[pfSense] Traffic shaper weirdness
Hi, I've used the traffic shaper to limit the bandwidth going to a specific subnet. I created a queue, then a queue. It works ok, but whenever I make a change, I must uncheck the "default queue" checkbox, because if I don't do so, I get a warning message saying "Only one default queue per interface is allowed." When I uncheck the box, make my change, then save, then apply, I get this : New alert found: SHAPER: no default queue specified for interface opt2. The interface queue will be enforced as default. This isn't a show-stopper, but I think this should be fixed. Thanks, Ugo ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Permission problem for traffic graph
On 2012-07-11 13:21, Ugo Bellavance wrote: Hi, I've created a user on one of our pfsense (2.0.1) and gave him these permissions: - WebCfg - Status: RRD Graphs page -WebCfg - Status: Traffic Graph page The RRD Graphs page works, but the Traffic Graph page doesn't. When the user tries to access the Traffic Graph page, we get this error in the logs: php: /graph.php: u...@ip.ip.ip.ip attempted to access /graph.php but does not have access to that page. Redirecting to status_rrd_graph.php. I looked at the URLs and the traffic graph page is /status_graph.php, but the SVG graph seems to be /graph.php. Maybe the permission was given only to /status_graph.php? I have tested on a second pfsense and I get the same result. Should I open a bug? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense behind a router question
I'll echo Chris here, definitely want UDP or both TCP and UDP to be forwarded depending on your setup. Additionally, make sure in addition to port forwarding that you've allowed the traffic on any access-lists you have in place on the router. In cisco-land NAT typically doesn't imply traffic is allowed. -Ian On Thu, Jul 26, 2012 at 9:58 PM, Chris Buechler wrote: > On Thu, Jul 26, 2012 at 9:46 PM, Marcos Luna > wrote: > > Hello, > > > > > > yes, Im forwarding all tcp traffic from ports 1190-1199 (openvpn uses > 1194) > > OpenVPN generally uses UDP not TCP. > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Odd log entries 2.0.1 Release
-Original Message- Means your scope used to be bigger/different and there are old leases in the leases file that are outside of the current range. They'll go away eventually, and it's not anything to be concerned with. ___ Looks like that was it. Looking through my old backups I see it was once .10 to .245. Thank you. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
Am 27.07.2012 12:54, schrieb Frank: >>- does ist still works, if you call /etc/rc.dyndns.update manually ? Main difference between /etc/rc.dyndns.update and wget -O- ... is that rc.dyndns.update uses the system config. So: wget working and rc.dyndns.update not would indicate a config error. But why and how would it update the IP after hitting "Save" in the WebGUI, if the config was wrong? -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
Am 27.07.2012 12:54, schrieb Frank: BTW: Have you thought about using an own DynDNS Server? Thought about it, yes. But won't help in this particular case, as my customer insists on using no-ip; he recently migrated away from DynDNS to no-ip and doesn't want to perform another migration. I take it he uses no-ip with other systems, too (that aren't as easily migrated, like off-the-shelf DSL routers), and probably wants to keep it all in one place. Bit of a problem: pfsense seems not to support gnudip natively (which is one of the easier ways to make your own DynDNS). It does support RFC 2136, which sounds like the way to go when you want to roll your own dynamic DNS. I believe a partner company of mine uses that for their dynamic DNS needs (albeit purely on Linux, no pfSense/*BSD involved, but that shouldn't make a difference). -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
Hi Stefan, just because you asked... On Thu, Jul 26, 2012 at 11:14:14PM +0200, Stefan Baur wrote: > Am 26.07.2012 22:45, schrieb Frank: ... >> - if you *update* dyndns manually (curl, fetch, wget, whatever) every >>10m - does /that/ work? >>... because just using checkip does not give any information >>about if or if not the *update* works when periodically executed > > I'm not getting what you're trying to prove or disprove with that. Care > to explain? Fact is, triggering the update by refreshing the DynDNS > page in the WebGUI works. I will try to explain. Fist of all: "work" is short for "updates the dyndns as expected". If you update dyndns manually (something like wget -O- --no-check-certificate https://user:passw...@members.dyndns.org/nic/update?...) and this works even when called periodically, there is a problem at your side (script/config). If the dns is *not* updated, it's possible that dyndns works unreliably as other people in the thread suspected - or just enforcing the mentioned update rate limits. >> - does ist still works, if you call /etc/rc.dyndns.update manually ? Main difference between /etc/rc.dyndns.update and wget -O- ... is that rc.dyndns.update uses the system config. So: wget working and rc.dyndns.update not would indicate a config error. > Depends on what you mean with "works". I can call the script and it > doesn't error out, *but*, it does *not* update the IP. My guess is that > it is trying to check whether or not the WAN IP has changed using its > local means (comparing the current interface IP with a previously stored > value) and *not* using checkip.dyndns.org. that could have been found out using tcpdump :) .. not necessary any longer as I read - but still a nice exercise. BTW: Have you thought about using an own DynDNS Server? Bit of a problem: pfsense seems not to support gnudip natively (which is one of the easier ways to make your own DynDNS). -- Gruss Frank ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list