[pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
[I had already posted a similar message on 2014-06-27, but as it didn't get any replies, I'm trying again, slightly rephrased] Hi, since upgrading to 2.1.3-RELEASE and enabling e-mail notifications under System: Advanced: Notifications, I'm receiving an e-mail whenever the DynDNS update script (Services: Dynamic DNS client) triggers an update. I *do* want e-mail notifications, just not for such mundane things, only when stuff breaks. So how do I configure that? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
I tried to config the internal freeradius2 package with ldap to interface with the win2008ad, but it doesn't seem to work. could you please explain me your config? N Il 09/07/2014 19:20, Brian Caouette ha scritto: I use the internal radius server with captive portal and it works great. Have you tried that or do you need external? I'm not familiar with the errors you mention so I can't comment much there. I'm also not on the new 2.1.4 yet. -- +-+ | Linux User #554252 | +-+ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
I am not sure that’s how Dyn works? As far as I understand it Dyn gets a request and it looks at the originating IP address, then makes the change. On Jul 10, 2014, at 3:27, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: [I had already posted a similar message on 2014-06-27, but as it didn't get any replies, I'm trying again, slightly rephrased] Hi, since upgrading to 2.1.3-RELEASE and enabling e-mail notifications under System: Advanced: Notifications, I'm receiving an e-mail whenever the DynDNS update script (Services: Dynamic DNS client) triggers an update. I *do* want e-mail notifications, just not for such mundane things, only when stuff breaks. So how do I configure that? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
On 10/07/2014 13:05, Ryan Coleman wrote: I am not sure that’s how Dyn works? As far as I understand it Dyn gets a request and it looks at the originating IP address, then makes the change. I believe that it is possible to send DynDNS updates to IPs other than that of the originating IP, I recall I have done that in the past with the dyndns client (ddclient ) script. If you don't specify a specific IP, it defaults to the origin source. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
What I am saying it Dyn is the one that controls if it is updated or not. You need to either write a custom PHP or bash script to do this - this function does not exist in the system happens today. On Jul 10, 2014, at 7:31, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 10.07.2014 14:05, schrieb Ryan Coleman: I am not sure that’s how Dyn works? As far as I understand it Dyn gets a request and it looks at the originating IP address, then makes the change. It's supposed to update the DNS entry, yes, but I don't want to receive an e-mail notification for each successful update, that's what I'm looking to configure. I don't want to disable e-mail notifictions in general, to make sure I do get notified when critical stuff happens. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
Am 10.07.2014 14:16, schrieb Giles Coochey: On 10/07/2014 13:05, Ryan Coleman wrote: I am not sure that’s how Dyn works? As far as I understand it Dyn gets a request and it looks at the originating IP address, then makes the change. I believe that it is possible to send DynDNS updates to IPs other than that of the originating IP, I recall I have done that in the past with the dyndns client (ddclient ) script. If you don't specify a specific IP, it defaults to the origin source. Yes, but that's not the question. The question is how do I Enable/Disable e-mail notifications for DynDNS update successful, without disabling e-mail notifications in general? After all, I *do* want to get notified when stuff breaks. I don't need notifications for everything is going well. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
Am 10.07.2014 14:34, schrieb Ryan Coleman: What I am saying it Dyn is the one that controls if it is updated or not. That's really not the point. The point is that I'm receiving alert e-mails from *my pfSense installation*. Not from Dyn. And the message of the alert is DynDNS updated IP Address on WAN (em0) to xxx.xxx.xxx.xxx. It's perfectly fine that DynDNS performed the update. I do want it to do that, and that works perfectly. No error or problem here, no complaint. I just don't want to receive an alert e-mail for things are going well. It *should* email me when things break, so turn all notifications off is not an option. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
Hi, Mr Mohan Rao , no new update from ur end. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:40 PM, A Mohan Rao mohanra...@gmail.com wrote: you can give team viewer tomorrow.. On Wed, Jul 9, 2014 at 4:38 PM, G.T.RAO netwebst...@gmail.com wrote: hi, can u help me regarding non-transparent proxy. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:31 PM, A Mohan Rao mohanra...@gmail.com wrote: At present u can only block with transparent proxy http sites whatever u want like social networks movies downloading etc with groupwise. If u want to block https sites u can use non-transparent proxy.. Thnx MOHAN RAO On Jul 9, 2014 4:26 PM, G.T.RAO netwebst...@gmail.com wrote: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 https://mailtrack.io/trace/link/534a165f0ca4acef44b1e7988788a911e92f3dca 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 https://mailtrack.io/trace/link/dd33c3e23c8532810f5b3e33a98e30e033508345 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards, G.T.RAO A free software fund-a-mentaL-isT. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
Please take this conversation off list. -- Ryan Coleman ryanjc...@me.com m. 651.373.5015 o. 612.568.2749 On Jul 10, 2014, at 7:44, G.T.RAO netwebst...@gmail.com wrote: Hi, Mr Mohan Rao , no new update from ur end. Sent with MailTrack On Wed, Jul 9, 2014 at 4:40 PM, A Mohan Rao mohanra...@gmail.com wrote: you can give team viewer tomorrow.. On Wed, Jul 9, 2014 at 4:38 PM, G.T.RAO netwebst...@gmail.com wrote: hi, can u help me regarding non-transparent proxy. Sent with MailTrack On Wed, Jul 9, 2014 at 4:31 PM, A Mohan Rao mohanra...@gmail.com wrote: At present u can only block with transparent proxy http sites whatever u want like social networks movies downloading etc with groupwise. If u want to block https sites u can use non-transparent proxy.. Thnx MOHAN RAO On Jul 9, 2014 4:26 PM, G.T.RAO netwebst...@gmail.com wrote: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards, G.T.RAO A free software fund-a-mentaL-isT. Sent with MailTrack ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
I totally get your point and you're ignoring my answer: IT DOES NOT EXIST AND YOU WILL HAVE TO CREATE IT ON YOUR OWN. Can you hear me now? -- Ryan Coleman ryanjc...@me.com m. 651.373.5015 o. 612.568.2749 On Jul 10, 2014, at 7:39, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 10.07.2014 14:34, schrieb Ryan Coleman: What I am saying it Dyn is the one that controls if it is updated or not. That's really not the point. The point is that I'm receiving alert e-mails from *my pfSense installation*. Not from Dyn. And the message of the alert is DynDNS updated IP Address on WAN (em0) to xxx.xxx.xxx.xxx. It's perfectly fine that DynDNS performed the update. I do want it to do that, and that works perfectly. No error or problem here, no complaint. I just don't want to receive an alert e-mail for things are going well. It *should* email me when things break, so turn all notifications off is not an option. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
On 7/10/2014 4:27 AM, Stefan Baur wrote: since upgrading to 2.1.3-RELEASE and enabling e-mail notifications under System: Advanced: Notifications, I'm receiving an e-mail whenever the DynDNS update script (Services: Dynamic DNS client) triggers an update. I *do* want e-mail notifications, just not for such mundane things, only when stuff breaks. So how do I configure that? There is no way to selectively disable that notification at this time. If you don't mind a simple source edit, you can disable the notification by removing or commenting out etc/inc/dyndns.class line 1027 (on 2.1.3) it should start with notify_all_remote Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
- Original Message - Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Well, for starters your WAN and LAN are on the same subnet. You need to fix that first, then I'd bet your web configurator will work as expected. For the rest of your issues, it looks like you made a friend on the list to take care of the rest (offlist). --Tim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Squid in a Multi-WAN environment
Greetings list, I'm trying to persuade the Squid 3 package to use a load balancing gateway group, unfortunately without much success. I'm afraid my google-fu is failing me: - this link from the official docs seems to relate to 1.2: https://doc.pfsense.org/index.php/Troubleshoot_Outbound_Load_Balancing_Issues - I've picked out the floating rules advice from this forum post: https://forum.pfsense.org/index.php/topic,60977.0.html (but again, that's 2.0) Has anyone had any joy in getting Squid to use a gateway group in 2.1.x, and if so, would you mind sharing how you went about it? Thanks in advance. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Status of LDAP auth with captive portal on 2.2
Hi all, I am trying to figure out what is the status of LDAP auth with captive portal in 2.2 ? This is quite important since I need to know if I can rely on that for some project. If this project is a « work in progress », we might contribute in order to make It move a bit faster. Thanks for your reply. Greg Bernard P.S. As far as I can tell this was not implemented in the 2.2 images that I have been trying lately. But I wanted to have an « official » confirmation on the status of these devs. «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ BSD - BSD - BSD - BSD - BSD - BSD - BSD - BSD - «?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§«?»¥«?»§ PGP ID -- 0x1BA3C2FD ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
Hello mr rao, Its your work so i will not availble with your conditions and timings. better is u can take time frim me then we will shortout ur problems.. Thanks On Jul 10, 2014 6:14 PM, G.T.RAO netwebst...@gmail.com wrote: Hi, Mr Mohan Rao , no new update from ur end. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:40 PM, A Mohan Rao mohanra...@gmail.com wrote: you can give team viewer tomorrow.. On Wed, Jul 9, 2014 at 4:38 PM, G.T.RAO netwebst...@gmail.com wrote: hi, can u help me regarding non-transparent proxy. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:31 PM, A Mohan Rao mohanra...@gmail.com wrote: At present u can only block with transparent proxy http sites whatever u want like social networks movies downloading etc with groupwise. If u want to block https sites u can use non-transparent proxy.. Thnx MOHAN RAO On Jul 9, 2014 4:26 PM, G.T.RAO netwebst...@gmail.com wrote: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 https://mailtrack.io/trace/link/534a165f0ca4acef44b1e7988788a911e92f3dca 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 https://mailtrack.io/trace/link/dd33c3e23c8532810f5b3e33a98e30e033508345 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards, G.T.RAO A free software fund-a-mentaL-isT. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
PLEASE take this conversation off the list. -- Ryan Coleman ryanjc...@me.com m. 651.373.5015 o. 612.568.2749 On Jul 10, 2014, at 9:15, A Mohan Rao mohanra...@gmail.com wrote: Hello mr rao, Its your work so i will not availble with your conditions and timings. better is u can take time frim me then we will shortout ur problems.. Thanks On Jul 10, 2014 6:14 PM, G.T.RAO netwebst...@gmail.com wrote: Hi, Mr Mohan Rao , no new update from ur end. Sent with MailTrack On Wed, Jul 9, 2014 at 4:40 PM, A Mohan Rao mohanra...@gmail.com wrote: you can give team viewer tomorrow.. On Wed, Jul 9, 2014 at 4:38 PM, G.T.RAO netwebst...@gmail.com wrote: hi, can u help me regarding non-transparent proxy. Sent with MailTrack On Wed, Jul 9, 2014 at 4:31 PM, A Mohan Rao mohanra...@gmail.com wrote: At present u can only block with transparent proxy http sites whatever u want like social networks movies downloading etc with groupwise. If u want to block https sites u can use non-transparent proxy.. Thnx MOHAN RAO On Jul 9, 2014 4:26 PM, G.T.RAO netwebst...@gmail.com wrote: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards, G.T.RAO A free software fund-a-mentaL-isT. Sent with MailTrack ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
Any thoughts anyone? -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/03/2014 06:15 PM, Blake Cornell wrote: Hello, I have a pfSense network that uses multiple layers of NAT translation. Public IP's are mapped to specific NAT addresses using a 1 to 1 mapping on the edge device. The packets are then forwarded to another pfSense device using another layer of NAT translation. Ex: public ip - NAT network 1 - NAT network 2 - target machine. The issue lies when using the example IP of 1.1.1.1, on an example open port 80. # tcptraceroute 1.1.1.1 80 [removed for brevity] 3 1.1.1.1 29.247 ms 17.670 ms 14.007 ms 4 1.1.1.1 20.142 ms 16.119 ms 16.609 ms 5 1.1.1.1 [open] 21.387 ms 17.176 ms 70.283 ms As you can see, the results show three instances of 1.1.1.1. This allows an attacker the ability to enumerate the depth of NAT translation. This is a low risk issue. To resolve this issue I need to mangle forwarded IP packets by incrementing their TTL by 1. This would effectively hide the above included results. If anyone knows how to do this either through the web interface or through custom configurations then please let me know. EMail me directly for a real world example for your analysis. Thanks in Advance, ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
Am 10.07.2014 15:15, schrieb Jim Pingle: On 7/10/2014 4:27 AM, Stefan Baur wrote: since upgrading to 2.1.3-RELEASE and enabling e-mail notifications under System: Advanced: Notifications, I'm receiving an e-mail whenever the DynDNS update script (Services: Dynamic DNS client) triggers an update. I *do* want e-mail notifications, just not for such mundane things, only when stuff breaks. So how do I configure that? There is no way to selectively disable that notification at this time. If you don't mind a simple source edit, you can disable the notification by removing or commenting out etc/inc/dyndns.class line 1027 (on 2.1.3) it should start with notify_all_remote Thank you. I just checked, it actually appears twice, once for IPv4 and once for IPv6 (7 lines below the first occurrence), so I'm going to comment out both. (I'm kinda curious whether no one uses e-mail notifications in combination with DynDNS, or why I'm the first to notice/complain. I can't really imagine an everything OK e-mail being a desired feature for DynDNS updates, given their frequency.) Is there any chance of getting this disabled or made configurable via WebGUI checkbox in one of the next few releases? Should I file a bug/feature request? -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
-Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Stefan Baur Sent: Thursday, July 10, 2014 9:38 AM To: list@lists.pfsense.org Subject: Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations? (I'm kinda curious whether no one uses e-mail notifications in combination with DynDNS, or why I'm the first to notice/complain. I can't really imagine an everything OK e-mail being a desired feature for DynDNS updates, given their frequency.) -Stefan --- Just saying, but I get one email a month; my WAN on Comcast DHCP. But if I did get a change, I think I'd want to know. One more email is the least of my problems, lol. Jul 10 07:42:32 php: rc.dyndns.update: phpDynDNS (myhost.no-ip.org): No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. Peder ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
On 7/10/2014 10:38 AM, Stefan Baur wrote: Thank you. I just checked, it actually appears twice, once for IPv4 and once for IPv6 (7 lines below the first occurrence), so I'm going to comment out both. Yes, it is in there twice but IPv6 DynDNS is still fairly rare so the second one probably isn't going to be hit often. (I'm kinda curious whether no one uses e-mail notifications in combination with DynDNS, or why I'm the first to notice/complain. I can't really imagine an everything OK e-mail being a desired feature for DynDNS updates, given their frequency.) It was put in due to demand. People wanted to be alerted when their IP address changed. For most it's a fairly infrequent event. Is there any chance of getting this disabled or made configurable via WebGUI checkbox in one of the next few releases? Should I file a bug/feature request? It may be possible in the future, but unless someone submits a pull request to add the option, probably not any time soon. You can look for an existing entry on https://redmine.pfsense.org/ for it, if one does not already exist, feel free to create a new feature request. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
Okey...! On Jul 10, 2014 7:46 PM, Ryan Coleman ryanjc...@me.com wrote: PLEASE take this conversation off the list. -- Ryan Coleman ryanjc...@me.com m. 651.373.5015 o. 612.568.2749 On Jul 10, 2014, at 9:15, A Mohan Rao mohanra...@gmail.com wrote: Hello mr rao, Its your work so i will not availble with your conditions and timings. better is u can take time frim me then we will shortout ur problems.. Thanks On Jul 10, 2014 6:14 PM, G.T.RAO netwebst...@gmail.com wrote: Hi, Mr Mohan Rao , no new update from ur end. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:40 PM, A Mohan Rao mohanra...@gmail.com wrote: you can give team viewer tomorrow.. On Wed, Jul 9, 2014 at 4:38 PM, G.T.RAO netwebst...@gmail.com wrote: hi, can u help me regarding non-transparent proxy. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 On Wed, Jul 9, 2014 at 4:31 PM, A Mohan Rao mohanra...@gmail.com wrote: At present u can only block with transparent proxy http sites whatever u want like social networks movies downloading etc with groupwise. If u want to block https sites u can use non-transparent proxy.. Thnx MOHAN RAO On Jul 9, 2014 4:26 PM, G.T.RAO netwebst...@gmail.com wrote: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 https://mailtrack.io/trace/link/534a165f0ca4acef44b1e7988788a911e92f3dca 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 https://mailtrack.io/trace/link/dd33c3e23c8532810f5b3e33a98e30e033508345 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards, G.T.RAO A free software fund-a-mentaL-isT. Sent with MailTrack https://mailtrack.io/install?source=signaturelang=enreferral=netwebst...@gmail.comidSignature=22 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- G.T.RAO A free software fund-a-mentaL-isT. http://fossyatra.wordpress.com http://paper.li/GTRao/1342070958 mobile:9953506651 लिनक्स: नि:शुल्क और खुले स्रोत सॉफ्टवेयर आप के लिए और दुनिया के लिए अच्छा है. ना कोई adware,ना कोई spyware, सिर्फ अच्छा सॉफ्टवेयर. Linux(લિનક્ષ ): મુક્ત અને નિઃશુલ્ક(મફત) ઓપન સોર્સ સોફ્ટવેર તમારા માટે અને વિશ્વ માટે સારું છે. ના કોઈ એડવેર , ના કોઈ સ્પાયવેર, માત્ર સારું સોફ્ટવેર. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How to Enable/Disable DynDNS update e-mail notifiations?
Am 10.07.2014 16:52, schrieb Peder Rovelstad: Just saying, but I get one email a month; my WAN on Comcast DHCP. But if I did get a change, I think I'd want to know. One more email is the least of my problems, lol. Over here, DSL has dynamic IPs, changing with every reconnect and at least every 24 hours (forced dis- and reconnect by the provider). Multiply that with 40 pfSense installations, some of them on flaky DSL lines that reconnect more than once a day, and you can figure out why I'm currently not a friend of this feature. ;-) Thanks to Jim Pingle, I now know how to turn it off. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Update
The update from 2.1.3 to 2.1.4 failed hard for me. I got a unable to load kernel message on reboot. That said I reinstalled and am rebuilding my setup. I noticed a glitch however. On the dashboard it was saying I was on the current version but it's no longer able to obtain update status. I'm wondering what port it uses and what rule may have broke the updates? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
I think you might have a misconception in your request. Whe you say: To resolve this issue I need to mangle forwarded IP packets by incrementing their TTL by 1. This would effectively hide the above included results. If anyone knows how to do this either through the web interface or through custom configurations then please let me know. That is how IP normally works. Traceroute uses this feature by sending a packet with the TTL set to 1, then the TTL set to 2, then the TTL set to 3, etc. Each router on the chain reduces the value by one. Each time the packet expires, an ICMP TTL message packet is sent to sender saying that packet exipred in transit. Those are the messages that traceroute uses to map the network. The problem with filtering those messages is if you hit a loop on the Internet (often due to a network with static routes being down), your packets will loop forever. My best guess, a custom rule that drops all packets with a TTL 5 and live with the fact that some people on the Internet might have issues talking to you if they are the far perimeter of the Internet. This assumes that there is a advanced feature in pfSense (and pf) that allows for filtering based on TTL values. Personally, I don't see why you need to keep the inside topology secret, but if do, use a reverse proxy on the outside and not 1 to 1 NAT. Then the packets will terminate at the proxy and not internally. If you are worried about security and secrecy at this level, then you should not be using 1 to 1 NAT, as it exposes to much information and has too high of a risk. You need to use proxies and other items that intercept and rewrite traffic to hide the inside equipment, or decide that maybe you don't actually need to be quite so much of a back box. Walter On Thu, Jul 10, 2014 at 7:36 AM, Blake Cornell bcorn...@integrissecurity.com wrote: Any thoughts anyone? -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/03/2014 06:15 PM, Blake Cornell wrote: Hello, I have a pfSense network that uses multiple layers of NAT translation. Public IP's are mapped to specific NAT addresses using a 1 to 1 mapping on the edge device. The packets are then forwarded to another pfSense device using another layer of NAT translation. Ex: public ip - NAT network 1 - NAT network 2 - target machine. The issue lies when using the example IP of 1.1.1.1, on an example open port 80. # tcptraceroute 1.1.1.1 80 [removed for brevity] 3 1.1.1.1 29.247 ms 17.670 ms 14.007 ms 4 1.1.1.1 20.142 ms 16.119 ms 16.609 ms 5 1.1.1.1 [open] 21.387 ms 17.176 ms 70.283 ms As you can see, the results show three instances of 1.1.1.1. This allows an attacker the ability to enumerate the depth of NAT translation. This is a low risk issue. To resolve this issue I need to mangle forwarded IP packets by incrementing their TTL by 1. This would effectively hide the above included results. If anyone knows how to do this either through the web interface or through custom configurations then please let me know. EMail me directly for a real world example for your analysis. Thanks in Advance, ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive portal and RADIUS authentication
Hi Nicola Am 10.07.2014 12:31, schrieb Nicola Ferrari (#554252): I tried to config the internal freeradius2 package with ldap to interface with the win2008ad, but it doesn't seem to work. Because it cannot verify passwords in LDAP as AD doesn't store passwords in plaintext which is what FreeRADIUS would do against a LDAP server. If you have a standalone RADIUS server on BSD/Linux you have to use Samba and let FreeRADIUS check the passwords with 'ntlm_auth', which is part of Samba. I guess Brian is using FreeRADIUS locally with a local user database, that should work as is. Since FR with AD is one of the most-asked questions on, the FR developers have made pretty comprehensive howtos for that precise use-case. (freeradius.org wiki and Alan Dekok's deployingradius.com) I don't thinkg installing a full-blown Samba on pfSense is what you want (there is no binary Samba package for pfSense either) could you please explain me your config? I guess since if you have an NPS up and running that it's better to try this route. Are you positive that you entered the hostname or IP, port and shared secret in Service: Captive portal: yourcaptiveportal? I'm asking since youre initial error message with PAP told you so. You mention configuring RADIUS in User management - Servers. In my understanding this can be used for admin access, VPN etc, but captive portal is independent. That's why there are the fields in the captive portal to use RADIUS and then place to put the IP/port/shared secret. In fact I configured a pfSense box to authenticate admins against an existing AD so they don't get used to login as root. (and if someone breaks things we know who it was, not just admin/root) - and that was simply by using LDAP authentication, not extra RADIUS required in this case. Hope that helps a little -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
Further to what Walter has said - Double NATB! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] HELP
G.T.RAO netwebsteps@... writes: Greetings all, I ma new to pfsense , pl help me out pfsense firewall Nat configuration for small education network. I am Using pfsense 2.1.4-reease for (i386) 1. interface on WAN (wan) - em0 - v4/DHCP4 : 192.168.0.16/24 2. interface on LAN (lan ) - em1 - v4/DHCP4 : 192.168.0.15/24 Webconfigurator is not working, So how can i block [ social media sites : facebook,youtube.etc). Regards,G.T.RAOA free software fund-a-mentaL-isT. Sent with MailTrack ___ List mailing list List@... https://lists.pfsense.org/mailman/listinfo/list HI, You can´t use same IP RANGE to WAN and LAN. Try other IP range to lan, like 192.168.2.x - and try to access the webconfig in this lan. Regard´s Roberto Soubhia ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
There is a reason for it. It works well except for this ONE issue. I like setting up 0 vulnerability/weakness networks. This is the only one minus presentation/application issues. Thank you both for your input. I'll touch base when I determine a resolution strategy. -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/10/2014 01:49 PM, James Bensley wrote: Further to what Walter has said - Double NATB! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
I disagree that this is a vulnerability/weakness. If this is truly your only issue with the network, I'd call it good and done if you are not the DOD/NSA. If you are, then you need to start again with an even more secure foundation. Walter On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell bcorn...@integrissecurity.com wrote: There is a reason for it. It works well except for this ONE issue. I like setting up 0 vulnerability/weakness networks. This is the only one minus presentation/application issues. Thank you both for your input. I'll touch base when I determine a resolution strategy. -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/10/2014 01:49 PM, James Bensley wrote: Further to what Walter has said - Double NATB! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.
I would put it on a report as an issue.. further more... no comment -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 M: +1(516)900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/10/2014 05:29 PM, Walter Parker wrote: I disagree that this is a vulnerability/weakness. If this is truly your only issue with the network, I'd call it good and done if you are not the DOD/NSA. If you are, then you need to start again with an even more secure foundation. Walter On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell bcorn...@integrissecurity.com mailto:bcorn...@integrissecurity.com wrote: There is a reason for it. It works well except for this ONE issue. I like setting up 0 vulnerability/weakness networks. This is the only one minus presentation/application issues. Thank you both for your input. I'll touch base when I determine a resolution strategy. -- Blake Cornell CTO, Integris Security LLC 501 Franklin Ave, Suite 200 Garden City, NY 11530 USA http://www.integrissecurity.com/ O: +1(516)750-0478 tel:%2B1%28516%29750-0478 M: +1(516)900-2193 tel:%2B1%28516%29900-2193 PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 Free Tools: https://www.integrissecurity.com/SecurityTools Follow us on Twitter: @integrissec On 07/10/2014 01:49 PM, James Bensley wrote: Further to what Walter has said - Double NATB! ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Update
Usually when I see that message it's because DNS is not configured correctly on the box. On Jul 10, 2014 9:44 AM, Brian Caouette bri...@dlois.com wrote: The update from 2.1.3 to 2.1.4 failed hard for me. I got a unable to load kernel message on reboot. That said I reinstalled and am rebuilding my setup. I noticed a glitch however. On the dashboard it was saying I was on the current version but it's no longer able to obtain update status. I'm wondering what port it uses and what rule may have broke the updates? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Update
How so? The network has always worked. I discovered pf with 2.1.1 and it gone thru the other two updates with minimal fuss. On the prior sit was package issues. Sent from my iPad On Jul 10, 2014, at 6:22 PM, Oliver Hansen oliver.han...@gmail.com wrote: Usually when I see that message it's because DNS is not configured correctly on the box. On Jul 10, 2014 9:44 AM, Brian Caouette bri...@dlois.com wrote: The update from 2.1.3 to 2.1.4 failed hard for me. I got a unable to load kernel message on reboot. That said I reinstalled and am rebuilding my setup. I noticed a glitch however. On the dashboard it was saying I was on the current version but it's no longer able to obtain update status. I'm wondering what port it uses and what rule may have broke the updates? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Host Connectivity on a Specific Subnet
Hi everyone, I have a problem I have been unable to solve all day (literally *all* day). My pfSense box has two LAN interfaces and a WAN interface. A CentOS 7.0 server is giving me grief on one of the Subnets when configured as static or dynamic. When I put the problematic CentOS box on the other subnet (and change corresponding host network configurations), it works. The CentOS box also works when I put it on my trustworthy Linksys WRT router (again, changing host network settings along the way). To me this smelled of a firewall problem, but there is nothing logged and I have both LAN interfaces set up to pass everything. Secondly I looked at DHCP for possible DHCP addressing conflicts, but the DHCP server is disabled on this subnet. TCPdump reveals that literally nothing is making it to the gateway interface, however at the same time the activity light on the interface blinks corresponding to my pings (there is no other traffic). Further confusing me is that I am able to get a static IP from other devices when I plug them into the problematic subnet. Basically this single device does not work on this single subnet and that is the only problem. Other devices are fine on this subnet and this device is fine on other subnets. ...? It is also worth noting that all the link lights are lighting up and the cables and switch have been tested to be working correctly. Nothing that I can see looks out of place in pfSense's logs. Here are my host configuration files, all generated by CentOS's nmtui utility. I tried my own manual configurations with the same results (not working):http://pastebin.com/HFYYTG09(possible typos -- this is hand written, my apologies if that is the case) I am at a loss and have been at this all day. pfSense has so little to configure that I'm not really sure what I could have done wrong. I feel like it is something really simple that I missed. Anyone have recommendations on how to troubleshoot? Best Regards, -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list