is absent or
wrong the server reply goes nowhere.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold!
ic scripts in your own
setup will probably be way faster in the long run.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
htt
ard error pages, but in the desirable configuration it's not,
though serving the error pages does seem to work partially anyway.
HTH,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to
servation with SSDs. Which SSD models do you use?
Or better, how do you select your SSDs? That's be really good to know
from those doing well there.
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list posti
SMART.
The SMART info is effectively a status collected over time. Sectors going
bad without detectable warning by necessitiy don't give SMART a chance.
Ditto disks that fail suddenly and catastrophically. SMART is not a
fix-all, but is is very very usful in many cases.
Volker
-
mentation. Create aliases based on MAC address.
Access port exclusively through alias name. Fix pfsense(!!) to keep
rules assigned to no interface accessible from the BUI, so the user can
manually re-assign them in bulk, instead of enforcing a click-me-stupid
orgy or XML file hacking. Aliases to
will/could be renumbered and run with the rest, without getting
surprises other than missing interfaces or failing to boot.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
__
before, would it be
useful to mention it inthe release note?
Thanks Jim,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
ut).
In my case the USB interface runs the wifi. I can do without that
easily. But not getting access to pfsense on the LAN port on a headless
APU-4 because the USB dongle is unplugged, dead, or whatever and
therefore my wifi may be offline sure does look braindead to me. Sorry.
Volker
--
Volk
(invisibly!) destroying
other chips, or worse, damaging them so they go out of spec but at first
sight still "work".
Outsourcing is a possibility, but it may only be enconomic if the
Ethernet chip is OK.
HTH,
Volker
--
Volker Kuhlmann is list0570 with the domain in heade
't run the hardware at
full speed (54M only). Then make sure the USB thingie is always plugged
in and doesn't fail, because if it isn't present, pfsense doesn't even
boot any more... so you can't even fix the rules or plug a new one in.
Volker
--
Volker Kuhlmann is list0570 with the
conclusion is that such "technology" is
unsafe.
VLAN switch with 100% open source firmware please...
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
serial cable and diddle
around with interface assignments, where pfsesne decides to sit instead
of running with a missing interface. Quite a ridiculous design IMHO!
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC l
likely that is), it adds complexity, and it mixes physically
separate networks together on one cable. Perhaps it might be acceptable
to merge networks of the same security level, merging LAN and WAN
networks doesn't sound like a good idea to me.
Volker
--
Volker Kuhlmann is li
st does go through squid/squidguard. However I'd also like this to
be enforced.
pfsense 2.2.6, squid3
Thanks muchly,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list post
ad its config onto different hardware and swap that into place
temporarily to see of the problems disappear?
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings
ss all by all, but
your redundancy might be easier and it seems a bit overkill to run an
openVPN server with all the routing capabilities when a simple encrypted
connection would do.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Ple
.5 and di not happen with 2.2.[234].
The package updates of squid3 0.4.3 and squidguard 1.9.17 within the
last few days fix it. Thanks!
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing l
option",
> to retain the current LAN configuration
No. pfsense is not aware of any other firewalls' configuration files.
Start from scratch.
You can change the LAN interface's IP address somewhere during easy
install IIRC, it's on the console at the end of installation.
HTH,
Volker
--
recreates SG config and restarts
squid) fails.
Attempting to start squid succeeds.
Saving the squidguard config fails.
Starting squidguard fails.
Starting squid succeeds.
Not really good :-((
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
ls -d /{root,etc}
/etc/root
There is a workaround with newer rsyncs, but what is the cause of this
not owrking on pfsense (works on Linux)?
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC
issing directories and getting squid to re-create
the cache index.
And there isn't an answer yet for why this cache part has been deleted,
or is being deleted repeatedly after upgrade.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/
999.msg557150#msg557150
The problem appears not to be with pfsense 2.2.4 but with the most
recent squid/squidguard package updates.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
important it is (have another time
server), and it's not the issue here.
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing
no nonerejectmobilize 1
Yes, thanks muchly.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https
thinking the only secure way to configure the AP is
over the wifi!).
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
is
...T02:57:57.142885+12:00 xx syslogd: sendto: Operation not permitted
pfsense has been up since well before that.
TIA, and thanks for fixing that useless syslog format!!
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
On Sun 08 Mar 2015 02:44:45 NZDT +1300, Tim Hogan wrote:
I like your idea with using 1:1 NAT but just one question; If you
use SSL with the certificate on the web server, will the 1:1 NAT
mess with that?
No.
Volker
--
Volker Kuhlmann is list0570 with the domain in header
if if the flashing gadget indicates as such. Smaller/cheaper than having
two different cables too.
FTDI chip, too.
Or what the Chinese make of that ;-)
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me
the netflow
visualizer to see the traffic information from one of the netflow plugins.
Copying a file onto another computer to look at its content isn't too
much of a problem. Do you know of a good tutorial that lists the
software needed, and basic config for each part?
Thanks,
Volker
--
Volker
really like to hear that I
missed something...
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman
I get the time. Open source on Linux only for me
though, unless it is on pfsense.
Thanks for thinking of the screenshots but I don't think they'd add much
to your description.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
?
This is kind of crucial, and needs a reliable answer if one doesn't want
to back it all up with another deny rule. pfsense changed too, in 2.1
such rule could not be created
https://redmine.pfsense.org/issues/2452
but it can on 2.1.5.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz
to the point, what port does the stream use? Is it one
handled by squid in the first place?
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
will disappear with the next
package update too. Squidguard isn't yet a stable pfsense package...
Sent from my U.S. Cellular® Smartphone
I couldn't care less, even if I tried very hard. ;-)
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz
tell you why something doesn't
start.
For example squidguard 1.4_4 pkg v.1.9.9 is broken with squid 2 because
it uses squid directives only available in squid 3. A look in the logs
and config files shows this easily.
Volker
--
Volker Kuhlmann is list0570 with the domain in header
be really useful if someone could update the descriptions that
show up on https://pfsense.localdomain/pkg_mgr.php for all these
packages.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
.
Trivial, just run it:
/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 300 -c
/var/etc/filterdns.conf -d 1
This incantation is run by pfsense. Doing the same from the command line
starts up a new instance of filterdns each time. It also updates aliases
immediately.
Volker
--
Volker
it always starts up a new instance that keeps running. Is it
possible to tell it to terminate after one update iteration, or do I
need to write a script that kills it after 10 seconds? Thanks.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
, in particular IPsec, have lower
overheads.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
trustworthy it would be prudent to at least route
the DNS traffic through the tunnel, if not all traffic. The VPN should
protect from all MITM attacks and snooping between the VPN client and
server.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http
causes a DoS. DoSs
seem to be considered a security problem, e.g. the current openvpn
problems don't get anyone any access but can cause a DoS, and everyone
is quick to fix it.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
down), or to disable WAN gateway monitoring (I am not
sure what it actually does when there is only a single ISP).
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
be done about the Internet going
offline.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
possible rule optimisations removing tables.
pfsense uses pfctl -o basic. Consider whether this may be a factor in
your case. Edit /etc/inc/filter.inc to -o none.
Cheers,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
of space.
Try temporarily reducing the browser text size (ctrl-scrollwheeldown) to
access the system menu.
Or try one of the other themes (System-General) if you're lucky enough
to get there.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
, and how do I fix it?
It used to work, but that may have been 2.1.3.
I just reinstalled 2.1.5 again to check if that fixes things, but it
doesn't. The problem occurs on a freshly installed system.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list
are frequently free from upgrade leftovers.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https
.
pfsense 2.1.5
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman
cache.log-uniq
So I am still looking for the cause of this suicidal pfsense box. Any
pointers gratefully accepted.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
to happen? The only change I've had
recently is that the internal SSD failed and got replaced with a 2.5
SATA spinning platter.
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
2.1.3.
I can't find RTL8150 any more.
Does anyone have an Ethernet USB adapter working under pfsense 2.1?
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me
statement. For each of the host2{} blocks containing a log statement an error
like this is generated:
2014-06-02 22:36:51 [51713] logfile not allowed in acl other than default
The pfsense bug tracker doesn't seem to be for pfsense packages, in lieu
of a better place I post it here.
Volker
--
Volker
570
Select the new position for this ACL item. ACLs are evaluated on a first-match
source basis.
The drop-down is empty.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List
for *.site.
What exactly should I be putting into the pfsense cert manager to get a
similar effect? And make the browser accept the IP address(es) too?
pfsense 2.1.3
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me
https://pfsense/diag_logs_settings.php
Has 3 fields for syslog servers. Says IP addresses must be entered. Does
accept names (corresponding entry exists in DHCP server or DNS
forwarder).
Either the comment is wrong, or error checking is absent (intentionally
or accidentally).
Volker
--
Volker
it is that use the IP address to log in
does not in fact provide a path for remedial action. It's a bit fishy to
me, but I'm also still having problems with the hme driver (on course
for replacement) which may interact.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
disable this check if needed in
System - Advanced - Admin.
Which would be all good, if one could log in to change it.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List
restarting
interfaces, e.g. from changing dhcp server settings.
IOW pfsense 2.1 with hme driver is totally unusable. I am kind of forced
to replace the hardware now.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list
of
those similar models do guzzle it).
That's my plan B, but I really don't like to use VLANs when I can avoid
the clutter and complexity (more bugs, more time spent). A pfsense box
with more ports is much easier.
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header
.x.c.z/ipaddr
subnet24/subnet
/opt2
...
/interfaces
I just had another runaway after adding a mac/ip in the wifi interface's
dhcp server. Confirmed with trivial test of adding another test entry to
the dhcp server.
Arrrghh.
Volker
--
Volker Kuhlmann
http
On Tue 22 Apr 2014 15:56:52 NZST +1200, Volker Kuhlmann wrote:
I just had another runaway after adding a mac/ip in the wifi interface's
dhcp server. Confirmed with trivial test of adding another test entry to
the dhcp server.
I should have mentioned that the pfsense syslog (sent to a syslog
too - but where
do I start looking?
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
Bryan.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
commercial networks, but just buying a VLAN capable switch costs
more than a suitable pfsense box and brings the power budget of the
combination to the same level as a scrapped PC - with the latter winning
hands down on cost.
TIA for any suggestions,
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz
! Doing now. rc.newwanip is featuring heavily in syslog with
the problematic interfaces.
Volker
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org
state changed to UP
2014-04-21T10:48:56.407443+12:00 pfsense check_reload_status: Linkup starting
hme2
--
Volker Kuhlmann
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https
, because VLANs
are more complex and error prone, American propriatory network equipment
doesn't seem like a good choice any more, and that model appears to be
no longer for sale where I live.
I'll keep it in mind though - thanks.
Volker
--
Volker Kuhlmann is list0570 with the domain
that they didn't have the
rights for the electronic version. Moot point, because...
2. Is there any ETA for the hard copy version of the new edition?
You are aware that it's available as an electronic version under the
gold program?
Volker
--
Volker Kuhlmann is list0570
to announce@ only happened, because of initial setup
problems, after I pointed out it was missing.
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me
was to be used as a reliable source of critical
information, posting the 2.1.2 release announcement with the heartbleed
fix is not optional???
Thanks,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me
. Like the Linux distro security lists,
they're well organised with no irrelevant drivel. To be honest, any
security announcement list that doesn't mention the kind of problem like
heartbleed looks like a complete waste of time to me!
Volker
--
Volker Kuhlmann is list0570
://lists.opensuse.org/
--
Volker Kuhlmann is list0570 with the domain in header.
http://volker.top.geek.nz/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
/ | grep dnsm doesn't find any config files.
The only VB postings on the forum is from 2009 and deals with issues VB
has with itself.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
___
List mailing
mechanism was used to upgrade it from
the version from the ISO image.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman
) it works fine
now. Hmmm. There isn't anything I can think of that I changed, I changed
very little from the default. Looks like dnsmasq need a restart for some
reason. Never mind.
Thanks muchly Jim,
Volker
--
Volker Kuhlmann is list0570 with the domain in header.
http
).
Are there other instructions I have missed?
Thanks muchly,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
to
clear the package lock.
What Iw ould like to know is how to prevent the package reloading after
restoring a config when there are no package changes.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me
.
This is repeatable until using --no-cache once. After that the file
saved by wget remains a .tar.gz.
Is this expected behaviour? It's somewhat inconvenient.
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me
84 matches
Mail list logo