Re: [pfSense] Problems with Realtek 8168/8111 nic
Am 11.12.2013 16:14, schrieb Adrian Zaugg: This device is quite new, embedded industrial design, 2GB of RAM. A Lex Twister (http://www.lex.com.tw/product/TWISTER.html), by any chance? They don't play along well with some brands of RAM. Not all sellers know about this, though. Kingston seems to be an especially problematic one with them (which surprised me). -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Multi Wan via gateway groups breaking some websites
Hi folks I've run into an issue that has me somewhat confused. Our multiwan router is up and working. This is 2.1 release. I've got 2 ports to two different network providers (different technologies at that). Following the directions ( https://doc.pfsense.org/index.php/Multi-WAN_2.0), I 1) set up a Gateway group called MultiWANGW which has both gateways. Both were originally set as tier 1. More on this in a moment. 2) set up outbound LAN-any mapping to use the MultiWANGW in the Gateway of the LAN rule governing outbound traffic. 3) I have two distinct DNS servers set up per gateway under Systems-General. I've verified that gateway monitor reports them working. Actually everything appears to be working ... except ... One or two sites (Ariba http://www.ariba.com and a few others) seem to have some significant problems if I leave both gateways at tier 1. Once I change it so that one (the slower backup one) is tier 2, it works. This has the impact of not doing an explicit load balance from what I have read on it. So ... my question is, what diagnostics should I try to be able to identify the issue (some sites not working when the system is set in load balanced mode)? I did try setting the sticky mode (System-Advanced-Miscellaneous), though I am not sure this is correct for outbound load balanced multi-wan. Overall, its working nicely, with a few strange things like this, with one larger exception that I have a work-around for. More in next email. -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics, Inc. email: land...@scalableinformatics.com web : http://scalableinformatics.com twtr : @scalableinfo phone: +1 734 786 8423 x121 cell : +1 734 612 4615 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] 1:1 NAT not working, but the equivalent port forward everything coming into a VIP to the internal unit is ...
Hi folks: Trying to figure this one out. Very simple concept, I want to take one virtual IP (VIP), and tie it to an internal (isolated) machine for customer/partner use. I've done this before using other firewall appliances, and it works pretty well for its use case. I just tried to do the same thing here. External IP: a.b.c.d Internal IP: e.f.g.h Internal Machine: i.j.k.l I started at Firewall-NAT-1:1 Added the rule: External subnet IP:a.b.c.d Internal IP: e.f.g.h Destination: i.j.k.l Made sure I had a VIP setup with a.b.c.d. I've got ping set up for testing, and it worked nicely. Next I tried sshing to that box ssh -vvv user@a.b.c.d Nothing. No negotiation, which usually means it can't reach it. So I logged into the pfsense box, and did a tcpdump -i em5 # the private NIC going to the isolated machine at the shell. I did not see the ssh traffic, or the pings. Ok, I tried a few other combinations (changed internal IP to destination IP, and the converse of that). Still nothing. So I deleted that rule, and did a simple multi-port forward. All TCP/UDP showing up for any port 1-65000 on a.b.c.d is port forwarded to the destination starting at port 1. That worked. I see the traffic with tcpdump, I can ssh in, etc. But I don't like that, as it seems ... hack-ish. I would think the 1:1 would be cleaner (and use fewer states?), but I am not sure about this. Is there any magic incantation, burn offerings, or typing one can do to diagnose this? The tcpdump on the internal port on the pfsense box is a good indicator if packets are getting through. Is there somewhere else to look on the system to watch the decision processes it makes during the pf filter pipeline? Or should I simply be happy that it works, and not worry about it? I am happy to file a bug report if it makes sense, I figured I'd ask first to see if someone thinks this is pilot error (very well could be). Thanks! Joe -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics, Inc. email: land...@scalableinformatics.com web : http://scalableinformatics.com twtr : @scalableinfo phone: +1 734 786 8423 x121 cell : +1 734 612 4615 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT not working, but the equivalent port forward everything coming into a VIP to the internal unit is ...
On 12/11/2013 02:38 PM, Justin Edmands wrote: Monitor blocked attempts under Status -- System Logs -- Firewall ... filter for the IP you want. If you see the block, click the small grey arrow with a plus sign next to the destination IP. This will create a rule and allow you to go to Firewall -- Rules to indentify the proper rule setup to pass these SSH attempts. Next, notice that these rules are in order...top to bottom. Here is the sentence at the bottom of all firewall rule pages: *Hint: * * Rules are evaluated on a first-match basis (i.e. the action of the first rule to match a packet will be executed). This means that if you use block rules, you'll have to pay attention to the rule order. Everything that isn't explicitly passed is blocked by default. PS: By default, all blocked attempts are logged. After creating a rule, you can also turn on logging for the rules that pass. This will allow you to see the source/destination that is using the rule. Thanks! -- Joseph Landman, Ph.D Founder and CEO Scalable Informatics, Inc. email: land...@scalableinformatics.com web : http://scalableinformatics.com twtr : @scalableinfo phone: +1 734 786 8423 x121 cell : +1 734 612 4615 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Multiple routing tables
I've been asked if pfSense has multiple routing tables. Specifically, there is kernel option in FreeBSD: options ROUTETABLES=2 Which enables you to setup a second routing table for a second interface. Does pfSense use multiple ROUTETABLES? If not, why not and does the existing policy based routing support the same features (the ability to pick which routing table/interface is used for sending outbound traffic). Walter -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] AR9280 network adapter not working
Hi, I can't get my wireless access point to work. I have an Atheros AR9280, a chip which appears to be well supported. After activating the interface the network is not visible from other hosts and I get the following log entries. I'm not sure if that's related to the actual problem. kernel: ath0: unable to reset hardware; hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 3 (2422 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 4 (2427 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 5 (2432 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 8 (2447 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 9 (2452 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 10 (2457 MHz, flags 0x480), hal status 14 kernel: ath0: ath_chan_set: unable to reset channel 12 (2467 MHz, flags 0x680), hal status 14 kernel: ath0: unable to reset hardware; hal status 14 What is hal status 14? Furthermore, if I go to the Status → Wireless tab and do a Rescan, no neighbouring networks show up. It might be a hardware issue or just a configuration error. I'd be glad if someone could help me to debug this. System -- 2.1-RELEASE (amd64) built on Wed Sep 11 18:17:48 EDT 2013 FreeBSD 8.3-RELEASE-p11 Interface Configuration --- IPv4 Configuration Type : Static IPv4 IPv4 address: 10.0.30.1 Standard: 802.11b Channel : Auto Antenna settings: Default Default Mode: Access Point SSID: foobar Enable Hide SSID: no - no encryption (yet) - Let me know if I should provide more information. Best regards Marco ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list