[pfSense] screen package for pfsense
Is there a screen package for pfsense? Can I just take an off-the-shelf FreeBSD package? This would be really useful, e.g. if I need to leave a tcpdump running for a few hours to capture traffic to/from a particular host. Regards, Brian. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] screen package for pfsense
On Mon, Mar 10, 2014 at 7:03 AM, Brian Candler b.cand...@pobox.com wrote: Is there a screen package for pfsense? Can I just take an off-the-shelf FreeBSD package? This would be really useful, e.g. if I need to leave a tcpdump running for a few hours to capture traffic to/from a particular host. Regards, Brian. You should be able to install the of-the-shelf FreeBSD screen port. (pkg_add -r screen) However, if you are writing the output to a file and not directly to the screen, you can probably just use nohup (which my firewall machine seems to already have) to keep the process running. (Something like this: nohup tcpdump tcpdump options ) Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] screen package for pfsense
On Mon, Mar 10, 2014 at 10:57 AM, Moshe Katz mo...@ymkatz.net wrote: However, if you are writing the output to a file and not directly to the screen, you can probably just use nohup (which my firewall machine seems to already have) to keep the process running. (Something like this: nohup tcpdump tcpdump options ) given that the default shell for pfsense is tcsh, nohup is unnecessary here. this shell does not HUP background processes on exit. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive Portal: Per-client speed
Hello, You can limit speed by client. I do it by mac address, you can do it by ip address in captive portal by Pass-through MAC or Allowed IP addresses. Personally I use Pass-through MAC with limitation and it work very well. Visibly you can Enable per-user bandwidth restriction in the first tab (Captive portal) For the total limitation I use Traffic Shaper by interfaces the WANx are for upload and LAN if for download. You can put rules for QoS. the first time you can use the Wizard, and modify queues after. The limitations are : - for download you can only limit for total of all connections (I have multi-Wan : 5Wan with 10Mbits (5*10Mbps=50Mbps) so my limit for the LAN queue is 48Mbits), it is recommended to put less than the real bandwidth to never saturate you DSL connexion. - I think it can be interesting to limit to a number of packets by second. Because in DSL (I have test with ADSL in France) a big number of packets increase ping almost if only half of the bandwidth is use. If you have solution for this points don't hesitate ! Thanks David 2014-03-07 16:21 GMT+01:00 Brian Caouette bri...@dlois.com: That connection should be more then sufficient for most people. If it were me I would throttle at 1x512 or even 512 x 512. Web surfing and email by nature are burst traffic so everyone should be happy. Smart phone and tablets are a good match. I serious doubt people are going to be streaming video in a bar so I don't foresee any issues. On 3/5/2014 1:31 PM, Ryan Coleman wrote: It appears I can throttle individual users on the Captive Portal, but how can I limit the speed of that entire network? Is that through Traffic Shaping? And how would I do that? The bar, I'm afraid, only has a 12x1 DSL connection. I might be able to convince them to upgrade the speed but that's a shot in the dark. And from the looks of the options at their provider it's slim pickings. TIA, Ryan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive Portal: Per-client speed
I think I'll have to write a white paper for it when I'm done. The first test with shaper killed the house network and we had to roll it back. -- Ryan Coleman ryanjc...@me.com m. 651.373.5015 o. 612.568.2749 On Mar 10, 2014, at 10:10, David QuayCendre david.quaycen...@gmail.com wrote: Hello, You can limit speed by client. I do it by mac address, you can do it by ip address in captive portal by Pass-through MAC or Allowed IP addresses. Personally I use Pass-through MAC with limitation and it work very well. Visibly you can Enable per-user bandwidth restriction in the first tab (Captive portal) For the total limitation I use Traffic Shaper by interfaces the WANx are for upload and LAN if for download. You can put rules for QoS. the first time you can use the Wizard, and modify queues after. The limitations are : - for download you can only limit for total of all connections (I have multi-Wan : 5Wan with 10Mbits (5*10Mbps=50Mbps) so my limit for the LAN queue is 48Mbits), it is recommended to put less than the real bandwidth to never saturate you DSL connexion. - I think it can be interesting to limit to a number of packets by second. Because in DSL (I have test with ADSL in France) a big number of packets increase ping almost if only half of the bandwidth is use. If you have solution for this points don't hesitate ! Thanks David 2014-03-07 16:21 GMT+01:00 Brian Caouette bri...@dlois.com: That connection should be more then sufficient for most people. If it were me I would throttle at 1x512 or even 512 x 512. Web surfing and email by nature are burst traffic so everyone should be happy. Smart phone and tablets are a good match. I serious doubt people are going to be streaming video in a bar so I don't foresee any issues. On 3/5/2014 1:31 PM, Ryan Coleman wrote: It appears I can throttle individual users on the Captive Portal, but how can I limit the speed of that entire network? Is that through Traffic Shaping? And how would I do that? The bar, I’m afraid, only has a 12x1 DSL connection. I might be able to convince them to upgrade the speed but that’s a shot in the dark. And from the looks of the options at their provider it’s slim pickings. TIA, Ryan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive Portal: Per-client speed
On Wed, Mar 5, 2014 at 11:31 AM, Ryan Coleman ryanjc...@me.com wrote: It appears I can throttle individual users on the Captive Portal, but how can I limit the speed of that entire network? Is that through Traffic Shaping? And how would I do that? Create a limiter (up and down, if desired) without a mask. To your firewall rule that passes traffic for that network, choose your limiter(s) in the In/Out section. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] unbound using ipv6 in ipv4-only environment
I've noticed that the latest Unbound package attempts to use IPv6 even when I only have IPv4 connectivity, resulting in a handful of errors logged. I'm not sure if these errors cause problems or not, I'd expect them to fail instantly, however, I'm not certain whether it's actually a factor, the underlying issue I'm trying to troubleshoot is periodic delays in DNS resolution. If I don't restore the cache, I do observe definite delays the first time a particular gTLD or ccTLD is accessed, which coincides with a bunch of IPv6 related errors as unsuccessfully unbound attempts to connect. Is there any harm in flipping unbound's IPv6 support off in the package? Is there any reason to leave it on? Is it doing any harm? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Yealink OpenVPN to asterisk
I have a asterisk box at a data center that has some high traffic websites. I also have am asterisk box there with a few Yealink T46G phones OpenVPNed into the presence box at the data center. I have a few asterisk boxes but this is the first client connection via openvpn. I think the call quality takes a major hit when the websites get heavy traffic. I say this kind because I cannot pinpoint if that is the cause. The data center has a single Internet connection but with two separate subnets (ran out of Ip addresses). This has been setup as WAN and WAN2. I set up qos on pfsense but not sure if right. The single connection is 10Mbit... but I set up WAN1 AND WAN2 as 10Mbit... which I assume is wrong. How do I set that correctly? I am also a little lost... since the voice traffic is OpenVPN, how to I make certain that it is the highest priority across the board? Chuck ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list