On Wed, Jun 8, 2011 at 6:57 PM, Chris Buechler cbuech...@gmail.com wrote:
On Wed, Jun 8, 2011 at 9:40 AM, Eugen Leitl eu...@leitl.org wrote:
This being the World IPv6 day, I enabled IPv6 on three pfSense
instances, using the excellent http://iserv.nl/files/pfsense/ipv6/
(thanks, Seth
On Sun, Apr 17, 2011 at 10:25 PM, Vinicius Coque vco...@gmail.com wrote:
Now I understand the problem. I'll keep track of the bug on redmine.
I would definitely check the problem on the switch too as in a CARP
setup it shouldn't have problems with MACs that switch between ports
quickly. That
On Fri, Apr 15, 2011 at 4:14 PM, Vinicius Coque vco...@gmail.com wrote:
What does the CARP status show, and what do the logs show for CARP?
CARP Status
pfSense master:
vip1 172.16.0.39 MASTER
pfSense backup:
vip1 172.16.0.39 BACKUP
System logs:
pfSense master:
Apr 15
On Wed, Apr 13, 2011 at 10:32 PM, Vinicius Coque vco...@gmail.com wrote:
Hi
I have two pfSense machines configured as cluster using carp, they are
both connected to a layer 3 switch. There are about 10 different
subnets configured on that and each client machine under these subnets
use the
http://blog.pfsense.org/?p=585
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Wed, Feb 9, 2011 at 5:41 PM, Tony Zakula tonyzak...@gmail.com wrote:
We have a 5mb line, is a quad core processor with 4gb of ram overkill?
Way, way overkill, that's closer suited to a 5 Gb connection than 5
Mb. Not that that's a problem, you can get by with a whole lot less
hardware if
On Wed, Feb 2, 2011 at 4:43 AM, Cédric Jeanneret pfse...@tengu.ch wrote:
Hello,
Just wondering if anyone has already used pfsense on such material:
http://www.newit.co.uk/shop/proddetail.php?prod=DreamPlug
There are some other computer plugs, like
On Mon, Jan 3, 2011 at 4:36 PM, st41ker st41...@st41ker.net wrote:
Hello,
PfSense is a very popular project and it used around the globe. So I can say
that that is an international wide product.
But when I look at localization I see that it's not so good for
international usage.
Hardcoded
On Sat, Dec 11, 2010 at 11:23 AM, Gé Weijers g...@weijers.org wrote:
[...] That means, prior to end of Q1, the bogon list will be:
0/8
10/8
127/8
172.16/12
192.168/16
224/3
There's a number of special-use ranges that are not in this list, but which
should not occur as (source)
On Fri, Nov 26, 2010 at 12:34 PM, Adam Thompson athom...@athompso.net wrote:
The specific country involved might take far less than that; accuracy also
matters.
For example, I can block about 80% of Africa with less than ten rules.
Blocking 100% of Africa takes hundreds of entries.
I do
On Thu, Oct 7, 2010 at 3:43 PM, Eugen Leitl eu...@leitl.org wrote:
On Sat, Oct 02, 2010 at 03:53:54PM -0400, Chris Buechler wrote:
That's not the normal experience from what I've seen, sounds specific
to something in particular you're doing. I believe every environment
I've seen that routes
On Sat, Oct 2, 2010 at 2:44 PM, Adam Thompson athom...@c3a.ca wrote:
This started with 4.0, I have upgraded to 4.1 but haven't specifically
tested performance since. Routing from one VLAN to another entirely
inside VMware is still slow, however. AFAIK this is somehow related to
interrupt
For those who don't follow the blog, a reminder on our upcoming
training session at EuroBSDCon.
http://blog.pfsense.org/?p=568
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail:
On Wed, Sep 1, 2010 at 12:23 PM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
if you recall, to make your pfsense firewall itself be able to talk to a
remote site over an IPSEC tunnel, you need to add a hack which is a
static route to remote network via the LAN address
if you have a
On Mon, Aug 2, 2010 at 3:53 AM, LM asturlui...@gmail.com wrote:
What is the status of this?
A patch is going to be released or what?
I'll put up a blog post later - the just of it is use a strong
password and you're fine. The protection we added simply protects from
gross negligence (or future
On Sun, Jul 4, 2010 at 5:46 AM, Tonix (Antonio Nati)
to...@interazioni.it wrote:
First question.
We are planning to use PFsense as frontend gateway routing to customers
subnets, and in such architecture, we could use pfsense as pure routing
device, except we want to protect the LAN network.
On Mon, Jun 7, 2010 at 7:50 AM, Eugen Leitl eu...@leitl.org wrote:
I've manated to resurrect my oldish VIA C3 dual mini-ITX
upgrading them to 2.0beta. Is there a way to get them to
run as a failover cluster in 2.0, despite having only two
physical NICs? This wasn't possible in 1.3.
Yes, and
On Mon, Mar 8, 2010 at 5:59 PM, Jim Pingle li...@pingle.org wrote:
On 3/8/2010 5:51 PM, David Rees wrote:
I've seen same or similar behavior on an ALIX box with a fairly large
ruleset and decent number of VPNs.
We could never get all the VPNs to come up properly and we eventually
ended up
On Mon, Feb 1, 2010 at 8:03 AM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
after complaint about slowness between our lan and dmz, I traced it to a
firewall interface on our pfsense 1.2.3 firewall, a Dell R300 with
onboard broadcom bcm5722
FreeBSD fwa.xxx.yyy 7.2-RELEASE-p5 FreeBSD
On Wed, Jan 6, 2010 at 5:18 AM, cl...@pfsense
pfse...@mail-fwd.archie.dk wrote:
I wonder: Has there really been no activity on this list since Dec 21 or has
my feed been cut ?
This list isn't very active, the support list is much more active, and
the forum far more active than both the lists
On Sun, Dec 20, 2009 at 5:27 PM, Eugen Leitl eu...@leitl.org wrote:
I see there are no multiple fields for subnets in the WAN interface.
My ISP doles out networks as /24 as the largest chunk. Does this mean
I can't add a second subnet in the pfSense GUI and have to use the
command line, or do
On Mon, Dec 14, 2009 at 11:12 PM, Joe Lagreca lagr...@gmail.com wrote:
I have a T-1 (1.54mb symmetrical) for our data connection. Whenever
there is a big download filling the pipe, the inbound voice chops.
When I set the inbound traffic to 1450kb (tested all the way down to
1000kb), I got
Details here:
http://blog.pfsense.org/?p=531
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Mon, Nov 9, 2009 at 8:09 AM, Eugen Leitl eu...@leitl.org wrote:
generally prefer getting a smaller WAN block and having the larger
internal block routed to you, then you can use a combination of NAT
So you have a small address space just for the firewalls WANs and
other stuff, and get the
On Wed, Nov 4, 2009 at 12:17 PM, Scott Ullrich sullr...@gmail.com wrote:
On Wed, Nov 4, 2009 at 12:13 PM, cl...@pfsense
pfse...@mail-fwd.archie.dk wrote:
Can't wait for the electronic version :-)
I believe only commercial support customers will have access to the
electronic version.
I
On Thu, Oct 29, 2009 at 5:38 PM, iggd...@gmail.com wrote:
I'd like you all to know that unlike Ms. Bowman I will be in the office or
at least available more or less at all times. I kind of live on the
internet. Thanks.
That was confidential!! ;)
On a serious note, I wish people would
On Thu, Oct 15, 2009 at 4:59 AM, Eugen Leitl eu...@leitl.org wrote:
On Thu, Oct 15, 2009 at 10:10:59AM +0200, Eugen Leitl wrote:
I've updated 1.2.3RC3 on a SunFire X2100 M2 yesterday without
a hitch. Same upgrade on ALIX takes now about an hour. What's
the name of the upgrade process? bsdtar
On Mon, Aug 24, 2009 at 8:45 PM, Aristedes Maniatisa...@ish.com.au wrote:
I've since discovered that our application server doesn't need sessions to
be bound to a particular httpd front-end. So 3 4 are not actually required
(although SSL offloading would be convenient simply to reduce the
On Thu, Aug 20, 2009 at 10:16 PM, Aristedes Maniatisa...@ish.com.au wrote:
Is anyone using pfSense to perform load balancing (and failover) for two or
more web servers in a redundant configuration?
Yes, lots, but in more generic setups.
Bonus points for being able
to also perform SSL
On Thu, Jul 16, 2009 at 3:22 AM, Angus Jordanangus.jor...@gmail.com wrote:
Hi again,
I've attached the logs directly from the /var/log/filter.log. These
show up at exactly the same time the download stops...
What happens if you lower the MTU on the server to 1450?
On Thu, Jul 16, 2009 at 4:01 AM, Angus Jordanangus.jor...@gmail.com wrote:
I had configured the servers behind the pfsense bridge with the
gateway pointing directly at the pfsense firewall. When I modified the
gateway on the servers to use the real upstream gateway, all is
normal.
Ah yeah,
On Sat, Jul 11, 2009 at 4:14 AM, Zied Fakhfakhzyd...@gnet.tn wrote:
Hi,
I have a dhcp relay on pfsense to a dhcpd at, let's say, 192.168.2.1.
There's a failover dhcpd server at 192.168.2.2 (withou floating IP).
is there anyway pfsense can handle that ?
Manually change the relay. There's
On Wed, May 27, 2009 at 8:26 AM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
http://www.ukuug.org/events/eurobsdcon2009/
anyone going?
I submitted a talk on pfSense, if it gets accepted I'll be there.
We've submitted to 5 BSD conferences over the past 4 years and haven't
been rejected
On Fri, May 8, 2009 at 5:59 PM, Joe Lagreca j...@bignetonline.com wrote:
I'm having a STANGE problem when our traffic shaper is turned on.
Normal. limitation of 1.2.x shaper. treats no differently than
Internet-bound pings.
-
On Fri, May 8, 2009 at 6:21 PM, Joe Lagreca j...@bignetonline.com wrote:
Why only on the download portion of the test and not the upload portion?
If I switch to pfsense 1.0.1 can I avoid these limitations/problems?
No. The shaper in 1.0.x is slightly worse, and 1.0.x is riddled with
problems.
On Fri, May 8, 2009 at 7:04 PM, Joe Lagreca j...@bignetonline.com wrote:
The problem is the high latency is wreaking havoc with our VOIP PBX.
That's irrelevant, ICMP is queued differently from your VoIP traffic.
-
To
On Mon, Apr 27, 2009 at 5:45 PM, Angus Jordan angus.jor...@gmail.com wrote:
Hi there,
We have a pfSense 1.2.2 box setup in a transparent firewall
configuration (ie. LAN is bridged to WAN). This works just fine, but
the colocation where this box is sitting is broadcasting HSRP (UDP
port 1985)
Info here: http://blog.pfsense.org/?p=428
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Sat, Apr 11, 2009 at 11:52 AM, RI 1 / ipv6.or.id risna...@ipv6.or.id wrote:
Hallo Chris,
Yes, changing PF Rules.
GUI doesn't seem to work, i already set allow all for all interface.
It works fine, you're seeing something else like out of state traffic
or asymmetrically routed traffic. If
On Fri, Apr 10, 2009 at 1:52 AM, David Rees dree...@gmail.com wrote:
On Thu, Apr 9, 2009 at 8:07 PM, Chris Buechler c...@pfsense.org wrote:
I'm looking for something simple to do nothing but accept SMTP mail
from a defined list of hosts allowed to relay and push it off to
another SMTP server
On Fri, Apr 10, 2009 at 9:00 PM, RI 1 / ipv6.or.id risna...@ipv6.or.id wrote:
Hi,
I just worked with PFSense lately.
Why can't I save any changes made to /tmp/rules.debug file due to web
interface firewall doesn't seem to work ?
It's always after a while back to block default deny rule or
On Thu, Apr 9, 2009 at 11:46 PM, RB aoz@gmail.com wrote:
On Thu, Apr 9, 2009 at 21:07, Chris Buechler c...@pfsense.org wrote:
I'm looking for something simple to do nothing but accept SMTP mail
from a defined list of hosts allowed to relay and push it off to
another SMTP server (using
On Sat, Apr 4, 2009 at 4:50 PM, Tortise tort...@paradise.net.nz wrote:
Hi
Is anyone else getting this?
It is occurring if you get a either a
1) divide by zero error on the index page for CPU Usage or
2) an indication the CPU is always on 0% use, which it shouldn't be for long!
It seems
On Fri, Apr 3, 2009 at 3:34 PM, David Rees dree...@gmail.com wrote:
On Fri, Apr 3, 2009 at 7:48 AM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
use vlans, a managed switch, and use 192.168.x.0/24 for each vlan. for
bonus points, use NAC and dynamic vlans to allow only approved devices
On Thu, Mar 5, 2009 at 10:03 PM, Chris Buechler c...@pfsense.org wrote:
On Wed, Mar 4, 2009 at 7:30 AM, Mark Slatem nitro...@gmail.com wrote:
Chris, Will version 2 support this natively by any chance?
Just need a package for OSPF, which could be added on 1.2.x and 2.0.
That's a project I
On Wed, Mar 4, 2009 at 7:30 AM, Mark Slatem nitro...@gmail.com wrote:
Thanks for all advice.
I recall attempting to add a static route to the openvpn server endpoint ip,
but it still did not work for me.
Then you aren't doing something right.
On Tue, Mar 3, 2009 at 6:57 PM, Mark Slatem nitro...@gmail.com wrote:
Hi all.
I have about 50 Alix embedded firewalls running at branches. All the
branches connect to a central pfsense at our data centre via an openvpn
tunnel. This solution works absolutely beautifully and allows all the
On Sat, Feb 28, 2009 at 4:02 PM, Tortise tort...@paradise.net.nz wrote:
Hi
In the index.php page CPU usage value I am getting:
Warning: Division by zero in /usr/local/www/includes/functions.inc.php on
line 66 0%
This is with the embedded image on a CF, Pentium 400, 756M RAM.
Run this
On Tue, Jan 27, 2009 at 10:15 PM, pfsense sense pfse...@kavadas.org wrote:
i'm not suggesting pfsense be run inside a VM, i am suggesting pfsense
provide VM functionality
Refer back to my earlier post.
-
To unsubscribe,
On Sat, Jan 24, 2009 at 5:13 AM, Eugen Leitl eu...@leitl.org wrote:
IIRC one developer (Chris?) mentioned a number of different pfSense
possible flavors,
Yes.
including a NAS appliance.
but no to that part. :)
That's one thing that probably won't ever be added, at least not by
any of our
On Thu, Jan 22, 2009 at 3:27 AM, John Dakos [ Enovation Technologies ]
gda...@enovation.gr wrote:
hi Ron and thanks for reply
look , i turn ON the sticky connections and for 30 seconds everything is
working.
but until 30 seconds i have no Internet
Don't use sticky connections. It's
see http://blog.pfsense.org/?p=351
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Sun, Jan 4, 2009 at 8:36 PM, Jure Pečar pega...@nerv.eu.org wrote:
Hello,
would it be possible to use pfsense on a platform with a single nic, where
wan,lan,opt are all vlans? With managed switch, of course.
Yes.
On Fri, Dec 19, 2008 at 10:11 AM, Veiko Kukk veiko.k...@krediidipank.ee wrote:
Hi!
I wonder if there are some good reasons why i'ts not possible to choose CARP
interfaces (virtual IP-s) for load balancer pools?
Because you use only the physical interfaces, the CARP VIPs just go
with the
On Fri, Dec 19, 2008 at 11:09 AM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
Veiko Kukk wrote:
Hi!
I wonder if there are some good reasons why i'ts not possible to choose
CARP interfaces (virtual IP-s) for load balancer pools?
If not, then why can't I select carpx interfaces for ISP
info here: http://blog.pfsense.org/?p=334
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
On Mon, Dec 1, 2008 at 11:21 PM, Roland Giesler
[EMAIL PROTECTED] wrote:
So I removed all the routes except one, just to test if all else is
ok, but found that on both release 1.2 and 1.2.1-RC2, PHP steadily
increased when I save a change until it hits 100% usage on one CPU.
Then, if I click
On Sun, Oct 5, 2008 at 5:17 AM, Eugen Leitl [EMAIL PROTECTED] wrote:
I presume this is the same problem as
http://forum.pfsense.org/index.php?topic=11531.msg63655
That person bought a support contract and we helped him resolve that,
his firewall rules weren't setup properly to allow the DNS
On Sat, Oct 4, 2008 at 4:58 PM, Eugen Leitl [EMAIL PROTECTED] wrote:
I have a pair of pfsense 1.2.1-RC1 working in a poor man's
failover (a parallel pair of transparent bridges).
Had a problem with DNS lookup blockage, the problem is that
LAN was on a different subnet. Put them on the same
On Sat, Oct 4, 2008 at 5:18 PM, Eugen Leitl [EMAIL PROTECTED] wrote:
On Sat, Oct 04, 2008 at 05:13:27PM -0400, Chris Buechler wrote:
LAN was on a different subnet from what?
LAN was a different subnet from WAN (in transparent bridge
this shouldn't matter, and it doesn't, with the exception
On Sat, Sep 13, 2008 at 8:46 AM, Eugen Leitl [EMAIL PROTECTED] wrote:
I can't get an 1.2.1-RC1 full with two NICs (VIA mini ITX) to filter traffic
using http://pfsense.trendchiller.com/transparent_firewall.pdf
No rules either in WAN or LAN, to the bridge must block
everything -- but doesn't.
On Thu, Jul 31, 2008 at 1:44 AM, Mark Dueck [EMAIL PROTECTED] wrote:
Throughput will be minimal. From 512Kbps to 2Mbps max. I guess my biggest
concern is stability. I have lab tested the Soekris 4801 with openVPN to
have throughput of up to 3MB/s, so it should be fine for these locations,
On Tue, Jul 22, 2008 at 2:32 PM, Eugen Leitl [EMAIL PROTECTED] wrote:
http://www.provos.org/index.php?/pages/dnstest.html
DNS Resolver Test
For secure name resolution, it is important that your DNS resolver uses
random source ports. The box below will tell you if there is something you
On Tue, Jul 22, 2008 at 4:48 PM, Chris Buechler [EMAIL PROTECTED] wrote:
- if your recursive servers are behind pfSense doing NAT with a
default NAT configuration, you're fine even *without* patching your
DNS servers.
Scratch that part depending on your DNS server - if it uses a single
static
On Wed, Jul 16, 2008 at 11:22 PM, Bill Marquette
[EMAIL PROTECTED] wrote:
Considering that you are talking about the Linux variant of the
WRT54G, I think it's safe to say that Chris probably assumed you were
not running the stock Linksys firmware on it.
Actually that is what I meant - you
On Thu, Jul 17, 2008 at 7:02 PM, Jim Thompson [EMAIL PROTECTED] wrote:
I'm happy to respond more fully to this:
A) off-list,
Jim, I'd encourage you to keep it on-list, a number of us have learned
quite a bit from sharing of your expertise over the years. It may not
be precisely on-topic for
On Wed, Jun 11, 2008 at 12:50 PM, Paul Mansfield
[EMAIL PROTECTED] wrote:
now none-free for any commercial usage, I was wondering if anyone's looked
at the alternatives?
I've been a Nessus user since its very early days, been roughly 7
years now I believe. I've had a Nessus Direct Feed
Lee is a commercial support customer and we helped him offlist with
this. There was a problem with the siproxd package, it should now
work. Lee confirmed he now has two phones working simultaneously, so
this must be working now.
If you have installed the package previously, uninstall it first.
On Mon, May 26, 2008 at 7:08 AM, John Dakos [ Enovation Technologies ]
[EMAIL PROTECTED] wrote:
thank u SAI , but i have a problem with this configuration. this
configuration work with NAT , and i dont want NAT because i have 200 public
IP on Cisco Router, and i want all clients to join
On Wed, Apr 30, 2008 at 11:52 PM, RB [EMAIL PROTECTED] wrote:
Anyone have a situation where they're switching WAN types and somehow
/usr/local/sbin/lighttpd just disappears?
Can't say that I've seen that. You can restart it at the console menu
for future reference. Anything relevant in the
On Thu, May 1, 2008 at 12:08 AM, RB [EMAIL PROTECTED] wrote:
Can't say that I've seen that. You can restart it at the console menu
for future reference. Anything relevant in the logs?
Nothing at all, and no restarting - the binary is *gone*, as in deleted.
Oh wow! Definitely haven't
Joe Lagreca wrote:
I am running pfSense on an Alix system 2c3. When accessing via the
LAN everything works great. However when I try to access it via the
WAN, its very slow, and will time out. This is NOT a bandwidth issue.
Sometimes the pages will load, but look as if the css file didn't
[EMAIL PROTECTED] wrote:
Hi
I'm trying to do some analysing on the raw log format sent to syslog:
snip
check out pflog.
http://www.openbsd.org/faq/pf/logging.html
http://www.google.com/search?q=pflog
quite a bit of stuff available.
for the underlying ruleset you're running, see
Jan Hoevers wrote:
While not unwilling to donate to projects, this bounty thing is not for
me because of a strict open source policy.
Again, is there any estimate for 1.3?
This is 100% completely open source. The source ported to RELENG_1_2 is
even in the public CVS server in its own branch.
RB wrote:
I understand, and have tangled some of the terminology. My ticket was
about HEAD, but the library breakage seems to have seeped from HEAD to
1.3 (RELENG_1).
Because all the binaries in RELENG_1 and HEAD are for FreeBSD 7.0. You
can't go from 1.2 to 1.3 just by pulling the files
Please see the following post for more information.
http://blog.pfsense.org/?p=182
Hope to see you there!
Chris
Ermal Luçi wrote:
Expected behaviour.
Since ALTQ shapes on outgoing that shapes every thing that goes
through the interface where the shaper is enabled.
For 1.2, it should be noted.
For 1.3, Ermal has done a nice job completely rewriting the traffic
shaper to accommodate these kinds of
[EMAIL PROTECTED] wrote:
Gentlemen!
I sorry to have started this Return Receipt storm.
Chris Buechler complained to me in private and asked me to turn off RR
when writing to this forum which I will of course do my outmost to
remember in the future.
I half expected a read receipt pop up
Jose Augusto wrote:
Look this
http://pfsense.blogspot.com/2005/05/captive-portal-and-traffic-shaping-to.html
That's outdated info.
Traffic shaper does not work properly with more than two interfaces (LAN
+ WAN) in 1.2. That's already fixed in 1.3.
DarkFoon wrote:
Yes. just the config is kept on the floppy.
This means that the RRD graphs don't save across reboots, right?
And packages can't be installed. (well that's sort of obvious...)
Correct on both accounts.
DarkFoon wrote:
Does pfSense 1.2 still support booting from CD-rom and storing the
config (and possibly other data) on a floppy disk?
Yes. just the config is kept on the floppy. USB flash drives are also
supported, and recommended over floppies.
Ronald L. Rosson Jr. wrote:
On Feb 11, 2008, at 1:08 PM, Scott Dale wrote:
http://forum.pfsense.org/index.php/topic,7313.0/topicseen.html
This brought back my dashboard without a re-install.
Thanks, that's good to know.
Those who use the dashboard on 1.2, keep in mind it's experimental
Paul M wrote:
Hi,
given the a number of minor bug fixes, we will be seeing a 1.2RC5
variant sometime, or is the next step a full release?
We'll probably skip RC5 as an official release even though the snapshots
are labeled as such right now.
Jan Hoevers wrote:
2. On previous versions the bogons file was fetched from cymru.com, but
on RC4 the script tries to get it from a pfSense server. The file is
however missing on that pfSense server. I worked around this by copying
the old cymru url back from RC3.
Thanks for catching that,
Jure Pečar wrote:
Since everyone is just singing praises, I'll add some things to look for ;)
Besides running it at home we run it on three production locations, which
are two server rooms and one fast growing wireless lan.
First bad expirience: it is really touchy about the quality of your
Luciano Areal wrote:
Hi Bill!
The pfSense box is in front of the PPTP server. In other ways, it will act
as the main gateway, and the PPTP server will be on the LAN. Clients will
access it from WAN, passing through the pfSense box.
I just did what you said. Removed all rules from NAT and
Paul M wrote:
meanwhile, I noticed many of the mirrors are not doing too well so I
reported them
some of the update mirrors are no good either.. in fact the downloads
are pretty slow.
The mirrors are all fine. Many only sync once a day, so as it says in
the release announcement it
http://blog.pfsense.org/?p=152
Eugen Leitl wrote:
I used to have a nice pre-shared key IPsec tunnel between
two m0n0walls/pfSenses, running in NAT. Worked very nicely.
However, I now have a transparent bridge with a public /24 network,
and whenever I activate the tunnel I no longer can ping any
host on the network (the
Daniele Guazzoni wrote:
I just upgraded from 1.0.1 to 1.0.2 with
pfSense-1.0.2-Full-Embedded-Update.tgz and although the firwall is
functional I cannot access the webconfigurator.
Any idea how to fix it ?
There is no 1.0.2, so I'm not sure which version you're using, for
embedded upgrades
Adam Van Ornum wrote:
I've been looking into a Via C7 based system to run pfSense on and so
far all of the systems seem to have either Realtek or Via based LAN
chipsets. Several people have mentioned before that the Realtek
chipsets are not very well supported at this time and I'm wondering
Ronald L. Rosson Jr. wrote:
Has anyone come across or developed a template for pfsense firewalls
to be polled by a Cacti server. Any information is helpful.
haven't heard of any, it would be nice to see.
Eugen Leitl wrote:
I see on http://pcengines.ch/order1.php?c=2
that ALIX (e.g. alix2c3) is ETA 20071020.
http://blog.pfsense.org/ sez
snip
...
Anyone knows how well AMD Geode LX does accelerated IPsec on FreeBSD?
As far as we know at this time, it's not yet supported.
Eugen Leitl wrote:
I see there's commercial support for pfSense, starting at about 300 EUR/year.
Are there proper invoices for that? I can't tell.
$300 USD actually. Yes, we can send you a proper invoice, or you can pay
via credit card online and we'll send you the typical email receipt.
http://pfsense.blogspot.com/2007/08/12-rc2.html
Please test! This may be the last RC before 1.2 is released.
Eugen Leitl wrote:
I have a somewhat strange setup (thanks to our provider)
which looks like this:
LAN* - bge0- 192.168.0.1
WAN* - bge1- 10.0.2.6
OPT1(DMZ)- vlan0 - 62.245.148.129
Yes, the WAN is
Paul M wrote:
http://www.linuxdevices.com/news/NS2837651365.html
32MB of SDRAM and 16MB of flash, expandable via an SD-card slot.
aside from the fact that those two numbers alone mean it's far from
compatible, it's not an x86 system, it's RISC. It won't run m0n0wall
either.
Roland Giesler wrote:
Is it possible to start a VMware or Xen client inside pfSense?
no. VMware doesn't support FreeBSD as a host, and Xen is still
questionable on FreeBSD I believe.
Bill Marquette wrote:
Low end switches have a tendency to not have enough ram or cpu to
handle a high volume mac spoofing attack and will usually end up
turning into a hub under this kind of attack, rendering your vlans
useless.
Any switch's CAM table can be overflowed by directly connected
DarkFoon wrote:
I'm considering installing the UPnP daemon on some home/home office
boxes, and I'm curious what the security issues are.
From my own (simple) analysis, the worst that could happen is a
malicious application could ask for many, many (almost all?) of the
ports above 1024 to be
1 - 100 of 129 matches
Mail list logo
