[pfSense] DHCP/Local DNS ping host name
I’m totally having a brain far weekend on this… but there’s a way (or so I think) to link the DNS and DHCP hostnames… How do I do that? — Ryan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] HAproxy question
Do you have Snort in your setup? I've seen IPS causing this behavior. Best regards Kostas Sent from my iPhone > On 12 Δεκ 2015, at 00:13, C. R. Oldhamwrote: > > Actually I think I characterized this problem the wrong way. > > It appears that neither haproxy nor nginx (when used as a proxy) are > reliable on our pfSense firewall. They will work for a while, then they > stop passing traffic for a while, then they work awhile. Restarting them > doesn't make them responsive immediately. I am at a loss to explain this. > I've confirmed there are no other processes listening on port 443 on any IP > (virtual or physical). If anyone has ideas I'd love to hear them. > > --cro > > >> On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham wrote: >> >> Greetings, >> >> We've recently replaced both our routers with pfSense. I am using tinc >> for site-to-site VPN and OpenVPN for clients to connect. >> >> Since some of our support engineers often end up onsite with customers, I >> want to enable OpenVPN over TCP port 443--we've noticed that many of our >> customers block outbound UDP, but using the https port works fine. >> >> However, we also have haproxy on our firewall proxying for some web >> applications on port 443. but on a different virtual IP from OpenVPN. If I >> enable OpenVPN on the TCP port, haproxy stops working, even though they are >> listening on different IPs. >> >> I have appropriate firewall rules for both virtual IPs in place. >> >> Can anyone shed some insight on how I can fix this? >> >> Thanks. >> >> --cro > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Shutdown Interface?
It would appear you're just interested in being confrontational. I have you have a nice day. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] HAproxy question
Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch port/ip haproxy and openvpn are running. Openvpn don't listen on VIP. Em 12/12/2015 10:31, "C. R. Oldham"escreveu: > Actually I think I characterized this problem the wrong way. > > It appears that neither haproxy nor nginx (when used as a proxy) are > reliable on our pfSense firewall. They will work for a while, then they > stop passing traffic for a while, then they work awhile. Restarting them > doesn't make them responsive immediately. I am at a loss to explain this. > I've confirmed there are no other processes listening on port 443 on any IP > (virtual or physical). If anyone has ideas I'd love to hear them. > > --cro > > > On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham wrote: > > > Greetings, > > > > We've recently replaced both our routers with pfSense. I am using tinc > > for site-to-site VPN and OpenVPN for clients to connect. > > > > Since some of our support engineers often end up onsite with customers, I > > want to enable OpenVPN over TCP port 443--we've noticed that many of our > > customers block outbound UDP, but using the https port works fine. > > > > However, we also have haproxy on our firewall proxying for some web > > applications on port 443. but on a different virtual IP from OpenVPN. > If I > > enable OpenVPN on the TCP port, haproxy stops working, even though they > are > > listening on different IPs. > > > > I have appropriate firewall rules for both virtual IPs in place. > > > > Can anyone shed some insight on how I can fix this? > > > > Thanks. > > > > --cro > > > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] HAproxy question
On Fri, Dec 11, 2015 at 9:14 AM, C. R. Oldhamwrote: > Greetings, > > We've recently replaced both our routers with pfSense. I am using tinc for > site-to-site VPN and OpenVPN for clients to connect. > > Since some of our support engineers often end up onsite with customers, I > want to enable OpenVPN over TCP port 443--we've noticed that many of our > customers block outbound UDP, but using the https port works fine. > > However, we also have haproxy on our firewall proxying for some web > applications on port 443. but on a different virtual IP from OpenVPN. If I > enable OpenVPN on the TCP port, haproxy stops working, even though they are > listening on different IPs. > One or the other must be bound to *:443 (guessing haproxy since OpenVPN will only bind to a single IP). You can check that with 'sockstat -4' if you want to pursue that further. It's probably easiest to just run your OpenVPN on some other port on localhost, say port 4443. Then add a port forward on WAN to send 443 on the OpenVPN VIP to 127.0.0.1:4443. Then you can also add port forwards for ports 80, 53, and however many others you want to make available for additional options. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold