[pfSense-discussion] squid update

2005-09-06 Thread Dan Swartzendruber 


Haven't seen much (if anything) about squid lately.  Just wanted to 
post a bit of good news.  I've been running it for 2-3 weeks now with 
no issues.

Re: [pfSense-discussion] Won't boot

2005-09-30 Thread Dan Swartzendruber 

At 03:52 PM 9/30/2005, you wrote:

Oh my...this machine was re-tasked yesterday...

I am planning on doing the same thing on my fwl at home...if I have 
the same issues then I will definitely get all of this information.


One thing worth mentioning is there was a difficulty with the BIOS 
settings on this machine.  For some reason it was not setting the 
bios settings to LBA...but to CHS by default.  It's a 40GB drive, so 
I don't see why it would not detect LBA by default...anyhow, when 
reinstalling FBSD 5.4 on this box I had similar difficulties with it 
as I did with pfsense.  I went into the BIOS and set the mode to LBA 
manually and my issues went away...not sure if it applies here, but 
perhaps this is a faulty/buggy bios...?


I was wondering that, myself.

Re: [pfSense-discussion] problem with vlans

2005-10-05 Thread Dan Swartzendruber 

At 04:38 PM 10/5/2005, you wrote:

I'm running 0.86 on a generic pc with 3 x dual FE cards. Similar errors with
0.85.2 as well.

When I configure vlans, I get the following errors :

ifconfig: interface vlan0 does not exist ifconfig: interface vlan0 does not
exist
ifconfig: interface vlan1 does not exist ifconfig: interface vlan1 does not
exist

The vlans I defined are numbered 20 and 30.


can you post the results of 'ifconfig -a'?

Re: [pfSense-discussion] problem with vlans - with correct ifconfig -a

2005-10-05 Thread Dan Swartzendruber 


the vlan0 and vlan1 interfaces don't have IP 
addresses, but the physical interface (fxp1) 
does.  Mixing and matching real interfaces and 
vlan interfaces doesn't seem right...


At 05:06 PM 10/5/2005, you wrote:

This looks good.  Are you still reaching errors?

Scott


On 10/5/05, Chun Wong [EMAIL PROTECTED] wrote:
 Sorry guys,
 In my haste, I did the ifconfig -a after I had restored the previous good
 config - doh!

 fxp1 is my dmz which I would like to vlan into different subnets
 fxp0 is my wan
 fxp2 is my lan
 fxp3 is my lan 2
 tl0 is for my wlan subnet
 tl1 is spare

 This is the correct one :

 login as: admin
 Using keyboard-interactive authentication.
 Password:

 *** This is pfSense version 0.86 - pfSense ***

 LAN   -   fxp2   -   192.168.199.254
 WAN   -   fxp0   -   dhcp
OPT1   -   fxp3   -   192.168.200.254(M_server)
OPT2   -   fxp1   -   172.100.100.254(FE_Server)
OPT3   -   tl0   -   (OPT3)
OPT4   -   tl1   -   (OPT4)
OPT5   -   vlan0   -   (OPT5)
OPT6   -   vlan1   -   (OPT6)

  pfSense console setup
 ***
  0)  Logout (SSH only)
  1)  Assign Interfaces
  2)  Set LAN IP address
  3)  Reset webGUI password
  4)  Reset to factory defaults
  5)  Reboot system
  6)  Halt system
  7)  Ping host
  8)  Shell
  9)  PFtop
 10)  Traffic Logs

 Enter an option: 8

 # ifconfig -a
 tl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
 ether 00:80:5f:a7:83:4d
 media: Ethernet autoselect (none)
 status: no carrier
 tl1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
 ether 00:80:5f:a7:83:cd
 media: Ethernet autoselect (none)
 status: no carrier
 fxp0: flags=9943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST mtu
 1500
 options=8VLAN_MTU
 inet6 fe80::250:8bff:fe68:8972%fxp0 prefixlen 64 scopeid 0x3
 inet 82.4.0.0 netmask 0xff00 broadcast 255.255.255.255
 ether 00:50:8b:68:89:72
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 fxp1: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500
 options=8VLAN_MTU
 inet6 fe80::250:8bff:fe68:8973%fxp1 prefixlen 64 scopeid 0x4
 inet 172.100.100.254 netmask 0xff00 broadcast 172.100.100.255
 ether 00:50:8b:68:89:73
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 fxp2: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500
 options=8VLAN_MTU
 inet 192.168.199.254 netmask 0xff00 broadcast 192.168.199.255
 inet6 fe80::208:2ff:fede:cec4%fxp2 prefixlen 64 scopeid 0x5
 ether 00:08:02:de:ce:c4
 media: Ethernet autoselect (100baseTX)
 status: active
 fxp3: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500
 options=8VLAN_MTU
 inet 192.168.200.254 netmask 0xff00 broadcast 192.168.200.255
 inet6 fe80::208:2ff:fede:cec5%fxp3 prefixlen 64 scopeid 0x6
 ether 00:08:02:de:ce:c5
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 plip0: flags=108810POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT mtu 1500
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
 inet 127.0.0.1 netmask 0xff00
 inet6 ::1 prefixlen 128
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33208
 pfsync0: flags=41UP,RUNNING mtu 2020
 pfsync: syncdev: lo0 maxupd: 128
 vlan0: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 ether 00:50:8b:68:89:73
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 vlan: 20 parent interface: fxp1
 vlan1: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 ether 00:50:8b:68:89:73
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 vlan: 30 parent interface: fxp1
 #

  --- Ursprüngliche Nachricht ---
  Von: Scott Ullrich [EMAIL PROTECTED]
  An: discussion@pfsense.com
  Betreff: Re: [pfSense-discussion] problem with vlans
  Datum: Wed, 5 Oct 2005 16:51:40 -0400
 
  Yes, please make sure they are assigned correctly.  If they are let me
  know and I'll dive into the code.
 
  Scott
 
 
  On 10/5/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
  
   if you did create the vlans, you don't seem to have assigned them as
   interfaces.  e.g. when you are in the console menu and see option #1
   (assign interfaces), you want to assign vlan0 and/or vlan1 as LAN, or
   OPT or whatever.  as is, you have the IP addresses assigned to the
   real interfaces.
  
   At 04:47 PM 10/5/2005, you wrote:
   # ifconfig -a
   tl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
ether 00:80:5f:a7:83:4d
media: Ethernet autoselect (none)
status: no carrier
   tl1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
ether 00:80:5f:a7:83:cd
media: Ethernet autoselect (none

Re: [pfSense-discussion] problem with vlans

2005-10-05 Thread Dan Swartzendruber 

At 05:30 PM 10/5/2005, you wrote:

Hmm, strange, no errors after I restored. I have gone on to set the ip
address of the vlans.

Dan, I have used virtual and physical interfaces on other firewalls (Nokia
running CP NG), I treat the physical as vlan 1.


this is not nokia :)  not saying it can't work, but i'm surprised if it does.

Re: [pfSense-discussion] bridging and traffic shaping

2005-10-26 Thread Dan Swartzendruber 

At 01:48 PM 10/26/2005, you wrote:

On 10/26/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
 Okay, glad to see I wasn't on drugs :)  So my idea of bridging OPT2
 (with my roommate's router behind it) with WAN should work then?  The
 ONLY thing I care about is his hogging the precious upstream BW :)

Should be somewhat effective with the caveat that we will NOT be
shaping his pr0n downloads, just the sharing of it with others ;)  I'm
really interested in feedback on that though.


LOL LOL.  no, he doesn't DL anything - he runs a website, ftp and 
http.  not that much activity, but when someone does pull a several 
MB file, my VOIP connections go in the toilet :(

RE: [pfSense-discussion] how do I not rdr with pfsense

2005-11-01 Thread Dan Swartzendruber 

At 04:33 PM 11/1/2005, you wrote:

Count me in on SNAT/DNAT. It has been used for a long time and I for one
think it's very descriptive and logical.


Seconded.

Re: [pfSense-discussion] Squid and traffic shaper

2005-11-17 Thread Dan Swartzendruber 


Only hack I can think of is to lie and tell the traffic shaper that 
your inbound pipe is 10mb (or whatever.)

RE: [pfSense-discussion] Squid and traffic shaper

2005-11-17 Thread Dan Swartzendruber 


Is it feasible to add a rdr rule to send outbound http traffic to 
another box on the lan?  I'd do that myself

Re: [pfSense-discussion] SVG for traffic graph?

2005-11-19 Thread Dan Swartzendruber 

At 05:24 PM 11/19/2005, you wrote:

Yep, known issue on m0n0wall and pfSense.  The author is rewriting the
SVG graph to make it work.  In the meantime grab the plugin that
allows you to switch between native svg and plugin from mozilla
extensions site.


thx!

Re: [pfSense-discussion] Newbie Q: security of php on perimeter firewall

2005-11-28 Thread Dan Swartzendruber 

At 07:32 PM 11/28/2005, you wrote:

Will pick up the thread again after evaluating myself.


Hmmm...  Psychiatrict problems?  :)