Re: [pfSense-discussion] pfsense on a flash drive

2011-05-12 Thread Scott Ullrich 
On Thu, May 12, 2011 at 8:38 PM, Muhammad Panji  wrote:
> Dear All,
> Anyone has experience installing and using pfsens from a flash drive / thumb
> drive? how is the performance comparing to using hard drive? Thank you
> regards,

For the most part there is no difference in performance.   The
firewall runs mostly from resident ram once the operating system is
loaded.

The bootup might take a few seconds longer than a hard drive but once
the OS is booted no difference in speed unless you are running
something like squid (which we disallow on flash drives).

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] And so it ends...

2011-02-03 Thread Scott Ullrich 
On Thu, Feb 3, 2011 at 9:54 AM, Eugen Leitl  wrote:
>
> I have a hunch IPv6 deployment will pick up considerably
> 1-2 years from now.
>
> - Forwarded message from Scott Howard  -
>
> From: Scott Howard 
> Date: Thu, 3 Feb 2011 06:35:57 -0800
> To: na...@nanog.org
> Subject: And so it ends...
>
> 102/8   AfriNIC    2011-02    whois.afrinic.net ALLOCATED
> 103/8   APNIC      2011-02    whois.apnic.net   ALLOCATED
> 104/8   ARIN       2011-02    whois.arin.net    ALLOCATED
> 179/8   LACNIC     2011-02    whois.lacnic.net  ALLOCATED
> 185/8   RIPE NCC   2011-02    whois.ripe.net    ALLOCATED
>

Check out http://forum.pfsense.org/index.php/board,52.0.html

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] PfSense localization

2011-01-04 Thread Scott Ullrich 
On Tue, Jan 4, 2011 at 10:40 AM,   wrote:
>
> Thank you.
> It's good to know that.
> But is there is some prognosis on the 2.0 release date?

Yep, when it's done.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] PfSense localization

2011-01-04 Thread Scott Ullrich 
On Tue, Jan 4, 2011 at 5:07 AM, William David Armstrong
 wrote:
>
> I can help for  translate  in Brazilian Portuguese

http://pootle.pfsense.org.br:8080/docs/resources.html

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] Re: ARIN space not accepted

2010-12-04 Thread Scott Ullrich 
On Sat, Dec 4, 2010 at 7:26 AM, Eugen Leitl  wrote:
> - Forwarded message from Leo Bicknell  -
>
> From: Leo Bicknell 
> Date: Fri, 3 Dec 2010 14:24:16 -0800
> To: na...@nanog.org
> Subject: Re: ARIN space not accepted
> Organization: United Federation of Planets
>
> In a message written on Fri, Dec 03, 2010 at 04:13:58PM -0600, Jack Bates 
> wrote:
>> The first takers in a space are hit the hardest. Rementioning here is
>> important. Do a google search and find any pages still mentioning
>> blocking the range. Contact them and ask them to update. Then you have
>> to start the long list with others. it's recommended you setup a server
>> with 2 IP addresses, one in the range, one outside the range, so that
>> people can check against them both to verify that the problem is with
>> the range itself. I've seen some networks that run automatic probes from
>> both ranges and compare the results, automatically sending emails to
>> whois contacts concerning the problem.
>
> For those not playing attention, the current bogon list should be:
>
> 0/8
> 10/8
> 39/8
> 102/8
> 103/8
> 104/8
> 106/8
> 127/8
> 172.16/12
> 179/8
> 185/8
> 192.168/16
> 224/3
>
> It is speculated that no later than Q1, two more /8's will be allocated,
> triggering a policy that will give the remaining 5 /8's out to the
> RIR's.  That means, prior to end of Q1, the bogon list will be:
>
> 0/8
> 10/8
> 127/8
> 172.16/12
> 192.168/16
> 224/3
>
> I'd suggest it would be good if folks updated to that now, to prevent
> these sorts of problems.  I promise, this time it is the last update
> you'll need to do. :)
>
> --
>       Leo Bicknell - bickn...@ufp.org - CCIE 3440
>        PGP keys at http://www.ufp.org/~bicknell/
>
>
>
> - End forwarded message -

Anyone needing to update their bogons can run this from a command
prompt (shell - option #8):

/etc/rc.update_bogons.sh now
exit

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] Re: Low end, cool CPE.

2010-11-12 Thread Scott Ullrich 
On Fri, Nov 12, 2010 at 5:51 PM, Nathan Eisenberg
 wrote:
[snip]
> But still - no IPv6 support (though a 3rd-party patch is now available to 
> beat it in, it's not up to par yet, and it's not in 'stable').  :(

The work Seth is doing will be in 2.1 sometime next year.  He has made
a lot of progress in a very short amount of time.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] pfSense router/firewall in a Vmware ESXi guest for other guests

2010-10-02 Thread Scott Ullrich 
On Sat, Oct 2, 2010 at 2:27 PM, Adam Thompson  wrote:
> It works, but performance is, in my experience, poor.  Don't use trunking
> (802.3ad / LACP) and VLANs together, or inter-vlan routing slows down
> drastically.  This appears to be a VMWare problem, not a pfSense problem.
> I recommend creating one virtual Ethernet device per network, and in fact
> mapping each virtual switch (or vlan) to a physical NIC on the host.
> Basically, keep the networking as simple as possible, don't get fancy like
> I did.

Was this with 4.0 or 4.1?   4.1 seems to drastically improved across
the board in terms of I/O in general.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] pfSense 2.0 will do FreeBSD 8.1?

2010-07-28 Thread Scott Ullrich 
On Wed, Jul 28, 2010 at 10:11 AM, Eugen Leitl  wrote:

> Thanks.
>
> Is boot from zfs root an install option?
>

No, the installer does not have ZFS support and we will not see ZFS support
into 2.1 at the earliest when work on the new installer picks up steam.

Scott

Re: [pfSense-discussion] pfSense 2.0 will do FreeBSD 8.1?

2010-07-28 Thread Scott Ullrich 
On Wednesday, July 28, 2010, Eugen Leitl  wrote:
>
> http://www.freebsd.org/releases/8.1R/announce.html is out. Will
> pfSense 2.0 get this?

We already have FreeBSD 8.1 on 2.0 snapshots.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] port to freescale 8349e

2010-06-18 Thread Scott Ullrich 
On Fri, Jun 18, 2010 at 12:42 PM, Zied Fakhfakh  wrote:

> On 06/07/2010 05:07 PM, Zied Fakhfakh wrote:
>
>> Hi,
>>
>> I'm planning to port/build pfsense on freescale 8349e powerpc based
>> system.
>> http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8349E
>> It holds the e300 powerPC processor.
>>
>>  Hi again,
>
> I have linux up and runnign on that board, can I cross-build pfsense from
> Linux ?
>
>
Not to my knowledge but then again I have never tried.

Sorry I do not have more information but I would suggest building this on
FreeBSD first.

Scott

Re: [pfSense-discussion] port to freescale 8349e

2010-06-07 Thread Scott Ullrich 
On Mon, Jun 7, 2010 at 5:50 PM, Scott Ullrich  wrote:

> freebsd on that ship is already ported, any "good luck" ? or "forget it" :)
>>
>>
Oops, pressed send too soon.   I am unsure of this boards FreeBSD status but
to get to the 300+ hour mark that assumes that this port has already been
done in FreeBSD.

Scott

Re: [pfSense-discussion] port to freescale 8349e

2010-06-07 Thread Scott Ullrich 
On Mon, Jun 7, 2010 at 12:07 PM, Zied Fakhfakh  wrote:

> Hi,
>
> I'm planning to port/build pfsense on freescale 8349e powerpc based system.
> http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=MPC8349E
> It holds the e300 powerPC processor.
>
> Nice board

am I getting into a very large deep desert ?
>
>
Doing these ports is quite fun because you end up needing to compile the
entire pfSense distribution on the board itself until the FreeBSD ports
system has cross-build support (which as of right now it does not).

So with that said what you are undertaking is not terribly difficult but
more or less is a time sucking leach.

If you are willing to spend 300+ hours on such a project I will help however
I can.

Scott



> freebsd on that ship is already ported, any "good luck" ? or "forget it" :)
>
> bye,
> Zied.
>
> --
> Zied FAKHFAKH
>
> @: zyd...@gmail.com
> t: +216 71 82 89 58
> f: +216 71 82 89 58
>
>
> -
> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
> For additional commands, e-mail: discussion-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

Re: [pfSense-discussion] any chances to see pfsense on GuruPlug Plus?

2010-02-25 Thread Scott Ullrich 
On Thu, Feb 25, 2010 at 1:27 PM, Mark Crane  wrote:

> Look at the specs. ALIX could really use an updated CPU like the Intel atom
> or a VIA CPU.
>
> GuruPlug :
> Power consumption 5watts of power.
> CPU is over 1.2ghz
> 512mb o16bit DDR2 800MHz
> esata support
> 2x Gb Ethernet
> 2x USB 2.0
> 1x Micro SD
> built-in WiFi
> Bluetooth
> TDM chipset built into the board
> expansion port
>
> ALIX:
> CPU 500mHz
> 128 to 256mb of Ram
> USB
> CF Card
> 10/100 Ethernet
>
> ALIX specs in more detail.
> http://www.netgate.com/product_info.php?cPath=60_83&products_id=516
>
> Some links
> http://hackaday.com/2010/02/08/guruplug-the-next-generation-of-sheevaplug/
>
> http://www.globalscaletechnologies.com/t-guruplugdetails.aspx
>
>
Different CPU types.  You are comparing apples and oranges.  I bet this
device will move about the same amount of packets at the end of the day.

Scott

Re: [pfSense-discussion] any chances to see pfsense on GuruPlug Plus?

2010-02-25 Thread Scott Ullrich 
On Thu, Feb 25, 2010 at 1:05 PM, Paul Mansfield
wrote:

> I asked them if there was a UK distributor, and they responded promptly
> with
> http://www.newit.co.uk/shop/products.php?cat=11
>
> dual ethernet for less than £100 (US$150) seems quite a good deal.
>

For about the same price why not purchase an Alix board?

Just curious.

Scott

[pfSense-discussion] Watch Chris and myself on FLOSS Weekly Live at 4:30 PM EDT

2009-12-16 Thread Scott Ullrich 
http://live.twit.tv

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] pfSense book now available for purchase

2009-11-04 Thread Scott Ullrich 
On Wed, Nov 4, 2009 at 12:13 PM, cl...@pfsense
 wrote:
> Can't wait for the electronic version  :-)

I believe only commercial support customers will have access to the
electronic version.

And folks, please respect the authors and do not pirate it.  kthanks

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] IPsec and OPT

2009-11-03 Thread Scott Ullrich 
On Tue, Nov 3, 2009 at 7:45 AM, Eugen Leitl  wrote:
>
> Anyone has a working IPsec config with a virtual OPT device (VIP or similar)
> you could share?
>
> I've made a tunnel (one end is transparent bridge, terminated on
> WAN), but can't route between networks. I'll move on to OpenVPN
> (UDP port forwarded behind NAT and terminated on a LAN box)
> shortly, but I need to get IPsec working as well.

It requires static-routes to ensure that the traffic goes back out the
OPT interface IIRC.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] BGP to get Internet

2009-10-29 Thread Scott Ullrich 
On Thu, Oct 29, 2009 at 9:32 PM, Evgeny Yurchenko  wrote:
> I thought you corrected .php to exclude Gateway input field. So I just
> modify config.xml and never go to gui to modify WAN interface, right?

Yep, that boxes WAN IP never changes.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] BGP to get Internet

2009-10-29 Thread Scott Ullrich 
On Thu, Oct 29, 2009 at 12:08 PM, Evgeny Yurchenko  wrote:
> Thank you. Do you have xml for 1.2.3-RC3 so I could try it?
> Evgeny.


em1



100
Mb


XXX.XXX.XX.XXX
30


Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] BGP to get Internet

2009-10-29 Thread Scott Ullrich 
On Thu, Oct 29, 2009 at 12:01 PM, Evgeny Yurchenko  wrote:
> Hello!
>
> sorry if this topic was brought up before but...
> I am running several pfSense-BGP installations but they are all for
> redundancy purposes over several links.
>
> Does anybody run pfSense with BGP and two Internet providers?
> My concern is default gateway... if you have to specify default gateway when
> you configure WAN interface then it should have less metric as the one
> received via BGP.
> May be I am missing something here.
> Thanks.

I do.   It requires removing the default gateway from the XML and not
visiting the WAN page again afterwards.

Works fine, has been in use for over a year now since the 2008 hackathon.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] Is there a 1.2.2 change log?

2009-10-16 Thread Scott Ullrich 
On Fri, Oct 16, 2009 at 4:38 PM, Marty Nelson  wrote:
> Hey everyone.  I’m running 1.2.1 and was wondering if there was a change log
> available?  I poked around the pfSense site as well as the forums and I
> either blindly missed it, or it’s not obvious.  J

Please see http://blog.pfsense.org/?p=497 -- there is a link towards the end.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] openvpn 2.1 rc20 out now

2009-10-08 Thread Scott Ullrich 
On Thu, Oct 8, 2009 at 5:31 AM, Paul Mansfield
 wrote:
> http://www.openvpn.net/index.php/open-source/downloads.html
>
> just thought people might want to upgrade, the RCs have been good for me,
> especially for vista users where you don't have to do the external "route"
> stuff.
>
> perhaps openvpn 2.1 will be released in time to make it into pfSense 1.3 and
> 2.0 releases?

No.   2.1 is a beta series.   2.0 is their stable series.   2.0.6
which is the current version for FreeBSD:

PORTNAME=   openvpn
# -
# DO NOT BOTHER TO SEND NOTICES ABOUT OPENVPN 2.0.9
# AS IT FIXES WINDOWS-ONLY BUGS THAT DON'T AFFECT *BSD
# AND THUS DOES NOT WARRANT A PORT UPGRADE!
# UPGRADE REQUESTS WILL BE DROPPED UNLESS BSD-RELATED.
# -

I see no reason to move from a stable branch to a beta branch.  We
might consider it for 2.0 but not for 1.2.3.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] fully redundant dual-WAN setup

2009-08-11 Thread Scott Ullrich 
On Tue, Aug 11, 2009 at 5:03 AM, Veiko Kukk wrote:
> I have tried dual wan and dual machine setup with no success. Dual wan
> pfsense only works with single machine. carp also works, but both carp
> *and* dual wan together does not work!
> And seems there are very few who care about pfsense failover ability,
> probably most people use single machine and single wan setups.

Bt.  Nice assumptions there.   I run both CARP and Dual Wan at my
primary location and it works fine.   If you want help you need to go
into details of your setup etc.   If its configured correctly it
absolutely works great.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] Tool to monitor pfSense

2009-04-08 Thread Scott Ullrich 
On Wed, Apr 8, 2009 at 3:03 PM, Augusto Ferronato
 wrote:
> Using Nagios :) heheheh!!!

Bixdata and http://mon.itor.us are small pieces to my monitoring puzzles.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] captive portal doesnt work on 2.0 Alpha version

2009-03-30 Thread Scott Ullrich 
We do not handle 2.0 issues here, this is for our stable releases.
Please visit the testing area on the forum for 2.0.

Scott


On Mon, Mar 30, 2009 at 11:48 AM, Nelson Murilo  wrote:
>
> Hi Guys,
>
> I checked that subject in list before, but I don't found nada.
>
> So, I'm testing pfsense mainly to use as captive portal, and after
> configure (and checked) interfaces, dns forward and captive service.
> It dosen't work, running tcpdump I can see the client trying to connect
> URL directly without before get portal page.
>
> Btw, I have configured captive portal to use port 80, but I can't see that
> port on LISTEN state.
>
> Any hints?
>
> ./nelson -murilo
>
>
>
>
>
> -
> To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
> For additional commands, e-mail: discussion-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] More DNS servers please

2009-03-16 Thread Scott Ullrich 
On Mon, Mar 16, 2009 at 4:23 PM, Joe Lagreca  wrote:
> Would it be possible to add more entries for DNS servers in the
> General Setup section?  3-4 would be great.  I know its possible to
> edit the config file to add more, I just think it would be usefull to
> have it in the GUI as well.  Thanks.

Already present in 2.0.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] xen aware pfsense.

2009-01-27 Thread Scott Ullrich 
On Tue, Jan 27, 2009 at 10:15 PM, pfsense sense  wrote:
> i'm not suggesting pfsense be run inside a VM, i am suggesting pfsense
> provide VM functionality
> i'm fully aware the VM's shortcomings, i manage a 14TB ESX cluster
> let me say that again...
>
> i am suggesting pfsense provide VM functionality "cloud --> pfsense -->
> os --> service"

It certainly is a intriguing idea.   This "tweet" caught my attention
earlier today:
http://twitter.com/Taggerz/statuses/1152928366

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] PPTP user passwords unencrypted in config file?

2009-01-22 Thread Scott Ullrich 
On Thu, Jan 22, 2009 at 3:23 PM, jason whitt  wrote:
> i was going through my config file the other day and noticed that when using
> pptp against local users the users passwords are stored in clear text in the
> config file.
> Is it possible to encrypt them?

Not currently.   See the list history for nice fruitful complete
discussions concerning this topic.Would rather not bring this
flame war back to light.

Scott

-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] pfSense as VDSL Router

2008-11-03 Thread Scott Ullrich 
On Mon, Nov 3, 2008 at 11:41 AM, Eugen Leitl <[EMAIL PROTECTED]> wrote:
>
> FYI: http://www.heise.de/netze/pfSense-als-VDSL-Router--/artikel/116739 
> 
>
> (Notice that IP-TV needs IGMP support which is apparently not
> in pfSense kernel? Here's a thread, which says the problem
> is an IGMP proxy http://forum.pfsense.org/index.php/topic,4491.0/all.html )
>
> In case it's a bounty issue I'm willing to chip in with an additional $50.
>
> --
> Eugen* Leitl http://leitl.org";>leitl http://leitl.org
> __
> ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
> 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> Commercial support available - https://portal.pfsense.org
>
>

I just added options MROUTING to the kernel.  it will appear in the
next snapshot.   Have fun!

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Commercial support available - https://portal.pfsense.org

Re: [pfSense-discussion] We have received your email and someone will be responding shortly.

2008-09-11 Thread Scott Ullrich 
On Thu, Sep 11, 2008 at 8:31 AM, Tommy Skoglund <[EMAIL PROTECTED]> wrote:

> Could some admin/postmaster please disable the email address so the
> spamming wil stop?
>

Yes, sorry about that.

Scott

Re: [pfSense-discussion] We have received your email and someone will be responding shortly.

2008-09-11 Thread Scott Ullrich 
[EMAIL PROTECTED] removed from mailing list
discussion@pfsense.com
Sorry about the noise folks!

Scott

On Thu, Sep 11, 2008 at 11:07 AM, <[EMAIL PROTECTED]> wrote:

> We have received your email and someone will be responding shortly.
>
>Please do not respond to this email -- it is automatically generated
> just to immediately confirm receipt of your communications
>
>Thank-you.
>
>
>

Re: [pfSense-discussion] We have received your email and someone will be responding shortly.

2008-09-11 Thread Scott Ullrich 
[EMAIL PROTECTED] removed from mailing list
discussion@pfsense.com
Sorry about the noise folks!

Scott


On Thu, Sep 11, 2008 at 10:45 AM, <[EMAIL PROTECTED]> wrote:

> We have received your email and someone will be responding shortly.
>
>Please do not respond to this email -- it is automatically generated
> just to immediately confirm receipt of your communications
>
>Thank-you.
>
>
>

Re: [pfSense-discussion] DNS resolver test

2008-07-22 Thread Scott Ullrich 
On Tue, Jul 22, 2008 at 2:32 PM, Eugen Leitl <[EMAIL PROTECTED]> wrote:
>
> http://www.provos.org/index.php?/pages/dnstest.html
>
> DNS Resolver Test
>
> For secure name resolution, it is important that your DNS resolver uses 
> random source ports. The box below will tell you if there is something you 
> need to worry about.
>
> Your DNS Resolver needs to be updated.
>
> If the box says that you are using random ports, there is nothing to worry 
> about. If it shows a red border, your resolver does not use completely random 
> source ports. This could imply a security problem; see the following CERT 
> advisory. However, some resolvers have implemented countermeasures that do 
> not solely rely on random source sources.
>
> There is a little bit more information about this security problem on Dan 
> Kaminsky's blog.
>
> Should be we getting worried now?

If anyone is worried then update their dnsmasq.

http://blog.pfsense.org/?p=210

Scott

[pfSense-discussion] 1.3-ALPHA-ALPHA testing snapshots now available!

2008-07-06 Thread Scott Ullrich 
1.3-ALPHA-ALPHA testing snapshots are now available.  Please see
http://blog.pfsense.org/?p=208 for more information.

Scott

[pfSense-discussion] 1.2.1-BETA snapshots now available!

2008-07-06 Thread Scott Ullrich 
Please see http://blog.pfsense.org/?p=207 for more information.

Thanks!

Re: [pfSense-discussion] Used ALIX or Soekris?

2008-06-27 Thread Scott Ullrich 
On Fri, Jun 27, 2008 at 3:37 PM, Andrew Burnette <[EMAIL PROTECTED]> wrote:
> I had similar thoughts a while back. doesn't always work out the way you
> think. (e.g. toyota prius, while a politically and technologically needed
> car, actually saves no energy over it's lifespan due to the enormous amount
> of front end manufacturing cost and material used).
>
> Here's what I did.
>
> took single board athlon desktop. Underclocked it as low as the FSB would go
> on motherboard, and lowered the CPU and ram voltages to near minimum. Stuck
> in a laptop hard drive (3.5-2.5 adapter about $5) and an 80% efficient small
> as heck power supply with 3 intel nic cards in the PCI slots.
>
> cut power consumption by 1/2 over same setup with original PS running full
> speed. Still doesn't break a sweat at 20Mbps symmetrical and 6k
> connections..
>
> Might try the same. pull CPU number 2, lower the FSB and so on. Big diff is
> the power supplies. Most are *lousy* (under 50% efficient) at light loads.
> You can find the energy star designated ones (80%+ efficient across broad
> operating range) for $40 and up at places like newegg.com (seasonic is one
> of the efficient brands I'm told, and they are quiet, as less heat loss,
> therefore less fan needed)
>
> Hope that helps.  best of luck.
> andy

Great ideas, thanks for sharing!!

Scott

Re: [pfSense-discussion] clog size

2008-04-14 Thread Scott Ullrich 
On 4/14/08, Paul M <[EMAIL PROTECTED]> wrote:
> if clog is turned off, does it then use "tail -N" and look at a normal
>  log file instead of using clog to view?

Yes, it omits the clog binary completely.

Scott

Re: [pfSense-discussion] clog size

2008-04-14 Thread Scott Ullrich 
On 4/14/08, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> I have commited some code to help with this:
>  
> http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup

Woops, wrong URL:
http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.49;content-type=text%2Fx-cvsweb-markup

Re: [pfSense-discussion] clog size

2008-04-14 Thread Scott Ullrich 
On 4/14/08, Paul M <[EMAIL PROTECTED]> wrote:
> RB wrote:
>  > I've had a request to increase logging duration on systems that have
>  > no access to an external syslog server, so am making the necessary
>  > changes to maintain much larger ring-log files.  Incredibly larger -
>
>
> what we've done is to make a few tweaks and install syslog-ng
>
>  1/ change the system include file so that it starts syslog with "-b
>  127.0.0.1" so that it doesn't bind to an external IP.
>
>  2/ add some lines to /etc/rc.conf.local to make a restart of syslog also
>  bind only to localhost:
>  syslogd_enable="YES"
>  syslogd_flags=" -s -f /var/etc/syslog.conf -b 127.0.0.1"
>
>  3/ install syslog-ng and write config so that it does full logging to
>  local file system as well as copying to a main log server
>
>  3a/ pkg_add -r syslog-ng
>  3b/ config file is /usr/local/etc/syslog-ng/syslog-ng.conf
>  (if interested, I can provide ours after sanitisation)
>  3c/ make syslog-ng listen on, say, the sync interface or lan.
>
>  4/ add some lines to /etc/rc.conf.local to make sure that syslog-ng
>  starts up
>
>  5/ use the pfsense gui to tell it to log to the syslog-ng IP address
>
>  this "works for us", and the key thing is that apart from having to fix
>  the /etc/inc/system.inc file when upgrading pfsense (I offered the
>  diffs/patch, I think it might have been accepted), you don't have to
>  bend the system too far as you don't have to hack any other part of pfsense.

I have commited some code to help with this:
http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup

Scott

Re: [pfSense-discussion] miniupnpd No buffer space available

2008-03-28 Thread Scott Ullrich 
On 3/28/08, Dennis Karlssson <[EMAIL PROTECTED]> wrote:
> Hi Scott
>
>  I use both CP and FW schedules.

I have a feeling that you are just working around the problem and not
solving it.

>From a shell do this:

sysctl net.inet.ip.fw.dyn_buckets

How many buckets are defined by default?  256?

Take that number and *2 and then do this:

sysctl net.inet.ip.fw.dyn_buckets=512

Replacing 512 with the *2 of the original value.   If the problem
still persists *3 the value and so on until you find a happy medium.

Scott

Re: [pfSense-discussion] miniupnpd No buffer space available

2008-03-28 Thread Scott Ullrich 
On 3/28/08, Dennis Karlssson <[EMAIL PROTECTED]> wrote:
> Hi Bill
>
>  Deactivating and activating the Traffic Shaper did the job.

I am not quite understanding this.  Are you using captive portal?  Or
schedule firewall rules?

Mar 27 23:22:49 kernel: ipfw: install_state: Too many dynamic rules

The above relates to IPFW which is only used presently for Captive
Portal and for Firewall Schedules.

Scott

Re: [pfSense-discussion] Traffic shaper bug ?

2008-03-22 Thread Scott Ullrich 
On 3/22/08, RB <[EMAIL PROTECTED]> wrote:
> For that matter, is any non-dev actually _running_ 1.3?  For quite
>  some time, short of building the whole system myself, performing an
>  update to a fresh test system just results in complete b0rkage
>  (libraries missing & whatnot), same as HEAD has been for months before
>  that.  It's not unfixable, but prevents the casual user from testing
>  and the causal developer from contributing.
>
>  I submitted an FYI ticket on it once, but some anon-tard closed it
>  saying "If you are running HEAD you should know how to fix these
>  breakages yourself! HEAD is for developers only."  Helpful chap.

Anyone testing these images will be on 1.2 as that thread states.   We
have made a special version for the contributors of the bounty.
Otherwise folks will have to wait until 1.3.  And BTW: HEAD != 1.3.
HEAD == 2.0 which is far far away.

Scott

Re: [pfSense-discussion] BUG? Access to bandwidhtd without password

2008-03-18 Thread Scott Ullrich 
On 3/18/08, Cristiano Deana <[EMAIL PROTECTED]> wrote:
> Hi,
>
>  pfsense 1.2, I installed hte package of bandwitdhd. If I access to
>  https://my.pfsense/bandwithd/ there is no request for password
>  Do you thing is it right?

That is correct.  Firewall off the port to only trusted hosts.

Scott

[pfSense-discussion] Mirror finder

2008-03-13 Thread Scott Ullrich 
Thanks everyone (20+) of you for notifying us of the mirror problems.
It is now resolved.

Scott

Re: [pfSense-discussion] freebsd 6.2 ports archive

2008-03-13 Thread Scott Ullrich 
On 3/13/08, Paul M <[EMAIL PROTECTED]> wrote:
> Hi,
>  I was looking for the syslog-ng package to install on my pfsense boxes,
>  and discovered that the main freebsd site no longer has the ports for
>  that release - only 6.3.
>
>  I found the ftp.de.freebsd.org site still had it, so I did an evil hack
>  to the hosts file thus:
>  213.83.42.56ftp.freebsd.org
>
>  and I was able to "pkg_add -r syslog-ng".
>
>  anyway, my point is that anyone wanting to play with pfsense1.2 release
>  and needs access to the ports might want to consider maintaining their
>  own archive of the freebsd downloads otherwise they'll lose out!
>
>  or, perhaps, should pfsense.org website keep a mirror for this purpose?

We are working on it: http://blog.pfsense.org/?p=179

Scott

Re: [pfSense-discussion] Simple patch for Dynamic DNS.

2008-02-13 Thread Scott Ullrich 
On 2/13/08, Ben Timby <[EMAIL PROTECTED]> wrote:
> Scott, sorry to bug you, but I wondered if you ever had a chance to
> check out this patch and what the outcome was?

It looks like this has been committed.  At last the patches here are
showing as already applied.  Can you verify this?

Scott

Re: [pfSense-discussion] 1.2RC5 or release

2008-02-11 Thread Scott Ullrich 
On Feb 11, 2008 1:13 PM, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
> On doing an update from RC4 - RC5 with Dashboard installed I can no
> longer get dashboard back. Even tried uninstalling dashboard (Yes, I
> know it says it can not be uninstalled) to no avail. Other than that
> and the bug with darkstat on RC4 I have had zero issues.
>

Known problem.

Scott

Re: [pfSense-discussion] 1.2RC5 or release

2008-02-11 Thread Scott Ullrich 
On Feb 11, 2008 9:15 AM, Chris Buechler <[EMAIL PROTECTED]> wrote:
> We'll probably skip RC5 as an official release even though the snapshots
> are labeled as such right now.

Yeah. no plans to release 1.2-RC5 except in its current snapshot form.
 I changed the version so we can identify new issues beyond RC4 if
they happen to come up (which so far we have been pretty good except
for IPSEC reports).

Scott

Re: [pfSense-discussion] bogons update issue

2008-02-10 Thread Scott Ullrich 
On 2/10/08, Jan Hoevers <[EMAIL PROTECTED]> wrote:
> I've tested this now on a fresh install, and you're right, it will work
> on existing installs.
> The missing od issue is of course still there, but unlike I wrote in my
> original mail, it does not cause the script to abort.
>
> Thanks for fixing this so quickly.

Where did you reinstall from?  Hopefully you used the recent snapshot image?

http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/

Scott

Re: [pfSense-discussion] bogons update issue

2008-02-03 Thread Scott Ullrich 
On 2/3/08, Jan Hoevers <[EMAIL PROTECTED]> wrote:
> I'm running the embedded version of pfSense on a Soekris 4801.
> Today (3 Feb 2008) I upgraded to 1.2-RC4 and it caught my eye that the
> bogons file (/etc/bogons) dated back to October 2007.
>
> I consider bogons filtering important, so I decided not to wait for the
> next automatic update, but instead I ran the update script
> (/etc/rc.bogons_update.sh) manually.
> That did not work and, although I'm not exactly a shell script expert, I
> decided to have a look into it. I got the script running by working
> around two problems:
>
> 1. The script starts with sleeping a random interval. This caused it to
> abort with a 'od: command not found' message. Apparently the od command
> is missing on the embedded platform, and I worked around this by
> commenting out the random interval sleep.

Thanks, just fixed this.

> 2. On previous versions the bogons file was fetched from cymru.com, but
> on RC4 the script tries to get it from a pfSense server. The file is
> however missing on that pfSense server. I worked around this by copying
> the old cymru url back from RC3.
>
> Although my bogons update script is working now, I believe I didn't
> choose the best possible solution for both problems.
> I hope someone of the development team finds time to look into this
> before the next release.

Hrm.  Thanks for the heads up.  We'll get this correct ASAP.

Scott

Re: [pfSense-discussion] lagg + carp: carp not sending multicast via lagg interface

2008-01-23 Thread Scott Ullrich 
On 1/23/08, Fabio C Flores <[EMAIL PROTECTED]> wrote:
> And how can I find out if 1.2-RC4 uses that freebsd fix?

http://pfsense.com/cgi-bin/cvsweb.cgi/tools/patches/RELENG_6_2/if_lagg.diff

... Is what we use.  Feel free to send a new patch if it does not
include the needed bits.

Scott

Re: [pfSense-discussion] (DUP!) duplicated packets when pinging internal server

2008-01-22 Thread Scott Ullrich 
I bet it is being caused by your usage of LAGG.  Unfortunately you are
on your own on this one as LAGG is not supported as of yet.

On Jan 22, 2008 2:03 PM, Fabio C Flores <[EMAIL PROTECTED]> wrote:
> # ping 10.0.2.10
> PING 10.0.2.10 (10.0.2.10): 56 data bytes
> 64 bytes from 10.0.2.10: icmp_seq=0 ttl=64 time=0.208 ms
> 64 bytes from 10.0.2.10: icmp_seq=0 ttl=63 time=0.328 ms (DUP!)
> 64 bytes from 10.0.2.10: icmp_seq=1 ttl=64 time=0.110 ms
> 64 bytes from 10.0.2.10: icmp_seq=1 ttl=63 time=0.230 ms (DUP!)
> ^C
> --- 10.0.2.10 ping statistics ---
> 2 packets transmitted, 2 packets received, +2 duplicates, 0% packet loss
> round-trip min/avg/max/stddev = 0.110/0.219/0.328/0.077 ms
>
>
> 
>
> # ifconfig
> em0: flags=8943 mtu 1500
> options=b
> inet 10.0.2.2 netmask 0x broadcast 10.0.255.255
> inet6 fe80::215:17ff:fe51:3f2e%em0 prefixlen 64 scopeid 0x1
> ether 00:15:17:51:3f:2e
> media: Ethernet autoselect (1000baseTX )
> status: active
> lagg: laggdev lagg0
> em1: flags=8943 mtu 1500
> options=b
> inet 192.168.0.221 netmask 0x broadcast 192.168.255.255
> inet6 fe80::215:17ff:fe51:3f2f%em1 prefixlen 64 scopeid 0x2
> ether 00:15:17:51:3f:2f
> media: Ethernet autoselect (100baseTX )
> status: active
> bge0: flags=8843 mtu 1500
> options=1b
> inet 10.1.0.2 netmask 0xff00 broadcast 10.1.0.255
> inet6 fe80::21c:23ff:fee1:f846%bge0 prefixlen 64 scopeid 0x3
> ether 00:1c:23:e1:f8:46
> media: Ethernet autoselect (1000baseTX )
> status: active
> bge1: flags=8843 mtu 1500
> options=1b
> inet 10.0.2.5 netmask 0x broadcast 10.0.255.255
> inet6 fe80::21c:23ff:fee1:f847%bge1 prefixlen 64 scopeid 0x4
> ether 00:15:17:51:3f:2e
> media: Ethernet autoselect (1000baseTX )
> status: active
> lagg: laggdev lagg0
> pfsync0: flags=41 mtu 1348
> pfsync: syncdev: bge0 syncpeer: 224.0.0.240 maxupd: 128
> enc0: flags=0<> mtu 1536
> pflog0: flags=100 mtu 33208
> lo0: flags=8049 mtu 16384
> inet 127.0.0.1 netmask 0xff00
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
> carp0: flags=49 mtu 1500
> inet 192.168.0.223 netmask 0xff00
> carp: MASTER vhid 11 advbase 1 advskew 100
> carp1: flags=49 mtu 1500
> inet 10.0.2.3 netmask 0x
> carp: MASTER vhid 12 advbase 1 advskew 100
> tun0: flags=8051 mtu 1500
> inet6 fe80::215:17ff:fe51:3f2e%tun0 prefixlen 64 scopeid 0xb
> inet 192.168.66.1 --> 192.168.66.2 netmask 0x
> Opened by PID 370
> lagg0: flags=8843 mtu 1500
> inet 10.0.2.7 netmask 0x broadcast 10.0.255.255
> inet6 fe80::215:17ff:fe51:3f2e%lagg0 prefixlen 64 scopeid 0xc
> ether 00:15:17:51:3f:2e
> media: Ethernet autoselect
> status: active
> lagg: laggproto failover
> laggport bge1 =4
> laggport em0 =5
>
> -
>
> # netstat -nr
> Routing tables
>
> Internet:
> DestinationGatewayFlagsRefs  Use  Netif Expire
> default192.168.0.1UGS 00em1
> 10/16  link#12UCS 02  lagg0
> 10.0.1.205 00:16:ec:9b:c8:dc  UHLW1   33  lagg0   1165
> 10.0.2.3   10.0.2.3   UH  00  carp1
> 10.0.2.6   00:15:17:51:4a:16  UHLW1 2664  lagg0234
> 10.0.2.10  00:19:b9:eb:62:7d  UHLW1 1447  lagg0   1151
> 10.1/24link#3 UC  00   bge0
> 10.1.0.1   00:1c:23:e1:f7:d1  UHLW1 5294   bge0   1127
> 127.0.0.1  127.0.0.1  UH  00lo0
> 192.168.0/16   link#2 UC  01em1
> 192.168.0.100:17:9a:58:20:3f  UHLW2 1771em1918
> 192.168.0.200:16:3e:31:80:07  UHLW11em1925
> 192.168.0.102  00:15:00:00:12:1f  UHLW10em1972
> 192.168.0.223  192.168.0.223  UH  00  carp0
> 192.168.66 192.168.66.2   UGS 06   tun0
> 192.168.66.2   192.168.66.1   UH  10   tun0
>
>

[pfSense-discussion] #pfSensechat has been opened

2008-01-10 Thread Scott Ullrich 
All,
We have opened a new FreeNode pfSense chat room that is meant for off topic
discussions for like minded people (pfSensers).

Please join us and chat with like minded folks!

#pfSenseCHAT on FreeNode.

Scott

Re: [pfSense-discussion] Looking for a push in the right direction for VoIP/Cisco 7971 phones

2008-01-02 Thread Scott Ullrich 
On 1/2/08, patrickm <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I'm in charge of replacing our Cisco PIX firewall with one that will allow
> us to use VPN, and a bunch of my other sysadmin friends have suggested
> using pfsense.  Everything was super easy to set up initially, and now I
> want to get our Cisco 7971 SIP VoIP phones working behind NAT.
>
> I was wondering if anyone had to do something similar, or if anyone has a
> link or links to some helpful resources that will push me in the right
> direction.
>
> Thanks in advance!

Visit Firewall, Nat, Outbound.  Enable Advanced outbound NAT.

Edit auto-created LAN rule, check static-port.  Save.

It should work okay now.

Scott

Re: [pfSense-discussion] Dynamic remote endpoints (IPsec)

2008-01-02 Thread Scott Ullrich 
On Jan 2, 2008 6:10 PM, Dennis Karlsson <[EMAIL PROTECTED]> wrote:
> Hi
>
> In the current beta of m0n0wall they've included the possibility to use
> a host name as destination gateway address. Will this be included in the
> 1.2 release?

No.  1.2 is frozen.

It is already in RELENG_1 and HEAD so should arrive in 1.3.

Scott

Re: [pfSense-discussion] Support NTLM

2007-12-05 Thread Scott Ullrich 
On 12/5/07, Jose Augusto <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>  I need help.
>  I have a firewall running on Linux, and the most faster possible the change
> the firewall for PFSense, but, in pfsense is possible authentication on NTML
> (Active Directory) ??? On SQUID?

I believe the feature is in place but has not been finished.

Scott
PS: No, I have no plan to finish it.  Patches accepted.

Re: [pfSense-discussion] Simple patch for Dynamic DNS.

2007-12-05 Thread Scott Ullrich 
On 12/5/07, Ben Timby <[EMAIL PROTECTED]> wrote:
> I have attached two patches.
>
> dyndns-HEAD.patch
> dyndns-RELENG_1.patch
>
> both patch two files:
>
> usr/local/www/services_dyndns.php
> etc/inc/services.inc


Thanks!  I will check into these this evening.

Scott

Re: [pfSense-discussion] Simple patch for Dynamic DNS.

2007-12-01 Thread Scott Ullrich 
On 11/27/07, Ben Timby <[EMAIL PROTECTED]> wrote:
> I set up the Dynamic DNS feature today, however, I needed to be able
> to specify my DNS server address.
>
> The attached patch adds a field to the services_dyndns.php form.
> This field if provided will be written to the nscommands file (in
> services.inc) as
>
> "server \n"
>
> This allows you to update an arbitrary DNS server. If not provided,
> the server line is omitted and the default behavior occurs.
>
> I hope this is useful to others. I pulled these two files from CVS so
> this patch should apply to head.
>
> At least this guy seems to have the same issue as I did.
>
> http://forum.pfsense.org/index.php?PHPSESSID=859b4334957ebc787b1cc945c4329c92&topic=3525.0
>
>

Hello!  Can you please provide RELENG_1 and HEAD diffs for this?

Scott

Re: [pfSense-discussion] multiwan ftp proxy

2007-11-19 Thread Scott Ullrich 
On Nov 19, 2007 1:50 PM, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Assuming I ftp at home (don't recall the last time I intentionally did
> that!) then ftp works just fine via the primary wan as Chris mentions.
>  I think I did have to create a rule for traffic destined to 127.0.0.1
> to use the "default" gateway instead of a load balance pool.  Don't
> recall if that's still needed or not but it's still in my ruleset:
>  *   LAN net *   127.0.0.1   *   *   Use 
> routing table
> for loopback traffic

1.3 now creates these hidden rules so for 1.2 you still need to permit
the traffic without a gateway assigned.  This is covered in
http://devwiki.pfsense.org/FTPTroubleShooting

Scott

Re: [pfSense-discussion] multiwan ftp proxy

2007-11-14 Thread Scott Ullrich 
On Nov 14, 2007 5:46 PM, D.Pageau <[EMAIL PROTECTED]> wrote:
> What is the current status on multi-wan ftp proxying ?
>
> I have dig around on pfsense FAQ, forum, blog, wiki, ticket (btw, is it
> too many source of information ?)
>
> Some info (outdated ?) on FAQ (or is it blog or forum or wiki or cvs ?)
> says that is not supported and will be when someone will code it.
>
> On the other way in 2006-09 Scott says that he as a version of PFTPX
> that works with multiple-lan.
>
> What is the current status ?

No work has been done on this as of since.   Unfortunately it is not
high on my list so if someone else wants to pick it up and finish up
from where Bill and I left off, please do so.

Scott

Re: [pfSense-discussion] php: : Not installing nat reflection rules for a port range > 500 (1.2-RC2)

2007-11-09 Thread Scott Ullrich 
You most likely have a port range defined.

Scott


On Nov 9, 2007 2:26 AM, Tortise <[EMAIL PROTECTED]> wrote:
> Hi Team
>
> I added a rule for MS TS access to 3389, I get logged "php: : Not installing
> nat reflection rules for a port range > 500" and the connection does not
> seem to be created.
>
> I cannot however find a port range > 500 and the port added is a single
> port.
>
> Can anyone advise me on this please?
>
> Kind regards
>
> David
>
> PS on reviewing all my rules it seems that UDP NAT entries may have been
> erroneously automatically entered in rules as TCP rules?
>
>

Re: [pfSense-discussion] Captive portal could not deterimine clients MAC address

2007-09-05 Thread Scott Ullrich 
On 9/5/07, Nick Buraglio <[EMAIL PROTECTED]> wrote:
> What wireless AP are you using?
>
> nb

I answered him here:

http://forum.pfsense.org/index.php/topic,5999.msg35459.html#msg35459

Tunge2, please stop cross posting between the forum and the mailing list.

Scott

Re: [pfSense-discussion] Firmware

2007-08-25 Thread Scott Ullrich 
No.  Nothing will change from this perspective.  Please visit our blog
where we describe how this wilkl help the project.

Scott


On 8/25/07, Mike <[EMAIL PROTECTED]> wrote:
> With the recent move to paid support for pfsense and monowall, will this
> signify the end of the firmware upgrades, package availability, and this
> discussion list for those that don't cough up the money?
>

Re: [pfSense-discussion] 1.2-RC2 released

2007-08-21 Thread Scott Ullrich 
On mar, 21 aoû 2007 17:48:24 +0200, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> Just one question, from a pfsense newbie
>
> where i can download 1.2RC2 update ?
>
> Best regards

http://www.pfsense.com/mirror.php?section=updates/pfSense-Full-And-Embedded-Update-1.2-RC2.tgz

Scott

Re: [pfSense-discussion] atmel avr port of pfsense?

2007-07-31 Thread Scott Ullrich 
On 7/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Most of the steps should be the same for NetBSD as they are for FreeBSD since 
> they share a lot of commonalities.

Not quite.  You will find a lot of items that rely on netgraph such as
PPTP, PPPoE, etc.

Scott

Re: [pfSense-discussion] atmel avr port of pfsense?

2007-07-31 Thread Scott Ullrich 
On 7/31/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
[snip]
> This looks like a job for NetBSD!

Good luck porting pfSense to Net!  :)

Scott

Re: [pfSense-discussion] Package installation / removal problem ?

2007-07-17 Thread Scott Ullrich 

Dashboard is still very much a work in progress and has a few issues.

Scott


On 7/17/07, Daniele Guazzoni <[EMAIL PROTECTED]> wrote:

Small correction: only dashboard stalls

Daniele Guazzoni wrote:
> I'm running 1.2-BETA-2-TESTING-SNAPSHOT-07-05-2007 and it stalls on
> adding and removing packages.
> Known issue ?
>
>
> regards
>
>
> -
> Daniele Guazzoni
> Senior Network Engineer, CCNP, CCNA
>
>
> Linux and AMD-x86_64 or do you still with Windows and Intel ?
>

--


regards


-
Daniele Guazzoni
Senior Network Engineer, CCNP, CCNA


Linux and AMD-x86_64 or do you still with Windows and Intel ?

--
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

Re: [pfSense-discussion] Load balancer pool edit page: changes to pool list

2007-07-03 Thread Scott Ullrich 

On 7/3/07, Chris Daniel <[EMAIL PROTECTED]> wrote:

I use the "load balancer pool edit" page quite a lot, adding and
removing servers from my active pool.  It gets kind of old typing the
IPs when re-adding servers, and I understand it needs a little
refinement anyway, so I propose some changes (which I am willing to
code).  The basic idea is to have pfSense keep in the load balancer pool
configuration two types of servers (enabled and disabled) and be able to
quickly change the servers from "enabled" to "disabled" and vice versa.
I think this can be accomplished pretty easily, and I have a decent idea
of how to do it, having sorted through the code a little, but I just
want to make sure before I spend any real time on it.  A mockup of how
the relevant portion of the interface would look (note the reordering
buttons that are mentioned on CVS Trac, for reordering the list for a
failover pool; I will do this also): http://www.gliffy.com/publish/1251841/

As for the config end of it, the servers' IP addresses are currently
stored as multiple entries that look like:
"ip.add.re.ss" -- in my changes, the addition would
be entries that look like
"ip.add.re.ss" (for saving the
"disabled" list).  I didn't see any facility for parsing tag attributes
... please let me know if this is there somewhere and I'll make it more
like '...' or so.  It looks like pfSense will
just ignore the "disabled" entries when reading the configuration for
applying without any changes to filter.inc ... please let me know if I'm
missing anything here.

It all seems pretty straightforward and simple.  Please let me know if
I'm missing anything.  This is my first attempt at contributing to
pfsense; would these changes be useful to anyone other than me?  Also,
which branch should I make patches for, etc., if so?  Thanks in advance.


Sounds good to me.Patches should be in -rub format against
RELENG_1 and HEAD.

Let me know if you have any more questions.

Scott

Re: [pfSense-discussion] Sun Fire X2100 M2 questions

2007-06-21 Thread Scott Ullrich 

On 6/21/07, Bill Marquette <[EMAIL PROTECTED]> wrote:

On 6/20/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:
> nfe won't be there in 1.3, correct? I can survive with
> just two interfaces (WAN and LAN) for a while, but I do need
> at least DMZ rather soon. When they say I should stay
> away from http://snapshots.pfsense.com/FreeBSD7/
> I presume it's for a good reason, right?

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html



It looks like the 7 tree is now frozen for release and all merges
require re@ approval so I suspect we'll see  a release in the next
coming months which will be very exciting on many fronts.

Scott

Re: [pfSense-discussion] Problems mit DynDNS Update

2007-06-20 Thread Scott Ullrich 

Try a recent snapshot.

On 6/20/07, Fabian Steiner <[EMAIL PROTECTED]> wrote:

Hello!

We are using PfSense 1.2_BETA and are experiencing some serious problems
concerning DynDNS updates. Sometimes they are performed (obviously without
adding additional options, e.g. wildcard=ON) and sometimes they don't work at
all.

In 1.0.1 system.log shows the following output after the box received a 24h
force disconnect:

[...]
Jun 19 07:19:51 pfsense mpd: [pppoe] IFACE: Up event
Jun 19 07:19:54 pfsense check_reload_status: rc.newwanip starting
Jun 19 07:20:01 pfsense php: : Informational: DHClient
spawned /etc/rc.newwanip and the new ip is wan - 84.145.68.218.
Jun 19 07:20:01 pfsense php: : Creating rrd update script
Jun 19 07:20:01 pfsense php: : Creating rrd graph index
Jun 19 07:20:06 pfsense php: : Resyncing configuration for all packages.
Jun 19 07:20:06 pfsense check_reload_status: reloading filter
Jun 19 07:20:14 pfsense check_reload_status: updating dyndns
Jun 19 07:20:19 pfsense php: : DynDns: Running updatedns()
[...]

1.2_BETA, however, prints out the following:

[...]
Jun 20 16:49:18 eros mpd: [pppoe] IFACE: Up event
Jun 20 16:49:20 eros check_reload_status: rc.newwanip starting
Jun 20 16:56:21 eros dnsmasq[9490]: reading /var/dhcpd/var/db/dhcpd.leases
Jun 20 16:59:01 eros dnsmasq[9490]: reading /var/dhcpd/var/db/dhcpd.leases
Jun 20 18:41:08 eros dnsmasq[9490]: reading /var/dhcpd/var/db/dhcpd.leases
Jun 20 20:36:07 eros dnsmasq[9490]: reading /var/dhcpd/var/db/dhcpd.leases
Jun 20 20:41:07 eros dnsmasq[9490]: reading /var/dhcpd/var/db/dhcpd.leases
[...]

Therefore I must run /etc/rc.dyndns.update manually in order to have my WAN IP
updated.

Maybe check_reload_status is responsible because of that failure, but I can
not find its source code.

Regards,
Fabian

Re: [pfSense-discussion] RAID

2007-06-15 Thread Scott Ullrich 

On 6/15/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:


There's no SATA soft-RAID support planned in the pfsense install, right?


RAID 1 is supported if two disks are present.

Re: [pfSense-discussion] openbsd 10gb stuff

2007-06-04 Thread Scott Ullrich 

In the meantime if you have a chance do a netio or netperf test on
1.0.1 and then compare to a recent snapshot.   I would be interested
in hearing performance improvements on modern hardware as we have
mainly tested 266mhz devices over the weekend.

Scott


On 6/4/07, Greg Hennessy <[EMAIL PROTECTED]> wrote:

> One of the 10% patches have already been ported and in our tree.   We
> are seeing up to a 33% improvement in performance on some machines
> such as Soekris 266.  Stay tuned, Chris plans on blogging about the
> improvements soon.
>

Looking forward to reading all about it.


Greg

Re: [pfSense-discussion] openbsd 10gb stuff

2007-06-04 Thread Scott Ullrich 

One of the 10% patches have already been ported and in our tree.   We
are seeing up to a 33% improvement in performance on some machines
such as Soekris 266.  Stay tuned, Chris plans on blogging about the
improvements soon.

Scott


On 6/4/07, Jure Pečar <[EMAIL PROTECTED]> wrote:


Just saw this on undeadly.org:

http://www.openbsd.org/papers/cuug2007/mgp1.html

How does it affect freebsd/pf and when/if can we expect some of this work in 
pfsense?

--

Jure Pečar
http://jure.pecar.org

Re: [pfSense-discussion] MiniUPnPd security risks

2007-04-25 Thread Scott Ullrich 

On 4/25/07, DarkFoon <[EMAIL PROTECTED]> wrote:



I'm considering installing the UPnP daemon on some home/home office boxes,
and I'm curious what the security issues are.
From my own (simple) analysis, the worst that could happen is a malicious
application could ask for many, many (almost all?) of the ports above 1024
to be routed to a machine, and that an external attacker might be able to
use all the port forwards to control said malicious program from the
internet and perhaps wreak havoc on the LAN net and maybe even the pfSense
box (with a keylogger and sniff the pw for the pfSense admin).

This is assuming I don't use the custom rules that I can specify. (which I
could use to mitigate some of the damage)


Your analysis is dead on.   Any application can open their own ports.
However our package allows limiting of source ips that can use upnp
to open ports.   So you could lock this down to 1-2 ip's, etc.

Scott

Re: [pfSense-discussion] Patch submittal deadline?

2007-04-22 Thread Scott Ullrich 

RELENG_1 and -HEAD would be fine.

We are past RELENG_1_2 deadline.

Scott


On 4/22/07, Kyle Mott <[EMAIL PROTECTED]> wrote:

Do you care if the diff's/patches are from a February 1.0.1 snapshot, or
would you prefer it from a 1.2-BETA snapshot?


-Kyle

Scott Ullrich wrote:
> On 4/15/07, Kyle Mott <[EMAIL PROTECTED]> wrote:
>> Is there a deadline for submitting a patch to be included in the base
>> release? I'm still working on my EtherChannel port, but I've still got a
>> few things to work out. Will I still be able to get it in to the next
>> release (I assume 1.2), and/or 1.0.1 if I submit it soon (within the
>> week)?
>
> Unfortunately 1.2 is frozen now.   We can get it into 1.3 and the
> snapshots after 1.2 is released.
>
> Scott

Re: [pfSense-discussion] Patch submittal deadline?

2007-04-15 Thread Scott Ullrich 

On 4/15/07, Kyle Mott <[EMAIL PROTECTED]> wrote:

Is there a deadline for submitting a patch to be included in the base
release? I'm still working on my EtherChannel port, but I've still got a
few things to work out. Will I still be able to get it in to the next
release (I assume 1.2), and/or 1.0.1 if I submit it soon (within the week)?


Unfortunately 1.2 is frozen now.   We can get it into 1.3 and the
snapshots after 1.2 is released.

Scott

Re: [pfSense-discussion] 16 instance of Snort running ???

2007-04-10 Thread Scott Ullrich 

On 4/10/07, Daniele Guazzoni <[EMAIL PROTECTED]> wrote:

I upgraded to 1.0.1-SNAPSHOT-03-27-2007, running with the snort package 
installed.
Before the upgrade everything was ok, now I have 16 instances of snort running 
and crashing regularly.

Known problem ?


Yes.

Uninstall and reinstall the package.

Scott

Re: [pfSense-discussion] routing everything though an IPsec tunnel

2007-03-30 Thread Scott Ullrich 

On 3/30/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:


What I really like about pfsense/m0n0 is that it allows you
to build IPsec tunnels between firewalls. This is rather important,
because I happen to live in a country where ISPs are required to
spy on their customers by law (storing all connection info,
and allowing tapping on demand). By presenting the ISP only
a VPN tunnel all they can do is only do traffic analysis.

Since I have a few IP numbers out of my /24 I'm not using yet
I'd like to build a VPN tunnel (pfsense to pfsense) to one or
several public IPs at my hoster.


I vaguely recall someone putting 0.0.0.0 into the remote subnet field
in IPSEC and it set the default gateway to the IPSEC tunnel.  This is
all from memory and it was around version 0.80 so details are faint.
If I recall Alan from the UK was the person working with it.  Maybe he
can chime in.

Scott

Re: [pfSense-discussion] Box hangs because of PHP ?

2007-03-22 Thread Scott Ullrich 

You probably have the checkboxes checked to associate the blocked IP
with the reason.  Turning this off should result in lowered CPU usage.

On 3/22/07, Daniele Guazzoni <[EMAIL PROTECTED]> wrote:

Update done.
I was clicking around to check after the update and...
- if I want to show the "snort blocked" the PHP process is getting all CPU.

Memory and disk are ok, swap is not used.
There s something with the snort package which is not ok.


Daniele


Scott Ullrich wrote:
> No, this is not a known problem.   You might try upgrading to the
> recent snapshot:
> http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/
>
> Scott
>
>
> On 3/22/07, Daniele Guazzoni <[EMAIL PROTECTED]> wrote:
>> Fellows
>>
>> I have pfSense 1.0.1 installed on a VIA mini-ITX which regularly hangs.
>> The behaviour is that the firewall drops connections and the GUI waits
>> refresh for eternity...
>> I still was able to SSH to the box and top shows that a PHP process is
>> eating up all CPU.
>> A kill -HUP of the process frees up resources and the firewall works
>> again as expected.
>>
>> Is it a know problem or does anyone have an idea what could be the
>> cause ?
>>
>> Daniele
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailGate, and is
>> believed to be clean.
>>
>>
>

--


regards


-
Daniele Guazzoni
Senior Network Engineer, CCNP, CCNA


Linux and AMD-x86_64 or do you still with Windows and Intel ?

--
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

Re: [pfSense-discussion] Box hangs because of PHP ?

2007-03-22 Thread Scott Ullrich 

Technically now that the images are 128 megabytes its possible.  We
just never spent the time to make it work correctly.

On 3/22/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:

On Thu, Mar 22, 2007 at 12:20:12PM -0400, Scott Ullrich wrote:

> >Is there a way to upgrade 1.0.1 embedded remotely?
>
> Embedded unfortunately not.

Is this a principal (technology) limitation, or something
which can be tackled by a bounty?

--
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFGAq4QdbAkQ4sp9r4RArBkAJ98WbDCftiALlLZMIREAzGCscvg3gCgjHdp
VFaLY+VRxoJFBysqWNen1vM=
=I2Mh
-END PGP SIGNATURE-

Re: [pfSense-discussion] Box hangs because of PHP ?

2007-03-22 Thread Scott Ullrich 

On 3/22/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:

On Thu, Mar 22, 2007 at 11:56:04AM -0400, Scott Ullrich wrote:

> No, this is not a known problem.   You might try upgrading to the
> recent snapshot:
> http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

Is there a way to upgrade 1.0.1 embedded remotely?


Embedded unfortunately not.

Scott

Re: [pfSense-discussion] Box hangs because of PHP ?

2007-03-22 Thread Scott Ullrich 

No, this is not a known problem.   You might try upgrading to the
recent snapshot:
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

Scott


On 3/22/07, Daniele Guazzoni <[EMAIL PROTECTED]> wrote:

Fellows

I have pfSense 1.0.1 installed on a VIA mini-ITX which regularly hangs.
The behaviour is that the firewall drops connections and the GUI waits refresh 
for eternity...
I still was able to SSH to the box and top shows that a PHP process is eating 
up all CPU.
A kill -HUP of the process frees up resources and the firewall works again as 
expected.

Is it a know problem or does anyone have an idea what could be the cause ?

Daniele

--
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

Re: [pfSense-discussion] Cisco EtherChannel support in pfSense?

2007-03-11 Thread Scott Ullrich 

On 3/11/07, Kyle Mott <[EMAIL PROTECTED]> wrote:

I'm having a hard time deciding whether or not to use a package or just
modify the base system and provide diff's. Where should I send what I've
got thus far so I can get some opinions on what I should do (package vs
base)?


This feels more like a base system feature IMHO.

Patch information is here:
http://wiki.pfsense.com/wikka.php?wakka=SubmittingPatches

Scott

Re: [pfSense-discussion] PPPoE server mods

2007-02-28 Thread Scott Ullrich 

On 2/28/07, Paul <[EMAIL PROTECTED]> wrote:

Hi,

I "hacked" a quick mod for mpd/pppoe server to allow me to use pfsense
as an access concentrator for dial-up users (via ethernet).

Pfsense was perfectly capable of allowing access via pppoe / radius but
was missing a way for the radius server to check if a particular user
was still logged in.
This is necessary because if the access server looses connection/resets
etc, the radius server will contain active sessions that are stale. If
the user tries to login (via another access server for example), the
login will be denied because of the stale session.

One way to prevent this is to have the radius server check the old
access server. If the server cannot be accessed or the session is not
active, the old session will be removed and a new session will be created.

There're different ways to check if a user is logged (snmp being one,
telnet etc being the others), but an easy way is to make a simple a
server on a known port. Telnetting to this port shows currently logged
users.

My mod does exactly this:
-) provides iface-up and iface-down scripts for mpd to keep track of
the currently logged users.
-) modifies filter.inc, vpn_pppoe.php and the mpd config generation
script.
-) provides a simple inetd-based server to list the users (separated
from the inetd running on localhost for the nat reflection helpers).
-) provides a script for freeradius to check if a particular user is
logged on the access server.

I have not provided this via a separate package because I want it to
work on the embedded platform.

I would like to know if these mods are interesting and could be included
in the pfsense code ?
Also, what is the best way to provide them (I have a patch-set ready). ?

Paul.



http://wiki.pfsense.com/wikka.php?wakka=SubmittingPatches describes the process.

Scott

Re: [pfSense-discussion] freebsd ports vs pfsense ports

2007-02-28 Thread Scott Ullrich 

On 2/28/07, Paul <[EMAIL PROTECTED]> wrote:

Working on mpd, I saw that there's a pfSense ports directory in
/home/pfsense/tools

I need to port some custom packages to pfSense, so how do I tell the
build scripts to use my own port instead of the freebsd ones, or shall I
just copy them to /usr/ports?


We have done this previously by hand but soon I will be altering
FreeSBIE to automatically build the pfPorts tree so that the FreeBSD 7
and other architectures  binaries get updated when we build an image.
Unfortunately I do not have a timeframe as of yet.

Scott

Re: [pfSense-discussion] Developer bootstrap errors

2007-02-28 Thread Scott Ullrich 

On 2/28/07, Paul <[EMAIL PROTECTED]> wrote:

Bill Marquette wrote:
> Comment out the call to update_cvs_depot?  Or update that routine to
> better handle a development model that has no CVS access?
Modifying the function to handle SKIP_CHECKOUT (which is documented in
in the wiki) is trivial, as is more trivial to comment it out all toghether.

What beats me is that there seems to be a documented method to
skip the checkout process, hence it's clearly not implemented (I
wonder...).
You can imagine my surprise when a few hours of work were wiped away
because the build scripts just delete the pfsense source directory and
then proceed to checkout the CVS version. This and other things I
encountered in the build scripts certainly raise the bar for starting
development.

I will be very happy to provide a patch for builder_common.sh but I'm
not sure if I should just post it or submit it by other means. I am sure
Scott and other developers have fixed this in their local scripts, and
perhaps forgot to put it in CVS.
> I know, not
> optimal, but FWIW, I wouldn't mind it if someone hacked in a method to
> pull down the tree via other means (such as say mercurial, or
> subversion) so you could have a local cvs->other scm bridge and worked
> on the local scm.
The point is that CVS can already handle a local/remote repository (as
can mercurial, subversion etc) All you need is to point it to the
right places *by hand* and *when needed*. This way you can have a local
copy of the code, an official tree in the pfsense CVS and also a local
CVS tree with your modifications.

a "cvsupdate_current.sh" would be expected to do this: update the cvs to
the version specified in the tags of pfsense_local.sh
a "build_iso.sh" should just do that... build.

Am I missing something?

Paul





Please take a look at
http://pfsense.com/cgi-bin/cvsweb.cgi/tools/snapshot_server/build_snapshots.sh

There is a reason the builder system is unsupported, because it is
quite complicated.

Scott

Re: [pfSense-discussion] DST patch

2007-02-23 Thread Scott Ullrich 

Sorry but we do not give out firm dates.  When it is done is the answer.

Either way folks can upgrade to the latest version which features
FreeBSD 6.2 from
http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/ so its a moot
point.

Scott


On 2/23/07, Dmitry Sorokin <[EMAIL PROTECTED]> wrote:

Hi All,

Just wandering if new version based on FreeBSD 6.2 will be released before
March 11th or a patch of some king will be posted to address this issue.

Please check this thread:

http://docs.freebsd.org/cgi/getmsg.cgi?
fetch=1494952+0+/usr/local/www/db/text/2007/freebsd-questions/20070204.freebsd-
questions

Best regards,
Dmitry


Spam detection software, running on the system "intellinet.ca", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
The administrator of that system for details.

Content preview:  Dear Friend, Wonderful download site for your favourite
  ring tones and hello tunes in English, Hindi and All South Indian
  Languages…!!! http://simurl.com/rngtns [...]

Content analysis details:   (9.5 points, 5.0 required)

 pts rule name  description
 -- --
 0.0 DK_SIGNED  Domain Keys: message has an unverified signature
 1.6 DEAR_FRIENDBODY: Dear Friend? That's not very dear!
 0.1 HTML_90_100BODY: Message is 90% to 100% HTML
 0.0 HTML_MESSAGE   BODY: HTML included in message
 3.5 BAYES_99   BODY: Bayesian spam probability is 99 to 100%
[score: 1.]
 2.3 HTML_TINY_FONT RAW: body contains 1 or 0-point font
 0.4 SARE_SPEC_LEO_LINE03a  RAW: common Leo body text
 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
 1.4 DNS_FROM_RFC_WHOIS RBL: Envelope sender in whois.rfc-ignorant.org
 0.2 URIBL_GREY Contains an URL listed in the URIBL greylist
[URIs: simurl.com]
 0.3 PLING_PLINGSubject has lots of exclamation marks
 0.8 MANY_EXCLAMATIONS  Subject has many exclamations
-1.5 AWLAWL: From: address is in the auto white-list

Re: [pfSense-discussion] Getting development environment set

2007-02-19 Thread Scott Ullrich 

It is up and running just fine?!

Scott


On 2/19/07, Simon Cornelius P. Umacob <[EMAIL PROTECTED]> wrote:


Everything was fine a few hours ago.  cvs.pfsense.com seems to be
offline now. :)


Florent Parent wrote:
>
> Hi,
>
> My goal is to create a development environment in VMware. I want to do
> code modifications and testing, and keep track of the current development.
>
> Here are the steps I'm trying :
>
> Download
> 
> In VMware, create FreeBSD system, 10G disk, 256Mb RAM, 2 NICs
> Boot ISO in VMware
> Setup LAN and WAN. Made sure that WAN has internet access for future
> download.
> Choose option to copy installation to disk (99, i think)
> Reboot (removed ISO)
> After reboot, I start a shell on console and I'm offered to "tail" the
> rebuild process.
> This goes on for a while...
>
> Then everything stops wit "cvsup: not found". Also multiple errors
> during a patch process in FreeSBIE 2.
>
> I double check that I have connectivity (suspecting that package install
> failed somewhere). The  "/usr/local/etc/rc.d/dev_bootstrap.sh start"
>
> But that fails as:
>  Building world for i386 architecture 
 Rebuilding the temporary build tree
 stage 1.1: legacy release compatibility shims
 stage 1.2: bootstrap tools
 stage 2.1: cleaning up the object tree
 stage 2.2: rebuilding the object tree
 stage 2.3: build tools
 stage 3: cross tools
 stage 4.1: building includes
 stage 4.2: building libraries
> Terminated
> Something went wrong, check errors!
> Log saved on /usr/obj.pfSense/home/pfsense/freesbie2/.tmp_buildworld
> *** Signal 15
>
> Stop in /home/pfsense/freesbie2.
> + /usr/bin/killall tail
> No matching processes were found
> + [ -f /usr/obj.pfSense/pfSense.iso ]
> #
>
> Interestingly, there is no /usr/obj.pfSense/ directory ...
>
> Can someone provide some pointers?
>
> Thanks
> Florent
>
>
>

Re: [pfSense-discussion] m0n0wall to PFSense

2007-02-15 Thread Scott Ullrich 

On 2/15/07, Salcido, Cesar <[EMAIL PROTECTED]> wrote:



If I were to install PFSense on my Nokia P020 "m0n0wall currently installed"
could I use my existing config.xml with PFSense?


Please see 
http://faq.pfsense.com/index.php?action=artikel&cat=4&id=89&artlang=en&highlight=m0n0wall%20config

Re: [pfSense-discussion] Searched Google but nada

2007-02-14 Thread Scott Ullrich 

On 2/14/07, Chris Godwin <[EMAIL PROTECTED]> wrote:

I'm getting a sync error. Both boxes are running 1.0.1 on a hacomm i386
box.


I have added additional code to the XMLRPC sync area to hopefully tell
us what is going on.   Upgrade to a new snapshot an hour from now
(around 9pm EST).

http://snapshots.pfsense.com/FreeBSD6/RELENG_1/updates/

Scott

Re: [pfSense-discussion] weighted / failover routing

2007-02-03 Thread Scott Ullrich 

On 2/3/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
[snip - html stuff snipped]

Guys,

been using pfsense for a while now, and love it.

previously I used lots of openvpn - but with using pfsense and WRAP boxes, and 
CARP failover - I've moved to IPsec for a few reasons:

- openvpn under pfsense was unreliable, sometimes the whole openvpn processes 
quit, and the box is needed to be restarted
- openvpn and CARP didnt play very well, or perhaps I didnt try enough. but 
CARP and ipsec seem fine

The advantage openvpn did have, was being able to try multiple IPs from the 
client end, and by routing different destinations over different connections, 
it failed over nicely - keeps conncections intact, and bringing the same subnet 
up over the 2nd connection. It didnt really have a prefered connection, but 
atleast it did failover.


This has been fixed.   Please see http://pfsense.blogspot.com/

Scott

Re: [pfSense-discussion] about manage a lot of pfsense in one console interface

2007-01-18 Thread Scott Ullrich 

On 1/18/07, Cristian Mata <[EMAIL PROTECTED]> wrote:

Thks Scoot, wich is the name of the rules file? Because en my freebsd y have
pf.conf but in pfsense... the rules are in the xml file?

Thanks in advance.



Look at /tmp/rules.debug

Scott

Re: [pfSense-discussion] about manage a lot of pfsense in one console interface

2007-01-18 Thread Scott Ullrich 

No, this unfortunately will not work like this is outlined PF and IPF
are a little too different.  But you can use one of our anchors in the
rules file to insert and remove rules from cron easier than IPF.

On 1/18/07, Sjaak Nabuurs <[EMAIL PROTECTED]> wrote:

Cristian


Maybe this is a sugestion in your direction.
I've no idea if it can be used in pfsense.


http://wiki.m0n0.ch/wikka.php?wakka=PoorMansTimeBasedRules

Good luck


Sjaak


Cristian Mata wrote:

>
>Hi, I have a problem actually, we have 43 points with pfsense (in vpn
>ipsec), are there anything to monitor that's in unique console? Because is
>very complex monitor that's one to one.
>
>In addition, you have any tool to apply rules in a lot pfsense to the some
>times?
>
>thanks
>
>
>Cristian
>
>
>
>
>
>

Re: [pfSense-discussion] Source based redirection

2007-01-16 Thread Scott Ullrich 

Nobody is working on it to my knowledge.

Scott


On 1/16/07, Adam Van Ornum <[EMAIL PROTECTED]> wrote:


Is anyone working on source based redirection?  I checked in the forums and
one guy had been working on it supposedly but apparently he disappeared.
Its a feature I need and I might try doing it myself if no one else is
actively working on it.


Get into the holiday spirit, chat with Santa on Messenger.  Ho-Ho-Ho!

Re: [pfSense-discussion] VideoConference problems

2007-01-08 Thread Scott Ullrich 

No, you do not want source port, you want destination port.


On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:

Hi, i send the screen shots with the port 1720 of netmeeting

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, January 08, 2007 3:59 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] VideoConference problems

You need to define the port in question as well.

Scott


On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:
> Here I send the screenshots, please inform me if I have configured
anything
> wrong
>
>
> Thansks!
>
> -----Original Message-
> From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 08, 2007 3:24 PM
> To: discussion@pfsense.com
> Subject: Re: [pfSense-discussion] VideoConference problems
>
> Show a screen shot of the rules summary page (the page where you can
> add/edit/delete advanced outbound nat items).   Also show a screenshot
> of the actual items setting as well.
>
> On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
> <[EMAIL PROTECTED]> wrote:
> > Hi!
> >
> > I created the advanced outbound NAT, but my netmeeting machine behind
> > Pfsense don't have video and sound yet.
> >
> > I was reading the forum but said the same below
> >
> >
> > -Original Message-
> > From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> > Sent: Monday, January 08, 2007 12:19 PM
> > To: discussion@pfsense.com
> > Subject: Re: [pfSense-discussion] VideoConference problems
> >
> > Same situation that VOIP folks run into.   Create an advanced outbound
> > NAT rule for this particular port, move it to the top and be sure to
> > enable the static pot option for the rule in question.
> >
> > Also search the forum for static port, it's discussed about once a
> > week at least.
> >
> > Scott
> >
> > On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
> > <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > >
> > > Hi!
> > >
> > >
> > >
> > > Anybody can help me, I connect from my home without pfsense to
> > videoconference device, but when I try connect at work with pfsense
> firewall
> > I don't have video and sound
> > >
> > >
> > >
> > > Anybody knows why?
> > >
> > >
> > >
> > >
> > > Carlos J. Sánchez
> > >
> > > Redes y Telecomunicaciones
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > [EMAIL PROTECTED]
> > >
> > > www.americancallcenter.com
> > >
> > >
> > >
> > > Av. Fco. de Orellana 111 Edif. WTC Torre B Of. 812
> > >Guayaquil, Ecuador
> > >
> > >
> > > Tel.   +593 (4) 263-0750 – Ext. 5140
> > >Fax.  +593 (4) 263-0764
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>
>

Re: [pfSense-discussion] VideoConference problems

2007-01-08 Thread Scott Ullrich 

You need to define the port in question as well.

Scott


On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:

Here I send the screenshots, please inform me if I have configured anything
wrong


Thansks!

-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, January 08, 2007 3:24 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] VideoConference problems

Show a screen shot of the rules summary page (the page where you can
add/edit/delete advanced outbound nat items).   Also show a screenshot
of the actual items setting as well.

On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:
> Hi!
>
> I created the advanced outbound NAT, but my netmeeting machine behind
> Pfsense don't have video and sound yet.
>
> I was reading the forum but said the same below
>
>
> -Original Message-
> From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> Sent: Monday, January 08, 2007 12:19 PM
> To: discussion@pfsense.com
> Subject: Re: [pfSense-discussion] VideoConference problems
>
> Same situation that VOIP folks run into.   Create an advanced outbound
> NAT rule for this particular port, move it to the top and be sure to
> enable the static pot option for the rule in question.
>
> Also search the forum for static port, it's discussed about once a
> week at least.
>
> Scott
>
> On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
> <[EMAIL PROTECTED]> wrote:
> >
> >
> >
> >
> > Hi!
> >
> >
> >
> > Anybody can help me, I connect from my home without pfsense to
> videoconference device, but when I try connect at work with pfsense
firewall
> I don't have video and sound
> >
> >
> >
> > Anybody knows why?
> >
> >
> >
> >
> > Carlos J. Sánchez
> >
> > Redes y Telecomunicaciones
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > [EMAIL PROTECTED]
> >
> > www.americancallcenter.com
> >
> >
> >
> > Av. Fco. de Orellana 111 Edif. WTC Torre B Of. 812
> >Guayaquil, Ecuador
> >
> >
> > Tel.   +593 (4) 263-0750 – Ext. 5140
> >Fax.  +593 (4) 263-0764
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>

Re: [pfSense-discussion] VideoConference problems

2007-01-08 Thread Scott Ullrich 

Show a screen shot of the rules summary page (the page where you can
add/edit/delete advanced outbound nat items).   Also show a screenshot
of the actual items setting as well.

On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:

Hi!

I created the advanced outbound NAT, but my netmeeting machine behind
Pfsense don't have video and sound yet.

I was reading the forum but said the same below


-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Monday, January 08, 2007 12:19 PM
To: discussion@pfsense.com
Subject: Re: [pfSense-discussion] VideoConference problems

Same situation that VOIP folks run into.   Create an advanced outbound
NAT rule for this particular port, move it to the top and be sure to
enable the static pot option for the rule in question.

Also search the forum for static port, it's discussed about once a
week at least.

Scott

On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:
>
>
>
>
> Hi!
>
>
>
> Anybody can help me, I connect from my home without pfsense to
videoconference device, but when I try connect at work with pfsense firewall
I don't have video and sound
>
>
>
> Anybody knows why?
>
>
>
>
> Carlos J. Sánchez
>
> Redes y Telecomunicaciones
>
>
>
>
>
>
>
>
>
> [EMAIL PROTECTED]
>
> www.americancallcenter.com
>
>
>
> Av. Fco. de Orellana 111 Edif. WTC Torre B Of. 812
>Guayaquil, Ecuador
>
>
> Tel.   +593 (4) 263-0750 – Ext. 5140
>Fax.  +593 (4) 263-0764
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

Re: [pfSense-discussion] VideoConference problems

2007-01-08 Thread Scott Ullrich 

Same situation that VOIP folks run into.   Create an advanced outbound
NAT rule for this particular port, move it to the top and be sure to
enable the static pot option for the rule in question.

Also search the forum for static port, it's discussed about once a
week at least.

Scott

On 1/8/07, Carlos Julio Sánchez [ACC-SIS]
<[EMAIL PROTECTED]> wrote:





Hi!



Anybody can help me, I connect from my home without pfsense to videoconference 
device, but when I try connect at work with pfsense firewall I don't have video 
and sound



Anybody knows why?




Carlos J. Sánchez

Redes y Telecomunicaciones









[EMAIL PROTECTED]

www.americancallcenter.com



Av. Fco. de Orellana 111 Edif. WTC Torre B Of. 812
   Guayaquil, Ecuador


Tel.   +593 (4) 263-0750 – Ext. 5140
   Fax.  +593 (4) 263-0764

Re: [pfSense-discussion] Memory issue

2006-12-28 Thread Scott Ullrich 

FreeBSD will buffer as much ram as you give it IIRC.  What you really
should monitor is top from a shell if you are this worried.   I would
not be worried at all until memory is in the 90+.

Scott


On 12/28/06, Jack Mayhew <[EMAIL PROTECTED]> wrote:

I'm seeing the same thing (ver 1.0.1 - though I originally installed
Snort while running an earlier version)- removed Snort a few months ago
(not sure what version I was running when I removed it - upgraded
since), but it is still showing up in Top (state is bpf).  Memory use
was up to 78%, dropped to 32% after I killed the process using Command.
However, a few minutes later, it was back (in Top) in the bpf state
again, and memory usage was back up to 68%!  Seems like an issue with
the removal process? Doesn't ever seem to bring the system down, but I
will probably do a reinstall as well (pretty painless with the CD and
saved config)...

Other than that, running like a top on an old HP Vectra 733MHz PIII box
with a CF card, and an Intel dual NIC card in addition to the on board
NIC (a 3Com).  I forget how much memory it has, but dmesg claims around
190 Meg total.  Been rock solid (been up now for 22 days, due to our
power being out for several hours back then, but other than that, has
never gone down unless I told it to!  I had been using M0n0wall on a
Soekris 4501, which had been working flawlessly, but switched to pfSense
to check out the packages, and maybe Carp eventually. Thanks for a great
piece of work!

Regards,
Jack Mayhew

Mike Johnson- Southwestech Computers wrote:
> Thanks. I am leaning towards that as well. Not the "fix" I was looking
> for, but it is what has to be done... quick and dirty. Thanks Holger
>
>
>
>
> Holger Bauer wrote:
>> I recommend a reinstall. Backup your config.xml without package settings
>> (it's an option at diagnostics>backup/restore.
>>
>> Holger
>> -Original Message-
>> From: Mike Johnson- Southwestech Computers
>> [mailto:[EMAIL PROTECTED] Sent: Thursday, December 28, 2006 5:49 PM
>> To: discussion@pfsense.com
>> Subject: Re: [pfSense-discussion] Memory issue

Re: [pfSense-discussion] Known PFsense Limits?

2006-12-15 Thread Scott Ullrich 

On 12/15/06, Odette <[EMAIL PROTECTED]> wrote:

FYI, I've successfully substituted Linux-iptables with PFsense on Soekris
net4801 using 5 eth ports and everything have been running fine for more than
30 days.

About the rule translation nightmare: aliases and rules optimization permitted
me to convert the 1000 lines in about 50 rules. Great!
I think it would be a great enhacement to be able to define "aliases of
aliases" to reduce further more the ruleset managing complexity.


Yes, agree'd.  I would also like to see this in a future version.


Thanks again to everybody involved in PFsense dvelopment and support!


Glad that it worked out for you.

Scott

  1   2   3   4   5   >