[pfSense] Finaly moved to Endian Firewall 3.0
Dear Sir, At present temporary i moved to Endian firewall 3.0 for https proxy its works good. Thanks A Mohan Rao ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Strange problems with pfSense 2.1.4
Hello, >>Jason M. wrote: >>I'm using the PFW201 hardware from Tranquilnet > > According to Tranquilnet: > > " *Note: These units may run hot to the touch and we recommend eith a wall > mount or to place them on a cool, dry and hard surface with proper air > flow" > > I can build systems that are much faster and more powerful for less than > half the price so I've never used a PFW201, but I have seen it mentioned > that units like them often have a cpu heat sink that makes contact with > the > case. Or, that they have a metal shim that connects the heat sink to the > case. > > Heat transfer for these systems is often critical. Is yours overheating? > Are > you testing with one of the Tranquilnet units, or one of the units you got > direct from the supplier? One, the problem first appeared with the Tranquilnet unit. Two, I forgot to mention that I noticed that the heat problem (it's hard to miss if you don't read the directions -- the units are almost hot enough to burn skin :) and am using a laptop cooler for now. I'm trying out USB powered fans as a better long term solution, but the units are very cool with the laptop cooler. > > > >> Now my question is, what is going wrong? I've tried the same >>config on multiple devices, so I don't think it's hardware. Could >>my config have become corrupted? > > I don't follow your logic about it not being the hardware, but yes, your > config could have become corrupted. Try another CF card? Try installing > from > scratch and restoring a backup xml file? Well, pfSense recommends the Tranquilnet hardware and the problem occurs with that. The problem also occurs with the units from the manufacturer which have the same part number and look identical. These units have a backup XML file restored to a fresh CF card. Sorry for not mentioning this in my first message -- I was kind of tired. I was trying to say that maybe something in the .xml config might have become corrupted, but I took a look at the .xml file and it doesn't look like there's room for corruption. The only thing strange is this: 1407542644 admin@192.168.182.10 Do have any other ideas? > > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > Thanks for the help, Jason M. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
Oh I've got it: lack of default route on 192.168.yyy.40 Just how HTTP was working is still a mystery though. Apologies for the noise! -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Murray Sent: 10 August 2014 21:08 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Another OPT1 routing question Just one more issue now which has me puzzled and I'm hoping someone has some ideas? It appears to be working for some hosts but not others? I have a machine 192.168.yyy.60, which I can ping & SSH to from the 192.168.xxx.0 network. I have a machine 192.168.yyy.40, which listens on port 80. I can access HTTP from the 192.168.xxx.0 network, but I can't SSH or ping it. I *can* SSH from 192.168.yyy.60 to 192.168.yyy.40, so it is up. I can ping 192.168.yyy.40 from the OPT1 interface; that's fine. As soon as I try to ping from the LAN interface, 100% packet loss. Yet try to do the same with 192.168.yyy.60, it's fine. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Murray Sent: 10 August 2014 16:29 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Another OPT1 routing question They don't now, but the process of reassignment suggested that they did, and that one of them was down. i.e. the "Valid interfaces are:" list wasn't right. It's now correct though, thanks for that. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc Sent: 10 August 2014 15:21 To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] Another OPT1 routing question >em1 third MAC address (up) <-- shouldn't that be the second MAC address? Are you saying two interfaces have the same mac address even after reassignment? That's not right. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8012 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Fwd: new to pfsense
Hi all I have just installed PFSENSE in my one of the old box installation works perfectly my achievements are i got one of the Ethernet port and one of o2 dongle to connect internet i configured to my box back to back cable ethernet i try to connect o2 it says ppp0 up i do not see any IP address assined to interface. how can i get IP address and how can i route my ethernet traffic to ppp0 and use my laptop to browse internet laptop---ethernet---ppp0 ram ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
Just one more issue now which has me puzzled and I'm hoping someone has some ideas? It appears to be working for some hosts but not others? I have a machine 192.168.yyy.60, which I can ping & SSH to from the 192.168.xxx.0 network. I have a machine 192.168.yyy.40, which listens on port 80. I can access HTTP from the 192.168.xxx.0 network, but I can't SSH or ping it. I *can* SSH from 192.168.yyy.60 to 192.168.yyy.40, so it is up. I can ping 192.168.yyy.40 from the OPT1 interface; that's fine. As soon as I try to ping from the LAN interface, 100% packet loss. Yet try to do the same with 192.168.yyy.60, it's fine. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Murray Sent: 10 August 2014 16:29 To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Another OPT1 routing question They don't now, but the process of reassignment suggested that they did, and that one of them was down. i.e. the "Valid interfaces are:" list wasn't right. It's now correct though, thanks for that. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc Sent: 10 August 2014 15:21 To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] Another OPT1 routing question >em1 third MAC address (up) <-- shouldn't that be the second MAC address? Are you saying two interfaces have the same mac address even after reassignment? That's not right. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
They don't now, but the process of reassignment suggested that they did, and that one of them was down. i.e. the "Valid interfaces are:" list wasn't right. It's now correct though, thanks for that. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc Sent: 10 August 2014 15:21 To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] Another OPT1 routing question >em1 third MAC address (up) <-- shouldn't that be the second MAC address? Are you saying two interfaces have the same mac address even after reassignment? That's not right. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] [Bulk] Re: Another OPT1 routing question
You wrote "I did correct the MAC address for OPT1," , please note that it is normally not needed to configure the MAC addresses of networkcards inside the pfSense webgui. (only sometimes if you want to avoid some ISP arp-cache update issue when changing hardware) make sure to remove that setting if you still have it but want to have pfSense use the same mac's that the (virtual) nic really have. I suspect that this is now causing the 'duplicate' mac on the pfSense interfaces. Greets PiBa-NL compdoc schreef op 10-8-2014 16:21: em1 third MAC address (up) <-- shouldn't that be the second MAC address? Are you saying two interfaces have the same mac address even after reassignment? That's not right. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
>em1 third MAC address (up) <-- shouldn't that be the second MAC address? Are you saying two interfaces have the same mac address even after reassignment? That's not right. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
Oh that's odd, they were mixed-up on the console screen and on the option to reassign interfaces. I'd expect em0 em1 and em2 to be enumerated same order as the virtual interfaces presented to the VM, but when reassigning, they were like this: em0 first MAC address (up) em1 third MAC address (up)<-- shouldn't that be the second MAC address? em2 third MAC address (down) <-- correct MAC address, but surely that should be 'up'? I chose interfaces again anyhow (WAN --> em1, LAN --> em0 and OPT1 --> em2). After one restart my internet access disappeared, but reassigning via the UI WAN --> PPPOE1 did the trick. After one restart it's still working. Many thanks, I'll remember that one in future! -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc Sent: 10 August 2014 14:18 To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] Another OPT1 routing question > OPT1 interface - actually has the VM's WAN MAC address (the second interface rather than the third interface) If you haven't yet, you might want to reassign interfaces on the console login screen. The Option is number (1) in the list. Then reboot. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list - No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4744 / Virus Database: 4007/8010 - Release Date: 08/10/14 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Another OPT1 routing question
> OPT1 interface - actually has the VM's WAN MAC address (the second interface rather than the third interface) If you haven't yet, you might want to reassign interfaces on the console login screen. The Option is number (1) in the list. Then reboot. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Strange problems with pfSense 2.1.4
>Jason M. wrote: >I'm using the PFW201 hardware from Tranquilnet According to Tranquilnet: " *Note: These units may run hot to the touch and we recommend eith a wall mount or to place them on a cool, dry and hard surface with proper air flow" I can build systems that are much faster and more powerful for less than half the price so I've never used a PFW201, but I have seen it mentioned that units like them often have a cpu heat sink that makes contact with the case. Or, that they have a metal shim that connects the heat sink to the case. Heat transfer for these systems is often critical. Is yours overheating? Are you testing with one of the Tranquilnet units, or one of the units you got direct from the supplier? > Now my question is, what is going wrong? I've tried the same >config on multiple devices, so I don't think it's hardware. Could >my config have become corrupted? I don't follow your logic about it not being the hardware, but yes, your config could have become corrupted. Try another CF card? Try installing from scratch and restoring a backup xml file? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Another OPT1 routing question
Hi all, I'm having some confusion with my OPT1 interface. I've found quite a few questions around OPT1 routing, with various solutions too, however none of them seem to be applicable to me. I may be misunderstanding something basic, so please bear with me. I had pfSense inside KVM, with two virtual NICs, each connected to their corresponding physical NIC. One physical NIC goes to a LAN switch, and the other to a second switch, into which is plugged a DSL modem. I have another KVM host plugged into the same switches. It also runs this VM, and I can migrate back and forth without issue. There's still a single point of failure in each of the switches, and another in the modem, but this is good enough for my needs so that I may patch hosts independently etc. Internet access continues during the migration from host A to host B and vice versa. I've added a third NIC, (eth2 on the KVM hosts), added a bridge in the same way as the others (VMBR2), and presented this to the pfSense VM as a third NIC. I've added this as OPT1, given it an address in the form 192.168.yyy.1 (the address on the LAN interface is 192.168.xxx.1). I've connected these two new physical NICs to a separate switch, in the same manner as the others. Therefore one physical host has three NICs each in a separate switch. I intend to mirror the functionality of the LAN in OPT1; just having an extra range of addresses to use. For now I'd like LAN machines to be able to contact OPT1 machines and vice-versa. So the LAN interface still has this rule: IPv4 * LAN net * * * * none And I've added this one to OPT1, just like the OpenVPN interface has: IPv4 * * * * * * none I have a machine plugged into the new switch, 192.168.yyy.60 >From an address in 192.168.xxx.0, I can ping 192.168.xxx.1 and 192.168.yyy.1, but *not* 192.168.yyy.60 (destination host unreachable) On the OPT1 rule, I have "Log packets that are handled by this rule" ticked. Status --> System Logs --> Firewall doesn't contain anything at all for the OPT1 interface. The packet RRD graph for the OPT1 interface shows a lot of "in-block" which I don't understand given how relaxed the rules are. One odd thing I've noticed is: The VM has three MAC addresses; one for LAN, one for WAN and one for OPT1. Inside pfSense's Status --> Interface, they appear as: WAN interface (PPPOE1) - 00:00:00:00:00:00 there is no WAN interface and I don't understand this bit, but fair enough LAN interface - has the VM's LAN MAC address, as you might expect. OPT1 interface - actually has the VM's WAN MAC address (the second interface rather than the third interface) I did correct the MAC address for OPT1, only for it to break my internet temporarily which a VM restart then fixed. This still hasn't resolved the routing. Any help is appreciated. If the issue is due to my virtualised setup, I'd be interested to know why the LAN/WAN routing works fine the way it is. I'm on 32 bit 2.1.4 Many thanks, Chris ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
