Re: [pfSense] 2.2.5 squidGuard fails to start

[Volker Kuhlmann]

On Wed 18 Nov 2015 04:09:41 NZDT +1300, Brian Caouette wrote:

> I can confirm I have see this a well. Started with the 2.2.x series.
> Happens with almost every reboot or upgrade of package.
> re-downloading the blacklist fixes it until the next cycle.

For me it started with 2.2.5 and di not happen with 2.2.[234].

The package updates of squid3 0.4.3 and squidguard 1.9.17 within the
last few days fix it. Thanks!

Volker

-- 
Volker Kuhlmann
http://volker.top.geek.nz/  Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two queries from intending new user

[Volker Kuhlmann]

On Wed 18 Nov 2015 06:14:16 NZDT +1300, Bret Busby wrote:

The short answer is no and no.
> Does installing pfSense, especially, using the "Quick/Easy Install
> option", allow for installation so as to allow for multiple boot
> options (being able to choose an alternative boot option)?

pfsense is a turn-key system requiring its own dedicated hard disk,
which gets wiped during "easy install".
Perhaps, in theory, you could transplant an existing installation into a
new partition, but you'd really have to know what you're doing. I don't
think Linux can create or write freebsd filesystems, reading them might
work.

> The second query is thus; from what I understand, the "pfSense Default
> Configuration" has "LAN is configured with a  static IPv4 address of
> 192.168.1.1/24". Is it possible, with the "Quick/Easy Install option",
> to retain the current LAN configuration

No. pfsense is not aware of any other firewalls' configuration files.
Start from scratch.

You can change the LAN interface's IP address somewhere during easy
install IIRC, it's on the console at the end of installation.

HTH,

Volker

-- 
Volker Kuhlmann
http://volker.top.geek.nz/  Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two queries from intending new user

[compdoc]

>Does installing pfSense, especially, using the "Quick/Easy Install option",
allow for installation so as to allow for multiple boot options

No, it will erase the hard drive and set up a freebsd file system. Might be
worth using another drive altogether to preserve the old drive, or use
clonezilla to make a copy of the drive to a network share, or saved as a
file to another drive.



>Is it possible, with the "Quick/Easy Install option", to retain the current
LAN configuration, 

They use the 192.168.1.1/24 address to make it easy to navbigate to the
first time. But when you begin to configure it, it asks what address you
want to use. 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two queries from intending new user

[Usama Ahmad]

Hello Bret,

The answer to your first question is not really. You can do an advanced
install but will have to make the partitions needed beforehand using a live
system disk and then play around with grub after installing PfSense on
freed partitions. Fairly complex especially since this is BSD and not
Debian. May be easier to use a separate disk, that way you could swap.

In default install the Wan does use DHCP the Lan can be changed very easily
from console, option 2 I believe.

Hope that answers your queries.

Sincerely,
Usama
On Nov 17, 2015 8:45 PM, "Bret Busby"  wrote:

> Hello.
>
> I have been recommended to install and use pfSense to replace my
> existing firewall, which is Firestarter running on an old and
> unsupported version of Debian Linux.
>
> I have looked at the pfSense documentation, including the Installation
> Guide for pfSense, and I have the following two queries.
>
> Does installing pfSense, especially, using the "Quick/Easy Install
> option", allow for installation so as to allow for multiple boot
> options (being able to choose an alternative boot option)? Rather than
> obliterate the existing firewall installation, I would prefer, if
> possible, to be able to install pfSense "alongside" the existing
> firewall installation, so that, using a bootloader like GRUB, if I
> have any problems with operating or configuring pfSense, or, with the
> installation procedure, or, subsequent updating, of pfSense, I could
> revert to using the existing firewall installtion, to allow me
> Internet access, to be able to seek assistance.
>
> The second query is thus; from what I understand, the "pfSense Default
> Configuration" has "LAN is configured with astatic IPv4 address of
> 192.168.1.1/24". Is it possible, with the "Quick/Easy Install option",
> to retain the current LAN configuration, where the network card that
> goes outside, uses DHCP, and the network card that interfaces with the
> LAN behind the firewall, uses a slightly different IPv4 address range;
> eg, if it instead used 192.168.3.1/99 ?
>
> Thank you in anticipation.
>
> --
>
> Bret Busby
> Armadale
> West Australia
>
> ..
>
> "So once you do know what the question actually is,
>  you'll know what the answer means."
> - Deep Thought,
>  Chapter 28 of Book 1 of
>  "The Hitchhiker's Guide to the Galaxy:
>  A Trilogy In Four Parts",
>  written by Douglas Adams,
>  published by Pan Books, 1992
>
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Unbound DNS Resolver doesn't listen on IP aliases even when selected in settings

[Paul Mather]

On Nov 17, 2015, at 12:45 PM, Steve Yates  wrote:

> Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm:
> 
>> Unfortunately, with this configuration, unbound does not listen on the
>> IP aliases: it only listens on the primary IP addresses of LAN,
>> INTERNAL, and localhost.
> 
>   I don't have quite the same configuration, but with a CARP shared LAN 
> IP, it listens on that alias.  Did you check your firewall log/rules?


I don't believe it is an issue of firewall/log rules.  Unbound is simply not 
listening on those interfaces, as shown by a "sockstat -4l":

USER COMMANDPID   FD PROTO  LOCAL ADDRESS FOREIGN ADDRESS
[[...]]
unbound  unbound1123  10 udp4   10.5.5.1:53   *:*
unbound  unbound1123  11 tcp4   10.5.5.1:53   *:*
unbound  unbound1123  12 udp4   10.0.0.7:53   *:*
unbound  unbound1123  13 tcp4   10.0.0.7:53   *:*
unbound  unbound1123  14 udp4   127.0.0.1:53  *:*
unbound  unbound1123  16 tcp4   127.0.0.1:53  *:*
unbound  unbound1123  19 tcp4   127.0.0.1:953 *:*
[[...]]

Those IP addresses correspond to the primary addresses of LAN, INTERNAL, and 
localhost.  Missing are entries listening on the IP aliases, 10.0.0.1 and 
10.0.0.14.

Also, even though I also have 10.0.0.14 and 10.0.0.1 checked in the DNS 
Resolver settings, they are not included in the active 
/var/unbound/unbound.conf file:

[[...]]
# Interface IP(s) to bind to
interface: 10.5.5.1
interface: 10.0.0.7
interface: 127.0.0.1
interface: ::1
[[...]]

Only the primary addresses of the network NICs are included.

If I add "interface:" lines myself to this file and stop and start unbound from 
the command line then unbound listens correctly on the IP aliases, too.  For 
some reason, they are not making it into the unbound.conf file from the GUI 
settings page for DNS Resolver.

Cheers,

Paul.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Two queries from intending new user

[Travis Hansen]

Bret
It's very easy to install pfsense on a self-contained thumb drive.  I'd 
recommend that and just changing your bios boot order as appropriate.
Once you've setup the configuration/etc on the thumb drive and you feel 
comfortable moving it to 'production' it's very easy to export you whole 
config, install on the primary drive, and import the config. Travis Hansen 
travisghan...@yahoo.com 


On Tuesday, November 17, 2015 6:45 PM, Bret Busby  
wrote:
 

 Hello.

I have been recommended to install and use pfSense to replace my
existing firewall, which is Firestarter running on an old and
unsupported version of Debian Linux.

I have looked at the pfSense documentation, including the Installation
Guide for pfSense, and I have the following two queries.

Does installing pfSense, especially, using the "Quick/Easy Install
option", allow for installation so as to allow for multiple boot
options (being able to choose an alternative boot option)? Rather than
obliterate the existing firewall installation, I would prefer, if
possible, to be able to install pfSense "alongside" the existing
firewall installation, so that, using a bootloader like GRUB, if I
have any problems with operating or configuring pfSense, or, with the
installation procedure, or, subsequent updating, of pfSense, I could
revert to using the existing firewall installtion, to allow me
Internet access, to be able to seek assistance.

The second query is thus; from what I understand, the "pfSense Default
Configuration" has "LAN is configured with a    static IPv4 address    of
192.168.1.1/24". Is it possible, with the "Quick/Easy Install option",
to retain the current LAN configuration, where the network card that
goes outside, uses DHCP, and the network card that interfaces with the
LAN behind the firewall, uses a slightly different IPv4 address range;
eg, if it instead used 192.168.3.1/99 ?

Thank you in anticipation.

-- 

Bret Busby
Armadale
West Australia

..

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


  
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold