the week it came out without difficulties.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
interface IPs rather than hardcoding specific IPs?
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
, and I'd like to move the VPN
connection from the desktop to the firewall level if feasible.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org
understood the logic or not, am I in the right place?
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
On 3/14/2012 1:10 PM, Ugo Bellavance wrote:
I know it is less secure and creates load on the firewall and DNS
servers, but is it possible to create an alias to create rules, that
would allow one to deny traffic for hosts that has a PTR that contains
a string?
The short answer is no, at least
using CARP. If you don't know what CARP
is and only have one firewall, ignore the setting completely, it does
absolutely nothing.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List
better shows up.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
consistent, I'm in a multi-WAN environment, initially
my main WAN wasn't working, today it is and my second WAN (named DSL)
isn't working.
Any pointers?
Chrome: 25.0.1364.97 m
pfSense: 2.0.2-RELEASE (i386)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 3/5/2013 04:27, Jim Pingle wrote:
That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum.
Thanks, I appreciate the info.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List
traffic to the specific destination IP, are you able to confirm
that Outlook is attempting a connection at all or could this be an issue
on Outlook's side of things?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List
is
rarely CPU-bound (unless you do a lot of high speed VPN connections or
proxying), but pfSense is latency sensitive and Hyperthreading might
actually increase latency very slightly.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
.
This may still be somewhat problematic as BitTorrent really does need an
inbound port opened as well, but that's between you and your VPN
provider. An external seedbox might be a better approach, along with the
VPN to handle other traffic.
--
Dave Warren
http://www.hireahit.com/
http
this using layer7 filtering, at least at
this time, but someone else might chime in with a suggestion.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org
.
Either way, everything worked the way it's supposed to. There's
absolutely no upside to disabling DNS rebinding attack detection unless
your networks are supposed to be interconnected and you are supposed to
be able to access each other's internal IPs.
--
Dave Warren
http://www.hireahit.com/
http
it did a
better job of splitting load across the two WANs, otherwise unbound
looks like a far better solution.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http
load.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
proxy on port 80) and it happens with NNTP
connections which are not proxied.
RRD graphs look closer to being possible, and the WAN and LAN seem to
match roughly what I'd expect.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2013-03-05 17:14, Dave Warren wrote:
On 3/5/2013 04:27, Jim Pingle wrote:
That's a known issue on 2.0.2, fixed on 2.0.3. Check the forum.
Thanks, I appreciate the info.
This is an issue again in 2.1... ?
Same scenario as before, I reconfigured an interface, rebooted, now I'm
getting
nearly mirror images for the 2
interfaces.
I don't use SNMP here, but I see the same, RRDs appear to be accurate.
Oddly it's only some interfaces that double in the traffic graphs, but
not all.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
when setting up and OpenVPN server,
it should not apply when setting up an OpenVPN client.
Am I missing something or is this a bug?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List
directions that suggested setting it to the
OpenVPN tunnel itself.
I'll experiment once I'm back in the office and see what happens if I
change it to a WAN.
Thanks.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Light travels faster than sound. This is why some
switch (and of course puts
us back to forwarding, rather than resolving locally, which is less than
ideal)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
1832-Curling is introduced to the U.S., giving Americans
a sport combining the surface of hockey
resolution settings rather than (potentially) using it's own.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
On 2014-02-13 12:03, Muhammad Yousuf Khan wrote:
Yes i can ping, here is the result from web console Diagnosticsping
Ping output:
PING 8.8.8.8 (8.8.8.8): 56
on their
hardware.
This seems like a good thing to me, and arguably the whole point of
being open source and BSD licensed. Reading the other messages on the
list, this arrangement definitely seems mutually beneficial for both
pfSense and Netgate.
--
Dave Warren
http://www.hireahit.com/
http
.
Is there any harm in flipping unbound's IPv6 support off in the package?
Is there any reason to leave it on? Is it doing any harm?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List
On 2014-04-04 19:29, Chris Buechler wrote:
On Fri, Apr 4, 2014 at 9:13 PM, Peder Rovelstad provels...@comcast.net wrote:
Worked for me on my home FW, but didn't reboot on own (I did receive mail
message that it would reboot in 10 sec). Power cycle brought it back on the
right slice. Looking
is down completely.
*None meaning less than 1%, per RRD and a normal ping from a workstation.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman
#3 to a
DHCP-assigned bridge on a different ISP, everything works. The IPs on
all three ranges are in different subnets, so there's no gateway
conflicts, as far as I can tell it's just the MAC address conflict.
Is there a better approach?
--
Dave Warren
http://www.hireahit.com/
http
On 2014-05-03 00:49, Ermal Luçi wrote:
On Sat, May 3, 2014 at 12:14 AM, Dave Warren da...@hireahit.com
mailto:da...@hireahit.com wrote:
Howdy!
A quick question, is it possible for one NIC to use a different
MAC address on a different VLANs?
Well FreeBSD supports
recommend a quad port that's available
at a reasonable price for a small deployment?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-05-09 15:13, Jason McClung wrote:
On 5/9/2014 3:02 PM, Dave Warren wrote:
Anyone have experience with a Intel Pro/1000 PT Quad Port PCI-e
Gigabit Ethernet Server Adapter EXP19404PT on pfSense?
From wandering the forums it looks like it should be supported in
pfSense 2, but I can't
there), so it makes me wonder if other lists could be
subject to the same phantom entries?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
On 2014-05-30 09:54, Michael Hardrick wrote:
Graphs are usually rounded off to the 90th percentile (or similar).
Graphs of one-day, one-week, one-month, one-year will reflect more
of a relative percentage of the total bandwidth for the period.
A bit of rounding is fine, but we're not talking
defaults, with only a
handful of the most common options directly exposed to the user.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo
-for-scalability-not-surveillance-717215/
it doesn't sound like Skype uses Supernodes anymore anyway, so that
probably isn't relevant.
(Also not a Skype expert, I just remember reading about it and went
Googling :)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
, then it will find itself unable to find pfsense.org to download
packages.
Ultimately the fix will be for pfSense to recognize unbound as a local
DNS server and add it to resolv.conf by default, similar to dnsmasq.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
that was my experience when our office was stuck on a 3Mb
pipe instead of our usual dual 100Mb for a few months.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https
messages in this thread, it appears that it's harmless
and can be ignored since no zfs partitions are actually mounted, but the
error still appears.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List
squid simply can't ever recover gracefully)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
wanting pfSense's DHCP server to register the IPs
in the appropriate upstream DNS server, not in the DNS forwarder as
in my configuration the DNS forwarder is not authoritative or in a
position to intercept queries)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com
On 2014-08-29 07:47, Jim Thompson wrote:
again, the CSS changed, and the browsers love to cache that stuff.
Not if the HTML that calls the CSS throws a version into the filename or
query, in which case there is no caching issues at all when the version
is incremented.
--
Dave Warren
http
On 2014-10-30 17:15, Jim Thompson wrote:
On Oct 30, 2014, at 3:39 PM, Dave Warren da...@hireahit.com wrote:
Buy quality instead of junk?
...
Even a cheapo 30GB/60GB/whatever SSD is more than enough for pfSense and makes
a far more reliable solution than external flash.
I strongly disagree
rule
with a Or else just reject the above...
It's functional, but a hassle.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project
not maintained, and does not work on any
modern version of pfSense.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
it for NAT/routing/anything, does it listen
on the WAN interface, or only the LAN side?
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support
it configurable, nor should it be enabled by
default unless the guest network is enabled.
Ultimately I'm not unhappy with the overall performance of the unit, but
it's still not one I'd wholeheartedly recommend, mostly because of the
support experience.
--
Dave Warren
http://www.hireahit.com/
http
, both upstream and downstream,
but it did help.
Ultimately we just brought in a second pipe from the ISP and now we
route high-bandwidth users to that pipe and let them fight it out
amongst themselves. That has worked quite reliably.
--
Dave Warren
http://www.hireahit.com/
http
, and it only causes
issues on specific hardware, but if you capture and analyze the packets,
you'll see correct data was sent by the DHCP server.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense maili
be convenient if IP assignments didn't
need to change as this makes it easier to bring the new firewall up side
by side with the old one and transfer over relatively seamlessly.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
,
although if the data appears similar, it may be worth considering.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
On Wed, Feb 22, 2017, at 10:23, Eero Volotinen wrote:
> The process will require 14 MiB more space.
>
> 73 MiB to be downloaded.
>
> Fetching php56-5.6.30.txz: .. done
>
> pkg: php56-5.6.30 failed checksum from repository
>
> something wrong with the packages?
I upgraded a couple
er from eBay that will
probably do more than I'll need for the immediate future. I'll probably
just buy Gold and call it a day.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
___
pfSense mailing list
https://lists.pfs
ill do just fine if one adds an SSD but as someone pointed out
that may use far more power in the long run.
For me, it's the fact that I want to rackmount my gear, but $1,799.00 is
the cheapest option offered on pfSense.org that can rackmount.
--
Dave Warren
http://www.hireahit.com/
On 2016-08-20 04:02, Jim Thompson wrote:
On Aug 20, 2016, at 3:10 AM, Dave Warren <da...@hireahit.com> wrote:
On 2016-08-03 08:43, Steve Yates wrote:
I'm being serious but what is your rationale for not using pfSense's/NetGate's?
https://www.pfsense.org/products/
The "cheap&qu
Howdy!
I'm building out a new pfSense box, but the NICs have not yet arrived
and I'm wondering how much configuration I can do in advance. My
configuration will be a quad port Intel NIC, two ports will be WAN ports
directly connected to a pair of modems, and the other two will be a LACP
LAGG
For anyone else still having issues, it looks like the package was
updated November 16th.
On Sat, Nov 18, 2017, at 20:39, WebDawg wrote:
> Did you report this as a bug?
>
> On Thu, Nov 16, 2017 at 4:36 AM, Brian Candler
> wrote:
> > Trying to use the acme package with
Howdy!
Is there a way to firewall traffic based on the ASN?
The underlying reason is that we've recently enabled HE's tunnelbroker
which, for the most part, works great.
However we've run into certain services *cough*Netflix*cough* which
reject traffic sent through a HE tunnel. I'd like to
On 2018-04-06 00:09, Bryan D. wrote:
On 2018-Apr-05, at 10:47 PM, Dave Warren <d...@thedave.ca> wrote:
Cloudflare has pushed an update, and things seem to be working from here. For
those having issues, try again now?
Thanks for the "heads up." Works for me, also (i.e.,
On 2018-04-05 01:25, Bryan D. wrote:
On 2018-Apr-04, at 10:05 PM, Dave Warren <d...@thedave.ca> wrote:
I can also confirm that 9.9.9.9@853 does work here which re-enforces that this
is a Cloudflare specific issue.
-
So it looks like the following config works on pfSense 2.2.6's u
I'm running 2.4.3-RELEASE (amd64). I can't get it working here either
after a couple hours of poking at it on and off, it now looks like this
is actually a Cloudflare issue:
https://community.cloudflare.com/t/1-1-1-1-was-working-but-not-anymore/15136/4
"Thanks for the report! This is going to
61 matches
Mail list logo