Re: [pfSense Support] port 25
2009/8/11 Fabien Germain fabien.germ...@gmail.com: Hi, On Tue, Aug 11, 2009 at 12:13 PM, Kevin Kimani kevinkim...@gmail.com wrote: Not going through dont understand how you are able to do that mail kevin # telnet mail.aphrc.org 25 Trying 41.220.120.26... telnet: Unable to connect to remote host: Connection timed out If you are behind a residential DSL line, your ISP is probably filtering outgoing smtp connections. It's often the case, to prevent spammers to use their cheap DSL line to flood the planet. From a non filtered network here in France, it works too : Works from an unfiltered UK business connection (and BTW bethere don't filter outbound SMTP, I use them at home and used to run my own mail server there) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Multiwan - no loadbalance needed
Hi, When reading several posts, I found much info about load balancing... but this is something I don't need. What I would like to have, is to route all internet traffic through one interface (an PPPoE session), and some traffic (terminal server smtp) from the other interface (incoming). If I read a bit further on, it seems that you best dedicate the WAN interface to the actual traffic, to be able to use the most out of packages... And, that OPT1 is for the other interface to allow incoming traffic to our terminal server and mail-server. Currently I have one xDSL connection, that will be for all common traffic, and I have one SDSL connection to allow my external co-workers to join the terminal server. (the connection will be shared for smtp traffic - for that I shall use QoS to allow my terminal sessions to be the most priority). To put it simple (I think), is that OPT1 should be treated as incoming traffic, and WAN should only be used for outgoing traffic (eg. internet, radio, downloading, ...) Hope this makes sense... kind regards - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multiwan - no loadbalance needed
Michel Servaes wrote: Hi, When reading several posts, I found much info about load balancing... but this is something I don't need. What I would like to have, is to route all internet traffic through one interface (an PPPoE session), and some traffic (terminal server smtp) from the other interface (incoming). If I read a bit further on, it seems that you best dedicate the WAN interface to the actual traffic, to be able to use the most out of packages... And, that OPT1 is for the other interface to allow incoming traffic to our terminal server and mail-server. Currently I have one xDSL connection, that will be for all common traffic, and I have one SDSL connection to allow my external co-workers to join the terminal server. (the connection will be shared for smtp traffic - for that I shall use QoS to allow my terminal sessions to be the most priority). To put it simple (I think), is that OPT1 should be treated as incoming traffic, and WAN should only be used for outgoing traffic (eg. internet, radio, downloading, ...) Hope this makes sense... kind regards - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org This is entirely do-able and we have a number of commercial support customers who run a setup very much like this. You may also consider configuring your WAN to fail over to your OPT interface in the case of the WAN interface going down. This will ensure mostly uninterrupted Internet access for your LAN clients. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] VPN Connections behind pfSense NAT
Having a problem with vpn setup wondering if anyone else is also?? The VPN software is Cisco. This is the setup VPN Client - Ethernet Switch - pfsense - Internet - VPN Concentrator A client behind a pfsense can use internet, email, everything else just fine, expect VPN. When i run a packet capture on the client in question i see this. I can attach the packet capture if needed. 2256.726408131.44.120.12410.71.3.170ISAKMPIdentity Protection (Main Mode) (Message fragment 2 - last) 2356.727400131.44.120.12410.71.3.170ISAKMPIdentity Protection (Main Mode) (Reassembled + Message fragment 1) 2564.889357131.44.120.12410.71.3.170ISAKMPIdentity Protection (Main Mode) (Message fragment 2 - last) 2664.889361131.44.120.12410.71.3.170ISAKMPIdentity Protection (Main Mode) (Reassembled + Message fragment 1) 3166.86080610.71.3.170131.44.120.124ISAKMPIdentity Protection (Main Mode) 3566.90835610.71.3.170131.44.120.124ISAKMPIdentity Protection (Main Mode) I've turned off Traffic Shaping, Scrubbing, Gave client a 1:1 NAT. Nothing seems to help. Adam - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
On Tue, Aug 11, 2009 at 8:02 PM, Evgeny Yurchenkoevg.yu...@rogers.com wrote: cd /usr/ports/devel/git make install -- Ends with === Configuring for git-1.6.4 === Building for git-1.6.4 GIT_VERSION = 1.6.4 * new build flags or prefix ... many compilations here ... http-push.c:14:19: error: expat.h: No such file or directory http-push.c:852: error: expected ';', ',' or ')' before '*' token http-push.c: In function 'lock_remote': http-push.c:936: error: 'XML_Parser' undeclared (first use in this function) http-push.c:936: error: (Each undeclared identifier is reported only once http-push.c:936: error: for each function it appears in.) http-push.c:936: error: expected ';' before 'parser' http-push.c:943: error: 'parser' undeclared (first use in this function) http-push.c:946: error: 'xml_cdata' undeclared (first use in this function) http-push.c: In function 'remote_ls': http-push.c:1179: error: 'XML_Parser' undeclared (first use in this function) http-push.c:1179: error: expected ';' before 'parser' http-push.c:1186: error: 'parser' undeclared (first use in this function) http-push.c:1189: error: 'xml_cdata' undeclared (first use in this function) http-push.c: In function 'locking_available': http-push.c:1262: error: 'XML_Parser' undeclared (first use in this function) http-push.c:1262: error: expected ';' before 'parser' http-push.c:1269: error: 'parser' undeclared (first use in this function) gmake: *** [http-push.o] Error 1 *** Error code 1 Stop in /usr/ports/devel/git. *** Error code 1 Stop in /usr/ports/devel/git. ***sigh*** -((( Try this: rm -rf /usr/ports portsnap extract cd /usr/ports/devel/git make install BATCH=yes Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.3-RC1 Web gui logout
Silly question, where the heck is the logout button? jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
On Wed, Aug 12, 2009 at 10:57 AM, Scott Ullrichsullr...@gmail.com wrote: On Tue, Aug 11, 2009 at 8:02 PM, Evgeny Yurchenkoevg.yu...@rogers.com wrote: cd /usr/ports/devel/git make install -- Ends with === Configuring for git-1.6.4 === Building for git-1.6.4 GIT_VERSION = 1.6.4 * new build flags or prefix ... many compilations here ... http-push.c:14:19: error: expat.h: No such file or directory http-push.c:852: error: expected ';', ',' or ')' before '*' token http-push.c: In function 'lock_remote': http-push.c:936: error: 'XML_Parser' undeclared (first use in this function) http-push.c:936: error: (Each undeclared identifier is reported only once http-push.c:936: error: for each function it appears in.) http-push.c:936: error: expected ';' before 'parser' http-push.c:943: error: 'parser' undeclared (first use in this function) http-push.c:946: error: 'xml_cdata' undeclared (first use in this function) http-push.c: In function 'remote_ls': http-push.c:1179: error: 'XML_Parser' undeclared (first use in this function) http-push.c:1179: error: expected ';' before 'parser' http-push.c:1186: error: 'parser' undeclared (first use in this function) http-push.c:1189: error: 'xml_cdata' undeclared (first use in this function) http-push.c: In function 'locking_available': http-push.c:1262: error: 'XML_Parser' undeclared (first use in this function) http-push.c:1262: error: expected ';' before 'parser' http-push.c:1269: error: 'parser' undeclared (first use in this function) gmake: *** [http-push.o] Error 1 *** Error code 1 Stop in /usr/ports/devel/git. *** Error code 1 Stop in /usr/ports/devel/git. ***sigh*** -((( Try this: rm -rf /usr/ports portsnap extract cd /usr/ports/devel/git make install BATCH=yes OK -- I figured out what was the problem here. Do this and you should be OK: cd /usr/ports/textproc/expat2 make depends install cd /usr/ports/devel/git make depends install Ignore what I sent earlier. I have updated the DevWiki page to reflect these changes. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 Web gui logout
On Wed, Aug 12, 2009 at 10:15, Joseph L. Casalejcas...@activenetwerx.com wrote: Silly question, where the heck is the logout button? There isn't one in the 1.2 series since it uses HTTP authentication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] 1.2.3-RC1 Web gui logout
There isn't one in the 1.2 series since it uses HTTP authentication. Argh, that means I have to close my browser:) I always have so much open like Nagios etc in other tabs... Thanks! jlc
[pfSense Support] Re: 1.2.3-RC1 Web gui logout
In message abf9510930e1374ba4b4c61a01104fbda36...@monterossa.activenetwerx.local Joseph L. Casale jcas...@activenetwerx.com was claimed to have wrote: There isn't one in the 1.2 series since it uses HTTP authentication. Argh, that means I have to close my browser:) You could close your browser, or you could use a browser that implements a method to forget HTTP authentication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Re: 1.2.3-RC1 Web gui logout
You could close your browser, or you could use a browser that implements a method to forget HTTP authentication. I would be interested in a reco for an alternative browser then, sure. I use ff only because its foot print is light and it works well, hell I'd use ie on my windows workstation if it weren't such a pig. Can ff be setup to do this? jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 Web gui logout
On Wed, Aug 12, 2009 at 11:00 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: Argh, that means I have to close my browser:) I always have so much open like Nagios etc in other tabs... You could use a different browser for pfsense. It's an inconvenience, but probably more convenient than closing all your tabs. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: 1.2.3-RC1 Web gui logout
On Wed, Aug 12, 2009 at 11:10 AM, Joseph L. Casalejcas...@activenetwerx.com wrote: Can ff be setup to do this? In Windows FF3.5 ToolsClear Recent HistoryDetailsActive Logins I believe that should do it. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 Web gui logout
On Wed, Aug 12, 2009 at 1:10 PM, David Burgessapt@gmail.com wrote: You could use a different browser for pfsense. It's an inconvenience, but probably more convenient than closing all your tabs. Install the Web Developer Toolbar for firefox and then select Miscellaneous - Clear Private Data - HTTP Authentication http://chrispederick.com/work/web-developer/ Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Re: 1.2.3-RC1 Web gui logout
Can ff be setup to do this? In Windows FF3.5 ToolsClear Recent HistoryDetailsActive Logins I believe that should do it. Fantastic, thanks! jlc
[pfSense Support] ultrasurf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey, i'm using pfsense with transparent proxy (squid + squidGuard) working well here. But some users on my network are using ultrasurf that everything know use port 443 to connect on proxyes around internet. Isn't possible to block 443 port and open it selectively. Then, how the better way to block ultrasurf in this situation? thanks. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqC+1sACgkQ35zeJy7JhCiZ/ACfbD6efbiLvJnIHOOYcBDF1A5E YfkAmwVHMEY75oNGbMC1X7Vj3Mym5Fzj =bCg4 -END PGP SIGNATURE- - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Importing SSL certs for Web GUI
Anyone know what is involved in setting up a cert when using a windows CA? I can use OpenSSL on a Linux host to do the conversion from the format the Windows CA outputs (I don't know if I can output it natively?). What do I use for the RSA private key, or more to the effect, how do I get that out of the Windows CA? Thanks! jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN Connections behind pfSense NAT
On Wed, Aug 12, 2009 at 10:52 AM, apiase...@midatlanticbb.comapiase...@midatlanticbb.com wrote: Having a problem with vpn setup wondering if anyone else is also?? The VPN software is Cisco. The Cisco has to have NAT-T enabled. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IGMP packet out of WAN
Scott Ullrich wrote: On Wed, Aug 12, 2009 at 10:57 AM, Scott Ullrichsullr...@gmail.com wrote: On Tue, Aug 11, 2009 at 8:02 PM, Evgeny Yurchenkoevg.yu...@rogers.com wrote: http-push.c:1269: error: 'parser' undeclared (first use in this function) gmake: *** [http-push.o] Error 1 *** Error code 1 Stop in /usr/ports/devel/git. *** Error code 1 Stop in /usr/ports/devel/git. ***sigh*** -((( Try this: rm -rf /usr/ports portsnap extract cd /usr/ports/devel/git make install BATCH=yes OK -- I figured out what was the problem here. Do this and you should be OK: cd /usr/ports/textproc/expat2 make depends install cd /usr/ports/devel/git make depends install Ignore what I sent earlier. I have updated the DevWiki page to reflect these changes. Scott Great! this problem solved. Thanks. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: Multiwan - no loadbalance needed
To put it simple (I think), is that OPT1 should be treated as incoming traffic, and WAN should only be used for outgoing traffic (eg. internet, radio, downloading, ...) Hope this makes sense... kind regards It was indeed a sanity check... and it would be the first time actually implementing a multiwan... sure, it looks quite ordinary for people having to implement this on a regular base, but for me it'll be the first time. Guess it'll work out just fine... thanks for sharing your experiences with me. Regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN Connections behind pfSense NAT
On Wed, Aug 12, 2009 at 4:55 PM, apiase...@midatlanticbb.comapiase...@midatlanticbb.com wrote: Chris Buechler wrote: On Wed, Aug 12, 2009 at 10:52 AM, apiase...@midatlanticbb.comapiase...@midatlanticbb.com wrote: Having a problem with vpn setup wondering if anyone else is also?? The VPN software is Cisco. The Cisco has to have NAT-T enabled. Thanks, The bigger problem is that they are claiming they can go to other nternet connections and use the VPN just fine without any changes. It probably does from some, but you're going to need NAT-T in this case. Alternatively, static port may work around it. http://doc.pfsense.org/index.php/Static_Port - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org