Re: [pfSense Support] DMZ to LAN access
Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? Thank Peter On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler c...@pfsense.org wrote: 2009/1/8 Curtis LaMasters curtislamast...@gmail.com: Sounds like a NAT issue. Manually configure our outbound NAT or tell it not to NAT. Not necessary. Traffic between internal interfaces isn't NATed unless you enable AON and configure it to do so. The firewall rules on the DMZ interface don't allow pings most likely. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
Re: [pfSense Support] Dual WAN failover not working
Veiko Kukk wrote: Hi! I have dual pfsense 1.2.1, LAN interface, WAN and OPT1, last two are different ISP's. I have configured 3 carp interfaces and gateway failover for load balancer. I only need failover, not load balancing. Tried with one and two failover pools with no success. When WAN isp is disconnected, no switching to OPT1 isop occurs, thought i can see in logs that OPT1 is considered working: slbd[23449]: ICMP poll succeeded for xxx.xxx.115.18, marking service UP and the same is indicated by web interface Online as well. Still no traffic goes out through OPT1!? I hope somebody can help me with this, as I understand there must be people who have similar and working setup and pfsense should have that ability. Please, somebody confirm this bug or help me solve possible misconfiguration, I really need to have wan failover. --- Veiko - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] newbie question
Is there a way to display current time/date on the dashboard? Sam - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] DMZ to LAN access
I add NAT rule and I got connection On Fri, Jan 9, 2009 at 11:41 AM, Peter Todorov pmi...@gmail.com wrote: Maybe I need to update to 1.2.1 On Fri, Jan 9, 2009 at 11:32 AM, Eugen Leitl eu...@leitl.org wrote: On Fri, Jan 09, 2009 at 11:14:50AM +0200, Peter Todorov wrote: Yes the are now in second place (DMZ interface) ICMP DMZnet * * * * and ICMP LANnet * * * *. There are rules also on second place (LAN interface) ICMP DMZnet * * * * and ICMP LANnet * * * * . No ping from DMZ to LAN. Strange, I can ping my setup fine. No dual WAN, though. On Fri, Jan 9, 2009 at 10:59 AM, Eugen Leitl [1]eu...@leitl.org wrote: On Fri, Jan 09, 2009 at 10:15:26AM +0200, Peter Todorov wrote: Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? There's a rule allowing ICMP between DMZ and LAN, yes? Thank Peter On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler [1][2]...@pfsense.org wrote: 2009/1/8 Curtis LaMasters [2][3]curtislamast...@gmail.com : Sounds like a NAT issue. Manually configure our outbound NAT or tell it not to NAT. Not necessary. Traffic between internal interfaces isn't NATed unless you enable AON and configure it to do so. The firewall rules on the DMZ interface don't allow pings most likely. - To unsubscribe, e-mail: [3][4]support-unsubscr...@pfsense.com For additional commands, e-mail: [4][5]support-h...@pfsense.com Commercial support available - [5][6]https://portal.pfsense.org -- �à �à à à References 1. mailto:[7]...@pfsense.org 2. mailto:[8]curtislamast...@gmail.com 3. mailto:[9]support-unsubscr...@pfsense.com 4. mailto:[10]support-h...@pfsense.com 5. [11]https://portal.pfsense.org/ -- Eugen* Leitl a href=[12]http://leitl.org;leitl/a [13]http://leitl.org __ ICBM: 48.07100, 11.36820 [14]http://www.ativel.com [15]http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- �е��но���а не е по�ок References 1. mailto:eu...@leitl.org 2. mailto:c...@pfsense.org 3. mailto:curtislamast...@gmail.com 4. mailto:support-unsubscr...@pfsense.com 5. mailto:support-h...@pfsense.com 6. https://portal.pfsense.org/ 7. mailto:c...@pfsense.org 8. mailto:curtislamast...@gmail.com 9. mailto:support-unsubscr...@pfsense.com 10. mailto:support-h...@pfsense.com 11. https://portal.pfsense.org/ 12. http://leitl.org/ 13. http://leitl.org/ 14. http://www.ativel.com/ 15. http://postbiota.org/ -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- честността не е порок -- честността не е порок
[pfSense Support] Auto Update page 1.2.1 / 1.2.2
After upgrading 1.2.1 to 1.2.2, /system_firmware_check.php says: A new version is now available New version: 1.2.1 Current version: 1.2.2 Update source: http://updates.pfSense.com/_updaters; I have nothing selected in /system_firmware_settings.php. (Also, it seems wrong that on /system_firmware_settings.php, ' Default Auto Update URLs' has the option of 1.2.1-Snapshots - Built every 12 hours) -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] DMZ to LAN access
No need of manual configuration needed, actually I would not recommend that at all. I was referring to using the SSH console to review your raw logs for quicker diagnosis if it indeed was a firewall rule issue. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Jan 9, 2009 at 2:15 AM, Peter Todorov pmi...@gmail.com wrote: Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? Thank Peter On Thu, Jan 8, 2009 at 11:36 PM, Chris Buechler c...@pfsense.org wrote: 2009/1/8 Curtis LaMasters curtislamast...@gmail.com: Sounds like a NAT issue. Manually configure our outbound NAT or tell it not to NAT. Not necessary. Traffic between internal interfaces isn't NATed unless you enable AON and configure it to do so. The firewall rules on the DMZ interface don't allow pings most likely. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- честността не е порок
RE: [pfSense Support] Auto Update page 1.2.1 / 1.2.2
Same for me, though I upgrade to 1.2.2 manually -Original Message- From: Pete Boyd [mailto:petes-li...@thegoldenear.org] Sent: Friday, January 09, 2009 8:56 AM To: support@pfsense.com Subject: [pfSense Support] Auto Update page 1.2.1 / 1.2.2 After upgrading 1.2.1 to 1.2.2, /system_firmware_check.php says: A new version is now available New version: 1.2.1 Current version: 1.2.2 Update source: http://updates.pfSense.com/_updaters; I have nothing selected in /system_firmware_settings.php. (Also, it seems wrong that on /system_firmware_settings.php, ' Default Auto Update URLs' has the option of 1.2.1-Snapshots - Built every 12 hours) -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Auto Update page 1.2.1 / 1.2.2
Same for me, though I upgrade to 1.2.2 manually I also upgraded manually. I'd not noticed the auto upgrade option till now. -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Auto Update page 1.2.1 / 1.2.2
On Fri, Jan 9, 2009 at 8:55 AM, Pete Boyd petes-li...@thegoldenear.org wrote: After upgrading 1.2.1 to 1.2.2, /system_firmware_check.php says: A new version is now available New version: 1.2.1 Current version: 1.2.2 Update source: http://updates.pfSense.com/_updaters; That didn't get updated yet, Scott will take care of that shortly. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] DMZ to LAN access
On Fri, Jan 9, 2009 at 3:15 AM, Peter Todorov pmi...@gmail.com wrote: Curtus, I am no so familiar with pfsense architecture to do SSh login and manual rewriting conf files. I have NAT yes it is AON because I have dual WAN configuration. That's not necessary. There is very old, outdated documentation somewhere apparently that tells people to do that since it comes up repeatedly. Could you point me to where you got that info? I would like to remove incorrect information. It'll work, but it's unnecessary and a step that's frequently not configured properly. I have only NAT between external and internal interfaces. I add some rules to bouth interfacese in the top just for test that has * * * * * * and * * * * * * . Still I got no ping from DMZ to LAN. Chris, Do I need to enable NAT between DMZ and LAN? You rarely want to NAT between internal interfaces. You shouldn't need AON at all unless you need static port. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN failover not working
On Fri, Jan 9, 2009 at 4:14 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: Please, somebody confirm this bug or help me solve possible misconfiguration, I really need to have wan failover. It's not a bug. you have something configured wrong, and not nearly enough info for anybody to tell what. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] SVG graphs fixed in Google Chrome
FWIW, I just switched to the Chrome developer channel, SVG graphs started working in 1.2.1. Upgrading to 1.2.2 anyway, just waiting on the download. -- Dave Warren, d...@djwcomputers.com Office: (403) 775-1700 / (888) 300-3480 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] DMZ to LAN access
On Fri, Jan 9, 2009 at 08:31, Chris Buechler c...@pfsense.org wrote: You rarely want to NAT between internal interfaces. Ditto. The only internal NAT I have is when traversing from a trusted VLAN to an untrusted one (open wireless) to mask the systems. If your routing (primarily on the clients) is configured properly, the only thing you should have to do to enable DMZ-LAN is set an 'allow' rule for the specific traffic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, January 09, 2009 1:34 AM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci ciaro...@tfop.net wrote: I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. There's at least one problem, that has to be an IP on your LAN, assuming you're putting the PPTP clients on your LAN subnet. I don't know how that ever could have worked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? [Christopher Iarocci] Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. Sorry for the double post. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, January 09, 2009 1:34 AM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Wed, Jan 7, 2009 at 7:29 PM, Christopher Iarocci ciaro...@tfop.net wrote: I also noticed that when I save the config, it shows the PPTP server address as 0.0.0.0 in the log, even though I clearly have the WAN IP address in that field. There's at least one problem, that has to be an IP on your LAN, assuming you're putting the PPTP clients on your LAN subnet. I don't know how that ever could have worked. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SVG graphs fixed in Google Chrome
On Fri, Jan 9, 2009 at 11:24 AM, Dave Warren dave-use...@djwcomputers.com wrote: FWIW, I just switched to the Chrome developer channel, SVG graphs started working in 1.2.1. Interesting. I believe it was a Chrome bug, but we were able to work around it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Multi-WAN PPTP?
Chris, Thank you. I will try the new config tonight and report back. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multi-WAN PPTP?
On the increasingly rare occasions I set up PPTP, I put the server on .15 and clients starting at .16 for the LAN subnet. If your client 'subnet' does not begin on a CIDR boundary, pfSense will complain. Hence, the .16 choice. Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Christopher Iarocci ciaro...@tfop.net wrote: Chris, Thank you. I will try the new config tonight and report back. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Friday, January 09, 2009 2:31 PM To: support@pfsense.com Subject: Re: [pfSense Support] Multi-WAN PPTP? On Fri, Jan 9, 2009 at 1:08 PM, Christopher Iarocci ciaro...@tfop.net wrote: Chris, Does it matter which IP address on my LAN it is? Should it be the LAN IP of the PFSense box, or something other than that? Just pick an unused IP on your LAN. Does the radius server see requests coming from the IP address specified there or the LAN IP? In the past with the WAN IP in that field, requests to the radius server came from the LAN IP. The IP of the interface closest to the RADIUS server, usually LAN. The server IP is just for PPTP client - server communication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.2 upgrade signature issue
On Fri, Jan 9, 2009 at 4:48 PM, Volker Kuhlmann hid...@paradise.net.nz wrote: On Sun 28 Dec 2008 15:35:47 NZDT +1300, Chris Buechler wrote: http://blog.pfsense.org/?p=284 I added that info to the 1.2.1 release announcement as well. Maybe it would be a good idea to also add that to the 1.2.2 release announcement. Added, thanks. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.2 upgrade signature issue
On Sun 28 Dec 2008 15:35:47 NZDT +1300, Chris Buechler wrote: http://blog.pfsense.org/?p=284 I added that info to the 1.2.1 release announcement as well. Maybe it would be a good idea to also add that to the 1.2.2 release announcement. As 1.2.1 had a life time of 3 weeks, 1.2 stable is still sort of the last stable release, and one gets this nasty warning. The easiest is to install the pubkey package first, then upload the 1.2.2 upgrade. Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dual WAN failover not working
On Fri, Jan 9, 2009 at 1:14 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote: Veiko Kukk wrote: Hi! I have dual pfsense 1.2.1, LAN interface, WAN and OPT1, last two are different ISP's. I have configured 3 carp interfaces and gateway failover for load balancer. I only need failover, not load balancing. Tried with one and two failover pools with no success. When WAN isp is disconnected, no switching to OPT1 isop occurs, thought i can see in logs that OPT1 is considered working: slbd[23449]: ICMP poll succeeded for xxx.xxx.115.18, marking service UP and the same is indicated by web interface Online as well. Still no traffic goes out through OPT1!? I hope somebody can help me with this, as I understand there must be people who have similar and working setup and pfsense should have that ability. Please, somebody confirm this bug or help me solve possible misconfiguration, I really need to have wan failover. --- Veiko provide a network diagram with ip addresses and maybe screen shots of the web interface. sai - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org