Re: [pfSense Support] IPSEC
Bryan Derman wrote: If curl is available on the development disk (or somewhere) and was installed on the production version, the script could easily be modified login as root and install it thus? # curl curl: Command not found. # pkg_add -r curl Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-6.2-release/Latest/curl.tbz... Done. # rehash # curl -I www.google.com HTTP/1.1 302 Found Location: http://www.google.co.uk/ Cache-Control: private Set-Cookie: PREF=ID=3edd03dd328b5c04:TM=1204632103:LM=1204632103:S=YYPAA8zXB5IAp1wM; expires=Thu, 04-Mar-2010 12:01:43 GMT; path=/; domain=.google.com Content-Type: text/html Server: gws Content-Length: 221 Date: Tue, 04 Mar 2008 12:01:43 GMT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: Typo in 1.2 Release RRD?
Ugo Bellavance wrote: Jason J. Ellingson wrote: I see on my RRD graphs for traffic (haven't looked elsewhere yet)... that the last 6 month graph is showing Nov twice and skipping Feb. At the bottom of the graph, I see: Sep Oct Nov Nov Dec Jan Mar Perhaps just mine doing this? I had this pfSense box offline for about 25 days (mid Jan to mid Feb) to test a different box. - Jason Same here, 1.2 RELEASE sorry, but we don't have this machine started as 1.2rc2, upgraded each time and now on 1.2-release - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] How can I use more, than 5 NIC ?
Hi. I'm a novice in FreeBSD, please, help me to understand, where is a trouble. I have a x86 system (Intel 865 based) with 1 onboard NIC (Rtl8139-based) and 5 PCI NICs (all Planet, 8139-based too). After start 1.2 show me as few as 5 interfaces, 4 from PCI NICs and 1 onboard (according to MACs). Is it standard trouble for FreeBSD (more start parameters needed) or pfsense limitations. LiveCD and HD-install versions tried :( Sorry for my English. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing further info
Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesnt seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] icon
The web browser shows the three circle of pfsense branded icon. Where is this stored and how can it be branded with my own icon using a file called say... garg.ico?
RE: [pfSense Support] Load Balancing further info
load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Tue, 4 Mar 2008 16:50:26 +0200 Subject: [pfSense Support] Load Balancing further info Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesn’t seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.comCONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Helping your favorite cause is as easy as instant messaging. You IM, we give. http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
RE: [pfSense Support] icon
Thanks Tom. This pfsense story just gets better and better all the time. Tim Dickson [EMAIL PROTECTED] wrote:On a side note, Youll also see a themes folder, copy one of those folders down edit to your hearts desire and then reupload with a new name. Youll then have a custom them for your firewall that you can select from your GUIs drop down list. -Tim From: Tim Dickson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 10:28 AM To: support@pfsense.com Subject: RE: [pfSense Support] icon This is the favicon Use WinSCP to connect to your firewall using root as the username and your gui password as the password. Browse to \USR\LOCAL\WWW Youll see favicon.ico in there overwrite and when you browser refreshes its favicon list youll have your new icon! -Tim From: Anil Garg [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 9:41 AM To: support@pfsense.com Subject: [pfSense Support] icon The web browser shows the three circle of pfsense branded icon. Where is this stored and how can it be branded with my own icon using a file called say... garg.ico?
[pfSense Support] DMZ
Progressing to DMZ with pfsense. Say we have a WAN with 203.xxx.xxx.201 (IP provided by the IS) Gateway is 203.xxx.xxx.001 DNS1 is 203.xxx.xxx.002 DNS2 is 203.xxx.xxx.003 LAN is 192.168.1.1/24 with NO DHCP Not bridged to any interface One server is configured as 192.168.1.10/32 Gateway 192.168.1.1 DNS 192.168.1.1 DMZ is 192.168.100.1/24 with NO DHCP Not bridged to any interface One DMZ server is configured as 192.168.100.10/32 Gateway 192.168.100.1 === Is this correct? DNS 192.168.100.1 === Is this correct? Am I right in assuming that after the firewall rules are applied 203.xxx.xxx.201 and 192.168.1.1 and 192.168.100.1 are all same address of the firewall itself Sorry if this is stupid question. Best Anil Garg
[pfSense Support] Disable the userland FTP-Proxy application
Is there any harm in Disable the userland FTP-Proxy application ?? Where can I read about this? Thanks Anil Garg
[pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router)
First let me say that I love PF and am using it enough that I'm considering the standard support contract, but I'm not quite there yet so I still need community support. I've got a dual-wan setup and I want to cause traffic between an internal machine, and external machine to occur over WAN2 (I could use source or destination as criteria). Both public IPs would share a gateway so I've put a NAT device on WAN2 and connected the modem to it so now both WAN ports are on different subnets. (more) With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start a packet capture on WAN2 (I found this while trying to troubleshoot). Why would this be? Anyone got the time and know-how to help me troubleshoot this? Here's my setup. Hope the art comes through decently. The reason for the SpeedStream device is because otherwise both WAN interfaces would have the same gateway IP and I read that is unacceptable for a dual-wan config. | WAN 67.x.x.12 | Cable Modem1 | | | pfSense 1.2| | LAN 192.168.1.0 | | | | SpeedStream 2601 for NAT | | WAN2 192.168.0.2 |-- | 192.168.0.1 |-- Cable Modem 2 I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 goes through WAN2 (I can use source, destination, or both). Outbound NAT is set to Automatic and has only the default LAN rule in place. I have added a LAN rule, but instead of trying to communicate what it is and confirm it's right, I think it would be faster if someone could tell me what it should be (at least one of the options), and I'll just use that. ANYthing else I haven't mentioned, I likely don't know about and need pointed out. Thanks in advance, and I'm loving 1.2. The upgrade was flawless. Mike
RE: [pfSense Support] DMZ
They are all the firewall itself, yes. But they are all different interfaces - keep that in mind when you get to your rules. Pfsense processes rules as they enter the interface, so once you are in you can go anywhere -Tim From: Anil Garg [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 4:37 PM To: support@pfsense.com Subject: [pfSense Support] DMZ Progressing to DMZ with pfsense. Say we have a WAN with 203.xxx.xxx.201 (IP provided by the IS) Gateway is 203.xxx.xxx.001 DNS1 is 203.xxx.xxx.002 DNS2 is 203.xxx.xxx.003 LAN is 192.168.1.1/24 with NO DHCP Not bridged to any interface One server is configured as 192.168.1.10/32 Gateway 192.168.1.1 DNS 192.168.1.1 DMZ is 192.168.100.1/24 with NO DHCP Not bridged to any interface One DMZ server is configured as 192.168.100.10/32 Gateway 192.168.100.1 === Is this correct? DNS 192.168.100.1 === Is this correct? Am I right in assuming that after the firewall rules are applied 203.xxx.xxx.201 and 192.168.1.1 and 192.168.100.1 are all same address of the firewall itself Sorry if this is stupid question. Best Anil Garg
RE: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router)
You need to use Manual Outbound NAT, and add a rule above the default rule that has the source address of your machine, destination * *, and then select the address of your WAN2 interface. Dimitri Rodis Integrita Systems LLC From: Michael Richardson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 4:54 PM To: support@pfsense.com Subject: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router) First let me say that I love PF and am using it enough that I'm considering the standard support contract, but I'm not quite there yet so I still need community support. I've got a dual-wan setup and I want to cause traffic between an internal machine, and external machine to occur over WAN2 (I could use source or destination as criteria). Both public IPs would share a gateway so I've put a NAT device on WAN2 and connected the modem to it so now both WAN ports are on different subnets. (more) With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start a packet capture on WAN2 (I found this while trying to troubleshoot). Why would this be? Anyone got the time and know-how to help me troubleshoot this? Here's my setup. Hope the art comes through decently. The reason for the SpeedStream device is because otherwise both WAN interfaces would have the same gateway IP and I read that is unacceptable for a dual-wan config. | WAN 67.x.x.12 | Cable Modem1 | | | pfSense 1.2| | LAN 192.168.1.0 | | | | SpeedStream 2601 for NAT | | WAN2 192.168.0.2 |-- | 192.168.0.1 |-- Cable Modem 2 I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 goes through WAN2 (I can use source, destination, or both). Outbound NAT is set to Automatic and has only the default LAN rule in place. I have added a LAN rule, but instead of trying to communicate what it is and confirm it's right, I think it would be faster if someone could tell me what it should be (at least one of the options), and I'll just use that. ANYthing else I haven't mentioned, I likely don't know about and need pointed out. Thanks in advance, and I'm loving 1.2. The upgrade was flawless. Mike
[pfSense Support] CARP Documentation
Several recent forum posts regarding CARP refer to the following page: http://doc.pfsense.org/index.php/Setting_up_CARP_with_pfSense When I go to that page, it says: There is currently no text in this page, you can search for this page title http://doc.pfsense.org/index.php/Special:Search/Setting_up_CARP_with_pf Sense in other pages or edit this page http://doc.pfsense.org/index.php?title=Setting_up_CARP_with_pfSenseact ion=edit . Where'd the CARP doc go? Dimitri Rodis Integrita Systems LLC
Re: [pfSense Support] CARP Documentation
On 3/4/08, Dimitri Rodis [EMAIL PROTECTED] wrote: Several recent forum posts regarding CARP refer to the following page: http://doc.pfsense.org/index.php/Setting_up_CARP_with_pfSense [snip] Try http://olddoc.pfsense.org/index.php/Setting_up_CARP_with_pfSense Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router)
So a LAN rule with the gateway for WAN2 selected, AND the outbound-nat rule are both needed? _ From: Dimitri Rodis [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 6:16 PM To: support@pfsense.com Subject: RE: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router) You need to use Manual Outbound NAT, and add a rule above the default rule that has the source address of your machine, destination * *, and then select the address of your WAN2 interface. Dimitri Rodis Integrita Systems LLC From: Michael Richardson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2008 4:54 PM To: support@pfsense.com Subject: [pfSense Support] Dual-wan Setup issue (Yes, I've read a few Dual-Wan HOWTO docs AND I've rebuilt the router) First let me say that I love PF and am using it enough that I'm considering the standard support contract, but I'm not quite there yet so I still need community support. I've got a dual-wan setup and I want to cause traffic between an internal machine, and external machine to occur over WAN2 (I could use source or destination as criteria). Both public IPs would share a gateway so I've put a NAT device on WAN2 and connected the modem to it so now both WAN ports are on different subnets. (more) With the appropriate LAN rule in place, traffic doesn't flow UNLESS I start a packet capture on WAN2 (I found this while trying to troubleshoot). Why would this be? Anyone got the time and know-how to help me troubleshoot this? Here's my setup. Hope the art comes through decently. The reason for the SpeedStream device is because otherwise both WAN interfaces would have the same gateway IP and I read that is unacceptable for a dual-wan config. | WAN 67.x.x.12 | Cable Modem1 | | | pfSense 1.2| | LAN 192.168.1.0 | | | | SpeedStream 2601 for NAT | | WAN2 192.168.0.2 |-- | 192.168.0.1 |-- Cable Modem 2 I want to be sure that traffic FROM 192.168.1.22 or traffic TO 78.x.x.10 goes through WAN2 (I can use source, destination, or both). Outbound NAT is set to Automatic and has only the default LAN rule in place. I have added a LAN rule, but instead of trying to communicate what it is and confirm it's right, I think it would be faster if someone could tell me what it should be (at least one of the options), and I'll just use that. ANYthing else I haven't mentioned, I likely don't know about and need pointed out. Thanks in advance, and I'm loving 1.2. The upgrade was flawless. Mike