[pfSense] automatic aliases (are sometimes incorrect)

2016-08-30 Thread Karl Fife 
It appears that some of the automatic aliases offered via the GUI when 
creating firewall rules can be misleading or incorrect under certain 
circumstances.


For example:

If I create an OpenVPN server (say, a remote access type), and assign it 
to an interface called, say, VPN_BYOD, I'll see (as expected) aliases 
called VPN_BYOD_net and  VPN_BYOD_address. However, in this example, the 
alias does not actually correspond to the interface's true subnet.  
Since I'm being offered an alias for VPN_BYOD in the GUI, I'd expect it 
to be correct, and expect it to correspond to the tunnel subnet 
configured per OpenVPN server.  It doesn't, and this is perhaps 
unsurprising considering that the aliases values are probably generated 
by the values explicitly assigned to the interface (static/DHCP 
subnet/address) rather than divining them via the underlying service.  
In my example, OpenVPN is indeed assigned to an interface, but the 'tab' 
configuration is set to 'None' (even though the subnet is configured 
elsewhere).  This may therefore be expected behavior.


However, It seems like it would be much better behavior for the GUI to 
(simply) NOT show a subnet alias if the subnet can not be determined 
(for example, if the interface subnet is explicitly set to 'None').  
This would avoid the situation where someone creates a firewall rule for 
that subnet, only to realize that the source is undefined, or totally 
wrong.  In my case, I had to shell out, and interrogate PF directly to 
determine that the alias was incorrect.  That seems like bad default 
behavior to me.  Any opinions on this?



___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Any side effects or negative impact to reassigning ports?

2016-08-30 Thread WebDawg 
On Tue, Aug 30, 2016 at 3:06 AM, Dave Warren  wrote:
> Howdy!
>
> I'm building out a new pfSense box, but the NICs have not yet arrived
> and I'm wondering how much configuration I can do in advance. My
> configuration will be a quad port Intel NIC, two ports will be WAN ports
> directly connected to a pair of modems, and the other two will be a LACP
> LAGG group carrying multiple tagged VLANs, routing some traffic
> internally and some externally.
>
> Can I create the VLANs now and associate them with one of the onboard
> NICs so that I can proceed with all the other configuration details,
> DHCP servers, firewall rules custom NAT, and everything else, such that
> when the real NIC is installed, I create the LAGG and re-assign the
> interfaces? Or are there any "things" in pfSense that are associated
> with the physical NIC rather than the interface?
>
>
> ___


You can.  You can create VLANS, setup everything, and then after
replace the interface assignments in the config file that you export.

Since you are unfamiliar with the contents of the config:

I would go ahead, set it all up w/ VLANs and export that config.

When the nics come in, it would be easy to do a basic reinstall or
whatever and let pfsense setup those interfaces.

You could then export that config file and see how it names them and
change the values in the VLAN setup config with a txt editor.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Help on reports

2016-08-30 Thread Abhi 
Hi All,

I have been trying to configure it to send mail's as to daily reports &
usage details.
It's able to send me test msg's. But, i am not getting the daily reports.
Is there a particular way to set it

-- 
Thanks & Regards,

Abhishek Purba
+919845153700
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Any side effects or negative impact to reassigning ports?

2016-08-30 Thread Dave Warren 
Howdy!

I'm building out a new pfSense box, but the NICs have not yet arrived
and I'm wondering how much configuration I can do in advance. My
configuration will be a quad port Intel NIC, two ports will be WAN ports
directly connected to a pair of modems, and the other two will be a LACP
LAGG group carrying multiple tagged VLANs, routing some traffic
internally and some externally.

Can I create the VLANs now and associate them with one of the onboard
NICs so that I can proceed with all the other configuration details,
DHCP servers, firewall rules custom NAT, and everything else, such that
when the real NIC is installed, I create the LAGG and re-assign the
interfaces? Or are there any "things" in pfSense that are associated
with the physical NIC rather than the interface?


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold