Re: [pfSense] SSH goes straight to shell

On Sat, Jul 23, 2016 at 9:51 PM, David Burgess <apt@gmail.com> wrote: > 2.1.5-RELEASE (amd64) >Can I change it back to the console somewhere? To answer my own question, the person who restored the config disabled the default admin account and created a new admin account with

[pfSense] SSH goes straight to shell

2.1.5-RELEASE (amd64) I had somebody restore the config from backup today using the serial port, as I am off site. Now when I ssh in I get a shell, whereas before I would see the console with a summary of interfaces and 13 or so options. Can I change it back to the console somewhere? db

Re: [pfSense] PFSense for high-bandwith environments

On Thu, Feb 18, 2016 at 10:26 AM, Giles Davis wrote: > > > Using Intel E3-1270s and Intel 10G NICs (forget the exact model, but > they use the BSD ix driver) we start seeing packet loss and a general > maximum throughput at around 1-1.2Gbit. Our 'solution' so far of just >

Re: [pfSense] Remote squid log

: > > Log location must start with a / character. > > > Is there a way to handle this? > > I need it to be saved remotely :( > > Can you mount the remote filesystem locally? I have run squid using pfSense on a cf card and mounting a second device for the squid cache. I don't remember if I

Re: [pfSense] Confg Captive Portal using pfsense newbie

> Laptop / Pfsense ===> Access Point ===> Client > > Note : > > IP pfsense (Virtual ) = 192.168.0.1 > IP Laptop USB Lan = 192.168.0.2 > IP Laptop Onboard = 192.168.0.4 > IP Access Point = 192.168.0.3 (Note : DHCP disabled, just for access point > woifi, IP from pfsense SHCP Server) > > DHCP

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

On Fri, Nov 13, 2015 at 8:09 AM, David White wrote: > I have a unique scenario: That sounds like a fairly standard use of multi-WAN, with vlan thrown in for flavour. Did you look at this page? If so, do you have any specific questions or

[pfSense] replies that don't follow routing table

pfsense 2.1.3 WAN | pfsense /\ LANOPT1 pfsense has its default route on the WAN, and certain OSPF routes on OPT1. When connection requests arrive on OPT1 for a server on the LAN, pfsense correctly routes the incoming connection to the LAN server. The reply from the server,

Re: [pfSense] Why no dnssec in dnsmasq by default?

On Mon, Aug 24, 2015 at 1:19 PM, A Mohan Rao mohanra...@gmail.com wrote: Chris SIR, I m using squid and squid guard its working good but some important sites r not opening given message ip-addr target group i also make rule for that still have same issue. Also add to whitelist. If i m use

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

On Fri, Jul 24, 2015 at 4:14 PM, Ted Byers r.ted.by...@gmail.com wrote: Thanks for this. I'd hoped it would be as simple as apt-get-update apt-get upgrade apt-get update openssh-server. That is,whatever the equivalent of apt-get is on a pfsense machine, I'd hoped it would be a command

Re: [pfSense] Access Point Recommendations?

On Fri, Jul 17, 2015 at 8:45 AM, Chuck Mariotti cmario...@xunity.com wrote: We are having a number of issues with Engenius Access Points... they seems to have the features we need but for some reason, connectivity is not reliable (seems Mac related). As much time as I would like to spend

Re: [pfSense] Using on Fiber

On Fri, Jun 5, 2015 at 9:43 AM, Ryan Coleman ryan.cole...@cwis.biz wrote: Hmm. I wonder why my file transfers never exceed 10MB/sec then… I’ve been trying to migrate many TB of data via SCP That's likely the issue right there. ssh/scp/sftp won't go faster than that with the default settings.

Re: [pfSense] terrible performance on NFS CIFS

On Wed, Nov 5, 2014 at 5:47 PM, Adam Thompson athom...@athompso.net wrote: Problem: really, really bad performance (10Mbps) on both NFS (both tcp and udp) and CIFS through pfSense. In my experience, latency is the big buzzkill for CIFS. It seems like any latency will slow things down, and the

[pfSense] log grep inconsistency

I have two firewalls running pfsense 2.1.3 amd64. One is nanobsd, the other is full install. Why is it that when I do 'grep band /var/log/ppp.log' on the embedded system I get the expected output of lines containing band, while on the full system I only get Binary file /var/log/ppp.log matches for

[pfSense] Some packages not reinstalled after upgrade

I just upgraded a nanoBSD system from 2.1 to 2.1.3. All appeared to go well, except that the Quagga OSPF package was not automatically reinstalled after the reboot. Four other packages were automatically reinstalled. I thought I saw Quagga OSPF being installed when I reloaded the dashboard

Re: [pfSense] Some packages not reinstalled after upgrade

On Sat, May 3, 2014 at 4:23 AM, David Burgess apt@gmail.com wrote: I just upgraded a nanoBSD system from 2.1 to 2.1.3. All appeared to go well, except that the Quagga OSPF package was not automatically reinstalled after the reboot. Four other packages were automatically reinstalled. Just

Re: [pfSense] apinger not noticing good connection

Anyone else seeing apinger losing packets while ping doesn't? For many days now the gateway widget on my 2.1 box has been reporting packet loss in the 300-500% range. Meanwhile ping and RRD show no packet loss. This same system was recently showing a baseline of 2% loss in RRD while ping showed

Re: [pfSense] RDP port forward based on destination name.

On Thu, Mar 27, 2014 at 1:37 PM, greg whynott greg.whyn...@gmail.com wrote: if you RDP to: you'll land on the internal server: host1.foo.com 10.101.1.2 host2.foo.com 10.101.3.4 host3.foo.com 10.101.1.8 If you're using pfsense's DNS forwarder you can add host overrides

Re: [pfSense] restoring nanobsd config to full install

On Wed, Mar 26, 2014 at 9:57 AM, Vick Khera vi...@khera.org wrote: it should work. it will prompt you for the new NICs to map into WAN/LAN and you're good to go. I'm just getting a generic error. I don't see anything in the system log or dmesg to indicate what went wrong. I did edit the config

Re: [pfSense] restoring nanobsd config to full install

On Wed, Mar 26, 2014 at 10:12 AM, David Burgess apt@gmail.com wrote: I'm just getting a generic error. I found a missing xml tag using N++'s XML plugin from where I had manually added some vlan interfaces. You learn something every day. db

Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE

On Thu, Mar 20, 2014 at 10:12 AM, Ryan Coleman ryanjc...@me.com wrote: So I’m going to try and fix it if there’s someone that is willing to help me out today.. this just blows my mind - it’s like it loses the firewall configuration and then falls to a default. None of the VLANs are passing

Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE

On Mar 19, 2014 2:33 PM, Brian Candler b.cand...@pobox.com wrote: (1) MTU problem / PMTU discovery / blocked ICMP Was my first thought. db ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Captive Portal: Per-client speed

On Wed, Mar 5, 2014 at 11:31 AM, Ryan Coleman ryanjc...@me.com wrote: It appears I can throttle individual users on the Captive Portal, but how can I limit the speed of that entire network? Is that through Traffic Shaping? And how would I do that? Create a limiter (up and down, if desired)

[pfSense] blank lines in DHCP lease list

Pic attached. This situation has survived many reboots. Is there are remedy for this? db attachment: blanks.PNG___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] blank lines in DHCP lease list

On Wed, Feb 26, 2014 at 3:46 PM, Ryan Coleman ryanjc...@me.com wrote: Did you update the software before they started appearing? I’ve seen things from 2.0 to 2.1 not carry over all their information. I believe this system was a fresh install of 2.1 with config by hand. I know that I did

Re: [pfSense] blank lines in DHCP lease list

It's funny how something can dog you for a long time, and as soon as you ask for help, you get new insight. I found and deleted three staticmap/ tags in the DHCP config file, uploaded it again, and the lines are gone. db ___ List mailing list

Re: [pfSense] can ping gateway on link

On Tue, Feb 25, 2014 at 2:20 AM, Brian Candler b.cand...@pobox.com wrote: This looks wrong. I don't see why destination 10.1.0.253 has a static route to 10.1.0.253. I agree. I'm not sure why that's there. Here's some additional info. Action -- Result 1. set all gateways to default -- no

Re: [pfSense] can ping gateway on link

After some playing with it I've learned a few things. The gateway groups appear to be irrelevant to my problem. Setting a gateway as DNS server breaks the system. Reversing the setting doesn't fix the problem because the self-referring route remains. I tried deleting the route in the shell but I

Re: [pfSense] can ping gateway on link

On Tue, Feb 25, 2014 at 10:11 AM, Brian Candler b.cand...@pobox.com wrote: Regards, Brian. Thanks for your input. I have decided to eliminate 10.1.0.253 as a DNS resolver altogether, since the possiblity exist to create a DNS loop due to the way my network is configured. I have opted instead

[pfSense] RFC3442 problem

pfsense 2.1 amd64 From the RFC: When a DHCP client requests the Classless Static Routes option and also requests either or both of the Router option and the Static Routes option, and the DHCP server is sending Classless Static Routes options to that client, the server SHOULD NOT

Re: [pfSense] RFC3442 problem

On Tue, Feb 25, 2014 at 11:45 AM, David Burgess apt@gmail.com wrote: If I didn't get it wrong, this is how it breaks down: Ok, so I did get it wrong. The RFC states that with a mask width of 0, there are 0 significant octets in the destination descriptor, so my string had an extra 00

Re: [pfSense] RFC3442 problem

On Tue, Feb 25, 2014 at 4:59 PM, Jeremy Porter jpor...@electricsheepfencing.com wrote: The correct fix, is don't use the Static Route option, as class full routes haven't made any sense since 1993. DHCP option 121 is specifically for classless routes. I've always seen the server side

Re: [pfSense] gateway not accepting alternative monitor IP

On Sun, Feb 23, 2014 at 3:37 AM, Chris Buechler c...@pfsense.org wrote: Do you by chance have duplicate gateway entries in your config? There was a duplicate entry in the config. I deleted it and all is working as expected now. Thanks for the tip. On a related note, is there no partial config

[pfSense] can ping gateway on link

I have a gateway on a local link (via wireless bridge) that is being reported as down. When I attempt to ping that gateway from the shell I get [2.1-RELEASE][root@pfsense]: ping 10.1.0.253 PING 10.1.0.253 (10.1.0.253): 56 data bytes ping: sendto: Invalid argument but if I 'arping' the same host

Re: [pfSense] can ping gateway on link

On Mon, Feb 24, 2014 at 3:19 PM, Brian Candler b.cand...@pobox.com wrote: Do you see anything in 'dmesg' when you do this? Yes. Thanks for the tip. I see nothing but a sea of arpresolve: can't allocate llinfo for 10.1.0.253. Some googling turns up this: https://redmine.pfsense.org/issues/337

Re: [pfSense] Limiter with dynamic pipe on floating rules

On Fri, Feb 21, 2014 at 7:50 AM, tibz ti...@tibir.net wrote: Basically, we are protecting a /24 public network and would like to limit some IPs to some bandwidht, ie: IP-1 to IP-10 at 1mbps each IP11 to IP-20 at 2mbps each IP21 to IP-30 at 5mbps each the rest default up to 10mbps each I

[pfSense] uploading partial config does not apply changes

pfsense 2.1 Sometimes I want to make multiple changes to a portion of my config, such as static routes. Rather than plowing through the GUI, I just download that portion of the config, edit, and upload again. At this point the GUI tells me the config has been uploaded, but the new static routes

[pfSense] gateway not accepting alternative monitor IP

pfsense 2.1 amd64 When I enter an alternative monitoring IP and hit save, pfsense takes me back to the list of gateways and the monitoring IP is listed as the default. I've tried entering a couple of addresses in there and they don't stick after hitting Save or Apply. What am I missing? db

Re: [pfSense] gateway not accepting alternative monitor IP

On Thu, Feb 20, 2014 at 9:39 PM, Ryan Coleman ryanjc...@me.com wrote: I saw this today with 2.0.3 and it was caching the page. Have you tried a different browser? Yes, and from a different computer. I've also tried force reloading the page. db ___

Re: [pfSense] Netgate's customized pfSense release

On Thu, Feb 13, 2014 at 9:54 AM, Andrew Hull l...@coffeebreath.org wrote: My knee jerk reaction is that this is A Bad Thing(tm), and I reloaded the devices with images from ESF. Does anyone here have a strong opinion one way or the other? My first reaction is that the branding is a good

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

On Feb 11, 2014 5:55 AM, Jim Thompson j...@netgate.com wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

On Wed, Feb 12, 2014 at 8:30 AM, Jim Thompson j...@netgate.com wrote: you know it’s ipv4-only, right? (there should be a layer2 version as well, but you can’t run both.) If I had a choice between v4-only acceleration and no acceleration, I'd take the former. I'm using two of these devices

[pfSense] ICMP host unreachable and RFC1918

pfsense 2.1 I have internal subnets in the 10.0.0.0/14 address space and also a public subnet x.x.x.240/28 that is routed statically to pfsense's WAN address. pfsense sits at the edge of the network and I have another router whose only internet access is through pfsense. The x.x.x.240/28 public

[pfSense] Fwd: shaper hint

pfsense 2.1 amd64 I'm using the shaper with the priq scheduler and a WAN bandwidth of 2100 kbit/s. Looking at my RRD Quality graphs, latency to my next hop on WAN gets really high and packet loss tops 50% during a period of time where the WAN out max speed is showing 2.27 Mbps. How is the WAN

Re: [pfSense] Processes

On Jan 22, 2014 6:59 PM, Brian Caouette bri...@dlois.com wrote: What would cause CPU to run high on pfSense? I'm not running any extra packages. I am back to the base install. I doubled my memory thinking it would help with performance. It didn't. Is there a way to see everything running and

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

On Fri, Oct 11, 2013 at 2:58 PM, Jens Kühnel pfse...@jens.kuehnel.orgwrote: and are where are possibilities to change that? It's not in the fstab! /etc/rc.embedded ___ List mailing list List@lists.pfsense.org

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

On Fri, Oct 11, 2013 at 3:25 PM, Jim Pingle li...@pingle.org wrote: On 2.1 you can adjust the /var and /tmp sizes under System Advanced on the Miscellaneous tab. Right! I had forgot about that. So following the original topic, could one more probably ensure a successful upgrade to 2.1 by

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

On Wed, Oct 9, 2013 at 10:38 AM, Jim Thompson j...@netgate.com wrote: So asking the question is stupid(*), because a lie is indistinguishable from the truth. I disagree on that point. Even if one is sure to get a no answer, regardless of the truth, it is still useful to ask the question for

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

On Oct 9, 2013 7:05 PM, Jens Kühnel pfse...@jens.kuehnel.org wrote: NanoBSD, update 2.1 and embedded, but could not find anything. I also checked the forum, but I could only find file system full when I too came up dry when researching this issue. I ended up grabbing a spare system and

Re: [pfSense] RRD traffic lost after 2.0.3 - 2.1

On Tue, Oct 1, 2013 at 3:45 AM, Seth Mos seth@dds.nl wrote: No idea why it isn't doing that for you. I only know of issues on nanobsd. Cheers, Seth That's twice in 12 days you've mentioned that. Care to elaborate? I've done some searching and found nothing that looks like what you've

[pfSense] RFC 3021

Are there any plans to implement this in pfsense? I do a lot of PtP links and this would be handy. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] bug upgrading to 2.1 on nanobsd?

In a recent thread there was mention of a RRD bug when upgrading to 2.1 on nanobsd systems where the /tmp filesystem would fill up, resulting in a sytem with no valid interfaces. I have two production systems to be upgraded, one running 2.0.1 and the other running 2.1RC0, both nanobsd, so this

Re: [pfSense] routing - additional route on WAN doesn't work

On Wed, Sep 25, 2013 at 2:17 PM, Adam Thompson athom...@athompso.net wrote: If I'm not mistaken, this is the rule that prevents me from reaching the remote subnet via 184.70.48.188. Unfortunately, this is a system-generated rule. Suggestions? Are you suggesting that all of the traffic

Re: [pfSense] Allow group of non-contiguous IP's to LDAP

Use an alias as your source. Aliases can be created in Firewall: Aliases and can reference multiple addresses, ranges, and/or subnets. db On Tue, Sep 3, 2013 at 2:30 PM, Marc R. Meshurle Jr. m...@katotech.com wrote: I have a situation where I am doing external LDAP authentication with a mail

Re: [pfSense] Allow group of non-contiguous IP's to LDAP

On Tue, Sep 3, 2013 at 2:38 PM, David Burgess apt@gmail.com wrote: Use an alias as your source. Aliases can be created in Firewall: Aliases and can reference multiple addresses, ranges, and/or subnets. db Sorry for the previous top-post. Gmail is sneaky. db

[pfSense] lock-ups

*2.1-BETA1 * (amd64) built on Wed May 1 12:20:46 EDT 2013 FreeBSD 8.3-RELEASE-p8 https://fv.tfcg.co:444/# I've had a couple of lock-ups in the past month where pfsense is unresponsive on all interfaces, at least at layer 3. This is a remote site so I don't have access to layer 2 or the vga

Re: [pfSense] lock-ups

On Sat, Jun 8, 2013 at 8:36 PM, Jason Pyeron jpye...@pdinc.us wrote: ** The only time I have observed that type of problem was when the power supply was browning out, ensure that your power supply is of a good quality and sufficient amperage. Thanks for the input. My power supply is

Re: [pfSense] Multiple Crashes 2.0.2

On Tue, Jun 4, 2013 at 9:36 AM, Nishant Sharma codemarau...@gmail.comwrote: On 4 Jun 2013 20:59, Ermal Luçi e...@pfsense.org wrote: That means probably mbuf exhaustion. Can you try up kern.ipc.nmbclusters=131072 That is already in place. I increased it after few crashes 3 months

Re: [pfSense] Multiple Crashes 2.0.2

Let me keep an eye on MBUF utilisation tomorrow. Does anyone know the SNMP OID for MBUF, if it can be monitored over it? Maybe not as handy as SNMP, but I have used the following cron job to monitor mbufs. 00***root/bin/date /conf/netstat-m.log ; /usr/bin/uptime

Re: [pfSense] Need advise or best practice for pfsense NAT

On 2013-05-21 10:28 PM, Makara chanmak...@gmail.com wrote: Hi List, We are using pfsense for NAT purpose, around 1000 customers concurrent and the bandwidth is around 500MBPS. We have problem the pfsense is stuck around 1 or 2 week always. You may want to try some of these:

[pfSense] boot delays

I'm sure this is documented somewhere, but I just can't find it, so I apologize for asking again. There appear to be two delays when booting pfsense, the first at the F1 prompt, the second at the menu of 10 ways to boot pfsense. I'm running nanoBSD, so I don't want to remove the F1 prompt, but I

Re: [pfSense] SOHO Router for VPN to pfSense

On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 2:35 pm, j...@millican.us wrote: I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router.

Re: [pfSense] SOHO Router for VPN to pfSense

On Mon, Apr 29, 2013 at 10:35 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 5:11 pm, David Burgess wrote: It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. Really? I must admit it's always Just Worked

Re: [pfSense] Snort taking ages to reload

On Fri, Feb 22, 2013 at 9:22 AM, b...@todoo.biz b...@todoo.biz wrote: Hi, I was wondering if It is normal that snort takes ages to reload after each modification we are doing ? It takes an average of 1 to 5 minutes to reload and give back the control through the GUI. Which version of

Re: [pfSense] 2.0.1-RELEASE Not blocking

On Thu, Feb 21, 2013 at 11:03 AM, Gerald Waugh gwa...@frontstreetnetworks.com wrote: I must be missing something basic. I have setup several pfSense systems, but my latest one in not blocking. this current firewall I have several firewall rules for the WAN port, and none are working. stupid

Re: [pfSense] 2.0.1-RELEASE Not blocking

On Thu, Feb 21, 2013 at 2:12 PM, Gerald Waugh gwa...@frontstreetnetworks.com wrote: No rules are currently defined for this interface All incoming connections on this interface will be blocked until you add pass rules. Are you using squid or some other proxy? If your hosts are talking to a

Re: [pfSense] Bridging WAN to OPT for only one IP in a /27

On Thu, Jan 31, 2013 at 12:29 PM, j...@millican.us j...@millican.us wrote: Hello, Probably a newbish question but I would like a sanity check before I go down a blind alley. I have a /27 from my provider feeding into a pfSense 2.0.2 box. I was hoping to be able to Bridge the WAN to one of

Re: [pfSense] WRAP

On 2013-01-05 4:59 AM, Eugen Leitl eu...@leitl.org wrote: With the speed of courrent connections (100+ MBit/s) lulz. You noticed Hugo is in Canada, eh? To be fair, we can get up to 250 Mbps in a few urban centres, but 6/1 DSL is way more common by my accounting. That said, I ran pfSense on an

Re: [pfSense] WRAP

On 2013-01-05 10:16 AM, David Burgess apt@gmail.com wrote: Hugo Sorry, Ugo, autocorrect. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

[pfSense] dashboard graphs fail

2.0.2-RELEASE (amd64) Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz I have a traffic graphs applet running on the dashboard. This machine has 16 interfaces, but only 6 graphs are expanded by default. The graphs update every 1 second. Under 2.0 (and the betas) these graphs worked well, even when running

Re: [pfSense] 2.0.2 release now available

On Mon, Dec 24, 2012 at 2:04 AM, Chris Buechler c...@pfsense.org wrote: Renato (rbgarga), a long time contributor on the open source side, is starting full time with us on January 2. His first month will largely be dedicated to 2.1, and a month of work will be enough to get it to RC1 status

Re: [pfSense] update from 2.0.1 to 2.1 HEAD

On Sat, Dec 8, 2012 at 11:10 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: You, sir, have my thanks. Good news: http://forum.pfsense.org/index.php/topic,48256.msg302923.html#msg302923 I haven't tried it myself yet. db ___ List mailing list

Re: [pfSense] update from 2.0.1 to 2.1 HEAD

On Sat, Dec 8, 2012 at 9:20 AM, David Lawley dlaw...@carolina.rr.com wrote: Been thinking about updating to current 2.1 Beta. Curious what issues folks have run into, if any. I'm sure there might be one or two gotchas along the way... Some CF cards are exceptionally slow to change from ro

Re: [pfSense] fast CF cards?

On Wed, Nov 7, 2012 at 9:46 AM, Jim Thompson j...@netgate.com wrote: We've also never had a Kingston CF fail that I know of. Thanks, everybody, for the feedback. I settled on a Sandisk 200x 8GB. There were some Kingston's available with much faster ratings, but after reading some reviews of

Re: [pfSense] fast CF cards?

On Tue, Nov 6, 2012 at 12:30 PM, Jim Pingle li...@pingle.org wrote: I have a Sandisk 200x (30MB/s) 4gb card here that is very speedy. However, it has an annoying quirk with the disk layout that makes FreeBSD spit an error message on every rw mount. Annoying log spam, but it's still speedy.

[pfSense] CPU frequency no longer displayed

After rebooting pfsense this morning the dashboard is displaying CPU TypeIntel(R) Core(TM) i3 CPU 540 @ 3.07GHz. Whereas it used to display the actual CPU frequency (powerd is enabled), now it does not. Any idea why? db ___ List mailing list

Re: [pfSense] Detecting Torpig with pfsense?

On Oct 5, 2012 7:57 AM, Ståle Johnsen stale.john...@gmail.com wrote: Hi. I don't think that is possible since the logged incident was a couple of days ago and I as far as I know torpig does not send data to the CC server all the time? As suggested earlier, I would block everything to those

Re: [pfSense] Soekris net5501-70 additional PCI network card does not work

On Sep 26, 2012 4:50 AM, İhsan Doğan ih...@dogan.ch wrote: the built in Via Rhine ethernet interfaces do not support VLAN HW tagging News to me. I have one running with vlans just fine. You may have other issues. db ___ List mailing list

Re: [pfSense] Soekris net5501-70 additional PCI network card does not work

On Sep 26, 2012 5:50 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: Update: a quick read of its spec sheet indicates it only supports 3.3v: http://soekris.com/products/net5501.html So it might be that your Intel NIC is expecting 5v signalling, especially if it's an old (pre-PCI 2.2) card.

Re: [pfSense] web site access disappears

On Wed, Aug 8, 2012 at 10:00 AM, Karmstrong karmstr...@kyronex.com wrote: We have run into the common problem of web site access randomly stopping. For instance, at one of our locations google.com no longer works. At others, yahoo.com can not be accessed. We can not pull the sites up in a

Re: [pfSense] Network freezes on IBM x3550, Broadcom NICs

On Thu, Jun 28, 2012 at 10:11 PM, Paul Gear p...@gear.dyndns.org wrote: What should be my next troubleshooting step? memtest? Different NICs? Have you looked at your MBUF usage (netstat -m)? I get similar symptoms after running out of MBUFs, but if you followed the first step in the doc you

Re: [pfSense] Encrypt Microwave Link?

On Tue, Jun 26, 2012 at 1:46 PM, Paul Cockings opensourceproje...@mail26.com wrote: 1. (broad question... beat me up if like..)  Are microwave links hackable and therefore I should consider some type of encryption on that link Unless it's a laser, wireless transmitter is broadcasting to the

Re: [pfSense] Low(ish) cost pfSense platforms

On Jun 9, 2012 12:47 PM, Larry Sampas la...@larrysampas.com wrote: For my small-office installs the Supermicro Atoms are doing great, but I have not yet had one at scale (thousands of concurrent states running at 20Mbps). I have that same board on a 30/3 connection that hits 30,000 states on a

Re: [pfSense] High interrupt load on LAGG with LACP

On Tue, Jun 5, 2012 at 9:42 AM, Jens Kühnel pfse...@jens.kuehnel.org wrote: Sorry, I forgot to mention. The interrupt load happens when no traffic is going through. It's not a traffic problem. What you're describing is odd, but I will echo Chris' point, which is that the ALIX has no hope

Re: [pfSense] is pfSense the right choice?

On Thu, May 3, 2012 at 11:05 AM, Noam Birnbaum n...@maccentricsolutions.com wrote: Is pfSense the right choice for this environment? You didn't mention the (arguably) most important feature of your proposed environment, which would be throughput expectations. For the feature set you mentioned

Re: [pfSense] is pfSense the right choice?

On Thu, May 3, 2012 at 11:55 AM, Noam Birnbaum n...@maccentricsolutions.com wrote: Good call, David -- They current have dual WAN -- 40/40 WiMAX and 50/10 cable.  I expect that as they grow these pipes will at least double. pfsense should do fine, but last I looked most of the netgate stuff

[pfSense] vmware appliance

The docs (http://doc.pfsense.org/index.php/VMwareAppliance) state that there is no longer a current vmware appliance for download. Is there a particular reason for this? Are there plans to reinstate that at some point? db ___ List mailing list

Re: [pfSense] vmware appliance

On Tue, May 1, 2012 at 10:10 AM, Moshe Katz mo...@ymkatz.net wrote: If you look at the Snapshots server, it seems that there are VMWare snapshots. Good. Thank you. db ___ List mailing list List@lists.pfsense.org

[pfSense] captive portal and https passthrough

Hi all, I don't have much experience with captive portal, so I'm doing some testing with 2.0.1 in a vm. It's a bog standard WAN-LAN setup with CP enabled on the LAN. I don't want any authentication, I simply want to present a small html page with links to a couple of web sites. I have created

Re: [pfSense] captive portal and https passthrough

On Tue, May 1, 2012 at 10:54 AM, David Burgess apt@gmail.com wrote: When the LAN user clicks on the link the browser just times out. I changed the link to http://www.paypal.com, but the browser still times out, and I believe it's because paypal is redirecting to https. To answer my own

Re: [pfSense] NAT kills connections

On Thu, Mar 22, 2012 at 6:32 AM, Jim Pingle li...@pingle.org wrote: Is this your only WAN? No. It is one of a load-balanced pair. Does your rule passing out traffic to this server have a gateway set? Yes. All traffic from the LAN to this server is policy routed through the correct gateway.

Re: [pfSense] NAT kills connections

On Fri, Mar 23, 2012 at 12:53 AM, David Burgess apt@gmail.com wrote: Is this the part where I activate Bypass firewall rules for traffic on the same interface? And which pfsense do I need to do that on? I checked that box on both pfsenses separately and neither fixed the problem

Re: [pfSense] NAT kills connections

On Fri, Mar 23, 2012 at 1:14 AM, David Burgess apt@gmail.com wrote: I'm not sure how to fix this, so hints are most welcome. Well, I think I have a solution. It appears that it is as simple as not setting a gateway in the policy routing rule for destinations that are on an attached subnet

Re: [pfSense] NAT kills connections

On Thu, Mar 22, 2012 at 12:17 AM, Chris Buechler c...@pfsense.org wrote: That's not the same scenario you described in the previous thread unless it's just not explained as thoroughly. In the previous thread I included a second pfsense, but didn't mention it this time since the traffic in

Re: [pfSense] pfSense error, maybe hard drive?

On Thu, Mar 22, 2012 at 9:15 AM, Adam Piasecki apiase...@midatlanticbb.com wrote: 1) Windows has TRIM support for ware-leveling. Does FreeBSD include this? I can't speak to FreeBSD, but pfsense does not as of 2.0 2) If 8.1 does not support ware-leveling, would it be recommend that we not

Re: [pfSense] icmp best practices

On Mon, Mar 19, 2012 at 12:07 PM, David Burgess apt@gmail.com wrote: I have it enabled on all my interfaces I should clarify by saying that I allow ICMP echo requests on all interfaces, not all ICMP. This does not appear to prevent me from receiving other types of ICMP packets, as I can

Re: [pfSense] pfSense error, maybe hard drive?

On Wed, Mar 21, 2012 at 11:08 AM, Adam Piasecki apiase...@midatlanticbb.com wrote: What hard drive is recommended for pfSense. Or can someone tell me what your running. I use a Lexar Professional 2G and 4G compact flash with the embedded version in a couple of pfsenses. I deployed about a

[pfSense] NAT kills connections

I hate to resurrect an old thread, but this was never resolved for me, and the workaround that I was using is no longer valid due to a change in the situation. The old thread is here: http://www.mail-archive.com/list@lists.pfsense.org/msg00260.html, but just to quickly recap, I have a web server

Re: [pfSense] icmp best practices

On Mon, Mar 19, 2012 at 11:56 AM, Ugo Bellavance u...@lubik.ca wrote: Hi, The system I inherited of denies all ICMP requests by default, even internally. Is that a good idea? I think that echo/reply should at least be allowed internally. Opinions? I'm probably wrong, but I'm not aware

Re: [pfSense] High CPU Usage

On Sat, Feb 25, 2012 at 11:31 PM, Tom S pfsense-l...@y-tech.co.il wrote: The server is IBM with onboard Broadcoms, 3.0ghz Xeon CPU with 2 cores. We have average of 9000-1 states on the state table, something like 1000-1500 users. Your CPU numbers look high to me. I have a system here

Re: [pfSense] High CPU Usage

On Mon, Feb 27, 2012 at 1:35 AM, David Burgess apt@gmail.com wrote: On Sat, Feb 25, 2012 at 11:31 PM, Tom S pfsense-l...@y-tech.co.il wrote: The server is IBM with onboard Broadcoms, 3.0ghz Xeon CPU with 2 cores. We have average of 9000-1 states on the state table, something like 1000

  1   2   >