Re: [pfSense] SIP / Asterisk / PFSense - need to reset states of port 5060 connections
Am 09.01.2013 09:16, schrieb mayak-cq: On Wed, 2013-01-09 at 08:38 +0100, Jürgen Echter wrote: snip suddenly it occurs that we are no more available from external and i have to reset states from port 5060 from our internal server to our sip provider. after that its working again. where can i look for this really annoying problem? hi jurgen hmmm -- i have the same issue -- thought it was unique to my install. using embedded 2.01 on an Alix appliance with an openvpn tunnel to a remote pfsense running full version (then to an asterisk server) cheers m ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, we just use NAT (Port Forwarding) to access the ports on our server. Im really interested how others solve this kind of trouble?? Thanks Juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Packages are being installed in the background (pfSense 2.0.1)
Hi, i had to re-setup my firewall and restored my config. all went well so far, but i can't edit anything because i have on every screen a pic which says 'packages are being reinstalled in the background'. this is on since a few hours. squid isn't started and there are a message when i open the config page of squid. Warning: fopen(/usr/local/pkg/squid.xml): failed to open stream: No such file or directory in /etc/inc/xmlparse.inc on line 175 and Warning: Invalid argument supplied for foreach() in /usr/local/www/pkg_edit.php on line 423 is there a way to recover this? firewall is up and running (and also working the right way, all vlans everything, except squid) thanks juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Packages are being installed in the background (pfSense 2.0.1)
i'd like to add that in Filter Reload Status window i have Checking for nat PF hooks in package /usr/local/pkg/lightsquid.inc... is it possible to manually reinstall squid/lightsquid? cheers. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Packages are being installed in the background (pfSense 2.0.1)
Am 24.02.2012 14:37, schrieb Jürgen Echter: is it possible to manually reinstall squid/lightsquid? ok, i managed to pkd_delete lightsquid. the i tried to pkg_add -r lightsquid to install it again. the result is: pkg_add -r squid Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/squid.tbz: File unavailable (e.g., file not found, no access) i've seen that there is no packages-8.1-release dir on the queried ftp maybe this is the problem? uname -r 8.1-RELEASE-p6 greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Packages are being installed in the background (pfSense 2.0.1)
Am 24.02.2012 14:55, schrieb Jürgen Echter: Am 24.02.2012 14:37, schrieb Jürgen Echter: is it possible to manually reinstall squid/lightsquid? ok, i managed to pkd_delete lightsquid. the i tried to pkg_add -r lightsquid to install it again. the result is: pkg_add -r squid Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.1-release/Latest/squid.tbz: File unavailable (e.g., file not found, no access) i've seen that there is no packages-8.1-release dir on the queried ftp maybe this is the problem? uname -r 8.1-RELEASE-p6 greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ok, fixed that by entering setenv PACKAGESITE ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/i386/packages-8.1-release/Latest/ in pfSense shell. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Setting up an Access Point with Dlink DWL-G122 USB
Am 02.02.2012 10:08, schrieb Bart Grefte: Okay :) Hmm, so you did not use InSSIDer? That program picks up a lot more networks than the standard wireless tools available in Windows (or any other OS I believe). If InSSIDer is not able to find it, then you're AP is most likely not active for some reason. *Van:*list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] *Namens *Jürgen Echter *Verzonden:* donderdag 2 februari 2012 9:20 *Aan:* list@lists.pfsense.org *Onderwerp:* Re: [pfSense] Setting up an Access Point with Dlink DWL-G122 USB Hi, sure its not hidden ;) also i tried an Android App and my Netbook if it finds my network, no way. so i'll digg in the logs. see you Am 01.02.2012 20:33, schrieb Bart Grefte: Have you maybe set the SSID to be hidden? Can't direct you to the exact location of the setting since I currently do not use pfSense but it should be on the page with al de Access Point related settings. What you can try is run InSSIDer on a computer with wifi, see if it finds you're wireless network. What you can also try is checking pfSense's logs, see if anything wifi-related pops up in there. *Van:*list-boun...@lists.pfsense.org mailto:list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] *Namens *Jürgen Echter *Verzonden:* woensdag 1 februari 2012 19:36 *Aan:* list@lists.pfsense.org mailto:list@lists.pfsense.org *Onderwerp:* [pfSense] Setting up an Access Point with Dlink DWL-G122 USB Hi, i'm trying to set up an AP with my Dlink DWL-G122. Im as far as: - setting up the device as ap - ifconfig -a shows the device *WLAN interface (run0)* *Status* up *MAC address* f0:7d:68:69:d6:b1 *IP address* 192.168.1.1 *Subnet mask* 255.255.255.0 *Media* autoselect mode 11g hostap *Channel* 6 *SSID* test234 *In/out packets* 0/0 (0 bytes/0 bytes) *In/out packets (pass)* 0/0 (0 bytes/0 bytes) *In/out packets (block)* 0/0 (0 bytes/0 bytes) *In/out errors* 0/0 *Collisions* 0 but i don't see any test234 network?!?! where could i have a look? greetings and thanks juergen ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Ok, here we go :) System Log Firewall: Feb 2 21:55:24hostapd: run0_wlan0: WPA rekeying GTK System Log System: Feb 2 21:55:10kernel: ugen1.2: Ralink at usbus1 (disconnected) Feb 2 21:55:10kernel: run0: at uhub1, port 2, addr 2 (disconnected) Feb 2 21:55:15kernel: ugen1.2: Ralink at usbus1 Feb 2 21:55:15kernel: run0: Ralink 11g Adapter, class 0/0, rev 2.00/1.01, addr 2 on usbus1 Feb 2 21:55:15kernel: run0: MAC/BBP RT3070 (rev 0x0201), RF RT2020 (MIMO 1T1R), address f0:7d:68:69:d6:b1 Feb 2 21:55:15kernel: run0: firmware RT2870 loaded and the inSSIDer thing isn't working here, not working with wine and no windows around. sorry. greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Setting up an Access Point with Dlink DWL-G122 USB
Hi, i'm trying to set up an AP with my Dlink DWL-G122. Im as far as: - setting up the device as ap - ifconfig -a shows the device WLAN interface (run0) Status up MAC address f0:7d:68:69:d6:b1 IP address 192.168.1.1 Subnet mask 255.255.255.0 Media autoselect mode 11g hostap Channel 6 SSIDtest234 In/out packets 0/0 (0 bytes/0 bytes) In/out packets (pass) 0/0 (0 bytes/0 bytes) In/out packets (block) 0/0 (0 bytes/0 bytes) In/out errors 0/0 Collisions 0 but i don't see any test234 network?!?! where could i have a look? greetings and thanks juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Block Rule doesnt work
Am 25.01.2012 20:13, schrieb David Burgess: On Wed, Jan 25, 2012 at 12:11 PM, Moshe Katzmo...@ymkatz.net wrote: He said he can access web pages so it's not even rejecting TCP. Thanks. I missed that. Jürgen, are you using a transparent proxy, like squid? I believe this will bypass your firewall rules for ports and interfaces that it listens on. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list hi, yes it seems that transparent squid was causing this problem. would it be a good idea to use 'Do not forward traffic to Private Address Space (RFC 1918) destination through the proxy server but directly through the firewall.' in the settings? greets and thanks juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Block Rule doesnt work
Am 25.01.2012 16:26, schrieb Moshe Katz: Try using Source: * (any) instead of Source: WLAN Net. It will only apply to WLAN traffic anyway because of which interface it applies to. It would be helpful for you to send the screenshot again WITH the left-most column - the icons OUTSIDE the table. Make sure your rules are actually block rules (red icons) and that they are enabled. I'm sorry if this sounds like a stupid question but did you make sure your IP address is not the one that is allowed through in the first rules? Moshe -- Moshe Katz -- mo...@ymkatz.net mailto:mo...@ymkatz.net -- +1(301)867-3732 tel:%2B1%28301%29867-3732 2012/1/25 Jürgen Echter j.ech...@echter-kuechen-elektro.de mailto:j.ech...@echter-kuechen-elektro.de Am 24.01.2012 12:58, schrieb Matthias May: Jürgen Echter wrote: Hi, maybe i'm doing something wrong. i have 3 interfaces, one for wan, one for lan and one for wlan. i don't want that wlan users have access to my lan. so i tell the firewall rule on the LAN interface to block everything from WLAN subnet, but i'm still able to receive different webpages hosted on the LAN. also i tried to tell the WLAN interface to block everything what has my LAN as destination, same effect. what's wrong? greets juergen ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Firwall rules go to the interface on which traffic is received. So if you want to block traffic from the WLAN interface to the LAN interface, then the rule has to go to the WLAN interface. Rules are processes from top to bottom and if a rule catches the rest below is no longer considered. Meaning if you have an allow rule above your block rule, the allow rule will always catch. Put your block rules all the way to the top. If that doesn't help, send a screenshot of your rules. (Overview, not the configuration of the rule itself). Greetings Matthias May ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ok, here's a screenshot from my rules. i want to block / reject access from wlan to lan. if i try from a box in the wlan to access a webpage from lan it just works. thats what i don't want :) greets. ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, yes i'm sure it's not the one i added there. The IP i added is reserved for my little eeePC. imho if i have wlan subnet as source it should be blocked, because im coming from wlan subnet. greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Block Rule doesnt work
Hi, maybe i'm doing something wrong. i have 3 interfaces, one for wan, one for lan and one for wlan. i don't want that wlan users have access to my lan. so i tell the firewall rule on the LAN interface to block everything from WLAN subnet, but i'm still able to receive different webpages hosted on the LAN. also i tried to tell the WLAN interface to block everything what has my LAN as destination, same effect. what's wrong? greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] AVM Fritz WLAN Stick and pfSense 2.0
Hi, has anyone ever succesfully connected a AVM Fritz WLAN USB-Stick to pfSense (for AP purposes)? working drivers for this stick are ar9170usb and carl9170. greets juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] (Re-)Creating SSL Certificate for WebGUI on PfSense 2.0
Am 30.12.2011 16:00, schrieb Jürgen Echter: Hi, could one explain me how to (re-)add a self signed cert for the webgui? I'd like to have a personalized one, and longer retention. Greets and a happy new year. -- Mit freundlichen Grüssen Jürgen Echter ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ok, i've got it. create a new cert -- change in advanced tab GUI ssl cert to the new one. thanks :) ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Unable to check for updates.
Am 25.12.2011 06:52, schrieb Mike Spooner: I have that too but if I type that url into a browser I get a 404 - Not Found page. I downloaded the 2.0.1 image and did a manual upgrade. But on a similar note, on my gui Dashboard under Version in the System Information widget, I see Unable to check for updates. This is with Nano i386 2.0.1 and I saw the same thing with 2.0. Do I need to tell it where to look for updates or do I need to create a rule to allow it to look for updates or do I just ignore that message? On Sat, 24 Dec 2011, Moshe Katz wrote: Here's what I have: http://updates.pfsense.org/_updaters Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 2011/12/24 Przemys?aw Pawe?czyk pp...@o2.pl On Sat, 24 Dec 2011 11:46:04 +0100 Eugen Leitl eu...@leitl.org wrote: You people with i386 2.0.1, what do you have in your Firmware Auto Update URL field? Nothing, as nothing works. Use Manual Upgrade d/loading from one the mirror sites: http://www.pfsense.org/mirror.php?section=updates I used Fleximus website but only RELEASE was accepted by my pfsense: pfSense-Full-Update-2.0.1-RELEASE-i386.tgz (I have been upgrading from 2.0.0.) Regards Przemys?aw Pawe?czyk ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, i have also http://updates.pfsense.org/_updaters as URL and currently im downloading via the update function version 2.0.1 (from 2.0.0) Cheers ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SIP client fails after a few days
Am 02.11.2011 12:26, schrieb Hans Maes: On 11/02/2011 06:03 AM, Chris Buechler wrote: On Wed, Nov 2, 2011 at 12:35 AM, Craig Drownli...@sussol.net wrote: Hi, we have a Linksys/Sipura SIP client behind pfSense 2 on an Alix board. Usually after about a week we can no longer make calls. Clearling pfSense states or a reboot fixes it, whereas a reboot of the Sipura box makes no difference, so it's something with pfSense. Couldn't see anything in the logs. Any ideas? What do the states look like? Tons of 2.0 boxes out there with VoIP behind them, including all ours, definitely not a widespread issue. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list There was an issue like this on pfsense 1.2.3 when you have a dynamic DSL WAN IP address, and your ISP forces a DSL disconnect and IP renew every few days. Not sure if this is fixed in 2.0 ? Basically, when your WAN IP changes the NAT states with the old WAN IP are not cleared from the state table. The SIP device looses its connection and starts reconnecting every 20 orso seconds as defined in the SIP protocol. This keeps the old state alive, and therefore it keeps using the incorrect old NAT'ed WAN IP. Again, this may be fixed in 2.0 but I have not tested that. In 1.2.3 there was a quickfix in some package that cleared SIP states on a WAN DHCP renew. More info: http://forum.pfsense.org/index.php/topic,18053.0.html Regards, Hans ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, we had a similar issue, we solved it by setting firewall optimizations to conservative. greetings Juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list