Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
On 5/17/07, Tortise [EMAIL PROTECTED] wrote: kernel: arp: 192.168.0.4 is on rl2 but got reply from 00:00:cd:1c:06:8c on rl1 Are they on same switch or hub? I have heard that cable modems can cause problems if they are connected to a hub or switch. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
On 5/17/07, Tortise [EMAIL PROTECTED] wrote: rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing. rl2 = LAN and connected to LAN switches. You have 192.168.0.4 on your lan, but for some reason your cable modem also sends arp replies for that ip. One possible reson is that your ISP might be using 192.168.0.0 network for the HFC side of cable modem. Try browsing to 192.168.100.1 and check if you get the cable modem web interface. From here you can check the ip address assigned to your modem. (I am typing from my memory, so I might be wroing about the cable modem web interface ip) If your ISP is using that ip range for HFC network, you will have to change your lan ip addressing. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] compile pfsense kernel with modified configuration file
Quoting Aggelis Aggelis [EMAIL PROTECTED]: are there any recomendations on docs to read, in order to start learning about the build procees of pfsense? http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense You are on your own with this though. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Squid and HAVP
Quirino Santilli wrote: The second one (HAVP) when browsing SSL protected pages gives back a web page saying: 'invalid request'. I know that the SSL web traffic is cyphered but how can I solve the problem? As far as I know HAVP does not support SSL traffic. So may be you should try not to use HAVP as ssl proxy (ie just use HAVP to proxy HTTP traffic). raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Using SNMP pf Module in pfSense with MRTG
Hi, You can use the pf module in snmp to graph the State Table by using this configuration file in MRTG. Target[pfStateTableCount]: 1.3.6.1.4.1.12325.1.200.1.3.1.01.3.6.1.4.1.12325.1.200.1.3.1.0:[EMAIL PROTECTED]: MaxBytes[pfStateTableCount]: 1 Title[pfStateTableCount]: Number of entries in the state table. Options[pfStateTableCount]: gauge PageTop[pfStateTableCount]: H1State Table -- Hostname.com/H1 TABLE TRTDSystem:/TD TDHostname.com /TD/TR TRTDMaintainer:/TD TDRajkumar S/TD/TR TRTDDescription:/TDTDpf State Tables /TD/TR /TABLE The value 1.3.6.1.4.1.12325.1.200.1.3.1.0 gives the number of state tables via snmp. You can see other values in /usr/share/snmp/mibs/BEGEMOT-PF-MIB.txt. But I did not find any interesting information apart from number of state tables in it. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Small bug in FTP port forwading
Scott Ullrich wrote: I am pretty sure this was solved. Are you using an up to do date system? Run cvs_sync.sh releng_1 if you are on a full installation and please test again. Tried again, after cvs_sync same results. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Small bug in FTP port forwading
Scott Ullrich wrote: I am pretty sure this was solved. Are you using an up to do date system? Run cvs_sync.sh releng_1 if you are on a full installation and please test again. I am on B4, will test with latest CVS and report back. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Displaying the output of commands executed during package installation in status area
Hi, While installing clamav package there is an invocation freshclam which takes some time. During which the status area is blank and no progress indication is given to user. But the fresh clam gives the progress indication when executing it from command line. Is there any way to display the progress indication from freshclam to pfsense status area? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Error display of custom php handlers in package
Hi, Right now if there are any php errors in custom php handlers that's not visible to user/developer when package is installed. The installer just hangs there. It would be nice to see the php errors some where so that some debugging can be done for custom php handlers. It took me a while to figure out that when installer hangs on a handler some thing is wrong in php script. Finding what went wrong is pure trial and error, with out any error messages. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Transparent mode for HAVP
Scott Ullrich wrote: Take a look at /etc/inc/filter.inc. Search for squid. It should be pretty obvious once you see how we hook that in. Thanks! I went through the code and have a small question. Suppose if I turn transparency off in the squid web interface, does this rule gets deleted automatically ? Also, rather than having the filter.inc hacked for each package, can pfsense core provide 4 (?) anchors for anchor, binat, nat and rdr, so that packages themselves can create subanchor inside them and manage the rules? I would hack the code to include some thing like $natrules .= anchor package-anchor/* $natrules .= anchor package-rdr-anchor/* $natrules .= anchor package-nat-anchor/* $natrules .= anchor package-binat-anchor/* and from my package, I will add an anchor for havp inside package-rdr-anchor and add/delete my rules in them. I am not an *that* familiar with pf, so I am not sure if this will work as intended. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP
Gary Buckmaster wrote: I wouldn't run freshclam from cron. It's a very small daemon and very efficient. Much better to let it run and update all on its own according to its configuration file. Just my opinion, however. I chose to run from cron because that was easy from a package writers point of view. I also agree that making it a daemon is better, because currently there is no safe way to remove a cron entry when a package is removed. I will update the package to run freshclam as a daemon. Bit busy right now, will revisit HAVP next week. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP
Gary Buckmaster wrote: I suspect he's seeing clamav-freshclam running which should happen by default 5 times a day. This is, of course, configurable in the configuration file. I haven't enabled clamav-freshclam also, I am running freshclam from cron. Let me check that out. raj Oh, and should ClamAV always be running. Mine runs for a little while and then shuts down. I don't know if this is normal. clamd daemon is not running, havp directly uses clamlib library. How did you find that it runs a little while and then shutsdown? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP
Ebay wrote: Wow, thanks. This is a great program. I have one question / Bug. HAVP does not seem to work with load balancing. Is there anyone out there who knows a workaround for this. I have not yet thought about that. I will check that and if it's feasible I will enable it in HAVP package. Oh, and should ClamAV always be running. Mine runs for a little while and then shuts down. I don't know if this is normal. clamd daemon is not running, havp directly uses clamlib library. How did you find that it runs a little while and then shutsdown? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP Bug Report
Gary Buckmaster wrote:
Looks a lot better! The settings are staying and appear to be
functioning as advertised.
Nice to hear that!
The only weirdness now, which I think is a
HAVP thing and not your work, is that HAVP seems to split the difference
between SERVERNUMBER and MAXSERVERS. Right now, my network is woefully
underutilized and with SERVERNUMBER 200 and MAXSERVER 500 and there are
400 havp instances running right now. It's obviously not a big deal,
but its something that I'm sure will lead to questions.
This is in fact the prerelease of havp for freebsd. They are infact looking for people to
test havp under freebsd, in particular they want some one with access to AMD64 box for
testing. The forum is at http://havp.hege.li/forum/viewtopic.php?t=31
Also, I was complaining about the rc script that came with the HAVP
package so I've attached one that I hacked up. Feel free to use it,
anyone.
Added the start up script to the package. Now the start stop is also working well. Thanks
to you!
Next is to get transparent proxy working.
raj
-Gary
Rajkumar S wrote:
Hi,
I think I have fixed the gui update problem. I have not yet updated
the fix to main pfsense repository. In the mean time you can test this
by:
0. Remove all existing packages.
1. change the xmlrpcbaseurl in /etc/inc/globals.inc to agni.linuxense.com
2. remove /tmp/config.cache
3. remove all entries inside havp in /conf/config.xml
4. Update the Available Packages by clicking System - Packages
5. Install HAVP package.
I hope I have not made any new bugs with this fix :)
let me know how it goes.
raj
#!/bin/sh
# HAVP Init script
# 6/23/06 - Gary Buckmaster
pidfile=/var/run/havp/havp.pid
required_dirs=/var/tmp/havp
required_files=/usr/local/etc/havp/havp.config
rc_start()
{
if [ ! -f $required_files ]
then
echo FATAL: Missing HAVP config file: $required_files
return
fi
if [ ! -d $required_dirs ]
then
echo FATAL: Missing HAVP working director: $required_dirs
return
fi
if [ -f $pidfile ]
then
pid=$(sed 's/ //g' $pidfile)
echo FATAL: HAVP already running? pid: $pid
return
else
echo Starting HAVP Antivirus HTTP Proxy
/usr/local/sbin/havp
sleep 4
if [ -f $pidfile ]
then
pid=$(sed 's/ //g' $pidfile)
echo Started pid: $pid
else
echo An error occurred starting HAVP
return
fi
fi
}
rc_stop()
{
pid=$(sed 's/ //g' $pidfile)
if [ ! -f $pidfile ]
then
echo FATAL: HAVP already running pid: $pid
return
else
echo Stopping HAVP pid: $pid
kill $pid
fi
}
case $1 in
start)
rc_start
;;
stop)
rc_stop
;;
restart)
rc_stop
sleep 5
rc_start
;;
esac
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP Bug Report
Gary Buckmaster wrote: When editing the HAVP configurations, the settings aren't saved in the WebGUI. When you view havp.config you see that the settings are actually being appended to the configuration file, rather than replacing the currently blank settings. Even after removing the empty settings, the WebGUI doesn't track the current configuration. Although the values aren't tracked in the WebGUI, they are apparently maintained somewhere because manually editing the HAVP configuration file, and then re-editing it via the WebGUI produces two sets of configurations. Thanks for your bug report. I thought I had nailed this bug before I submitted the package. What is happening is that with each save, pkg_edit.php creates new config entries inside the havp tree inside config.xml instead of editing the 0th entry. The argument id=0 should have fixed this. I am digging into this now. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP Bug Report
Gary Buckmaster wrote: I think I found the issue. It appears that you've defined havp.config as living in /etc/havp.config and sure enough, you've written a very nice havp.config file in /etc. If you change that to /usr/local/etc/ I think you win. Thanks for your testing and feedback. The /usr/local/etc/havp.config should be a symlink to /etc/havp.config. I am not yet able to find out why pkg_edit.php?xml=havp.xmlid=0 appends config entries inside the havp but if I use id=1 it correctly edits the existing entry. For some reason the 0th entry is created as a null entry. havp config/ config servernumber3/servernumber maxservers45/maxservers transparent/ port/ bind_address/ source_address/ range/ /config /havp Let me dig this for some more time, I will update you soon :) raj -Gary Gary Buckmaster wrote: Raj, Thanks for jumping on this, and thanks for such a great package. I'm available for testing any new fixes you have, so feel free to ping me when you're ready. Also, a question about the blacklist/whitelist feature. This appears to work properly in the GUI, although HAVP doesn't seem to pick up the entries. I'm perfectly willing to assume that I'm goofing up by putting the full domain name of the site including the prefix and the scheme. Since I haven't been able to find anything in the extremely thin HAVP documentation, your insight into this feature would be appreciated. Maybe putting an example or two in the WebGUI instructions for the page might be in order? -Gary Rajkumar S wrote: Gary Buckmaster wrote: When editing the HAVP configurations, the settings aren't saved in the WebGUI. When you view havp.config you see that the settings are actually being appended to the configuration file, rather than replacing the currently blank settings. Even after removing the empty settings, the WebGUI doesn't track the current configuration. Although the values aren't tracked in the WebGUI, they are apparently maintained somewhere because manually editing the HAVP configuration file, and then re-editing it via the WebGUI produces two sets of configurations. Thanks for your bug report. I thought I had nailed this bug before I submitted the package. What is happening is that with each save, pkg_edit.php creates new config entries inside the havp tree inside config.xml instead of editing the 0th entry. The argument id=0 should have fixed this. I am digging into this now. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] HAVP Bug Report
Gary Buckmaster wrote: Thanks for jumping on this, and thanks for such a great package. I'm available for testing any new fixes you have, so feel free to ping me when you're ready. Hi, I think I have fixed the gui update problem. I have not yet updated the fix to main pfsense repository. In the mean time you can test this by: 0. Remove all existing packages. 1. change the xmlrpcbaseurl in /etc/inc/globals.inc to agni.linuxense.com 2. remove /tmp/config.cache 3. remove all entries inside havp in /conf/config.xml 4. Update the Available Packages by clicking System - Packages 5. Install HAVP package. I hope I have not made any new bugs with this fix :) let me know how it goes. raj Also, a question about the blacklist/whitelist feature. This appears to work properly in the GUI, although HAVP doesn't seem to pick up the entries. I'm perfectly willing to assume that I'm goofing up by putting the full domain name of the site including the prefix and the scheme. Since I haven't been able to find anything in the extremely thin HAVP documentation, your insight into this feature would be appreciated. Maybe putting an example or two in the WebGUI instructions for the page might be in order? -Gary Rajkumar S wrote: Gary Buckmaster wrote: When editing the HAVP configurations, the settings aren't saved in the WebGUI. When you view havp.config you see that the settings are actually being appended to the configuration file, rather than replacing the currently blank settings. Even after removing the empty settings, the WebGUI doesn't track the current configuration. Although the values aren't tracked in the WebGUI, they are apparently maintained somewhere because manually editing the HAVP configuration file, and then re-editing it via the WebGUI produces two sets of configurations. Thanks for your bug report. I thought I had nailed this bug before I submitted the package. What is happening is that with each save, pkg_edit.php creates new config entries inside the havp tree inside config.xml instead of editing the 0th entry. The argument id=0 should have fixed this. I am digging into this now. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] /current in cvsup_current
Scott Ullrich wrote: mkdir /current cvsup current-supfile should get that fixed. Thanks! That fixed it. but why use /current/src and /usr/src ? The cvsup_current already does a cvsup ./stable-supfile. Do you want to get some specific version of patches ? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] /current in cvsup_current
Hi, While trying to build from cvs checkout of pfSense, I came across these lines in cvsup_current script. But the /current directory seems missing (or is it that I am missing some thing?). cp /current/src/sys/geom/label/g_label_ufs.c /usr/src/sys/geom/label/g_label_ufs.c # Complicate matters quite a bit by copying bsnmpd # from the current tree which includes lots of needed # bsnmpd improvements cp -R /current/src/contrib/bsnmp/* /usr/src/contrib/bsnmp/ cp -R /current/src/usr.sbin/bsnmpd/* /usr/src/usr.sbin/bsnmpd/ cp /current/src/share/mk/bsd.snmpmod.mk /usr/src/share/mk/ cp /current/src/sys/net/if_mib.c /usr/src/sys/net/ cp /current/src/sys/net/if_mib.h /usr/src/sys/net/ raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: Problem while compiling pfSense using freesbie2
Hi, I am cross posting a mail I sent to freesbie list. The problem is that my build_embedded.sh fails at buildworld stage, while the same command in /home/pfsense/freesbie2 works. I have attached the logs, any hint to find out what is wrong will be much appreciated. raj Dario Freni wrote: Rajkumar S writes: Does any one get this error? I am stuck at this place for past 2 days. Is there any switch I can turn on which shows what is the exact error I get where it prints 1 error? Is it possible to do the make from this point onwads with out starting all over again? try to set the MAKEJ variable to , this disables -j during world compile. You can set it as environment. I am trying this now, but compilation runs smoothly when I give a make buildworld in freesbie2 directory. Actually both the pfSense make buildworld and freesbie2 buildworld end at the same place, but for some reason I get error in pfSense build after the build is complete. The last part of logs are: Freesbie2 makeinfo --no-split -I /usr/src/gnu/usr.bin/texinfo/doc -I /usr/src/gnu/usr.bin/texinfo/doc/../../../../contrib/texinfo/doc texinfo.texi -o texinfo.info gzip -cn info.info info.info.gz gzip -cn info-stnd.info info-stnd.info.gz gzip -cn texinfo.info texinfo.info.gz pfSense: makeinfo --no-split -I /usr/src/gnu/usr.bin/texinfo/doc -I /usr/src/gnu/usr.bin/texinfo/doc/../../../../contrib/texinfo/doc texinfo.texi -o texinfo.info gzip -cn info.info info.info.gz gzip -cn info-stnd.info info-stnd.info.gz gzip -cn texinfo.info texinfo.info.gz 1 error *** Error code 2 1 error *** Error code 2 1 error I am not able to find out what is the reason for the 3 errors after buildworld is completed. for pfSense I am using build_embedded.sh with CVS update part commented out. Any way to debug this would be much appreciated. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] themes
Scott Ullrich wrote: Send them to me directly and I will see what Erik thinks. Done, from my gmail address. While we are at it, saw a nifty link in digg today. http://www.dragon-labs.com/articles/octopus/ The Octopus Engine attempts to unify techniques for rounded corners, drop shadows, custom borders and faux columns, all in one pretty package. It’s an all-in-one, one in all approach, encompassing whatever effects one needs. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] themes
[EMAIL PROTECTED] wrote: Alright, Can I get a list of things that make it difficult to create third-party themes, so I can work on them? It is harder for me to find them when I am not doing a new theme, since you have seem to locate several, I would appreciate it if I can get a list. I had sent a theme tgz and a diff file. (I did not receive that mail back from list, so not sure if it has reached the list.) The diff file lists the changes I have made. Basically I have removed some hard coded colours from php files to all.css and changed the colours in Rounded function to match the theme. Pl use the Orange theme and apply the diff, that will show the changes. There are some more php files that needs the be change, but you will get the general drift of the stuff. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] build_embedded.sh
alan walters wrote: Seems like all the wrap specific stuff is moved out of /home/pfsense/pfSense when build_embedded.sh is run Use the following script to regenerate them #!/bin/sh # Prepare an for an embedded rebuild . ./pfsense_local.sh rm -rf $CVS_CO_DIR/conf cp $CVS_CO_DIR/boot/device.hints $CVS_CO_DIR/boot/device.hints_wrap cp $CVS_CO_DIR/boot/loader.conf $CVS_CO_DIR/boot/loader.conf_wrap cp $CVS_CO_DIR/etc/ttys $CVS_CO_DIR/etc/ttys_wrap touch $CVS_CO_DIR/boot/label.proto_wrap raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] themes
Scott Ullrich wrote: On 1/11/06, alan walters [EMAIL PROTECTED] wrote: It seems on error or when settings are saved there are some bits of the themining that is in the code rather than in the style sheet can someone else confirm this. That is correct. Would there be plans to clean this up before q release Doubtful. The fix is bit difficult as Rounded is called to create the round effect in the menus. What you can do is to grep for Rounded in the php scripts and replace the colours manually. I have done one theme like that but I cannot distribute since to change the theme also requires to change the php code. I am willing to create a patch to fix this, if the core team can point towards a blessed way to do this. :) ie, I do not want to fix this in a way that is incompatible with project direction, leading to a rejected patch. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] A cosmetic patch
Hi, Submitting a small patch that I came across while going through pfSense for creating a new theme. Make the order of Yes and No consistent Across Halt, Reboot and Factory Default pages --- reboot.php.orig 2006-01-06 14:21:11.246945280 +0530 +++ reboot.php 2006-01-06 21:36:14.272504752 +0530 @@ -49,8 +49,8 @@ form action=reboot.php method=post pstrongAre you sure you want to reboot the system?/strong/p p - input name=Submit type=submit class=formbtn value= No input name=Submit type=submit class=formbtn value= Yes + input name=Submit type=submit class=formbtn value= No /p /form ?php endif; ? I have almost completed the orange theme, but it requires patches to about 20 php files. I am now going through the theme once again and see if I can come up with a generic enough patch set that can be applied for all themes. If some one is interested I will post couple of screen shots of the theme and the patches. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense dev edition
Scott Ullrich wrote: I followed and fixed http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense while building it. I am also following this doc to create an embedded image, One problem I noted was that once an image is built, I cannot run the build_embedded.sh again. So I created this script which puts some files back again. # cat ./regen_embedded.sh #!/bin/sh # Prepare an for an embedded rebuild . ./pfsense_local.sh rm -rf $CVS_CO_DIR/conf cp $CVS_CO_DIR/boot/device.hints $CVS_CO_DIR/boot/device.hints_wrap cp $CVS_CO_DIR/boot/loader.conf $CVS_CO_DIR/boot/loader.conf_wrap cp $CVS_CO_DIR/etc/ttys $CVS_CO_DIR/etc/ttys_wrap touch $CVS_CO_DIR/boot/label.proto_wrap raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense dev edition
Scott Ullrich wrote: Why can you not run the script again? Do you get an errror? It works here. as you can see from the script I posted, build_embedded.sh stops at couple of places. $CVS_CO_DIR/conf already exists when building for a second time and build_embedded.sh stops at mkdir -p $CVS_CO_DIR/conf for example: Warning: Object directory not changed from original /usr/src/sbin/devd install -s -o root -g wheel -m 555 devd /home/pfsense/pfSense/sbin mkdir: /home/pfsense/pfSense/conf: No such file or directory this is because the mkdir -p $CVS_CO_DIR/conf/ in around line 35 of builder_common.sh fails. likewise $CVS_CO_DIR/boot/device.hints_wrap is moved in fixup_wrap, so they are not present when building the second time I am also having trouble with (cd /var/db/pkg ls | grep lighttpd) $CVS_CO_DIR/conf/packages in ./build_embedded.sh I am only able proceed if I comment out that line. I am checking that right now. raj On 12/28/05, Rajkumar S [EMAIL PROTECTED] wrote: Scott Ullrich wrote: I followed and fixed http://wiki.pfsense.com/wikka.php?wakka=BuildingpFSense while building it. I am also following this doc to create an embedded image, One problem I noted was that once an image is built, I cannot run the build_embedded.sh again. So I created this script which puts some files back again. # cat ./regen_embedded.sh #!/bin/sh # Prepare an for an embedded rebuild . ./pfsense_local.sh rm -rf $CVS_CO_DIR/conf cp $CVS_CO_DIR/boot/device.hints $CVS_CO_DIR/boot/device.hints_wrap cp $CVS_CO_DIR/boot/loader.conf $CVS_CO_DIR/boot/loader.conf_wrap cp $CVS_CO_DIR/etc/ttys $CVS_CO_DIR/etc/ttys_wrap touch $CVS_CO_DIR/boot/label.proto_wrap raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Embedded image woes
Hi I am trying to get embedded image boot in my PC for some time. In a previous mail I have posted my problems running a serial console http://www.mail-archive.com/support@pfsense.com/msg03585.html Since that route was not looking promising, I tried to edit the serial console part from config files (mount the image and edit), ie I removed console=comconsole from /boot/loader.conf and uncommented ttyv0 /usr/libexec/getty Pc cons25 on secure in /etc/ttys But now the booting stops at Booting [/boot/kernel/kernel]... \ Any hints to move on from here? I tried this on latest embedded image as well as on an image compiled by me here in a freebsd host (following the instructions in the wiki) raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Console on serial from a PC running embedded image
Scott Ullrich wrote: Did you enable the serial console on VMWare dev edition? I am not trying with VMWare dev edition. I am trying with Dev edition (hd installed) and embedded image edition. Same results. (I have dev edition in harddisk (secondary master) and a cf disk (primary master)) in same computer. I can boot from both. The cf disk has embedded edition written using dd from the 0.96.4 image. VMWare is in a linux PC (The one _from_ which I am trying to access serial console) raj On 12/21/05, Rajkumar S [EMAIL PROTECTED] wrote: Hi, I am having difficulty accessing serial console from my a PC running embedded image from my work PC. My work PC is running Linux. I have connected a serial cable from the work pc to pfsense PC. I test the serial cable by running echo and cat at two ends, ie pfsense PC running dev edition and my linux pc. In pfSense: # echo test /dev/ttyd0 In Linux: [EMAIL PROTECTED]:~$ cat /dev/ttyS0 test So the serial cable is fine. Now I have put minicom at 9600 8/N/1 and when I boot embedded image, the pfSense pc stops at: Loading /boot/defaults/loader.conf | I also tried Terra Term in windows as in tutorial and the results are the same. I am stuck here. Any one to hit me with a clue stick? regards, raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Files missing when building Developer ed for second time?
Hi, When I try to build the developer edition for the second time I get this error: mv: rename /home/pfsense/pfSense/boot/device.hints_wrap to /home/pfsense/pfSense/boot/device.hints: No such file or directory # auto-logout Also the whole directory of /home/pfsense/pfSense/ does not have a boot subdirectory. When I tried the first time it was okay. I did not download the cvs.tgz for the second time. Also a wishlist, is it possible to just do cvs update the pfsense CVS than downloading the massive cvs.tgz? Some times the download takes more than one hour and the file gets over written at the source. An rsync of the pfsense iso would also be nice, rather than downloading the whole thing again and again. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Files missing when building Developer ed for second time?
Rajkumar S wrote: Hi, When I try to build the developer edition for the second time I get this error: Some more clarifications: I am using VMWare edition: pfSenseDevelopersVMWareEdition.7z and for the second time I was trying to build the embedded image. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Is this FAQ Answer still valid?
http://faq.pfsense.com/index.php?sid=4624lang=enaction=artikelcat=4id=78artlang=en Q: I use the m0n0wall generic-pc image on a CF card, will PFSense have a similar install image as this for use on a CF card? When I tried to do this on latest image, at second reboot I am getting lots of readonly file warnings? On first reboot I only get warning for /etc/resolv.conf only, but when I reboot again lots of warnings crop up. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Anonymous access to pfSense repository
Scott Ullrich wrote: Edit /home/pfsense/tools/builder_scripts/pfSense-supfile and add this: *default host=cvs.pfsense.com *default base=/home/pfsense/cvsroot *default release=cvs *default delete use-rel-suffix pfSense Then issue update_file.sh /home/pfsense/tools/builder_scripts/builder_common.sh This gives me an error: # update_file.sh /home/pfsense/tools/builder_scripts/builder_common.sh trying to fetch latest /home/pfsense/tools/builder_scripts/builder_common.sh fetch: http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/home/pfsense/tools/builder_scripts/builder_common.sh?rev=1;content-type=text%2Fplain: Not Found The file is actually located at http://pfsense.com/cgi-bin/cvsweb.cgi/tools/builder_scripts/builder_common.sh So there might be an error in the previous command. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Creating packages for pfsense
Scott Ullrich wrote: We depend on FreeBSD style packages and simply wrap a XML layer around. Going through the master package manifest package namesquid/name descrHigh performance Web proxy cache/descr websitehttp://www.squid-cache.org//website categoryNetwork Management/category depends_on_package_base_urlhttp://www.pfsense.com/packages/All/depends_on_package_base_url depends_on_packagesquid-2.5.11_3.tbz/depends_on_package version2.5.11_3/version status*NOT WORKING*/status config_filehttp://www.pfsense.com/packages/config/squid_ng.xml/config_file configurationfilesquid.xml/configurationfile /package What does depends_on_package_base_url mean? Also I assume depends_on_package means the freebsd .tbz created by make package. Also how can I create my own package repository for testing? raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Creating packages for pfsense
Hi, I am trying to package havp and thus clamav. Clamav port for freebsd depends on 6 packages, all of them are archivers. My question is are the binaries for pfsense taken from freebsd, or do I have to compile them separately? I have a .xml for zoo (one of the dependencies of clamav), what next? How do I package the xml, binaries etc to one package raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] documentation for package creation
Hi, Is there any documentation available for creating packages for pfSense? I plan to package HAVP and learn the packaging in that process. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Outgoing Load Balancing mini-howto
Frimmel, Ivan (ISS South Africa) wrote: And does CARP have to be running? I am not having CARP in mind, as CARP and link sharing are two different things. If CARP has to be running then this may not be what I want. Specifically I am looking at http://lartc.org/howto/lartc.rpdb.multiple-links.html This Linux command is working well for me. ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \ nexthop via $P2 dev $IF2 weight 1 I think the answer to 6 would be something like a DNS box on the ISP's network .. or perhaps even something like www.microsoft.com ? This is exactly what I have done. More Queries as I am going through the steps: Create NAT-Rules for your WAN-POOL 1. visit firewallNATOutbound 2. enable advanced outbound nat 3. check the automatically created rules. 4. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) I could not understand this? Which OPT interface? each internal network ? I have only one. 5. Apply the changes Policy based balancing 1. Edit a firewall rule on the LAN or Optional interfaces. * NOTE! We do not recommend editing the default pass all rule! Create a new rule before the default rule for your policy. 2. Set the gateway to the newly created pool Done!. It seems the loadbalancer is working. I am able to tcpdump the second gateway and see some packets. But when I traceroute from the lan, all packets goes via the first gateway. Also can I specify the priority of each gateway. ie I have an 1mbps link and a 256kbps, out of 5 packets 4 must go through 1mbps link and one via 256 kbps. Also in the wish list is to specify one gateway for some ips. ie dns and smtp server for first isp should always be routed via first isp and vice versa. raj -Original Message- From: Rajkumar S [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:59 AM To: support@pfsense.com Subject: [pfSense Support] Outgoing Load Balancing mini-howto Hi, I have some clarifications about the Outgoing Load Balancing mini-howto. I assume this is about sharing two internet links so that outbound traffic flows to both of them. 1. visit services - load balancer 2. delete any pools that are there that do not work 3. add a new pool and call it loadbalancetowans or something descriptive 4. set the description to load balancing from lan - internet or something descriptive 5. set the type to gateway 6. in the monitor ip box, set a box upstream from this router that can be polled (via tcp socket) to ensure link is up What is this monitor ip? If I have two internet connections, which ip can I specify here? 7. in the ip box type in the 1st router gateway ip I assume this to be the gateway of first internet connection. 8. repeat for the second gateway Gateway of second internet connection and so on... raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
