Re: [pfSense] pfSense and SIP

2018-01-09 Thread Bruce Ferrell
Roberto, I run an asterisk behind a pfSense 2.2.6 NAT and to make the scenario you've described work, I have to do port forwarding and I allow the firewall to generate to corresponding rules. I fought and fought and finally just let the firewall do it's thing and let go of a degree of control  W

Re: [pfSense] Transparent proxy for WiFi users

2018-01-09 Thread WebDawg
Can you just do inspection on this and have it stop acting as a true proxy? Splice All: This configuration is suitable if you want to use the SquidGuard package for web filtering. All destinations will be spliced. SquidGuard can do its job of denying or allowing destinations according its rules, a

Re: [pfSense] pfSense and SIP

2018-01-09 Thread WebDawg
I think you need to look into state tracking: https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules I had an issue like this though with some advanced vpn routing I was doing and pfsense was killing states when I routed more then once. Is that your case? If pfsense cannot trac

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-09 Thread Rainer Duffner
> Am 10.01.2018 um 00:14 schrieb Kyle Marek : > > This contradicts the majority of the purpose of virtualization. Interesting that you bring it up…. I give you Theo de Raadt in late 2007: https://marc.info/?l=openbsd-misc&m=119318909016582

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-09 Thread Kyle Marek
On 01/09/2018 05:58 PM, Gé Weijers wrote: > On Wed, Jan 3, 2018 at 2:32 PM, Walter Parker wrote: > >> On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates wrote: >> >>> I'm not a developer but I would think it's dependent on FreeBSD releasing >>> the update, plus testing by pfSense/Netgate. However, I wo

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-09 Thread Gé Weijers
On Wed, Jan 3, 2018 at 2:32 PM, Walter Parker wrote: > On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates wrote: > > > I'm not a developer but I would think it's dependent on FreeBSD releasing > > the update, plus testing by pfSense/Netgate. However, I would think > > there's not much concern with PCs

Re: [pfSense] pfSense and SIP

2018-01-09 Thread Giles Coochey
On 09-01-2018 15:49, Roberto Carna wrote: Special thanks to both of you... With ANY I mean "all TCP and UDP ports". Maybe when the remote peer sends to my PBX the SIP packet with the SIP Options, the response from the PBX is a SIP packet defined as ESTABLISHED trafficand this ESTABLISHED

Re: [pfSense] pfSense and SIP

2018-01-09 Thread Roberto Carna
Special thanks to both of you... With ANY I mean "all TCP and UDP ports". Maybe when the remote peer sends to my PBX the SIP packet with the SIP Options, the response from the PBX is a SIP packet defined as ESTABLISHED trafficand this ESTABLISHED feature is not working or not defined in pfSEn

Re: [pfSense] pfSense and SIP

2018-01-09 Thread Giles Coochey
On 09/01/2018 14:34, Roberto Carna wrote: Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote peer out of the pfSense. I connect PBX and Peer in order to establish a SIP trunk. In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all. So we have generated two firewa

Re: [pfSense] pfSense and SIP

2018-01-09 Thread Lars Wuerfel
Sorry, Robert, I checked too late "there is no NAT at all", so ignore my answer please. Regards Lars On 01/09/2018 03:34 PM, Roberto Carna wrote: [...] In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all. [...] ___ pfSense mailing

Re: [pfSense] pfSense and SIP

2018-01-09 Thread Lars Wuerfel
Robert, I have the same constellation, and I had to enable "Static Port" for outgoing packets from the PBX box. Documentation here: https://doc.pfsense.org/index.php/Static_Port My settings: "Firewall" -> "NAT" -> "Outbound": - Outbound NAT Mode: - "Hybrid Outbound NAT" - Mapping: -

[pfSense] pfSense and SIP

2018-01-09 Thread Roberto Carna
Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote peer out of the pfSense. I connect PBX and Peer in order to establish a SIP trunk. In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all. So we have generated two firewall rules: PBX --> SIP Peer with ANY SIP Pee

Re: [pfSense] Squid crash: assertion failed: store_swapout.cc:289: "mem->swapout.sio == self"

2018-01-09 Thread Roberto Carna
OK, thank you very much !!! 2018-01-08 13:59 GMT-03:00 Chris L : > > >> On Jan 8, 2018, at 8:39 AM, Eero Volotinen wrote: >> >> try removing squid package from package manager and then reinstalling. >> >> 8.1.2018 18.24 "Roberto Carna" kirjoitti: >> >>> Dear Eero, >>> >>> How do I have to remove