RE: [pfSense Support] errors that im receiving
To add a few cents .. in my experience collisions are usually attributable in decreasing order to: 1) Faulty ( Bent ) cable, 2) Dicky Transceiver (hit by static or lightning ) 3) Chipset (Thomas Conrad especially, but others are notorious for interframe spacing issues like older Intels ) 4) Switch (again related to inframe spacing issues , i.e. compatibility between NICS and Switch Chipset - again less of an issue in modern networking kit .. but very prevelant +5 years ago. ) 5) Network load. So in other words start fault finding at the hardware layer with the cheapest and easiest components to source for you and by a process of elimination. i.e. try FTPing large files across each link and see what speeds you get and how reliable the connection is. Remember Ethernet DOES have flow control .. so if the frames coming in are filling the buffer the receiver SHOULD tell the transmitter to slow down .. there may be lots of DROPPED packets .. but collisions should only occur in large networks with hundreds of NICS in a very busy network all in the same domain. (aka Hub network) . Ivan. -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: 25 June 2006 05:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving I have a broadband connection, Super fast. That is one of the issues. You think that this is normal. Then connection is used all day. Torrents, email, webserver. For pc's..Also this has nothing to do with pfsense .does anyone know about using a wireless router as a switch and using it for the wireless?? If anyone can help I would love any info. I just want to thank you all for helping me with these issues..yeah that is what I was thinking that the collisions are still a little high..thanks.Steve -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 8:02 PM To: support@pfsense.com Subject: Re: [pfSense Support] errors that im receiving Depends on how much he's using the link :) If he's full throttle p2p on a decent bandwidth broadband connection a 10mbit half duplex interface will quickly build up a LOT of collisions. --Bill On 6/24/06, Holger Bauer [EMAIL PROTECTED] wrote: Actually that sounds too high for my taste ;-) -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 1:49 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Hey Yeah I understand what you are saying and right my uptime id 1 day, 08:04...the 10baseT/UTP wan side has 152710 collisions .Don't really slow down the network. I just don't like it. Thanks for all the help. Steve -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 7:32 PM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Collisions are usually not a problem unless they start to freak out. As collisions are detected the package will be resent. As you have 10 mbit/s between your pfsense and the modem and might most likely have a less bandwidth from ysour modem to your ISP there is enough room to resend a broken package. Unless you are having issues you don't need to switch the modem. You also have to see that the collisioncounter counts since the uptime and is nothing that shows collisions per timeinterval. You can calculate how many collisions actually happen this way with your uptime. Might not be worth to fight with your ISP for a new modem. Holger -Original Message- From: Steve Spiker [mailto:[EMAIL PROTECTED] Sent: Sunday, June 25, 2006 1:13 AM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving Hello Holger, Once again I wanted to say thanks. the reconfiguration works. I no longer have errors with the traffic shaper. I just changed one setting seemed to work.Im going to call my isp and demand a new modem. Does great I just don't want them collisions. SO they have to give me a new modem. Or ill get dsl through my work and get a static ip...Thanks once again. Steve -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Saturday, June 24, 2006 6:43 PM To: support@pfsense.com Subject: RE: [pfSense Support] errors that im receiving It autonegotiates the connection with the opposite end (your modem). Looks like your modem at WAN only can do 10baseT/UTP which is 10 mbit/s halfduplex. In that case you will see some collisions from time to time. In case it's a complete mismatch (one end runs other settings like the other) you will have pretty much collisions or up to (nearly) not usable connection. There are some hidden options to set mode for pfSense but I really recommend not using them as this might make things work (see
RE: [pfSense Support] kudos to Mr. Ullrich and the rest of the pfsense contributors
And remember: Nothing says thank you quite as well as a nice big donation! -Original Message- From: Charles Sprickman [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 10:33 PM To: support@pfsense.com Subject: Re: [pfSense Support] kudos to Mr. Ullrich and the rest of the pfsense contributors On Tue, 4 Apr 2006, Eric W. Bates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pfsense is a remarkably nice bit of work. Yessir! I loaded up the latest release candidate this weekend and I'm happy to report the traffic shaper is working great with my VoIP. The interface is just amazing. Very good work. Charles - -- Eric W. Bates [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEMtWtD1roJTQ4LlERArqnAKCIVeOgaCnpQMlXabf4mnbFhorQDwCgyA9k BCX+BFwfa238wvDgOAyAbzA= =SVvC -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Crash Disk problems
I don't use a UPS on my two firewalls and I they are in a pretty hostile environment, they have been running for more than a year now with no disk failure. My theory is that since they boot up quicker than any other device there is no need to have them on a UPS, since none of the other equipment is on a UPS what would be the point? Like Holger I just power on and off at the wall since its to much trouble to login and reboot. i.e. what I am saying is: its robust enough for me and probably 99% of people. In a commercial environment you would probably add a UPS if the client PCs and Network Switches have backup power. Somewhere on the m0n0 website they suggest using flash memory cards with IDE adapters if robustness is required. In general mechanical ( Power Supplies WITH FANS and HDD's ) are the highest failure items in PC's. MTBF's of around 2-10 hours are what they are designed for. Other PC (IC's processors etc) stuff usually has a MTBFs in the millions of hours .i.e. if you want to build a robust (industrial/mil spec grade ) platforms don't use normal PC powersupplies and HDDs. An Embedded platform with a good 12V DC Transformer with Flash memory would give you a platform that should not fail for many many years. Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Saturday, January 14, 2006 9:30 PM To: support@pfsense.com Subject: AW: [pfSense Support] Crash Disk problems I usually don't shutdown my testmachines properly to see how robust it is under such a condition. I just power them down (I kill the poweruplink of the rack, no acpi button power down). I never had this issue and I have done that a lot of times. Holger -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 13. Januar 2006 19:04 An: support@pfsense.com Betreff: Re: [pfSense Support] Crash Disk problems I've turned my machine off and on many times and have not experienced this issue. On 1/13/06, Pedro Paulo de Magalhaes Oliveira Junior [EMAIL PROTECTED] wrote: Yes. A UPS is one solution... But it seems that usual FreeBSD is more robust in this aspect. -Mensagem original- De: Scott Ullrich [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 13 de janeiro de 2006 15:37 Para: support@pfsense.com Assunto: Re: [pfSense Support] Crash Disk problems Or a UPS On 1/13/06, Pedro Paulo de Magalhaes Oliveira Junior [EMAIL PROTECTED] wrote: Hey Guys, I'm using latest version of pfsense and experienced two disk crashs with two different machines in last days. This usually happens when simulate power failure (something that should happens in a client using pfsense) and when we power on again the loading process stops after the kernel load. Many times it can recover a power failure, but these times no. I don't know if it was bad luck or something wrong. One suggestion, we could keep some parts of pfsense in a Read-Only partition to keep safe. Regards, Pedro Paulo Jr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.371 / Virus Database: 267.14.17/228 - Release Date: 12/1/2006 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Preconfiguration of PFSense?
HI Scott, what about customization of the LiveCD image? Is this possible? i.e. use something like IsoBuster to extract it and put the config.xml on it and as a last step in the setup scripts before reboot copy the config.xml into the right place? Recreate the ISO with ISObuster and you have a customized install with 99% of the config done. I think people that are going to be standardising on a platform and build might find this useful ... Either as a mass rollout or as a way to build commercial products? I didn't check the FAQ, it's just something that occurred to me reading this.. Tx Ivan. PS: It's been a pleasure being envolved with this project. Tx again to the team for all the hard work in getting the Beta out! -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 28, 2005 9:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] Preconfiguration of PFSense? You can stick the config.xml in a conf folder on a usb removable device and it will pick the configuration right up. On 12/28/05, Forrest Aldrich [EMAIL PROTECTED] wrote: Is there a way to preconfigure PFSense for installation. For example, if I use the LiveCD to test out - could I pull it up, then download a config from the internal LAN and install it. Something like that. _F - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Preconfiguration of PFSense?
Cool. Tx. -Original Message- From: Colin Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, December 29, 2005 9:09 AM To: support@pfsense.com Subject: Re: [pfSense Support] Preconfiguration of PFSense? Ivan, Customizing the LiveCD to add additional packages or a different default configuration is something that I will be looking at after 1.1 as a feature for the new package system. Some other users have expressed interest in being able to roll out customized installer discs, and it would be particularly useful for companies looking to bundle their own product. Colin On 12/29/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI Scott, what about customization of the LiveCD image? Is this possible? i.e. use something like IsoBuster to extract it and put the config.xml on it and as a last step in the setup scripts before reboot copy the config.xml into the right place? Recreate the ISO with ISObuster and you have a customized install with 99% of the config done. I think people that are going to be standardising on a platform and build might find this useful ... Either as a mass rollout or as a way to build commercial products? I didn't check the FAQ, it's just something that occurred to me reading this.. Tx Ivan. PS: It's been a pleasure being envolved with this project. Tx again to the team for all the hard work in getting the Beta out! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Features
Multiple PPPoE outbounds? ;) (no need to reply) -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Saturday, December 10, 2005 12:40 AM To: support@pfsense.com Subject: Re: [pfSense Support] Features It depends on what they are, etc. Please contact [EMAIL PROTECTED] with the information. Scott On 12/9/05, John Cianfarani [EMAIL PROTECTED] wrote: Hey Scott, Not sure if you saw my email to you but I wanted to know if you guys would develop features for cash donations? Thanks John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Embedded image
Title: Embedded image Some of the mirrors don't delete previous / pulled versions. the above.net mirrors are typically the most current. From: alan walters [mailto:[EMAIL PROTECTED] Sent: Saturday, December 10, 2005 12:57 PMTo: support@pfsense.comSubject: [pfSense Support] Embedded image Seems that the embedded image is in the updates directory. I guess this is just a mistake. Or is this an update
RE: [pfSense Support] DynDns scheduling issues
As far as I know Crontab is one of the files that is not touched during upgrades.. That's why you have to do it manually with update_file.sh. So no you don't have to do it after the upgrade. Ivan. -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 08, 2005 11:16 AM To: support@pfsense.com Subject: RE: [pfSense Support] DynDns scheduling issues Hello again :-) I upgraded to 95.4 Do I have to do the Update_file.sh /etc/crontab and reboot or is it included with the upgrade??? regards Damien --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, Okay it works for me Thank you... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : Update_file.sh /etc/crontab and reboot -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 7:03 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns scheduling issues Hello, I'm using 95.a and I just got my dyndns account banned... sorry I don't have time to put the logs here... I'll do it tomorrow... regards --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, just for the record, here are my system logs from 94.12, if ever... It is not upgrading the adress properly... I'll upgrade to 0.95.a and keep you informed... regards... Damien --- Scott Ullrich [EMAIL PROTECTED] a écrit : Please upgrade to 0.95.a On 11/29/05, Xtian [EMAIL PROTECTED] wrote: Howdy, I'm on .94.12 (fresh install), did the following as well: - update_file.sh /etc/inc/dyndns.class - Remove the cache file in /cf/conf/dyndns.cache (was not there, since new install) - update_file.sh /etc/crontab Dyndns still does bad stuff: Date: Tue, 29 Nov 2005 18:24:16 -0500 (EST) From: DynDNS Support [EMAIL PROTECTED] To: xxx Subject: Hostname Blocked Due To Abuse Dear Valued Customer: The hostname, xxx.dyndns.org, in account xxx, has been blocked for abuse. This action has been taken due to the receipt of multiple updates originating from the same IP address. Please note, updates which result in the IP address associated with a host changing are NOT considered abusive. Only those updates which result in no change to the host are abusive. Please take a moment to review our Update Abuse Policy here: http://www.dyndns.com/support/abuse.html It is vital that you correct the problem which is resulting in these repeated and unnecessary updates. Once you have corrected this problem, you may request the host be unblocked at the following URL: etc. etc. So, I took a look at the crontab for dyndns, and it was thusly: * */20 * **root/usr/bin/nice -n20 /etc/rc.dyndns.update According to cron's manpage: Step values can be used in conjunction with ranges. Following a range with ''/number'' specifies skips of the number's value through the range. For example, ''0-23/2'' can be used in the hours field to specify command execution every other hour (the alternative in the V7 standard is ''0,2,4,6,8,10,12,14,16,18,20,22''). Steps are also per- mitted after an asterisk, so if you want to say ''every two hours'', just use ''*/2''. So, that'd be right bad to say */20 hours, meaning every 20 hours, because typically, ADSL folks keep their connections for 24 hours and then get reset. Well, all of my DSL lines have always done that. Meaning, there's a good chance my IP stays stable for 24 hours, and every 20 hours I send an update to DynDNS. Evidently DynDNS doesn't ever ever want you to send them the same IP, ever. So, it doesn't make much sense to have any kind of regular DynDNS update, certainly not in cron. What should happen is that when your WAN link dies and gets re-established, and pfSense figures out it has a new WAN IP, that it should at that point send DynDNS its new WAN IP. Not at any other time. Well, thats one thing. Then looking at the logs just now before I send this, I see an entirely different problem: Nov 30 00:48:02 booji php: : DynDns: Running updatedns() Nov 30 00:48:02 booji php: : DynDns: updatedns() starting Nov 30 00:48:02 booji php: : DynDns: _detectChange() starting. Nov 30 00:48:02 booji php: : DynDns: Current WAN === message truncated
RE: [pfSense Support] DynDns scheduling issues
Update_file.sh /etc/crontab and reboot -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Thursday, December 01, 2005 7:03 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns scheduling issues Hello, I'm using 95.a and I just got my dyndns account banned... sorry I don't have time to put the logs here... I'll do it tomorrow... regards --- Damien Dupertuis [EMAIL PROTECTED] a écrit : Hello, just for the record, here are my system logs from 94.12, if ever... It is not upgrading the adress properly... I'll upgrade to 0.95.a and keep you informed... regards... Damien --- Scott Ullrich [EMAIL PROTECTED] a écrit : Please upgrade to 0.95.a On 11/29/05, Xtian [EMAIL PROTECTED] wrote: Howdy, I'm on .94.12 (fresh install), did the following as well: - update_file.sh /etc/inc/dyndns.class - Remove the cache file in /cf/conf/dyndns.cache (was not there, since new install) - update_file.sh /etc/crontab Dyndns still does bad stuff: Date: Tue, 29 Nov 2005 18:24:16 -0500 (EST) From: DynDNS Support [EMAIL PROTECTED] To: xxx Subject: Hostname Blocked Due To Abuse Dear Valued Customer: The hostname, xxx.dyndns.org, in account xxx, has been blocked for abuse. This action has been taken due to the receipt of multiple updates originating from the same IP address. Please note, updates which result in the IP address associated with a host changing are NOT considered abusive. Only those updates which result in no change to the host are abusive. Please take a moment to review our Update Abuse Policy here: http://www.dyndns.com/support/abuse.html It is vital that you correct the problem which is resulting in these repeated and unnecessary updates. Once you have corrected this problem, you may request the host be unblocked at the following URL: etc. etc. So, I took a look at the crontab for dyndns, and it was thusly: * */20 * **root/usr/bin/nice -n20 /etc/rc.dyndns.update According to cron's manpage: Step values can be used in conjunction with ranges. Following a range with ''/number'' specifies skips of the number's value through the range. For example, ''0-23/2'' can be used in the hours field to specify command execution every other hour (the alternative in the V7 standard is ''0,2,4,6,8,10,12,14,16,18,20,22''). Steps are also per- mitted after an asterisk, so if you want to say ''every two hours'', just use ''*/2''. So, that'd be right bad to say */20 hours, meaning every 20 hours, because typically, ADSL folks keep their connections for 24 hours and then get reset. Well, all of my DSL lines have always done that. Meaning, there's a good chance my IP stays stable for 24 hours, and every 20 hours I send an update to DynDNS. Evidently DynDNS doesn't ever ever want you to send them the same IP, ever. So, it doesn't make much sense to have any kind of regular DynDNS update, certainly not in cron. What should happen is that when your WAN link dies and gets re-established, and pfSense figures out it has a new WAN IP, that it should at that point send DynDNS its new WAN IP. Not at any other time. Well, thats one thing. Then looking at the logs just now before I send this, I see an entirely different problem: Nov 30 00:48:02 booji php: : DynDns: Running updatedns() Nov 30 00:48:02 booji php: : DynDns: updatedns() starting Nov 30 00:48:02 booji php: : DynDns: _detectChange() starting. Nov 30 00:48:02 booji php: : DynDns: Current WAN IP: xx.xx.xx.xx Nov 30 00:48:02 booji php: : DynDns: Cached IP: Nov 30 00:48:02 booji php: : DynDns: cacheIP != wan_ip. Updating. Nov 30 00:48:02 booji php: : DynDns: More than 28 days. Updating. Nov 30 00:48:02 booji php: : DynDns: DynDns _update() starting. Nov 30 00:48:03 booji php: : DynDns: DynDns _checkStatus() starting. Nov 30 00:48:03 booji php: : DynDns: Current Service: dyndns Nov 30 00:48:03 booji php: : phpDynDNS: PAYLOAD: abuse Nov 30 00:48:03 booji php: : phpDynDNS: (Unknown Response) Nov 30 00:49:01 booji php: : DynDns: Running updatedns() Nov 30 00:49:01 booji php: : DynDns: updatedns() starting Nov 30 00:49:01 booji php: : DynDns: _detectChange() starting. Nov 30 00:49:01 booji php: : DynDns: Current WAN IP: xx.xx.xx.xx Nov 30 00:49:01 booji php: : DynDns: Cached IP: Nov 30 00:49:01 booji php: : DynDns: cacheIP != wan_ip. Updating. Nov 30 00:49:01 booji php: : DynDns: More than 28 days. Updating. Nov 30 00:49:01 booji php: : DynDns: DynDns _update() starting. Nov 30 00:49:02 booji php: : DynDns: DynDns _checkStatus() starting. Nov 30 00:49:02
RE: [pfSense Support] 0.95 DynDns Doesn't Work
0.95a verified working on DynDns (custom) with the steps below. Thanks so much Scott! -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 29, 2005 8:16 PM To: support@pfsense.com Subject: Re: [pfSense Support] 0.95 DynDns Doesn't Work Found the problem. Perform the instructions I mentioned in the last email, in addition to: update_file.sh /etc/inc/dyndns.class On 11/29/05, Scott Ullrich [EMAIL PROTECTED] wrote: That code is fine. Thats only executed from the webgui. Remove the cache file in /cf/conf/dyndns.cache then trigger an update. Make sure your crontab is current: update_file.sh /etc/crontab Scott On 11/29/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI Ok so it still doesn't work.. I think it's the cache file.. Either it's not being updated or it shouldn't be trusted wherever it gets its data from ? Nov 29 19:05:31 php: : phpDynDNS: No Change In My IP Address and/or 28 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 29 19:05:31 php: : DynDns: Cached IP: 165.165.202.222 Nov 29 19:05:31 php: : DynDns: Current WAN IP: 165.165.202.222 Nov 29 19:05:31 php: : DynDns: _detectChange() starting. Nov 29 19:05:31 php: : DynDns: updatedns() starting Nov 29 19:05:31 php: : DynDns: Running updatedns() Nov 29 19:05:28 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 165.165.202.222. FRom DYNDNS: frimmel.net 165.165.199.239 Thu Nov 24 10:48:45 2005 I decided to take the plunge and delve into the depths ( or scratching the surface depends on perspective) ... I did spot this in services_dyndns, whether it has any relevance I don't know: /* nuke the cache file */ config_lock(); services_dyndns_reset(); $retval = services_dyndns_configure(); $retval |= services_dnsupdate_process(); config_unlock(); $savemsg = get_std_save_message($retval); On line 5 after $retval, the pipe is something that concerns me .. I am not familiar with PHP but it looks out of place? As you can see I have not had a working DynDns for more than a week since I came off 0.90a .. So I am determined to get this one nailed .. Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] 0.95 DynDns Doesn't Work
Title: 0.95 DynDns Doesn't Work HI Ok so it still doesn't work.. I think its the cache file.. Either it's not being updated or it shouldn't be trusted wherever it gets its data from ? Nov 29 19:05:31 php: : phpDynDNS: No Change In My IP Address and/or 28 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 29 19:05:31 php: : DynDns: Cached IP: 165.165.202.222 Nov 29 19:05:31 php: : DynDns: Current WAN IP: 165.165.202.222 Nov 29 19:05:31 php: : DynDns: _detectChange() starting. Nov 29 19:05:31 php: : DynDns: updatedns() starting Nov 29 19:05:31 php: : DynDns: Running updatedns() Nov 29 19:05:28 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 165.165.202.222. FRom DYNDNS: frimmel.net 165.165.199.239 Thu Nov 24 10:48:45 2005 I decided to take the plunge and delve into the depths ( or scratching the surface depends on perspective) I did spot this in services_dyndns, whether it has any relevance I don't know: /* nuke the cache file */ config_lock(); services_dyndns_reset(); $retval = services_dyndns_configure(); $retval |= services_dnsupdate_process(); config_unlock(); $savemsg = get_std_save_message($retval); On line 5 after $retval, the pipe is something that concerns me .. I am not familiar with PHP but it looks out of place? As you can see I have not had a working DynDns for more than a week since I came off 0.90a .. So I am determined to get this one nailed .. Tx Ivan.
RE: [pfSense Support] DynDns Broken again on 94.10?
My last DynDns update was when I was on 0.90a last week ... i.e. its not updating either immediately or due to cron job. Only thing I can think of is that I have been doing upgrades all the time .. What is the difference between doing upgrades all the time, and doing a full re-install from an endstate perspective? -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 10:44 AM To: support@pfsense.com Subject: RE: [pfSense Support] DynDns Broken again on 94.10? I have the same config, to know for sure if it works, you'll have to wait one day, because the bug appears only after one day... regards... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : HI I have a custom DynDns account with PPPoE dialup via DSL. Not working on 2 boxes running 94.12. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 10:29 AM To: support@pfsense.com Subject: AW: [pfSense Support] DynDns Broken again on 94.10? Please report the dyndns service that works/works not as well and what kind of WAN you are using. It might apply only to a certain dyndns service/wan type. Holger -Ursprüngliche Nachricht- Von: Damien Dupertuis [mailto:[EMAIL PROTECTED] Gesendet: Montag, 28. November 2005 08:59 An: support@pfsense.com Betreff: RE: [pfSense Support] DynDns Broken again on 94.10? I installed it too 94.12, It seems to work... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : Appologies.. Make that 94.12 -Original Message- From: Frimmel, Ivan (ISS South Africa) Sent: Monday, November 28, 2005 9:50 AM To: 'support@pfsense.com' Subject: RE: [pfSense Support] DynDns Broken again on 94.10? HI 90.12 doesn't fix it. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, November 27, 2005 7:14 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns Broken again on 94.10? Please try 0.94.12 or the about to be released 0.94.14 and report back. On 11/24/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Hello, some days ago I updated to version 94.4 and the bug reappared!!! I was forced to turn off the dyndns client to access the net... I hav'nt found the time to write... sorry... Regards --- Scott Ullrich [EMAIL PROTECTED] a écrit : We have not made any changes to this subsystem. On 11/24/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI All Is anybody experiencing new problems on 94.10 with DynDns not being updated anymore after IP changes on PPPoE? Scott around the 1st of Nov you requested that I do a manual update_file.sh /etc/rc.newwanip on 090a which finally fixed it .. Perhaps you didn't commit this to the build ?? I am going to try it again and see if it works.. Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ _ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ _ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - === message truncated === ___ Appel audio GRATUIT partout dans le monde avec le
RE: [pfSense Support] DynDns Broken again on 94.10?
HI .. Where are the logs stored? Not /tmp .. I looked.. From the web interface - System logs Nov 28 18:23:20 php: /services_dyndns.php: phpDynDNS: No Change In My IP Address and/or 28 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 28 18:23:20 php: /services_dyndns.php: DynDns: Cached IP: 165.165.202.222 Nov 28 18:23:20 php: /services_dyndns.php: DynDns: Current WAN IP: 165.165.202.222 Nov 28 18:23:20 php: /services_dyndns.php: DynDns: _detectChange() starting. Nov 28 18:23:20 php: /services_dyndns.php: DynDns: updatedns() starting Nov 28 18:23:20 php: /services_dyndns.php: DynDns: Running updatedns() From DynDns.com domain IP Last Updated frimmel.net 165.165.199.239Thu Nov 24 10:48:45 2005 From the Web Interface - Interfaces WAN interface Status up PPPoE up MAC address 00:30:48:22:8c:2c IP address 165.165.202.222 Does this help? Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 5:37 PM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns Broken again on 94.10? Can we see the system logs that pertain to phpDynDns? On 11/28/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: My last DynDns update was when I was on 0.90a last week ... i.e. its not updating either immediately or due to cron job. Only thing I can think of is that I have been doing upgrades all the time .. What is the difference between doing upgrades all the time, and doing a full re-install from an endstate perspective? -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 10:44 AM To: support@pfsense.com Subject: RE: [pfSense Support] DynDns Broken again on 94.10? I have the same config, to know for sure if it works, you'll have to wait one day, because the bug appears only after one day... regards... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : HI I have a custom DynDns account with PPPoE dialup via DSL. Not working on 2 boxes running 94.12. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 10:29 AM To: support@pfsense.com Subject: AW: [pfSense Support] DynDns Broken again on 94.10? Please report the dyndns service that works/works not as well and what kind of WAN you are using. It might apply only to a certain dyndns service/wan type. Holger -Ursprüngliche Nachricht- Von: Damien Dupertuis [mailto:[EMAIL PROTECTED] Gesendet: Montag, 28. November 2005 08:59 An: support@pfsense.com Betreff: RE: [pfSense Support] DynDns Broken again on 94.10? I installed it too 94.12, It seems to work... --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : Appologies.. Make that 94.12 -Original Message- From: Frimmel, Ivan (ISS South Africa) Sent: Monday, November 28, 2005 9:50 AM To: 'support@pfsense.com' Subject: RE: [pfSense Support] DynDns Broken again on 94.10? HI 90.12 doesn't fix it. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, November 27, 2005 7:14 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns Broken again on 94.10? Please try 0.94.12 or the about to be released 0.94.14 and report back. On 11/24/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Hello, some days ago I updated to version 94.4 and the bug reappared!!! I was forced to turn off the dyndns client to access the net... I hav'nt found the time to write... sorry... Regards --- Scott Ullrich [EMAIL PROTECTED] a écrit : We have not made any changes to this subsystem. On 11/24/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI All Is anybody experiencing new problems on 94.10 with DynDns not being updated anymore after IP changes on PPPoE? Scott around the 1st of Nov you requested that I do a manual update_file.sh /etc/rc.newwanip on 090a which finally fixed it .. Perhaps you didn't commit this to the build ?? I am going to try it again and see if it works.. Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ _ Appel audio GRATUIT partout dans le monde avec
RE: [pfSense Support] DynDns Broken again on 94.10?
Appologies.. Make that 94.12 -Original Message- From: Frimmel, Ivan (ISS South Africa) Sent: Monday, November 28, 2005 9:50 AM To: 'support@pfsense.com' Subject: RE: [pfSense Support] DynDns Broken again on 94.10? HI 90.12 doesn't fix it. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, November 27, 2005 7:14 AM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns Broken again on 94.10? Please try 0.94.12 or the about to be released 0.94.14 and report back. On 11/24/05, Damien Dupertuis [EMAIL PROTECTED] wrote: Hello, some days ago I updated to version 94.4 and the bug reappared!!! I was forced to turn off the dyndns client to access the net... I hav'nt found the time to write... sorry... Regards --- Scott Ullrich [EMAIL PROTECTED] a écrit : We have not made any changes to this subsystem. On 11/24/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI All Is anybody experiencing new problems on 94.10 with DynDns not being updated anymore after IP changes on PPPoE? Scott around the 1st of Nov you requested that I do a manual update_file.sh /etc/rc.newwanip on 090a which finally fixed it .. Perhaps you didn't commit this to the build ?? I am going to try it again and see if it works.. Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ _ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] captive portal - Is this possible?
Ethereal and a network card that allows you to change macs .. Trivial. Access to a network needs to be properly controlled (wired or wireless). Security needs to be designed in.. Physical access is never a deterant for the truly motivated. -Original Message- From: jonathan gonzalez [mailto:[EMAIL PROTECTED] Sent: Saturday, November 12, 2005 4:35 AM To: support@pfsense.com Subject: Re: [pfSense Support] captive portal - Is this possible? spoofed ip/arp ;) ?? Szasz Revai Endre wrote: Hello, Today I noticed a user time out using the captive portal: Oct 30 10:20:18 logportalauth[56054]: TIMEOUT: shimon, 00:07:95:d3:d2:97, 192.168.11.100 http://192.168.11.100 It is using an ip from the class of the lan. The problem is, that I assign ip addresses to all the users of the LAN, with static arp entries. This user is not in the list (not the ip, nor mac address). How is that possible that he logged on from that ip? He shouldn't even be seeing the pfsense gateway if I have static arp entries, right? Any wild guesses? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] WAN DHCP not working ?
I echo that ! I've used 3coms through the many generations on various os's.. They even sucked hard under DOS(3c509) and even worse under Novell .. One might have thought they could get there sh*t together over time .. But alas .. not. Broadcoms and Intels are generally the best in my experience a lot of the old drivers work on current generations of cards .. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 15, 2005 4:45 AM To: support@pfsense.com Subject: Re: [pfSense Support] WAN DHCP not working ? On 11/14/05, Emanuel A. Gonzalez [EMAIL PROTECTED] wrote: Well, thanks Scott, you were right, the problem isn't the new release, but hardware. I have changed the nic before, but seems that the 3COM 3C905-TX has some issues, cause both nics I tried were this model, and both had the same problem. After I decided to change to an IBM Nic, the problem was solved, now I'm running on 0.93.2. Perhaps is a bug with the driver for this card, cause it was working just fine with any other previous version. Anyway, thanks again for your support and help! Somehow, the fact that this was a 3com card that had issues doesn't surprise me. :-/ 3Com cards have a very bad reputation in the bsd world - while quite popular, they seem to suck pretty bad and the many changes in the card make driver support not so good. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DYNDNS fixed
As long as you committed it? ;) -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, November 03, 2005 6:58 PM To: support@pfsense.com Subject: Re: [pfSense Support] DYNDNS fixed I honestly cannot remember now :/ It's been a long week. Either way I'll be releasing a new version later today. Scott On 11/3/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: 90a with Scotts update_file.sh /etc/rc.newwanip from Sunday. I am guessing this was not included in 90a? Tx Ivan. -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 02, 2005 8:25 PM To: support@pfsense.com Subject: RE: [pfSense Support] DYNDNS fixed Hello, What version??? Modifications??? Thank you !!! :-) regards Damien --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : My IP changed yesterday and it was detected and registered successfully. I think this one is fixed finally. Tx Ivan. __ _ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DYNDNS fixed
90a with Scotts update_file.sh /etc/rc.newwanip from Sunday. I am guessing this was not included in 90a? Tx Ivan. -Original Message- From: Damien Dupertuis [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 02, 2005 8:25 PM To: support@pfsense.com Subject: RE: [pfSense Support] DYNDNS fixed Hello, What version??? Modifications??? Thank you !!! :-) regards Damien --- Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] a écrit : My IP changed yesterday and it was detected and registered successfully. I think this one is fixed finally. Tx Ivan. ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DYNDNS fixed
Title: DYNDNS fixed My IP changed yesterday and it was detected and registered successfully. I think this one is fixed finally. Tx Ivan.
RE: [pfSense Support] Problems in version 0.90
I get the same when going to pkg_mgr. -Original Message- From: Tommaso Di Donato [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 11:26 AM To: support@pfsense.com Subject: [pfSense Support] Problems in version 0.90 Hi guys! In a fresh new install of pfSense 0.90, I have the folloeing error in system_firmware_check.php: Warning: raiseerror(PEAR.inc): failed to open stream: No such file or directory in /etc/inc/xmlrpc_client.inc on line 562 Warning: raiseerror(): Failed opening 'PEAR.inc' for inclusion (include_path='.:/etc/inc:/usr/local/www:/usr/local/captiveportal') in /etc/inc/xmlrpc_client.inc on line 562 Fatal error: Undefined class name 'pear' in /etc/inc/xmlrpc_client.inc on line 564 The same goes for pkg_mgr.php. Except for these 2 pages, seems to have no problems. TIA Tom - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dump states featue
For my own reference please .. The role of a firewall is supposed to be a filter rather than a router or a front end load balancer? If there is this much inbound traffic clearly other solutions would be appropriate? Or am I wrong? -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 8:02 PM To: support@pfsense.com Subject: RE: [pfSense Support] Dump states featue On Mon, 2005-10-31 at 11:28 -0600, Fleming, John (ZeroChaos) wrote: FYI a PIX 520 (the 300 mhz version) can not handle 50,000 entries in the state table. It may on paper, but just because it has enough ram. I want to say it starts to have problems at about 35,000, but then again all my PIX firewalls were fully loaded with nics (6 10/100 I think). Right. I guess number of states is not only issue - packet rate is other thing - the state which is having packet passing by once per minute is different than one which constantly needs attention. Number of rules is another ( I had single rule in this test) And I guess 300Mhz CPU is a lot different from 2.4Ghz I have :) Kind of funny to boot a 520 and hear a video failure beep code. :) -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 10:48 AM To: support@pfsense.com Subject: Re: [pfSense Support] Dump states featue On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote: If you want to push 50,000 states do you think this box is enough juice? With that amount of states it seems you want to use much better hardware. Well... I'm not going to have 50.000 states - I'm just stress testing to see the limit. Now I see these number of states takes just few MB of memory - I never got amount of memory used over 15% CPU usage in my understanding should grow with number of packets and rules - states are secondary. It must be implemented as hash table with semi-constant lookup time. And once again - my problem is not amount of packets I can pass at this point but the way it keeps up with high load. Also This is better hardware which is included in Most of Firewalls. For example SonicWall 2040 has 800Mhz x86 CPU, Cisco PIX - 300Mhz Celeron. They might have some extra hardware offloading but also have extra features such as deep packet inspections etc. On 10/30/05, Peter Zaitsev [EMAIL PROTECTED] wrote: On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote: If you don't mind me asking, what hardware are you running pfsense on for these tests? This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz 2 Intel 1Gbit NICs This seems to be much better than all firewalls below 5K$ have :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Diagnostics: DHCP leases v0.88
From what I can recall from IP 101 I did years ago .. Pinging a host will still resolve an IP to MAC (ARP), the host may not echo the ICMP back.. But you should still get an ARP table entry on the requestor.. Am I wrong? -Original Message- From: Stefan Ivascu [mailto:[EMAIL PROTECTED] Sent: Monday, October 24, 2005 10:55 AM To: support@pfsense.com Subject: Re: [pfSense Support] Diagnostics: DHCP leases v0.88 I think it would be better to combine those 2, only using ping can be a little obscure, what if a user drops icmp packages, and the machine apears to be down when it is actualy alive?. What about trying to do a sniff of some sort on the network, to see if the machine has any kind of trafic ? Frimmel, Ivan (ISS South Africa) wrote: What about doing a ping back to the device rather than using ARP ? Then you can use the live/dead terminology instead? i.e. do a ping on a static lease to determine actual status client status? I would rather know if the device is up rather than whether it has requested/renewed its lease? -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Sunday, October 23, 2005 2:07 AM To: support@pfsense.com Subject: Re: [pfSense Support] Diagnostics: DHCP leases v0.88 On 10/22/05, Imre Ispanovits [EMAIL PROTECTED] wrote: Hi, I noticed that on the Diagnostics: DHCP leases page all static leases (I have only this kind) shows as offline. I am using v.88 CF image on a PC (Bao's image), but I guess that this is not Cf dependent. _all_ of them? Even the one for the machine you are connecting to the admin interface from? The online/offline comes directly from the ARP cache of the firewall - online really just means it's active, but active was already taken (and I couldn't come up with a better name for what active did). If someone can come up with better wording for the 'active' lease, which is just a lease that isn't expired (ie. someone actually has a valid lease on it), then I'll change the online/offline text to active/inactive (which really makes more sense for what it's checking). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Diagnostics: DHCP leases v0.88
Agreed topic dropped. The passive approach seems safer. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Monday, October 24, 2005 4:23 PM To: support@pfsense.com Subject: Re: [pfSense Support] Diagnostics: DHCP leases v0.88 Frimmel, Ivan (ISS South Africa) wrote: Again from IP 101(many years back so I could be wrong ) What about pinging the broadcast .. This should highlight some less talkative ips on the local subnet ? And localise icmp traffic .. Ideal for small networks ? Nope. Most machines don't respond to pings to the broadcast address anymore, for good reason. The old smurf attack used this, amongst other mischief, so most well-behaved network stacks won't respond to such crap. From some quick tests, looks like around 10-20% of network hosts will respond, mostly printers and similar equipment. Pinging from the firewall, no matter how you do it, is a *bad idea*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Outgoing Load Balancing mini-howto
And does CARP have to be running? I think the answer to 6 would be something like a DNS box on the ISP's network .. or perhaps even something like www.microsoft.com ? -Original Message- From: Rajkumar S [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:59 AM To: support@pfsense.com Subject: [pfSense Support] Outgoing Load Balancing mini-howto Hi, I have some clarifications about the Outgoing Load Balancing mini-howto. I assume this is about sharing two internet links so that outbound traffic flows to both of them. 1. visit services - load balancer 2. delete any pools that are there that do not work 3. add a new pool and call it loadbalancetowans or something descriptive 4. set the description to load balancing from lan - internet or something descriptive 5. set the type to gateway 6. in the monitor ip box, set a box upstream from this router that can be polled (via tcp socket) to ensure link is up What is this monitor ip? If I have two internet connections, which ip can I specify here? 7. in the ip box type in the 1st router gateway ip I assume this to be the gateway of first internet connection. 8. repeat for the second gateway Gateway of second internet connection and so on... raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Sesamie Street on 086.2
I scoured all the webgui pages .. but I dont seem to find a simple way to make my router beep on up or down .. is it a shell command that I need to add the rc scripts? PS: Update_file.sh after 086.2 upgrade and then reset password from console fixes the webgui issue for me.
RE: [pfSense Support] Sesamie Street on 086.2
On my hands and knees.. it does;) They are amongst other more noisy equipment. I had to increase pitch to 2400,2450 and 2500 to get a more noticeable noise ;). -p 2500 gives you a very nice audible(annoying?) tone. 200ms makes it sound like a cat being pressed in a vice.. not pleasant, but effective. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 8:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sesamie Street on 086.2 It should just work. Try running beep.sh from the console. Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: I scoured all the webgui pages .. but I don't seem to find a simple way to make my router beep on up or down .. is it a shell command that I need to add the rc scripts? PS: Update_file.sh after 086.2 upgrade and then reset password from console fixes the webgui issue for me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Sesamie Street on 086.2
2 profiles then ? Loud annoying or Smooth and Neighbour/partner friendly?! No seriously .. I think this is one feature that people can roll their own with now that the script is their? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:15 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sesamie Street on 086.2 Oh really? I thought that it was kinda loud last night when I rebooted the machine at 5 am :) Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: On my hands and knees.. it does;) They are amongst other more noisy equipment. I had to increase pitch to 2400,2450 and 2500 to get a more noticeable noise ;). -p 2500 gives you a very nice audible(annoying?) tone. 200ms makes it sound like a cat being pressed in a vice.. not pleasant, but effective. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 8:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sesamie Street on 086.2 It should just work. Try running beep.sh from the console. Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: I scoured all the webgui pages .. but I don't seem to find a simple way to make my router beep on up or down .. is it a shell command that I need to add the rc scripts? PS: Update_file.sh after 086.2 upgrade and then reset password from console fixes the webgui issue for me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Sesamie Street on 086.2
If you build it they will come .. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:23 PM To: support@pfsense.com Subject: AW: [pfSense Support] Sesamie Street on 086.2 we can start selling ringtones at some point for $1? lol Holger -Ursprüngliche Nachricht- Von: Scott Ullrich [mailto:[EMAIL PROTECTED] Gesendet: Sonntag, 9. Oktober 2005 21:22 An: support@pfsense.com Betreff: Re: [pfSense Support] Sesamie Street on 086.2 I think so. I'm not sure how much effort we should spend on modifying the sounds of pfSense. ;) Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: 2 profiles then ? Loud annoying or Smooth and Neighbour/partner friendly?! No seriously .. I think this is one feature that people can roll their own with now that the script is their? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:15 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sesamie Street on 086.2 Oh really? I thought that it was kinda loud last night when I rebooted the machine at 5 am :) Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: On my hands and knees.. it does;) They are amongst other more noisy equipment. I had to increase pitch to 2400,2450 and 2500 to get a more noticeable noise ;). -p 2500 gives you a very nice audible(annoying?) tone. 200ms makes it sound like a cat being pressed in a vice.. not pleasant, but effective. Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 8:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] Sesamie Street on 086.2 It should just work. Try running beep.sh from the console. Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: I scoured all the webgui pages .. but I don't seem to find a simple way to make my router beep on up or down .. is it a shell command that I need to add the rc scripts? PS: Update_file.sh after 086.2 upgrade and then reset password from console fixes the webgui issue for me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] MASTER MASTER on CARP 086.2
yes. ADV skew 100 on backup .. I re-created them a few times after 086 .. same behaviour. I wanted to see if 86.2 fixed it perhaps. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] MASTER MASTER on CARP 086.2 One machine should have a advertising skew higher than the master. Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: OK .. so carp is working great for Outbound LB/DHCP Failover/Gateway. One question .. something has changed.. ( or the fact that I now understand which check boxes do what ) BOTH machines go Master. Previously it would go Master / Backup , depending on ADV Freq. Now both Go Master, regardless of Pre-Emption or LB or any other setting I have tried to change lately. Is this normal ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] MASTER MASTER on CARP 086.2
Proto Source PortDestination PortGateway Description * Sync net* * * * On both? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:38 PM To: support@pfsense.com Subject: Re: [pfSense Support] MASTER MASTER on CARP 086.2 I am not seeing this behavior in any of my 3 install locations. Make sure your sync interface has allow all rules on them? Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: yes. ADV skew 100 on backup .. I re-created them a few times after 086 .. same behaviour. I wanted to see if 86.2 fixed it perhaps. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Sunday, October 09, 2005 9:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] MASTER MASTER on CARP 086.2 One machine should have a advertising skew higher than the master. Scott On 10/9/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: OK .. so carp is working great for Outbound LB/DHCP Failover/Gateway. One question .. something has changed.. ( or the fact that I now understand which check boxes do what ) BOTH machines go Master. Previously it would go Master / Backup , depending on ADV Freq. Now both Go Master, regardless of Pre-Emption or LB or any other setting I have tried to change lately. Is this normal ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] DynDns still being blocked for abuse.
Seems fixed now .. tx. -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 05, 2005 12:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] DynDns still being blocked for abuse. The fixes for dyndns in 0.86 no longer cause my dyndns account to be blocked, but the dyndns client is still running every minute after 2:01 am. The line for dyndns in my crontab is as follows: 1 2 * * * root/usr/bin/nice -n20 /etc/rc.dyndns.update This should run ONLY at 2:01 am each day, but it's running much more than that according to var/etc/dyndns.debug. FreeBSD doesn't require anything special for changes to the /etc/crontab file to actually take effect, does it? Ivan, if yours is still being blocked for abuse then you have this crontab problem like I do, but for some reason the dyndns client is incorrectly trying to update your IP address every time it runs. On 10/5/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: I have updated crontab on both my routers.. DynDns is still being blocked for abuse. ( both custom and dynamic 2 different routers ). 086. Tx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DynDns still being blocked for abuse.
I have updated crontab on both my routers.. DynDns is still being blocked for abuse. ( both custom and dynamic 2 different routers ). 086. Tx
[pfSense Support] update_file.sh overwrites captiveportal.inc
HI .. No sure if this is a bug .. or a feature request, so I havent logged a ticket yet. I just realized why I need to keep disabling captiveportal then goto console, drop to shell, disable captive portal do upgrade from .gz file to recover. When doing an update_file.sh the very first file it attempts to pull down is captiveportal.inc. IF the WAN connection is not up, it looks like it still overwrites this file, even if it doesnt get a new file. This in turn breaks captiveportal, which means I cant access the firewall at all except through the console, from where I either need to do a upgrade or another update_file.sh which then fixes things again. Could we not add a simple hash check on the files that the script downloads ? Or at the very least get the script to check that it actually downloaded something before trashing the existing file? Thinking about it .. I guess later on when the firmware update mechanism is activated this is something we would need, i.e. internal file version check, compare, d/l(if older), hash and size check, assemble update package, replace/apply all diffs? Tx Ivan.
RE: [pfSense Support] update_file.sh overwrites captiveportal.inc
I ran it last night prior to 0.86 and that's when the fun stuff hit the fan. I know it's a developer tool that's why I didn't open a ticket. But it is a very nice to have tool for non developers too that can't wait for official releases ;) tx -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, October 03, 2005 2:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] update_file.sh overwrites captiveportal.inc updarte_file.sh is meant for updating files after a developer makes a change. why are you running this program when 0.86 is out!? Scott On 10/3/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI .. No sure if this is a bug .. or a feature request, so I haven't logged a ticket yet. I just realized why I need to keep disabling captiveportal then goto console, drop to shell, disable captive portal do upgrade from .gz file to recover. When doing an update_file.sh the very first file it attempts to pull down is captiveportal.inc. IF the WAN connection is not up, it looks like it still overwrites this file, even if it doesn't get a new file. This in turn breaks captiveportal, which means I can't access the firewall at all except through the console, from where I either need to do a upgrade or another update_file.sh which then fixes things again. Could we not add a simple hash check on the files that the script downloads ? Or at the very least get the script to check that it actually downloaded something before trashing the existing file? Thinking about it .. I guess later on when the firmware update mechanism is activated this is something we would need, i.e. internal file version check, compare, d/l(if older), hash and size check, assemble update package, replace/apply all diffs? Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] DynDns Still being blocked?
HI I am still having a problem with my DnyDns account being blocked for abuse? Is there something I have do on my setup to fix this? I am on 0.86.
RE: [pfSense Support] CARP Master/Backup goes to INIT update
Now working. Thanks! -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 5:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] CARP Master/Backup goes to INIT update Ahh yes. The DISABLE/ENABLE button needs to be updated. Good catch. I'll fix in a bit. Scott On 9/29/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI I just did another update_file.sh .. and re-setup CARP. Doing a Reboot brings CARP up into Master as expected ;) ( I can't turn on the slave to test if it is 100%.. but the behavior seems better) So this part seems fixed. HOWEVER - It still insists on going back to INIT .. when pressing DISABLE/ENABLE button. Ifconfig carp0 up brings it back up. Something is not right in the DISIABLE / ENABLE button script on the CARP page. BTW : DynDns with PPPoE seems to be fixed over the last few releases. Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] LB and pre-emption on CARP?
So its one or the other. Not both. That clears things up a lot ! thanks! -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 6:35 PM To: support@pfsense.com Subject: Re: [pfSense Support] LB and pre-emption on CARP? On 9/29/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: [snip] 1) What does the load balancing option in CARP page do? It's a poor way of load balancing based on the HASH AFAIK. From the manpage: net.inet.carp.arpbalance Balance local traffic using ARP. 2) If load balancing is enable on the CARP page do we still have to setup the LB service? I'm pretty sure you will want to go with our load balancing system that uses slbd. 3) In the LB service .. do I setup the virtual IP(124) into the LB pool ( LAN GW to WAN ? ) Or do I use the 2 physical GW IPS of the routers (125 and 126)? See http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing and http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing for examples. 4) If I use pre-emption, one is master another is slave, does it still LB? It seems from the reading room .. only masters LB? i.e. to LB using CARP pre-emption needs to be off so you can have 2 masters? Not really sure. I've never really used the arp balancing feature as I hear that it doesn't do a good job.. But this may have changed recently. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] beep on ready suggestion
I remember being able to play mods through the pc speaker ;) From this thread : http://lists.freebsd.org/pipermail/freebsd-multimedia/2003-April/30.html mplayer -ao oss:/dev/pcaudio -vo aa .. but I suspect oss is not turn on in the kernel? -Original Message- From: Andrew Harvey [mailto:[EMAIL PROTECTED] Sent: Friday, September 30, 2005 9:05 AM To: support@pfsense.com Subject: Re: [pfSense Support] beep on ready suggestion That would simply require that when the menu displays for the first time, you echo the ^G character? That menu is PHP, isn't it? So that should be simple enough Andrew On 30/09/2005, at 4:58 PM, Oscar Forsström wrote: I agree! That would be a great feature! Jonathan Woodard wrote: I don't exactly remember which version i started out with but many burned .iso's later we arrive at 0.85 and finally pfsense installed the first time without much of a problem. I wish to say congrats to the development people and the people in this mailing list as i have poured over the lists trying to get things to work. i'm very impressed with how things are progressing and the level of support someone can get here. I wonder if i could make another small suggestion now, i remember using various firewall/router distros in the past and most all of them had a simple feature of beeping in some fashion to tell the user that the machine is up and ready for traffic. i never realized how much i liked that until i didn't have it with monowall. i was wondering if something like this could be added to pfsense. I think users with a completely headless machine would agree that this would be helpful. and I know I would appreicate it very much, thank you :-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Rpppoe
2 pppoe need 2 boxes with load balancing. You can't have 2 pppoes on one box. -Original Message- From: Marcin Jessa [mailto:[EMAIL PROTECTED] Sent: Friday, September 30, 2005 12:32 PM To: support@pfsense.com Subject: Re: [pfSense Support] Rpppoe On Fri, 30 Sep 2005 12:28:46 +0200 Mark Geary [EMAIL PROTECTED] wrote: So how do I set it up to dial both pppoe connections? What both PPPoE connections? You mean two at the same time? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dyndns is being banned
HI I am using Dyndns.. (dynamic) .. They have banned me for the 2nd time this week. I have been rebooting the router a lot lately (testing CARP).. would this do it? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
RE: [pfSense Support] 050.2 CARP won't go Master or Backup
HI Firstly I didn't have time yet to do another update_file.sh so the problem may already be fixed.. but in the interim: After the update_file.sh I did yesterday morning .. I have an intermittent issue which I think is also related.. ng0 goes down, AND stays down, even after reboots. Doing another upgrade(downgrade) via the web interface to 085.6(.tar.gz) fixed the ng0 down problem. Although I could manually ifconfig ng0 up to bring the route up again but after reboot it would go down again. I suspect carp is not coming up because ng0 doesn't come up? Tx all. Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 4:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] 050.2 CARP won't go Master or Backup You need to update_file.sh /etc/rc.bootup as well. The carp interfacs are brought up at the very end now. Scott On 9/28/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: Ok, so I spent sometime on this, this morning. One of the problems I had yesterday during update_file.sh (on 085.4).. it somehow broke OPT1(sync) and kept making it disabled. So carp would never come up, once I got this sorted by going to 085.6 I could go forward. So .. 1) I brought router2 back up and did all upgrades and reconfigured CARP; 2) CARP still behaves badly 3) Did another update_file.sh after 085.6, CARP haves badly. It may go master/backup first time, but when doing disable/enable it stays init on BOTH routers. I dropped to a shell .. and simply did a ifconfig carp0 up on both. CARP comes up in the appropriate mode(master/backup) and virtual IPs work again as expected. i.e. this fixes the issue. Disable/enable button breaks it again. i.e. a working server as Master will go back to init after hitting enable/disable. Hope this helps? Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 1:49 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup ok, I have experienced some strange problems bringing up CARP-Interfaces here as well (quite reproducable but also a bit sporadic). Scott did several changes and he finally came up with something that now is running on my systems without any problems any more (my systems are also syncing via a crossover-cable, no switch in between). Ivan, if you can please crosslink your systems again and do a update_file.sh /etc/inc/interfaces.inc on both system before testing again. To have a switch between two machines is needed if you have more than 2 machines in the cluster but with only two machines it's an additional point of failure if the switch dies or only has powerfailure. Syncing should work with crosslink-cables too. So if you can give it a try and report back we would appreciate it. Thank you in advance, Holger -Ursprüngliche Nachricht- Von: Bill Marquette [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 20:20 An: support@pfsense.com Betreff: Re: [pfSense Support] 050.2 CARP won't go Master or Backup On 9/27/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1. OK so you guys are going to laugh at me. I do feel stupid. As a fault finding procedure and just to get connectivity back I halted router2, which is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is down. (no link since you need both nic up to have link). CARP will NOT come up without link on OPT1. My suggestion in terms of best practice is to have a switch on OPT(sync) when using CARP. It has wasted a lot of my time and it IS my fault cause I was cheap just using cross over cable. Tx all .. Hrm...I'll have to test this out at home :-/ At work everything is always plugged into a switch (the machines are miles apart), but at home I'm using a crossover cable for the dedicated sync network. But I didn't think that CARP would stay down forever if the sync interface was down :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED
[pfSense Support] LB and pre-emption on CARP?
HI The setup: Router2 Secondary PPPoe WAN - 172.16.24.125 - | | - Virtual 172.16.24.124 Router1 Primary | PPPoe WAN - 172.16.24.126- A few quick questions please .. 1) What does the load balancing option in CARP page do? 2) If load balancing is enable on the CARP page do we still have to setup the LB service? 3) In the LB service .. do I setup the virtual IP(124) into the LB pool ( LAN GW to WAN ? ) Or do I use the 2 physical GW IPS of the routers (125 and 126)? 4) If I use pre-emption, one is master another is slave, does it still LB? It seems from the reading room .. only masters LB? i.e. to LB using CARP pre-emption needs to be off so you can have 2 masters? While the tutorial is helpful, it doesnt really clarify how this stuff all ties together tx Ivan.
RE: [pfSense Support] 050.2 CARP won't go Master or Backup
No, CARP is on LAN. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 4:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] 050.2 CARP won't go Master or Backup On 9/29/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI Firstly I didn't have time yet to do another update_file.sh so the problem may already be fixed.. but in the interim: After the update_file.sh I did yesterday morning .. I have an intermittent issue which I think is also related.. ng0 goes down, AND stays down, even after reboots. Doing another upgrade(downgrade) via the web interface to 085.6(.tar.gz) fixed the ng0 down problem. Although I could manually ifconfig ng0 up to bring the route up again but after reboot it would go down again. I suspect carp is not coming up because ng0 doesn't come up? Are you running carp on an ng interface? I'm surprised this ever works. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 050.2 CARP won't go Master or Backup
Ok, so I spent sometime on this, this morning. One of the problems I had yesterday during update_file.sh (on 085.4).. it somehow broke OPT1(sync) and kept making it disabled. So carp would never come up, once I got this sorted by going to 085.6 I could go forward. So .. 1) I brought router2 back up and did all upgrades and reconfigured CARP; 2) CARP still behaves badly 3) Did another update_file.sh after 085.6, CARP haves badly. It may go master/backup first time, but when doing disable/enable it stays init on BOTH routers. I dropped to a shell .. and simply did a ifconfig carp0 up on both. CARP comes up in the appropriate mode(master/backup) and virtual IPs work again as expected. i.e. this fixes the issue. Disable/enable button breaks it again. i.e. a working server as Master will go back to init after hitting enable/disable. Hope this helps? Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 1:49 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup ok, I have experienced some strange problems bringing up CARP-Interfaces here as well (quite reproducable but also a bit sporadic). Scott did several changes and he finally came up with something that now is running on my systems without any problems any more (my systems are also syncing via a crossover-cable, no switch in between). Ivan, if you can please crosslink your systems again and do a update_file.sh /etc/inc/interfaces.inc on both system before testing again. To have a switch between two machines is needed if you have more than 2 machines in the cluster but with only two machines it's an additional point of failure if the switch dies or only has powerfailure. Syncing should work with crosslink-cables too. So if you can give it a try and report back we would appreciate it. Thank you in advance, Holger -Ursprüngliche Nachricht- Von: Bill Marquette [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 20:20 An: support@pfsense.com Betreff: Re: [pfSense Support] 050.2 CARP won't go Master or Backup On 9/27/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1. OK so you guys are going to laugh at me. I do feel stupid. As a fault finding procedure and just to get connectivity back I halted router2, which is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is down. (no link since you need both nic up to have link). CARP will NOT come up without link on OPT1. My suggestion in terms of best practice is to have a switch on OPT(sync) when using CARP. It has wasted a lot of my time and it IS my fault cause I was cheap just using cross over cable. Tx all .. Hrm...I'll have to test this out at home :-/ At work everything is always plugged into a switch (the machines are miles apart), but at home I'm using a crossover cable for the dedicated sync network. But I didn't think that CARP would stay down forever if the sync interface was down :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] 050.2 CARP won't go Master or Backup
HI PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1. OK so you guys are going to laugh at me. I do feel stupid. As a fault finding procedure and just to get connectivity back I halted router2, which is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is down. (no link since you need both nic up to have link). CARP will NOT come up without link on OPT1. My suggestion in terms of best practice is to have a switch on OPT(sync) when using CARP. It has wasted a lot of my time and it IS my fault cause I was cheap just using cross over cable. Tx all .. PS .. what does the update_files.sh thing do? Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 4:48 PM To: support@pfsense.com Subject: Re: [pfSense Support] 050.2 CARP won't go Master or Backup Ivan, aren't you running carp with PPPoE? If so, this will not work correctly. Scott On 9/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Only problems I've had with carp recently weren't actually due to carp, but the dhcp daemon. There's a hold down timer somewhere that won't let it come up as primary for 300 or 360 seconds (my bet is there two different timeouts, a 60 second timeout and a 300 second one). So if you're running a highly available DHCP server on your pfSense box, keep this in mind - don't reboot both within about 10 minutes of each other for now. --Bill On 9/27/05, Holger Bauer [EMAIL PROTECTED] wrote: I have a working carp config at home. Have failed over several times the last days, with 0.85.2 and 0.85.4 no session was dropped (I even was tunnelling from a client behind the carpmachines to the office). DNS and DHCP is configured for failover as well. I haven't seen any issues so far. Anybody else seeing having problems? Strange. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 11:47 An: support@pfsense.com Betreff: RE: [pfSense Support] 050.2 CARP won't go Master or Backup HI Yes .. 085.2 .. 085.4 does the same too. Enable / disable does not work ... goes to init always. 0.85 worked.. did an upgrade to 085.2 it stopped working. I deleted all carp entries and re-setup from scratch. I will try update_file.sh and let you know results. Tx Ivan -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:55 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup 0.50.2? I guess you are talking about 0.85.2, if not upgrade! ;-) I only have experienced such problems if the carpinterfaces didn't match the real ip/subnet-range of the real interface the carp interface is running on. Another thing to try is to manually disable and enable CARP at StatusCARP(failover) in the webgui. If it's working after that there might be a problem bringing up everything in the right order. There also have been some changes to CARP lately. You might want to run update_file.sh -all from the shell to grab the latest changes. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:34 An: support@pfsense.com Betreff: [pfSense Support] 050.2 CARP won't go Master or Backup HI I have Carp running successfully on 0.50. Upgraded yesterday to 050.2 and CARP absolutely refuses to start. OPT1 is up. PPPoE is UP. CARP goes to INIT and does not ever go master or backup. I deleted all CARP configs and recreated everything from scratch. On both boxes CARP will not start. Hitting Disable / enable makes it go from disable to INIT.. but never starts. Even tried doing everything with the second box physically turned off. No difference. Any ideas? Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: [pfSense Support] Output (mwatt) of a minipci wireless card
My view is that wireless can be considered in the same way The Net it. Unsafe. Howver generally people on it are uninterested in the data passing across it just because of sheer volume. If you have data that is sensitive or you just don't want people to view it use tunneling, that's what Ipsec and PPTP were invented for. i.e. leave your APs open and tunnel into your own network. My view is that lowering tx and using directional antennas is a courtesy thing. If you spend time thinking about your design you get better performance because you have less noise. Ivan. -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 2:56 AM To: support@pfsense.com Subject: RE: [pfSense Support] Output (mwatt) of a minipci wireless card You'll never be safe from someone who wants to get your signal/data. But for typical laptop w/ integrated wireless reducing the power would help reduce the range. You deal with the 99% and try your best to protect yourself from the 1%. John -Original Message- From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: Saturday, September 24, 2005 5:57 PM To: support@pfsense.com Subject: Re: [pfSense Support] Output (mwatt) of a minipci wireless card Hi, I'm sorry but you guys need to read up on wireless. 1: Wireless output power has nothing to do with the range. If the receiving end uses a high performance antenna they can both talk and listen to your AP many miles away. 2. High power cards only gives you more noise. Stick to a cm-9 type card with high RX sensitivity. That will give you much better results. You can not restrict the range of wireless buy lowering the output RX power. Radio lan can not be restricted this way. It's a 2way communication, so anyone with a high gain antenna can both talk and listen to a low powered AP. Range for a 100mw card with a 32dbi directional antenna at NLOS is about 120KM so if you guys think that restricting the TX power is going to keep you safe from the next door internet café, then you are very much mistaken. Cheers and good night. -lsf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Output (mwatt) of a minipci wireless card
HI In my experience its not always about mw transmitted. Using a proper antenna and a radio with decent receive sensitivity usually gets the job done better and you don't interfere and piss off your neighbours(who call the authorities to give you a fine, because you are polluting the band). Shouting the loudest doesn't always work(unless you are going for distance, in which case you would use 2x 400mw and very directional antennas) Remember also that the devices you are going to be connecting to will also have to transmit at 400mw in order for you to establish a connection. Most devices transmit at 100mw .. so you will see the ap but you will never be able to associate. Ivan. -Original Message- From: Michiel de Jager [mailto:[EMAIL PROTECTED] Sent: 20 September 2005 10:32 AM To: support@pfsense.com Subject: RE: [pfSense Support] Output (mwatt) of a minipci wireless card The reson for me is that there is only 100mW (as a maximum) legal here. When i would use 400mW i could get a fine for it. But when i use lets say 200mW the chance i get a fine is not that big. Greetz, Michiel de Jager On Tue, 2005-09-20 at 00:55 -0400, John Cianfarani wrote: I do not see why to buy a 400mW card and reduce to half the power Consider if you ran a hotspot in your coffee shop... you wouldn't want the signal to be strong enough for the coffee shop down the street to be able to use your nice strong powerful signal... Only enough power needed to cover your little area. Or better example if you were deploying several wireless APs to cover an area you may not want the strong signals from one to cause noise on another wireless AP. John __ From: Giorgio Ducci [mailto:[EMAIL PROTECTED] Sent: Monday, September 19, 2005 9:57 PM To: support@pfsense.com Subject: Re: [pfSense Support] Output (mwatt) of a minipci wireless card Hi, I have the same mPCI card. Yes, as Scott said you can reduce the TX (Transmission) power in the webgui, under interfaces when you assign a new one (says OPT1) you can tune the TX power from 0 to 99 %. As you probably already know this card reach 400mW at 6Mb of transmission (read spec ). I do not see why to buy a 400mW card and reduce to half the powerAnyway it works fine. Cheers Giorgio On 9/20/05, Michiel de Jager [EMAIL PROTECTED] wrote: So if i buy this one: http://www.mini-box.com/s.nl/sc.8/category.19/it.A/id.386/.f i would be able to reduce the TX power to around 200mwatt? And is this done in a webinterface or do i need to do some 'dirty' handwork? greetz, Michiel de Jager On Mon, 2005-09-19 at 14:03 -0400, Scott Ullrich wrote: TX Power? Yes. Scott On 9/19/05, Michiel de Jager [EMAIL PROTECTED] wrote: Hello all, A little question: is the output power of a minipci wireless card (Atheros) controllable in pfsense? Greetz, Michiel de Jager - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Carp Weirdness - Always reboots to INIT
Sorry I don't understand exactly... my CONFIG as follows: OPT1 : 192.168.10.0 /24 (SYNC)Crossover as per tutorial. WAN: PPPoE with DHCP from ISP separate user accounts (2 different IPs on WAN ) LAN: 172.16.24.0/28 So the OPT1 has static IPs when CARP starts. Does WAN (PPPoE) also have to be UP when CARP wants to start? Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 12 September 2005 05:43 PM To: support@pfsense.com Subject: Re: [pfSense Support] Carp Weirdness - Always reboots to INIT On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: 1) kill power on both routers .. 1 is setup with lower advert. Freq than other. Power them up together. BOTH go into INIT mode always and the virtual gateway doesn't get created. .Only way to fix this is to disable carp on Master then enable .. it becomes master , disable carp on slave, it becomes slave. Carp is up! Any ideas why they don't automagically figure these things out ? first node up should always be master? I do not show this behavior here. Are you perhaps using PPPoE on the WAN? A ip must be bound to the interface on the same subnet as the CARP ip's. 2) I only have 2 servers but everytime I reboot one to test it another carp id gets created in the list ? This has been covered in the list. Each time machines boot they create a random creator id. This is how pfsync works. 3) dhcp rules and others are replicating across LB rules are not ? I'll look into it. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] /rescue directory
My routers have been up for sometime before 0.84 and after .. du h gives ~3Mb on both. No VMware. From: Tommaso Di Donato [mailto:[EMAIL PROTECTED] Sent: 13 September 2005 11:33 AM To: support@pfsense.com Subject: Re: [pfSense Support] /rescue directory mmh. I did a fresh install.. and I obtain exactly the same: # du -h /rescue/ 365M /rescue/ Could this be a bug in 0.84 LiveCD, or may it depends on that I install it over a vmware Virtual Machine? Tom On 9/12/05, Scott Ullrich [EMAIL PROTECTED] wrote: Try a reinstall. All of my boxes are ~3 megs. Scott
RE: [pfSense Support] Carp Weirdness - Always reboots to INIT
HI That is exactly as it stands right now .. i.e. the only thing carp creates for me is a LAN gateway (Virtual). I have also tried it with or without outbound LB. No difference. There is No NAT ( inbound )and No Virtual WAN IP. I only use it for outbound redundancy. As I say it works well if I manually intervene, i.e. when both boot together I have to hit disable CARP .. and then Enable CARP on both boxes.. as simple as that. It then identifies if it is first ( master ) or second ( BACKUP )depending on the order in which I hit disable/enable carp. But they always go INIT if no CARP server is up, if at least one CARP server is up then things work as expected. Ivan. -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: 13 September 2005 02:50 PM To: support@pfsense.com Subject: AW: [pfSense Support] Carp Weirdness - Always reboots to INIT CARP doesn't work well together with dynamic adresses or better said, they don't play together at all. You might want to use carp in this configuration only at lan. this way you are able to failover but the clients will have to restart the sessions after a failover took place (won't be stateful). I also doubt that you would be able to use the same ip on both of your wans as carp-ip in this setup (you wrote different ips). So just follow the tutorial but don't build a carp ip for wan and don't do the outbound nat stuff. Only create a LAN-Carp IP and make the clients use it as gateway. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 13. September 2005 14:19 An: support@pfsense.com Betreff: RE: [pfSense Support] Carp Weirdness - Always reboots to INIT Sorry I don't understand exactly... my CONFIG as follows: OPT1 : 192.168.10.0 /24 (SYNC)Crossover as per tutorial. WAN: PPPoE with DHCP from ISP separate user accounts (2 different IPs on WAN ) LAN: 172.16.24.0/28 So the OPT1 has static IPs when CARP starts. Does WAN (PPPoE) also have to be UP when CARP wants to start? Tx Ivan. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 12 September 2005 05:43 PM To: support@pfsense.com Subject: Re: [pfSense Support] Carp Weirdness - Always reboots to INIT On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: 1) kill power on both routers .. 1 is setup with lower advert. Freq than other. Power them up together. BOTH go into INIT mode always and the virtual gateway doesn't get created. .Only way to fix this is to disable carp on Master then enable .. it becomes master , disable carp on slave, it becomes slave. Carp is up! Any ideas why they don't automagically figure these things out ? first node up should always be master? I do not show this behavior here. Are you perhaps using PPPoE on the WAN? A ip must be bound to the interface on the same subnet as the CARP ip's. 2) I only have 2 servers but everytime I reboot one to test it another carp id gets created in the list ? This has been covered in the list. Each time machines boot they create a random creator id. This is how pfsync works. 3) dhcp rules and others are replicating across LB rules are not ? I'll look into it. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Hang at the end of bootup
Also seems to do it fairly consistently with a USB mouse attached. ( its attached to a KVM switch so I was compelled to connect it ;) ... ) Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED] -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 11 September 2005 06:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Hang at the end of bootup This happens on USB keyboards for some reason. If you can, use a PC keyboard. Scott On 9/10/05, John Cianfarani [EMAIL PROTECTED] wrote: I'm working on install version 0.82.4 / 0.84 and seem to be having some troubles. I have gotten it to work fine under vmware though now that I'm trying to move it to a real machine it doesn't seem to like it. Essentially after the LiveCD boots and I do my entire interface configuration it comes to the end with Bootup complete and then hangs. During the initial load there are few error messages that I can see: This repeats several times: acd0: FAILURE - READ_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4ABORTED A few lines before the option to setup interfaces I get: mount: /: unknown special file or file system No Swap on CDROM After configuring the interfaces there is a line: kbdcontrol: cannot open /dev/ukbd0: Device Busy This and reading some posts in the list made me think the CDROM could be the problem, I moved it to the secondary ide and changed the cable, also reburned the cd at 4x. I set my dhcp server to statically give out ip to see if I could ssh into it but I still could not get it after it hangs. System specs CPU: Celeron 2.6Ghz Board: Asus P4P800-MX (All hardware except for NIC is disabled, IDE mode is set to compatible) Memory: 512Meg CDROM: LG GCE-8526B HD: WD160GB Mouse Keyboard are USB (Gyration) If anyone knows anything else I could try that would be great as I'd like to start testing it on a real box. Wish I could post more output but I have to way to copy it out only retyping L Thanks John Cianfarani - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Gentoo Rsync allowed past the Captive Portal
HI all So I spent most of yesterday trying to figure out why I couldnt emerge a new Gentoo box on my network, weirdly enough emerge ---sync managed to get through the captive portal but then when it came time to d/l via ftp or wget it would start downloading and then the files would fail on MD5 hash after the download had completed.. I eventually realized what was going on when I did an update last night to 0.84 and saw the foreign machine being captured by the portal. I quickly added a captive portal mac passthrough rule and all the MD5 checksum errors when away. But why did pf let the rsync stuff through and why did it look like it was downloading stuff, all be it rubbish ? Was it just downloading the captive portal redirect URL all the time and padding the files out with the contents? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
[pfSense Support] Carp Weirdness - Always reboots to INIT
CARP is very cool. 3 things .. 1) kill power on both routers .. 1 is setup with lower advert. Freq than other. Power them up together. BOTH go into INIT mode always and the virtual gateway doesnt get created. .Only way to fix this is to disable carp on Master then enable .. it becomes master , disable carp on slave, it becomes slave. Carp is up! Any ideas why they dont automagically figure these things out ? first node up should always be master? 2) I only have 2 servers but everytime I reboot one to test it another carp id gets created in the list ? 3) dhcp rules and others are replicating across LB rules are not ? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile: +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
RE: [pfSense Support] Gentoo Rsync allowed past the Captive Portal
Fragged both routers playing around with CARP remotely to write my previous mail so I cant get in right now .. but no .. I should have any .. since thats the traffic I want to limit. Everything is denied unless the client is passed-through via a mac mapping. There are NAT rules in, but all outbound traffic is stopped as per the default rules created during install. From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 12 September 2005 03:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] Gentoo Rsync allowed past the Captive Portal Do you have a pass any rule on that interface? It's overriding the captive portal rules (with exception to the port 80 redirect which uses different logic). --Bill On 9/12/05, Frimmel, Ivan (ISS South Africa) [EMAIL PROTECTED] wrote: HI all So I spent most of yesterday trying to figure out why I couldn't emerge a new Gentoo box on my network, weirdly enough emerge ---sync managed to get through the captive portal but then when it came time to d/l via ftp or wget it would start downloading and then the files would fail on MD5 hash after the download had completed.. I eventually realized what was going on when I did an update last night to 0.84 and saw the foreign machine being captured by the portal. I quickly added a captive portal mac passthrough rule and all the MD5 checksum errors when away. But why did pf let the rsync stuff through and why did it look like it was downloading stuff, all be it rubbish ? Was it just downloading the captive portal redirect URL all the time and padding the files out with the contents? Regards, Ivan Frimmel. HP South Africa - Sales Specialist, Industry Standard Servers Mobile : +27 83 409 2077 Direct: +27 11 785 1052 E-Mail and MSN Messenger: [EMAIL PROTECTED]
