Re: [pfSense Support] Dell R200 Working Setup?
I would also like to note that I am only having this issue on 2 interfaces which both happen to be VLAN interfaces. I hope that helps. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Oct 9, 2009 at 12:28 AM, Curtis LaMasters curtislamast...@gmail.com wrote: I just reinstalled with uniprocessor kernel. I'm passing traffic but still getting lots of errors. Also in the firewall logs, it says i'm blocking traffic that I have permitted. Very strange but hopefully that helps. Can I provide and log / debug info? Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Oct 9, 2009 at 12:15 AM, Chris Buechler cbuech...@gmail.com wrote: On Fri, Oct 9, 2009 at 1:10 AM, Curtis LaMasters curtislamast...@gmail.com wrote: Still getting them with that setting enabled. Do I need to reboot? No. Strange this would come up again, last time was about a year ago and I don't recall what the cause was. I know there are a lot of people running 1.2.3 versions, and FreeBSD 7.2, on such hardware. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dell R200 Working Setup?
On 09/10/09 07:58, Curtis LaMasters wrote: I would also like to note that I am only having this issue on 2 interfaces which both happen to be VLAN interfaces. I hope that helps. if you're using a managed switch, is it reporting any errors? if Ciscos see bpdus incorrectly they can go into blocking mode and the port error light flashes - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Strange DNS problem
Quoting Lyle Giese l...@lcrcomputer.net: on the computer you are trying to initiate the ssh session from, telnet hostname. Do you get the correct ip adress? If so, it not a DNS problem.(I would normally advise using dig for troubleshooting dns issues, but I don't know the OS of your computer to know if it already has dig installed) I'm using Debian Linux as a desktop. When I ask the local system to resolve the hostname to IP it gives the correct result. I can ping the IP successfully as well. It's definitely not my laptop because I'm responding from a Windows computer and an SSH session yielded the exact same problem. Double check your rules and make sure you are not redirecting outbound port 22 traffic within pfSense back to your internal server. As mentioned, I have the automatic outbound rules for NAT enabled. Maybe this is the culprit? Anybody ever have bad rules automatically created by pfsense perhaps? Lyle Cheers, Phil - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Strange DNS problem
On Thu, Oct 8, 2009 at 19:42, Philippe LeCavalier supp...@plecavalier.com wrote: Like I said I don't know what other info to supply, when I ssh to a clients network pfsense redirects me to my local server. The strangest thing to me is that even when I use the public IP it does that. If it were just the FQDN I wouldn't really care but this is a true problem for me and I really don't know where to start troubleshooting this. This doesn't help with the IP redirection bit, but dnsmasq returns its own IP for queries it can't answer (mis-typed domains, usually). I've noticed this with pfSense when I type in a hostname too quickly and end up hitting the external interface of my pfSense box. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Strange DNS problem
Quoting RB aoz@gmail.com: On Thu, Oct 8, 2009 at 19:42, Philippe LeCavalier supp...@plecavalier.com wrote: Like I said I don't know what other info to supply, when I ssh to a clients network pfsense redirects me to my local server. The strangest thing to me is that even when I use the public IP it does that. If it were just the FQDN I wouldn't really care but this is a true problem for me and I really don't know where to start troubleshooting this. This doesn't help with the IP redirection bit, but dnsmasq returns its own IP for queries it can't answer (mis-typed domains, usually). I've noticed this with pfSense when I type in a hostname too quickly and end up hitting the external interface of my pfSense box. - If that were the case, pinging the FQDN I'm trying to reach would return my own public IP. Cheers, Phil - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Dell R200 Working Setup?
On Fri, Oct 9, 2009 at 4:54 AM, Paul Mansfield it-admin-pfse...@taptu.com wrote: On 09/10/09 07:58, Curtis LaMasters wrote: I would also like to note that I am only having this issue on 2 interfaces which both happen to be VLAN interfaces. I hope that helps. if you're using a managed switch, is it reporting any errors? if Ciscos see bpdus incorrectly they can go into blocking mode and the port error light flashes Here is my output for the connection to FW1 and FW2. We have 2 of them running with CARP. GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0026.ca83.9581 (bia 0026.ca83.9581) Description: ## VISOMAFW01 ## MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1 bits/sec, 16 packets/sec 78596 packets input, 21900394 bytes, 0 no buffer Received 7249 broadcasts (7204 multicasts) 126 runts, 0 giants, 0 throttles 126 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 7204 multicast, 0 pause input 0 input packets with dribble condition detected 2918379 packets output, 280362434 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 0026.ca83.8e01 (bia 0026.ca83.8e01) Description: ## VISOMAFW02 ## MTU 1500 bytes, BW 100 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of show interface counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 252000 bits/sec, 43 packets/sec 5 minute output rate 122000 bits/sec, 47 packets/sec 19213067 packets input, 24692805689 bytes, 0 no buffer Received 1316132 broadcasts (1313540 multicasts) 236 runts, 0 giants, 0 throttles 236 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 1313540 multicast, 0 pause input 0 input packets with dribble condition detected 19576913 packets output, 12046179495 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Strange DNS problem
Quoting supp...@plecavalier.com: Quoting RB aoz@gmail.com: On Thu, Oct 8, 2009 at 19:42, Philippe LeCavalier supp...@plecavalier.com wrote: Like I said I don't know what other info to supply, when I ssh to a clients network pfsense redirects me to my local server. The strangest thing to me is that even when I use the public IP it does that. If it were just the FQDN I wouldn't really care but this is a true problem for me and I really don't know where to start troubleshooting this. This doesn't help with the IP redirection bit, but dnsmasq returns its own IP for queries it can't answer (mis-typed domains, usually). I've noticed this with pfSense when I type in a hostname too quickly and end up hitting the external interface of my pfSense box. - If that were the case, pinging the FQDN I'm trying to reach would return my own public IP. Cheers, Phil Just FYI I disabled autmatic outbound NAT rules and set a manual outbound NAT rule LAN--ALL--WAN--any and got the same problem. Cheers, Phil - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Strange DNS problem
Date: Fri, 9 Oct 2009 10:37:12 -0500 From: supp...@plecavalier.com To: support@pfsense.com Subject: Re: [pfSense Support] Strange DNS problem Quoting supp...@plecavalier.com: Quoting RB aoz@gmail.com: On Thu, Oct 8, 2009 at 19:42, Philippe LeCavalier supp...@plecavalier.com wrote: Like I said I don't know what other info to supply, when I ssh to a clients network pfsense redirects me to my local server. The strangest thing to me is that even when I use the public IP it does that. If it were just the FQDN I wouldn't really care but this is a true problem for me and I really don't know where to start troubleshooting this. This doesn't help with the IP redirection bit, but dnsmasq returns its own IP for queries it can't answer (mis-typed domains, usually). I've noticed this with pfSense when I type in a hostname too quickly and end up hitting the external interface of my pfSense box. - refresh my memory, but in one of your earlier emails you said that your SSH server was accessible from the internet with no issue? If thats the case Im wondering if the rule you have set up for that is misconfigured and is routing EVERYTHING no matter the source or dest on that port to your server. (i.e. its set to an ANY - ANY instead of an ANY - SERVER1 for port 22 SSH traffic)
RE: [pfSense Support] Strange DNS problem
Quoting Sean Cavanaugh millenia2...@hotmail.com:
--_4f4e8c85-61e6-43a3-811e-693f4641a6d6_
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
=20
Date: Fri=2C 9 Oct 2009 10:37:12 -0500
From: supp...@plecavalier.com
To: support@pfsense.com
Subject: Re: [pfSense Support] Strange DNS problem
=20
Quoting supp...@plecavalier.com:
=20
Quoting RB aoz@gmail.com:
On Thu=2C Oct 8=2C 2009 at 19:42=2C Philippe LeCavalier
supp...@plecavalier.com wrote:
Like I said I don't know what other info to supply=2C when I ssh to=20
a clients network pfsense redirects me to my local server. The=20
strangest thing to me is that even when I use the public IP it=20
does that. If it were just the FQDN I wouldn't really care but=20
this is a true problem for me and I really don't know where to=20
start troubleshooting this.
This doesn't help with the IP redirection bit=2C but dnsmasq returns i=
ts
own IP for queries it can't answer (mis-typed domains=2C usually). I'v=
e
noticed this with pfSense when I type in a hostname too quickly and
end up hitting the external interface of my pfSense box.
-
refresh my memory=2C but in one of your earlier emails you said that your S=
SH server was accessible from the internet with no issue?
=20
If thats the case Im wondering if the rule you have set up for that is misc=
onfigured and is routing EVERYTHING no matter the source or dest on that po=
rt to your server. (i.e. its set to an ANY - ANY instead of an ANY - SERV=
ER1 for port 22 SSH traffic)
=
--_4f4e8c85-61e6-43a3-811e-693f4641a6d6_
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
html
head
style!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Verdana
}
--/style
/head
body class=3D'hmmessage'
nbsp=3BBR
gt=3B Date: Fri=2C 9 Oct 2009 10:37:12 -0500BRgt=3B From: supp...@pleca=
valier.comBRgt=3B To: support@pfsense.comBRgt=3B Subject: Re: [pfSens=
e Support] Strange DNS problemBRgt=3B BRgt=3B Quoting supp...@plecava=
lier.com:BRgt=3B BRgt=3B gt=3B Quoting RB lt=3baoz@gmail.comgt=
=3B:BRgt=3B gt=3BBRgt=3B gt=3Bgt=3B On Thu=2C Oct 8=2C 2009 at 19:=
42=2C Philippe LeCavalierBRgt=3B gt=3Bgt=3B lt=3bsupp...@plecavalier.=
comgt=3B wrote:BRgt=3B gt=3Bgt=3Bgt=3B Like I said I don't know what=
other info to supply=2C when I ssh to BRgt=3B gt=3Bgt=3Bgt=3B a clie=
nts network pfsense redirects me to my local server. The BRgt=3B gt=3B=
gt=3Bgt=3B strangest thing to me is that even when I use the public IP it =
BRgt=3B gt=3Bgt=3Bgt=3B does that. If it were just the FQDN I wouldn'=
t really care but BRgt=3B gt=3Bgt=3Bgt=3B this is a true problem for =
me and I really don't know where to BRgt=3B gt=3Bgt=3Bgt=3B start tro=
ubleshooting this.BRgt=3B gt=3Bgt=3BBRgt=3B gt=3Bgt=3B This doesn=
't help with the IP redirection bit=2C but dnsmasq returns itsBRgt=3B g=
t=3Bgt=3B own IP for queries it can't answer (mis-typed domains=2C usually=
). I'veBRgt=3B gt=3Bgt=3B noticed this with pfSense when I type in a h=
ostname too quickly andBRgt=3B gt=3Bgt=3B end up hitting the external =
interface of my pfSense box.BRgt=3B gt=3Bgt=3BBRgt=3B gt=3Bgt=3B =
-BRg=
t=3B gt=3BBRBR
refresh my memory=2C but in one of your earlier emails you said that your S=
SH server was accessible from the internet with no issue?BR
nbsp=3BBR
If thats the case Im wondering if the rule you have set up for that is misc=
onfigured and is routing EVERYTHING no matter the source or dest on that po=
rt to your server.nbsp=3B(i.e.nbsp=3Bits set to an ANY -gt=3B ANY instea=
d of an ANY -gt=3B SERVER1 for port 22 SSH traffic)BR
/body
/html=
--_4f4e8c85-61e6-43a3-811e-693f4641a6d6_--
Nope. It's set correctly.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
[pfSense Support] why delete captive portal accts on expiry?
Why are captive portal accounts automatically deleted when they expire? To my mind, it would be more useful if they were left in place, but expired, so that to re-enable them for the admin person was an easy task of just choosing a new expiry date. As it is, when we have a subscriber pay again for their Internet access, rather than just paying remotely and telephoning in that they've done so, the whole captive portal account has to be re-created which can potentially be time consuming communicating username and password effectively. Pete Boyd - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] why delete captive portal accts on expiry?
On Fri, Oct 9, 2009 at 1:23 PM, Pete Boyd petes-li...@thegoldenear.org wrote: Why are captive portal accounts automatically deleted when they expire? To my mind, it would be more useful if they were left in place, but expired, so that to re-enable them for the admin person was an easy task of just choosing a new expiry date. As it is, when we have a subscriber pay again for their Internet access, rather than just paying remotely and telephoning in that they've done so, the whole captive portal account has to be re-created which can potentially be time consuming communicating username and password effectively. Inherited from m0n0wall, I suspect. Start a bounty on the Forum if you would like to see it changed in a future version or submit patches. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
