Re: [pfSense] no internet access on vlan
unbelievable, but i've overseen the following: php: rc.initial.setlanip: The command '/sbin/ifconfig 'lagg0_vlan3' inet delete' returned exit code '1', the output was 'ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address' Am 28.02.2014 07:32, schrieb J. Echter: Hi, i have 3 vlan's on my LAN interface. 2 of them working nicely. With the third i got trouble. I can access local network devices, but i cannot access internet. traceroute stops at 192.168.4.1 (vlan3 if address). default allow everything to any rule is added, dns forwarder listens on that ip (dns resolution works). Firewall logs don't show anything. pfSense 2.1 also was rebooted. What could be wrong with my setup? regards Juergen ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Mit freundlichen Grssen Jrgen Echter ECHTER Kchen Elektro GmbH Augsburger Str. 49 86529 Schrobenhausen Tel: 08252 / 8976 - 0 Fax: 08252 / 8976 - 10 e-mail: i...@echter-kuechen-elektro.de web: www.echter-kuechen-elektro.de Reg.-Gericht: Ingolstadt Nr. HR B 101907 Ust.-Id. Nr.: DE234419866 Steuernummer: 124/125/51166 Geschftsfhrer: Thomas Echter ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] can not block skype with snort and confusion on squid custom rule.
i am trying to block skype logging with the signature number 5999 and 6001 as describe in few howtos. i added all p2p rules for skype. but the main signaure with sid 6001 is missing. i can not see that signature in the list. however i can see 5999 and few others related to skype which are not doing the job. first of my question is how can i find which signature ID (SID) is in which catagory there is no search option on the snort portal in pfsense. please guide if anyone got any idea. Secondly i have implemented a squid rule which is block Skype with 100% efficiency however Pfsense (as it seem) does not give us the option to apply some extensive rules via squid.conf is it possible i can apply few rules few advance one. like time base ACL and QOS built in squid functionality? i know for QOS Pfsense is providing very different approach however squid also have some classes which give us the same QOS options via proxy. i use those classes in pfsense. Thanks, MYK ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] How to track these kind of things ?
hail, I just got pfSense 2.1 running on an IBM machine using igb cards, and got all crazy things from them. I then found https://forum.pfsense.org/index.php/topic,66908.msg367991.html#msg367991 and https://github.com/pfsense/pfsense/commit/f3a4601c85c4de78caa4f12fefd64067fd83dbe8, and it looks like to solve the problem. I know pfsense releases are out not much often, so is there a way to track all bugfixes from current release before it comes out as 2.1.x (just to make an example). thanks, matheus -- We will call you Cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] verizon USB data modem
On Thu, Feb 27, 2014 at 10:29 PM, Oliver Hansen oliver.han...@gmail.comwrote: Hi Vick, I have used the Pantech UML290 on Verizon. It looks like VZW still sells the UML290 on their web site but I have not had experience yet with the UML295. I may get ahold of one sometime in the near future so if I do I'll let you know my experience. Thanks. I'll probably just get the 290 for my backup line, then. My current wireless (microwave) provider looks like they're going to disconnect my building since I'm the only one left. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Are WAN rules needed for ISAKMP and ESP?
Is it necessary to add explicit rules to allow inbound ISAKMP (UDP 500) and ESP (IP protocol 50) on the WAN interface? I had a problem with pfsense 2.0.1 failing to accept sessions initiated by a Cisco ASA5505. tcpdump showed the ASA was sending ISAKMP phase 1 and pfsense was not replying. I added a rule to allow UDP 500 in and after that it worked. Is the same required for ESP? Does pfsense 2.1 also require this? I have a new site with pfsense 2.1 which hasn't shown this problem (yet), but that could just be through luck. Thanks, Brian. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Are WAN rules needed for ISAKMP and ESP?
I believe so. I have two ports opened under Rules for my IPSEC configuration. On Feb 28, 2014, at 3:27 PM, Brian Candler b.cand...@pobox.com wrote: Is it necessary to add explicit rules to allow inbound ISAKMP (UDP 500) and ESP (IP protocol 50) on the WAN interface? I had a problem with pfsense 2.0.1 failing to accept sessions initiated by a Cisco ASA5505. tcpdump showed the ASA was sending ISAKMP phase 1 and pfsense was not replying. I added a rule to allow UDP 500 in and after that it worked. Is the same required for ESP? Does pfsense 2.1 also require this? I have a new site with pfsense 2.1 which hasn't shown this problem (yet), but that could just be through luck. Thanks, Brian. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Freezing Entering NAT Rules
Turned out to be bad/dieing hardware. Replaced the firewall with a new Dell server and everything is back to normal. Thanks, James From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Chris Buechler Sent: February-23-14 6:16 PM To: pfSense support and discussion Subject: Re: [pfSense] Freezing Entering NAT Rules On Sunday, February 23, 2014, James Caldwell jamescaldw...@hurricanecs.commailto:jamescaldw...@hurricanecs.com wrote: Has anyone ever experienced the gui hang or get very sluggish entering NAT rules and subsequently applying changes afterwards? Sounds like what would happen if you have a gateway down and state killing enabled. -- Sent from my phone, please excuse any typos or excessive brevity. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Blocking based on MAC
I just checked google and the “best” solution from a few versions ago is to reserve the MAC IP to something out of range. I’d like to find a “simple” way to do that for my customer. Is there a better way to block a MAC? — Ryan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive Portal questions - Interstitial page
I don’t think so. Your remote system will not have access to the things pfSense needs to add the captive portal bypass entries to ipfw. Namely the MAC address associated with the IP Address. A RADIUS Server could be remote. On Feb 27, 2014, at 8:17 AM, Ryan Coleman ryanjc...@me.com wrote: Can I have the interstitial page go straight to a website to handle everything? Rather than locally handled on the system? I am activating this feature at a bar where I do tech work and would prefer to manage everything back on our website rather than trying to maintain code on the controller. TIA. — Ryan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Captive Portal questions - Interstitial page
We’re not doing a login page - it’s a simple thanks for coming, here are some basic rules and see our specials. Think of it like a McDonald’s or chain coffee shop page. I can “bless” access through the CP - in fact I’m already doing that for the CSS, images and javascript files. On Feb 28, 2014, at 9:34 PM, Chris L c...@viptalk.net wrote: I don’t think so. Your remote system will not have access to the things pfSense needs to add the captive portal bypass entries to ipfw. Namely the MAC address associated with the IP Address. A RADIUS Server could be remote. On Feb 27, 2014, at 8:17 AM, Ryan Coleman ryanjc...@me.com wrote: Can I have the interstitial page go straight to a website to handle everything? Rather than locally handled on the system? I am activating this feature at a bar where I do tech work and would prefer to manage everything back on our website rather than trying to maintain code on the controller. TIA. — Ryan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
