Re: [pfSense] Problem with new Unit
No. Split DNS. Internal is basically a cache plus has the IP settings for internal LAN addresses. David Ross > On Feb 19, 2016, at 10:50 AM, WebDawg wrote: > >> On Thu, Feb 18, 2016 at 7:30 PM, David Ross >> wrote: >> Current device is an xxx running pfSense 2.0.1-RELEASE >> >> New device is an SG-2440 running pfSense 2.2.6-RELEASE >> >> I decided that trying to reload the configuration file with that big of a >> gap in versions was asking for trouble so I built the new configuration by >> hand. It wasn't that complicated. >> >> But no luck. We have a bock of 15 static IPs. with 5 of them currently >> mapped via NAT1:1 to 4 internal systems. Everything seemed to work except >> for DNS. Our mail server could receive and send as long as the DNS lookups >> were not required for new items. >> >> We have a DNS server in house for all of the machines on our LAN to use. I >> really don't want the pfSense device to do anything but pass DNS queries out >> and get the responses back to our in house server. >> >> DNS seems to have changed a lot in the release gap I'm crossing. Any quick >> thoughts before I dig in deeper. >> >> I have disabled the DNS forwarder. >> >> I have also disabled the DNS resolver. >> >> I have looked at the various rules (not that many) and interface settings >> and don't see anything obvious. >> >> Any pointers on what to check out. >> >> Thanks >> David Ross >> ___ > > > So you are using a DNS server on your WAN for clients internal? > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Problem with new Unit
Current device is an xxx running pfSense 2.0.1-RELEASE New device is an SG-2440 running pfSense 2.2.6-RELEASE I decided that trying to reload the configuration file with that big of a gap in versions was asking for trouble so I built the new configuration by hand. It wasn't that complicated. But no luck. We have a bock of 15 static IPs. with 5 of them currently mapped via NAT1:1 to 4 internal systems. Everything seemed to work except for DNS. Our mail server could receive and send as long as the DNS lookups were not required for new items. We have a DNS server in house for all of the machines on our LAN to use. I really don't want the pfSense device to do anything but pass DNS queries out and get the responses back to our in house server. DNS seems to have changed a lot in the release gap I'm crossing. Any quick thoughts before I dig in deeper. I have disabled the DNS forwarder. I have also disabled the DNS resolver. I have looked at the various rules (not that many) and interface settings and don't see anything obvious. Any pointers on what to check out. Thanks David Ross ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] OT: Good network switch for 10 machines?
On 9/23/14, 1:36 PM, Moshe Katz wrote: On Tue, Sep 23, 2014 at 1:28 PM, Kenward Vaughan mailto:kay_...@earthlink.net>> wrote: Sorry about the topic, but when I had asked a question before about trying to tie into a wireless network through a pfSense box, your answers to what turned out to be another OT question actually led our IS group to give me full VPN access to the outside world. I will be putting a pfSense box on our end of that connection. Thanks again for that help! As was apparent in that post I am pretty ignorant of networking details, but do know that sometime in the near future I will be looking for a decent network switch to tie 10-11 dual cpu machines together into a cluster. Would anyone have a thought as to a good switch for this? The machines will have the Intel i210 Dual Port Gigabit Ethernet controller, if that makes any difference. If you don't need to do any fancy routing or VLAN stuff, just go on Amazon or NewEgg and get the top-rated 16-port /unmanaged/ gigabit switch. If you don't need fully managed I'd look for one a step up from fully un-managed. I'd look for one with a Web interface so you can at least see error rates and what MAC addresses are flowing through what ports. A few $$$ more but worth it every year or two. David ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Dual LAN with 1 router
Before I start digging an endless hole is this even possible. Site has a Netgate m1n1wall 2D3/2D13. Currently on the WAN and LAN ports are in use. 1:N NAT in general plus several 1:1 for some servers that need to be accessed from outside. 3rd Ethernet port is not in use. What I'm asked to do is setup a second physical LAN using the 3rd Ethernet port which would have DHCP and 1:N NAT operating off of one of the WAN Static IPs assigned to this client. This point is that none of the equipment past the router would see the "other LAN". Is this possible and if so could someone point me to where I can read up on how. Thanks David ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] naive suggestion: conform to US laws
On 10/11/13 2:13 PM, Walter Parker wrote: As I see it, there are are two things that can happen here Not yelling at Walter. The problem with all of this is that as long as our Congress (and the equivalent in other countries) passes laws that allow such backdoors with a threat of jail if you talk about it at any level we will have these issues. If you want this to go away, then we need to elect folks to Congress who will change the laws. But for most of us that's too big a hill to climb in terms of personal effort so we don't do it. David ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?
On 10/9/13 11:56 AM, Thinker Rix wrote: 1. Recently they forced the small encrypted-email-service "Lavabit" to comply with them (hand out their SSL-masterkeys & install a "black-box" at their premises). Lavabit did not agree - and they shut him down. Actually "they" didn't "shut him down". Per news reports and the founder's statements. You can read the details and fact if you want. David ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Dandy pfSense appliance
On 4/25/13 4:42 AM, Odhiambo Washington wrote: Any pointers to these Intel Atom boards with dual NICs?? Gigabit or otherwise, I think I am looking for something like that. http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Black-P216C83.aspx No SSD. Runs off a 4GB CF Card. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list