Re: [pfSense] DNS-based inbound NAT?
I second using a reverse proxy for this. You can use the squid package or even use the Mod_security and proxy pass directive On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz yeh...@ymkatz.net wrote: HTTP Host headers are not even seen by the firewall unless some type of Deep Packet Inspection is running or the firewall is the destination and runs a proxy to the other servers. The alias method suggested will not work in this case (as you found) because pfSense does not check the host headers. Squid might be able to do the job, but I don't think the pfSense package of squid supports multiple FQDNs (Fully Qualified Domain Names). A quick look at the settings page shows only options for proxy by path, not by full URL. Once you install the plugin, look under Services - Reverse Proxy for the settings. - Y On Sun, Dec 14, 2014 at 1:29 PM, Mike Bobkiewicz sec...@commobil.de wrote: Hello, we have a problem: we´re running a pfSense 2.1.5 firewall with a single WAN address in front of a DMZ zone with two web servers. What we now want to do is that pfSense redirects a http call to server1.example.com to webserver 1 and a http call to server2.example.com to webserver 2. We have found two threads on the pfSense board but we couldn´t make them run. First thread mentioned to add aliases for the dns names and create redirect nat rules. That doesn´t work because pfSense seams to replace the dns entries from the aliases at run time so the first matching rule is the winner: when server1.example.com is the first rule webserver 1 answers for both server1.example.com and server2.example.com. After moving the rule for server2.example.com before the server1 rule webserver 2 answers all calls. The second thread mentions to install the squid3 3.1.20 package and to use it´s reverse proxy function but we can´t figure out where to find it in the settings. Any help or advice is highly welcome. Best regards, Mike Bobkiewicz ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense slowing wan speed
Yes it is connecting at full duplex. Packet shaper is not enabled On Sat, Jul 5, 2014 at 10:14 PM, Erik Anderson erike...@gmail.com wrote: On Sat, Jul 5, 2014 at 9:00 PM, Brian Henson marin...@gmail.com wrote: I have a PFsense box on a 50/5 DSL connection and when its directly connected the to the modem it drops the speed significantly as compared to a wireless router directly connected to the modem. Do you have a traffic shaper enabled? Have you verified that your ethernet interfaces are linked up at proper speed/duplex? -Erik ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense slowing wan speed
1. Bandwith slows down to around 5mbps using a speed test 2. No it persists 3. yes and yes 4. Dont understand what you are asking there 5. yes 6. AP mode only. On Sat, Jul 5, 2014 at 10:32 PM, Ryan Coleman ryanjc...@me.com wrote: Brian, Here are my 6 questions: Exactly what kind of slowing is happening? Does it get resolved from a reboot? Are you the only person using the system? Are you certain of that? What’s the wireless in relation to your PFsense unit? Is it in the middle of the wireless router and the DSL modem? Is the wireless strictly an AP or are you using it as a router, too? — Ryan On Jul 5, 2014, at 21:00, Brian Henson marin...@gmail.com wrote: Hello all, I have a PFsense box on a 50/5 DSL connection and when its directly connected the to the modem it drops the speed significantly as compared to a wireless router directly connected to the modem. Only package installed is squid with here are the specs Intel(R) Pentium(R) 4 CPU 3.20GHz 2 CPUs: 1 package(s) x 1 core(s) x 2 HTT threads Ram 512mb Swap 1G Ideas? Thanks Brian Henson ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfsense slowing wan speed
Hello all, I have a PFsense box on a 50/5 DSL connection and when its directly connected the to the modem it drops the speed significantly as compared to a wireless router directly connected to the modem. Only package installed is squid with here are the specs Intel(R) Pentium(R) 4 CPU 3.20GHz 2 CPUs: 1 package(s) x 1 core(s) x 2 HTT threads Ram 512mb Swap 1G Ideas? Thanks Brian Henson ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] CPU
I run 2.1.1 and chrome and I see it updating On Mon, Feb 24, 2014 at 10:43 AM, Brian Caouette bri...@dlois.com wrote: This is 2.1.1 installed yesterday. On 2/24/2014 8:55 AM, Jim Pingle wrote: On 2/24/2014 8:45 AM, Brian Caouette wrote: Another update. The problem lies with Chrome. When running Chrome under Windows 7 the CPU is stuck at updating in 10 seconds it never changes. Running Firefox on the same PC at the same time I show the CPU does indeed update but never on Chrome. There is something different between these browsers that is preventing the update. There was a fix between 2.1 and 2.1.1 for something similar. IIRC it was an old widget that was disabled/removed but still in the config causing a JavaScript error. Try it with 2.1.1 https://forum.pfsense.org/index.php/topic,71546.0.html Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] how to blocking websites in pfsense
You have a couple of choices(that i know of) 1. Install squidguard 2. Install Dansguardian 3. use opendns website blocking On Wed, Jan 1, 2014 at 10:41 PM, vijay danapal vjaydana...@gmail.comwrote: Dear Team, i need website blocking in pfsense settings,kindly do needful. Regards, vijay.d. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Freeswitch + OpenVPN site-site problem
Run a packet capture and see what you get On Aug 1, 2012 5:06 AM, Gavin Will gavin.w...@exterity.com wrote: I dont think this is a PF Sense issue. On Asterisk I was in the same situation until I specified the local networks (and remote local networks if you know what I mean). After that is worked fine. If it were over the internet then it would possibly be an outbound NAT issue but doesnt apply to VPN. -Original Message- From: list-boun...@lists.pfsense.org [mailto: list-boun...@lists.pfsense.org] On Behalf Of runi...@gmail.com Sent: 31 July 2012 23:31 To: pfSense support and discussion Subject: [pfSense] Freeswitch + OpenVPN site-site problem All: We have a test bed established which includes OpenVPN site to site networks and the Freeswitch VoIP manager at the main site. VoIP phones at the main site where Freeswitch resides work fine but phones connected via the VPN don't. The phones at the remote sites can successfully call the main site phones but not the other direction. Routing between the sites seems to be working okay (phones can be pinged). tcpdump does not reveal anything obvious. Looking for help! Thanks, R ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense gaming
I have had good luck turning on upnp and getting the message to go away. On Tue, May 1, 2012 at 4:04 PM, Ernst den Broeder er...@denbroeder.cawrote: On 5/1/2012 1:43 PM, Lazy Sod wrote: Looking to switch from Monowall to Pfsense for gaming reasons; I have one Xbox 360 and have had no luck getting the strict NAT message to leave when using Monowall. I have noticed that some have been successful in getting Pfsense to work without having a strict NAT message. Following the information in the forum hasn’t really gotten me very far. Does it work, if so can you point me in the right direction? If I’ve missed something on the Mailing list let me know where I can find that info. Any help is appreciated. step 1) assign a static IP to your xbox how ever you choose step 2) under NAT/Port Forward: forward UDP/3074 to your xbox IP step 3) under NAT/Outbound: select Manual outbound NAT rule generation step 3a) pfSense will have created 3 auto generated rules for you - leave these alone step 3b) create a new rule for WAN interface, any UDP packet sourced from your xbox IP and select static-port option step 3c) move this new rule to the top of the rules (it must match first else one of the auto generated rules will match). -Ernst ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Can anyone please tell me the step by step to integrate Freeradiuse to authenticate users from Window Active directory?
You could use Windows Internet Authorization server to provide the users/groups. It is a radius server and could do what your wanting to do. On Wed, Apr 25, 2012 at 11:54 PM, steel max steelmax11...@gmail.com wrote: Can anyone please tell me the step by step to integrate Freeradiuse to authenticate users from Window Active directory? I have Successfully Setup: 1- Captive portal FreeRadius. 2- Local PFsesnce Users can Login authenticate from Captive-portal. *BUT I really want is to Authenticate AD users!!!* *Also WAN to Pfsense come my corporate VLAN10 I would like to make the out going LAN to be in same VLAN!* *So in short How can I do these: Captive Portal Authenticate against My Windows Domain AD LAN to be as same VLAN as WAN...?* Thank in advance, Please Help me on this! [image: Smiley] ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] issues with 2.1 snapshot
any other ideas? On Tue, Apr 3, 2012 at 7:36 AM, Brian Henson marin...@gmail.com wrote: yes it is checked and i have unchecked and rechecked it just for good measure. On Tue, Apr 3, 2012 at 6:59 AM, Seth Mos seth@dds.nl wrote: Op 3-4-2012 9:04, Brian Henson schreef: Another strange thing is when i try to ping a host on the lan that i have set a static ip i get this ping6: sendmsg: Permission denied ping6: wrote 2001:470:b:405::51 16 chars, ret=-1 The firewall rules might be out of date preventing other communications. This is likely pf firewall rules preventing it. Is the disable IPv6 checked under advanced. Cheers, Seth On Tue, Apr 3, 2012 at 2:42 AM, Brian Henson marin...@gmail.com mailto:marin...@gmail.com wrote: Oops 2.0 upgraded to 2.1 snapshot On Tue, Apr 3, 2012 at 2:41 AM, Seth Mos seth@dds.nl mailto:seth@dds.nl wrote: Op 3-4-2012 8:33, Brian Henson schreef: Yes i have it set to managed. I pulled the branch down when i was on 2.0 RC3 and got it working. but this is a fresh install of 2.0 upgraded to 2.0.1 Don't you mean 2.1? IPv6 support is only available there. In 2.0 the global IPv6 disable flag would drop all ipv6 traffic. Regards, Seth On Tue, Apr 3, 2012 at 2:33 AM, Seth Mos seth@dds.nl mailto:seth@dds.nl mailto:seth@dds.nl mailto:seth@dds.nl wrote: Op 3-4-2012 8:20, Brian Henson schreef: I have checked the /64 and the wan is on the wan and the Lan is setup right. Files and info requested are below. I had this setup perfectly before its just not wanting to work now. Yeah, your config file and configuration check out. I wasn't aware that this setup worked previously. I see that your network is set to managed, is that correct? We only just switched out rtadvd for radvd and don't know all the possible error messages it can throw. And more importantly, for what reason. Regards, Seth __**_ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org** mailto:List@lists.pfsense.org mailto:List@lists.pfsense.org**__ http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list http://lists.pfsense.org/__**mailman/listinfo/listhttp://lists.pfsense.org/__mailman/listinfo/list http://lists.pfsense.org/__**mailman/listinfo/listhttp://lists.pfsense.org/__mailman/listinfo/list http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list __**___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org** http://lists.pfsense.org/__**mailman/listinfo/listhttp://lists.pfsense.org/__mailman/listinfo/list http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list __**___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org** http://lists.pfsense.org/__**mailman/listinfo/listhttp://lists.pfsense.org/__mailman/listinfo/list http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] issues with 2.1 snapshot
Yes i have it set to managed. I pulled the branch down when i was on 2.0 RC3 and got it working. but this is a fresh install of 2.0 upgraded to 2.0.1 On Tue, Apr 3, 2012 at 2:33 AM, Seth Mos seth@dds.nl wrote: Op 3-4-2012 8:20, Brian Henson schreef: I have checked the /64 and the wan is on the wan and the Lan is setup right. Files and info requested are below. I had this setup perfectly before its just not wanting to work now. Yeah, your config file and configuration check out. I wasn't aware that this setup worked previously. I see that your network is set to managed, is that correct? We only just switched out rtadvd for radvd and don't know all the possible error messages it can throw. And more importantly, for what reason. Regards, Seth __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] issues with 2.1 snapshot
When I configure a Tunnelbroker tunnel i get the following in syslog radvd[46165]: sendmsg: Permission denied. The Wan works but the LAN doesn't even with manually assigned addresses. Anyone got any idea on this? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense appliance recommendation?
I use an ALIX board and i have only had to work on it once and that was when i upgraded to 2.0. On Sun, Apr 1, 2012 at 7:06 PM, Luke Jaeger ad...@pvpa.org wrote: helping someone spec a new router for a small business network, currently 10 users (more in future, hopefully) - it needs to be a 'set it and forget it' solution so I thought about a pfSense appliance. Anyone have an opinion about a particular make/model? Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense appliance recommendation?
If you want a rack server they can be gotten refurbished for really cheap at geeks.com or ebay On Sun, Apr 1, 2012 at 7:20 PM, Mehma Sarja mehmasa...@gmail.com wrote: On 4/1/12 4:06 PM, Luke Jaeger wrote: helping someone spec a new router for a small business network, currently 10 users (more in future, hopefully) - it needs to be a 'set it and forget it' solution so I thought about a pfSense appliance. Anyone have an opinion about a particular make/model? Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list I can share some experiences - a) If you go with an embedded solution(Alix or others), select a very good CF card. Had one which lasted for years, SanDisk I think and the last few have been junk, b) if you are looking at a more traditional machine, go with a 3.5, single platter spinning drive - no SSDs, and finally c) configure a system, turn logging off and burn an image - if something happens to your setup, a restore is just a cd boot away until you get a more permanent solution in place. -- Yudhvir ਯੁਧਵੀਰ __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] FTP error
If i remember right alert 220 is ready for the user to submit commands. What do you see in your vsftpd logs? On Mon, Mar 5, 2012 at 6:05 AM, Pankaj Kumar pankajnh...@gmail.com wrote: 220vsFTPd2.0.7 On Mon, Mar 5, 2012 at 4:09 PM, Pankaj Kumar pankajnh...@gmail.comwrote: I have FTP server behind pfsense 2.0.1 with multiple wan load balancing and 2 LAN one for LAN and another for FTP server and WEB Server after i have made respective rules for FTP and Web server now problem is that i am able to access my web server from public IP but while accessing FTP server i am getting an error like Alert 220 (vsftpd_001) Please help me out Thanks ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] four dental offices + cable or dsl bettween
you might be able to use a dialup link as backup. granted it would be really slow but at least you would still be online. On Sat, Oct 29, 2011 at 4:04 AM, Johan Hendriks j.hendr...@schavemaker.comwrote: justino garcia schreef: Would four http://www.applianceshop.eu/index.php/opnsense-rack-edition-pfsense-appliance.htmldo me justice. I will have one Main DC in one office, and all others speak to that DC, and database / app server for dental stuff? -- Justin IT-TECH ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list It should be working fine. We use this setup also for one of our custumors. We use Ipsec for the tunnels, and we use soekris hardware for this. The only thing is when a DSL connection goes down, the clients at that location are lost. If it is possible for a office to run without a computer for 2 or more hours, then it is no problem, if that is not possible, then you need a backup line. But even with these kind of setups it is possible that things fail. regards Johan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list