[pfSense Support] Simultaneous client connection limit / Maximum state entries per host
Hi, I have had a few issues lately compliments of a few machines on our lan been infected with a worm which has caused the state table to be filled. I've increased this to give some more time to react to the problem. I would like to implement the Simultaneous client connection limit / Maximum state entries per host settings to better resolve this problem. My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the option to test only up to a certain amount of connections incase my settings done work at first. Any advice on how to achieve this test would be appreciated, I have various OS's available to run the test from. Thank you in advance for any suggestions. Dominic. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 8:21 AM, Dominic dominic@gmail.com wrote: My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the Would this do it? http://www.smallnetbuilder.com/lanwan/lanwan-howto/31103-how-we-test-hardware-routers-revision-3 I've never used it, but it seems to do what you want to do. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 8:28 AM, David Burgess apt@gmail.com wrote: On Mon, Aug 16, 2010 at 8:21 AM, Dominic dominic@gmail.com wrote: My query though is, how can I test that this is working correctly? Is there a tool that I can use to make connections from a single machine? Ideally something that provides the Would this do it? http://www.smallnetbuilder.com/lanwan/lanwan-howto/31103-how-we-test-hardware-routers-revision-3 Oops, I guess this would be the link to the actual software: http://www.ixchariot.com/downloads.html db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
Well, I know the Ixia solution works but Chariot is a bit expensive (or it was when I looked.) I've used http://www.nominum.com/services/measurement_tools.php for testing DNS. I seem to remember seeing max concurrent requests before the server falls over from the load. I know I've seen something like it for http too, but it was long enough ago that I don't remember what it was called. I know that someone here tried Nessus (http://www.nessus.org) from behind my dev firewall and that did a great job of flooding the state table. You could also try Nmap (http://nmap.org/), but I don't know if it's really agressive enough to fill a state table. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SSD partition alignment in 2.0
On Sat, Aug 7, 2010 at 1:07 PM, David Burgess apt@gmail.com wrote: Is the 2.0 installer aware of 4k sector discs, and does it align its partitions accordingly? I realize better SSD controllers have minimized the effects of partition boundary misalignment, but I still prefer to introduce as little entropy as possible. Call me teutonic. That is a good question. The 2.0 installer uses pc-sysinstaller which I am not entirely sure if it takes into account this or not. However I am looking at adding this utility to the pc-sysinstaller which might help out here: http://lulf.geeknest.org/blog/freebsd/Using_4k_sector_drives/ Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SSD partition alignment in 2.0
On Mon, Aug 16, 2010 at 2:03 PM, Scott Ullrich sullr...@gmail.com wrote: That is a good question. The 2.0 installer uses pc-sysinstaller which I am not entirely sure if it takes into account this or not. Sorry, I meant 2.1 here, not 2.0. However I am looking at adding this utility to the pc-sysinstaller which might help out here: http://lulf.geeknest.org/blog/freebsd/Using_4k_sector_drives/ Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Simultaneous client connection limit / Maximum state entries per host
On Mon, Aug 16, 2010 at 12:46 PM, Steve Haavik shaa...@soc.lib.md.us wrote: You could also try Nmap (http://nmap.org/), but I don't know if it's really agressive enough to fill a state table. nmap is among the best quick and easy ways to open a whole bunch of states. It's what I use most of the time when I'm just looking for a lot of states. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] SSD partition alignment in 2.0
On Mon, Aug 16, 2010 at 12:03 PM, Scott Ullrich sullr...@gmail.com wrote: That is a good question. The 2.0 installer uses pc-sysinstaller which I am not entirely sure if it takes into account this or not. I did an install yesterday and worked on this. I manually changed geometry to 32 heads and 32 sectors and adjusted the cylinders count accordingly, but when I tried to create my partitions the installer insisted on changing the sector count to a number that was divisible by 1008 (in fact the number I gave it was divisible by both 1008 and 1024, but it still complained for some reason). I partitioned with Linux fdisk and then skipped formatting and partitioning with the pfsense installer, as recommended by the installer. I found the whole thing quite confusing, and I'm not 100% positive that I ended up with the desired result, but this is due in part to my lack of understanding of BSD slices. It would be nice to have an installer that automatically handles this, as some SSDs perform hugely better with their partition boundaries aligned to the flash's erase block boundaries, as can be seen on anantech.com's SSD Bench. Not a big issue for standard installs, perhaps, but potentially significant on a loaded squid box, which is exactly my intention. Thanks for the response. Looking forward to this in 2.1. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] iPad ssl vpn client
I can confirm this, though with an iPhone, not iPad. There is even a SBSettings toggle available for OpenVPN. I'm not sure if it works with iOS4 or not though. http://code.gerade.org/tunemu/ Someone else actually built an app too : http://www.guizmovpn.com/ -Original Message- From: Chris Weakland [mailto:chris.weakl...@gmail.com] Sent: Thursday, August 05, 2010 6:34 PM To: support@pfsense.com Subject: Re: [pfSense Support] iPad ssl vpn client If you jailbreak your ipad there is a openvpn client. On Thu, Aug 5, 2010 at 11:13 AM, Vick Khera vi...@khera.org wrote: On Thu, Aug 5, 2010 at 4:28 AM, Seth Mos seth@dds.nl wrote: Viscosity on the Mac works great, but that doesn't apply to iOS. We just punt and use the PPTP client built-in to iOS. It is not really as secure as we'd like but we normally only run ssh or an https connection over it so that part is double secured. I'd *love* to see an OpenVPN client. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
