[pfSense] Access to WebGUI from local net blocked, why?

2014-11-30 Thread Adrian Zaugg 

Hi there

Probably I overlook something really simple, but I can't access the
WebGUI on a certain lan interface. It perfectly works on other lan
interfaces though.

I have configured that interface with an any-to-any-all rule. If I'm in
the same subnet, I am able to ping the box, to ssh into it, to connect
to port 80, but not port 443. Testing from the box cli with openssl
s_client -connect :443 presents me the certificate, doing
the same from remote (in the same subnet), it doesn't connect and times
out. Every time I try to connect 443 on that interface, I find a
"blocked" entry in the firewall log. Shouldn't it pass? What's my
mistake or misunderstanding?

Thank you for your help!

Regards, Adrian.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Recomend

2014-11-30 Thread Walter Parker 
If you are getting the Netgate kit, I'd suggest just getting the Intel m525
SSD that they offer. This is a modern SSD with wear leveling that keeps
software like a squid cache from burning out the drive early. It will fit
and work without having to build a custom cable and have to tape a drive to
the case. IIRC, your setup is for a home network, so the amount of data
that is likely to flow will be quite a bit below the SSD's limits. Also, I
think the guys at Netgate picked that specific SSD from Intel because
tested different SSD drives and found that the Intel drive worked well and
has a good reputation for quality and longevity.

Why are you moving to the kit? If it because you want a small, low energy
box that you can put in a corner and then forget about the hardware because
it just works, then get the SSD and buy a backup device (SD card or SSD).
Then in 5-10 years, if the SSD fails, you will have a replacement device on
hand to replace the SSD that went out.

I suggest you get the SSD now. Before the SSD has any issues, Jim's new
drive project will be complete and that one should last for life of the
router.


Walter


On Sun, Nov 30, 2014 at 11:16 AM, Volker Kuhlmann 
wrote:

> On Fri 28 Nov 2014 13:56:32 NZDT +1300, Ryan Coleman wrote:
>
> > Have you considered a small 2.5" SATA HD for the machine? If
> > you're talking APU, of course. You can run it off 5V from the board
> > (I THINK?) I know there are SATA headers there.
>
> There is one SATA header on the board, and you get 5V power from a 2-pin
> header close-by. Butcher a SATA power cable and solder something up
> yourself, or better buy the specially-made short SATA/power cable from
> PC Engines.
>
> A tip from PC Engines was to tape the disk under the lid, so all fits
> into the box. Might pay to check disk temperature afterwards. I noticed
> the latest revision of the APU board has a 2x3 test header missing to
> make more space for a 2.5" disk.
>
> I am about to try an SSD for pfsense and a 2.5" for the squid cache.
> Currently it all runs fine off a 2.5".
>
> I can't comment on the other hardware mentioned by the OP because of
> lack of experience.
>
> Volker
>
> --
> Volker Kuhlmann is list0570 with the domain in header.
> http://volker.top.geek.nz/  Please do not CC list postings to me.
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>



-- 
The greatest dangers to liberty lurk in insidious encroachment by men of
zeal, well-meaning but without understanding.   -- Justice Louis D. Brandeis
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Recomend

2014-11-30 Thread Volker Kuhlmann 
On Fri 28 Nov 2014 13:56:32 NZDT +1300, Ryan Coleman wrote:

> Have you considered a small 2.5" SATA HD for the machine? If
> you're talking APU, of course. You can run it off 5V from the board
> (I THINK?) I know there are SATA headers there.

There is one SATA header on the board, and you get 5V power from a 2-pin
header close-by. Butcher a SATA power cable and solder something up
yourself, or better buy the specially-made short SATA/power cable from
PC Engines.

A tip from PC Engines was to tape the disk under the lid, so all fits
into the box. Might pay to check disk temperature afterwards. I noticed
the latest revision of the APU board has a 2x3 test header missing to
make more space for a 2.5" disk.

I am about to try an SSD for pfsense and a 2.5" for the squid cache.
Currently it all runs fine off a 2.5".

I can't comment on the other hardware mentioned by the OP because of
lack of experience.

Volker

-- 
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/  Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list