Re: [pfSense Support] block facebook twitter and youtube pfsense

2010-06-04 Thread Jaye Mathisen 
openDNS can help with this as well.

2010/6/4 Kai Lan lk9...@me.com

 I think the easiest way is over ride the dns. Or make the ips routed to a
 wrong destination by adding a static route rule.

 Regards,

 Kai

 On 4 Jun 2010, at 15:41, Luis G. Coralle luiscora...@gmail.com wrote:



 2010/6/4 Luke Jaeger  ad...@pvpa.orgad...@pvpa.org

 We use squidguard in combination with shallalist (http://www.shallalist.de
 www.shallalist.de) to block sites by category (malware, porn, gambling,
 etc).
 You can also add individual domains to your blacklist by hand.
 Works great.


 Luke Jaeger | Technology Coordinator
 Pioneer Valley Performing Arts Charter Public School
  http://www.pvpa.orgwww.pvpa.org


 On Jun 4, 2010, at 12:18 AM, justino garcia wrote:

  How does one go by blocking facebook twitter and youtube also how does
 one autoblock malicous sites
 Thanks
 Justin

 --
 Justin
 IT-TECH

 -
 To unsubscribe, e-mail: support-unsubscr...@pfsense.com
 support-unsubscr...@pfsense.com
 For additional commands, e-mail: support-h...@pfsense.com
 support-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org
 https://portal.pfsense.org



 -
 To unsubscribe, e-mail: support-unsubscr...@pfsense.com
 support-unsubscr...@pfsense.com
 For additional commands, e-mail: support-h...@pfsense.com
 support-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org
 https://portal.pfsense.org



 Hi, squid no caching https pages. Facebook have https too (
 https://www.facebook.com/https://www.facebook.com/ )
 To block this you have to add rule like:

 Destination:
 Type: Network
 Address: 66.220.144.0/20


 See:
 - http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
 http://wiki.developers.facebook.com/index.php/Facebook_IP_Addresses
 - whois 69.63.189.16



 --
 Luis G. Coralle
 Departamento de Informática
 Facultad de Ciencias Médicas
 Universidad Nacional del Comahue
 Av. Luis Toschi y Los Arrayanes
 Cipolletti - Río Negro
 Tel. 0299 - 4782603 INT. 24 / Fax 0299 - 4776140
 http://medicina.uncoma.edu.ar/http://medicina.uncoma.edu.ar/

[pfSense Support] IPSEC error

2007-12-22 Thread Jaye Mathisen 


I'm getting this trying to set up a tunnel between two fixed IP's.

Dec 22 22:59:36 ithcprtr1 racoon: INFO: 68.185.9.206[500] used as isakmp port 
(fd=20)
Dec 22 22:59:36 ithcprtr1 racoon: INFO: unsupported PF_KEY message REGISTER

racoon.conf looks OK, but I haven't set up IPSEC in ages...  IT's kind of just 
always worked, and I never have to mess with i.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Facing Problems with IPSec

2007-12-17 Thread Jaye Mathisen 


You could put another pfsense on private IP space at HQ
that knows how to forward the packets back out.

So the routing decision would be made after it's traversed
the tunnel.

Should be simple enough.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Split DNS LAN/DMZ

2007-11-21 Thread Jaye Mathisen 
Use split-horizon DNS, and different DNS servers for the LAn/DMZ hosts?

On Thu, Nov 22, 2007 at 04:07:18PM +1300, Volker Kuhlmann wrote:
 When using the DNS forwarder with LAN hosts added, it would be desirable to
 not make all the same information available to the DMZ hosts. In case of
 using pfsense as an NTP source, LAN and DMZ hosts would need to see a
 different IP address for time.localnet.site. I don't see how that can be
 done atm. Is it a desirable feature? I would find it useful.
 
 Thanks,
 
 Volker
 
 -- 
 Volker Kuhlmann   
 http://volker.dnsalias.net/   Please do not CC list postings to me.
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 !DSPAM:4744f4fd678941141013455!
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Support in 1.3 for nforce ethernet driver?

2007-11-10 Thread Jaye Mathisen 

It wouldn't be hard to compile it on a different box and add it in on a current 
install.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] PPTP VPN not working consistently

2007-09-05 Thread Jaye Mathisen 
I have had to remove the scrub options for some reason.

Customers on ATT's network, it looks like around the country, but not
verified, as I don't have customers anywhere, can't pass anything but
the smallest datasets to me if the router has the scrub options.

If I take that out, the same customers work great.

On Wed, Sep 05, 2007 at 08:23:52PM -0700, Sonny Sarai wrote:
 Hello,
 
 I added a post a few weeks back regarding why PPTP VPN connects at times 
 and other times it just hangs but I received no response.
 This is why I am adding another post. I have pfsense 1.2 RC2. and I have 
 set up PPTP VPN. I can connect about 70% of the time and the other 
 timers I cannot. neither can our staff. I have entered a rule in our 
 firewall to let PPTP clients open access as well as GRE but still nothing.
 
 Nothing is added or has been removed from the firewall but still 
 nothing. As our company is growing, VPN is becoming more critical. I 
 have been doing some research in the forums but I did not get anything 
 concrete as to why this happens.
 
 Our sister company in Stockholm is running pfsense 1.2 RC2 and I can 
 connect to them. I have mirrored their settings but I still cannot 
 consistently connect. I am looking for pattern such as a specific time 
 in the day or the number of times I connect. Is there a limit to how 
 many times a client can VPN in before they are blocked for some time?
 
 Any suggestions would be greatly appreciated. I need to be able to 
 connect to VPN consistently
 
 Thank you,
 
 Sonny
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 !DSPAM:46df73e0369906216912515!
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] PPTP VPN not working consistently

2007-09-05 Thread Jaye Mathisen 
On Wed, Sep 05, 2007 at 11:34:26PM -0400, Scott Ullrich wrote:
 On 9/5/07, Jaye Mathisen [EMAIL PROTECTED] wrote:
  I have had to remove the scrub options for some reason.
 
  Customers on ATT's network, it looks like around the country, but not
  verified, as I don't have customers anywhere, can't pass anything but
  the smallest datasets to me if the router has the scrub options.
 
  If I take that out, the same customers work great.
 
 Have you tried to disable scrubbing in System - Advanced?
 

Yeah, that's what I meant by remove, I just couldn't remember the location
in all the menus.

It appears to be a moderately recent development, as these same customers
have been able to use it before, but I can't tie it specifically to
a pfsense upgrade, only that starting about the 25th of August, that's
what I had to do to get things to work.

Hadn't touched the rulesets in ages, just updated to the latest RC...

WHat's odd is that tcpdump would show the incoming packet, but the
application never saw the connection get completed and handed off, and
the kernel never responded.

Disable scrub, voila'...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] PPTP VPN not working consistently

2007-09-05 Thread Jaye Mathisen 
I don't know if the reload filter actually reloads everything,
or just the rules or queues... I don't see how it can hurt to
reboot and check.

If turning off scrub doesn't help, you definitely want to turn
it back on...

On Wed, Sep 05, 2007 at 08:57:41PM -0700, Sonny Sarai wrote:
 Thank you both for replying so quickly. I have disabled scrubbing. 
 Should I wait a while before I can tell if it worked or not? It is not 
 working right now. Do I need to reboot if it does not work.
 
 Thanks again,
 
 Sonny
 
 Scott Ullrich wrote:
 On 9/5/07, Jaye Mathisen [EMAIL PROTECTED] wrote:
   
 I have had to remove the scrub options for some reason.
 
 Customers on ATT's network, it looks like around the country, but not
 verified, as I don't have customers anywhere, can't pass anything but
 the smallest datasets to me if the router has the scrub options.
 
 If I take that out, the same customers work great.
 
 
 Have you tried to disable scrubbing in System - Advanced?
 
 Scott
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
   
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 !DSPAM:46df7bc2373906284142498!
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Minor traffic shaper ?

2007-07-08 Thread Jaye Mathisen 


OK, haven't run into this before.


WAN is a 1.5meg DSL, OPT1 is a 10 meg cable connection.  The
10 meg connection supports a VPN connection for backups and such.

So I have a rule that says any traffic to x.x.x.x goes out OPT1,
everything else out the WAN.

The traffic shaper is taking all that traffic, and merrily shaping it,
even though the traffic is to/from OPT1.

What's the best solutino for me?  Either traffic on OPT1 (to and from) it,
needs to bypass the shaper completely, or somehow I need to specify that
whiel for most connections, the WAN speed is 1.5meg, for this one host,
it's the 10 meg...

How do I make this right?  (I've just started re-using the shaper, before
OPT1 was antoher 1.5meg DSL, and to be honest, I don't think I noticed
that problem, although it was most likely happening.

THanks in advance.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Quick comments on 1.2 beta2 on soekris 4801

2007-07-08 Thread Jaye Mathisen 



Add support for prioritizing ssh traffic on port 22, and
an easy way to specify a specific port for BT traffic, since the
default isn't always used.  

Anyway, 1.2 beta 2 is working pretty well for me.  I think the php
process is using less memory for HTTP sessions, which is helping.





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] load balancer problems

2007-06-07 Thread Jaye Mathisen 

Try one of the 1.2.1 beta's.  Many issues resolved, all around better
product.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] shaper

2007-05-29 Thread Jaye Mathisen 


Jump to 1.2 beta, and be happy...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Upgrade question using LiveCD

2007-05-09 Thread Jaye Mathisen 

I upgraded just using the .tar.gz file (not an ISO) on my soekris.  It
worked fine, except it didn't shutdown/reboot, I had to manually reset it.

Since then, it's been working great, and the addition of miniupnpd in the base
install as well as the various improvements has been great...

YMMV.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] OK, I think this is simple...

2007-04-05 Thread Jaye Mathisen 


Using a soekris 4801 with 1.0.1 of pfsense on a single WAN connection,
works just fine.

I want to add another WAN connection to OPT1, but I don't want failover,
or load balancing, I have 1 application that needs to route traffic out
the new connection.

I can specify the destination IP for any rules tha tneed to be set, although
if it can be donw by port, that's fine too.

However, it does need to NAT the outbound connection.

currently I'm justing a box doing netcat on the inside/outside ports, 
and that works fine, but it seems like overkill, wiht this router
sitting there.

Is it just a matter of configuring OPT1, and then setting somewhere
the appropriate next-hop address for traffic to a specific IP via
a rule?  The OPT1 interface would be DHCP, and I would *not* want
to use a default route out OPT1 regardless...

THanks in advance...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] OK, I think this is simple...

2007-04-05 Thread Jaye Mathisen 
Yeah, I read that.  But I don't want load balancing or failover.

Logging in via shell shows the routing is set right, in that the
default route is still WAN.

# netstat -rn
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default70.58.179.174  UGS 0  837   sis0

I created an OPT1 interface, set it to DHCP.  Went to firewall rules
and added a rule that sent proto:any, source:*, Port*, dest 4.2.2.2, 
port *, Gateway OPT1.

# User-defined rules follow
pass in quick on $lan from 192.168.0.0/24 to any keep state  label USER_RULE: D
efault LAN - any
pass in log quick on $lan  route-to ( sis2 192.168.100.1 ) from any to {  4.2.2.
2 } keep state  label USER_RULE

But all traffic is now going out the OPT1 interface, instead of just
traffic to 4.2.2.2

Tracing route to pfsense.org [69.64.6.13]
over a maximum of 30 hops:

  11 ms1 ms1 ms  192.168.0.1
  2 *** Request timed out.
  338 ms38 ms39 ms  67.42.192.195
  436 ms36 ms35 ms  67.42.192.125
  535 ms36 ms35 ms  205.171.150.33


What's weirder is that the ISP on OPT1 is allowing the
traffic packets with my WAN interface IP to pass through
it. It doesn't appear to be nat'd to the OPT1 interface
IP either...


On Thu, Apr 05, 2007 at 11:38:27PM +0200, Holger Bauer wrote:
 http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing
 
 
 Holger 
 
 -Original Message-
 From: Fuchs, Martin [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, April 05, 2007 11:13 PM
 To: support@pfsense.com
 Subject: AW: [pfSense Support] OK, I think this is simple...
 
 I don't have thos config, but i could imagine it works with the gateway 
 option (select a gateway different than default) Perhaps it might be 
 necessary to define a pool or else fort hat... 
 
 Just try a bit :-)
 
 Regards, Martin
 
 -Urspr?ngliche Nachricht-
 Von: Jaye Mathisen [mailto:[EMAIL PROTECTED]
 Gesendet: Donnerstag, 5. April 2007 22:53
 An: support@pfsense.com
 Betreff: [pfSense Support] OK, I think this is simple...
 
 
 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Dual WAN, but only 1 default route...

2007-01-19 Thread Jaye Mathisen 


I have a DSL connection wiht 32 static IP's, and a cable connection.

I have one very specific use for the cable connection and everythign else
goes over the DSL.

The Cable uses DHCP to assign IP's, and static is not an option for them.

My office subnet is NAT'd behind one of the 32 static IP's.  I want to continue
NAT'ing 99% of the traffic out that interface, and out the cable interface,
for the 1 connection to the 1 resource, I want it to be NAT'd, but use
the cable for outbound traffic.

The catch is, I don't want the cable DHCP info to over-write the default
route info that I have configured...

Can I do this?  Or am I perhaps not asking the question clearly?  Probably
the latter.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Anyway to just disable NAT?

2006-11-02 Thread Jaye Mathisen 


Is there anyway to just disable the NAT portion, and keep all the cool 
firewall management interface, and filtering, and all that stuff, but
just have the LAN interface IP's be public and not NAT'd?

Don't need BGP, or ospf, or anything like that, just a basic router, but
with the nice web GUI...

Thanks in advance.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Intel PWLA8494MT support with latest update of RC2

2006-10-31 Thread Jaye Mathisen 

Well, the ifconfig name parameter is there, probably wouldn't be too
difficult to make something up based on mac address, and just key 
off the name...

But yeah, it can be annoying.  Too bad interface names can't be hardwired
like SCSI disk ID's can be...

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]