Re: [pfSense] Two queries from intending new user
Bret It's very easy to install pfsense on a self-contained thumb drive. I'd recommend that and just changing your bios boot order as appropriate. Once you've setup the configuration/etc on the thumb drive and you feel comfortable moving it to 'production' it's very easy to export you whole config, install on the primary drive, and import the config. Travis Hansen travisghan...@yahoo.com On Tuesday, November 17, 2015 6:45 PM, Bret Busby wrote: Hello. I have been recommended to install and use pfSense to replace my existing firewall, which is Firestarter running on an old and unsupported version of Debian Linux. I have looked at the pfSense documentation, including the Installation Guide for pfSense, and I have the following two queries. Does installing pfSense, especially, using the "Quick/Easy Install option", allow for installation so as to allow for multiple boot options (being able to choose an alternative boot option)? Rather than obliterate the existing firewall installation, I would prefer, if possible, to be able to install pfSense "alongside" the existing firewall installation, so that, using a bootloader like GRUB, if I have any problems with operating or configuring pfSense, or, with the installation procedure, or, subsequent updating, of pfSense, I could revert to using the existing firewall installtion, to allow me Internet access, to be able to seek assistance. The second query is thus; from what I understand, the "pfSense Default Configuration" has "LAN is configured with a static IPv4 address of 192.168.1.1/24". Is it possible, with the "Quick/Easy Install option", to retain the current LAN configuration, where the network card that goes outside, uses DHCP, and the network card that interfaces with the LAN behind the firewall, uses a slightly different IPv4 address range; eg, if it instead used 192.168.3.1/99 ? Thank you in anticipation. -- Bret Busby Armadale West Australia .. "So once you do know what the question actually is, you'll know what the answer means." - Deep Thought, Chapter 28 of Book 1 of "The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts", written by Douglas Adams, published by Pan Books, 1992 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Unbound DNS Resolver doesn't listen on IP aliases even when selected in settings
On Nov 17, 2015, at 12:45 PM, Steve Yates wrote: > Paul Mather wrote on Thu, Nov 12 2015 at 1:38 pm: > >> Unfortunately, with this configuration, unbound does not listen on the >> IP aliases: it only listens on the primary IP addresses of LAN, >> INTERNAL, and localhost. > > I don't have quite the same configuration, but with a CARP shared LAN > IP, it listens on that alias. Did you check your firewall log/rules? I don't believe it is an issue of firewall/log rules. Unbound is simply not listening on those interfaces, as shown by a "sockstat -4l": USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS [[...]] unbound unbound1123 10 udp4 10.5.5.1:53 *:* unbound unbound1123 11 tcp4 10.5.5.1:53 *:* unbound unbound1123 12 udp4 10.0.0.7:53 *:* unbound unbound1123 13 tcp4 10.0.0.7:53 *:* unbound unbound1123 14 udp4 127.0.0.1:53 *:* unbound unbound1123 16 tcp4 127.0.0.1:53 *:* unbound unbound1123 19 tcp4 127.0.0.1:953 *:* [[...]] Those IP addresses correspond to the primary addresses of LAN, INTERNAL, and localhost. Missing are entries listening on the IP aliases, 10.0.0.1 and 10.0.0.14. Also, even though I also have 10.0.0.14 and 10.0.0.1 checked in the DNS Resolver settings, they are not included in the active /var/unbound/unbound.conf file: [[...]] # Interface IP(s) to bind to interface: 10.5.5.1 interface: 10.0.0.7 interface: 127.0.0.1 interface: ::1 [[...]] Only the primary addresses of the network NICs are included. If I add "interface:" lines myself to this file and stop and start unbound from the command line then unbound listens correctly on the IP aliases, too. For some reason, they are not making it into the unbound.conf file from the GUI settings page for DNS Resolver. Cheers, Paul. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Two queries from intending new user
Hello Bret, The answer to your first question is not really. You can do an advanced install but will have to make the partitions needed beforehand using a live system disk and then play around with grub after installing PfSense on freed partitions. Fairly complex especially since this is BSD and not Debian. May be easier to use a separate disk, that way you could swap. In default install the Wan does use DHCP the Lan can be changed very easily from console, option 2 I believe. Hope that answers your queries. Sincerely, Usama On Nov 17, 2015 8:45 PM, "Bret Busby" wrote: > Hello. > > I have been recommended to install and use pfSense to replace my > existing firewall, which is Firestarter running on an old and > unsupported version of Debian Linux. > > I have looked at the pfSense documentation, including the Installation > Guide for pfSense, and I have the following two queries. > > Does installing pfSense, especially, using the "Quick/Easy Install > option", allow for installation so as to allow for multiple boot > options (being able to choose an alternative boot option)? Rather than > obliterate the existing firewall installation, I would prefer, if > possible, to be able to install pfSense "alongside" the existing > firewall installation, so that, using a bootloader like GRUB, if I > have any problems with operating or configuring pfSense, or, with the > installation procedure, or, subsequent updating, of pfSense, I could > revert to using the existing firewall installtion, to allow me > Internet access, to be able to seek assistance. > > The second query is thus; from what I understand, the "pfSense Default > Configuration" has "LAN is configured with astatic IPv4 address of > 192.168.1.1/24". Is it possible, with the "Quick/Easy Install option", > to retain the current LAN configuration, where the network card that > goes outside, uses DHCP, and the network card that interfaces with the > LAN behind the firewall, uses a slightly different IPv4 address range; > eg, if it instead used 192.168.3.1/99 ? > > Thank you in anticipation. > > -- > > Bret Busby > Armadale > West Australia > > .. > > "So once you do know what the question actually is, > you'll know what the answer means." > - Deep Thought, > Chapter 28 of Book 1 of > "The Hitchhiker's Guide to the Galaxy: > A Trilogy In Four Parts", > written by Douglas Adams, > published by Pan Books, 1992 > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Two queries from intending new user
On Wed 18 Nov 2015 06:14:16 NZDT +1300, Bret Busby wrote: The short answer is no and no. > Does installing pfSense, especially, using the "Quick/Easy Install > option", allow for installation so as to allow for multiple boot > options (being able to choose an alternative boot option)? pfsense is a turn-key system requiring its own dedicated hard disk, which gets wiped during "easy install". Perhaps, in theory, you could transplant an existing installation into a new partition, but you'd really have to know what you're doing. I don't think Linux can create or write freebsd filesystems, reading them might work. > The second query is thus; from what I understand, the "pfSense Default > Configuration" has "LAN is configured with a static IPv4 address of > 192.168.1.1/24". Is it possible, with the "Quick/Easy Install option", > to retain the current LAN configuration No. pfsense is not aware of any other firewalls' configuration files. Start from scratch. You can change the LAN interface's IP address somewhere during easy install IIRC, it's on the console at the end of installation. HTH, Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] 2.2.5 squidGuard fails to start
On Wed 18 Nov 2015 04:09:41 NZDT +1300, Brian Caouette wrote: > I can confirm I have see this a well. Started with the 2.2.x series. > Happens with almost every reboot or upgrade of package. > re-downloading the blacklist fixes it until the next cycle. For me it started with 2.2.5 and di not happen with 2.2.[234]. The package updates of squid3 0.4.3 and squidguard 1.9.17 within the last few days fix it. Thanks! Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Two queries from intending new user
>Does installing pfSense, especially, using the "Quick/Easy Install option", allow for installation so as to allow for multiple boot options No, it will erase the hard drive and set up a freebsd file system. Might be worth using another drive altogether to preserve the old drive, or use clonezilla to make a copy of the drive to a network share, or saved as a file to another drive. >Is it possible, with the "Quick/Easy Install option", to retain the current LAN configuration, They use the 192.168.1.1/24 address to make it easy to navbigate to the first time. But when you begin to configure it, it asks what address you want to use. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold