[pfSense] 502 Bad Gateway
This morning I logged into the router to bring up the dashboard as I usually do. I began my day and some time later I revisited the dashboard to check on things and I get a 502 bad gateway error. I did not make any changes to the config at all today. From the beginning I did enable https login and so when I attempt to login I do get the certificate notice. Once I accept that I then get the 502 bad gateway error with a nginx underneath it. The router has been up about 5 days. Before I posted this I did a search and found this was a common issue. Was 2.3.2 supposed to fix this? I do have openvpn and IPSec widgets enabled on the dashboard. Should they be turned off? What about the OS update engine? Thanks for your help. Paul ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] IPSec log comments
I noted installed packages I backed up my configuration xml, 2.2.4 I replaced hard disk with SSD Installed fresh 32-bit 2.3.2 Installed packages imported config The 3 openvpn clients logged back in with no problem and tunneled VOIP phones logged back in as well. My guest network was unable to reach the internet until I added a line to rules. Not quite sure why it worked with 2.2.4 but did not in 2.3.2. Nonetheless, the pass !LAN statement worked. The only things I am noticing so far is that when I change any preference in the dashboard, the traffic graphs fall back to only showing the WAN traffic. Resetting the traffic graph prefs works until I change a different dashboard pref. The more important is the IPSec log file. The only IPSec config is the mobile client. Here is what I am seeing in the the log when no one is connected. Jul 28 12:01:08 charon 14[CFG] vici client 891 disconnected Jul 28 12:01:08 charon 14[CFG] vici client 891 requests: list-sas Jul 28 12:01:08 charon 10[CFG] vici client 891 registered for: list-sa Jul 28 12:01:08 charon 14[CFG] vici client 891 connected Jul 28 12:01:02 charon 08[CFG] vici client 890 disconnected Jul 28 12:01:02 charon 08[CFG] vici client 890 requests: list-sas Jul 28 12:01:02 charon 08[CFG] vici client 890 registered for: list-sa Jul 28 12:01:02 charon 14[CFG] vici client 890 connected Jul 28 12:00:51 charon 14[CFG] vici client 889 disconnected Jul 28 12:00:51 charon 08[CFG] vici client 889 requests: list-sas Jul 28 12:00:51 charon 08[CFG] vici client 889 registered for: list-sa Jul 28 12:00:51 charon 08[CFG] vici client 889 connected Jul 28 12:00:44 charon 08[CFG] vici client 888 disconnected Jul 28 12:00:44 charon 09[CFG] vici client 888 requests: list-sas Jul 28 12:00:44 charon 12[CFG] vici client 888 registered for: list-sa Jul 28 12:00:44 charon 12[CFG] vici client 888 connected Jul 28 12:00:28 charon 12[CFG] vici client 887 disconnected Jul 28 12:00:28 charon 09[CFG] vici client 887 requests: list-sas Jul 28 12:00:28 charon 09[CFG] vici client 887 registered for: list-sa Jul 28 12:00:28 charon 07[CFG] vici client 887 connected What might be generating these log messages? Googling did not bring anything specific on what it is or how it might be settled down, if it can be. Thanks for your time. P ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Connect pfSense as client to a Hotel WLAN?
I have had pretty good success simply using a Asus RT-N16 or a Linksys WRT54GL router running Tomato open source firmware. You can either wireless client or wireless bridge to the hotel and create a second wireless and/or wired network for yourself. Since Tomato has openVPN already built-in, it tunnels whatever clients are attached to router. Yes there may be some wireless performance to take into consideration but in my experience when I had slow performance at the hotel, it was not because of my router. Since Tomato is open source, you can anticipate continued development. Paul On Jul 29, 2015, at 8:59 PM, Ray r...@renegade.zapto.org wrote: I travel a lot and today hotels only provide WLAN access. Ethernet ports in hotel rooms are relics of the past. I solved this problem by using a Mac to connect to the Hotel WLAN and then select Share my Intenet (WLAN) connection to Ethernet in the Sharing control panel. When I then connect the ALIX WAN interface to my Mac using a cable, things again work nicely, but I effectively block a Mac as router that I would rather carry around. My thought was throw a second ALIX box at the problem and make that one connect as client to the hotel's WLAN, then plug the two ALIX's together with a short cable. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Access Point Recommendations?
Probably get flamed for this but my experience has been positive. Purchase a router that is capable of running Tomato, preferably Toastman or Shibby. I still use a $15 ebay Linksys WRT54GL that is rock solid and with Tomato it includes built in OpenVPN software to connect to pfsense at the office. Paul On Jul 17, 2015, at 10:45 AM, Chuck Mariotti cmario...@xunity.com wrote: We are having a number of issues with Engenius Access Points... they seems to have the features we need but for some reason, connectivity is not reliable (seems Mac related). As much time as I would like to spend debugging it, it would be cheaper to replace. Does anyone have any recommendations for small office access points? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Dashboard Width
All, Am I doing something wrong or is the current dashboard themes limited to 2 columns across? With computer screens being wider than taller, it would be nice to be able to have a 3rd or 4th row of data rather than scrolling up and down. Just curious. Thanks. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Dashboard Width
That is working better, thanks for the tip. I apologize that I gave up on the themes because fs was the last one and all the previous were limited to 2 columns. Thanks again. On Jun 30, 2015, at 11:42 AM, Jim Pingle li...@pingle.org wrote: Change your theme to pfsense_ng_fs from System General and then you can add columns and then add widgets to those columns. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] testing email
As did I. Paul On Apr 8, 2015, at 2:14 PM, Doug Lytle supp...@drdos.info wrote: Had to re-enable my account this AM ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bogon networks
I had a coworker that uses an ISP at home that obtained a new block that was listed in the bogon list. I sent an email to the bogon list curators and informed them that a now legit IP block was being blocked. It took maybe 24 hours, but the block was removed and bogons could be re-enabled on pf. On Sep 28, 2014, at 6:59 AM, Andrew Mitchell andrew.k.mitch...@att.net wrote: My company has just recently been assigned it's own block from ARIN. We have a handful of pfSense boxes we need to connect to from that block. I have noticed we can't when Block bogon networks is enabled on the WAN interfaces. Interestingly enough I also noticed that our block can't connect to updates.pfsense.org as well. Any thoughts, ideas, advise or thoughts would be greatly appreciated. Thanks, Drew ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
Bruce, thanks for your reply. I have looked at that page already to verify my initial settings were correct, and they are. It is the final tweak that I am trying to locate. I just don’t understand why simply turning NAT-T on or off would completely eliminate the login prompt. Paul Galati paulgal...@gmail.com On Aug 22, 2014, at 11:26 AM, Bruce A. Mah b...@kitchenlab.org wrote: If memory serves me right, Paul Galati wrote: Anybody on the list using Mac OS X 10.6 or later and the built in Cisco IPSec Client connecting to pfSense with any reliability? I've had this working (with at least Mac OS 10.8 and 10.9 and iOS 6 and 7, with their built-in IPsec clients) on pfSense 2.1.x, following a modified version of these instructions: https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 Unfortunately it's been quite awhile since I set this up, and I don't remember the changes I had to make for newer versions of pfSense (they weren't major however, and mostly had to do with UI changes in pfSense rather than IPsec functionality). Once I flailed around with the initial setup, it Just Works (tm). Hope this helps, Bruce. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
Bryan and all, Thanks for the info. I will look into this and see if I can provide some useful info to share. Paul Galati paulgal...@gmail.com On Aug 20, 2014, at 1:59 PM, Bryan D. pfse...@derman.com wrote: I've not used the OS X client, but (just having had a quick look at it), it appears to be similar to the iOS client (same code base?). As such, some of the information on a large posting I did about setting up IPSec VPN may help (http://www.derman.com/blogs/Setting-Up-iOS-OnDemand-VPN). Specifically, there's some info on preventing the Xauth password from being prompted for during each connection -- see in section 2.b) Connection behavior on http://www.derman.com/blogs/iOS-IPSec-VPN-OnDemand-Setup. It's quite possible that using the indicated strategies (i.e., using the Apple Configurator and manually editing the profile XML) would also work with OS X. If you try it and it does, please post a comment on the site (and elsewhere?) so others can also benefit. Bryan D. http://www.derman.com/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
Bryan, Setting everything up like you have documented, great directions btw, did not change my end result. If I disable NAT-T, I am prompted for a password every time and it does connect but fails to route anywhere. If I enable NAT-T, it works as advertised IF I somehow get prompted for a password. I never know when I will get a prompt for a password. I can’t find a relationship or reason as to why it works or not even when I did not make any changes for several days. I am now investigating the certificate part of your documentation to see if that makes any difference on the Mac OS X side. Not really planning to do VPN on the phone, yet. Thanks for your help. If that doesn’t work, I guess the next step would be to try a software openvpn client. Paul Galati paulgal...@gmail.com On Aug 20, 2014, at 1:59 PM, Bryan D. pfse...@derman.com wrote: I've not used the OS X client, but (just having had a quick look at it), it appears to be similar to the iOS client (same code base?). As such, some of the information on a large posting I did about setting up IPSec VPN may help (http://www.derman.com/blogs/Setting-Up-iOS-OnDemand-VPN). Specifically, there's some info on preventing the Xauth password from being prompted for during each connection -- see in section 2.b) Connection behavior on http://www.derman.com/blogs/iOS-IPSec-VPN-OnDemand-Setup. It's quite possible that using the indicated strategies (i.e., using the Apple Configurator and manually editing the profile XML) would also work with OS X. If you try it and it does, please post a comment on the site (and elsewhere?) so others can also benefit. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfsense, IPSec, and Mac OS X
Anybody on the list using Mac OS X 10.6 or later and the built in Cisco IPSec Client connecting to pfSense with any reliability? I am having a heck of a time getting the expected result. I have a couple users that want to connect via IPSec and use the CUPC client to make phone calls. When I initially setup the server and client according to different how-to’s on the web, I was able to connect and reach the internet as well as the internal networks and make phone calls. Later that same day without changing a single piece of configuration, I am unable to connect because the negotiation failed. It continues to not respond for many hours but at some point starts to respond again. I have not been able to formulate proof of reason. If I simply turn off NAT-T in Phase 1, I am able to connect every time I have tried BUT, I am not able to reach anything on the remote side despite receiving a valid IP address from the mobile client config. I believe I have the appropriate config in the rules for IPSec and LAN but I am not having much luck. Anybody have any insight that might be useful for me? I have some openVPN questions too but that will wait until IPSec is done. Thanks, Paul ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense, IPSec, and Mac OS X
The only config that reaches the internet is having NAT-T on but trying to connect to ipsec initially is the problem. With NAT-T off it connects every time but cannot reach anything. On Aug 19, 2014, at 7:06 PM, Ryan Coleman ryanjc...@me.com wrote: I had been before I was relieved of my duties 8 months ago. It does work but I have little to suggest to you at ht moment. On Aug 19, 2014, at 16:19, Paul Galati paulgal...@gmail.com wrote: Anybody on the list using Mac OS X 10.6 or later and the built in Cisco IPSec Client connecting to pfSense with any reliability? I am having a heck of a time getting the expected result. I have a couple users that want to connect via IPSec and use the CUPC client to make phone calls. When I initially setup the server and client according to different how-to’s on the web, I was able to connect and reach the internet as well as the internal networks and make phone calls. Later that same day without changing a single piece of configuration, I am unable to connect because the negotiation failed. It continues to not respond for many hours but at some point starts to respond again. I have not been able to formulate proof of reason. If I simply turn off NAT-T in Phase 1, I am able to connect every time I have tried BUT, I am not able to reach anything on the remote side despite receiving a valid IP address from the mobile client config. I believe I have the appropriate config in the rules for IPSec and LAN but I am not having much luck. Anybody have any insight that might be useful for me? I have some openVPN questions too but that will wait until IPSec is done. Thanks, Paul ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] How can this be done?
Tomato and possibly DD-WRT firmware make great travel routers as well inexpensive openvpn clients for pfsense. On Jul 31, 2014, at 10:15 PM, Moshe Katz mo...@ymkatz.net wrote: On Thu, Jul 31, 2014 at 8:44 PM, Kenward Vaughan kay_...@earthlink.net wrote: In my quest to set up a computational lab at my school, the IT department has offered us the freedom to create this specialized lab as long as we aren't hooked up to the school's network--we are to be completely isolated. They have no one to maintain it software-wise (we will be doing that), and (I believe) fear security breaches, etc, emanating from there. They would allow us to go outside through the Wifi spots, though, as long as it is through the open (insecure) side. There is an accessible secure (internal) network as well. Is there a way to set up pfSense either on the internal server or a separate Internet side box to control outbound traffic by having it sign into that network then having the other machines have access? I'm not any sort of network person (self-taught in Linux/computers in general), so please accept my apology up front if this is an idiotic question. Thanks! Kenward As Adam said, yes this can be done. Also as Adam said, it's probably a good idea to ask someone with a little bit of network experience. The only thing I have to add over Adam's reply is that, yes, pfSense should natively be capable of using a WiFi connection as its WAN and a wired network connection as its LAN. If you set the WiFi interface to Infrastructure (BSS) mode, it will connect to an existing wireless network. The only caveat is that you need to make sure your wireless card is one of the properly supported ones - otherwise you might end up with intermittent dropouts and all kinds of unexplained problems. Again, as Adam said, doing it this way really should be your last resort, just because there are too many things that could go wrong with it. Finally, I should note that all of this is true on paper, and I have not actually tested it myself in the field - I don't have a spare wireless card. If all of Adam's other suggestions don't work, and you really need to go with WiFi, Adam's other idea about using a travel router is actually something I have done in practice at a construction site - the travel router and a pfSense box are in the construction trailer connected to each other by Ethernet, the travel router connects to a wireless network coming from offsite, and the pfSense box sees the travel router as just another regular network connection. Performance was as good as could be expected from long-range WiFi - poor, to say the least, but that was because of WiFi signal strength, not because of the setup itself. I used an Apple Airport Express as my travel router, but there are others that may work better - and the Airport Express is very hard to troubleshoot because it has no web interface. Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Bogon List
My pfsense box is connected to the edge and has a public IP address, so private and bogons are checked. It s the end user that appears to be on an ISP that is using a private IP one hop upstream from his personal router. When his packets reach the public internet, it appears to come from 216.14.x.x. My question is why IP 216.14.x.x is being caught by the bogon filter even though it is not listed in CYMRU’s database. Paul Galati paulgal...@gmail.com On May 23, 2014, at 2:37 AM, Seth Mos seth@dds.nl wrote: Make sure that the WAN does not block private networks. You need this explicitly off if your WAN is a private address. The Bogon list is from CYMRU. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Bogon List
Dave, Thanks for the location of the bogon list, did not know it was accessible locally. That is a great help for future use. All, Thanks for the info. As stated before, 216.14.64.0/20 is listed in the bogon list. Translating that using an subnet calculator that is 216.14.64.1 - 216.14.79.254 The end users address is 216.14.79.x which is right at the tale end of that bogon list. I will try to contact either Current (ISP) or Cymru to determine is the subnet scope should be adjusted. I assume Current gained access to the class C and making it known may have fell through the cracks. Anyway, thanks again for your assistance. Paul Galati paulgal...@gmail.com On May 23, 2014, at 3:09 PM, Dave Warren da...@hireahit.com wrote: It might not hurt to check Diagnostics -- Tables to see if the IP is listed there. I had a weird scenario a few days ago, an alias previously contained a mix of hostnames and IP addresses, several of which were removed. A period of days later, I noticed that the table still included the IP addresses resolved from the hostnames (but the IPs that were listed as IPs had been removed). I verified that Aliases changes had been applied, which they had. I then added a new hostname to the list, it was added to the table, while the existing IPs remained. I can't reproduce it on demand, but it was a fairly small alias list so I verified every entry by hand, the bad data was there (and seemed to want to stay there), so it makes me wonder if other lists could be subject to the same phantom entries? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Bogon List
Hello all, I have a user that is coming in from 216.14.x.x and is getting stopped at the firewall by the bogonimator. I tried looking for an accurate list of the IPs still on the list but all the lists I found does not have this number listed. I changed the bogon update from weekly to daily in hopes that maybe there was stale cache that might get updated and resolve the issue if it was in the window. Where does pfsense obtain this list and is this IP on the list or could it be something else? Turning off boron allowed him to log in. Re-enabling bogon created a block entry in the log and denied him entry. The ISP is called Current, and the provide residential internet through the power lines. The end user did have a power outage 8 days ago but has worked without issue prior. I cannot say what his public IP was at that time but it does appear that there is a double-nat before he hits the public internet. I skyped into his computer and looked at the WAN address of his router and saw a 10.30.x.x address instead of the public number listed above. I assume that is irrelevant to this conversation. Your thoughts are appreciated. Paul ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] The Heartbleed Bug, CVE-2014-0160
So what version of OpenSSL is running on 2.1.0? Sorry if this has been answered already. Thanks for your time. Paul Galati paulgal...@gmail.com On Apr 8, 2014, at 7:59 AM, b...@todoo.biz wrote: You would notice that this bug concerns OpenSSL : • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable • OpenSSL 1.0.1g is NOT vulnerable • OpenSSL 1.0.0 branch is NOT vulnerable • OpenSSL 0.9.8 branch is NOT vulnerable If you are on the latest version of pfSense the version is : OpenSSL 0.9.8y 5 Feb 2013 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] (no subject)
Is that why I didn’t get pfsense email for about a week and then got flooded this morning? Paul Galati paulgal...@gmail.com On Mar 19, 2014, at 2:56 PM, Jim Thompson j...@smallworks.com wrote: Chris had to rebuild lists.pfsense.org, as one of the databases became corrupted. You might have gotten added in that process. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] (no subject)
Should I be seeing my own messages come back to me? I see that you have read and replied, but I never got my original back. Is Null the default setting when posting to this list? Thanks for your help and great product. Paul Galati paulgal...@gmail.com On Mar 19, 2014, at 3:23 PM, Chris Buechler c...@pfsense.org wrote: It wasn't quite a week, but yes, see my last post for more details. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] (no subject)
Interesting. I am using Apple’s Mail app in Mavericks to access gmail.com via IMAP. Part of the sync process gmail does include a folder called archive. My original message is in that folder but not in my mailbox. I guess some listservs work differently. I always thought that my messages were being moderated for some reason. Thanks for the clarification. Paul Galati paulgal...@gmail.com On Mar 19, 2014, at 3:34 PM, Chris Buechler c...@pfsense.org wrote: Normally yes, but with gmail accounts using the web front end, no. Gmail automatically ignores the message from the list that gets sent back to your address, for all mailing lists where it understands that it's a list (and they know mailman, the mailing list software we use). With IMAP or POP3 clients on Gmail you will see your own posts come through as a separate message in most mail clients. With Gmail otherwise, you have to check the list archive to verify it was sent. That isn't something that's changed recently. Gmail started doing that in roughly 2006-2007 IIRC (I've been using it since 2004). Prior to that change, you would have that list thread pop up into your inbox as unread when your own message went through. That's not something that's controlled by the mailing list, and I don't think it's something you can configure on the Gmail side. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Apple Messages Blocked
Here is an update to my situation now that I have tried a few things. If I am reading this correctly, Apple’s Messages app does NOT do screen sharing or video sharing on its own iMessage platform. If you request video sharing, that is handed off to the FaceTime app. If you have a jabber, AIM, or Google Talk account configured and active, you can screen chat and video chat within the messages app. I am an arse because I assumed that when I clicked either the video chat or the screen chat icon in messages, I was using Apple’s iMessage service to make the connection. It turns out that I was actually initiating the use of Google Talk. So that got me thinking. I put both client computers on the same network and opened the FaceTime app on both. Called each other and they both worked great. I then put a client on the pf network and tried again. They both worked as well, hmmm. I put the 2 clients back on the same network, disabled iMessage, and tried to do video chat which defaulted to use Google Talk, that worked as expected. Now, back to the pf box, I have 3 interfaces, WAN, LAN, and GUEST. If I put one client on Lan and the other on Guest, the FaceTime app connects properly as you were reporting. That does not allow me to do screen sharing since FaceTime uses the iMessage transport and does not support screen sharing. Having both clients on the LAN interface using Messages with Google Talk does work as hoped. What does not work is Google Talk with one client on LAN and the other client on GUEST, which effectively created the same problem as I initially requested assistance for. So now I am off to see what Google Talk is doing during the handshake that causes it to fail between interfaces on the pf box. What logs would indicate what is being blocked? Thanks for your time. Paul Galati paulgal...@gmail.com On Jan 14, 2014, at 3:01 PM, Paul Galati paulgal...@gmail.com wrote: I have tried searching the forums for find a fix to allow Apple Messages app to successfully connect using Audio, Video, or Screen Sharing. Unfortunately I have not found a solution. It seems the port number is different each time I view the logs. Has anyone been able to resolve this or similar issue? The initial connection does work (ringing the bell) but when I accept the invite, it fails to start the actual stream. I am using the Jabber protocol with gmail since both parties have gmail accounts. Is it possible to temporarily create a DMZ to a specific private IP address to allow the service to connect and view the logs to understand what ports are needed to make this work safely. Any suggestions would be greatly appreciated. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Apple Messages Blocked
I must have something misconfigured. Since I was not able to successfully create the right NAT and/or RULES to make this work, I decided to change the IP address of the client behind the pf firewall to a static address that does have a 1:1 NAT. Now I am not able to get DNS replies, the browser says Looking up host and fails. I am trying to configure this pf box to go live in a couple weeks. I do have a server with a static 1:1 NAT that is working properly, but for whatever reason a what I thought was an identical NAT/RULE except the IP address is not resolving DNS, even if entered manually at the client. I am obviously doing something wrong. I tried enabling UPNP but that did not change the end result. FaceTime rings the recipient, but they both time out waiting for a response from the other computer. Other suggestion would be greatly appreciated. I will report back if I find what is causing this not to function properly. Thanks. Paul Galati paulgal...@gmail.com On Jan 15, 2014, at 4:09 PM, Bruce A. Mah b...@kitchenlab.org wrote: I *don't* have UPnP turned on, but Messages and Facetime seem to Just Work (TM) for me on devices on my home network (behind a pfSense 2.1 box). ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Apple Messages Blocked
I have tried searching the forums for find a fix to allow Apple Messages app to successfully connect using Audio, Video, or Screen Sharing. Unfortunately I have not found a solution. It seems the port number is different each time I view the logs. Has anyone been able to resolve this or similar issue? The initial connection does work (ringing the bell) but when I accept the invite, it fails to start the actual stream. I am using the Jabber protocol with gmail since both parties have gmail accounts. Is it possible to temporarily create a DMZ to a specific private IP address to allow the service to connect and view the logs to understand what ports are needed to make this work safely. Any suggestions would be greatly appreciated. Paul Galati paulgal...@gmail.com ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
