[pfSense Support] Watch Chris and myself on FLOSS Weekly Live at 4:30 PM EDT
http://live.twit.tv Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Watch Chris and myself on FLOSS Weekly Live at 4:30 PM EDT
On Wed, Dec 16, 2009 at 11:38 AM, Scott Ullrich sullr...@gmail.com wrote: http://live.twit.tv Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Cool! I caught the last 30 minutes. Thanks for the mention. -- Oliver
[pfSense Support] Virtual IP ProxyARP vs. CARP
I noticed that when creating a CARP virtual that it requires it to be attached to an interface with the same network. However when creating a proxy arp, it does not have this requirement. Wouldn't it be logical to allow them to have the same validation check? I am currently using proxy arp virtuals on a pair of failover pfSense 1.2.3 systems, so if firewall A fails I will need to manually create the Proxy ARP's on B. I know i can download the config.xml and modify the entries to perform as expected, and will once i get a chance to test it outside of business hours, however if Proxy ARP is allowed, I do not see the reason to deny this from CARP. I have quite a few networks using fibre metro ethernet, and Embarq (formerly sprint) loves to provide transport networks, and public networks. Basically giving you 1.2.3.0/29 for transport (.1 is gateway, .2-.6 usable for firewalls etc.), then assigns you 6.5.4.0/27 for WAN/Public access (servers clients etc.). There is no gateway in 6.5.4.0/27, they just route all traffic to 1.2.3.1 (the transport gateway) and then let you answer for it when its sent into the metro switch your connected to. We used OpenBSD manually installed and configured previously, but were so impressed with pfSense compared to many other firewalls we decided to finally install it on all the custom firewalls configurations we had been using. Unfortunately many of them are redundant with LOTS of CARP failover IP's. It might be nice to put an Advanced option in for CARP that allows it to perform as P/ARP virtuals, so that people do not need to modify the XML for large quantities of vip carp interfaces. Thanks, Trevor Benson A1 Networks (707)570-2021 x201 tben...@a-1networks.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Virtual IP ProxyARP vs. CARP
On Wed, Dec 16, 2009 at 7:14 PM, Trevor Benson tben...@a-1networks.com wrote: I noticed that when creating a CARP virtual that it requires it to be attached to an interface with the same network. However when creating a proxy arp, it does not have this requirement. Wouldn't it be logical to allow them to have the same validation check? I am currently using proxy arp virtuals on a pair of failover pfSense 1.2.3 systems, so if firewall A fails I will need to manually create the Proxy ARP's on B. I know i can download the config.xml and modify the entries to perform as expected, and will once i get a chance to test it outside of business hours, however if Proxy ARP is allowed, I do not see the reason to deny this from CARP. It is more of a kernel limitation than anything. CARP will panic (or at least used to prior to FreeBSD 7.2) under many circumstances so we have to have more input validation. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RC3 to RELEASE - Verify
On Mon, 14 Dec 2009 14:24:08 + Paul Mansfield it-admin-pfse...@taptu.com wrote: On 12/12/09 16:19, Nenhum_de_Nos wrote: I couldn't upgrade from webui from 1.2.3-RC1 to Release I upgraded a 1.2.3-RC1 to -Release this morning, uploading the full update via web ui and it just worked (TM), so you must have been unlucky :-/ but was no problem as downloading the fullupdate did the job pretty good. can't wait for 2.0 :D thanks, matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Virtual IP ProxyARP vs. CARP
On Wed, Dec 16, 2009 at 7:14 PM, Trevor Benson tben...@a-1networks.com wrote: I noticed that when creating a CARP virtual that it requires it to be attached to an interface with the same network. However when creating a proxy arp, it does not have this requirement. Wouldn't it be logical to allow them to have the same validation check? CARP cannot have VIPs off-subnet, proxy ARP can and in some circumstances is necessary. I have quite a few networks using fibre metro ethernet, and Embarq (formerly sprint) loves to provide transport networks, and public networks. Basically giving you 1.2.3.0/29 for transport (.1 is gateway, .2-.6 usable for firewalls etc.), then assigns you 6.5.4.0/27 for WAN/Public access They should be routing the /27 to a CARP IP on your /29. Then you use Other type VIPs for the /27. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Watch Chris and myself on FLOSS Weekly Live at 4:30 PM EDT
On Wed, 16 Dec 2009 14:26:57 -0800 Oliver Hansen oliver.han...@gmail.com wrote: On Wed, Dec 16, 2009 at 11:38 AM, Scott Ullrich sullr...@gmail.com wrote: http://live.twit.tv Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Cool! I caught the last 30 minutes. Thanks for the mention. is there how to download the whole video ? I searched the site but no luck for me ... thanks, matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org