[pfSense-discussion] Pfsense running entirely from RAm
I have Pfsense installed on a P3/500Mhtz with 768mb ram and a 4GB drive. This stuff is vintage Dell Optiplex machine but a reliable workhorse. I came from m0n0wall, legendary for its stability, with worrie. Kudos to the entire team that this machine never dies. It runs a LAN, PPTP server, IPSEC based OpenVPN like a charm. The only thing irritating is that it makes disk activity noise, where the memory it uses is less than 6% and CPU usage rarely exceeds 3%. Is there a way for this to boot from the HDD and then run entirely from RAM? I am not using SQUID simply because I feel that it introduces more latency than benefits. Any suggestions will be greatly appreciated. Anil Garg
Re: [pfSense-discussion] Embedded Images
On 4/26/07, Bao C. Ha <[EMAIL PROTECTED]> wrote: We have some unofficial images for cf running on our hardware as well as other generic pc ones. These are built from LiveCD, but modified to run on CF with full vga and keyboard support. http://shopping.hacom.net/catalog/pub/pfsense/ The instruction is at http://shopping.hacom.net/catalog/product_info.php?products_id=99 Bao I've used Bao's images a number of times (speaking of developer time :)) they work well for boxes that have VGA. --Bill
Re: [pfSense-discussion] padlock in releng 1.2?
On Thu, Apr 26, 2007 at 10:07:56PM +0500, sai wrote: > #openssl engine > > will tell you if your machine is running padlock or not I don't have the C7 hardware yet. What I have on my WRAP is # openssl engine (cryptodev) BSD cryptodev engine (dynamic) Dynamic engine loading support (cswift) CryptoSwift hardware engine support (chil) nCipher hardware engine support (atalla) Atalla hardware engine support (nuron) Nuron hardware engine support (ubsec) UBSEC hardware engine support (padlock) VIA PadLock (no-RNG, no-ACE) (aep) Aep hardware engine support (sureware) SureWare hardware engine support (4758cca) IBM 4758 CCA hardware engine support My system has a Hifn 7955. I haven't timed IPsec throughput yet. > > sai > > On 4/26/07, Eugen Leitl <[EMAIL PROTECTED]> wrote: > > > >Is > >http://www.freebsd.org/cgi/man.cgi?query=padlock&sektion=4&manpath=FreeBSD+6.2-RELEASE > >already in http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/ > >? > > > >I'm particular about the C7 crypto support. > > > >-- > >Eugen* Leitl http://leitl.org";>leitl http://leitl.org > >__ > >ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > > -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: [pfSense-discussion] padlock in releng 1.2?
#openssl engine will tell you if your machine is running padlock or not sai On 4/26/07, Eugen Leitl <[EMAIL PROTECTED]> wrote: Is http://www.freebsd.org/cgi/man.cgi?query=padlock&sektion=4&manpath=FreeBSD+6.2-RELEASE already in http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/ ? I'm particular about the C7 crypto support. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: [pfSense-discussion] Embedded Images
We have some unofficial images for cf running on our hardware as well as other generic pc ones. These are built from LiveCD, but modified to run on CF with full vga and keyboard support. http://shopping.hacom.net/catalog/pub/pfsense/ The instruction is at http://shopping.hacom.net/catalog/product_info.php?products_id=99 Bao > Would it ever be a consideration to make several different embedded > images? > For instance one for soekris, warp, and a generic image like what m0n0wall > does? Or at least a generic pc image where vga and keyboard are enabled > and > that would boot on just generic pc hardware without having to use a > console > cable? I understand the limitations of using the embedded version doesn't > allow the use of packages, which is find, but for those trying to use this > on a cf card its a hassle to get working. > -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 530-8817 fax: (714) 530-8818 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38
Re: [pfSense-discussion] Embedded Images
jason whitt wrote: Would it ever be a consideration to make several different embedded images? For instance one for soekris, warp, and a generic image like what m0n0wall does? Or at least a generic pc image where vga and keyboard are enabled and that would boot on just generic pc hardware without having to use a console cable? I understand the limitations of using the embedded version doesn't allow the use of packages, which is find, but for those trying to use this on a cf card its a hassle to get working. At one point there were several different embedded images. It became a pain to maintain them all and so a single unified embedded image was created. When it comes to the developers' time, I'd much rather they have time to add features, deal with bugs or manage support issues versus spending that time maintaining a variety of different images. That's just me. -Gary
[pfSense-discussion] Embedded Images
Would it ever be a consideration to make several different embedded images? For instance one for soekris, warp, and a generic image like what m0n0wall does? Or at least a generic pc image where vga and keyboard are enabled and that would boot on just generic pc hardware without having to use a console cable? I understand the limitations of using the embedded version doesn't allow the use of packages, which is find, but for those trying to use this on a cf card its a hassle to get working.
Re: [pfSense-discussion] MiniUPnPd security risks
DarkFoon wrote: I'm considering installing the UPnP daemon on some home/home office boxes, and I'm curious what the security issues are. From my own (simple) analysis, the worst that could happen is a malicious application could ask for many, many (almost all?) of the ports above 1024 to be routed to a machine, and that an external attacker might be able to use all the port forwards to control said malicious program from the internet and perhaps wreak havoc on the LAN net and maybe even the pfSense box (with a keylogger and sniff the pw for the pfSense admin). As Scott said, you're right on. In a home environment, I wouldn't hesitate much to enable it if it's useful for a certain application. I've never heard of any malware that exploits uPnP, nor have I heard stories of any attackers using it. It's much more likely they would use outbound channels to tunnel things back in, like using SSH for example. There are so many ways to contact or control a PC inside your network, or tunnel back into your network without actually opening ports into your network that it adds little risk. If an outsider can execute arbitrary things inside your network as required to exploit uPnP, you're owned regardless of whether or not you have uPnP enabled.
[pfSense-discussion] padlock in releng 1.2?
Is http://www.freebsd.org/cgi/man.cgi?query=padlock&sektion=4&manpath=FreeBSD+6.2-RELEASE already in http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/ ? I'm particular about the C7 crypto support. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
