[pfSense] Wan1FailoverWan2 problems after upgrading from 2.03 to 2.1
Hi. Today I was upgrading pfSense from 2.03 to 2.1 After this I saw that I have a problems with all Rules with Gateway like: Wan1FailoverWan2 I was checked this route , also I was created new one but it's doesn't help me. For example I have rule PC1 to port 80 to ANY and gateway Wan1FailoverWan2 . After this I have 'internet' access 'by' WAN ,but I cannot access to any web server on my DMZ network. If I change 'Gateway' to DEFAULT ...everything working fine. (but I think that If I loose my connection on Wan1 I don't have internet acccess :/ ) . Before update this rules works fine. I have Groups like this: Wan1FailoverWan2Wan1GW Tier1 , Wan2GW Tier2 Wan2FailoverWan1Wan1GW Tier2, Wan2GW Tier1 -- Pozdrawiam, Grzegorz Śliwa Network Administrator mobile: +48 666 378 733 AMUSYS PRODUCTION Sp. z o.o. ul. Kątowa 20 32-080 Zabierzów ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Optimal Setup
On 19-9-2013 11:52, Joseph W. Joshua wrote: Hello all, Currently, my internet comes in through a linksys router, in which I have set up the above rules. However, we would like to introduce a proxy server, and also internet use monitoring and banning of excessive users. Squid with ldap or ntlm auth works well, block default outbound 80 and 443 so people actually use the proxy server. Find out that Silverlight does not work with authenticated proxy servers. (Really MS?) It does stop some malware in it's tracks though. I have tried setting up pfSense as follows: --el0 as LAN Interfase (192.168.0.1) --el1 as WAN Interface (ISP IP) --My laptop pointed to 192.168.0.1 as Router and DNS --The pfSense installation has internet access, but my laptop cannot get online. What could I be doing wrong? Make sure that the private networks rule is not active on your WAN. Am I safe to assume that you are not using the linksys in front of the pfSense WAN and the public IP terminates on pfSense directly? Assymetric routing doesn't work, and overlapping subnets does not either. Regards, Seth ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Optimal Setup
Hello Seth, Thanks for your reply On 09/19/2013 12:59 PM, Seth Mos wrote: Make sure that the private networks rule is not active on your WAN. Am I safe to assume that you are not using the linksys in front of the pfSense WAN and the public IP terminates on pfSense directly? I tried having the public IP terminate on the linksys, then set up the linksys to be ip 192.168.1.1, and gave the pfSense wan as IP 192.168.1.2, but it did not work (router can see internet but laptop cannot.). I then tried(in a fresh install), having the public ip terminate on pfSense directly, with the same results. Assymetric routing doesn't work, and overlapping subnets does not either. -- With Kind Regards, Joseph W. Joshua ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Wan1FailoverWan2 problems after upgrading from 2.03 to 2.1
On 9/19/2013 3:59 AM, Grzegorz Śliwa wrote: Wan1FailoverWan2 . After this I have 'internet' access 'by' WAN ,but I cannot access to any web server on my DMZ network. There were changes to policy route rule negation. Add a rule at the top of the list to pass traffic to your DMZ without a gateway set. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] 2.1 on WRAP
Hi, My old PC Engines WRAP is still surviving, and I'd like to install 2.1 on it. Are these instructions still valid for 2.1? https://doc.pfsense.org/index.php/NanoBSD_on_WRAP Anyone built a WRAP-compatible image for 2.1? Thanks, Ugo ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 on WRAP
On 19-9-2013 15:22, Ugo Bellavance wrote: Hi, My old PC Engines WRAP is still surviving, and I'd like to install 2.1 on it. Are these instructions still valid for 2.1? https://doc.pfsense.org/index.php/NanoBSD_on_WRAP Anyone built a WRAP-compatible image for 2.1? There is a nasty RRD file upgrade bug that might affect you. When upgrading on embedded the temporary files are not removed causing /tmp to fill up. The fix was easy, but you need a re-done image for nanoBSD. Not sure if that is planned yet. Cheers, Seth ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Optimal Setup
Joseph, Have you tried pinging to 8.8.8.8 from your wan and lan ports? If that works, have you tried pinging to yahoo..com off those ports? This might be a DNS issue. See if you can use the setup wizard to get online and build your rules from there. Your's is a simple setup and the pfsense book is a nice reference to have on the shelf if you are supporting an office. Yudhvir On Thu, Sep 19, 2013 at 3:04 AM, Joseph W Joshua jos...@megvel.me.kewrote: Hello Seth, Thanks for your reply On 09/19/2013 12:59 PM, Seth Mos wrote: Make sure that the private networks rule is not active on your WAN. Am I safe to assume that you are not using the linksys in front of the pfSense WAN and the public IP terminates on pfSense directly? I tried having the public IP terminate on the linksys, then set up the linksys to be ip 192.168.1.1, and gave the pfSense wan as IP 192.168.1.2, but it did not work (router can see internet but laptop cannot.). I then tried(in a fresh install), having the public ip terminate on pfSense directly, with the same results. Assymetric routing doesn't work, and overlapping subnets does not either. -- With Kind Regards, Joseph W. Joshua __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Optimal Setup
On Thu, Sep 19, 2013 at 10:13 AM, Joseph W Joshua jos...@megvel.me.kewrote: On 09/19/2013 04:38 PM, Mehma Sarja wrote: Have you tried pinging to 8.8.8.8 from your wan and lan ports? If that works, have you tried pinging to yahoo..com off those ports? This might be a DNS issue. Hello, I can ping 8.8.8.8 from my wan and lan ports. pfSense can also resolve google.com and pfsense.org. But interestingly, It on the dashboard it says 'Unable to check for updates'. See if you can use the setup wizard to get online and build your rules from there. Your's is a simple setup and the pfsense book is a nice reference to have on the shelf if you are supporting an office. Thanks, I will check out the book -- With Kind Regards, Joseph W. Joshua __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list Take a look at the logs on the pfsense while trying to access the internet. Status -- System Logs -- Firewall. If you see it being blocked, click the button next to the destination IP that will allow the traffic through. [image: file:///root/Desktop/screen09192013-102134.jpg][image: file:///root/Desktop/screen09192013-102134.jpg][image: file:///root/Desktop/screen09192013-102134.jpg] ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Optimal Setup
On 09/19/2013 04:38 PM, Mehma Sarja wrote: Have you tried pinging to 8.8.8.8 from your wan and lan ports? If that works, have you tried pinging to yahoo..com off those ports? This might be a DNS issue. Hello, I can ping 8.8.8.8 from my wan and lan ports. pfSense can also resolve google.com and pfsense.org. But interestingly, It on the dashboard it says 'Unable to check for updates'. See if you can use the setup wizard to get online and build your rules from there. Your's is a simple setup and the pfsense book is a nice reference to have on the shelf if you are supporting an office. Thanks, I will check out the book -- With Kind Regards, Joseph W. Joshua ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.1 on WRAP
On Thu, Sep 19, 2013 at 8:22 AM, Ugo Bellavance u...@lubik.ca wrote: Hi, My old PC Engines WRAP is still surviving, and I'd like to install 2.1 on it. Are these instructions still valid for 2.1? https://doc.pfsense.org/index.php/NanoBSD_on_WRAP I would guess yes. But we haven't tested on WRAP in years. They've been EOL for 5+ years and their successor is now nearing EOL, it's time to retire the WRAPs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list