[pfSense Support] announcing forum.pfsense.org

I'd like to call your attention to: http://pfsense.blogspot.com/2005/11/introducing-pfsense-support-forum.html and http://pfsense.blogspot.com/2005/11/addressing-confusion-which-system-to.html - To unsubscribe, e-mail: [EMAIL

Re: [pfSense Support] Tutorial under construction.

Apologies to everyone for the 5 MB list attachment. I should have instated a size limit on the list from the get go. Sending that out to almost 300 people chewed up some serious Internet bandwidth (25 Mb, more than half a T3). http://chrisbuechler.com/temp/m0n0wall-wan-1day.png /me is off to

Re: [pfSense Support] Tutorial under construction.

Fleming, John (ZeroChaos) wrote: Is that something some one will have to pay for? bluegrass.net if anybody, but I don't think that short, and relatively small (in the scheme of things, for them) of a spike is really going to affect their bandwidth use for the month. only a couple extra G

Re: [pfSense Support] Several different WAN nets

Rainer Duffner wrote: Hi, would it be possible to have several different (non-adjacent) WAN nets protected by pfSense? E.g. If you have 100.100.100.x/24 and 200.200.5.x/20. With a single net, I'd just do 1:1 NAT - but with this situation? you can bridge, or route (assuming appropriate upst

Re: [pfSense Support] forums vs mailing list

good grief. no forum, and people bitch moan and complain. offer a forum, and different people bitch moan and complain. I think you should all get over it. The list isn't going away. The forum is just another support option. ideally we could integrate all these disparate systems that we no

Re: [pfSense Support] forums vs mailing list

http://forum.pfsense.org announced last week on this list, on the blog, and on the main website. Mojo Jojo wrote: I am always a bigger fan of forums, where do I find this forum? Of course, will take the PfSense help wherever it's offered :) I just think forums have more features, easier

Re: [pfSense Support] Static ARP entries

Szasz Revai Endre wrote: No, a reboot doesn't fix the error. The problem is, as I see, that no client is denied on the network (none of those who have static ip addresses), everyone has access to this machine (pfsense). to the firewall itself, yeah. The anti-lockout rule assures that. y

Re: [pfSense Support] EuroBSDCon ?

Scott Ullrich wrote: I don't know of any developers going. We're mostly in the states. yeah, but at least Scott and I should be at BSDCan 2006. A much more affordable trip for most of us. - To unsubscribe, e-mail: [E

Re: [pfSense Support] Flash tutorial

Christian Veith wrote: I think it could be a good idea to create a mailto: link on the Tutorial section or an upload form. gr... indeed, since everybody thinks it's a good idea to email a 6 MB file to 300 people. my message size limit obviously didn't work. will look at that later t

Re: [pfSense Support] SNMP and Remote Syslog across pfSense / m0n0wall

Kyle Mott wrote: So, I've noticed that if I have a m0n0wall system configured to do SNMP and Remote Syslog and I have a server in my DMZ behind pfSense (and of course an IPSec tunnel between them), snmpwalk from the server in the DMZ to the m0n0wall doesn't work, and nor does setting up the r

Re: [pfSense Support] WAN DHCP not working ?

Lists wrote: uhhh broadcoms suck under FreeBSD also, well at least the GigE chipsets, I would have agreed with anything prior to 6.0, but ever since upgrading my one PowerEdge 2550 with a bge gig card to 6.0, it's been rock solid. On 5.4, it wasn't too horribly bad, but it would drop off

Re: [pfSense Support] WAN DHCP not working ?

Lists wrote: yeah, do a tcp thruput test between two boxes and tell me if you get more then 800mbs, then slap intel cards in the box and do it again, been there done that granted its better then it was in 5.x but still nothing close to what it should be for the bandwidth your giving up, let me k

Re: [pfSense Support] Dynamic DNS ON BOTH ENDPOINTS

Angelo Turetta wrote: Yes, fine. And who's gonna tell your tunnel partner your address has changed and their SPD must be changed? Do you have a protocol for doing that in a standard way? What if you have a Cisco router on the other side? it will be the same regardless of what you have on t

Re: AW: [pfSense Support] 0.95.4 built on Sun Dec 4 00:44:31 UTC 2005

Rainer Duffner wrote: When you use it on (SuSE)-Linux (not sure about my FreeBSD6-box at home), the fonts are that large by default. At least in SuSE 9.2 + Firefox 1.1. But pressing CTRL - once is not a big effort, it just took some time before I realized that there was one more tab ;-)

Re: [pfSense Support] Floppy Support

Dimitri Rodis wrote: Also (a little OT), a lot more people are going to be preferring MS Virtual Server than vmware-- VS2005R2 is only $99 for standard edition Yeah, until they actually try to run a production server on the piece of trash. I tried MS VS in a real production environment,

Re: [pfSense Support] Floppy Support

Scott Ullrich wrote: Yes, you can also use a USB memory stick to store config.xml on. Simply format the stick as MSDOS and hook it up. Not on any MS virtualization product, you can't! :) Another area where VMware is miles ahead. No USB support whatsoever in MS VPC or VS, it's been in V

Re: [pfSense Support] Floppy Support

Scott Ullrich wrote: Thats the junk. yup, thanks for helping me make my point. :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] BTW: How many VLANs can I have?

Rainer Duffner wrote: Hi, I looked unter "limitations" in the FAQ and didn't find anything. it's there. http://faq.pfsense.org/index.php?action=artikel&cat=8&id=101&artlang=en - To unsubscribe, e-mail: [EMAIL PROTECTED] F

Re: [pfSense Support] BTW: How many VLANs can I have?

Bill Marquette wrote: A VLAN is an interface, so interface limits apply. exactly. there probably is a hard limit of some sort in FreeBSD, but it's likely ridiculously high (like into the thousands or something of that nature). With that said, the FAQ entry clearly states 32 is all t

Re: [pfSense Support] how to configure vlans

Jure Pečar wrote: Hi all, I've defined some vlans on both of my carp'ed pf boxes. Now I'm a bit confused because they don't show up in web ui under interfaces. So how do I assign IPs to them? after you configure them (which appears to be done properly), in the webgui, go to "assign int

Re: [pfSense Support] PfSense Beta 1 - HTTP/FTP Download Problem

Stephen Tsai wrote: Hi, I am testing pfSense Beta 1 from the LiveCD, and I found that it has problem with download file from web pages. Here are two URL that you can use to test. http://h18023.www1.hp.com/support/files/server/us/download/23836.html

Re: [pfSense Support] BUGVALIDATION3 Firewall Log

Emanuele Baglini wrote: I tried BUGVALIDATION3 but firewall Log is always empty. mine isn't empty, but I've noticed other issues and have opened a ticket on it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additiona

Re: [pfSense Support] how to configure vlans

Jure Pečar wrote: Actually, what I want to acomplish is that vlans defined on pfSense are distributed around cisco switches. Is this possible with current pfSense? If not, how is this properly done otherwise? that has nothing to do with pfsense. what others described is what you're afte

Re: [pfSense Support] FTP Not Working from LAN ?

Jeb Barger wrote: I've seen this comment a couple of times. Is there a fix allowing FTP clients from lan to connect to a server on the internet? FTP had issues in b1, try B2-BVE3. http://pfsense.org/~sullrich/BETA2-BUGVALIDATION3/ ---

Re: [pfSense Support] server load balancing ( inbound )

Scott Ullrich wrote: More than one client. You may be able to search the mailing archives for a very long drawn out conversation where basically someone was using apachebench to test and it was not a ideal testing environment. he's not doing any insane load testing like we've seen previo

Re: [pfSense Support] default gateway on LAN ???

David Strout wrote: I have a ? / feature request. If pfS IS NOT the default GW on the LAN then I suppose that the only way to direct all traffic out the "REAL/PRIMARY" GW is to enter a static route for the LAN subnet to an alternate IP address (that of the default GW for the LAN). I believe

Re: [pfSense Support] default gateway on LAN ???

I'd do the same as Bill described. But regardless, in the diagram you provided, you don't need or want a default route on your LAN to accomplish this. You don't need any routes on the VPN pfsense box, and on the primary at both sites you would need routes pointing the remote VPN subnet to the

Re: [pfSense Support] Bridging question

Scott Ullrich wrote: That is FreeBSD 6 release. That does not include all the new goodies in -STABLE. just wanted to add that this is only advisable if you're doing it for good reason. in this case, you want -STABLE because of the relevant changes you need for this particular purpose.

Re: [pfSense Support] State Problems

Lawrence Farr wrote: I'm using pfsense to protect a number of web/mail/ftp servers, which it does fantastically. Since upgrading to the 1.0 Betas it seems to be running out of available states very quickly. I've upped the state table to 2 and it's run out within a few hours. Most of the state

Re: [pfSense Support] Hotspot & Captive portal : a question.

Xavier Beaudouin wrote: Hello, We would like to prepare a captive portal solution for a customer that is asking that every users should be "invisible" each others. Is there a good solution for that ? With wireless, no, not really feasible without a separate wireless network for each user.

Re: [pfSense Support] Multiple WAN subnets

Bill Marquette wrote: Personally, I'd have them drop both subnets down your pipe and just deal with them on your end. Yeah, and if that's what they do, you actually won't have to worry about the gateway address for the other subnet. You can actually use two IP subnets on the WAN side witho

[pfSense Support] pfSense Beta 2 released!

pfSense Beta 2 was released to the mirrors last night, and is currently available for download. Scott will be posting the change log and other related information on the release on our blog some time today. He tried last night, but blogger was down. Please watch http://pfsense.blogspot.com f

Re: [pfSense Support] Certified by ICSA Labs

Alejandro Lengua wrote: The problem would be, how much does ICSA Labs charge for their certification and how the project could raise money to afford it. $25K USD per year per certification. i.e. if you want a certified firewall, and IPsec, then it's $50K. Add another $25K for each addit

Re: [pfSense Support] Certified by ICSA Labs

Wesley K. Joyce wrote: expensive Indeed, but it's a requirement for some environments. the opportunity to get certified isn't extremely unlikely, actually. It's not very likely, but not unimaginable. There was an opportunity for m0n0wall to get certified, completely at the cost of one

Re: [pfSense Support] PPTP on _every_ ifc? Why?

Bill Marquette wrote: This is all done in /etc/inc/filter.inc. Bill answered the hard part, here's the easy part he left out. :) It's like this because it was inherited from m0n0wall and not changed (yet). - To unsubsc

Re: [pfSense Support] Enable filtering bridge ?

Rainer Duffner wrote: Scott Ullrich wrote: Same as m0n0wall. Enabled filtering on bridges. The "old" version didn't need this switch - what is "switched off" (or on) by it? Can I still do NAT for other optional interfaces when I enable it? How it should work is when it's unchecked, ev

Re: [pfSense Support] plain text paswords in config.xml

LJ Rand wrote: Thanks, all those suggestions help and have been observed. But I still worry about some remote attacker tricking the firewall into somehow sending or exposing the contents of the config.xml file. It kind of feels like having an /etc/passwd or /etc/shadow file where the passwor

Re: [pfSense Support] strange problem with ssh

Vivek Khera wrote: However things go south when I hook up my powerbook running OS X 10.4 into the IPsec using mobile user. Basically, connected to the pfsense remote endpoint everything works. I can copy large files via ssh no problem. Normal ftp/http file transfer to all three works fine to

Re: [pfSense Support] HELP! Beta 3 + Bridge Not allowing DHCP thru

just a thought (that might be way off), are there antispoofing rules on bridged interfaces in pfsense? There was a bug in m0n0wall quite a while back, but after pfsense forked, where antispoofing rules were being applied to bridged interfaces. they shouldn't be applied at all to any bridged i

Re: [pfSense Support] small & fast smtp relay

dny wrote: any suggestion for a small & fast smtp relay that i can use in freebsd/pfsense?? something like esmtp in linux? esmtp runs on FreeBSD (as does virtually everything that runs on Linux). It's in ports. should be able to install it via 'pkg_add -r esmtp'. -

Re: [pfSense Support] tx underrun message

Ispánovits Imre wrote: Hi all, I found these warning messages in the logs. How serious is it? Is the PCI bus or the card (3Com) is too slow? "May 3 15:54:53 kernel: xl3: tx underrun, increasing tx start threshold to 120 bytes May 3 15:54:53 kernel: xl3: transmission error: 90" This is

Re: [pfSense Support] VLAN setup

Bill Marquette wrote: It's as secure as the switches vlan implementation. That and your switch configuration. Refer to your switch vendor's documentation on recommendations for secure VLAN configurations. Even though Cisco has gone to great lengths to ensure their VLAN's are secure, not f

Re: [pfSense Support] Proxyarp

Chad Frerer wrote: Hey list: I’m a Comcast cable subscriber using PFSense as my gateway. I have a device that MUST use upnp (*ducks*) to function correctly. I’m sure that this isn’t supported now (or will be) so I’m opting to get a second IP address. The device that needs the extra address s

Re: [pfSense Support] trap 12: page fault while in kernel mode

Molle Bestefich wrote: Installing BETA4 on a Nokia IP110, I get this on the serial console: Neither FreeBSD 5.x or 6.x will boot on these. Even m0n0wall 1.2b5-b7, which were completely stripped of APIC and ACPI, and virtually every other option that you could possibly remove and still have

Re: [pfSense Support] Remote monitoring

Mailling wrote: The script is working fine (all nice in one IE screen :) but the password part doesn't work :( yeah, username:password@ doesn't work in URL's anymore in IE because MS removed it. too many stupid users falling for phishing schemes like http://bank.com/login/haxormeplzzz/:[EMAI

Re: [pfSense Support] FW: Multiple Networks Behind Internal Pfsense Box

Scott Williamson wrote: Have a few questions about optimal configuration for my pfsense box. 172.16. [Sonicwall Firewall] | | [Dell 6024 Core Switch] |

Re: [pfSense Support] Re: trap 12: page fault while in kernel mode

Molle Bestefich wrote: Too bad I'm a complete BSD-newbie. What do I need to do? This isn't something I have the time to work on right now, but I'll give you as many pointers as I can (which isn't much when it comes to kernel debugging) if you want to dig into it. Scott built this iso for d

Re: [pfSense Support] Can a CF Config export be imported to a HardDrive Install?

yes. Bart Fisher wrote: Thanks Bart - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-

Re: [pfSense Support] FW: Traffic shaping and the Compaq Netelligent Dual cards

Michael Eales wrote: Ethernet card is the Compaq Netelligent Dual 10/100 ethernet (Spares Number: 242560-001) Pfsense is using the tl(4) -- Texas Instruments ThunderLAN Ethernet device driver. From 'man 4 altq': SUPPORTED DEVICES The driver modifications described in altq(9) are require

Re: [pfSense Support] wiki: comments

Molle Bestefich wrote: I'll go try and figure something out now, but as a suggestion, it would be nice if the wiki could be replaced with something that supports tables. Already exists. You're welcome to use it for whatever you want. http://doc.pfsense.org -

Re: [pfSense Support] Re: wiki: comments

Scott Ullrich wrote: doc.pfsense.com is the official doc site. Wiki.pfsense.com is for staging and for non-official docs. That's our current official policy. but... On 5/31/06, Molle Bestefich <[EMAIL PROTECTED]> wrote: But it wouldn't be nice of me to start adding developer docs to th

Re: [pfSense Support] Re: per-interface rulebases: why?

my response to the m0n0wall list (and let's keep this on one list or the other from now on): Can you name a firewall vendor that doesn't do per-interface rulesets? (I'm sure there are some, but virtually all do per-interface) Or one good reason it shouldn't be this way? The vast majority of th

Re: [pfSense Support] anti-spoofing

Molle Bestefich wrote: Bill Marquette wrote: anti-spoofing is _not_ automated...the antispoof rules/syntax only protect the firewalls interfaces itself, not networks behind it. I'm having a hard time grasping the exact automatic anti-spoofing rules in pfSense, I think because they are not visu

Re: [pfSense Support] Re: per-interface rulebases: why?

Like I just said on the m0n0wall list, what this really comes down to is a matter of personal preference. Cisco does per-interface, Check Point and MS ISA do one long unmanageable ruleset. If you don't like per-interface, go use Check Point or MS ISA. Obviously the developers here prefer per

Re: [pfSense Support] Re: [m0n0wall] Re: per-interface rulebases: why?

[EMAIL PROTECTED] wrote: While some users are well-disposed to understanding the concepts and making changes in each “tab”, other users require a complete visualization of the project. heh this is the way m0n0wall used to be, a long list of rules on all interfaces on a single page. Many pe

Re: [pfSense Support] pptp server and passthrough status?

Jonathan Woodard wrote: I was just wondering if there has been anymore work done this issue. I updated to the June 4th build and I am still having problems. I run a pptp server and connect to a pptp server remotely. I was initally able to connect but re-connecting will not work and hangs with t

Re: [pfSense Support] Dhcp lease order

Josh Stompro wrote: Can anyone explain how to setup dhcpd to hand out leases in increasing order rather than decreasing. I find that handing them out in increasing order is easier to deal with in some cases. Is there a good argument for doing them in descending order, or is it just someones

Re: [pfSense Support] port forwarding

Volker Kuhlmann wrote: Yes that's what I meant - you can't restrict source IPs in connection with original destination port. As soon as a source IP is allowed, it can access on any WAN port for which there is a NAT rule, so you can't force certain source IPs to use certain WAN ports only. Huh

Re: [pfSense Support] port forwarding

Volker Kuhlmann wrote: As a side effect of the NAT-first, you can *NOT* limit access based on the dest port of the incoming packet, as that has already been NATed into oblivion by the time the packet reaches the filter rules. Ah, ok, yeah you're right on that. But that's useless. Who cares w

Re: [pfSense Support] port forwarding

Bill Marquette wrote: Sure :) I want port 443 from my work address to redirect to port 22 on my internal host, but for everyone else I want it to go to 443 on my webserver. I've been meaning to change that behavior for some time now, but it's never annoyed me enough as I've got 5 statics to pla

Re: [pfSense Support] States dropping!?

Tim Dickson wrote: Also on boot up my interfaces peak at 200mbs and throw off my graphs from that point on. This is typical of SNMP monitoring (well, I'm assuming that's what the RRD graphs use, though I really don't know offhand). The only way to avoid that, per the Cacti developers where

Re: AW: [pfSense Support] CARP NIC overhead?

Steve Harman wrote: As it turns out GBit is something we need so I'd be interested if Scott has any comment on support of GBit NICs (Intel or otherwise). Look at: Intel PWLA8492MT (dual port) Intel PWLA8494MT (quad port) those should be very common and easy to come by, and will work. I

Re: [pfSense Support] Startup sound on FX5620 in slow-mo

Josh Stompro wrote: When I boot up a FX5620 with 1.0-RC1a embedded on a compact flash card If the clock isn't an issue, from what I've experienced, having the sounds play substantially longer with CF is normal. all my embedded hardware drags the sound out much, much longer than my hard drive

Re: [pfSense Support] Startup sound on FX5620 in slow-mo

Scott Ullrich wrote: For what its worth VMWARE does the same thing with a hard drive install unless you change the timing clock. With VMware, yeah, it's a timing issue. With the default timing clock, FreeBSD 6.x (incl. pfsense) VM's seem to advance about 1 second for every 2-3 seconds of rea

Re: [pfSense Support] DNS Forwarding failing on New Install of RC1

Christopher Allen wrote: System -> General, fill in the DNS servers. I have -- the wizard asks for them, and and I've checked and they are pingable. But do they actually resolve names? Use the ping page in the webgui to try to ping google.com. If it doesn't resolve there, those DNS

Re: [pfSense Support] Setting up m0n0mon for Multiwan/Multiinterface

Craig Roy wrote: Interesting find. Anything like this planned for PF in the future at all? It's a SNMP monitor. I use it at work on Cisco routers, switches, and firewalls, and HP switches. Works with anything SNMP-enabled with a standard interfaces MIB. -

Re: [pfSense Support] denial of service attack

Jeremy Rempel wrote: We were getting thousands of requests per second from various hosts for files that didn't exist on the apache webserver. I will try setting up the synproxy and see if that helps. Can someone point me to info on setting up synproxy? If it's legit HTTP requests, your fire

Re: [pfSense Support] rc1a embedded, unable to add wireless interface

Thorsten Zenker wrote: dmesg lists ath_hal wireless on wrap and interface assign does not allow to add the interface. Config was imported from m0n0. How to move on? When you click the drop down box under "Network port", it doesn't list ath0? If not, what kind of wireless card do you ha

[pfSense Support] Second Annual pfSense Hackathon - Call for Donations

http://pfsense.blogspot.com/2006/07/second-annual-pfsense-hackathon-call.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Second Annual pfSense Hackathon - Call for Donations

Scott Ullrich wrote: We have a proliant 8500R. which is currently a quad PIII Xeon 550, 2 MB L2. It uses PC100 registered ECC SDRAM, and has 16 slots, 8 of which are empty I believe. The other server is a dual PIII 1 GHz, it uses PC133 registered ECC SDRAM. It has 4 slots, all of which

Re: [pfSense Support] missing /usr/ports/...

Glenn Powers wrote: I am trying to install asterisk, but I'm having problems with the dependencies. The following ports are non-existent on my 1.0RC1 system: The ports tree is entirely empty, IIRC. What you're getting into is entirely unsupported, and has the potential to break things. You

Re: [pfSense Support] USB Cdrom install is not working

Holger Bauer wrote: Not sure as I unfortunately haven't seen such a system yet. I have a couple, but no USB CD-ROM drives. :/ Last I checked, they cost way more than I'd be willing to spend on one. USB CD-ROM's don't work because none of the devs have any appropriate equipment to test

Re: [pfSense Support] Max. outbound PPTP sessions currently limited to 1

David Strout wrote: But I find it very unprofessional to state (paraphrase from SUllrich), "I think it should go away, I don't like it and therefore I will not make it work right on pfSense". I suggest you go bitch at the OpenBSD camp instead, as what's in pf is what you'll find in pfsense.

Re: [pfSense Support] pfsense, core-duo support?

On 9/9/06, Robert Carr <[EMAIL PROTECTED]> wrote: I realize pfsense isn't SMP-capable err, I'm surprised Scott and/or Bill didn't say this (unless I'm missing something...), but SMP *is* in the pfsense default kernel. from http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/conf

Re: [pfSense Support] System overload

Scott Ullrich wrote: I have no idea about this one.. However the ipfw messages are related to the captive portal. swap_pager_getswapspace(n): failed means you have run out of ram. All that I can think of is run a top and post the output when it goes nuts. In addition to that, I'd recommend

Re: [pfSense Support] Mini pci wifi G card

Donald Pulsipher wrote: Can anyone recommend a decent cheap mini pci wireless G card that I can drop into my soekris hardware that would be supported by pfSense ? Atheros cards are about as good as you can get, and about as cheap as you can get. You can find some of the older b/g cards fo

Re: [pfSense Support] Routing problem

Pierre Frisch wrote: That is the bizarre thing I am not using NAT both network have fully routable addresses and all machine have permanent routable IPs. Yes it Nat would have that effect. How can I be sure to have it completely disabled on the pfsense box? There is nothing in the Nat screen.

Re: [pfSense Support] Routing problem

Scott Ullrich wrote: On 10/11/06, Pierre Frisch <[EMAIL PROTECTED]> wrote: Thank you very much that did the trick. May be we should have a more obvious setting -:) It is the exact same as m0n0wall. We are not changing this. And it's in the FAQ. Search for "disable NAT" and it's right ther

Re: [pfSense Support] Default route on Wan

Captain Bablam wrote: Good morning all, I have replaced a linux box as my core distribution router with a PFsense box. I noticed that the designated WAN interface must have a gateway (default route) defined or the PHP interface will not allow you to commit the interface config. I understa

Re: [pfSense Support] VLAN trunking?

Bill Marquette wrote: Doesn't really make any sense. We already are doing a background TCPDUMP to get the firewall logs. On pflog0. This is on the vlan interface which really is bizarre. I could see if for some reason the physical fxp interface wasn't in PROMISC mode needing to do it for th

Re: [pfSense Support] VLAN trunking?

Craig FALCONER wrote: Heya - not wishing to argue, but I'm really telling the truth. Oh, hey Craig, didn't realize it was you that started this. :) All I can think of is more Nokia weirdness. This is an IP330 with three on-board NICs. The IPxxx boxes certainly do have "special" NIC

Re: [pfSense Support] VLAN trunking?

Charles Sprickman wrote: Here's kind of an out of left field idea... Someone mentioned that running tcpdump on a vlan interface actually *breaks* it. By "breaks", I'm betting that means "sends the vlan traffic without vlan tags". I'm not sure exactly what happens to break it, but sending th

Re: [pfSense Support] Wireless weirdness

Jeroen wrote: This however puzzles me. There must be something wrong with the windows drivers and/or settings. Make sure you have the latest Intel drivers. I have a Centrino laptop with a 2915abg card, which I believe should use the same drivers as yours, and I had all kinds of weird (and

Re: [pfSense Support] Is it an attack?

Craig FALCONER wrote: Is it possible that these are legitimate requests to your web server, but the client has closed the connection? Anyone else please jump in and help answer - I've run out of ideas. Josep I can see your web page fine from 203.97.126.87 Looks like it's just out of state

Re: [pfSense Support] Dying connections, possibly high load

Maybe FTP proxy related? Not sure if the FTP proxy comes into play on inside traffic (I would guess so, even though it really shouldn't). At a shell, run 'ps ax | grep ftp' when things are working. When things stop working again, run that command again. Is there any difference? that's a sh

Re: [pfSense Support] Smallest drive for PFsense

Josep Pujadas i Jubany wrote: "the console output is at serial console and you need a serial nullmodem cable to assign interfaces the first time you boot it up for the embedded image." The documentation says this, but I think it is false for pfSense 1.0.1. That is correct for all versions

Re: [pfSense Support] PPTP server?

Jaye Mathisen wrote: Can pfsense function as a PPTP client and server? It would be handy... Server yes, client no. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Hard timeout for a TCP connection

Josep Pujadas i Jubany wrote: We have the webcam images embedded in a web page. In that case, even a forced timeout on TCP connections wouldn't work, as HTTP initiates a new TCP connection for every page transfer, image transfer, etc. So every refresh is a series of new connections. Your w

Re: [pfSense Support] ntop package

Wade Blackwell wrote: Can you guys keep the ntop daemon up? I can't keep it running for more than 24 hours on either of the 2 systems I have running. Pretty common problem with ntop and FreeBSD. ntop has threading bugs that don't occur in Linux but happen in FreeBSD, and the ntop develo

Re: [pfSense Support] Problem browsing shares across two networks

What you're describing sounds like the typical issues you get when you NAT SMB/CIFS (Windows file sharing) traffic. What is the source IP on the traffic when it reaches the DMZ server, is it maintaining the original internal network source IP or is it getting NAT'ed? Alexandre Blardone wrot

Re: [pfSense Support] ntop package

Vivek Khera wrote: Never crashes for us running pfsense 1.0.1. Seems to be very hit and miss. I've run it in places where it had no issues at all, and I've run it in places where I couldn't keep it running for more than a few hours for anything. If you check the ntop list archives, there'

Re: [pfSense Support] Need help w/ IPSEC Vpn Issue Please!

security monitor wrote: Ladies and gentlemen: I have an ipsec question. I'm running Version embedded 1.0.1, built on Sun Oct 29 01:45:08 UTC 2006. I have successfully configured main mode psk ipsec tunnel to a netscreen at remote site. Hosts at either remote site can successfully reach hosts

Re: [pfSense Support] Problem browsing shares across two networks

Alexandre Blardone wrote: It is maintaining the same IP, the gateway is just redirecting. There is no NAT between the LAN and the DMZ. Actually, the only NAT setup is from WAN to DMZ That's the way it should be, just with the symptoms you described I wanted to make sure. not sure what else

Re: [pfSense Support] Pb with pfsense and MS ACCESS

Benoît Beaujault wrote: PC-pfsense--Windows 2000 server PC executes MS access 2000 (client) The DB file is on the Windows 2000 Server There is no NAT. There is NAT unless you explicitly disabled it. I presume your clients are on the LAN side and servers on the WAN side? What you're

Re: [pfSense Support] Pb with pfsense and MS ACCESS

Benoît Beaujault wrote: In my configuration the "Disable NAT Reflection" box is checked (System ->Advanced menu). Nothing is configured in the Firewall -> NAT menu. Clients (Windows) are on the LAN side and the server on the WAN side. You need to enable advanced outbound NAT and delete the rul

Re: [pfSense Support] Re: Rules, rules, rules...

Jesse Peterson wrote: * Is there a way to affect the order in which the interface rules are written? (Ie, have the LAN (or any other) interface rules written to the PF conf file first rather than the WAN [or any other arbitrary ordering]) No, nor is it necessary with the current rules me

Re: [pfSense Support] PFSense Freezing Up

Scott Ullrich wrote: axe nics? Thats surely the problem. I would tend to agree - that's a USB NIC! Gross. USB network support in general isn't good, in FreeBSD it plain sucks. Regardless, in any OS it's not something you want to use on any serious production machine. If you don't use th

Re: [pfSense Support] CDROM ISO boot using input/output from COM1 (Serial)?

Kyle Mott wrote: Ok, I got it to (sort of) boot by getting a video card installed. However, when I boot from the USB CDROM, I get "Unable to load kernel" and it dumps me to the boot loader prompt. USB CD-ROM's don't work for FreeBSD nor pfsense installs unfortunately. there's a lot of info on

Re: [pfSense Support] dhcp on wan interface does not renew

Bill Marquette wrote: Same provider? I'd be willing to bet that both those modems are on the same layer 2 ethernet segment and using the same physical router with multiple IPs assigned to it's interface. Not good. Not good, but a reality with most cable providers. The L2 segments of most

Re: [pfSense Support] dhcp on wan interface does not renew

Bill Marquette wrote: When FreeBSD translates IP -> MAC and then does the MAC lookup to see what interface to send it out, will it get the wrong interface? I would guess that the ARP lookup will be stored in the ARP cache associated with the interface where the lookup originated. At least that

  1   2   3   4   5   6   7   8   9   10   >