Re: [pfSense] Question on FW log entries

This will probably answer that: https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F PiBa-NL Peder Rovelstad schreef op 3-11-2013 16:27: Just a quick question for anyone who cares to reply, something I can't figure out. I hav

Re: [pfSense] Restoring from XML prevents VM from booting

Seems to me like this should never be possible from a config upload.. Is it possible for either of you to post the config file that causes this to happen? (preferebly to the redmine bugtracker) -Make sure to strip change with a texteditor all private information like passwords / ip's / certific

Re: [pfSense] Errors from packages that are no longer installed on pfsense

Install "cron" package and remove the obsolete commands from there. Howard Fleming schreef op 20-2-2014 20:32: I am getting the following email alerts from my pfsense 2.1 box: Subject: Cron /usr/local/bin/vnstat -u X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: /usr/local/b

Re: [pfSense] [Bulk] Re: Multiple static IPs from one ISP - Virtual IPs? - Trying this again

equire firewall rules to allow traffic. (portforwards automatically create them if you allow it to, 1on1 does not..) Greets PiBa Bryan D. schreef op 3-3-2014 21:29: Is the VIP CARP or IP Alias? ... according to the VIP capabilities chart, they're the only VIP kinds that can do ICMP

Re: [pfSense] pfsense openvpn Road Warrior

On Windows Vista/7/8 Administrator permissions are required to add routes. This either means running OpenVPNgui 'As Administrator'. Or using the 'OpenVPNManager' program installed as a service that runs the actual openvpn process in the background. (there is a checkbox in the OpenVPNclientExpor

Re: [pfSense] pfsense openvpn Road Warrior

Manually pushing routes from the advanced section is in general not needed if the 'local network(s)' is filled in in the WebGui. Holger Bauer schreef op 19-3-2014 10:44: Hi Mohan, make sure you have appropriate rules under firewall>rules, openvpn tab to allow access. Also make sure your routi

Re: [pfSense] Host Connectivity on a Specific Subnet

Please note that dns configuration options can add route's. (what gateway is configured behind the dns, if any?) /* setup static routes for DNS servers. */ https://github.com/pfsense/pfsense/blob/master/etc/inc/system.inc#L159 Greets PiBa-NL Espen Johansen schreef op 13-7-2014 0:44:

Re: [pfSense] [Bulk] Re: Web Server Load Balance

le more processing as both request and reply need to go through haproxy.. Greets PiBa-NL Satvinder Singh schreef op 6-8-2014 19:44: Hi, I have tried having the Virtual Server on a different subnet and created rules in the firewall, but still doesn't work. I have tried having all 3 (2 Nod

Re: [pfSense] [Bulk] Re: Another OPT1 routing question

emove that setting if you still have it but want to have pfSense use the same mac's that the (virtual) nic really have. I suspect that this is now causing the 'duplicate' mac on the pfSense interfaces. Greets PiBa-NL compdoc schreef op 10-8-2014 16:21: em1 third MAC address (up)

Re: [pfSense] [Bulk] limiter per IP without listing IP individually

tered, respectively. This makes it possible to easily specify bandwidth limits per host." Greets PiBa-NL greg whynott schreef op 12-9-2014 17:07: Hello, I have a pfsence box with about 300 people behind and 5 network segments. The internet port is 100 megabits. I'd like to limit each

Re: [pfSense] [Bulk] Added ntopng.pbi via command line, how do I add to webui?

emove packages from the command line pfSsh.php playback installpkg "Some Package" pfSsh.php playback uninstallpkg "Some Package" pfSsh.php playback listpkg https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes#SH.2FPHP_Shell_Scripts Greets PiBa-NL Wade Blackwell

Re: [pfSense] [Bulk] Re: Https proxy squid3 squidguard squid3 not working

released, there is no workaround.. There seems to be some work going on for that though.. If you can compile squid yourself on FreeBSD 8.3 you might be able to use that specific development branch. My two cents, PiBa-NL Nicola Ferrari (#554252) schreef op 22-9-2014 8:24: That's the co

Re: [pfSense] States Issue with Asterisk behind pfSense

ve send a pull-request for pfSense 2.2 containing this change: https://github.com/pfsense/pfsense/pull/1299/files p.s. im not a 'pfSense dev' , just a user and contributer.. use it at your own risk ;).. Greets PiBa-NL Espen Johansen schreef op 28-9-2014 19:26: If this is to be impleme

Re: [pfSense] [Bulk] OpenVPN & Non-admin users.

-using the OpenVPNManager (there is a checkbox to include it in the installer in the openvpnexport package) Karl Fife schreef op 1-12-2014 21:37: I'd like to poll how others have dealt with the issue of non-admin Windows users running OpenVPN (TUN) for remote access. If you recall, non-admin

Re: [pfSense] [Bulk] Re: DNS-based inbound NAT?

HAProxy can also be used for this. Brian Henson schreef op 14-12-2014 20:13: I second using a reverse proxy for this. You can use the squid package or even use the Mod_security and proxy pass directive On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz > wrote: HTTP H

Re: [pfSense] [Bulk] Re: openvpn - how do i nat the vpn segment?

Check you have 'manual outbound nat' selected, otherwise the manual rules dont apply.. As to view the actual pf rules created you can look at the file /tmp/rules.debug using for example the menu option diagnostics/editfile. Or run pfctl -sn on ssh/console to view nat rules. Antonio Prado schre

Re: [pfSense] [Bulk] Re: NAT Port Forward to IP in subnet host with different default gateway

ion logic that tries to distinguish between client-ip's will be useless though.. Greets, PiBa-NL ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] [Bulk] Re: default firewall rules

Dont forget to move host-overrides / domain-overrides , and set the 'Harden Glue' on dnsresolver/advanced settings. Sean schreef op 5-3-2015 om 3:49: LOL. That simple eh? Thanks. On Mar 4, 2015 8:27 PM, "Randy Bush" > wrote: > Pardon the hijack but if I was using d

Re: [pfSense] [Bulk] IP Alias -vs- Proxy ARP for NAT

Says it all: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses Which is better, that depends on what you need it to do. Tim Hogan schreef op 8-3-2015 om 13:48: I am setting up my firewall to do 1:1 NAT with a block of public IP addresses. I have found several posts about setting u

Re: [pfSense] [Bulk] Re: "Packages are currently being reinstalled in the background." since last night... nothing showing on the console...

There is also a chance that 'something' went wrong during package installation and the php process got terminated.. In diagnostics/backuprestore you can press the 'clear lock' and 'reinstall all packages' buttons to solve that.. Some packages just cannot be installed during booting due to some i

Re: [pfSense] [Bulk] updating & testing packages?

Applying the diffs to your current pfsense install would work, can use the system patches package for that. Just copying modified files to the pfsense box works as well. Or setting up a local repository to install the changed package from is another option.. (preferred if you going to change in

Re: [pfSense] [Bulk] Invalid IP range allowed in firewall alias, breaks ruleset

Problem is that what you typed validates as a valid 'hostname'.. Steve Yates schreef op 20-4-2015 om 17:52: I had a situation this weekend where I wanted to add another IP range to an existing alias. I entered x.x.x.75-99 which the eagle eyed among you will notice is invalid syntax (should be

Re: [pfSense] from LAN to OPT1, pfsense forces all http connections to https

Go to System/Advanced/Adminaccess then disable the "WebGUI redirect". That is still receiving traffic on *:80 and redirecting to the webgui port.. Bob McClure Jr schreef op 20-4-2015 om 19:09: On Mon, Apr 20, 2015 at 09:52:20AM -0400, ED Fochler wrote: You may be getting overruled by the self p

Re: [pfSense] [Bulk] Re: [Bulk] Invalid IP range allowed in firewall alias, breaks ruleset

Ps in this alias" or similar? Reading what I just wrote, what happens if a valid hostname ever can't be resolved in the future? The rule stops working then also? -- Steve Yates ITS, Inc. PiBa wrote on Mon, Apr 20 2015 at 12:27 pm: Problem is that what you typed validates

Re: [pfSense] reverse proxy situation

nt.., perhaps take a look at the github activity to see if and how actively they are changing.? Though few commits can mean its very stable and feature complete. It can also mean its not being actively maintained. So still doesnt say much.. Greets PiBa-NL Adam Thompson schreef op 31-5-201

Re: [pfSense] [Bulk] Problems with migrating from pfsense 2.1.5 to 2.2.2 - no translation or filter rules loaded

Try running: pfctl -f /tmp/rules.debug This should reload the rules, but likely trows an error.. I think you might have some 'invalid' alias table content. Seb Auriol schreef op 24-6-2015 om 13:00: Hi all, I have installed pfSense 2.2.2 on new hardware (four Dell 1950 blade servers). I took t

Re: [pfSense] GUI performance on an ALIX 2d3

Probably this caused it workaround also there, as written in "https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes"; * The forcesync patch for#2401 is still considered harmful to the filesystem and has been kept out. As such, there may

Re: [pfSense] [Bulk] Re: darkstat

Package still seems to exist available for installation on my 2.2.5 box. If its already installed its nolonger listed between the available packages.. Maybe looking in the wrong place? Op 8-11-2015 om 16:36 schreef Ryan Coleman: From October 16 (Subject: "Bandwidth graph”): Was it darkstat?

Re: [pfSense] [Bulk] Re: Upgrade to 2.3

Op 20-1-2016 om 14:45 schreef J. Echter: Am 20.01.2016 um 14:35 schrieb Brian Caouette: Ive been following the forum discussions on 2.3 and was confident the packages I used were ready for 2.3 so I bit the bullet and upgraded. I find all my failed packages with the same error on attempt to

Re: [pfSense] [Bulk] Strange problem with HAProxy failing after WAN IP changes

Hi, Afaik, haproxy does not and did not reload on a wan-ip change on either pfSense version. There are a few options though. -make haproxy frontend listen on 'any' -or use a portforward to forward incoming traffic to 127.0.0.1 , haproxy could then be listening on localhost:80. Reg

Re: [pfSense] DMZ not working since upgrade 2.3

/driver related at this moment.. Do you have any packages installed? Snort or Suricata can sometimes unexpectedly block traffic you do want.. Or other configurations like limiters/shapers or openvpn/ipsec networks can possibly interfere.. Regards, PiBa-NL _

Re: [pfSense] DMZ not working since upgrade 2.3

Linkedin <http://fr.linkedin.com/in/jlivars/> | Viadeo <http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr <https://www.ipgenius.fr/> Not really sure what the issue is just yet. Hope some of my comments help get you closer ;) You might also try calling ovh

Re: [pfSense] haproxy crl modification requires service reload

Its expected behavior.. Packages are not (yet) notified of certificate changes, so cannot easily decide if a reload is required. Might come in a future version :) Op 15-8-2016 om 21:06 schreef T: Hello, 2.3.2-RELEASE (amd64) + haproxy. I use haproxy with certs based authentication. As descri

Re: [pfSense] Routing between interfaces

Make sure that 'internal' traffic is not pushed out over the gatewaygroup to the WAN interfaces. So create pass rules above the pbr>gatewaygroup rules, to allow internal trafffic to just take the regular routes. Op 11-2-2017 om 3:06 schreef Matthew Pounsett: I've been employing a terrible hack

Re: [pfSense] Routing between interfaces

Op 11-2-2017 om 17:24 schreef Matthew Pounsett: On 11 February 2017 at 08:48, PiBa wrote: Make sure that 'internal' traffic is not pushed out over the gatewaygroup to the WAN interfaces. So create pass rules above the pbr>gatewaygroup rules, to allow internal trafffic to just tak

Re: [pfSense] HAproxy URL Redirect

that you can use acl's to match foo/foobar hostnames and then perform a action to redirect.. Regards, PiBa-NL Op 5-5-2017 om 21:48 schreef Daniel: Hi there, i have a hopefully a quick questions ;) I have serval Domains and just one SSL Certificate. I bought a Certificate for bar.com

Re: [pfSense] rules were ignored.

; ? Like 'destination NOT 192.168/16' or something similar? Also are any proxy's or other gateway/advanced configurations used? Though only reason i think something might 'disapear' or change kinda spontaneous is if the rules have a gateway defined that went down. Can you d

Re: [pfSense] rules were ignored.

ot know for sure anytime soon. :/ Regards, PiBa-NL Op 21-8-2017 om 21:40 schreef greg whynott: Hi PiBa, - The rules are applied inbound from wifi zone on the pfs interface. - inside is defined by an alias which describes all our internal RFC1918 networks.  Without the use of an exclusion oper

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

ll the CA certificate configured below on clients. Content filtering (such as Antivirus)/will not/be available for SSL sites. " Regards, PiBa-NL ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] routing between subnets at same Interface - configuration not working on 2.4.1

Hi Fabian, Have you set?: System/Advanced/Firewall & NAT: "Static route filtering, Bypass firewall rules for traffic on the same interface" As for your 'static routes', i'm not sure what purpose they serve.. Routing between subnets known on a pfSense interface is

Re: [pfSense] Maximum CARP Addresses?

Alias VIPs must be inside the same subnet as the CARP VIP upon which they are placed." and that that is nolonger the case. The limit of max 255 is still there afaik.. Regards, PiBa-NL ___ pfSense mailing list https://lists.pfsense.org/mailman/listi

Re: [pfSense] routing between subnets at same Interface - configuration not working on 2.4.1

i would opt to remove them and see if things improve.. Regards, PiBa-NL Op 14-5-2018 om 10:39 schreef Fabian Bosch: Hi - Attachements not working so here is the XML Plaintext:     17.9                 normal         pfSenseOne         xy.zz                     all                  

Re: [pfSense] boot/loader.conf.local deleted upon reboot

Looks like everything that has the word 'console' in there gets deleted from loader.conf.local.. I suppose the 'platform' is not one of these.?:     if ($specific_platform['name'] == 'RCC-VE' ||         $specific_platform['name'] == 'RCC' ||         $specific_platform['name'] == 'SG-2220') {