Re: [pfSense] Force CA certificate installation as tsueted root CA on WiFi clients

On 30/1/18 5:22 pm, Izaac wrote: Q: How can I automatically undermine the basis of the SSL PKI by forcing my CA (which, by design, generates certificates for arbitrary sites and thereby main-in-the-middles all communications) onto third parties that happen to be traversing my network? A: You can

Re: [pfSense] Problem with Chrome - HTTP trasnparent proxy with SSL filtering

On 4/11/17 11:41 pm, Jon Gerdes wrote: We all need to have a deep think about what https *really* *really* means. * The aim of SSL/TLS is to ensure confidentiality from one point to another If I put up a website and I want to guarantee that the connection between my website and the end user is se

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

On 11 Oct 2017, at 21:05, Adam Cage wrote: > Dear Chris, I need the Squid proxy to filter traffic working with > Squidguard. The guest cell phones will be authenticated to my WiFi, and > after that they can go to HTTP/HTTPS web sites with zero configuration > because I can't tell my guests to setu

Re: [pfSense] Old pfSense versions

On 1 Aug 2016, at 02:24, Larry Rosenman wrote: > earlier this week: > On 07/13/2016 05:06 AM, Herwig Unterrichter wrote: > I am having troubles finding a certain older pfsense release, in particular > 2.2.4, the memstick am64 image. > Is there some kind of archive server where i can get access to

[pfSense] Old pfSense versions

Greetings list, Until fairly recently, there used to be a comprehensive set of old versions/builds available at: http://files.pfsense.org/mirror/downloads/old/ However, that url is now returning 404. Has the archive been moved? I ask because 2.0.3 is the last version that runs reliably (i.e. d

Re: [pfSense] Removing obsolete packages

On 27/7/16 2:46 pm, Jim Pingle wrote: At the moment there is no automated way to do that, but you can edit them out of your config.xml. Either by editing in-place using "viconfig" if you're daring, familiar with vi, and don't mind the potential for danger. Or the safer route is to download a back

[pfSense] Removing obsolete packages

Greetings list, Is there a procedure for removing obsolete packages from installs? Many moons ago, I upgraded a production install from 2.2.x to 2.3. The install in question had apcupsd on it to control, unsurprisingly, an APC UPS, but I believe apcupsd ceased to be maintained, and that funct

Re: [pfSense] USB3 to ethernet adaptor

I’m a little late to the discussion, but herewith my two penneth... > Echoing what others have said, most of the USB network cards I have used > have not been so reliable. Broadly speaking, I’d concur with that sentiment. I have had moderate success with this one: https://www.amazon.co.uk/gp/pr

Re: [pfSense] Recipe to safely allow remote SIP phones to connect a local asterisk PBX?

On 23/12/15 5:43 pm, James Ronald wrote: Is anyone aware of a pfSense config/recipe to safely allow remote SIP phones to connect a local asterisk PBX? You will need to be more specific about what you are trying to achieve or prevent. In my experience: 1) Create an alias containing a list of

Re: [pfSense] Multiple SSIDs

On 27/11/15 11:24 am, Kostas Backas wrote: I am sure (since Unifis can handle VLANs very well) that pfSense can be used. We are using pfSense VLANs to route multiple WANs from one NIC. I can confirm this behaves quite well - just set up your VLANs in pfSense, and your SSIDs in the UniFi contr

Re: [pfSense] Help with provider assigning multiple IP addresses over PPPoE

On 14 Nov 2015, at 20:19, C. R. Oldham wrote: > My ISP provides access over PPPoE and has given me 2 static IPs via the > following configuration (public IPs sanitized) > Usable IP addresses:xxx.yyy.149.218 > Gateway address:xxx.yyy.149.217 > Subnet mask:255.255.255.252 >

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

On 13 Nov 2015, at 15:09, David White wrote: > I have a unique scenario: > The higher ups require a multi-wan high availability setup, but assuming > both ISPs are working, some traffic is required to use 1 ISP and some > traffic is required to use the other. > I've read in some pfSense docs on ho

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On 8/9/15 1:04 pm, Vick Khera wrote: You'd have to ask Dyn if they can make host names within your own domain dynamic. I believe they can. I have dyn.mydomain.com delegated to Dyn for precisely this purpose (but mydomain.com is managed outside dyn). I can then create client1.dyn.mydomain.com,

Re: [pfSense] pfSense 2.2.4, Services: Dynamic DNS client

On 8/9/15 2:24 am, Ryan Coleman wrote: How do you get this to function with Dyn.com (formerly DynDNS.com )? I have the paid domain and I’ve gotten CenturyLink DSL modems to negotiate the IP without issue before but I cannot seem to figure out the configuration for pfSense.

Re: [pfSense] Got an alert after updating to 2.2.4

On 30/7/15 11:34 pm, Rainer Duffner wrote: php: rc.bootup: New alert found: pfSense requires at least 128 MB of RAM. Expect unusual performance. This platform is not supported. So, is the Alix deprecated? I suspect it's more a warning about only 128MB RAM. From my experience (several dozen 12

Re: [pfSense] Access Point Recommendations?

On 17 Jul 2015, at 15:50, Jim Spaloss wrote: > Ubiquiti Unifi. +1 would recommend - with caveats. The AC model is… flaky - or at least, it was when I tried it at the end of 2014. Only about 50% of client devices would connect at a time - seemingly random - restart the AP and some different one

Re: [pfSense] Issues with 2.2.x and Alix devices

On 7/7/15 8:45 am, Микаел Бак wrote: I have only been able to run pfsence reliably with Alix devices that have 256MB RAM. With less (128MB RAM) the webconfigurator process kills itself, presumably because it needs more RAM to work properly. Perhaps I'm wrong, but this is what I have noticed on my

[pfSense] WebGUI IPv6 Gateways bug?

Greetings list, Wondering if someone who's using v6 with a static gateway address (i.e. not dynamically assigned by DHCP6/SLAAC) would mind checking something for me: - go to System -> Gateways - edit an IPv6 gateway - change something trivial (even just the description) - hit save Do

Re: [pfSense] Improving OpenVPN performance

On 1/7/15 3:37 pm, Seth Mos wrote: You mean 18Mbps downstream? Not upstream? No, I mean 18Mbps upstream. Downstream is way higher - around 75Mbps at each site. On 1/7/15 3:40 pm, Jon Gerdes wrote: If your ~18Mbps is a real measured figure then consider: UDP vs TCP, MTU, TUN vs TAP. You do

[pfSense] Improving OpenVPN performance

Greetings list, I'm trying to improve OpenVPN performance on a site-to-site link I have between 2 pfSense boxes. - upstream at each site is provided by a VDSL connection delivering ~18Mbps - both pfSenses are PCEngines APU w/ 4GB RAM I am currently only getting around 7Mbps each way via

Re: [pfSense] Setting up for 1:1 with block of statics?

On 29/6/15 4:41 pm, Ryan Coleman wrote: I don’t know why I cannot access ANY of it from my other network, though… I have to be outside the building to see it. System -> Advanced -> NAT Reflection perhaps? Might be worth playing with some of the options in there... (but personally, I'd just s

Re: [pfSense] Setting up for 1:1 with block of statics?

On 28 Jun 2015, at 03:35, Ryan Coleman wrote: > The ISP has actually stated otherwise, which is the reason I brought it up. That’s a new one on me. If you get that working, I’d be fascinated to hear how - it seems to go against the basics of IP networks. Kind regards, Chris -- C.M. Bagnall Th

Re: [pfSense] Setting up for 1:1 with block of statics?

On 28 Jun 2015, at 02:38, Ryan Coleman wrote: > which is the preferred mind you because it would give me all three additional > IPs (gateway, network address and broadcast) as addressable… No it won’t. Your network is 18.25.125.16/29. You still have to follow the normal rules about gateway, net

Re: [pfSense] Setting up for 1:1 with block of statics?

> So assume I have this: 12.34.56.78 for my firewall address (as assigned to me > by the ISP). > And I have 18.25.125.16/29 for my statics. > And behind the firewall I am running 192.168.16.0/24 > How do I set it up there? WAN on 12.34.56.78 LAN on 192.168.16.0/24 OPT1 on 18.25.125.17/29 (or any

Re: [pfSense] Setting up for 1:1 with block of statics?

On 25/6/15 9:11 pm, Steve Yates wrote: If not, and you want to use NAT, then I don't think one pfSense will work for you. Perhaps someone can jump in if there is a way to combine the two functions. You may be able to do something with Advanced Outbound NAT. Assign your public IP range to a

Re: [pfSense] Using on Fiber

On 5/6/15 3:37 pm, Ryan Coleman wrote: And those of you with VMware experience… if I run the virtual firewall I would need to have at least a VMware Essentials license to come close to the throughput, right? Since the IOps are capped at something like 10MB/sec in the free version. I can't co

Re: [pfSense] Bundling multiple OVPN client connection into one fat pipe...

On 30/3/15 6:58 pm, WebDawg wrote: I have done this, there is overhead involved, and bonding tap connections. I tried this with very latent and slow connections, and I did not have good luck with it I've tried this on even relatively fast (80/20 FTTC) connections, and performance is still a fa

Re: [pfSense] blocking torrents and web based https proxies

On 27/3/15 3:56 am, WebDawg wrote: May I ask why you would like to block it all? +1. It looks like the OP is looking for a technical solution to a social/political problem. I can understand it if your users are primary school children, but surely once your users are university age, you reall

Re: [pfSense] Pretend to be google's DNS

On 5/3/15 7:02 pm, Vick Khera wrote: It seems like you should figure out why your client VPN software is broken, and fix that. This. Out of interest, is there a particular reason why you need to use Google's public DNS at all - especially now that pfSense 2.2 has a 'proper' DNS resolver (rath

Re: [pfSense] serial port sadness

On 24/2/15 12:08 am, Jeremy Bennett wrote: I've got a USB to serial adapter (which has worked in the past), a Windows 7 computer and Teraterm, but whenever I connect everything up I just get the cursor blinking at me. Agree with others that the most likely culprit here is the USB to serial ada

Re: [pfSense] NAT Port Forward to IP in subnet host with different default gateway

On 22/2/15 5:07 pm, Jason Pyeron wrote: Other than changing the default gateway on that host, how can I port forward SSH to that host? If you know the source IP (or range) of the traffic, you might be able to set a static route on the host to send traffic to via the pfSense rather than the

Re: [pfSense] Bulk Editing settings on the PFSense dashboard

On 22/2/15 8:02 am, Ryan Coleman wrote: If the OP thinks this is not acceptable he probably will need to find a new platform - the CLI won’t let him do what he wants to. Just as an aside, you can actually restore from *parts of* a backup without a reboot, as I discovered when updating a 1.2 c

Re: [pfSense] Dual Port NIC ports

On 21/2/15 11:33 pm, Tiernan OToole wrote: biggest disadvantage I can think is if you lose one card, you lose booth ports +1. If you have multiple physical cards at your disposal you might as well use ports on different cards - at least that way if something dies it'll be easy to diagnose whe

Re: [pfSense] Bulk Editing settings on the PFSense dashboard

On 21/2/15 10:54 pm, Tiernan OToole wrote: Meh…. Sounds like a bit of a pain… is there no command line options? The pfSense config file is pretty standard XML, so you could always knock something together in your scripting language of choice to batch add the config sections you need. I've d

[pfSense] OpenVPN on Multi WANs (v1.2)

Greetings list, I have a scenario where I need to make pfsense's OpenVPN server available on both WANs in a multi-WAN environment. "Read the Wiki" I hear you cry: https://doc.pfsense.org/index.php/Multi-WAN_OpenVPN :-) Alas, it's not quite that easy - the site in question's pfSense unit is

Re: [pfSense] Multi-WAN port forwarding

On 12 Feb 2015, at 20:33, Tiernan OToole wrote: > The steps I took was: > Firewall/NAT, Add, interface = WAN1, proto TCP, src addr and port are both *, > dest = 5060, nat IP (internal ip of the voip box), nat ports 5060 > Did this for each WAN connection and again for other ports… but the VoIP >

Re: [pfSense] Migrating from RouterOS to PFSense

On 11/2/15 8:37 pm, Tiernan OToole wrote: Proto TCP IPv4, source and port are *, destination BBC (alias to their ip block) port is * gateway is my UK VPN server, queue none, schedule none. If I tell my open VPN client to not use the routing, BBC wont work... If I do, then all my traffic looks l

Re: [pfSense] Enforcing policy routing gateway

On 10 Jan 2015, at 03:30, Tim Eggleston wrote: > I use policy routing (Gateway under Advanced Features) to send traffic from > certain hosts down a VPN which is originated on the pfsense machine. This > works great. > However I noticed today that when the VPN fails, the traffic falls back to >

Re: [pfSense] Installation question

On 10 Jan 2015, at 03:09, k_o_l wrote: > I’ve installed a second hard drive in my firewall the primary is running > 2.1.5 and the secondary 2.2RC. How do I setup the firewall to allow my to > choose between the two at boot? This is normally a function of the BIOS. If you go into the BIOS setup

Re: [pfSense] More ports

On 14/12/14 2:09 am, Stefan Baur wrote: Plus the app broadcasts the admin password for the switch in plaintext on the entire network. So in-place reconfiguring is a really bad idea. Oh dear gods, how on earth did that one get through QA? :-) Kind regards, Chris -- This email is made from 100%

Re: [pfSense] More ports

On 14/12/14 1:56 am, Brian Caouette wrote: I believe this apu4 has 3 gig ports. I'm curious if i can plug one into and old hub i have to give me more. More physical ports, yes. More interfaces in pfSense, no. If you want the latter, you'll need a VLAN-capable switch. But things like the HP 1

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

On 10/12/14 3:30 pm, Giles Coochey wrote: http://tools.ietf.org/html/rfc6598 Unfortunately, there are people who stick their networks (erroneously) on 100.64/10 as well - including at least one government department in the UK - who shall remain nameless for the avoidance of ridicule :-) I s

Re: [pfSense] Client-Side 1:1 NAT for IP address conflicts w/ VPN

On 10/12/14 6:36 am, Chris L wrote: That’s actually your fault for using 10/8, not Comcast's. Even if they were to use something like 10.58.223.0/24 they’d still conflict with your 10/8. There are so many different brands and models of consumer router on the market these days in the 10/8 and

Re: [pfSense] Aliases are auto-deleted

On 9/12/14 12:24 pm, Volker Kuhlmann wrote: I found the problem. My ISP changed the WAN gateway to be mostly non-responsive to pings. But only mostly, so pfsense plays yoyo with it. Funny you should mention that. I've seen similar on a few of our pfSense deployments of late, with several diffe

Re: [pfSense] Revisiting PCIe LTE/4G modems

> So I'm hoping to get a possible alternative solution made that would employ > APU1 boards and adding a wifi and an LTE/4G device (I see from my board here > in front of me there's a SIM slot below the SDXC slot)… > What success have the users here had with PCIe LTE/4G radios in their > devices

Re: [pfSense] pfsense h/w

> I thought there was a very large restriction in packages using CF compared to > HDD, is that not the case (I'm coming from 1.2.3 so this might have changed) That may well be true - I must confess I’m of the school of thought that a firewall/router should do firewalling and routing, and not a l

Re: [pfSense] pfsense h/w

> I'm trying to use a http://www.mini-itx.com/store/~FX5624 which I think is > the same box as your first link, if you can install onto here easily and > frequently then it must be me doing something wrong, aaagh Certainly looks like the same unit. Are you trying to install onto a CF card (thos

Re: [pfSense] pfsense h/w

> I'm suffering in my efforts to install 2.1.5 onto my box, so can I change the > box? > A proven hardware platform, available in the UK with at least 6 physical > network ports, I can probably justify buying. > Suggestions anyone? We’ve used these: http://linitx.com/product/fx5624-intel-celero

Re: [pfSense] Issue with SMTP - Spam behind NAT

On 9/10/14 12:21 pm, Rizul khanna wrote: Hello, please let me know the process for unsubscribing from all the mailing lists of pfsense. Follow the link at the bottom of every list email. Kind regards, Chris -- This email is made from 100% recycled electrons ___

Re: [pfSense] Issue with SMTP - Spam behind NAT

On 9/10/14 12:05 pm, Mikey van der Worp wrote: Today I have come to you with the question on how to block users from spamming with smtp/25, behind NAT and the IP of PfSense (< NAT). We do not wish/want to block the entire SMTP traffic in the private range to the world, because there are import

Re: [pfSense] upgrade from 1.2.3

On 7/10/14 2:41 pm, Jim Thompson wrote: Best option is to replace it, likely. This. Or at least install a recent pfSense on an unused device you have kicking around, set things up how you want them (to mirror the old config), then swap devices out of hours when interruptions will be minimal.

Re: [pfSense] bogon networks

On 28 Sep 2014, at 12:19, Andrew Mitchell wrote: > My apologies. 192.40.140.0/23 I'm not sure what pfSense uses as its Bogons source, but my reference has usually been: http://www.team-cymru.org/Services/Bogons/http.html Your IP block isn't in there, from what I can see... Kind regards, Chris

Re: [pfSense] States Issue with Asterisk behind pfSense

On 26/9/14 12:42 pm, Hannes Werner wrote: are you saying that people with dynamic IP shouldn't use pfSense behind an Asterisk service? Firstly - it's not my place to say anything of the sort - I have no connection to the pfSense team (apart from as a satisfied user). I suspect one of the pfSe

Re: [pfSense] States Issue with Asterisk behind pfSense

On 26/9/14 12:06 pm, Giles Coochey wrote: I can think of many reasons, why running a service such as Asterisk, on an IP address that you have a temporary lease for (thus only have a passing relationship with, before it is passed to someone else), would be pretty bad practice. I think Giles has

Re: [pfSense] States Issue with Asterisk behind pfSense

On 26/9/14 11:43 am, Hannes Werner wrote: I wonder what the reason for not getting https://redmine.pfsense.org/issues/1629 fixed? Many gave up waiting for this, but it seems there must be a proper reason for it. May I ask what the problem is not being able to use pfSense with Asterisk? Worth me

Re: [pfSense] Https blocking

On 24/9/14 6:21 pm, A Mohan Rao wrote: If u really a expert so then pls resolve bmy problem. I have do all the things but still people can access blocked website in pfsense. Sites like Facebook have thousands of servers across the world, split across numerous netblocks and content delivery net

Re: [pfSense] OT: Good network switch for 10 machines?

On 23/9/14 7:44 pm, Espen Johansen wrote: A netgear pro switch Be careful which model you get. Some of the newer/cheaper ones that have been sold as 'managed' recently don't have a web interface. They have some horrible management application that uses Adobe Air, only works on Windows, only

Re: [pfSense] OT: Good network switch for 10 machines?

On 23/9/14 6:46 pm, RB wrote: I'd suggest at least a managed switch that can do LACP. This. Given how small the price difference often is between unmanaged and semi-managed (aka 'smart') switches these days, it just doesn't make sense to buy unmanaged any more. You never know when things lik

Re: [pfSense] [SOT] apu1c4/apu1d4 stability

On 22/9/14 5:10 pm, mayak wrote: in an earlier thread, i recounted issues that i had with the apu1c4 unit silently dying -- this was the only thread that i saw here, so i assume that i just got a bad unit. I cannot give you a sample of 20 - they're too new for that - but I can say of the dozen

Re: [pfSense] No logout in 2.1.5 i386

On 19/9/14 4:41 pm, Ryan Coleman wrote: Also what browser is that? Looks like Firefox to me... Disabled your add-ons (I see there are a few of them - could be an issue)? This is definitely worth a try. As an aside, one of the first things I do with a fresh pfSense install is to revert bac

Re: [pfSense] VIP,MAC & Arp

On 18/9/14 8:13 pm, Nick Upson wrote: We have a new /27 range to go with this new installation and here is the problem, external ping/connectivity to the new IPs doesn't work except one the .225 address, it seems the firebrick requires ARP in order to route them. I have setup several different Vi

Re: [pfSense] questions about carp/xmlrpc

On 9 Sep 2014, at 14:46, Albert Dengg wrote: > that however still leaves with the problem of the interface mixups > for my internal networks, where the sync tries to assignt the > virtual ip's to the wrong interfaces…. Is your hardware (and interface names) identical across both your primary and

Re: [pfSense] questions about carp/xmlrpc

On 9 Sep 2014, at 14:01, Albert Dengg wrote: > the second question is also related to virtual ip's: > is there a way to configure a failover for the second wan interface, > if there is only one ip assigned to me by the isp? My understanding (and this isn’t limited to pfSense - I’ve seen the same

Re: [pfSense] Triple WAN

On 8 Sep 2014, at 18:07, Joe Laffey wrote: > Anyone using Load Balancing for a triple WAN setup? This work OK in pfSense? > What about older 1.2.3 systems? I have a triple WAN setup at home, which worked fine in 2.0 and likewise now in 2.1. There are limitations in 1.2.3 that complicate things

Re: [pfSense] How do I fix this?

On 3/9/14 6:30 pm, Brian Caouette wrote: Sep 3 09:00:58 apinger: ALARM: dlois(192.254.233.145) *** loss *** Sep 3 08:59:55 apinger: alarm canceled: dlois(192.254.233.145) *** You probably need to provide the list with more details - are you trying to fix the appearance of those messa

Re: [pfSense] Difference between APU4 and APU1C4

On 27/7/14 7:06 pm, Matthias May wrote: With intel cards on the same board you can get up to 650 Mbit/s, but i expect it to be lower with additional rules. Have you tried it with Intel cards (I assume you're talking mPCIe cards?) - and if so, what chassis did you use? The ability to install

Re: [pfSense] Difference between APU4 and APU1C4

On 23/7/14 4:11 am, Ryan Coleman wrote: I may have fired off the message in a fit of frustration but you made it a public statement - if you wanted to be the “mom” and handle it you should have sent it privately instead of publicly. I can't work out if the above is directed at me or Jim. (I

Re: [pfSense] Difference between APU4 and APU1C4

On 23/7/14 2:10 am, Jim Thompson wrote: Very little if this thread is related to pfSense. Please stay on topic. Respectfully, I disagree. Given the APU is - as the de facto successor to the ALIX - likely to be a piece of hardware used in a lot of new pfSense installs, discussion about its me

Re: [pfSense] Difference between APU4 and APU1C4

On 22/7/14 11:17 pm, Nickolai Leschov wrote: I didn't notice this page. So it looks like it's some kind of thermal paste allows for adequate thermal conductivity between the CPU/south bridge and the aluminum heat spreader, but the heat spreader is in dry contact with the case? The one I've just

Re: [pfSense] 802.11ac Mini PCI Express adapter for pfSense

On 21/7/14 4:27 pm, Kevin Tollison wrote: I have used internal card in the past and they typically work well. We have found that an external AP gives a lot more flexibility to an install. +1 for external APs. Your environments may be different, but during installs we often find the best place

Re: [pfSense] Squid Problem and DNS?

On 16/7/14 3:25 pm, Brian Caouette wrote: #1. Initial page lookups are really slow. When I enter a website it will pause for 6-8 seconds then the page is instantly there. I have Googles DNS set in general and currently have stock DNS Forwarder active. It's set to use system defaults. As a test,

[pfSense] Squid in a Multi-WAN environment

Greetings list, I'm trying to persuade the Squid 3 package to use a load balancing gateway group, unfortunately without much success. I'm afraid my google-fu is failing me: - this link from the official docs seems to relate to 1.2: https://doc.pfsense.org/index.php/Troubleshoot_Outbound_Load_

Re: [pfSense] Squid3 with https filtering

On 17/6/14 10:32 am, A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. So in order to block Facebook and Youtube, you're going to put all your users at risk of SSL MITM attacks on every secure website they visit? You woul

Re: [pfSense] Squid3 with https filtering

On 16/6/14 7:06 pm, A Mohan Rao wrote: Had anybody successfully configured squid3-dev with squidguard-squid3 with properly works https filtering...? (not specific to pfSense, but might be useful info for HTTPS interception in general) You are only going to be able to do that if you have cont

Re: [pfSense] Migrating from /32 + /29 to just /29

On 12/6/14 11:06 pm, Jon Gerdes wrote: As far as I can tell, the only downside is I lose another address to act as the gateway. Can anyone spot any flaws with this method or is it a general practice? Certainly assigning the first IP in a /29 to the PPPoE client is fairly standard practice in t

Re: [pfSense] Monitoring

On 3/6/14 7:21 pm, Brian Caouette wrote: I just installed the NRPE package to pfSense. How its it used? Is there a docs page to make this work with pf? The first thing you'll need is a working install of Nagios somewhere - do you already have that in hand? As an aside, another option to cons

Re: [pfSense] Setup advice

Brian Caouette wrote: How much space should be allocated for pfsense and squid? In the office here I have 30GB allocated for squid to use as a cache. In this case where the chaps in the workshop are often downloading things like Windows Updates, software packages, etc., the size was chosen to

Re: [pfSense] Poweredge 2850

On 20 May 2014, at 21:37, Harlan Stenn wrote: > Where are you that you get electricity for .05/kWh? Here in Oregon we > have pretty great rates, and I think we're paying .10-.12/kWh. I don't know where the OP hails from, but here in the UK (Scotland, specifically, at the moment), it's 0.16 GBP/

Re: [pfSense] Poweredge 2850

On 20 May 2014, at 18:45, Brian Caouette wrote: > What software is available to do virtual machines? We use KVM. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsens

Re: [pfSense] Poweredge 2850

I concur with Ryan's readings with the 2950s - we use them as KVM host machines in a datacentre environment and they average around 250W under moderate load. That's with 4x SSDs in each. Also worth mentioning that pfSense will barely use a gig of disk space; the 6x 73GB SAS units specced by the

Re: [pfSense] Poweredge 2850

On 20 May 2014, at 01:41, Brian Caouette wrote: > So this machine should scream for a home based network from the looks of it. > My current test machine you'll all laugh www.dlois.com/status.html is here. > (I kepted my old domain from when I was a dialup provider) VERY old machine > with limit

Re: [pfSense] Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet

On 9 May 2014, at 23:25, Dave Warren wrote: > I'm looking on eBay as well, it's worth the gamble vs buying new. Not pfSense-specific, but I've used quite a few from eBay (both dual and quad port cards) in generic FreeBSD installs and not had a problem with them. As others have said, they're so

Re: [pfSense] Upgrading Alix 2d13

On 30/4/14 12:31 am, Ryan Coleman wrote: 4GB CF cards are pretty cheap these days - I would just buy one in the store ($20) or online ($10 or so) and image that, pop it in the firewall and import your config. Agreed, if the devices are suitably close to you. A bit more of a problem if they'r

Re: [pfSense] Upgrading Alix 2d13

On 29/4/14 7:40 pm, Vick Khera wrote: I've now upgraded 3 separate ALIX boards to 2.1.2 (one from 2.1.0, the other two from 2.0.1) with zero failures. Perhaps try upgrade from the console menu. Just make sure that the upgrade URL is configured correctly for the i386 version of pfsense. Also wor

Re: [pfSense] HP DL160 for pfSense in a datacenter

On 23/4/14 4:46 pm, Vick Khera wrote: I reconfigured them to use geom mirror instead, and everything has been much better since. The FreeBSD kernel does a fine job managing the mirror all by itself. We have some DL160s with the same B110i controller running as Linux KVM host machines, and like

Re: [pfSense] Interface options for pfsense

The GS108T-200 is the one with a web-based config tool Worth adding that you can pick up the HP 1700-8 for less than £60 these days, now that it's been superceded by the 1810-x series switches. Fairly intuitive web interface and talks SNMP too. Admittedly not gigabit, but as a multi-WAN VLAN

Re: [pfSense] pfSense 2.1.2 is released

On 14/4/14 5:11 pm, cbr wrote: I don't believe you can completely disable IPv6 via webUI of pfSense Perhaps the bigger question here is "why isn't the OP using v6?" :-) Kind regards, Chris -- This email is made from 100% recycled electrons ___ List

Re: [pfSense] pfSense Book (Buechler / Pingle)

On 13/4/14 4:25 pm, Adam Thompson wrote: As to the "liberated" comment, let us know when you've figured out how to make a completely open eReader that doesn't sell for >$1000. Nexus 7 + fbreader (freely available)? Opens all the usual suspects (pub, mobi, pdf, etc.) If you don't mind one of th

Re: [pfSense] successor to ALIX is here

On 2/4/14 9:17 pm, Thinker Rix wrote: Unfortunately again only 3 NICs... and Realteks with bad performance. I would love to see such a board one day with at least 4-8 NICs. On that subject, we've recently been experimenting with these: http://linitx.com/product/jetway-jbc373-intel-atom-d525-bar

Re: [pfSense] RDP port forward based on destination name.

On 28/3/14 4:03 pm, Walter Parker wrote: I'd love it if there was simple solution, but I don't see one that would compatible with today's internet. Much of the original design of the internet was for a 1 to 1 mapping of IP addresses, rather than a 1 to many mapping (which is why there is usually

Re: [pfSense] RDP port forward based on destination name.

On 27/3/14 8:17 pm, Walter Parker wrote: That's what I would recommend. The VPN can serve as a second gateway to protect the RDP from the outside world, so you could pitch this solution as higher security method of network access. This. There seem to be lots of dictionary attacks against RDP s

Re: [pfSense] Android apps block

On 24 Mar 2014, at 19:19, A Mohan Rao wrote: > I need to block whatsapp facebook etc android apps of pfsense users. Given that you seem to want to block everything under the sun (though I still don't understand why), how about doing it the other way round? Why not decide what you *do* want you

[pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs

Greetings list, I appreciate this is something of a blast from the past, but I'm hoping some of you will still have 1.2 systems in use and might be able to shed some light on this. Recently, one of our clients sublet part of their building to another company, and asked me to split their LAN

Re: [pfSense] Proxy filter

On 20/3/14 8:42 pm, Rafael Akchurin wrote: May be this will be of any help - http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/ That approach does require that your users 'trust' the proxy and allow the necessary certificates. It's all well and good i

Re: [pfSense] Proxy filter

On 20/3/14 7:22 pm, A Mohan Rao wrote: Also i struggling to block https social networking sites like facebook etc from last 1to 1.5 years. I used for block that domain through DNS FORWARDER. But when user use open dns its working pls any idea its very helpful for me. You might find it easier to

Re: [pfSense] Proxy filter

On 20/3/14 7:19 pm, A Mohan Rao wrote: Ok thanks but if i need how i maintain ftp traffic logs. Not really relevant to the question, I appreciate, but I can't think of a good reason why you'd want to do that, unless of course you're running the FTP server, in which case your FTP server should

Re: [pfSense] Proxy filter

On 20/3/14 7:14 pm, A Mohan Rao wrote: I m using squid squid guard and light squid for user access websites reporting with live but there is pfsense not read or show ftp server access logs. I also try as pfsense firewall client and to to any other ftp sites then download files but in proxy filter

Re: [pfSense] Gateway Group / Failover WAN setup question

On 11/3/14 6:48 pm, Justin Edmands wrote: The current rules all read * for the Gateway. Do all of my current LAN, OpenVPN, and IPSec rules need to be altered to include the Gateway as the new Failover1 rule? Those that rely on the WANs, yes. Rules to allow traffic to pass between your VPNs and

Re: [pfSense] Blocking based on MAC

On 1/3/14 2:37 am, Ryan Coleman wrote: I just checked google and the “best” solution from a few versions ago is to reserve the MAC IP to something out of range. I’d like to find a “simple” way to do that for my customer. Is there a better way to block a MAC? At the risk of thinking outside th

[pfSense] Overzealous Multi-WAN state flushing

Greetings list, A few days ago I finally found time to upgrade my ageing pfSense 2.1-RC0 at home to 2.1 final. Since that upgrade I've noticed that pfSense doesn't seem to be handling state killing on failed gateways very well. A bit of background: I live in a rural location with poor broadba

  1   2   >