AW: [pfSense Support] Problem with apinger
Von: Scott Ullrich [mailto:sullr...@gmail.com] Gesendet: Dienstag, 4. August 2009 17:01 An: support@pfsense.com Betreff: Re: [pfSense Support] Problem with apinger On Tue, Aug 4, 2009 at 10:56 AM, Matthias Niggemeierm...@thias.de wrote: Von: Matthias Niggemeier [mailto:m...@thias.de] Gesendet: Dienstag, 4. August 2009 08:47 An: support@pfsense.com Betreff: [pfSense Support] Problem with apinger Hi there, since the upgrade to 1.2.3-RC2 (July 23) parts of my failoverpools go offline once a day. The system log shows entries like this: apinger: ALARM: 208.67.220.220(208.67.220.220) *** down ***. Loss 0.0%, Delay 75.436ms After that apinger does not recover until I go to the pool configuration and hit save. This is a known issue that we are working on. No workarounds exist at present. Any news on this topic? It takes 2-12 hours for my load balancer pools to go offline; unfortunately I cannot go back to 1.2.2 since some VoIP connections do not work with 1.2.2. Is there a URL that can be geted regularly to restart apinger? Regards Matthias - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
Scott Ullrich wrote: It will not do any good. I just downloaded 1.2.2 from: ftp://reflection.ncsa.uiuc.edu/pub/pfSense/updates/pfSense-Full-Update-1.2.2.tgz [su:~/Desktop/pfSense-Full-Update-1.2.2] sullrich% cd usr/local/www/ [su:usr/local/www] sullrich% cat firewall_rules_edit.php | grep allowopts [su:usr/local/www] sullrich% That option is not in there. You must have mixed and matched code from 2.0 when you where testing something. Scott Sorry to bring old thread back but I yesterday was helping friend of mine on his pfSense box 1.2.2 built on Thu Jan 8 22:30:24 EST 2009 FreeBSD 7.0-RELEASE-p8 i386 and allow-opts WAS in his box! firewall_rules_edit.php line 89: /* advanced */ if (isset($a_filter[$id]['allowopts'])) $pconfig['allowopts'] = true; $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; This guy does not know how to touch code, so definitely he got it from install. So at some point this option was in code and then it disappeared. Eugene. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Problem with apinger
On Tue, Oct 6, 2009 at 9:41 AM, Matthias Niggemeier m...@thias.de wrote: Any news on this topic? It takes 2-12 hours for my load balancer pools to go offline; unfortunately I cannot go back to 1.2.2 since some VoIP connections do not work with 1.2.2. Is there a URL that can be geted regularly to restart apinger? Try a recent snapshot where this should be fixed. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and SpamD
Scott Ullrich wrote: I'm trying to setup pfSense with SpamD (Greylisting and tarpit). In the first setup with the real Mailserver behind the NAT it works perfectly, but if I setup the forwarding to a server with a public IP no mails are forwarded. Are there any limitations? Yeah, I don't think that will work. It's designed to forward to mail exchangers behind the firewall. Is this in any way changeable? If it's a configfile or so... Thanks, Fabian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfSense and SpamD
On Tue, Oct 6, 2009 at 1:32 PM, Fabian Abplanalp fabian.abplan...@bug.ch wrote: Is this in any way changeable? If it's a configfile or so... Unfortunately it is not. I will look into what is required to change once I catch up on a few other outstanding projects. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
On Tue, Oct 6, 2009 at 9:57 AM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Sorry to bring old thread back but I yesterday was helping friend of mine on his pfSense box 1.2.2 built on Thu Jan 8 22:30:24 EST 2009 FreeBSD 7.0-RELEASE-p8 i386 and allow-opts WAS in his box! firewall_rules_edit.php line 89: /* advanced */ if (isset($a_filter[$id]['allowopts'])) $pconfig['allowopts'] = true; $pconfig['max-src-nodes'] = $a_filter[$id]['max-src-nodes']; $pconfig['max-src-states'] = $a_filter[$id]['max-src-states']; This guy does not know how to touch code, so definitely he got it from install. So at some point this option was in code and then it disappeared. No, it's never been in RELENG_1_2. Some package may install it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] One check-box is missing in Rules-Edit-Advanced of 1.2.3-RC3 snapshot
Chris Buechler wrote: On Tue, Oct 6, 2009 at 9:57 AM, Evgeny Yurchenko evg.yu...@rogers.com wrote: This guy does not know how to touch code, so definitely he got it from install. So at some point this option was in code and then it disappeared. No, it's never been in RELENG_1_2. Some package may install it. Completely forgot about packages. Sorrr... At least now I can sleep not thinking that I went crazy -) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] bug in DHCP client
I've discovered a bug in the way pfSense (or FreeBSD) handles DHCP. In my simple setup, my pfSense box receives a dynamic IP from its upstream router on the WAN side. As expected, it creates a route from its assigned IP to 127.0.0.1. The problem is that when the IP expires and pfSense is assigned a different IP, the old route redirecting the previous IP to 127.0.0.1 is not deleted. This, of course, means that any other client on the WAN that receives the old IP will be unreachable from pfSense or any computer behind it. Obviously, the fix would be to assign a static IP to pfSense, but I figured I'd report the erroneous behavior anyway. (I actually discovered this a while ago; I upgraded to 1.2.3-RC1 and waited for my IP to time out so I could confirm the error.) -- Bryan Medsker br...@akalc.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bug in DHCP client
On Tue, Oct 6, 2009 at 7:05 PM, bryanmeds...@akalc.org wrote: I've discovered a bug in the way pfSense (or FreeBSD) handles DHCP. In my simple setup, my pfSense box receives a dynamic IP from its upstream router on the WAN side. As expected, it creates a route from its assigned IP to 127.0.0.1. The problem is that when the IP expires and pfSense is assigned a different IP, the old route redirecting the previous IP to 127.0.0.1 is not deleted. This, of course, means that any other client on the WAN that receives the old IP will be unreachable from pfSense or any computer behind it. Obviously, the fix would be to assign a static IP to pfSense, but I figured I'd report the erroneous behavior anyway. (I actually discovered this a while ago; I upgraded to 1.2.3-RC1 and waited for my IP to time out so I could confirm the error.) dhclient never adds routes other than the default. Are you using multi-WAN load balancing pools? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense 1.2-RELEASE and OpenBGP
I have pf 1.2-RELEASE and OpenBGP 0.5 installed. I have configure bgpd.conf using webGUI like this: # This file was created by the pfSense package manager. Do not edit! AS 65001 holdtime 60 listen on 172.16.1.252/16 router-id 100 network 172.16.100.0/24 deny from any deny to any But the bpgd won't start. Should I use pf 1.2.3 to use OpenBGP 0.5? regards, agi - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2-RELEASE and OpenBGP
On Tue, Oct 6, 2009 at 10:42 PM, Agi Subagio a...@mbs.co.id wrote: I have pf 1.2-RELEASE and OpenBGP 0.5 installed. I have configure bgpd.conf using webGUI like this: # This file was created by the pfSense package manager. Do not edit! AS 65001 holdtime 60 listen on 172.16.1.252/16 router-id 100 network 172.16.100.0/24 deny from any deny to any But the bpgd won't start. Should I use pf 1.2.3 to use OpenBGP 0.5? You must use 1.2.2 or newer. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2-RELEASE and OpenBGP
Chris Buechler wrote: On Tue, Oct 6, 2009 at 10:42 PM, Agi Subagio a...@mbs.co.id wrote: I have pf 1.2-RELEASE and OpenBGP 0.5 installed. I have configure bgpd.conf using webGUI like this: # This file was created by the pfSense package manager. Do not edit! AS 65001 holdtime 60 listen on 172.16.1.252/16 router-id 100 network 172.16.100.0/24 deny from any deny to any But the bpgd won't start. Should I use pf 1.2.3 to use OpenBGP 0.5? You must use 1.2.2 or newer. You can skip specification of 'listen on' and 'router-id' or provide IP-addresses for both parameters. Plus you have to specify at least one neighbor. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense 1.2-RELEASE and OpenBGP
Agi Subagio wrote: I have one cisco router that run bgp in it and that ip is 172.16.4.1/16. Do you mean like this: # This file was created by the pfSense package manager. Do not edit! AS 65001 holdtime 60 listen on 172.16.1.252/16 network 172.16.100.0/24 group bgp lintasarta { remote-as 65002 neighbor 172.16.4.1/16 { descr bgp lintasarta announce none } } deny from any deny to any allow from 172.16.4.1/16 allow to 172.16.4.1/16 Evgeny Yurchenko wrote: Chris Buechler wrote: On Tue, Oct 6, 2009 at 10:42 PM, Agi Subagio a...@mbs.co.id wrote: I have pf 1.2-RELEASE and OpenBGP 0.5 installed. I have configure bgpd.conf using webGUI like this: # This file was created by the pfSense package manager. Do not edit! AS 65001 holdtime 60 listen on 172.16.1.252/16 router-id 100 network 172.16.100.0/24 deny from any deny to any But the bpgd won't start. Should I use pf 1.2.3 to use OpenBGP 0.5? You must use 1.2.2 or newer. You can skip specification of 'listen on' and 'router-id' or provide IP-addresses for both parameters. Plus you have to specify at least one neighbor. I mean like this: AS 65001 holdtime 60 listen on 172.16.1.252 network 172.16.100.0/24 group bgp lintasarta { remote-as 65002 neighbor 172.16.4.1 { descr bgp lintasarta } } deny from any deny to any allow from 172.16.4.1 allow to 172.16.4.1 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] bug in DHCP client
Chris Buechler c...@pfsense.org wrote: On Tue, Oct 6, 2009 at 7:05 PM, bryanmeds...@akalc.org wrote: I've discovered a bug in the way pfSense (or FreeBSD) handles DHCP. In my simple setup, my pfSense box receives a dynamic IP from its upstream router on the WAN side. As expected, it creates a route from its assigned IP to 127.0.0.1. The problem is that when the IP expires and pfSense is assigned a different IP, the old route redirecting the previous IP to 127.0.0.1 is not deleted. This, of course, means that any other client on the WAN that receives the old IP will be unreachable from pfSense or any computer behind it. Obviously, the fix would be to assign a static IP to pfSense, but I figured I'd report the erroneous behavior anyway. (I actually discovered this a while ago; I upgraded to 1.2.3-RC1 and waited for my IP to time out so I could confirm the error.) dhclient never adds routes other than the default. Are you using multi-WAN load balancing pools? Definitely not. I'm not much of a firewall cowboy; this is a simple setup with few changes from the default. Again, the problem is not that an invalid route is added, but rather that the route from the assigned IP to 127.0.0.1 is not deleted when it becomes obsolete. In particular, pfSense got an IP of 192.168.1.103 from the upstream DHCP server, and created a route from that IP to 127.0.0.1. When the lease expired, the pfSense box was assigned the new IP 192.168.1.102. A new route was created from 192.168.1.102 to 127.0.0.1, but the old route from 192.168.1.103 to 127.0.0.1 was not deleted as it should have been. -- Bryan Medsker br...@akalc.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bug in DHCP client
bryanmeds...@akalc.org wrote: In particular, pfSense got an IP of 192.168.1.103 from the upstream DHCP server, and created a route from that IP to 127.0.0.1. When the lease expired, the pfSense box was assigned the new IP 192.168.1.102. A new route was created from 192.168.1.102 to 127.0.0.1, but the old route from 192.168.1.103 to 127.0.0.1 was not deleted as it should have been. How does it look like in terms of netstat -rn ? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org