On 8/22/05, Tim Roberts <[EMAIL PROTECTED]> wrote: > > I cant drink enough beer to squash my frustration today. :) Can anyone help > me make ANY current or previous version of PFSense work with my situation?
Yup. > I think PFSense is filling a HUGE gap in the firewall space and would love > to use it, plan to never upgrade it once its set (provided it can just > remain stable), and will gladly send cases of beer to the fellow that helps > :) Also, my hat off to the developers, you are on the right track for > filling the gap. You need to sell this bitch when its stable and sign me up! We won't be selling it. But we will have a company that offers supports, paid feature integration, etc. But its somewhat early to discuss this at the moment. > I have been through all versions since 076.4 and have different issues with > each. 50% is probably my dumb ass. > > I need to setup a multi-WAN firewall that also has a DMZ network as well as > LAN network. I would really like to do this with CF but I only have 2 CF to > IDE adapters with 128MB CF disks. 0.76.4 installed just fine by disabling > swap and using live cd with installer. Ran just fine too until I tried > entering basic firewall rules - then it broke barfing about: > reads [132]: pass quick on rl0 proto esp from 216.26.248.144 to keep state > label IPSEC: esp proto .:. Okay, you've been bitten by a parser bug that appeared during the hackathon. Either start from a blank config on the latest version (0.79.2) or do the following: /etc/rc.conf_mount_rw rm /tmp/config.cache vi /cf/conf/config.xml /tunnel (delete the <tunnel> with double d) /tunnel (delete the </tunnel> with double d) :wq! /etc/rc.filter_configure pfctl -f /tmp/rules.debug (you should have no errors at this point) /etc/rc.conf_mount_ro > as well did 0.78 0.79 and 0.79 upgraded to 0.79.2. Each time I enter pretty > much any rule either by 80gb hard drive install or compact flash I get > fubared after entering rules. Rules as basic as allow any icmp to wan. save. > re-fresh, barf. Its a config.xml bug so it will persist until squashed :) [snip] > No failover. Id be tickled if pfsense could just spit its rules out to > another one similar to it in realtime and Ill manually jack the bitch in if > the primary drops :) let alone the ability to make them both live like > heartbeat. It can now. Look at Virtual IP->CARP Settings. It can sync configuration settings from master -> backup 1 -> backup 2, etc > No good way to use squid. > > No Multi-WAN support, futher making this a complete mess having 3 servers to > keep 3 standbye spares collecting dust. This should work now but outgoing load balancing still needs work. Scott
