CARP, ProxyARP and the useless "Server NAT" (which just tells the
system about IPs to use for NAT and does nothing) are now merged under
one screen that should be much better. In the process I broke
ProxyARP ranges (ie ARP for 10.0.0.1-10.0.0.5), is anyone actually
using this feature? Any complai
BTW, I haven't looked at the code but if we're generating truly random
MACs we do run a risk of hitting multicast MAC addresses and other
"special" MACs. Changing the MAC once the box is up is highly
recommended.
--Bill
On 7/15/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> I would say it fixes
Firewall: NAT: Port Forward
On 7/15/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I am attempting to set up squid to do transparent proxying. Is there a
> way via the web interface to forward port 80 to 3128 or is that
> something that I need to so directly with pf?
>
>
> --
> When It Absolutel
hat I have nothing going
> unless I manually add the proxy information to the browser.
>
> Did I miss something?
>
> On 7/15/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> > Firewall: NAT: Port Forward
> >
> > On 7/15/05, Kim C. Callis <[EMAIL PR
Yikes, that sounds like alot of wireless. I'm not trying to insult
your ability to build a solid wireless network (I know I certainly
can't, my wireless at home sucks!), but are you sure it works fine
w/out QoS? I ask because I have neighbors with WISP connections and
VOIP that constantly complai
More info please. What rules did you add? Both NAT and filter please.
--Bill
On 7/21/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I went into rules to add access to SSH and HTTPS, and added entries on
> the WAN interface. Is there something else that I need to add, because
> I am still not ab
On 7/21/05, Ben Flores <[EMAIL PROTECTED]> wrote:
> First of, great project... even for being ALPHA it performs a thousand times
> better than commercial expensive-ware on their official releases.
>
> To give some background, I'm testing on both the ISO version (0.70.8) and the
> CF
> version (0.
Do the filter rules for these forwardings show up in the filter
section? If not, something screwed up somewhere.
--Bill
On 7/21/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I have added to NAT:Port Forwarding
> WAN - LAN port 22 192.168.150.1
> WAN - LAN port 443 192.168.150.1
> WAN - LAN port
On 7/23/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I was getting ready to make that bold move to update the latest, and
> noticed that it was a 30M upgrade... So what happens to all of the old
> configurations? Is it safe to just upload the updates? How does it
I won't guarantee it's safe - it
On 7/23/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> Do I need to load the updates in order or can I just download the
> latest.tgz and call it a day?
All images are currently full firmware updates. You can download any
of the updates in the updates directory and apply to go to that
version. l
On 7/23/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I noticed that when I was uploading the update to the router, that the
> speed was dirt slow... What would be a good entry in to traffic
> shaping to give great speed to updating?
Where was it slow from? The LAN, the WAN, the _fill in the bla
On 7/23/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> I was looking at the queue display and noticed that although VOIP is
> being allocated a good portion of bandwidth, that there are a log of
> dropped packets. What exactly does that mean, and what can I do to
> limit the drops?
Allocate enough
On 7/26/05, Greg Hennessy <[EMAIL PROTECTED]> wrote:
>
> > I believe that it would be a successful method of advocating
> > PFsense among Cisco admins?
> >
>
> LOL! Not a hope. Didn't you that the PIX will solve world hunger and bring
> about global peace ?
Now if only it would show up in a trac
On 7/26/05, christiaan <[EMAIL PROTECTED]> wrote:
> Greg Hennessy wrote:
>
> >
> >
> >
> >>I believe that it would be a successful method of advocating
> >>PFsense among Cisco admins?
> >>
> >>
> >>
> >
> >LOL! Not a hope. Didn't you that the PIX will solve world hunger and bring
> >about global p
On 7/26/05, Justin Stan <[EMAIL PROTECTED]> wrote:
>
>
>
> What happened with upnp pack from the last release of pfSense?
Read this thread:
http://www.mail-archive.com/support%40pfsense.com/msg00121.html
--Bill
On 7/27/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> say I want to have multiple ip's on the wan interface so that I can forward
> http/https for one public ip to a private ip behind the firewall and
> smtp/imap on a different public ip to a another private ip behind the
> firewall. I thought thi
> > another possible bug. when adding new interfaces with by clicking the + on
> > the assign screen the firewall webgui times if you don't wait several
> > seconds before attempting to click another + to add another interface.
> >
> > - Original Message
Not sure why, but this seems to be a very popular feature request
these days, I can count at least 3 different requests for this in the
last week. No need to file a feature request for this feature unless
the code that comes out of the hackathon doesn't do what you want (not
directed at you Chris
If this is the only reason you need OpenBGPD, check out the CYMRU
bogons list on the the WAN page. We use their published list not the
bgp peering. Some day we'll import the OpenBGPD package, but at this
point I'd rather wait until ospfd is ported.
--Bill
On 7/30/05, Xavier Beaudouin <[EMAIL PR
On 8/1/05, sai <[EMAIL PROTECTED]> wrote:
> I just had system_firmware.php lock up on me. Had to reboot the
> machine. All other pages were working, just the system_firmware.php
> would hang.
>
> Possibly had problems with internet access/the ISP at the time, but am not
> sure.
>
> Does anyone
On 8/1/05, Simon Dick <[EMAIL PROTECTED]> wrote:
> On Mon, 2005-08-01 at 11:54 +0500, sai wrote:
> > I just had system_firmware.php lock up on me. Had to reboot the
> > machine. All other pages were working, just the system_firmware.php
> > would hang.
> >
> > Possibly had problems with internet a
On 8/2/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> Can someone point me to a Windows based snmp viewer (freeware
> preferably) and one for linux... On the linux side, I am looking for
> an application that I can fire up and doesn't require any type of
> setup like creating a mrtg page...
For Wi
On 8/2/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> sorry about the top post.. OE on win2k sucks for some reason.
>
> I can't create nat for vips that don't exist yet. Even if I try to just use
> the WAN inteface ip as the external address i still get errors. So it seems
> to me that the probl
On 8/2/05, alan walters <[EMAIL PROTECTED]> wrote:
> I know that the inbound NAT works it seems to just be a formatting thing
> in the GUI. I amended the bug a little to reflect this. As long as the
> ordering of the input is ok all works fine.
Thanks, I updated also :) As long as theres a short
I think it was more along the lines of "it didn't work and we had too
many other things to fix"
--Bill
On 8/11/05, Rui Correia <[EMAIL PROTECTED]> wrote:
> Fernando Costa gmail.com> writes:
>
> >
> > Hello all,
> >
> >I may say we have made a mistake over here. That is probably my
> > fault
I usually use:
client: iperf -P 2 -w 128k -c server
server: iperf -w 128k -s
And I'd recommend using:
http://dast.nlanr.net/Projects/Iperf/iperfdocs_1.7.0.html
Also, I'm not sure FreeBSD uses polling mode for the em driver by
default. Are all your NICs on the same IRQ, if not can you set them
to
peed:N/A Duplex:N/A
> em3: port
> 0xd300-0xd33f mem 0xd006-0xd007 irq 27 at device 6.1 on pci3
> em3: Ethernet address: 00:04:23:ba:7b:e7
> em3: Speed:N/A Duplex:N/A
>
> maybe?
>
> On Fri, 2005-08-12 at 16:32 -0500, Matthew Lenz wrote:
> > On Fri, 2005-08-12
Sweet :) That sounds more like it.
--Bill
On 8/12/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> client: iperf -P 2 -w 128k -c server
> server: iperf -w 128k -s
>
> yeilded 940 Mbit/sec
>
> - Original Message -
> From: "Bill Marquette" <[EMAIL
Not without using carpdev, which isn't in our ifconfig (I think we
need a userland binary sync, not sure). At the point we enable
carpdev, you won't need IPs on the WAN interface for this to work
(although admittedly, I'm not sure what that will do ;-P)
--Bill
On 8/18/05, M. Kohn <[EMAIL PROTECT
On 8/19/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> Ok, I finally got snmpwalk working somewhat... The issue I am having
> is that I don't seem to have external access to the snmp server.
>
> I have the following in place:
>
> Rule: WAN any source allow ports 161-162 TCP/UDP to LAN 192.168.0.1
Yes, don't use .75 it's likely to screw up your configuration. Do a
fresh install of .77 and don't import the old config.
--Bill
On 8/20/05, sai <[EMAIL PROTECTED]> wrote:
> using version 0.75
>
> got :
> -- php: There were error(s) loading the rules: /tmp/rules.debug:114:
> syntax error /tmp/r
On 8/22/05, Tim Roberts <[EMAIL PROTECTED]> wrote:
> I need to setup a multi-WAN firewall that also has a DMZ network as well as
> LAN network. I would really like to do this with CF but I only have 2 CF to
> IDE adapters with 128MB CF disks. 0.76.4 installed just fine by disabling
> swap and using
Any chance the web interface is set to use https instead of http?
We've still got a small issue with our php and it's insistence that
it's got SSL included when it really doesn't.
--Bill
On 8/23/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> My config changes are not being synced to fw1 when I ma
I'll try and put some screenshots together this weekend on how I made
this work. I think I'm gonna make a small modification to the rules
summary screen too so you can see what gateways we're using.
--Bill
On 8/23/05, Tim Roberts <[EMAIL PROTECTED]> wrote:
> When I do edit the default LAN rule a
I'm pretty sure we'd have to spawn two instances. I'm looking into
this though, we'll see what we can do. In the meantime you _might_ be
able to install stunnel and point sync to localhost - I think that'll
break a couple of things that we sync, but rules and nat's won't be
one of them.
--Bill
On 8/23/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> But if I look at the Queue Status page, none of the queues that ESP traffic
> is supposed to take are being used.
>
> Any ideas? Where do I start in the debugging process? Thanks in advance.
Try and figure out which queue it's matching (y
On 8/23/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hmm, it appears to be in the correct queue now.
>
> Is it possible that I needed to end my VPN session and restart it, if the
> session was started prior to the traffic shaping wizard?
Yup, that would do it. Shaper changes will not take
On 8/23/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Wow. Can't say that I knew about the RSS feed :)
>
> /me adds to Jabber RSS Service
You never asked ;-P CIA has one too, but it's not quite as useful.
--Bill
It's a little raw, but http://cvstrac.pfsense.com/timeline or for
those of you with the RSS obsession ;)
http://cvstrac.pfsense.com/timeline.rss
--Bill
On 8/23/05, Nate Davis <[EMAIL PROTECTED]> wrote:
> Woops, forgot to post this to the Mailing List :)
>
>
> Hey Scott,
>
> I wish to
On 8/23/05, Tim Roberts <[EMAIL PROTECTED]> wrote:
> Is there a mini how too lying around on setting up multi-wan stuff or is
> this still too new?
http://pfsense.blogspot.com/2005/06/multi-wan.html
--Bill
On 8/25/05, Damien Dupertuis <[EMAIL PROTECTED]> wrote:
> I re-installed the whole thing from the beggining and
> waited.
>
> Today I saw the 0.79.4 version. Again I installed it
> and the same problem arise...
>
> Anybody with a similar problem?
Did you restore your config file from .79? If so
Ooops...reply all Bill reply all!
--Bill
-- Forwarded message --
From: Bill Marquette <[EMAIL PROTECTED]>
Date: Aug 25, 2005 10:21 AM
Subject: Re: [pfSense-discussion] carp netmask
To: Matthew Lenz <[EMAIL PROTECTED]>
Actual netmask of the network the CARP address
tthew Lenz <[EMAIL PROTECTED]> wrote:
> Maybe it was a bug in that specific version of pfSense I was using at
> the time because i couldn't get the network to function until i changed
> them to /32's. Maybe I'll give it a shot again at some point.
>
> On Thu, 2
Does our IPSec implementation support it, or does NAT-T on a client
behind the pfSense box work? To the former, no. To the latter, yes.
--Bill
On 8/25/05, Homero Thomsom <[EMAIL PROTECTED]> wrote:
> Does pfsense support NAT-Traversal ?
>
> Thanx.
> HT. Buenos Aires, Argentina.
>
> ___
Are you using pre-empt?
--Bill
On 8/26/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> I had an interesting thing happen today. The watchdog (atleast thats what
> the system log called it) on my WAN interface reset the WAN interface (any
> idea why that would have happened?) which caused all my ou
rrent
> MASTER for all the carp interfaces. Once I have everything production
> ready i'll probably enable preempt again.
>
> On Fri, 2005-08-26 at 15:03 -0500, Bill Marquette wrote:
> > Are you using pre-empt?
> >
> > --Bill
> >
> > On 8/26/05, Mat
ECTED]> wrote:
> Scott mentioned that functionality required ifdepd .. preempt results in the
> same behavior?
>
> - Original Message -
> From: "Bill Marquette" <[EMAIL PROTECTED]>
> To: "Matthew Lenz" <[EMAIL PROTECTED]>
> Cc:
> Sent:
Oh, you will have to reboot after mucking with preempt settings and
BOTH boxes have to have it set.
--Bill
On 8/27/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Per 'man carp'
>
> net.inet.carp.preempt Allow virtual hosts to preempt each other.
>
On 8/27/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 8/27/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> > Oh, you will have to reboot after mucking with preempt settings and
> > BOTH boxes have to have it set.
>
> Not on recent versions. I changed the CA
OK, I'm getting some of the "Poll failed to start" messages too. I'll
have to poke around in code and see what that really means.
Aug 28 11:45:25 slbd[69105]: Using r_refresh of 5000 milliseconds
Aug 28 11:45:25 slbd[69105]: Using configuration file /var/etc/slbd.conf
Aug 28 11:45
On 8/31/05, Xavier Beaudouin <[EMAIL PROTECTED]> wrote:
> We are in a feature freeze. No new features are going in at the moment.Ok :) I understand that because I have also same problems on Caudium :)Do you think you will add on the roadmap for the next pfSense ?
No guarantees it'll make the nex
We use slb for it's monitoring code in the outbound load balancing as
well as for the inbound stuff. LVS won't help us there.
--Bill
On 8/31/05, Randy B <[EMAIL PROTECTED]> wrote:
Just noting that the current LB package used is sldb and that it's avery much dead project, actively seeking a new ma
On 8/31/05, Randy B <[EMAIL PROTECTED]> wrote:
Scott Ullrich wrote: > We have the source code to SLBD and have been making our own changes.Any intent to add some of the nice features ipvs offers (that slbddoesn't seem at first glance to), like multiple scheduling algorithms,
UDP, persistent connec
I have nearly zero idea what you're asking for, but I suspect you want something like PF's dup-to functionality.
dup-to The dup-to option creates a duplicate of the packet and routes it like route-to. The original packet gets routed as it normally would.
Amy I
On 9/10/05, Randy B <[EMAIL PROTECTED]> wrote:
Bill Marquette wrote:> I have nearly zero idea what you're asking for, but I suspect you want> something like PF's dup-to functionality.>> /dup-to/>The
/dup-to/ option creates a duplicate of the packet
On 9/12/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
It depends as you mentioned it is Alpha software and really both could be anissue. For example right now I'm using 82.4 and I have to reboot forFirewall / Rules changes to take affect. Since I have two firewalls and
Ahh, was this the version we
On 9/14/05, Tim Roberts <[EMAIL PROTECTED]> wrote:
Im running 0.80.4 now for several weeks with 2 WAN's, 1 LAN, 1 DMZ. Runslike a bat out of hell. Love it. Groovy. :) I have 2 small kinks:1.) When I go to Load Balancing I get this on the opening page:Warning: Invalid argument supplied for foreach()
Reverse of that actually ;-P
Create a rule(s) that disallows access to the 'LAN OPT1 OPT2 or OPT4'
and then
create a rule that allows OPT3 net out to all.
pfsense is a first match filter policy, so insert block rules ahead of the less granular rules.
--BillOn 9/16/05, Scott Ullrich <[EMAIL PROT
On 9/16/05, Chris Buechler <[EMAIL PROTECTED]> wrote:
might work very well, might be a big headache. though it's getting tothe point that it seems to be working very well much more than it'sbeing a headache. this is what you have to expect with alpha/almost-beta
software.
FWIW, it ALWAYS works bett
On 9/16/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
great.. i love it when the developers can't decide.. ;)so which interfaces do I add which rules to?restating what I want:OPT3 net -> internet smtp servers GOODOPT3 net -> any of my other interface (LAN, OPT1,2,4) networks BAD
Rules will be appli
FreeBSD ports don't include pfSense gui code. A pfSense package will
need to be written and at this time it will need to be written by
someone other than the core dev team. We're not adding any further
functionality until after the first release.
--Bill
On 9/21/05, christiaan <[EMAIL PROTECTED]
On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> OK, since I have most of PfSense setup the way I want, I am now ready to
> dive into traffic shaping.
>
> Traffic shaping is a big reason we went with PFSense.
>
> We have a softswitch (Asterisk) on site behind our PfSense box.
>
> We are looking t
On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> > Also, I assume the wizard only prioritizes the SIP port? Does it
> > prioritize
> > any other ports like the IAX ports, RTP and so on?
> >>
> >>The asterisk setting prioritizes
> >>UDP 5060-5069
> >>and
> >>UDP 1-17226 (no idea why - SIP mayb
On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> Sorry Scott, I don't follow..
>
> Are you saying this will download a file that you tweaked and basically
> update my PfSense install?
>
> Once I do this the ports I mentioned will be added to the wizard including
> the IAX and IAX2 ports?
yes and
hat about this part :)
> >
> > > 1- Is there any reasonably easy way for me to add the IAX (5036) and
> > > IAX2
> > > (4569) ports to the prioritization after I run the wizard?
> >
> >
> > - Original Message -
> > From: "Bill Mar
gt; > Rerun the traffic shaper, pick Asterisk, set the bandwidth to 1.5 megabit.
> >
> > Then that is added.
> >
> > Scott
> >
> >
> > On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> >> Thanks but what about this part :)
> >&
On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> Nope, 0.84.. Sorry, thought I mentioned that several times. Maybe not..
>
> Any way I can get my old file back?
Copy this file into /usr/local/www/wizards
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/wizards/traffic_shaper_wizar
On 9/24/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> Not sure what you mean by "only gracefully handles home networks"..
It was designed with the 80/20 rule...the vast majority of our users
have an WAN and a LAN and that's it.
> My setup is using the OPT1 inteface bridged to the WAN interface, I ha
Please re-run the shaper wizard. We changed the location of the
scheduler variable and for whatever reason the code I commited to move
that information to the new location didn't work :-/
--Bill
On 9/27/05, Imre Ispanovits <[EMAIL PROTECTED]> wrote:
> Hi Bao,
>
> I'm testing the 128MB pc image V
But that does raise the question of what version the OP is attempting
to install :) If this is known behavior on an old version that's
since been fixed, then it stands to reason that this is an old ISO.
Please try the 0.85.2 ISO (there isn't one for 0.85.4). Thanks
--Bill
On 9/27/05, Scott Ull
On 9/30/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
> Mmmh... I must admin I have some difficuties in following you in your
> thoughts...
>
> On 9/30/05, Travis H. <[EMAIL PROTECTED] > wrote:
> > I want to mention that you can also use SOCKS as a proxy. Many
> > clients support this non-trans
On 10/4/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> I was told that the Traffic Shaper wizard is basically for the LAN interface
> and not really useful at this point for servers/devices on the OPT1 or 2
> interface.
>
> So, I am wondering, if I put a machine on the LAN interface and setup
> Traffic
On 10/4/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> Can I use the LAN interface as the CARP interface?
>
> I am not using the LAN interface for anything and hate to waste a NIC..
>
> OK, also I have to go to the damn store and buy another :)
eh I know with the amount of posts you've had, I sho
I know we have a few too many places to find information, but this is
actually in the FAQ.
--Bill
On 10/4/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> IE still kills my PfSense 0.84 GUI a lot so I use Firefox and it never
> happens.
>
> Only issue is that I like to look at the traffic graph which r
ed (duh!) and there it was in front of my face. :)
>
> Todd
> - Original Message -
> From: "Bill Marquette" <[EMAIL PROTECTED]>
> To:
> Sent: Tuesday, October 04, 2005 7:27 PM
> Subject: Re: [pfSense-discussion] Can I use the LAN interface as the CARP
> interface?
On 10/5/05, Chun Wong <[EMAIL PROTECTED]> wrote:
> now I am learning the way pfsense handles rules, esp. the implied ones.
heh, that's something I plan on eventually providing more visibility
into - we're just not there yet :)
--Bill
On 10/14/05, Marc-Henri Boisis-Delavaud
<[EMAIL PROTECTED]> wrote:
> This is not my question, I would like to know how you make as m0n0wall a
> verification of authenticated client mac address, with pf ?
> I think it was possible only with ipfw.
We use ipfw as Scott mentioned, but this is trivial
On 10/15/05, Greg Hennessy <[EMAIL PROTECTED]> wrote:
> IIRC one can tag with the recently imported if_bridge code and then refer to
> these tags in /etc/pf.conf.
Exactly :) Thanks Greg.
OpenBSD-centric
http://www.openbsd.org/faq/pf/tagging.html
but I'm confident it applies to FreeBSD since it's
Interesting. Hadn't heard of IPA - this might be doable as a package after 1.0.
--Bill
On 10/15/05, chris <[EMAIL PROTECTED]> wrote:
> Hi
>
> I noticed this on the IPCops.com forum and thought it might be of interest
> to PFsense.
>
> Post subject: Routed networks, per IP download limits and
On 10/16/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> thats great news. i noticed the release 1 branch mentioned on the blog. is
> this the official 1.0 release or are you going to be commiting fixes to it
> for awhile and then do a 1.0?
We'll be committing fixes. Expect a beta cycle real soon
On 10/16/05, Jan Ślusarczyk <[EMAIL PROTECTED]> wrote:
> For example public address XXX.XXX.XXX.190 ports 22,25,80,113 were forwarded
> to respective ports on 192.168.6.190 interface for one of the servers. I
> don't have a separate subnet – I am assigned 8 ips out of a 255.255.255.128
> What I t
It looks like the hard drive in my development box is on it's last
legs (ie. I expect it to crash hard in the next week). I'm in the
middle of moving and the budget is stretched a little too tight to be
able to replace the drive for a while. The loss of this machine until
the drive can be replace
On 10/19/05, Matthew Lenz <[EMAIL PROTECTED]> wrote:
> i've got so many spare drives it is sick. what kind are you looking
> for? also, I've got that managed switch I promised for the load
> balancing work ready to be shipped. If you'd like I can send a long a
> drive as well. just let me know
Thank you all who sent in contributions, I've got more than enough to
handle a drive replacement. Obviously, I won't reject any further,
but I'd rather they go to the account listed on our donations page
than to me personally. Thanks again!
--Bill
On 10/21/05, sai <[EMAIL PROTECTED]> wrote:
> I setup traffic shaper using the wizard. Then I changed some queue names.
>
> These new names do not show up on status_queues.php
>
> I reset queues, then reboot the machine. This totally breaks the
> shaping and now in the status_queues I get just 1 qu
On 10/21/05, sai <[EMAIL PROTECTED]> wrote:
> [1] "The last rule that matches a packet will be executed."
> I think it would be better if we had shaper rule matching work in the
> same way as the firewall rules, ie first match being executed. I think
> orthogonality is the word I am looking for, bu
This is a known bug and is fixed in CVS, update_files.sh
/etc/inc/filter.inc please.
--Bill
On 10/21/05, Lawrence Farr <[EMAIL PROTECTED]> wrote:
> I have version 0.88, and when redirecting a specific port
> to a different port, the resulting rule has no port specified.
>
> eg
>
> rdr on em1 inet
On 10/21/05, Lawrence Farr <[EMAIL PROTECTED]> wrote:
> Done, many thanks.
>
> Is there anywhere I should be checking before asking
> on the list?
BTW, I should have mentioned, run /etc/rc.configure_firewall after
updating that file and it'll recreate your filter policy :)
--Bill
On 10/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote:
> I know the minimum recommended CF card size for a WRAP setup is 128mb. My
> question is what is appropriate for a fairly busy router in a production
> environment using most of a T1, most of the time.
If you're just using the flash image, 128M ca
On 10/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
>
> I'd like a little enlightenment here. I remember a post on the
> support list a couple of days ago to the effect the shaper wasn't
> working with OPT1 (or in fact, anything but WAN and LAN) at this
> time. I was a little confused, bec
On 10/26/05, D.Pageau <[EMAIL PROTECTED]> wrote:
> I'm currently building a new package for pfsense, authpf.
I'm curious how you plan on adding authentication? authpf (last I
looked) requires accounts on the system running authpf as it runs as
the users shell.
--Bill
On 10/26/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Is there any way to easily hook pam/radius up to authpf?
Yes, but that handles the passwords, not the fact that the user needs
to have an account on the box (radius doesn't give back UID/GID and
shell information).
--Bill
On 10/26/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> Okay, glad to see I wasn't on drugs :) So my idea of bridging OPT2
> (with my roommate's router behind it) with WAN should work then? The
> ONLY thing I care about is his hogging the precious upstream BW :)
Should be somewhat effective
On 10/28/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> On 10/28/05, Kim C. Callis <[EMAIL PROTECTED]> wrote:
> > I have a client that want to be able to view graphs and
> > other general reports. Is there a way to make a strictly
> > report based web interface, which will allow some to see
> > thi
On 10/29/05, jonathan gonzalez <[EMAIL PROTECTED]> wrote:
> about this theme a trick can be done, that of course is not disable as
> it sounds the user access.
>
> PAM_file can be used for ssh connections. This feature reads from a file
> (i.e. in the root directory) a list of allowed users.
>
> If
On 10/31/05, sai <[EMAIL PROTECTED]> wrote:
> This is in response to a post Chris made (see below) on the m0n0 list.
>
> Personally I would prefer a fully functional shaper with a difficult
> to use UserInterface rather than a very limited shaper with easy to
> use UI.
To be clear, the limitations
On 10/30/05, dny <[EMAIL PROTECTED]> wrote:
> hi.
>
> i want to setup wifi interface to allow user to use only the internet.
> i like to setup a firewall rule like this:
>
> pass, if: wifi, source: wifi subnet, dest: wan, dest port: 1-1
>
> q1: why no wan option in destination?
WAN would be th
On 10/31/05, Etienne Ledoux <[EMAIL PROTECTED]> wrote:
> I'm using pfsense to redirect all outgoing http traffic to a transparent
> proxy. But I need to not redirect a specific range when browsing to that
> specific range. pf supports "not rdr" as well as other options to achieve
> this. But I can
On 11/1/05, Etienne Ledoux <[EMAIL PROTECTED]> wrote:
> perhaps I should give more info about this:
>
> I have a internal LAN , DMZ and a WAN. My proxy is in the DMZ. I redirect
> all http traffic from the LAN to the proxy in the DMZ. The rule looks like
> this:
>
> rdr on vr0 inet proto tcp from
On 11/1/05, alan walters <[EMAIL PROTECTED]> wrote:
> [alan walters]
> I have been thinking about this a lot recently. I was wondering if rules
> for squid ftp proxy ipsec extra. Could be added to the xml file. At
> least this way the user has some control over what to do with them.
>
> I thought t
1 - 100 of 251 matches
Mail list logo
