Eugen Leitl wrote:
> Thanks. It's a Netgear, so I might be in luck.
if you REALLY must do it, consider reducing MTU?
-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pf
Scott Ullrich wrote:
> On 4/14/08, Scott Ullrich <[EMAIL PROTECTED]> wrote:
>> I have commited some code to help with this:
>>
>> http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup
>
> Woops, wrong URL:
> http://cvs.pfs
RB wrote:
> I've had a request to increase logging duration on systems that have
> no access to an external syslog server, so am making the necessary
> changes to maintain much larger ring-log files. Incredibly larger -
what we've done is to make a few tweaks and install syslog-ng
1/ change
Tortise wrote:
> kernel: arp: unknown hardware address format (0x)
> kernel: arp: unknown hardware address format (0xdd1f)
> kernel: arp: 192.168.0.7 is on em1 but got reply from 00:00:cd:1c:14:1a on em0
> kernel: arp: 192.168.0.7 is on em1 but got reply from 00:09:bf:55:71:b0 on em0
could it
Curtis LaMasters wrote:
> will still help. Are there any SPAM/eMail filtering devoted projects
having been down this path at a company where we had 200,000 emails a
day of which 98% were spam, we gave in and used postini. the relative
cost of server hardware and the labour to manage them simply m
Jan Hoevers wrote:
> While not unwilling to donate to projects, this bounty thing is not for
> me because of a strict open source policy.
you could always buy a support contract, which is entirely different
from buying proprietary software.
sorry, but I think your understanding of OSS is flawed.
Jiri Mlady wrote:
> I've installed this package on my 1.2pfsense, the service siproxd is
> started, but in the services is stopped. Which way have i look plese? 2nd.
> Qustion, is this proxy transparent or do I need set on all SIPaware device
> this proxy on my pfSense (if will work ad1) :-)
just
Scott Ullrich wrote:
>> or, perhaps, should pfsense.org website keep a mirror for this purpose?
>
> We are working on it: http://blog.pfsense.org/?p=179
freebsd is nice in that the paths to the files are the same on each
mirror, so hacking the hosts file made it work with no changes; the
equiva
Hi,
I was looking for the syslog-ng package to install on my pfsense boxes,
and discovered that the main freebsd site no longer has the ports for
that release - only 6.3.
I found the ftp.de.freebsd.org site still had it, so I did an evil hack
to the hosts file thus:
213.83.42.56ftp.freebsd.org
Eugen Leitl wrote:
> On Thu, Mar 06, 2008 at 02:53:19PM +0000, Paul M wrote:
>> RB wrote:
>>> Bwa ha ha! Delicious, delicious irony! I knew it was inevitable
>>> since Ryan had to read the thread at least once more before fixing
>>> things, but it was worth i
RB wrote:
> Bwa ha ha! Delicious, delicious irony! I knew it was inevitable
> since Ryan had to read the thread at least once more before fixing
> things, but it was worth it to see this one come in.
has he fixed things?
>
> On 3/6/08, Ryan Neily <[EMAIL PROTECTED]> wrote:
>> Return Receipt
>>
RB wrote:
> No, really - I asked you once in private, now I ask you again in
I too have asked him privately. I suspect he's using Lotus Notes or
something equally horrible which cannot be configured sanely!
Can the list admin get the mail system changed to strip the recipient
request headers out?
Jose Augusto wrote:
> Hi,
> How pfsense work, begin with all ports closed? And then i open the
> necessary ports?
by default closed.
however, whatever rule set you choose to implement it, you should
a/ understand how to test it
b/ test it regularly
any security product, no matter how good, whic
Fabio C Flores wrote:
> I wonder if its possible to force OpenVPN client to use my carp IP
> address as the source address when connecting. I have a
yes, in the NAT rules turn off auto outbound, and add a specific rule
for a host to be natted outbound to the specific CARP IP.
has anyone tried installing freebsd/pfSense on an AppleTV? you'd need a
vlan-aware switch to expand the number of network ports, but it's
compact, low power, commodity hardware... in the meanwhile I've asked
http://www.appletvhacks.net/
Chris Buechler wrote:
> DarkFoon wrote:
>>> Yes. just the config is kept on the floppy.
>>>
>>
>> This means that the RRD graphs don't save across reboots, right?
>> And packages can't be installed. (well that's sort of obvious...)
>>
>
> Correct on both accounts.
is there any reason why
scenario: two machines, on (A) 10.x.x.11 and (B) 10.x.x.12 run web
servers on port 1024 which are made available to the world via public IP
on port 80 by a pfsense firewall (F) (1.2RC4) running a load balancer.
the internal IP of the firewall is 10.x.x.254.
an application which runs on the 10.x.x
Hi,
given the a number of minor bug fixes, we will be seeing a 1.2RC5
variant sometime, or is the next step a full release?
thanks
Paul
I came across this, an interesting idea for improving throughput, works
on openBSD, wondering if it can be done on pfsense/freebsd?
http://www.benzedrine.cx/ackpri.html
thanks
Jan Hoevers wrote:
> I'm running the embedded version of pfSense on a Soekris 4801.
>
> 1. The script starts with sleeping a random interval. This caused it to
> abort with a 'od: command not found' message. Apparently the od command
> is missing on the embedded platform, and I worked around this
Ronald L. Rosson Jr. wrote:
>> On my linux box, I can set my resolv.conf to the office's resolver (we
>> have internal DNS which points everything to rfc1918 addresses) and it
>> all works just fine!
>> On OSX boxes, I can change resolv.conf but it doesn't seem to take
>> effect :-(
> I have found
one last thing, has anyone made the openvpn client automatically fix the
DNS resolver settings on the client?
I can't get this to work :-(
so people working from home have to know IP addresses
On my linux box, I can set my resolv.conf to the office's resolver (we
have internal DNS which points
Paul M wrote:
>> I am using the OpenVPN GUI v1.0.3 from the link below and I have also
I checked my colleague's version and he was running the older "stable"
release, got him to upgrade and also got openvpn to delete and re-add
the tunnel interface, and it now works (not sur
Curtis LaMasters wrote:
> Paul,
>
> I am using the OpenVPN GUI v1.0.3 from the link below and I have also
> included a copy of my client side configuration file on the Vista laptop.
OK, well, I (reluctantly) booted up vista on my computer which didn't
have OV installed so that I could do it from
Curtis LaMasters wrote:
> Paul,
>
> Sorry to keep nagging on this one, but, are you using the OpenVPN gui or
no, I'm very glad to have your help.
> the normal version? And what version of the software are you using?
my colleague is using the openvpngui as downloaded from
http://openvpn.se/ whi
Curtis LaMasters wrote:
> Paul, are you using Vista UAC? Logged in as a super user? Pushed down
> full control security permissions on the entire OpenVPN directory for
> the user you are logged in as?
er, yes, UAC was enabled so I did run-as-admin the openvpngui
when connected, the vpn gui raised
Curtis LaMasters wrote:
> Paul, for your vista clients, on the client side, you'll need to change
> the route method to exe. If you look at your logs more closely, you'll
> see that the route additions most likely are failing.
yes, I did try the route/exe method, sorry, I should have quoted the
Eugen Leitl wrote:
> What are the current recommendations for an easy/cheap/free VPN
> client which plays well with PfSense 1.2RC3? Something that
> works both with Vista and XP? Should I at all bother with
> IPsec, or just go OpenVPN? Should I just give my user a preconfigured
openvpn has been w
Bill Marquette wrote:
>> or others that could make use of mechanisms like dynamic allocation of port.
> That could cause you problems potentially. But would be no different
> in any other firewall that didn't already understand your protocol. I
> regularly force vendors to redesign their applicat
Paolo Gentili wrote:
> > your thoughts or experiences about how much trust can i have on pfsense
we've got seven boxes doing pfsense - three pairs of 1U servers as
firewall clusters protecting public facing web services, and one acting
as a VPN concentrator for "road warriors". we rely on carp a
jason whitt wrote:
> download iso burn to cd install set interfaces go to lan ip address
> login with default login admin/pfsense go from there.
I'd add, if you've got an existing network with its own DHCP server,
don't plug in the LAN port until you've fully installed pfsense and
disabled its DHC
Paul M wrote:
> David Bottrill wrote:
>> Paul M wrote:
>>
>>> p.s .any chance of an upgrade image for those of us who installed it on
>>> a regular x86 server?
>>>
>> Go to the downloads page an click on updates you need:
>
> d'oh, I wa
David Bottrill wrote:
> Paul M wrote:
>
>> p.s .any chance of an upgrade image for those of us who installed it on
>> a regular x86 server?
>>
> Go to the downloads page an click on updates you need:
d'oh, I was looking in the main download area. thanks.
meanwhil
Paul M wrote:
> Chris Buechler wrote:
>> http://blog.pfsense.org/?p=152
>>
>
> great work, thanks to everyone involved for making this really useful
> package.
p.s .any chance of an upgrade image for those of us who installed it on
a regular x86 server?
thanks
Chris Buechler wrote:
> http://blog.pfsense.org/?p=152
>
great work, thanks to everyone involved for making this really useful
package.
sai wrote:
> Realtek and Via ethernet interfaces are supported and are used by many
> on this list, but the hadware and the drivers are not as good as the
> Intel ethernet.
especially realtek's! We have a machine or two with realtek giga, and
they simply cannot achieve anything like theoretical ma
Ronald L. Rosson Jr. wrote:
> Has anyone come across or developed a template for pfsense firewalls to
> be polled by a Cacti server. Any information is helpful.
dunno about cacti, but I got munin (node) to work quite happily using
freebsd ports, so if there's a cacti in the freebsd port, you might
Being a n00b to freebsd, I needed step bt step instructions... everyone
here is probably way ahead of me, but just in case...
I found the following instructions worked perfectly for me to mirror the
disks on my firewalls:
http://www.onlamp.com/pub/a/bsd/2005/11/10/FreeBSD_Basics.html
I'm using
ryn jackson wrote:
> just wanted to know if there were any plans to implement an smtp proxy
> package that could do spam filtering and email greylisting/blacklisting. act
> as a tarpit etc.
>
> also possibly clamav as well?
>
could you not install these from freebsd ports?
Zied Fakhfakh wrote:
> Hello everybody,
>
> I'm just starting with pfSense, nd I have a couple of questions
>
> - is there any logout button from the web interface ?
it uses basic authentication, so you have to close browser (FYI, it's a
long running bug/issue with firefox/mozilla to be able to
Paul M wrote:
> Zied Fakhfakh wrote:
>> Hello everybody,
>>
>> I'm just starting with pfSense, nd I have a couple of questions
>>
>> - is there any logout button from the web interface ?
>
> it uses basic authentication, so you have to close browse
Eugen Leitl wrote:
> On Wed, Aug 29, 2007 at 02:33:45PM +0100, Paul M wrote:
>> Eugen Leitl wrote:
>>
>>> wan-pfsense-lan
>>> |
>>> switch1--diverse hosts
>>>
>>> what&
Eugen Leitl wrote:
> wan-pfsense-lan
> |
> switch1--diverse hosts
>
> what's interesting is that I have transient outages to *some* IPs
> (it could be just one IP, actually). I can still ping that IP locally
is your switch manageable
Eugen Leitl wrote:
> I was thinking a real 2.5" SSD would have a MTBF comparable to a
> real hard drive (SanDisk claims 2 Mh MTBF, can't find any such
> for Hama SSD, which is a bargain at about 100 EUR for 4 GByte,
> which probably already answers my question).
I think that "proper" ssd units de
Marius Schrecker wrote:
> Hi,
>
> I'm currently running 1.0.1 (developer) with the acx100 native driver
> from kewl.org which I compiled using the recommended patch. Works okay,
> but I remember it being quite a bit of work.
>
> What's the status on this driver in 1.2? Will it be built-in, or
http://www.linuxdevices.com/news/NS2837651365.html
"32MB of SDRAM and 16MB of flash, expandable via an SD-card slot."
is this a powerful enough board to run a minimal pfsense system?
I have found munin (http://munin.projects.linpro.no/) to be an excellent
server monitoring tool
Is anyone using it on pfsense?
I found that the freebsd how-to worked perfectly
http://www.freebsdmadeeasy.com/tutorials/web-server/monitoring-with-munin.php
it appears to hang after printing
I
Andrew C Burnette wrote:
> Paul M wrote:
>> I am using tested hardware: a single core2duo with 2GB memory on Tyan
>> motherboard with pairs of 250G sata (memo to self, discover how to do
>> mirroring).
> nice -n- peppy I bet.
it was actually one of the lowest spec mac
Chris Buechler wrote:
> I'll send you an email in a minute. Anybody that wants an account is
> going to have to email me, way too few contributors and too many
> spammers to open registration back up.
cheers!
> If you're seeing kernel panics "all the time", you have hardware issues.
> Or if you w
is there any chance of the wiki allowing signups again, or having a
login created for me (mailme offlist pls)
whilst the documentation on pfsense is quite good there's some useful
notes on it in the wiki which could do with some small updates
BTW, I am a newcomer to pfsense, tried the 1.2 first b
Title: Re: [pfSense-discussion] Re: Newbie Q: security of php on perimeter
firewall
Is there any way we can reboot the mail
server now? It is running at 100% cpu but they are services that should
normally be running…I think we need to shake it out.
Paul
From: Scott Ullri
51 matches
Mail list logo
