Re: [pfSense-discussion] Snmp monitoring
You can always check for the same two IP addresses that you load balancer does. - Original Message - Hi everyone! Is there any recommended way to monitor the Load Balancer status over snmp? I mean, I'd like to setup an alarm that would check over SNMP if one of the internet uplinks is down, or if one of the load balanced servers is unreacheable from the firewall. Thanks! - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org Blue Chip Technology Limited. Chowley Oak Lane, Tattenhall, Chester, Cheshire CH3 9EX Tel: 01829 772000 Registered in England 3110403 Vat No: GB 618 374134 - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] override routes on WAN
- Eugen Leitl eu...@leitl.org wrote: I'm attempting to simulate a production network 88.198.238.112/28 with gateway 88.198.238.113 on the OPT1 interface (set to 88.198.238.113) but I'm too dense to figure out how override the default route, which sends the packet to WAN. I obviously need to do something along the lines of route add -net 88.198.238.112/28 88.198.238.113 I'm not quite understanding but:- To route traffic you need distinct sub-nets. If you have the same subnet (or an overlap) on two interfaces of the pfsense box this is effectively an un-routable combination. Setting the gateway is something that happens on the client machine either by DHCP or manual settings carried out localy. The pfSense box will have a default route to it's next hop/gateway. Are attempting to set the clinet routing or pfSense routing when you talk about route add -net 88.198.238.112/28 88.198.238.113? The production network and the test network need total isolation with their own routes to the internet in order to get the routing to work without a lot of hassle Rob Help? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org Blue Chip Technology Limited. Chowley Oak Lane, Tattenhall, Chester, Cheshire CH3 9EX - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] start on safe mode
Chris Buechler wrote: On Mon, Jan 19, 2009 at 3:18 AM, Zied Fakhfakh zyd...@gnet.tn wrote: Hi, I need to start pfSense, always on SAFE MODE, can someone point me to a good documentation ? What do you mean by safe mode? Zydoon wrote: when I start pfSense normally it hangs somewhere at a line like this: ehci0 but when I choose the 3rd option: Safe Mode, it starts fine, so how do I make always choose the 3 option, not the first. kind regards, Zydoon. Robert Wrote: This is the default FreeBSD boot loader settings see the freeBSD docs Rob --- Blue Chip Technology Limited. Chowley Oak Lane, Tattenhall, Chester, Cheshire CH3 9EX Tel: 01829 772000 Registered in England 3110403 Vat No: GB 618 374134 Blue Chip Technology Ltd. employees are not authorised to offer or accept contractual terms by email unless they are in the form of an attached PDF document in the correct company format in accordance with their job role by provision of an authorised signature. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: Re[2]: [pfSense-discussion] Multiple IP on WAN
I'm not quite clear, is this what you are looking for Give the WAN the public IP address you want for LAN access Give the LAN NIC the 10.0.0.1 IP address Set up DHCP Use DHCP to give static IP addresses to machine you want to be addresses from the WAN Create a number of vlans with your additional public IP addresses on the WAN. 1:1 mapp from the vlans on the external interface to the required an internal machines or port foward for the sevices you want to expose on each machine from the appropreate vlan --Robert Hiya, nope didn't work.. (Im using RC2) Basically here is my setup. 8 public ips from my isp. I share my home internet with 10.0.0.0/8 range and some of these public ips on other machines. I would like the router to have 10.0.0.1 and my-public-ip-1 Then my other workstations/servers that have real public ips use my-public-ip-1 as the default gateway and use their own public ips ok Then workstations without real public ips, then they just route using the 10.0.0 range and use the public ip on that router. I've tried no end of combinations to get it working. The virtual ips dont work properly (ie.. cannot ping that ip).. The only thing I can do is assign virtual ip and do advanced outbound nat for vhosts. You know the WAN interface? I would like to have multiple ips there. ** exactly like ifconfig and adding an alias. The only ways I can see on pfsense is 1) do the alias manually in shell or 2) add another NIC. But the NIC would cause a loop in the network. :( Thanks, Chris ===8==Original message text=== You can add additional IPs at firewallVirtual IP. After you added them there you can use these for NAT. Make sure you add appropriate firewallrules for this additional traffic (let them autocreate when using protforwarding, it sets up the right rules for you). Holger -Original Message- From: Robert Mortimer [mailto:[EMAIL PROTECTED] Sent: Friday, August 18, 2006 10:55 PM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] Multiple IP on WAN Try Interfaces Assign VLAN I think this is what you want ---Robert - Original Message - From: Chris Noble [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Friday, August 18, 2006 7:27 PM Subject: [pfSense-discussion] Multiple IP on WAN Hi there, I have 8 ips with my isp and would like to use PPPoE on my linksys router.. I can do this but for 1 ip. Is there anywhere that I can set a local ip eg 10.0.0.1/8 and then my isp ip range which is say 123.123.123.1/29. One IP is a dedicated router IP and I would like that ip on the pfsense router. It can be done manually if I ssh into the machine, but cannot find anywhere to add another ip to the WAN interface. I hope I explained it clearly. Any ideas? Many thanks, Chris ===8===End of original message text===
RE: [pfSense-discussion] Limiting access through table virusprot
Am Mittwoch, den 26.07.2006, 18:38 -0700 schrieb krt: You can do a connection limit on a rule with a specific proto/port, i.e. simultaneous client connection limit/max state entries per host/max new connections per second. Yes I know that already. Take a look at the created rulebase and you'll notice, that every attempt to connect to any service from the blocked IP address (blocked because of the connection limit) will be blocked by pfSense. What I suggested was to block only connection attempts to the service that caused the blocking (just like netfilter does), not to all services or every hosts behind pfSense at all. Bill has implemented tables, so this might be a reasonable way to go. BR, PIT As a lot of viruses try to send email I have blocked outbound SMTP from all machines but those on my mailserver list. I have been thinking for some time that I should look at twist or similar to report blocked mail sending attempts. I would also like to block the offending machine entirely from the outside world and redirect HTTP to a Get help page. Another alarm bell would be machines looking for MS-SQL servers Is this the sort of thing that would be useful? -- - copyleft(c) by | /* * Buddy system. Hairy. You really aren't Peter Allgeyer | _-_ expected to understand this * */ -- | 0(o_o)0 From /usr/src/linux/mm/page_alloc.cA ---oOO--(_)--OOo-- -