Re: [pfSense-discussion] DNS resolver test

On Tue, Jul 22, 2008 at 4:48 PM, Chris Buechler <[EMAIL PROTECTED]> wrote: > > - if your recursive servers are behind pfSense doing NAT with a > default NAT configuration, you're fine even *without* patching your > DNS servers. Scratch that part depending on your DNS serve

Re: [pfSense-discussion] DNS resolver test

On Tue, Jul 22, 2008 at 2:32 PM, Eugen Leitl <[EMAIL PROTECTED]> wrote: > > http://www.provos.org/index.php?/pages/dnstest.html > > DNS Resolver Test > > For secure name resolution, it is important that your DNS resolver uses > random source ports. The box below will tell you if there is something

Re: [pfSense-discussion] Captive Portal on pfsense

On Thu, Jul 17, 2008 at 7:02 PM, Jim Thompson <[EMAIL PROTECTED]> wrote: > I'm happy to respond more fully to this: > A) off-list, Jim, I'd encourage you to keep it on-list, a number of us have learned quite a bit from sharing of your expertise over the years. It may not be precisely on-topic for

Re: [pfSense-discussion] Captive Portal on pfsense

On Wed, Jul 16, 2008 at 11:22 PM, Bill Marquette <[EMAIL PROTECTED]> wrote: > > Considering that you are talking about the Linux variant of the > WRT54G, I think it's safe to say that Chris probably assumed you were > not running the stock Linksys firmware on it. > Actually that is what I meant -

Re: [pfSense-discussion] Captive Portal on pfsense

On Tue, Jul 15, 2008 at 8:38 AM, muhammad panji <[EMAIL PROTECTED]> wrote: > Dear All, > Hi I start searching for option to implement captive portal on my > campus hotspot and I think pfsense captive portal will make it easier. > I'm not really familiar with wireless technology. If i'm not false my

Re: [pfSense-discussion] SIP Phones and SIPROXD

Lee is a commercial support customer and we helped him offlist with this. There was a problem with the siproxd package, it should now work. Lee confirmed he now has two phones working simultaneously, so this must be working now. If you have installed the package previously, uninstall it first. The

Re: [pfSense-discussion] Re: Nessus : Change in the Plugin Feed Policy (Reminder)

On Wed, Jun 11, 2008 at 12:50 PM, Paul Mansfield <[EMAIL PROTECTED]> wrote: > > now none-free for any commercial usage, I was wondering if anyone's looked > at the alternatives? > I've been a Nessus user since its very early days, been roughly 7 years now I believe. I've had a Nessus Direct Feed s

Re: Fw: [pfSense-discussion] I Cannot Uploading Files

On Mon, May 26, 2008 at 7:08 AM, John Dakos [ Enovation Technologies ] <[EMAIL PROTECTED]> wrote: > > > thank u SAI , but i have a problem with this configuration. this > configuration work with NAT , and i dont want NAT because i have 200 public > IP on Cisco Router, and i want all clients to j

Re: [pfSense-discussion] disappearing httpd

On Thu, May 1, 2008 at 12:08 AM, RB <[EMAIL PROTECTED]> wrote: > > Can't say that I've seen that. You can restart it at the console menu > > for future reference. Anything relevant in the logs? > > Nothing at all, and no restarting - the binary is *gone*, as in deleted. > Oh wow! Definitely ha

Re: [pfSense-discussion] disappearing httpd

On Wed, Apr 30, 2008 at 11:52 PM, RB <[EMAIL PROTECTED]> wrote: > Anyone have a situation where they're switching WAN types and somehow > /usr/local/sbin/lighttpd just disappears? Can't say that I've seen that. You can restart it at the console menu for future reference. Anything relevant in the

Re: [pfSense-discussion] Slow Firewall reload

let's try resending these posts... I inadvertently sent them from an address that bounced and gmail threw the bounce messages in my spam. below: On Wed, Apr 30, 2008 at 1:06 AM, muhammad panji <[EMAIL PROTECTED]> wrote: > > About 10 to 15 minutes on "Configuring Firewall.." and it's just a

[pfSense-discussion] Outbound load balancer users, please vote

http://forum.pfsense.org/index.php/topic,8957.0.html or comment here.

Re: [pfSense-discussion] NAT Port Forwarding isn't working

Can you send your rules.debug and NAT and rules config.xml portions from status.php? Patrick wrote: Hi all, Fresh install of the latest pfsense, I initially set up some NAT port forwarding, removed them, and tried to re-add them. Unfortunately the 2nd time around none of my NAT forwarding wo

Re: [pfSense-discussion] clog size

RB wrote: I've had a request to increase logging duration on systems that have no access to an external syslog server, so am making the necessary changes to maintain much larger ring-log files. Incredibly larger - averaging 1000-1500B/s to certain logs, and we're looking at 20-30 days' worth. S

Re: [pfSense-discussion] pfsense on alix, slow to access via WAN

Joe Lagreca wrote: I am running pfSense on an Alix system 2c3. When accessing via the LAN everything works great. However when I try to access it via the WAN, its very slow, and will time out. This is NOT a bandwidth issue. Sometimes the pages will load, but look as if the css file didn't loa

Re: [pfSense-discussion] Detailled syslog format.

[EMAIL PROTECTED] wrote: Hi I'm trying to do some analysing on the raw log format sent to syslog: check out pflog. http://www.openbsd.org/faq/pf/logging.html http://www.google.com/search?q=pflog quite a bit of stuff available. for the underlying ruleset you're running, see status.php.

Re: [pfSense-discussion] Traffic shaper bug ?

Jan Hoevers wrote: While not unwilling to donate to projects, this bounty thing is not for me because of a strict open source policy. Again, is there any estimate for 1.3? This is 100% completely open source. The source ported to RELENG_1_2 is even in the public CVS server in its own branch. I

[pfSense-discussion] Registration open for pfSense training at BSDCan!

Please see the following post for more information. http://blog.pfsense.org/?p=182 Hope to see you there! Chris

Re: [pfSense-discussion] RELENG_1 library linking (was: Traffic shaper bug ?)

RB wrote: I understand, and have tangled some of the terminology. My ticket was about HEAD, but the library breakage seems to have seeped from HEAD to 1.3 (RELENG_1). Because all the binaries in RELENG_1 and HEAD are for FreeBSD 7.0. You can't go from 1.2 to 1.3 just by pulling the files fr

Re: [pfSense-discussion] Traffic shaper bug ?

Ermal Luçi wrote: Expected behaviour. Since ALTQ shapes on outgoing that shapes every thing that goes through the interface where the shaper is enabled. For 1.2, it should be noted. For 1.3, Ermal has done a nice job completely rewriting the traffic shaper to accommodate these kinds of sit

Re: [pfSense-discussion] Sorry guys

[EMAIL PROTECTED] wrote: Gentlemen! I sorry to have started this Return Receipt storm. Chris Buechler complained to me in private and asked me to turn off RR when writing to this forum which I will of course do my outmost to remember in the future. I half expected a "read receipt

Re: [pfSense-discussion] CD-ROM + floppy

Paul M wrote: Chris Buechler wrote: DarkFoon wrote: Yes. just the config is kept on the floppy. This means that the RRD graphs don't save across reboots, right? And packages can't be installed. (well that's sort of obvious...) Correct o

Re: [pfSense-discussion] 2 WAN

Jose Augusto wrote: Look this http://pfsense.blogspot.com/2005/05/captive-portal-and-traffic-shaping-to.html That's outdated info. Traffic shaper does not work properly with more than two interfaces (LAN + WAN) in 1.2. That's already fixed in 1.3.

Re: [pfSense-discussion] CD-ROM + floppy

DarkFoon wrote: Yes. just the config is kept on the floppy. This means that the RRD graphs don't save across reboots, right? And packages can't be installed. (well that's sort of obvious...) Correct on both accounts.

Re: [pfSense-discussion] CD-ROM + floppy

DarkFoon wrote: Does pfSense 1.2 still support booting from CD-rom and storing the config (and possibly other data) on a floppy disk? Yes. just the config is kept on the floppy. USB flash drives are also supported, and recommended over floppies.

Re: [pfSense-discussion] 1.2RC5 or release

Ronald L. Rosson Jr. wrote: On Feb 11, 2008, at 1:08 PM, Scott Dale wrote: http://forum.pfsense.org/index.php/topic,7313.0/topicseen.html This brought back my dashboard without a re-install. Thanks, that's good to know. Those who use the dashboard on 1.2, keep in mind it's experimental a

Re: [pfSense-discussion] 1.2RC5 or release

Paul M wrote: Hi, given the a number of minor bug fixes, we will be seeing a 1.2RC5 variant sometime, or is the next step a full release? We'll probably skip RC5 as an official release even though the snapshots are labeled as such right now.

Re: [pfSense-discussion] bogons update issue

Jan Hoevers wrote: 2. On previous versions the bogons file was fetched from cymru.com, but on RC4 the script tries to get it from a pfSense server. The file is however missing on that pfSense server. I worked around this by copying the old cymru url back from RC3. Thanks for catching that, the

[pfSense-discussion] 1.2-RC4 released!

The pfSense development team is happy to bring you the final release candidate in the 1.2 series! Info here: http://blog.pfsense.org/?p=164

Re: [pfSense-discussion] HOW MUCH TRUST ON PFSENSE ?

Jure Pečar wrote: Since everyone is just singing praises, I'll add some things to look for ;) Besides running it at home we run it on three production locations, which are two server rooms and one fast growing wireless lan. First bad expirience: it is really touchy about the quality of your c

Re: RES: [pfSense-discussion] Problems to use PPTP/GRE traffic to connect in a server - Please advice.

Luciano Areal wrote: Hi Bill! The pfSense box is in front of the PPTP server. In other ways, it will act as the main gateway, and the PPTP server will be on the LAN. Clients will access it from WAN, passing through the pfSense box. I just did what you said. Removed all rules from NAT and firewa

Re: [pfSense-discussion] multiwan ftp proxy

Robert Schwartz wrote: On 19 Nov 2007 13:25:31 -, "Scott Ullrich" <[EMAIL PROTECTED] > wrote: > What is the current status ? No work has been done on this as of since. Unfortunately it is not high on my list so if someone else wants to pick it up an

Re: [pfSense-discussion] 1.2-RC3 released!

Paul M wrote: meanwhile, I noticed many of the mirrors are not doing too well so I reported them some of the update mirrors are no good either.. in fact the downloads are pretty slow. The mirrors are all fine. Many only sync once a day, so as it says in the release announcement it will

[pfSense-discussion] 1.2-RC3 released!

http://blog.pfsense.org/?p=152

Re: [pfSense-discussion] IPsec tunnel to a transparent bridge

Eugen Leitl wrote: I used to have a nice pre-shared key IPsec tunnel between two m0n0walls/pfSenses, running in NAT. Worked very nicely. However, I now have a transparent bridge with a public /24 network, and whenever I activate the tunnel I no longer can ping any host on the network (the firewa

Re: [pfSense-discussion] Cacti Template

Ronald L. Rosson Jr. wrote: Has anyone come across or developed a template for pfsense firewalls to be polled by a Cacti server. Any information is helpful. haven't heard of any, it would be nice to see.

Re: [pfSense-discussion] Via LAN drivers

Adam Van Ornum wrote: I've been looking into a Via C7 based system to run pfSense on and so far all of the systems seem to have either Realtek or Via based LAN chipsets. Several people have mentioned before that the Realtek chipsets are not very well supported at this time and I'm wondering h

Re: [pfSense-discussion] web interface gone after upgrade to 1.0.2

Daniele Guazzoni wrote: I just upgraded from 1.0.1 to 1.0.2 with pfSense-1.0.2-Full-Embedded-Update.tgz and although the firwall is functional I cannot access the webconfigurator. Any idea how to fix it ? There is no 1.0.2, so I'm not sure which version you're using, for embedded upgrades t

Re: [pfSense-discussion] commercial support

Eugen Leitl wrote: I see there's commercial support for pfSense, starting at about 300 EUR/year. Are there proper invoices for that? I can't tell. $300 USD actually. Yes, we can send you a proper invoice, or you can pay via credit card online and we'll send you the typical email receipt. E

Re: [pfSense-discussion] ALIX shipping soon

Eugen Leitl wrote: I see on http://pcengines.ch/order1.php?c=2 that ALIX (e.g. alix2c3) is ETA 20071020. http://blog.pfsense.org/ sez ... Anyone knows how well AMD Geode LX does accelerated IPsec on FreeBSD? As far as we know at this time, it's not yet supported.

Re: [pfSense-discussion] did something change in 1.2rc1?

Eugen Leitl wrote: The /etc/rc.filter_configure_sync ran a while, and exiting without throwing an error. I also don't recall any errors duing the firmware upgrade a while back (it remains at 1.2-RC1 because I've bricked an identical firewall when trying to upgrade from 1.2-RC1 to 1.2-RC2).

[pfSense-discussion] 1.2-RC2 released

http://pfsense.blogspot.com/2007/08/12-rc2.html Please test! This may be the last RC before 1.2 is released.

Re: [pfSense-discussion] SNAT / masquerading

Eugen Leitl wrote: I have a somewhat strange setup (thanks to our provider) which looks like this: LAN* -> bge0-> 192.168.0.1 WAN* -> bge1-> 10.0.2.6 OPT1(DMZ)-> vlan0 -> 62.245.148.129 Yes, the WAN is

Re: [pfSense-discussion] atmel avr port of pfsense?

Paul M wrote: http://www.linuxdevices.com/news/NS2837651365.html "32MB of SDRAM and 16MB of flash, expandable via an SD-card slot." aside from the fact that those two numbers alone mean it's far from compatible, it's not an x86 system, it's RISC. It won't run m0n0wall either.

Re: [pfSense-discussion] wiki signups

Paul M wrote: is there any chance of the wiki allowing signups again, or having a login created for me (mailme offlist pls) I'll send you an email in a minute. Anybody that wants an account is going to have to email me, way too few contributors and too many spammers to open registration ba

Re: [pfSense-discussion] Start other processes inside pfSense?

Roland Giesler wrote: Is it possible to start a VMware or Xen client inside pfSense? no. VMware doesn't support FreeBSD as a host, and Xen is still questionable on FreeBSD I believe.

Re: [pfSense-discussion] drawing network diagrams

On Wed, 2007-07-11 at 13:18 +0200, Eugen Leitl wrote: > I've got my pfSense/VLAN setup on SunFire X2100 M2 (with 2 Broadcom > interfaces) > working (with massive help from a network guru), and will document and post > it at some point. > > I need to document my other network as well -- which (pre

Re: [pfSense-discussion] network layout

Bill Marquette wrote: Low end switches have a tendency to not have enough ram or cpu to handle a high volume mac spoofing attack and will usually end up turning into a hub under this kind of attack, rendering your vlans useless. Any switch's CAM table can be overflowed by directly connected us

Re: [pfSense-discussion] MiniUPnPd security risks

DarkFoon wrote: I'm considering installing the UPnP daemon on some home/home office boxes, and I'm curious what the security issues are. From my own (simple) analysis, the worst that could happen is a malicious application could ask for many, many (almost all?) of the ports above 1024 to be rou

Re: [pfSense-discussion] IDS yet?

Scott Ullrich wrote: It is a delayed IDS. Generally an IPS hooks into the network stack directly and does not allow the traffic to pass through until its scanned. And generally you probably aren't going to want to hook snort into your network stack like that, because of the limitations of PC

Re: [pfSense-discussion] Problem with ipsec

Carlos Julio Sánchez [ACC-SIS] wrote: If i dont have remote subnet but in the pfsense i must to write something in the textbox REMOTE SUBNET in the configuration of ipsec vpn. If you're doing a site to site VPN, you *have* to have a remote subnet. It's the network on the other end that you

[pfSense-discussion] Second Annual pfSense Hackathon - Call for Donations

http://pfsense.blogspot.com/2006/07/second-annual-pfsense-hackathon-call.html

Re: [pfSense-discussion] P2P Blocker

Matthew Lenz wrote: Doesn't just about all P2P require some kind of port redirection or UPnP on the firewall to allow any kind of uploading to occur? No, almost all don't. Actually I can't think of any offhand that require ports opened inbound. Even BitTorrent, which likes to have open p

Re: [pfSense-discussion] VPN howto?

Terri Zahniser wrote: Thanks for the link. After reading it and setting up the PPTP VPN again I was still not able to get it to work. Define "doesn't work". With "doesn't work", the best we can offer is "you configured it wrong". With some details on what's going on, what you have configur

Re: [pfSense-discussion] No altq support on linitx.com appliances? Also, plug for packaging on embedded version.

Rainer Duffner wrote: I think the latest-generation RealTek's are not that bad - I may be wrong, because I avoid them like the plague myself, but ISTR having read somewhere that the latest generation is somehow better than the the 1st generation (on which the comment in the source is really ta

Re: [pfSense-discussion] Nokia IP330

Holger Bauer wrote: http://forum.pfsense.org/index.php?topic=603.0 cool, I missed that thread. I'll have to give my IP110 another shot, maybe the FreeBSD issue was fixed. the 330's are quite a bit different though.

Re: [pfSense-discussion] Nokia IP330

Craig FALCONER wrote: Anyone in New Zealand want to acquire some Nokia IP 330 boxes? anyone know if the 330's run pfsense (or anything FreeBSD 5.x or 6.x?) The IP1xx's kernel panic at boot with 5.x or 6.x.

Re: [pfSense-discussion] pfSense themes and new Nifty update

analyzerx wrote: GPL allows you to modify the code... that's not the point. the point is the project is released under a BSD license, and GPL code can't be released under the BSD license. We do run some GPL licensed software, but nothing in the actual pfsense code base. Just unmodified ap

Re: [pfSense-discussion] throughput - cpu, bus

Greg Hennessy wrote: That's ~20 megabits/sec, not bad for an IP-120 given its horsepower Not for m0n0wall/FreeBSD 4.x. That box should be about the same speed as a Soekris 4801 or WRAP, either of which will hit ~40-45 Mbps. If this were pfsense/FreeBSD 6.x, I would say ~20 Mbps is low,

Re: [pfSense-discussion] pfSense merge with freebsd?

DarkFoon wrote: What about that jumpering thing, though? I've never done it, but I believe that hard codes the drive's limit to some fixed number, and I don't know that software can work around that fixed number. Regardless, the chance of actually using 300 GB on a machine that old is esse

[pfSense-discussion] pfSense Beta 2 released!

pfSense Beta 2 was released to the mirrors last night, and is currently available for download. Scott will be posting the change log and other related information on the release on our blog some time today. He tried last night, but blogger was down. Please watch http://pfsense.blogspot.com f

Re: [pfSense-discussion] pfsense on VMware ESX Server

Bill Marquette wrote: Arrghh, they just added it back in 2.5. We've got a sizeable contract with VMWare and a much more sizable contract with their parent company EMC. I'll see if I can't get someone to send a few complaint emails around. yep, they've removed and added it back based on cus

Re: [pfSense-discussion] pfsense on VMware ESX Server

Dave C. Arthur wrote: The system boots and runs. However when I try to install the system to the virtual HD, I receive a response that no HDD can be found (using the LSI controller). Any ideas on how to get the controller recognized? You can't. FreeBSD 6 (and hence pfsense) is not supporte

Re: [pfSense-discussion] Timed Rules?

Bill Marquette wrote: If you read the OpenBSD lists, that will never be a feature in pf since you can "easily" implement it with tables or anchors and cron. We'll have to do this ourselves. Waiting on pf to support this means it'll never happen. ah, thanks Bill. I believe when Scott and

Re: [pfSense-discussion] Timed Rules?

DarkFoon wrote: I did not notice an option in PfSense that allows a user to set a rule for certain time periods. Is there any plans for this later on, or experimental versions with it now? The plan (last I talked to Scott about it, though that was a while back) is that pf is supposed to hav

Re: [pfSense-discussion] Benchmarks (was Re: Clients... ugh)

Jim Thompson wrote: Chris Buechler wrote: Alex DiMarco wrote: Does anyone have benchmarks on the WRAP running fpsense? about 25 Mb is the most you can expect. I wouldn't use one if you need constant throughput of over 15 Mb for extended periods. I assume this is Ethernet<-&

Re: [pfSense-discussion] Benchmarks (was Re: Clients... ugh)

Alex DiMarco wrote: Does anyone have benchmarks on the WRAP running fpsense? about 25 Mb is the most you can expect. I wouldn't use one if you need constant throughput of over 15 Mb for extended periods.

Re: [pfSense-discussion] New to project, have some ideas

Jan-Patrick Perisse wrote: I want to use pfsense on my future projects, but I really need it to do content filtering. I know content filtering should be done at another server, but sometimes the budget doesn't help... And I want pfsense embedded version for that, in order to get less maintenan

Re: [pfSense-discussion] access NATed services by the public IP address from LAN review

Bill Marquette wrote: Someone hasn't done their research. This has been answered in the ML, the forum, the FAQ, AND the blog. *AND* today on the m0n0wall list, where he originally sent this message, and got my answer 8 minutes before sending the message again to this list.

Re: [pfSense-discussion] LAN issue

[EMAIL PROTECTED] wrote: I am missing something critical and I can't seem to find what the problems is. I have a server on the LAN that acts as my webserver/mailserver. I have an alias defined for this host that is aliases to one of my static IP address on the WAN side. Although I can ping the

Re: [pfSense-discussion] Unfork m0n0wall

Bennett wrote: This answers one of my biggest questions about the fork. I've been fixated on the package system (though my previous mention of it was brief), thinking it was a solution for both projects. I had envisioned moving everything that isn't a core feature into an optional module. Inst

Re: [pfSense-discussion] Newbie Q: security of php on perimeter firewall

Sanjay Arora wrote: Hi all Just joined the list. Am mostly using IPcop & other Linux flavours for perimeter firewalling. Needed ISP WAN-link balancing & failover, hence my search for a new option. Also have started experimenting with freebsd, so choice was limited to either freebsd or linux. H

Re: [pfSense-discussion] Unfork m0n0wall

Colin Smith wrote: Also, it is my understanding that Scott and Chris originally forked because of Manuel's (obvious) resistance to taking his project in an entirely new direction. Few if any bridges were burned. It most certainly was not an 'ego thing'. I won't bother responding to most

Re: [pfSense-discussion] Adding wireless to my WRAP

Bill Plein wrote: Thanks for the info. It's helpful to see the one-stop-shopping links and know they are supposed to work with my hardware. Jim and Netgate are major supporters of this project as well. And I've been a happy repeat Netgate customer long before that. I'd strongly recommen

Re: [pfSense-discussion] CF Card Size

Mojo Jojo wrote: Hmm.. OK, I just ripped out the 128mb thinking it was bad to use the minimum recommended in a production system. 128 is fine. if we make changes in the future where you can add things to the CF, that might change. I wouldn't expect it to change much though, and 128 lea

Re: [pfSense-discussion] Benefits of a hard disk install?

Mojo Jojo wrote: I just bought a WRAP for testing and I am waiting for it to arrive. Can someone tell me the benefits of having a hard drive install inside a beefier PC over a slimmed down install in a WRAP type device? PC gives you more power and flexibility. WRAP is a more reliable pie

Re: [pfSense-discussion] block vs reject?

Matthew Lenz wrote: so its safe to assume that internet -> WAN stuff should be blocked. but for internal access between my LAN/OPT interfaces and outbound WAN i can use reject and it wouldn't be considered bad form? Under most circumstances, yes, that's correct.

Re: [pfSense-discussion] block vs reject?

A Rossi wrote: I've narrowed it down to 2 possible sites: http://www.auditmypc.com/ and https://www.grc.com/x/ne.dll?bh0bkyd2 neither gave me anything out of the ordinary behind m0n0wall or pfsense. first one found my private IP address **GASP** Oh no!;) -cmb

Re: [pfSense-discussion] What about a Ramdisk?

Chris Buechler wrote: A Rossi wrote: Is viral content more likely to be transmitted via http, as opposed to the other protocols? Should be, since you should employ egress filtering to let out nothing but HTTP and HTTPS from your LAN clients, if you even allow that much. In a corporate

Re: [pfSense-discussion] What about a Ramdisk?

A Rossi wrote: Is viral content more likely to be transmitted via http, as opposed to the other protocols? Should be, since you should employ egress filtering to let out nothing but HTTP and HTTPS from your LAN clients, if you even allow that much. In a corporate environment, at least. I d

Re: [pfSense-discussion] block vs reject?

never heard of any tests trying for that. maybe your ISP dropping some ports (135-139, 445, etc. are common) and rejecting them and it saw the unreachables as you connecting back? Hard telling, sounds like a buggy testing tool to me though. if you can recall what site it is, I'll check it ou

Re: [pfSense-discussion] block vs reject?

Matthew Lenz wrote: Just had a situation where a backend job was hanging because it couldn't get to an ip. the tcp connect just kinda hung and this particular software module had a really long timeout set. Is there a reason why for example there is a global block in pfsense as opposed to a glo

Re: [pfSense-discussion] Payload inspection

A Rossi wrote: Would it be feasible to add payload inspection to pfSense after its first release? depends on what you mean by "payload inspection". There are as many definitions of "deep inspection", "payload inspection", etc. as there are marketing departments at firewall companies. I

Re: [pfSense-discussion] Optional NIC

Greg Huggins wrote: I am currently using IPCOP and have the RED – Wan, GREEN – Lan and BLUE – Wireless concept in my mind for referring to the various NICS. In my current IPCOP configuration I have my wireless AP and other computers hooked to the BLUE NIC and these computers cannot see the GR

Re: [pfSense-discussion] Question about inbound nat and rules?

Dan Swartzendruber wrote: I have an inbound ssh tunnel to a host on the LAN. Because of an outbound port restriction at another site, I have a duplicate ssh tunnel mapped from 443 (https) to 22 (ssh). Both tunnels were created with "auto-add a firewall rule..." Everything works fine. I w

Re: [pfSense-discussion] IPv6 support on pfSense

On 8/31/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > From my experience the US Government does very poorly about dictating > emerging standards. > yeah, not to mention I'd bet the chances of this actually happening on time at every agency are about one in a trillion. We could list thousands

Re: [pfSense-discussion] IPv6 support on pfSense

On 8/31/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > > No guarantees it'll make the next release. We've got a lot of > infrastructure to fix up post 1.x and rule management for IPv6 just makes me > shudder. My bet is real IPv6 support will slip until 3.0 (w/out someone > coming on board spe

Re: [pfSense-discussion] wan interface failed causing carp failover

On 8/26/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > The watchdog (atleast thats what > the system log called it) on my WAN interface reset the WAN interface (any > idea why that would have happened?) various reasons. I have some Broadcom gig NIC's (bge) onboard on Dell 2550 servers that like t

Re: [pfSense-discussion] NAT-T

On 8/25/05, Homero Thomsom <[EMAIL PROTECTED]> wrote: > I have understood that Nat-t works encapsulating the > protocols (AH or ESP) within a UDP datagram. It is > not thus? > actually, yeah, it is only UDP 500 and 4500. But you can't define what ports it uses, so since you say you only have on

Re: [pfSense-discussion] Start Squid despite DNS check fails

On 8/25/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > Done! Uninstall squid and reinstall for the change to take effect or run: > "or run"... must be a scary problem. ;) -cmb

Re: [pfSense-discussion] NAT-T

On 8/25/05, Homero Thomsom <[EMAIL PROTECTED]> wrote: > > At the moment, the firewall rules are changed and it > blocks all the ports except MSN Messenger Port (I > don't remember the port number). > I try to NAT the PPTP connection Port to the "PPTP > Server" (Windows 2000) but is imposible to for

Re: [pfSense-discussion] SNMP info

On 8/18/05, Kim C. Callis <[EMAIL PROTECTED]> wrote: > How does one ascertain that OID for the interfaces on a pfsense box. I > need to display some graphs to the powers that be, but the monitoring > packages wants the OID. I know what it is, but I have to make use of > that before.. > They're st

Re: [pfSense-discussion] VIA/ACE PadLock integration with crypto(9) on FreeBSD

old newswe've had this for days already. ;) I don't know how well it's working just yet (we're testing it) but it's in there. On 8/15/05, sai <[EMAIL PROTECTED]> wrote: > http://www.bsdforums.org/forums/showthread.php?t=33642 >

Re: [pfSense-discussion] iperf

On 8/12/05, Matthew Lenz <[EMAIL PROTECTED]> wrote: > What are some good command line settings to get an idea of what kind of > throughput pfsense has? currently I'm just doing: > > host1: iperf -c host2 > host2: iperf -s > That's what I typically do. That's a good indicator of the maximum sin

Re: [pfSense-discussion] Re: Openvpn v2

On 8/12/05, Rui Correia <[EMAIL PROTECTED]> wrote: > > Hmmm. > Do we know who submitted the php code, then? > The same way I sent an email to Mr. James, I will send an email to that other > person. > I believe Scott has tried numerous times, but you're welcome to! Peter Curran <[EMAIL PROTECTED]

Re: [pfSense-discussion] Re: Openvpn v2

On 8/11/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > I spoke too soon. OpenVPN is not the problem itself, its the GUI + > Backend PHP code in pfSense. > Right, the author he was speaking of that hasn't sent patches is the author of the GUI and backend PHP code in m0n0wall, not the author of

Re: [pfSense-discussion] VPN failover add-on

On 8/8/05, Eric m <[EMAIL PROTECTED]> wrote: > Hi guys! > > You are talking about load balancing in previous thread.. In the same way.. > > Another great and really interesting improvement you can probably made is a > kind of VPN (ipsec) failover.. > This already works fine with CARP, though i

Re: [pfSense-discussion] Openvpn v2

On 8/4/05, Fernando Costa <[EMAIL PROTECTED]> wrote: > > Searching for that, I found pfSense project, which seens to be more > complete and updated. Wondering, does pfSense comes with openvpn > version2 (coulden´t find that out in the site). Doesn't come with any OpenVPN right now. It broke man

Re: [pfSense-discussion] Re: Need everyones help!

On 7/30/05, sai <[EMAIL PROTECTED]> wrote: > new releases come so fast that its not surprising that some mirrors > are behind - I see 2 releases for today ! wow ! > yeah the mirrors all get updated hourly, though not all at the same time so the main site doesn't get hammered with rsync at the be

Re: [pfSense-discussion] A few questions

On 7/27/05, Randy B <[EMAIL PROTECTED]> wrote: > > > I'm not certain I understand what you're talking about - the only > load-balancing I can find described for CARP (net.inet.carp.arpbalance) > only does incoming load-balancing at L2; that's according to the latest > OpenBSD carp(4) man page I can

<    1   2   3   >