Re: [pfSense] Installation question
On 10 Jan 2015, at 03:09, k_o_l k_...@hotmail.com wrote: I’ve installed a second hard drive in my firewall the primary is running 2.1.5 and the secondary 2.2RC. How do I setup the firewall to allow my to choose between the two at boot? This is normally a function of the BIOS. If you go into the BIOS setup menu, you should find an option called ‘boot order’ or similar. Modify that to select your drive of preference to boot from. Some more modern BIOSes have a function key you can hit on startup to bring up a boot menu (often F10) that’ll allow you to select a boot disk on the fly, rather than having to go into the full menu system each time you want to make a change. Kind regards, Chris -- C.M. Bagnall This email is made from 100% recycled electrons ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Bagnall Sent: Friday, January 9, 2015 10:31 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Installation question I was thinking of more like a GRUB solution ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Installation question
I've installed a second hard drive in my firewall the primary is running 2.1.5 and the secondary 2.2RC. How do I setup the firewall to allow my to choose between the two at boot? Thank you, Sam ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.1.2-RELEASE up for testing
Any update to when the fix will be released?! -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler Sent: Wednesday, April 09, 2014 5:04 AM To: pfSense support and discussion Subject: Re: [pfSense] 2.1.2-RELEASE up for testing Scratch that - that just missed a commit for another security fix, it's rebuilding now. On Wed, Apr 9, 2014 at 3:48 AM, Chris Buechler c...@pfsense.org wrote: Normally we wouldn't put these out to the general public at this stage, but a few people are wanting the OpenSSL fix ASAP, and I already posted it to the forum. I've upgraded a handful of production systems and it seems fine, but still a number of things we'll verify before announcing it more widely and sending it to the mirrors and auto-update. I think this is what will become 2.1.2 release. https://files.pfsense.org/cmb/2.1.2-REL-testing/ also mirrored at: http://files.nyi.pfsense.org/cmb/2.1.2-REL-testing/ Those are signed and everything, just a matter of moving them into place if things test out fine. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Pfsense Firewall complete halt
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Matthias May Sent: Tuesday, October 08, 2013 4:12 PM To: list@lists.pfsense.org Subject: Re: [pfSense] Pfsense Firewall complete halt Am 06.10.2013 15:35, schrieb kol: Since upgrading from 2.1RC1 to 2.1-Release I have been experiencing intermittent forwarding halts, I also noticed access the web gui is also halted, I'm however able to access the FW via SSH and console, restarting webconfigurator doesn't solve the problem, no error on the console screen, or any log files that I can see, rebooting the firewall always fixes the problem. In the past few weeks I've tried both i386 and x64 with the same problem, any suggestions on how to solve or better track this problem? Here is my current build: 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:48 EDT 2013 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Are you running out of states? Not sure, the web interface comes to a halt also ( can't get back in), but doubt it, since the FW is for home use and has 4GB of mem ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] General question
From: Alan Worstell [mailto:aworst...@a-1networks.com] Sent: Monday, March 25, 2013 12:04 PM To: k_...@hotmail.com; pfSense support and discussion Subject: Re: [pfSense] General question Just hazarding a guess here, but based on it being those three sites, could it be all of those Share on Facebook! Post to Flickr! buttons that every page nowadays likes to put on the bottom? Alan Worstell A1 Networks - Systems Administrator VTSP, dCAA, LPIC-1, Linux+, CLA, DCTS (707)570-2021 x204 For support issues please email supp...@a-1networks.com or call 707-703-1050 On 3/25/13 8:38 AM, kol wrote: In my fw proxy logs I'm seeing a periodic connection form one of my PCs to facebook, flickr, and youtube around the same time, and it's happening every about 10 minutes, I have checked browser plugins, search for rouge software's, and scanned the pc to no avail. I was wondering if one of the members has a clue on what's going on. -Original Message- I see the issue even when all browser are shut down. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] General question
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Christoph Hanle Sent: Monday, March 25, 2013 2:45 PM To: list@lists.pfsense.org Subject: Re: [pfSense] General question On 25.03.2013 19:30 k_o_l wrote: I see the issue even when all browser are shut down. netstat -ano (Win) or -nlp on the source PC can bring you the solution. bye Christoph -Original Message- Nothing there, wireshark captures http sessions, but not sure what doing it since all my browsers are off. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Dansguardian balcklist update error
I can't find anything in the forum to help me fix the following error resulting from blacklist update, has anyone seen this before? pfsense php: /pkg_edit.php: The command 'chown -R clamav:nobody /usr/local/etc/dansguardian' returned exit code '1', the output was 'chown: /usr/local/etc/dansguardian/lists/blacklist.tgz: No such file or directory' ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfBlocker errors
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Waugh G Sent: Thursday, May 03, 2012 6:52 AM To: pfSense support and discussion Subject: Re: [pfSense] pfBlocker errors On 05/03/2012 05:32 AM, Chris Buechler wrote: Doesn't have any relation to how much RAM you have, it's dependent on your pfblocker config. Info here: http://forum.pfsense.org/index.php/topic,48716.0.html ___ I may be a little dense, and need a howto * empty/disable your lists * Increase Firewall Maximum Table Entries on system - advanced - firewall/nat * re enable pfblocker lists I disabled pfBlocker, Increased table entries enabled pfBlocker Same result. What am I missing? -- Gerald Same here ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfBlocker errors
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Waugh G Sent: Wednesday, May 02, 2012 3:02 PM To: pfSense support and discussion Subject: Re: [pfSense] pfBlocker errors On 05/01/2012 11:06 PM, k_o_l wrote: I'm getting the following errors after installing pfBlocker, I tried increasing the firewall maximum table size but still getting the errors, has anyone experience or has solution to this? There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table pfBlockerAsia: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerEurope: Cannot allocate memory /tmp/rules.debug:25: cannot define table pfBlockerNorthAmerica: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerOceania: Cannot allocate memory /tmp/rules.debug:29: cannot define table pfBlockerTopSpammers: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [21]: table pfBlockerAsia persist file /var/db/aliastables/pfBlockerAsia.txt I seem to be having the same trouble with pf Blocker. I tried fixing by adding to lists memory space. but no help. It was working perfectly when I had 1GB of ram, the problem only started after I upgraded to 2GB ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfBlocker errors
I'm getting the following errors after installing pfBlocker, I tried increasing the firewall maximum table size but still getting the errors, has anyone experience or has solution to this? There were error(s) loading the rules: /tmp/rules.debug:21: cannot define table pfBlockerAsia: Cannot allocate memory /tmp/rules.debug:23: cannot define table pfBlockerEurope: Cannot allocate memory /tmp/rules.debug:25: cannot define table pfBlockerNorthAmerica: Cannot allocate memory /tmp/rules.debug:27: cannot define table pfBlockerOceania: Cannot allocate memory /tmp/rules.debug:29: cannot define table pfBlockerTopSpammers: Cannot allocate memory pfctl: Syntax error in config file: pf rules not loaded The line in question reads [21]: table pfBlockerAsia persist file /var/db/aliastables/pfBlockerAsia.txt sam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [pfsense] dansguardian
Ryan, your solution worked just fine, but in addition I added a fw rule to catch all http (port 80) traffic and had it redirected to 8080, that way you don't need to change the proxy on the individual hosts From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue Sent: Thursday, April 26, 2012 6:40 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] [pfsense] dansguardian That's funny. It deleted all of the values. I cleaned it up a little and put the correct values in red From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue Sent: Thursday, April 26, 2012 5:24 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] [pfsense] dansguardian Mine is up and running, but I have to manually put the dansguardian port in the web browser as a proxy server. I do not have it working for transparent squid As you can see, most of the settings are default. These are the Dansguardian settings. (I hope you can read this). Daemon Listening Settings Enable dansguardian I agree with dansguardian Terms and Conditions. http://dansguardian.org/?page=copyright2 - Checked Listen Interface(s) LAN/loopback Listen port 8080 Daemon Options. softrestart Min/Max Children 8/120 Min/Max Spare Children 4/32 Prefork Children 8 Max Age Children 500 Max Ips 0 Parent proxy Settings Proxy IP 127.0.0.1 Proxy Port 3128 General Config Settings Auth Plugins Proxy-Basic Scan Options All with on in () Weighted phrase mode Singular = each weighted phrase found only counts once on a page Lower casing options Force lover case Phrase filter mode Use both Url cache number blank Url cache age blank SSL man in the middle Filtering CA none Cert webconfigurator default Content Scanner Content Scanners (antivirus) None freshclam frequency Every day Content scanner timeout 60 Content scan exceptions No Check ICAP URL Blank Misc Options Misc options. None In squid from top to bottom I have selected (squid won't paiste for some reason) Proxy Interface: LAN and Loopback Allow users = checked Blank until Enable Logging Enable logging = checked Log store = /var/squid/logs Log rotate = 90 Proxy port = 3128 ICP port = (blank) Visible hostname = localhost Anministrator email = admin@localhost Language = English X-Forward = no check Disable Via = no check Strip The rest is blank Upstream Proxy is totally blank and I am using no authentication for now. This may not be the best settings. If anyone has any suggestion, please let me know. I always look for ways to do things better. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [pfsense] dansguardian
Firewall: NAT: Port Forward: Interface: LAN Protocol: TCP Destination: ANY Destination port range: from http to http Redirect target ip: 127.0.0.1 Redirect target port : other 8080 Make sure it showing under the LAN segment in the correct order From: Ryan Rodrigue [mailto:radiote...@aaremail.com] Sent: Thursday, April 26, 2012 8:09 PM To: k_...@hotmail.com; 'pfSense support and discussion' Subject: RE: [pfSense] [pfsense] dansguardian This is excellent Ryan, how about the nat/firewall rules? Nothing special. Like I said. It really just works. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] [pfsense] dansguardian
I've installed squid and dansguardian in the hopes to get some filtering going, I even followed instructions highlighted below, however; my syslog keep showing dansguardian: Error connecting to proxy , I would appreciate it if anyone has any pointers for me. http://forum.pfsense.org/index.php?topic=42664.0 Sam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [pfsense] dansguardian
This is excellent Ryan, how about the nat/firewall rules? From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue Sent: Thursday, April 26, 2012 6:40 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] [pfsense] dansguardian That's funny. It deleted all of the values. I cleaned it up a little and put the correct values in red From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Rodrigue Sent: Thursday, April 26, 2012 5:24 PM To: 'pfSense support and discussion' Subject: Re: [pfSense] [pfsense] dansguardian Mine is up and running, but I have to manually put the dansguardian port in the web browser as a proxy server. I do not have it working for transparent squid As you can see, most of the settings are default. These are the Dansguardian settings. (I hope you can read this). Daemon Listening Settings Enable dansguardian I agree with dansguardian Terms and Conditions. http://dansguardian.org/?page=copyright2 - Checked Listen Interface(s) LAN/loopback Listen port 8080 Daemon Options. softrestart Min/Max Children 8/120 Min/Max Spare Children 4/32 Prefork Children 8 Max Age Children 500 Max Ips 0 Parent proxy Settings Proxy IP 127.0.0.1 Proxy Port 3128 General Config Settings Auth Plugins Proxy-Basic Scan Options All with on in () Weighted phrase mode Singular = each weighted phrase found only counts once on a page Lower casing options Force lover case Phrase filter mode Use both Url cache number blank Url cache age blank SSL man in the middle Filtering CA none Cert webconfigurator default Content Scanner Content Scanners (antivirus) None freshclam frequency Every day Content scanner timeout 60 Content scan exceptions No Check ICAP URL Blank Misc Options Misc options. None In squid from top to bottom I have selected (squid won't paiste for some reason) Proxy Interface: LAN and Loopback Allow users = checked Blank until Enable Logging Enable logging = checked Log store = /var/squid/logs Log rotate = 90 Proxy port = 3128 ICP port = (blank) Visible hostname = localhost Anministrator email = admin@localhost Language = English X-Forward = no check Disable Via = no check Strip The rest is blank Upstream Proxy is totally blank and I am using no authentication for now. This may not be the best settings. If anyone has any suggestion, please let me know. I always look for ways to do things better. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense product support lifecycle?
From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler Sent: Tuesday, April 24, 2012 4:41 AM To: pfSense support and discussion Subject: Re: [pfSense] pfSense product support lifecycle? On Tue, Apr 24, 2012 at 3:46 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 24.04.2012 09:32, schrieb Chris Buechler: Nothing formal. To date, once we put out a new release, all prior releases will not get any updates. That will probably especially be true going forward, with much shorter release cycles than we had from 1.2.3 to 2.0, and much fewer changes, hence much less risk of upgrading. In that case, I'm really curious if in-place upgrading will work for me on the newer releases... otherwise I see a lot more work headed my way. :-/ It works in virtually all circumstances and always has. 1.2.3 to 2.0 was a rough upgrade path because pretty much every single portion of the system had massive changes introduced that included configuration upgrade code, but even at that, at release time the vast majority of installs upgraded with no issues at all. 2.0.1 incorporated a few fixes for 1.2.3 to 2.x upgrades. I'm not aware of any circumstance since then that won't upgrade correctly, with the only exception being uncommonly used OpenVPN custom options a very few people used on 1.2.3 that conflict with those used out of the box on 2.x. If any release in our history would have justified additional maintenance releases it would have been 1.2.x because of the vast differences going to the next release. We'll never have another release with even a tenth the amount of changes that entailed. If some serious security issue on 1.2.3 would have come out shortly after 2.0 release we would have considered an additional 1.2.x release depending on specifics. And I can see doing something similar in the future depending on the conditions involved. Anything that is easily remotely exploitable would raise things to a level that it would possibly make that doable. Depends on the component involved. If for instance post-2.1 some major PHP 5.2 issue comes out that has no resolution aside from upgrading to PHP 5.3 (5.2 is end of life, though at this point we'd probably figure out a way to patch it for a 2.0.x rather than upgrading), you'd be safer running 2.1 which has been fully and widely tested on PHP 5.3 (which required a number of changes) than you would a security updated 2.0.x on PHP 5.3 that didn't have pre-release time for widespread community and internal QA. In that case we probably wouldn't release a 2.0.x update because it'd be more risky than upgrading to 2.1. ___ -Original Message- Chris, Don't you have a way to track which release is being used the most and tailor support accordingly ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] [pfesene] openVPN presistent client IP
Forgive me if this been covered in the forum but I couldn't find it. I would like for my openvpn clients to use the same ip every time they connect to server, static ip is not an option, and ifconfig-pool-persis doesn't seem to work. Any help would be greatly appreciated. Thanks, Sam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2.0-RELEASE now available!
Congratulations! -Original Message- From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler Sent: Saturday, September 17, 2011 2:58 PM To: pfSense support and discussion Subject: [pfSense] 2.0-RELEASE now available! for those who don't watch the blog: http://blog.pfsense.org/?p=598 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list