Re: [pfSense-discussion] High latency on downloads with shaping

2009-05-08 Thread Gary Buckmaster
No, and you should not be using pfSense 1.0.1. It's extremely out of date and contains many issues that were fixed over the past few years since its release. Joe Lagreca wrote: Why only on the download portion of the test and not the upload portion? If I switch to pfsense 1.0.1 can I avoid

Re: [pfSense-discussion] High latency on downloads with shaping

2009-05-08 Thread Gary Buckmaster
Turn off the shaper. Joe Lagreca wrote: The problem is the high latency is wreaking havoc with our VOIP PBX. I know pfSense can work with VOIP, as I have it working at other customer locations. What do you suggest as a work around to this problem? Joe LaGreca Founder Owner, BIG Net Online

Re: [pfSense-discussion] Configure squid in pfsense

2009-02-25 Thread Gary Buckmaster
Nguyen Minh Son wrote: I have a PC with pfsense was installed on it. I configured my firewall in transparent mode, add some rules and install bandwith to moniter the traffic in my network and all of it run okie. But, now I want to install squid in pfsense to minimize the traffic go out. The

Re: [pfSense-discussion] Load Balance Cannot Do Logins on forums , webmails , etc ,etc

2009-01-22 Thread Gary Buckmaster
John, You don't want to enable sticky connections for outbound load balancing. There have been reports of problems with this. Is the common denominator between all the sites you're having problems with the fact that they're SSL-protected sites? If so you do not want to load balanced SSL

Re: [pfSense-discussion] Load Balance Cannot Do Logins on forums , webmails , etc ,etc

2009-01-22 Thread Gary Buckmaster
Not totally true. It's broken for outbound, but for inbound sticky connections works fine. Chris Buechler wrote: On Thu, Jan 22, 2009 at 3:27 AM, John Dakos [ Enovation Technologies ] gda...@enovation.gr wrote: hi Ron and thanks for reply look , i turn ON the sticky connections and for

Re: [pfSense-discussion] diagnosing DoS

2008-11-07 Thread Gary Buckmaster
Eugen Leitl wrote: On Fri, Nov 07, 2008 at 08:15:36AM -0600, Phillip Gonzalez wrote: I've seen this happen with nmap decoy scans basically it's a syn flood. I have generated hundreds of thousands of states using this method. Thanks. I've set up state table size to 60 k and

Re: [pfSense-discussion] Setup advice wanted, devices for public library

2008-08-05 Thread Gary Buckmaster
This question comes up from time to time and is perpetually (and with great gusto) shot down. Running services such as Samba, ftpds, et al, on your firewall are not considered part of best security practices and are sternly advised against. A firewall should always serve as a stand-alone

Re: [pfSense-discussion] ftp not working

2008-07-01 Thread Gary Buckmaster
Mike is correct. The ftp helper application cannot, by itself, handle Multi-WAN. Some people have been successful with writing rules such as the one that Michael has demonstrated, however YMMV. Michael Snow wrote: Hi, I also had problems with FTP in a multi wan setting. I found a

Re: [pfSense-discussion] SPAM / eMail Filtering

2008-03-28 Thread Gary Buckmaster
Curtis LaMasters wrote: This probably is the right place to be asking this but hopefully someone will still help. Are there any SPAM/eMail filtering devoted projects like pfSense. I'm just trying to find an extremely cheap (hopefully free) alternative to a Barracuda for a small company.

[pfSense-discussion] 1.2 - Its official

2008-02-25 Thread Gary Buckmaster
For those of you who haven't been hitting reload on the blog page all day, pfSense 1.2 has been officially released. This effort is the culmination of a HUGE effort on behalf of the pfSense development community. Lots of excellent fixes have made it into pfSense 1.2 check out the blog

Re: [pfSense-discussion] How To Configure PFSense ?

2008-01-29 Thread Gary Buckmaster
John Dakos [ Enovation Technologies ] wrote: hello . im newbie on FreeBSD and i love this System. i want a proxy and bandwith limitter. someone tell me to try PFSense. i download PFSense and i install with 2 nics re0 = 10.200.1.30 / 24 Lan re1 = 10.200.1.40 / 24 Wan on all xp clients i

Re: [pfSense-discussion] lagg + carp: carp not sending multicast via lagg interface

2008-01-22 Thread Gary Buckmaster
LAGG isn't supported yet, which means that you're not going to get your question answered here. LAGG support will be coming with the 1.3 release, however, not with the 1.2 series, so this means it will also not be in any of the 1.2 release candidates. Fabio C Flores wrote: Hello there, I

Re: [pfSense-discussion] Embedded Images

2007-04-26 Thread Gary Buckmaster
jason whitt wrote: Would it ever be a consideration to make several different embedded images? For instance one for soekris, warp, and a generic image like what m0n0wall does? Or at least a generic pc image where vga and keyboard are enabled and that would boot on just generic pc hardware

Re: [pfSense-discussion] Benchmarking

2006-07-27 Thread Gary Buckmaster
DarkFoon wrote: One quick question: aliases are broken in 1.0 RC-1, right? Just checking. Thanks in advanced No, aliases are not broken.

Re: [pfSense-discussion] P2P Blocker

2006-06-06 Thread Gary Buckmaster
Rainer Duffner wrote: Some firewalls have everything but the kitchen sink (and I'm not sure if there aren't some who *do* have the kitchen sink...) cheers, Rainer Is there even a P2P blocking tool that's 1) effective 2) stable enough for a firewall and 3) not encumbered by some

Re: [pfSense-discussion] P2P Blocker

2006-06-06 Thread Gary Buckmaster
Kirk Ferguson wrote: On 6/6/06, Gary Buckmaster [EMAIL PROTECTED] wrote: Is there even a P2P blocking tool that's 1) effective 2) stable enough for a firewall and 3) not encumbered by some draconian license. If someone has a decent suggestion maybe a package can be made. How about

Re: [pfSense-discussion] No altq support on linitx.com appliances? Also, plug for packaging on embedded version.

2006-05-02 Thread Gary Buckmaster
You're assuming that IPCop's primary motivation is for supporting only the highest quality hardware, when in fact they have no such goals. They are supporting the most common hardware to make a very simple firewall package that even a mouthbreathing retard can figure out. Don't assume that

Re: [pfSense-discussion] No altq support on linitx.com appliances? Also, plug for packaging on embedded version.

2006-05-02 Thread Gary Buckmaster
the intelligence level of ipcop users :-) On 5/2/06, Gary Buckmaster [EMAIL PROTECTED] wrote: You're assuming that IPCop's primary motivation is for supporting only the highest quality hardware, when in fact they have no such goals. They are supporting the most common hardware to make a very simple firewall

RE: [pfSense-discussion] Re: Content Filtering

2005-10-26 Thread Gary Buckmaster
Chris, I'm looking at the web page for copfilter and it's a decent enough looking project, although it seems to be geared more towards virus and spam filtering for email, and virus filtering of http traffic. Is that an accurate statement? If so, it will not do the same job that

RE: [pfSense-discussion] Re: Content Filtering

2005-10-26 Thread Gary Buckmaster
reason to move away from clamav, but others may have different viewpoints. -Original Message- From: chris [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 26, 2005 12:24 PM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] Re: Content Filtering Gary Buckmaster wrote

RE: [pfSense-discussion] What about a Ramdisk?

2005-09-23 Thread Gary Buckmaster
What he's talking about is using Squid and a redirector to check inbound http traffic for viral content. This is a reasonably simple, very effective solution. Your idea of capturing every single packet, scanning it for viral content and sending it on its way is not only not feasible, its a

RE: [pfSense-discussion] HoneyD

2005-09-21 Thread Gary Buckmaster
Feel free to write a package for it. -Original Message- From: christiaan [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 5:27 AM To: discussion@pfsense.com Subject: [pfSense-discussion] HoneyD Hi Any plans for HoneyD in pfsense? Chris

RE: [pfSense-discussion] Payload inspection

2005-09-21 Thread Gary Buckmaster
As has been mentioned previously on this thread, this kind of "inspection" is simply a series of regex comparisons compared on the payload data. This can be a real performance hog atbest and extremely insecure at worst. Aside from a marketing bullet point, this isn't a terribly practical or

RE: [pfSense-discussion] GUI stopped but everything else continued

2005-09-15 Thread Gary Buckmaster
Scott, It might be useful to turn logging on for mini-httpd (even as an optional item) and of course to have an init script for instances like these. I've only had mini-httpd die on me once, but rebooting the machine in order to bring back the webGUI seems a lot like swatting mosquitos with

RE: [pfSense-discussion] Massive Boot delay during load

2005-09-14 Thread Gary Buckmaster
I have also seen this behavior on several different machines with no rhyme or reason to it. I have seen this issue in 0.82.4 as well as 0.84 (I don't remember off-hand if I saw it happening in a version previous to 0.82.4 or if so, what version it was). This issue does not appear to be

RE: [pfSense-discussion] authpf package

2005-09-07 Thread Gary Buckmaster
Dominic, The pfSense packages are very easy to build. You'll find enough to get you started in the Developer's Docs part of the website: http://www.pfsense.org/index.php?id=30 Best, Gary -Original Message- From: D.Pageau [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 07, 2005

RE: [pfSense-discussion] squid update

2005-09-06 Thread Gary Buckmaster
I'm trying to get an updated squid package out the door using a squid 3.0 release candidate. The new package will also be interfaceable in the webGUI. Unfortunately, I don't have a projected release date for this. I'm hoping to have something for people to play with by the end of the month, but