Re: [pfSense-discussion] I am confused...

2005-07-21 Thread Bill Marquette
More info please. What rules did you add? Both NAT and filter please. --Bill On 7/21/05, Kim C. Callis [EMAIL PROTECTED] wrote: I went into rules to add access to SSH and HTTPS, and added entries on the WAN interface. Is there something else that I need to add, because I am still not able

Re: [pfSense-discussion] Follow-up to updating...

2005-07-23 Thread Bill Marquette
On 7/23/05, Kim C. Callis [EMAIL PROTECTED] wrote: Do I need to load the updates in order or can I just download the latest.tgz and call it a day? All images are currently full firmware updates. You can download any of the updates in the updates directory and apply to go to that version.

Re: [pfSense-discussion] iperf

2005-08-12 Thread Bill Marquette
Sweet :) That sounds more like it. --Bill On 8/12/05, Matthew Lenz [EMAIL PROTECTED] wrote: client: iperf -P 2 -w 128k -c server server: iperf -w 128k -s yeilded 940 Mbit/sec - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: Matthew Lenz [EMAIL PROTECTED] Cc

Re: [pfSense-discussion] error(s) loading the rules

2005-08-20 Thread Bill Marquette
Yes, don't use .75 it's likely to screw up your configuration. Do a fresh install of .77 and don't import the old config. --Bill On 8/20/05, sai [EMAIL PROTECTED] wrote: using version 0.75 got : -- php: There were error(s) loading the rules: /tmp/rules.debug:114: syntax error

Re: [pfSense-discussion] sync of config between machines isn't working

2005-08-23 Thread Bill Marquette
Any chance the web interface is set to use https instead of http? We've still got a small issue with our php and it's insistence that it's got SSL included when it really doesn't. --Bill On 8/23/05, Matthew Lenz [EMAIL PROTECTED] wrote: My config changes are not being synced to fw1 when I make

Re: [pfSense-discussion] Dual WAN setup help

2005-08-23 Thread Bill Marquette
I'll try and put some screenshots together this weekend on how I made this work. I think I'm gonna make a small modification to the rules summary screen too so you can see what gateways we're using. --Bill On 8/23/05, Tim Roberts [EMAIL PROTECTED] wrote: When I do edit the default LAN rule and

Re: [pfSense-discussion] sync of config between machines isn't working

2005-08-23 Thread Bill Marquette
I'm pretty sure we'd have to spawn two instances. I'm looking into this though, we'll see what we can do. In the meantime you _might_ be able to install stunnel and point sync to localhost - I think that'll break a couple of things that we sync, but rules and nat's won't be one of them. --Bill

Re: [pfSense-discussion] Traffic Shaper Wizard: doesn't seem to affect IPSEC clients

2005-08-23 Thread Bill Marquette
On 8/23/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: But if I look at the Queue Status page, none of the queues that ESP traffic is supposed to take are being used. Any ideas? Where do I start in the debugging process? Thanks in advance. Try and figure out which queue it's matching (you'll

Re: [pfSense-discussion] Traffic Shaper Wizard: doesn't seem to affect IPSEC clients

2005-08-23 Thread Bill Marquette
On 8/23/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hmm, it appears to be in the correct queue now. Is it possible that I needed to end my VPN session and restart it, if the session was started prior to the traffic shaping wizard? Yup, that would do it. Shaper changes will not take

Re: [pfSense-discussion] pfSense 0.79.2

2005-08-23 Thread Bill Marquette
It's a little raw, but http://cvstrac.pfsense.com/timeline or for those of you with the RSS obsession ;) http://cvstrac.pfsense.com/timeline.rss --Bill On 8/23/05, Nate Davis [EMAIL PROTECTED] wrote: Woops, forgot to post this to the Mailing List :) Hey Scott, I wish to also

Re: [pfSense-discussion] Multi-WAN troubles still

2005-08-23 Thread Bill Marquette
On 8/23/05, Tim Roberts [EMAIL PROTECTED] wrote: Is there a mini how too lying around on setting up multi-wan stuff or is this still too new? http://pfsense.blogspot.com/2005/06/multi-wan.html --Bill

Re: [pfSense-discussion] Upgrade from 0.79

2005-08-25 Thread Bill Marquette
On 8/25/05, Damien Dupertuis [EMAIL PROTECTED] wrote: I re-installed the whole thing from the beggining and waited. Today I saw the 0.79.4 version. Again I installed it and the same problem arise... Anybody with a similar problem? Did you restore your config file from .79? If so, please

Fwd: [pfSense-discussion] carp netmask

2005-08-25 Thread Bill Marquette
Ooops...reply all Bill reply all! --Bill -- Forwarded message -- From: Bill Marquette [EMAIL PROTECTED] Date: Aug 25, 2005 10:21 AM Subject: Re: [pfSense-discussion] carp netmask To: Matthew Lenz [EMAIL PROTECTED] Actual netmask of the network the CARP address lives on...a /32

Re: Fwd: [pfSense-discussion] carp netmask

2005-08-25 Thread Bill Marquette
[EMAIL PROTECTED] wrote: Maybe it was a bug in that specific version of pfSense I was using at the time because i couldn't get the network to function until i changed them to /32's. Maybe I'll give it a shot again at some point. On Thu, 2005-08-25 at 10:21 -0500, Bill Marquette wrote: Actual

Re: [pfSense-discussion] NAT-T

2005-08-25 Thread Bill Marquette
Does our IPSec implementation support it, or does NAT-T on a client behind the pfSense box work? To the former, no. To the latter, yes. --Bill On 8/25/05, Homero Thomsom [EMAIL PROTECTED] wrote: Does pfsense support NAT-Traversal ? Thanx. HT. Buenos Aires, Argentina.

Re: [pfSense-discussion] wan interface failed causing carp failover

2005-08-27 Thread Bill Marquette
Oh, you will have to reboot after mucking with preempt settings and BOTH boxes have to have it set. --Bill On 8/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Per 'man carp' net.inet.carp.preempt Allow virtual hosts to preempt each other

Re: [pfSense-discussion] wan interface failed causing carp failover

2005-08-27 Thread Bill Marquette
On 8/27/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 8/27/05, Bill Marquette [EMAIL PROTECTED] wrote: Oh, you will have to reboot after mucking with preempt settings and BOTH boxes have to have it set. Not on recent versions. I changed the CARP settings screen to call both of our carp

Re: [pfSense-discussion] L3 load balancer

2005-08-31 Thread Bill Marquette
We use slb for it's monitoring code in the outbound load balancing as well as for the inbound stuff. LVS won't help us there. --Bill On 8/31/05, Randy B [EMAIL PROTECTED] wrote: Just noting that the current LB package used is sldb and that it's avery much dead project, actively seeking a new

Re: [pfSense-discussion] HoneyD

2005-09-21 Thread Bill Marquette
FreeBSD ports don't include pfSense gui code. A pfSense package will need to be written and at this time it will need to be written by someone other than the core dev team. We're not adding any further functionality until after the first release. --Bill On 9/21/05, christiaan [EMAIL PROTECTED]

Re: [pfSense-discussion] Traffic Shaper

2005-09-24 Thread Bill Marquette
On 9/24/05, Mojo Jojo [EMAIL PROTECTED] wrote: OK, since I have most of PfSense setup the way I want, I am now ready to dive into traffic shaping. Traffic shaping is a big reason we went with PFSense. We have a softswitch (Asterisk) on site behind our PfSense box. We are looking to do some

Re: [pfSense-discussion] Traffic Shaper

2005-09-24 Thread Bill Marquette
On 9/24/05, Mojo Jojo [EMAIL PROTECTED] wrote: Also, I assume the wizard only prioritizes the SIP port? Does it prioritize any other ports like the IAX ports, RTP and so on? The asterisk setting prioritizes UDP 5060-5069 and UDP 1-17226 (no idea why - SIP maybe?) This may help:

Re: [pfSense-discussion] Traffic Shaper

2005-09-24 Thread Bill Marquette
run the wizard? - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Saturday, September 24, 2005 6:14 PM Subject: Re: [pfSense-discussion] Traffic Shaper On 9/24/05, Mojo Jojo [EMAIL PROTECTED] wrote: Also, I assume the wizard

Re: [pfSense-discussion] Traffic Shaper

2005-09-24 Thread Bill Marquette
after I run the wizard? - Original Message - From: Bill Marquette [EMAIL PROTECTED] To: discussion@pfsense.com Sent: Saturday, September 24, 2005 6:14 PM Subject: Re: [pfSense-discussion] Traffic Shaper On 9/24/05, Mojo Jojo [EMAIL PROTECTED] wrote: Also, I assume

Re: [pfSense-discussion] Traffic Shaper

2005-09-24 Thread Bill Marquette
On 9/24/05, Mojo Jojo [EMAIL PROTECTED] wrote: Not sure what you mean by only gracefully handles home networks.. It was designed with the 80/20 rule...the vast majority of our users have an WAN and a LAN and that's it. My setup is using the OPT1 inteface bridged to the WAN interface, I have

Re: [pfSense-discussion] Compact Flash images!

2005-09-27 Thread Bill Marquette
Please re-run the shaper wizard. We changed the location of the scheduler variable and for whatever reason the code I commited to move that information to the new location didn't work :-/ --Bill On 9/27/05, Imre Ispanovits [EMAIL PROTECTED] wrote: Hi Bao, I'm testing the 128MB pc image V

Re: [pfSense-discussion] What about a Ramdisk?

2005-09-30 Thread Bill Marquette
On 9/30/05, Tommaso Di Donato [EMAIL PROTECTED] wrote: Mmmh... I must admin I have some difficuties in following you in your thoughts... On 9/30/05, Travis H. [EMAIL PROTECTED] wrote: I want to mention that you can also use SOCKS as a proxy. Many clients support this non-transparently

Re: [pfSense-discussion] Can I use the LAN interface as the CARP interface?

2005-10-04 Thread Bill Marquette
On 10/4/05, Mojo Jojo [EMAIL PROTECTED] wrote: Can I use the LAN interface as the CARP interface? I am not using the LAN interface for anything and hate to waste a NIC.. OK, also I have to go to the damn store and buy another :) eh I know with the amount of posts you've had, I should

Re: [pfSense-discussion] problem with vlans

2005-10-05 Thread Bill Marquette
On 10/5/05, Chun Wong [EMAIL PROTECTED] wrote: now I am learning the way pfsense handles rules, esp. the implied ones. heh, that's something I plan on eventually providing more visibility into - we're just not there yet :) --Bill

Re: [pfSense-discussion] mac filtering

2005-10-14 Thread Bill Marquette
On 10/14/05, Marc-Henri Boisis-Delavaud [EMAIL PROTECTED] wrote: This is not my question, I would like to know how you make as m0n0wall a verification of authenticated client mac address, with pf ? I think it was possible only with ipfw. We use ipfw as Scott mentioned, but this is trivial to

Re: [pfSense-discussion] mac filtering

2005-10-15 Thread Bill Marquette
On 10/15/05, Greg Hennessy [EMAIL PROTECTED] wrote: IIRC one can tag with the recently imported if_bridge code and then refer to these tags in /etc/pf.conf. Exactly :) Thanks Greg. OpenBSD-centric http://www.openbsd.org/faq/pf/tagging.html but I'm confident it applies to FreeBSD since it's

Re: [pfSense-discussion] Can PFsense do this ?

2005-10-15 Thread Bill Marquette
Interesting. Hadn't heard of IPA - this might be doable as a package after 1.0. --Bill On 10/15/05, chris [EMAIL PROTECTED] wrote: Hi I noticed this on the IPCops.com forum and thought it might be of interest to PFsense. Post subject: Routed networks, per IP download limits and speed

Re: [pfSense-discussion] Donations needed

2005-10-19 Thread Bill Marquette
On 10/19/05, Matthew Lenz [EMAIL PROTECTED] wrote: i've got so many spare drives it is sick. what kind are you looking for? also, I've got that managed switch I promised for the load balancing work ready to be shipped. If you'd like I can send a long a drive as well. just let me know what

Re: [pfSense-discussion] shaper

2005-10-21 Thread Bill Marquette
On 10/21/05, sai [EMAIL PROTECTED] wrote: [1] The last rule that matches a packet will be executed. I think it would be better if we had shaper rule matching work in the same way as the firewall rules, ie first match being executed. I think orthogonality is the word I am looking for, but its

Re: [pfSense-discussion] NAT port redirection broken?

2005-10-21 Thread Bill Marquette
This is a known bug and is fixed in CVS, update_files.sh /etc/inc/filter.inc please. --Bill On 10/21/05, Lawrence Farr [EMAIL PROTECTED] wrote: I have version 0.88, and when redirecting a specific port to a different port, the resulting rule has no port specified. eg rdr on em1 inet proto

Re: [pfSense-discussion] authpf package

2005-10-26 Thread Bill Marquette
On 10/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: Is there any way to easily hook pam/radius up to authpf? Yes, but that handles the passwords, not the fact that the user needs to have an account on the box (radius doesn't give back UID/GID and shell information). --Bill

Re: [pfSense-discussion] Restricted viewing...

2005-10-28 Thread Bill Marquette
On 10/28/05, Scott Ullrich [EMAIL PROTECTED] wrote: On 10/28/05, Kim C. Callis [EMAIL PROTECTED] wrote: I have a client that want to be able to view graphs and other general reports. Is there a way to make a strictly report based web interface, which will allow some to see things like

Re: [pfSense-discussion] __Shaping__ UI

2005-10-31 Thread Bill Marquette
On 10/31/05, sai [EMAIL PROTECTED] wrote: This is in response to a post Chris made (see below) on the m0n0 list. Personally I would prefer a fully functional shaper with a difficult to use UserInterface rather than a very limited shaper with easy to use UI. To be clear, the limitations occur

Re: [pfSense-discussion] limit destination ports

2005-10-31 Thread Bill Marquette
On 10/30/05, dny [EMAIL PROTECTED] wrote: hi. i want to setup wifi interface to allow user to use only the internet. i like to setup a firewall rule like this: pass, if: wifi, source: wifi subnet, dest: wan, dest port: 1-1 q1: why no wan option in destination? WAN would be the WAN

Re: [pfSense-discussion] how do I not rdr with pfsense

2005-10-31 Thread Bill Marquette
On 10/31/05, Etienne Ledoux [EMAIL PROTECTED] wrote: I'm using pfsense to redirect all outgoing http traffic to a transparent proxy. But I need to not redirect a specific range when browsing to that specific range. pf supports not rdr as well as other options to achieve this. But I can't

Re: [pfSense-discussion] how do I not rdr with pfsense

2005-11-01 Thread Bill Marquette
Your thread kind of got hijacked. You're problem was addressed in a reply to you, not to Alan. Looking, the Port Forward screen doesn't appear to have a 'not' option. So yes, right now, I'd say there's no quick solution, without code. --Bill On 11/1/05, Etienne Ledoux [EMAIL PROTECTED] wrote:

Re: [pfSense-discussion] Re: PXE/TFTP install

2005-11-08 Thread Bill Marquette
On 11/8/05, Bill Plein [EMAIL PROTECTED] wrote: On 11/8/05, Scott Ullrich [EMAIL PROTECTED] wrote: Already been done. See http://doc.m0n0.ch/handbook/faq-hiddenopts.html Nice! Sometimes I'm not sure when to depend on the m0n0 handbook and when not too (grin) Uhhh, use it until it

Re: [pfSense-discussion] WRAP Power Supply

2005-11-08 Thread Bill Marquette
I would note that the Soekris supplies really suck. I've seen them supply undervoltage causing most unique problems. I'd personally buy a better supply with a higher amp rating and make sure it's pumping out the right voltage when you get it, if it's not send it back (it wouldn't hurt to pick up

Re: [pfSense-discussion] Squid and traffic shaper

2005-11-17 Thread Bill Marquette
This couldn't have been a more timely question. Here's a post from the author of pf that explains all you'd ever want to know about shaping. --Bill From: Daniel Hartmeier [EMAIL PROTECTED] This question pops up frequently, if this reply is too wordy, that's just so I can reference it in the

Re: [pfSense-discussion] Squid and traffic shaper

2005-11-17 Thread Bill Marquette
-Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 17 November 2005 15:10 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] Squid and traffic shaper This couldn't have been a more timely question. Here's a post from the author of pf that explains all you'd

Re: [pfSense-discussion] Unfork m0n0wall

2005-11-27 Thread Bill Marquette
On 11/27/05, Bennett [EMAIL PROTECTED] wrote: I've been looking for an open source firewall. I found m0n0wall, IPCop, and few others. I thought m0n0wall was great, but then I came across pfSense, and it was even better, picking up where m0n0wall left off. I think you just summarized the fork

Re: [pfSense-discussion] Re: Newbie Q: security of php on perimeter firewall

2005-11-28 Thread Bill Marquette
On 11/28/05, Lists [EMAIL PROTECTED] wrote: system a bit better. the web server is thttpd, but i see lighttpd also in the cvs tree so they might be migrating to it. Actually it's mini_httpd (although we do have thttpd in the tree - not sure why). And yes, we're moving to lighttpd for FastCGI

Re: [pfSense-discussion] Newbie Q: security of php on perimeter firewall

2005-11-28 Thread Bill Marquette
On 11/28/05, Chris Buechler [EMAIL PROTECTED] wrote: This part of the architecture has changed slightly from m0n0wall I believe, so if I go astray here, somebody kick me back into shape. ;) *kick* Basically, you can't get to PHP without first being authenticated. At this point, if you're

Re: [pfSense-discussion] Newbie Q: security of php on perimeter firewall

2005-11-28 Thread Bill Marquette
On 11/28/05, Sanjay Arora [EMAIL PROTECTED] wrote: However, I would like to make one request to the project design...users be given easily configured modular way to remove (i.e. not compile in) services they do not want on the pfsense box, i.e. the ones that are not basic to the basic

Re: [pfSense-discussion] Guidance for newbies in documentation

2005-12-25 Thread Bill Marquette
On 12/25/05, naveen [EMAIL PROTECTED] wrote: Hi All iam new to PFsense. i have two querires regarding PFsense. 1) Does Pfsense support any IP/any DNS ( which is usefull in hotspots, wireless users no need to change their IP address in Laptops) No, but most laptops use DHCP anyway, so this

Re: [pfSense-discussion] Help!!! :)

2005-12-30 Thread Bill Marquette
You see a trend here? --Bill On 12/30/05, Scott Ullrich [EMAIL PROTECTED] wrote: Add a rule to allow traffic to port 80 on the WAN. On 12/30/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Ok, I can ping the interface, I am just not getting the web interface to come up K. On Fri,

Re: [pfSense-discussion] access NATed services by the public IP address from LAN review

2006-01-06 Thread Bill Marquette
Someone hasn't done their research. This has been answered in the ML, the forum, the FAQ, AND the blog. --Bill On 1/6/06, Claudio Castro [EMAIL PROTECTED] wrote: Scott Ullrich escribió: Do you have a question? Of course, cant you read? So, that means that if I have my NATed services in

Re: [pfSense-discussion] feature request: vmps

2006-01-16 Thread Bill Marquette
Looks like something someone interested in writing a package should do. The GPL'd nature means that it's unlikely to ever make it into pfSense core (we're only adding BSD license-compatible software - BSD, MIT, etc) without a complete rewrite or a license change. --Bill On 1/16/06, Jure Pečar

Re: [pfSense-discussion] Set an OPT2 interface UDP rule with static-port option

2006-01-27 Thread Bill Marquette
On 1/27/06, Adam Gibson [EMAIL PROTECTED] wrote: I need quake4 UDP master server updates to try and keep the real source port when going through NAT. The master servers use the src port that they receive when listing your server. I noticed that pf does support that capability through the

Re: [pfSense-discussion] Set an OPT2 interface UDP rule with static-port option

2006-01-27 Thread Bill Marquette
On 1/27/06, Adam Gibson [EMAIL PROTECTED] wrote: Thanks for the direction. I found the static-port setting. Someone has probably already noticed the bug but the NAT listing does not display properly for the rule I just created(the fields are in the wrong spot in the table but editing the

Re: [pfSense-discussion] Set an OPT2 interface UDP rule with static-port option

2006-01-27 Thread Bill Marquette
On 1/27/06, Adam Gibson [EMAIL PROTECTED] wrote: Bill Marquette wrote: On 1/27/06, Adam Gibson [EMAIL PROTECTED] wrote: Thanks for the direction. I found the static-port setting. Someone has probably already noticed the bug but the NAT listing does not display properly for the rule I

Re: [pfSense-discussion] Routing

2006-02-19 Thread Bill Marquette
On 2/19/06, Kim C. Callis [EMAIL PROTECTED] wrote: Nick, You are right... Before I started fooling around, I removed traffic shaping and suddenly my download was good to go. I think I still need to do something useful with the Cisco, but I think I need to really do some homework on the

Re: [pfSense-discussion] Routing

2006-02-19 Thread Bill Marquette
On 2/19/06, Kim C. Callis [EMAIL PROTECTED] wrote: I am currently running 1.0-BETA1-TESTING-SNAPSHOT-2-2-06. Several days ago, I found my bandwidth greatly reduced. On my E-1, I would getting about between 41-140K coming down and at best 20K going up. As soon as I removed the shapper,

Re: [pfSense-discussion] Routing

2006-02-19 Thread Bill Marquette
On 2/20/06, Kim C. Callis [EMAIL PROTECTED] wrote: I started the traffic shapping on 1.0-BETA1-TESTING-SNAPSHOT-2-2-06. I had it running for awhile and then I stopped. About two weeks ago, I restarted the shaper. It seemed to be working well, and I had forgotten about it. Then I started

Re: [pfSense-discussion] Routing

2006-02-20 Thread Bill Marquette
On 2/20/06, Kim C. Callis [EMAIL PROTECTED] wrote: And what differnces and benefits will one get from the OpenBSD deployment? This is just a test image to see if pfsense is screwing up altq in any way or if it's an OS issue as I suspect. There will be many differences and many things not

Re: [pfSense-discussion] Routing

2006-02-20 Thread Bill Marquette
On 2/20/06, Nick Buraglio [EMAIL PROTECTED] wrote: This is somewhat related... I just ran the shaping wizard (which I had not done in quite some time) has it changed much? It seemed to be a little different to me. Not visibly - but the rules it generates has changed over time. Didn't there

Re: [pfSense-discussion] pfsense on VMware ESX Server

2006-02-27 Thread Bill Marquette
On 2/27/06, Chris Buechler [EMAIL PROTECTED] wrote: Dave C. Arthur wrote: The system boots and runs. However when I try to install the system to the virtual HD, I receive a response that no HDD can be found (using the LSI controller). Any ideas on how to get the controller recognized?

Re: [pfSense-discussion] licience of php interface ?

2006-02-28 Thread Bill Marquette
On 2/28/06, Adam Gibson [EMAIL PROTECTED] wrote: Just to be sure we are on the same page. I am referring to static port mappings. Not static IP NAT mappings. I am pretty sure most firewalling filters can do static IP mappings through NAT (1 to 1, etc). Basically just making sure that the

Re: [pfSense-discussion] PANIC! problems with OPTx interfaces

2006-03-03 Thread Bill Marquette
So let me get this straight. The cable that's plugged into the LAN nic if unplugged from LAN and plugged into each of the OPT nics works? Sounds like a switch or cable issue. Have you tried the reverse? Plug the cables that are in the non-working OPT interfaces into the known working interface

Re: [pfSense-discussion] PANIC! problems with OPTx interfaces

2006-03-03 Thread Bill Marquette
, and they search the mailing lists, they'll find the answer. Thanks again! Anthony -- Original message -- From: Bill Marquette [EMAIL PROTECTED] So let me get this straight. The cable that's plugged into the LAN nic if unplugged from LAN and plugged into each

Re: [pfSense-discussion] Small suggestion

2006-03-05 Thread Bill Marquette
On 3/5/06, Lawrence Farr [EMAIL PROTECTED] wrote: How about having the ip's pop up if you hover over the interface name? Where? Care to do a mockup of what you are envisioning? Thanks --Bill

Re: [pfSense-discussion] Everything else sucks

2006-03-11 Thread Bill Marquette
Now with better traffic shaping. Many thanks go to our new dev. Leon on the find (and fix). --Bill On 3/11/06, Scott Ullrich [EMAIL PROTECTED] wrote: Fresh out of the oven: http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_03-10-2006/ On 3/11/06, Randy B [EMAIL PROTECTED] wrote: I've

Re: [pfSense-discussion] throughput - cpu, bus

2006-03-14 Thread Bill Marquette
On 3/14/06, Jim Thompson [EMAIL PROTECTED] wrote: Chun Wong wrote: Hi, I have two fw platforms, mono 1.21 running on a Nokia120 and pfsense1.0beta2 running on an AMD athlon 900. I can get 2.2MBs on the 120 platform, at 96% cpu usage. On the athlon, 32bit, 33Mhz pci, I can get 7MBs using

Re: [pfSense-discussion] throughput - cpu, bus

2006-03-14 Thread Bill Marquette
On 3/14/06, Chun Wong [EMAIL PROTECTED] wrote: On the fw traffic graph, I see 30 megabits per second on the 120 (95% cpu) and 75 megabits peak on the athlon platform (45% cpu). This certainly suggests that CPU on the athlon is not your limiting factor. to be honest I was expecting a lot more.

Re: [pfSense-discussion] throughput - cpu, bus

2006-03-14 Thread Bill Marquette
On 3/14/06, Rainer Duffner [EMAIL PROTECTED] wrote: Am 14.03.2006 um 20:52 schrieb Greg Hennessy: I'd love to get the chance to throw an Avalanche at a decent system running PF to see what it really can stand upto. Quite a bit. I ran out of Avalanche/Reflector capacity at 750Mbit,

Re: [pfSense-discussion] throughput - cpu, bus

2006-03-14 Thread Bill Marquette
On 3/14/06, Greg Hennessy [EMAIL PROTECTED] wrote: Quite a bit. I ran out of Avalanche/Reflector capacity at 750Mbit, but the OpenBSD box I pointed the firehose at, was only hitting about 30% CPU load at the time. Interesting, what nics were in the box ? HP DL380G3 w/ Broadcom and

Re: [pfSense-discussion] throughput - cpu, bus

2006-03-15 Thread Bill Marquette
On 3/15/06, Chun Wong [EMAIL PROTECTED] wrote: Chipset ? I'm not sure tbh, its an abit board I purchased 4-5 years ago. The source is on a HP Netserver LH3000 (2 x P3 866Mhz, 2.25Gb RAM) with dual 64 bit PCI bus. 3 x Intel Pro MT1000 gig nics (64bit). The disk subsystem is 2 x megaraid

Re: [pfSense-discussion] Traffic Shaper wizard thoughts

2006-03-26 Thread Bill Marquette
On 3/21/06, Josh Stompro [EMAIL PROTECTED] wrote: I think this would be a great idea, I am also in this boat where I would like to shape on more than one interface. I realize it can be done manually, but it would be nice if the wizard took care of it. Is there any more documentation on

Re: [pfSense-discussion] Re: Outbound load-balancing

2006-03-30 Thread Bill Marquette
On 3/30/06, Craig Roy [EMAIL PROTECTED] wrote: Hi David, You are fortunate that your ISP supports aggregate connections. Here in Australia, all ISP's don't want to know about it. There attitudes are, if you want to go faster, then get a faster connection and pay up to 10 times the price.

[pfSense-discussion] IPSEC diff to test

2006-04-04 Thread Bill Marquette
Can I get a couple people to try out the following diff? It (I think) fixes the 'prefer older sa' option that actually prefers newer SA's issue (the one where we tell you to click that option to prefer it :)) Before I commit this, I'd like some feedback from people that have done this to fix

Re: [pfSense-discussion] when IPv6 support?

2006-04-11 Thread Bill Marquette
On 4/11/06, Eugen Leitl [EMAIL PROTECTED] wrote: [Previous message didn't seem to have come through, so I'll try this one without signing.] Folks, when is IPv6 support planned? No time frame. Nobody is working on it at this time, feel free to submit patches. --Bill

Re: [pfSense-discussion] web interface and dependancies...

2006-04-18 Thread Bill Marquette
On 4/18/06, Gregory Machin [EMAIL PROTECTED] wrote: Hi. I'm looking for a list of dependancies for the web interface ... I know it require php and and http server .. but are there any others.. Any advise would be grate.. Many Thanks pfSense is a firewall distribution, not a standalone

Re: [pfSense-discussion] Vmware Tools and pfSense

2006-04-24 Thread Bill Marquette
FWIW, while the lnc device reports as 10Mbit, it'll actually do more. It's still slower than either the vmware tools driver or the e1000 interface, but it's definitely faster than 10Mbit. --Bill On 4/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, I'm planning to get pfSense running

Re: [pfSense-discussion] No altq support on linitx.com appliances? Also, plug for packaging on embedded version.

2006-05-08 Thread Bill Marquette
On 5/2/06, Carl Youngblood [EMAIL PROTECTED] wrote: So you are volunteerig to get this working? Keep in mind we do not have endless amounts of resources. I'm totally willing to help with this, but if the developers aren't open to the idea, then it can be a really uphill battle. So I wanted

Re: [pfSense-discussion] broken http interface install..

2006-05-16 Thread Bill Marquette
This happening on index.php, or when trying packages? Sounds like there's a corrupt XML file floating around somewhere, usually this is due to the machine getting powered off in 'odd' states. --Bill On 5/16/06, Gregory Machin [EMAIL PROTECTED] wrote: Hi Lookis like I did the imposible and

Re: [pfSense-discussion] CF-IDE install help

2006-05-16 Thread Bill Marquette
On 5/16/06, Angelo Turetta [EMAIL PROTECTED] wrote: And what about the case in original post? He has installed the full version from CD-ROM to a CF (used as a hard disk). I'm confident that such a setup results in a platform setting of 'pfsense'. If I later change the platform to 'embedded', can

Re: [pfSense-discussion] CF-IDE install help

2006-05-16 Thread Bill Marquette
On 5/16/06, Craig FALCONER [EMAIL PROTECTED] wrote: Ahh cool thanks - I haven't rebooted a post beta2 machine yet :) yeah, added for beta4 I believe :) --Bill

Re: [pfSense-discussion] Routing

2006-05-24 Thread Bill Marquette
On 5/24/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi everyone, I have 3 WAN interfaces (WAN, OPT1 and OPT2) I want to route packets to the WAN interfaces based on the source IP. For example, 10.0.1.X/24 packets should be forwarded to WAN, 10.0.2.X/24 packets to OPT1 and 10.0.3.X/24

Re: [pfSense-discussion] Known PFsense Limits?

2006-06-06 Thread Bill Marquette
On 6/6/06, Odette [EMAIL PROTECTED] wrote: Hi all, I need to substitute our production firewall, and I'd like to use PFsense which I've already successfully used for home or small office environments. The solution I'm going to substitute is based on Linux-iptables which requires more than

Re: Re[2]: [pfSense-discussion] P2P Blocker

2006-06-06 Thread Bill Marquette
On 6/6/06, Chris Noble [EMAIL PROTECTED] wrote: Ah good idea, pfsense has Traffic Shaper in it.. I could play with that and give P2Pa silly speed like 500 byte/sec heh. There were some threads on this in the forum also. I believe someone even went so far as to restrict the number of states

Re: [pfSense-discussion] artwork

2006-06-21 Thread Bill Marquette
On 6/21/06, Eugen Leitl [EMAIL PROTECTED] wrote: I suggest to move back to default m0n0wall design and artwork. It is much superior in look and usability, imo. I would go so far to file this as a bug. That's kind of inflamatory, but change the theme to pfsense and you'll have the ugly old

Re: [pfSense-discussion] artwork

2006-06-21 Thread Bill Marquette
On 6/21/06, Eugen Leitl [EMAIL PROTECTED] wrote: On Wed, Jun 21, 2006 at 02:09:41PM -0500, Bill Marquette wrote: That's kind of inflamatory, but change the theme to pfsense and you'll No trolling intended. I do really consider the current pfsense artwork a major regression on m0n0wall look

Re: [pfSense-discussion] PFSense and Tables

2006-06-26 Thread Bill Marquette
On 6/26/06, Nick Buraglio [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been thinking about adding pftabled to pfsense but have not had the time to really do it yet since I'm slow at writing the gui parts. It's certainly possible to use pftabled to remotely

Re: [pfSense-discussion] PFSense and Tables

2006-06-26 Thread Bill Marquette
On 6/26/06, Forrest Aldrich [EMAIL PROTECTED] wrote: Maybe something standarized - with XML formatted files? It would be nice to issue a command, securely, from an internal machine to update the PFSense firewall in either case. Why doesn't PFSense use real Tables... ? Just curious about

Re: [pfSense-discussion] load balancing - fail over

2006-06-27 Thread Bill Marquette
On 6/27/06, Allen Laymon [EMAIL PROTECTED] wrote: I'm having an issue using load balancing/failover and using a Cisco VPN client to connect to a remote machine. It's hit and miss whether or not the Cisco VPN client works. It appears to go out one of my internet connections, but can return on

Re: [pfSense-discussion] load balancing - fail over

2006-06-28 Thread Bill Marquette
on what I'm doing wrong on the rules? Allen -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 10:49 PM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] load balancing - fail over On 6/27/06, Allen Laymon [EMAIL PROTECTED] wrote: I'm

[pfSense-discussion] routed package

2006-07-08 Thread Bill Marquette
Hey, there was a bounty for the routed package, but the person sponsoring this package isn't currently in a position to test it. He's volunteered to send the funds on if we can get some people to test it out and comment on it. http://forum.pfsense.org/index.php?topic=1271.msg9066#msg9066 Can I

Re: [pfSense-discussion] unable to view revison log for filter.inc on cvstrac

2006-08-16 Thread Bill Marquette
Thanks, reported to the cvstrac authors. --Bill On 8/16/06, Raja Subramanian [EMAIL PROTECTED] wrote: Viewing cvs revision history for /etc/inc/filter.inc by accessing http://cvstrac.pfsense.com/rlog?f=pfSense/etc/inc/filter.inc always throws the following error. error message ---

Re: [pfSense-discussion] FreeBSD LSI Logic fixes for VMware

2006-08-16 Thread Bill Marquette
Which version of ESX? Thanks --Bill On 8/16/06, Jason Tyler [EMAIL PROTECTED] wrote: I was able to get it to work by building the VM in VMware workstation, then copying the disk image to ESX and modifying the .vxd file. Hope this helps, Jason -Original Message- From: Scott Ullrich

Re: [pfSense-discussion] unable to view revison log for filter.inc on cvstrac

2006-08-16 Thread Bill Marquette
And fixed. --Bill On 8/16/06, Bill Marquette [EMAIL PROTECTED] wrote: Thanks, reported to the cvstrac authors. --Bill On 8/16/06, Raja Subramanian [EMAIL PROTECTED] wrote: Viewing cvs revision history for /etc/inc/filter.inc by accessing http://cvstrac.pfsense.com/rlog?f=pfSense/etc/inc

Re: [pfSense-discussion] source-hash and sticky-address in pf pools

2006-08-17 Thread Bill Marquette
On 8/17/06, Raja Subramanian [EMAIL PROTECTED] wrote: Hi, I have a pfSense box with 5 wan links, 1 wan and 1 dmz and the load balancing and policy based routing in pfSense is simply fantastic. The one missing feature that I would like to see, is the ability to specify the source-hash or

Re: [pfSense-discussion] pfSense and TTL (time to live) = 1

2006-09-04 Thread Bill Marquette
Or if you want fuck with the ISP and have a full blown network behind the pfSense box. Change the following line in /etc/inc/filter.inc $rules .= scrub all {$scrubnodf} {$mssclamp} fragment reassemble\n; // reassemble all directions to: $rules .= scrub all min-ttl 255 {$scrubnodf}

Re: [pfSense-discussion] IDS yet? (+IPS)

2006-09-21 Thread Bill Marquette
On 9/21/06, Sam Newnam [EMAIL PROTECTED] wrote: I was thinking about using something like this product too... http://www.stillsecure.org/index.php?rf=vmw Says it integrates with IP Tables... Quick thoughts on its compatibility with PF? It's a dedicated linux install. --Bill

Re: [pfSense-discussion] Tutorial - configuring the captive portal with the integrated user manager

2006-09-28 Thread Bill Marquette
I randomly chose one of the mirrors and the tutorial came up for me. --Bill On 9/28/06, Richard Davis [EMAIL PROTECTED] wrote: I was looking at the pfSense tutorial section and tried to connect to configuring the captive portal with the integrated user manager . All I got was dead links.

Re: [pfSense-discussion] FTP Helper on WAN - bug?

2006-10-03 Thread Bill Marquette
On 10/3/06, Peter Allgeyer [EMAIL PROTECTED] wrote: Am Dienstag, den 03.10.2006, 09:09 -0400 schrieb Scott Ullrich: I am telling you how to solve your problem now, not long term. I agree that the FTP system is a mess. Ok, fine, how? At the moment I start the ftpsesame per hand after booting

Re: [pfSense-discussion] FTP Helper on WAN - bug?

2006-10-03 Thread Bill Marquette
On 10/3/06, Peter Allgeyer [EMAIL PROTECTED] wrote: No, as I told you already, the system_start_ftp_helpers() is launched _after_ filter_configure_sync in /etc/rc.bootup. And ftpsesame is killed by killall in system_start_ftp_helpers() after been started in filter_configure_sync :-( So, you can

  1   2   >