote:
pfctl runs pfctl -f /tmp/rules.debug. What happens if you run this?
There is no rules.debug if you have disabled firewall in advanced
setting and rebooted.
That was my first surprise :)
Just upgraded to 0.90 and traffic shaping seems to be broken.
Even after rerunning the wizard I get:
# pfctl -f /tmp/rules.debug
bandwidth for qWANRoot higher than interface
/tmp/rules.debug:17: errors in queue definition
parent qWANRoot not found for qWANdef
/tmp/rules.debug:18: errors in queue
and HTTPS). I can connect the boxes which are behind
firewall but not firewall host itself.
It seems somehow related to the same IP on LAN and WAN interfaces
according to my previous tests.
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 15:12 -0500, Scott Ullrich
On Mon, 2005-10-31 at 14:39 -0500, Scott Ullrich wrote:
On 10/31/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote:
I wonder if part of the problem is PF isn't seeing the TCP tear down. It
seems a little odd that the max gets hit and nothing else gets through.
I guess it could be the
enabled
which seems to show it is not bridging itself at least.
-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 1:09 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Network Device pooling
On 10/31/05, Peter Zaitsev [EMAIL
On Mon, 2005-10-31 at 16:20 -0500, Dan Swartzendruber wrote:
A
Why not to set it to 1000Mbit ? Seriously If you're looking for
something fail safe it could be fails safe.
this is not ever going to happen unless there is something
misdefined. very few people need to shape more than
benchmark in both configurations and there is the same effect.
Scott
On 10/31/05, Scott Ullrich [EMAIL PROTECTED] wrote:
I still don't have any idea what your trying to do. Send me your
config.xml off-list.
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005
ob my test driver host.
This still brings the question why with filtering and without behavior
is different but it makes me worry less :)
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Mon, 2005-10-31 at 16:25 -0500, Scott Ullrich wrote:
apr_poll: The timeout specified
Hi,
It looks like there is some newly added bug in 0.90 with empty LAN
address (WAN bridging)
# FTP proxy
rdr-anchor pftpx/*
rdr on em1 proto tcp from any to any port 21 - 127.0.0.1 port 8021
pass in on em1 proto tcp from /29 to any port 5900:5930 keep state tag
qOthersDownH
pass out on
that gets broken by this careless move on my
part.
Heh. So we're back dead in a water.
IP is required. The same IP as on WAN leads to trouble. Fake IP leads
to less trouble but still some stuff does not work this way
Scott
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Hi
On Tue, 2005-11-01 at 02:42 +0100, Espen Johansen wrote:
Hi Peter,
I'm sorry, but I for one have had quite enough emails from you by now.
You have clearly demonstrated that you do not understand enough about
firewalls, filtering, BSD etc. to use pfSense in it's current state.
Thank you. I
On Mon, 2005-10-31 at 17:14 -0600, Bill Marquette wrote:
On 10/31/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
The fact it is not production ready as you put it makes me cautious -
this is why I go in bridging mode as this way I can bypass firewall
physically by switching couple of cables
enough.
-Original Message-
From: Peter Zaitsev [mailto:[EMAIL PROTECTED]
Sent: Monday, October 31, 2005 3:53 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Network Device pooling
On Mon, 2005-10-31 at 16:31 -0500, Scott Ullrich wrote:
Are we absolutely sure
43 matches
Mail list logo