Re: [pfSense Support] 0.71.2 on WRAP

2005-07-29 Thread Bill Marquette 
On 7/29/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 7/29/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > - I created a Virtual IP using the same IP address as my WAN interface,
> > trying to get the router to accept (or redirect) ICMP (I want my system
> > pingable). I failed in doing that.
> >  (1) How do I make my router pingable from the outside world?
> >  (2) In making that change above, I wasn't able to remove the
> > interface. The error always said that that VIP was in use by a NAT rule. In
> > order to remove it, I needed to remove all my NAT rules, delete the VIP,
> > and re-enter all the NAT rules by hand. Painful!
> 
> I'll let Bill chime in here but to get ICMP working you need to allow
> the protocol in the interface rules.

Hrm, I'll check this out.  I've got a code change that I need to
commit for this stuff anyway.  The VIP code does check to see if
you've used the VIP in a NAT entry (probably cause the only reason you
need a VIP is if you don't use the interface address in your NAT), I
don't see that changing.  I can probably easily add code to not allow
a VIP that is the same IP as the interface address though.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 0.71.2 on WRAP

2005-07-29 Thread Scott Ullrich 
On 7/29/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hello, all-
> 
> I switched yesterday from m0n0wall to pfsense, I'm trying to get a feel for
> which will work better for my SOHO environment (ADSL WAN, DMZ in use by my
> VOIP gateway, under 12 hosts on my LAN).
> 
> Here are some bugs that I noticed. I've tried searching the list archives,
> couldn't quickly find solutions or references. I apologize in advance if
> they are well known and I just as searching badly (grin).
> 
> - I have a 256MB CF card, there is no easy way to increase the size of the
> CF partitions from the 100MB root and 1.7M /cf partition in order to use
> the space. What are the commands necessary to grow the partitions, and
> which ones should I be interested in growing? Or can I create a new
> partition and just mount it in the appropriate space?

You'll have to expand the image yourself:

1) extract img and duplicate it to img.bak
2) dd if=/dev/zero bs=1k count=$missingspace >> img
3) mdconfig -a -t vnode -f img.bak -u 0
 mdconfig -a -t vnode -f img -u 1
4) disklabel -e md1  # grow a and c and move d to end
5) growfs md1a
6) newfs md1d
7) dd if=/dev/md0d of=/dev/md1d
8) mdconfig -d -u 1
9) dd if=img of=/dev/da2 bs=16k  # where da2 is my CF-card
 
> - I created a Virtual IP using the same IP address as my WAN interface,
> trying to get the router to accept (or redirect) ICMP (I want my system
> pingable). I failed in doing that.
>  (1) How do I make my router pingable from the outside world?
>  (2) In making that change above, I wasn't able to remove the
> interface. The error always said that that VIP was in use by a NAT rule. In
> order to remove it, I needed to remove all my NAT rules, delete the VIP,
> and re-enter all the NAT rules by hand. Painful!

I'll let Bill chime in here but to get ICMP working you need to allow
the protocol in the interface rules.
 
> - The drop-down menus are blocked by the SVG viewer on the traffic graph
> pages. (using IE 6.0)

Known issue.

> - The system logs pages are all blank. Nothing being logged

Known issue with that version.
 
> - Attempting to change the log settings results in: "ERROR: the changes
> could not be applied (error code 1).". Some changes, such as "show logs in
> reverse entry" are made anyhow, but others such as disabling logging to
> disk are NEVER set.

Another known issue.
 
> - Setting logging to a syslog server "sticks" in the settings page, but I
> never see any logging to my syslog server.

Most likely related to the above.
 
> - On various pages (traffic shaping related) there is a place to enter the
> interface bandwidth for your WAN, etc. Should we be using the slow part of
> the link (the 3Mbit ADSL speed) or the actual interface speed (100Mbit
> between my pfsense router and my ADSL modem). Similarly, my DMZ (OPT1) is
> 10mbit, but I want to treat it like its on the WAN, should I use 10Mbit or
> 3Mbit?  A little explanatory text for settings like these would go a long way.

Enter your _REAL_ internet bandwidth.
 
> - I successfully installed a small package yesterday (no room to install
> larger packages). I then uninstalled it (spamd). Today I went to install
> another small package, and i am finding that all packages fail with
> 
> ===
> Downloading package configuration file... failed!
> 
> Installation aborted.
> ===
> 
> And there is error text at the bottom of the page (black on gray, I missed
> it at first)
> ===
> Warning: fopen(/usr/local/pkg/arpwatch.xml): failed to open stream:
> Read-only file system in /etc/inc/pkg-utils.inc on line 306 Warning:
> fwrite(): supplied argument is not a valid stream resource in
> /etc/inc/pkg-utils.inc on line 353 Warning: fwrite(): supplied argument is
> not a valid stream resource in /etc/inc/pkg-utils.inc on line 353 Warning:
> fclose(): supplied argument is not a valid stream resource in
> /etc/inc/pkg-utils.inc on line 320
> Show install log

Will take a look at this.   WRAP images are really second rate
citizens in pfSense at the moment until we release pfSense.   You
could try the installer iso and install to your 256 meg flash card to
utilize all of the space and to correct the above issues quickly.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]