-06-08%2011.19.07.png?dl=0
>
> Yes i am sure ;)
>
>
> --
> Grüsse
>
> Daniel
>
> Am 08.06.17, 01:12 schrieb "List im Auftrag von Espen Johansen" <
> list-boun...@lists.pfsense.org im Auftrag von pfse...@gmail.com>:
>
> Are you sure you disabled IG
Are you sure you disabled IGMP completely?
On Wed, Jun 7, 2017, 16:44 Mark Wiater wrote:
>
>
> On 6/7/2017 10:10 AM, Daniel wrote:
> > Hi,
> >
> > the Sync interface is connected directly without a Switch.
> > But Carp is running WAN/LAB for example.
>
> Let's go back to your original email, thi
I assume you did a pfsync (HA) interface on each firewall? If so did you
connect this directly without going thru the switch? A direct connection is
prefered for the sync interface. Also make sure that if you do direct
connection then use a 6ft cable first to connect them. Some interfaces have
issu
e is, unfortunately, quite
common. Nearly all of the work in packet processing is per-packet,
rather than per bit. The exceptions include VPN, where the encryption
overheads dominate, and DPI, where the payload must be inspected,
rather than merely passed along.
Jim
On Fri, Jan 27, 2017 at 5:59
gigabit/s if you are able yo push 1200 pps with that payload. Your
statement of 80% is just confusing, that is all.
On Fri, Jan 27, 2017, 04:02 Jim Thompson wrote:
> On Thursday, January 26, 2017, Espen Johansen wrote:
>
> > Are you saying worst case is 80%? Its not normal to have all
Are you saying worst case is 80%? Its not normal to have all minimum size
packets unless you are under ddos.
Default ethernet is 1526 (1530 with vlan) with a MTU 1500 on a layer 1
frame.
A layer 2 frame is 1518 (1522 with vlan).
If you want to include all layer headers then 1542 including vlan is t
12Mpps
on this hardware (about 80% of line-rate on a 10g interface).
Neither pfSense or FreeBSD (nor Linux) will do 1/10th of this rate.
Jim
On Thursday, January 26, 2017, Espen Johansen wrote:
> It should autotune by default based on memory iirc.
>
> On Wed, Jan 25, 2017, 23:27
It should autotune by default based on memory iirc.
On Wed, Jan 25, 2017, 23:27 Peder Rovelstad wrote:
> FWiW - My nano (4 NICs, 1GB, Community), PuTTY says:
>
> kern.ipc.nmbufs: 131925
> kern.ipc.nmbclusters: 20612
>
> but nothing explicitly set on the tunables page, just whatever's built in.
>
Karl fife. Take a look at a config backup. I assume you at some point set
them manually?
On Wed, Jan 25, 2017, 21:42 Peder Rovelstad wrote:
> There were changes in the defaults from FreeBSD 9 to 10.
>
> https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning
>
> Could that be it? Old config ove
Map interfaces based on mac and give them a name. Then adress the
interfaces based on that name. When it comes to reorganization of
interfaces the answer is; don't do it. Let the user remap interfaces
manually only. If the user wants to drop their DMZ to get wan back online
then it should be a manu
They usually do. And with kernel updates you have to.
On Mon, Oct 10, 2016, 19:20 Morten Christensen wrote:
> You should consider to state clearly in such announcements, if the
> upgrade includes a reboot of the box.
>
>
>
> Den 06-10-2016 21:29, skrev Jim Thompson:
> > Details are here: https:/
And you need to add a nat rule for the opt1 network as well. Either that or
turn of nat on pfsense and add routes on your router to all networks behind
your pfsense.
-lsf
On Fri, Sep 23, 2016, 21:48 Moshe Katz wrote:
> You need to add a firewall rule on the OPT1 interface to allow outgoing
> tr
Compdoc:
Your spinrite comments just show how dangerous some knowledge is without
propper understanding. Spinrite does indeed force SSDs to "fix" themselves
because it reads extensively (causes heat) and forces "half" working areas
to be marked bad. Most SSDs has minor defects from day one. Just li
Did you add a rule to allow ICMP on the wlan?
-lsf
On Thu, Sep 8, 2016, 15:58 Moshe Katz wrote:
> Ray,
>
> Can you clarify which IP range is assigned where?
> We can make an educated guess based on the information you provided, but
> it's always better to have confirmation.
>
>
> Moshe
>
> --
>
If you want to go cheap look for a Cisco 3524xl. They can be had for
15-20$. They support vlan in 1-1024 range (not extended). They are built
like thanks and will vitually last forever if you give them clean power.
They are 100mbit only but will do the job well.
Just my 2 cents.
On Mon, Jun 6, 20
Reboots usually happen when irq is shared and/or memory.
On Wed, Feb 24, 2016, 20:17 Espen Johansen wrote:
> You might try to put the wlan card in another slot on the motherboard.
> Also use bios to disable stuff like sound card, unused usb ports, Lpt, com
> ports etc.
>
> On We
You might try to put the wlan card in another slot on the motherboard. Also
use bios to disable stuff like sound card, unused usb ports, Lpt, com ports
etc.
On Wed, Feb 24, 2016, 20:15 Espen Johansen wrote:
> Remove the wlan card. Then remove config. It sounds like you might have a
>
t loop? Or will my path of least resistance be to simply do a fresh
> install again? Many thanks.
> On Feb 24, 2016 12:26, "Espen Johansen" wrote:
>
> > Do not bridge and do not use same subnet. If you want lan and wlan to
> talk
> > add rules for the subnets to ta
Do not bridge and do not use same subnet. If you want lan and wlan to talk
add rules for the subnets to talk to each other.
On Wed, Feb 24, 2016, 19:12 Sean Pohl wrote:
> The problem is an endless boot-loop on my pfSense installation after I
> made one
> change to the WLAN interface.
>
> I have
Firewall disable = no state = asymmetric routing will not get return
packets dropped. Are your servers multihomed?
On Wed, Feb 10, 2016, 22:48 Romain Lapoux
wrote:
> I am not agree, because how do you explain that all works correctly when I
> disable only the firewall feature in pfSense ?
>
> Ro
Sounds like it drops state, connection reset?
Try to set optimization longer.
-lsf
On Sun, Feb 7, 2016, 18:20 Romain Lapoux wrote:
> Hi,
>
> It's my first post here.
>
> Context:
> - pfSense in HA (CARP)
> - HAProxy used in pfSense for:
> - SFTP: tcp, clitcpka, srvtcpka, balance=source
stop firewalld; systemctl disable firewalld; systemctl enable
> iptables; systemctl start iptables
>
> You can manage rules the old fashioned way by either editing
> /etc/sysconfig/iptables or by running iptables directly and using
> iptables-save > /etc/sysconfig/iptables.
>
Try to add;
ip route add 192.168.1.0/24 via 192.168.1.1
and
ip route add 192.168.2.0/24 via 192.168.1.1
-lsf
man. 4. jan. 2016, 21:08 skrev Sébastien La Madeleine <
slamadele...@toolsoft.ca>:
> Hi Robert,
>
> I just tried the following advice and it did not improve my situation.
>
> Unless there
VLANs ? VLAN is l2 not L3. I have no idea what you are trying to do with
VLANs in the mix. Policy routing is easy and probably what you need.
-lsf
fre. 13. nov. 2015, 23.29 skrev David White :
> I have a unique scenario:
>
> The higher ups require a multi-wan high availability setup, but assumin
Bsed on your need I think you should convert to l2tp.
https://doc.pfsense.org/index.php/L2TP/IPsec
-lsf
lør. 14. nov. 2015, 03.22 skrev Vick Khera :
> On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote:
>
> > > Setting up BIND 9 to manage a dynamic zone is not very difficult.
> >
> > Do I need an ad
I think you have to set up a radius server and assign ip based on the user.
That way they will be "static" and then add DNS entries to that static IP.
My 2cents,
-lsf
ons. 11. nov. 2015, 15.47 skrev Marco :
> Hello,
>
> we use pfSense since quite a while with success and are very happy overall.
Focus on layer 7. Most torrent clients use dynamic ports. And disable upnp
as that will defeat the ports blocking as well.
-lsf
tir. 18. aug. 2015, 21.21 skrev A Mohan Rao :
> Hello pfSense experts,
>
> I find out torrents ports like 6881-6889 etc.
> And create firewall block rule source lan net
Any chance you have set something in the shaper that causes it?
fre. 5. juni 2015, 17:43 skrev Ryan Coleman :
>
> > On Jun 5, 2015, at 10:12 AM, Brennan H. McNenly <
> bmcne...@singularisit.com> wrote:
> >
> >
> >> And those of you with VMware experience… if I run the virtual firewall
> I would n
Don't double post please.
Brgds, Espen
3. juni 2015 15:00 skrev "Lukas Hubschmid" :
> Hello everybody,
>
> Is there any documentation about:
>
> * the process how pfSense firewall handles packets (lookup in firewall
>rules, lookup in state table, add new state, ...) e.g. a flow chart
> * ho
Pfsense is based on openbsds PF (PacketFilter) and runs freebsd as base OS.
That should give you enough to google how it works. Also remeber that this
is opensource and everything is freely available. The source code tells you
everything there is to know ;-)
Good luck :-)
ons. 3. juni 2015, 14:33
Actually. Are you looking for reverse proxy or a user proxy. I'm confused
after reading your mail a few times.
Brgds, Espen
31. mai 2015 15:35 skrev "Espen Johansen" :
> Exclude varnish its primarily made for frontend LB proxy.
>
> søn. 31. mai 2015, 15:32 skrev Adam T
Exclude varnish its primarily made for frontend LB proxy.
søn. 31. mai 2015, 15:32 skrev Adam Thompson :
> Oh, shoot, that's a good point - I probably do need SNI support for SSL.
> I may be able to get a wildcard cert, but that will be an issue one way or
> another.
>
> Varnish doesn't support S
Try that rule on WAN :-)
19. apr. 2015 21:50 skrev "Bob McClure Jr" :
>
> On Sun, Apr 19, 2015 at 11:29:37AM -0400, ED Fochler wrote:
> > What you’re describing is NAT reflection, and the reason you’re
> > getting redirected from :80 to :443 is because you’re actually
> > hitting the PFSense web i
In the past I have edited a config backup and restored it. Maybe there are
better ways, but find and replace in a editor does the trick :-)
Brgds, Espen
11. apr. 2015 20:46 skrev "Martin Fuchs" :
> Hi !
>
>
>
> Does anyone have any experience with changing WAN-interfaces ?
>
>
>
> We migrated out
Are you going to load a full internet BGP routing table? Is that why you do
not want a default? Remember that even if you have a default route any
route that is more specific will take preference. I dont see the problem?
And if you want to prevent any unknown IP destination being routed to your
upl
Use IP alias if you are on 2.0+
If you need redundancy (2xpfsense) use carp. All the other options are poor
workarounds created when pfsense did not support true interface alias.
Brgds, Espen
8. mars 2015 16:18 skrev "Tim Hogan" :
> I have seen that page and I don't know about "saying it all". I
hat I
told you tho. If ifconfig shows multiple IPs it is a true alias. If not
then they are something else.
Brgds, Espen
9. mars 2015 12:51 skrev "Brian Candler" :
> On 09/03/2015 11:24, Espen Johansen wrote:
>
>> As far as a true alias goes it is not implemented afaik. Try ifc
mac/arp timeout. And if so a
reboot of pfsense and router/modem should clear that up quickly. If the
modem is a true bridge then you might have to wait for the uplink router to
update its arp table. I have had issues with that in the past.
Brgds, Espen
9. mars 2015 12:24 skrev "Espen Joh
My bad. The IP can be in the same subnet as well as in a different subnet.
As far as a true alias goes it is not implemented afaik. Try ifconfig in a
shell and see if your aliases are listed as ips on the interface. If they
where they would respond to ping and have a derived mac from the main
inter
9. mars 2015 11:52 skrev "Brian Candler" :
>
> On 09/03/2015 10:47, Espen Johansen wrote:
>>
>>
>> Actually you cant use proxy arp as it has a limit affecting you.
Proxyarp IPs cant be in same subnet. Sorry.
>>
> Are you sure? I have a pfsense box where
Actually you cant use proxy arp as it has a limit affecting you. Proxyarp
IPs cant be in same subnet. Sorry. Carp is what you want/need. As for your
issue with not reaching the firewall when WAN is down is probably something
else.
What you really want is a alias ip on the interface and pfsense doe
I beleive the key to this is proxy arp.
Brgds, Espen
8. mars 2015 23:50 skrev "Bryan D." :
> While we're on the topic, I have a functioning v2.2 setup that uses a /29
> set of static IPs:
> - 1 IP is the gateway address and 5 IPs are "usable" (quite common, I
> believe)
> - one of the "usable" IP
ed to static route the path to the monitoring ip on your front
routers so that each front router will allways send it out on the correct
wan.
Hth.
Brgds, Espen
8. mars 2015 00:06 skrev "Espen Johansen" :
> Let ne see if i understand this correctly. You have 2 wans on your pfsense
>
like the issue.
Brgds, Espen
7. mars 2015 23:45 skrev "Espen Johansen" :
> I dont understand what you want to accomplish. And I dont think others do
> either. If you explain more maybe I can be of assistance :-)
> 7. mars 2015 21:25 skrev "Wade Blackwell" :
>
>
I dont understand what you want to accomplish. And I dont think others do
either. If you explain more maybe I can be of assistance :-)
7. mars 2015 21:25 skrev "Wade Blackwell" :
> Anyone?
> Bueler?
>
> Wade Blackwell
> Solutions Architect
> (D) 805.457.8825
> (C) 805.400.8485
> (S) coc.wadebl
Intel em is normally what I prefer. If its old or not does not matter that
much.
Just my 2 cents.
22. feb. 2015 00:17 skrev "Joe Laffey" :
> Hi,
>
> Which would you favor the msk driver with some on board Marvel controllers
> (P6T Deluze) or the em driver with a "Legacy 10.4" Intel card? This is
A seperator might make sense. But grouping and hiding rules is a bad idea
based on my experience.
A tree structure that is allways collapsed is annoying when you need
overview of all rules.
And defaulting to a expanded look will just act as a seperator.
Imho interface tabs acts as grouping enough.
It's not from list. Sender is spoofed.
-lsf
26. jan. 2015 10:28 skrev "Geoff Jankowski" :
> Am I the only person to receive this?
>
> It contains a .scr file which would not do anything to me but will to any
> gamers out there.
>
> I hope the lists address has not been compromised for other scamm
Is should be... i also had to think twice about it.
CMB, maybe you can note that for the future?
25. nov. 2014 17:16 skrev "Adam Thompson" følgende:
> On 14-11-25 10:14 AM, Espen Johansen wrote:
>
> https://blog.pfsense.org
> 25. nov. 2014 17:11 skrev "Adam Thom
https://blog.pfsense.org
25. nov. 2014 17:11 skrev "Adam Thompson" følgende:
> I'm looking, but I can't find anywhere what *time* the Gold hangout is
> going to be (or was...) today. Anyone know?
>
> --
> -Adam Thompson
> athom...@athompso.net
> Cell: +1 204 291-7950
> Fax: +1 204 489-6515
>
length 1416
> 14:09:45.137841 IP IPG1.tutu.local.49185 >
> par03s14-in-f23.1e100.net.https: Flags [.], ack 16988, win 32536, length 0
> 14:09:45.138466 IP par03s14-in-f23.1e100.net.https >
> IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 1430
> 14:09:45.138508 IP par03
Tcpdump and you will know the answer to that.
24. nov. 2014 13:35 skrev "Jean-Laurent Ivars"
følgende:
> Well thank you for your answer, this is exactly the same result that when
> i set the option 252 with null parameters in the DHCP
> (WindowsProxyAutodiscoveryDetection)
>
> But this is workaro
Just a hunch. Did you by any chance drop udp port 137/138 traffic between
client and dhcp server? As in, is this traffic allowed? Try tcpdump and
check for requests from a problem machine. You might block something win7
has decided it "needs". MS tends to have strange/unexpected needs ;)
-lsf
Hi
Just a guess but...any chance you have BCM NICs?
7. nov. 2014 00:09 skrev "Adam Thompson" følgende:
> Well, that would definitely cause a problem if it were the case, but...
> 1) TCP window size != MTU,
> 2) all switches and Router (but not pfSense) can both handle 9000-byte
> frames anyway,
> 3)
"Mark Loza" følgende:
> Does this something have to do with faulty PERC controller?
>
> On 10/14/14 1:29 AM, Mark Loza wrote:
>
> Yes, a hardware raid and pfsense is physically running on a Dell PE R515
> machine.
>
> On 10/14/14 12:49 AM, Espen Johansen wrote:
Is this a RAID?
Seen this on dells with PERC/megaraid controllers when they run the
sceduled BBU test.
13. okt. 2014 18:44 skrev "Mark Loza" følgende:
> Hi, pfsense is running fine for now. Is there any pfsense package that I
> can perform a live test on the drive?
>
> On 10/14/14 12:09 AM, Aaro
ich of my issues does it solve?
>
> On 10/3/2014 12:08 PM, Espen Johansen wrote:
>
> Bridge to LAN.
> 3. okt. 2014 18:05 skrev "Brian Caouette" følgende:
>
>> Just wanted to thank those of you who replied. Finally got the card
>> noticed in pFsense
Bridge to LAN.
3. okt. 2014 18:05 skrev "Brian Caouette" følgende:
> Just wanted to thank those of you who replied. Finally got the card
> noticed in pFsense. Had to use the add hardware feature on the VM. Now the
> problem is getting it to route traffic. I am able to ping the two ports
> from t
Try unsubscribe :-)
30. sep. 2014 21:57 skrev "Alexander Papantonatos"
følgende:
>
>
> --
> Beste Grüße/Best regards,
>
> Alexander Papantonatos
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
> >>
> >> Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
> >> in bridge mode with firewall rules enabled ???
> >>
> >> Really thanks,
> >>
> >> Roberto
> >>
> >>
> >>
> >> 2014-09
h firewall rules enabled ???
>
> Really thanks,
>
> Roberto
>
>
>
> 2014-09-29 16:15 GMT-03:00 Espen Johansen :
> > Depends on what you want. A splitt design is normaly better and safer
> then a
> > all in one box. If you want suricata +snorby and barnyard its
Depends on what you want. A splitt design is normaly better and safer then
a all in one box. If you want suricata +snorby and barnyard its not
recommended to run it all on pfsense. There are many deps. that will cause
a security nightmare and you will probably run out of hw resources as well.
OK, t
You might want to use google insted og relying on others. Maybe try to do
your own homework?
https://www.google.no/url?sa=t&source=web&rct=j&ei=faYpVJXTH6XGygP554LYBQ&url=https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Snorby_and_Barnyard2_set_up_guide&cd=1&ved=0CBwQFjAA&
If this is to be implemented it should be a tick box on each interfance.
Dropping all states if you want to move a cable/reroute it is not a good
idea.
This needs to be user controllable or only affect interface if
is_interface_type=pppoe.
Just my 2 cents.
-lsf
28. sep. 2014 19:19 skrev "Hannes W
You can install time based access control apps on most devices. Same goes
for time based rules. I use this for the kids.
26. sep. 2014 21:23 skrev "Brian Caouette" følgende:
> Is there a way to do a weekly report based on MAC address showing times
> used, total time and date for the period? Tryin
Sorry. That just means you are incompetent at your job.
There is no way in h...l you can demand others to do your job. We are all
here for free. Buy a pfSens support agreement and pay for it!
People like you annoys me.
-lsf
24. sep. 2014 19:22 skrev "A Mohan Rao" følgende:
> Hello
> If u really
Run pftop in interactive mode (-i) then press capital K for who is peaking.
Or capital B for byte amount sorting. Or try capital R for instant speed
rate. See man page for all options in interactive mode.
-lsf
24. sep. 2014 17:04 skrev "Muhammad Yousuf Khan"
følgende:
> Darkstat and bandwidthD a
Just for the record. All the 3com stuff is actually huawei/3com (h3c) and
afaik all the black switches are still that tech. 3600 5500 5700 5800 5900
7500 10500 series are all that and run a ios descendant from Huawei. And
they rock if you bother to learn them. They are way better then the cisco
equ
check dmesg and pciconf -lv.
If its not seen at all then try different slots and try to verify that
card/slot is working.
-lsf
On Fri, Sep 19, 2014 at 4:31 PM, Brian Caouette wrote:
> I added a dual port nic to my pfsense box and it doesn't show the
> additional ports.
>
> The new nic doesn't s
This should work wothout any special magic. Can a pc on a vlan segment ping
the gateway and reach internet?
Also did you configure the ip on the vlan interface or the physical? What
does a traceroute show if you trace to an unreachable part. Does arp
register hosts on the vlan interface?
-lsf
12.
advbase:
This optional parameter specifies how often, in seconds, to advertise that
we're a member of the redundancy group. The default is 1 second. Acceptable
values are from 1 to 255.
advskew:
This optional parameter specifies how much to skew the advbase when sending
CARP advertisements. By man
be.
>
> (This, again, is the big reason that Netgate stayed out of the early
> fracas around SSDs.)
>
> I’m not going to depend on what someone said in the forum over 3 years
> ago, since it’s unlikely to apply today.
>
> Jim
>
> On Aug 27, 2014, at 1:32 PM, Espen Joh
,*
*Sergii Cherkashyn*
Date: Mon, 25 Aug 2014 20:45:46 +0200
From: Espen Johansen
To: pfSense support and discussion
Subject: Re: [pfSense] Netgate APU2 SSD module question
Message-ID:
<
caadq7-adzhlsv1p6rl7kwaaomaws1uqcet6fxa5ngdn8sl5...@mail.gmail.com>
Content-Type: text/plain
56, Jim Thompson wrote:
> >>>>>
> >>>>>> Ryan,
> >>>>>>
> >>>>>> Don't troll.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On Aug 27, 2014, a
t;>>>> On Aug 27, 2014, at 7:57 AM, Ryan Coleman wrote:
> >>>>>
> >>>>> Why not answer the question?
> >>>>>
> >>>>>
> >>>>> On Aug 27, 2014, at 7:56, Jim Thompson wrote:
> >>>>&g
I personally don't think you will have an issue with too many writes in a
normal environment. Why squid tho? if its for filtering fine. For
acceleration and 3-6 persons it will most likely not do you much good.
Also check MLC vs SLC. SLC based SSD will last longer. Approximately 10
times longer. An
7;s that simple, I can use `viconfig` to delete the ``
> element, then in FreeBSD, simply remove the IP address from the WAN
> interface. I just am not terribly sure of the lifecycle of the config
> file.
>
> On Mon, Aug 18, 2014 at 1:53 PM, Espen Johansen wrote:
> > Export con
Export config. Edit. Then import.
18. aug. 2014 19:21 skrev "Adam Williams" følgende:
> Hello.
>
> I am running 2.1-RELEASE (built on Wed Sep 11 18:16:44 EDT 2013),
> which I believe includes the fix for the bug documented here
> https://redmine.pfsense.org/issues/2406, according to the release
>
. Again, do not do it.
16. aug. 2014 22:13 skrev "Adam Thompson" følgende:
> On 14-08-16 01:13 PM, Espen Johansen wrote:
>
> You would have to do a major code rewrite to get this done. And it would
> be insecure and it would make no pf sense :-) this is network basics. You
>
You would have to do a major code rewrite to get this done. And it would
be insecure and it would make no pf sense :-) this is network basics. You
dont seem to understand some network fundamentals. Sorry but this is not
doable without using vlans or 2 physical interfaces.
16. aug. 2014 20:06 skrev
Not doable in a sensible way.
16. aug. 2014 20:06 skrev "Bob Gustafson" følgende:
> I'm interested in doing it all within the Alix using pfsense. A minimum
> hardware approach.
>
> Think of my WAN mentioned below as the LAN network created by the
> modem/router furnished by the ISP and the LAN m
If you have a vlan capable switch (most managed switches can do this) then
you can split one interface into several virtuals. Pfsense supports this.
If not, a USB ethernet interface would be an option.
16. aug. 2014 19:48 skrev "Bob Gustafson" følgende:
> I have a small Alix board with only one E
Also remeber that pfsense has had packages like freenas (for some the
"Ultimate" all in one home device).
-lsf
30. juli 2014 22:24 skrev "Paul Mather" følgende:
> On Jul 30, 2014, at 4:09 PM, Espen Johansen wrote:
>
> > ZFS = FS+LVM. Its efficient in man
hings stay
like it "allways" has untill there is a need for change.
To OP; Set it to 640MB and be a happy camper.
-lsf
30. juli 2014 22:24 skrev "Paul Mather" følgende:
> On Jul 30, 2014, at 4:09 PM, Espen Johansen wrote:
>
> > ZFS = FS+LVM. Its efficient in many wa
ZFS = FS+LVM. Its efficient in many ways. Its highly resillient to things
like silent data corruption ( disk FW bugs, power spikes). It has on the
fly checking and repair. Copy on write, snapshoting, NFSv4 native acls and
a few more nice things. I dont understand the bashing?
-lsf
30. juli 2014 21
t help you remote as I´m on vacation with flaky 3G mobile.
On Sun, Jul 13, 2014 at 12:37 AM, Stefan Maerz <
stefan.ma...@thecommunitypartnership.org> wrote:
> No 3rd party routing installed.
>
> -Stefan
>
>
> On 7/12/2014 5:19 PM, Espen Johansen wrote:
>
> Only thing
ing precisely when
> the route is re-enabled, I would need to run a cronjob every second or so.
> And even that is not a great solution -- I'd reinstall before that. I'd
> really prefer a more elegant solution if possible.
>
> Any other ideas? Am I searching for the wrong thi
.
>
> A quick route del -host 10.144.1.8 and my network is 100% functional.
>
> However, still one problem remains. The route del command is not
> persistent when I reboot. How do I get rid of it? System>Routing>Routes
> indicates that no static routes are set up. Is there a rou
You got it ;-)
12. juli 2014 01:59 skrev "Brian Caouette" følgende:
> So add 127... to the system general and edit dhcp to use desired dns
> instead of system dns settings?
>
> Sent from my iPad
>
> On Jul 11, 2014, at 7:38 PM, Espen Johansen wrote:
>
> Add
Add it to pfsense dns list. Remove it from dhcp etc. If it's used there.
12. juli 2014 01:26 skrev "Brian Caouette" følgende:
> So the fix to make it work the same would be to add 127.0.0.1 to
> resolv.conf manually?
>
> Sent from my iPad
>
> > On Jul 11, 2014, at 6:19 PM, Dave Warren wrote:
> >
Please provide a network drawing.
I suspect you have a arp leak or a switch that needs to be restarted to
clear its arp cache. Restart switche (s) without nothing connected and add
the cetos and pfsense only and only after you have cleared both units arp
cache (arp -d). Then take it from there.
HT
1kb size should clue you in. This is however completely normal.
7. juni 2014 12:45 skrev "Brian Caouette" følgende:
> Mounted Filesystems*Type**Partition**Percent Capacity**Free**Used**Size*
> /dev/da0s1a 17%4.38 GB988.37 MB5.81 GB/dev/md0 2%3.26 MB62.00 KB3.61 MB
> devfs 100%0.00 KB1.00 KB1.00 K
You asked this already and it has been responded to.
Dont double post!
20. mai 2014 17:54 skrev "Michael Schuh" følgende:
> 2014-05-20 11:31 GMT+02:00 Faisal Gillani :
>
>> Hello all
>>
>> I am using Pfsense with everything, Pfsense based multi homed firewall
>> and pfSense based routers
>>
>> My
Tell your provider to do what mojo said. Or set it up yourself if you have
access to the provider routers. Third option is VPN between the pfsense
boxes so you can override the routing.
17. mai 2014 21:53 skrev "Klaus Wunder" følgende:
> Hello,
>
> you can use pfSense as a BGP
> Router. There is
Check the wireless section in the pfsense forum.
5. feb. 2014 19:40 skrev "Brian Caouette" følgende:
> What are some pci wireless cards that are compatible with pfSense 2.1?
>
> Are they all capable of making the box an access point?
>
> I tried my old Linksys wpc11 and the machine doesn't like i
Might be that serial redirection makes it show nothing. Bad drives might
also cause files to be corrupted. same goes for bad memory. Make sure both
are same versions.
5. feb. 2014 18:42 skrev "Brian Candler" følgende:
> This is a really strange behaviour, I wonder if anyone has seen anything
> si
What else is new with thinker as op.
25. okt. 2013 02:18 skrev "Jim Thompson" følgende:
> The topic has wandered away from pfSense.
>
> -- Jim
>
> > On Oct 24, 2013, at 18:48, Chris Bagnall
> wrote:
> >
> >> On 24/10/13 7:31 pm, Adam Thompson wrote:
> >> If I upgraded to a better-quality unit, o
rs-in-wireshark-captures/
On Sat, Sep 14, 2013 at 1:12 PM, Espen Johansen wrote:
> Try tcpdump + wireshark. Then read this:
> http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
>
> pfSense should not change sequence numbers unless you tell it to do s
Try tcpdump + wireshark. Then read this:
http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/
pfSense should not change sequence numbers unless you tell it to do so.
for packet breakdown read : http://www.daemon.org/tcp.html
Google is your friend ;-)
On Fri,
Contact Holger, he might be able to sort you out, and in your native
language as well :-)
Best regards,
Espen
Den 5. juni 2013 20:58 skrev "Mathias Riegger | administrators.de" <
cont...@administrators.de> følgende:
> Hallo zusammen,
>
> ich habe einen Kunden bei welchem zwei Pfsense installiert
1 - 100 of 103 matches
Mail list logo
