Re: [pfSense] ZFS on 2.4.2

On Thu, Mar 8, 2018 at 10:12 AM, Vick Khera wrote: > On Thu, Mar 8, 2018 at 11:10 AM, Zandr Milewski > wrote: > > > As someone who has spent easily 100 hours troubleshooting, rebuilding, > and > > restoring UFS based Netgate boxes that have to function in

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 2:31 PM, Peder Rovelstad wrote: > > That is an urban legend. One of original developers of ZFS was > > interviewed > > OK, then. Not my data. Best of luck. > > I've had other ZFS servers without ECC that have run successfully for several years. I

Re: [pfSense] ZFS on 2.4.2

On Wed, Mar 7, 2018 at 7:36 AM, Peder Rovelstad wrote: > OH, and w/o ECC memory, it's a time bomb. > > That is an urban legend. One of original developers of ZFS was interviewed and asked about the "Scrub of Death", he said that ZFS doesn't fail in that way. ZFS is no

Re: [pfSense] ZFS on 2.4.2

this a case of drive by nerd sniping or do you know something that will cause my specific use case to fail at some point in the future? Walter > On 3/1/2018 1:49 AM, Walter Parker wrote: > >> Forgot to CC the list. >> >> On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker <walt.

Re: [pfSense] ZFS on 2.4.2

Forgot to CC the list. On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker <walt...@gmail.com> wrote: > Thank you for the backup script. > > By my calculations, 2G should be enough. If I limit the ARC cache to 1G, > that leaves 1G for applications & kernel memory. As I'm not s

[pfSense] ZFS on 2.4.2

Hi, I have 2.4.2 installed on an SG-2220 from Netgate [nice box]. I just bought a 6TB powered USB drive from Costco and it works great (the drive has its own power supply and a USB hub). I want to use it take ZFS backups from my home server. I edited /boot/loader.conf.local and

Re: [pfSense] Configs or hardware?

mportant enough to you switch gets addressed in 2.5 > but not in 2.4 might occur (gosh that’s an awful sentence, Jim). > > > I understand that a lot of people are effectively threatening to switch > > to OpnSense due to this, but I fear that I will *have to* if I can't > > replac

Re: [pfSense] Configs or hardware?

rdware by the time support for software AES ends entirely. > > See: > https://ark.intel.com/Search/FeatureFilter?productType= > processors=LGA771=true > > > I thank you for addressing this with me. I appreciate your conduct with > me despite my comment. > > > Jim >

Re: [pfSense] Configs or hardware?

Well, both Intel and AMD starting shipping the AES-NI instructions 8 years ago... How long does a project need to wait before it can require a feature found on all major x64 processors? Waiting 8-9 years seems reasonable to me. Given the fact that the project is only supporting 64-bit and

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates wrote: > I'm not a developer but I would think it's dependent on FreeBSD releasing > the update, plus testing by pfSense/Netgate. However, I would think > there's not much concern with PCs running pfSense, since raw code would not >

Re: [pfSense] Moving traffic between LAN & OPT1

On Fri, Dec 22, 2017 at 8:25 PM, Antonio wrote: > Hi, > > I'm not sure how you move traffic between the above interfaces. I was > under the impression that all you needed was a "Default allow LAN to any > rule" and job done. Yet i'm struggling to get devices of different >

Re: [pfSense] acme package: DNS-nsupdate configurable update zone

On Thu, Nov 16, 2017 at 4:22 AM, Brian Candler wrote: > On 16/11/2017 10:30, Brian Candler wrote: > >> Unfortunately in the pfSense (2.4.1) GUI, I can't see a way to configure >> this. >> >> I would like either: >> >> - an extra setting for "dynamic update zone", which is

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

}; notify yes; }; On Sun, Aug 6, 2017 at 7:05 PM, Jim Pingle <li...@pingle.org> wrote: > > On 8/6/2017 9:47 PM, Walter Parker wrote: > > How do I get the Acme package to let me update the sample.com > > <http://sample.com> zone, to add the host for >

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

8 PM, Jim Pingle <li...@pingle.org> wrote: > On 8/6/2017 8:03 PM, Walter Parker wrote: > > I think I'm missing something simple with my Acme Client setup in > pfsense. > > I followed the following steps and I'm get a TSIG error (note NSUPDATE > > worked when run by han

[pfSense] Acme client - DNS server setup/dns client secret issue.

I think I'm missing something simple with my Acme Client setup in pfsense. I followed the following steps and I'm get a TSIG error (note NSUPDATE worked when run by hand). - dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com - Copy secret from Kfw.sample.com.*.key (note this secret has

Re: [pfSense] How to ...

One thing to consider with a DNS query to mapping system is the effect of DNS caching. Many systems now have local caches, so you will only see the DNS lookup once. For the traffic flows. you might want to look at netflow. It can be setup to send the data to a collector system and you will be able

Re: [pfSense] pfsense default firewall configuration

I moved from IPCop to pfSense years ago. It was good enough then. It is better now. Without an idea of what you customization are, we can't tell you how many rules you might need to add to get the same functionality from a pfSense setup. On Tue, Nov 15, 2016 at 8:19 AM, Ryan Coleman

Re: [pfSense] 3 hard locks this week... any ideas?

On Thu, Sep 1, 2016 at 3:06 PM, compdoc wrote: > >>Coming back tonight to do memtest, SpinRite on the SSD, etc..., > > Spinrite on an ssd is a terrible idea. It's an ancient program thats even a > bad idea to use on hard drives. > > It doesn't even work on drives larger

[pfSense] pfSense store router positioning

Hi, I've be doing a bit of remodeling in the household and I noticed an interesting issue with the temperature of the the router (an SG-2220). If I put the router flat, it heated up to 53 Celsius (9AM mid 70's Fahrenheit room temp). WHen I turned the router in the side, it dropped from 53 to 46

Re: [pfSense] enabling authenticated ntp ?

Not that I have seen. I had an idea for authenticated NTP awhile back, but was waiting until I had upgraded to 2.3 before I looked at what it would take to add. This weekend I had the time to build a test environment, so I might try doing it over the next few months. Walter On Mon, May 30,

Re: [pfSense] Restoring DHCP table from 2.2.x into 2.3.x

from that config and things worked just fine. Walter On Sun, May 29, 2016 at 4:44 PM, Dave Warren <da...@hireahit.com> wrote: > On 2016-05-29 17:35, Walter Parker wrote: > >> You could try copying the the entries from the old XML and paste it in the >> new XML file. >

Re: [pfSense] Restoring DHCP table from 2.2.x into 2.3.x

You could try copying the the entries from the old XML and paste it in the new XML file. Walter On Sun, May 29, 2016 at 3:32 PM, Dave Warren wrote: > Howdy! > > I am looking at replacing my 2.2.something pfSense box with a fresh > install of 2.3. Is it possible to restore

Re: [pfSense] Strange fe80::1:1 link-local address on LAN interface

In IPv6, Link Local fe80::1:1 is like what IPv4 does when there isn't a DHCP server (it auto assigns an address from 169.254.0.0/16 ). The IPv6 RFC documents two ways to generate these link local address. The second method generates addresses that are not dependent on the MAC address. Unlike the

[pfSense] USB hard drive on SG-2220

Hi, I just plugged a small WDC USB 2.0 hard drive into my pfSense firewall as an external, second drive and everything booted: da1 at umass-sim1 bus 1 scbus7 target 0 lun 0 da1: Fixed Direct Access SCSI device da1: 40.000MB/s transfers da1: 238475MB (488397168 512 byte sectors) da1: quirks=0x2

[pfSense] Upgraded to new pfSense Router, can't find RRD graphs after restore

Hi, I just upgraded from my old ALIX router that I brought from Netgate several years ago (which has worked great for the past several years). The new box is nice, it is much faster. I restored my old 2.2.5 config on the new system and I have a few questions: Where are the RRD graphs (I don't

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

For a list of Packages in 2.3, see https://doc.pfsense.org/index.php/Package_Port_List For a list of packages removed from 2.3, see https://doc.pfsense.org/index.php/2.3_Removed_Packages Walter On Wed, Apr 13, 2016 at 3:17 PM, Steve Yates wrote: > I should restate/clarify

Re: [pfSense] PFSense for high-bandwith environments

On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote: > On 19/02/2016 17:12, David Burgess wrote: > > I'm a little surprised at your experience. A few years ago I built a > > PFSense unit with an Intel motherboard, 1st gen Core i3 CPU, and a > > single onboard Intel (em) GBE

Re: [pfSense] PFSense for high-bandwith environments

There is an optimization coming for pfsense. There is a new user space routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 Mpps). There was a BSDCon that talked about a future version of pfsense using this system. It uses ipfw, so there a bit a work to adapt it to pfsense.

Re: [pfSense] Bandwidth graph

no longer supported by the > developer. > > > > On Oct 16, 2015, at 1:11 AM, Walter Parker <walt...@gmail.com> wrote: > > > > Years ago, there was a package for pfSense that graphed total bandwidth > for > > the Day, Month, Year using bar charts. It would s

[pfSense] Bandwidth graph

Years ago, there was a package for pfSense that graphed total bandwidth for the Day, Month, Year using bar charts. It would show the top days with bandwidth and total usage for the month. It was not bandwidthD or the RRD graphs. I can't find it anymore. What was it called and why was it removed?

Re: [pfSense] Notification about soon-to-expire certificates

, Philipp Tölke pt+pfse...@fos4x.de wrote: Hi Walter, thanks for your answer! On 19.06.2015 01:24, Walter Parker wrote: If your network is large enough to have a monitoring package (like Nagios), some of them support certificate checking. Can nagios access the certificates on the pfSense

Re: [pfSense] Using on Fiber

There is a serverfault question about this: http://serverfault.com/questions/380778/vmware-seems-to-throttle-scp-copies-what-can-be-the-reason?rq=1 SCP does (did) have performance problems. They fall into two groups. First, over a WAN the internal buffer was a bit too small for high speed (100

Re: [pfSense] testing email

After renabling my account, I saw this email (but not the earlier emails from today). Walter On Wed, Apr 8, 2015 at 11:58 AM, Mike Montgomery onezero1010...@gmail.com wrote: I got the same re-enable email to my gmail account. On Wed, Apr 8, 2015 at 2:48 PM, WebDawg webd...@gmail.com wrote:

Re: [pfSense] testing email

Thank you. On Wed, Apr 8, 2015 at 12:16 PM, Chris Buechler c...@pfsense.com wrote: This should be fixed. mailer-daemon@ ended up as a list member in mailman, AFAICT from day one of this list, but in the past few days ended up being spoofed to send a couple viruses to the list. Those messages

Re: [pfSense] Setup Question - Routing

Using a chart like http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf you can see the different /28 and /29 subnets that exist on a /24 network. You would bind the .248/29 network to the WAN interface (use a /29 to leave a few extra addresses). Then you would bind an

Re: [pfSense] Cannot install 2.2 on Alix board (latest firmware)

I installed it on an ALIX with a 4GB card without issues. I'd suggest getting a serial cable so that you can see the output from the system as it boots (make sure you a null modem cable or adapter). Walter On Mon, Mar 9, 2015 at 5:11 AM, Kostas Backas kos...@i-system.gr wrote: Hello, I have

Re: [pfSense] serial port sadness

I had a problem like this, so I replaced the cheap converted with one made by a California company (it was much nicer, real drivers and instructions for $5 more). I got no output until I remembered that I might need a null modem adapter. Once I added that to mix everything worked like a charm

Re: [pfSense] Squid not logging traffic

, 2015, at 6:27 PM, Walter Parker walt...@gmail.com wrote: For the real time monitor, if you switch from WAN to LAN, you can see who is doing spikes. For the other items, you can see how much bandwidth each internal IP addresses has used in one of those packages. Unless you have servers in a DMZ

Re: [pfSense] Squid not logging traffic

of programming might radically differ from yours :) If I can find the time, I'll see if I can find any notes. Walter On Mon, Feb 16, 2015 at 2:58 PM, Volker Kuhlmann list0...@paradise.net.nz wrote: On Tue 17 Feb 2015 10:33:21 NZDT +1300, Walter Parker wrote: In Realtime, you can use the dashboard

Re: [pfSense] Squid not logging traffic

In Realtime, you can use the dashboard app. For plugins, BandwidthD and Darkstat have some information. I've used netflow on other systems to get this sort of information, but for pfSense you would have to setup a second box that ran the netflow visualizer to see the traffic information from one

Re: [pfSense] Firewall Hardware/Setup for Datacenter...

/index?itemnumber=16-101-837 Both are viable options. Jason Sent from my iPhone On Feb 5, 2015, at 11:11 AM, Walter Parker walt...@gmail.com wrote: I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail

Re: [pfSense] Firewall Hardware/Setup for Datacenter...

I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate ( http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or

Re: [pfSense] CVE-2015-0235 - Uncertain if pfSense/OpenBSD is vulnerable?

First, pfSense is from FreeBSD, not OpenBSD. Second xBSD uses libc by default, not glibc. glibc is a GNU/Linux port of the libc from UNIX systems. I wouldn't expect to see recent glibc errors in xBSD, as there are separate code bases at the system level. Walter On Tue, Jan 27, 2015 at 10:45 AM,

[pfSense] pfSense 2.2RC resolv.conf settings

Hi, I just put pfSense 2.2RC on my filewall and I noticed that the PHP code that generates the resolv.conf file will add the line options edns0 to resolv.conf if the the unbound config has the edns option set. I didn't see any way in the GUI to set this option. I'm I missing something, or has

[pfSense] Today's Infoworld Deep End column

Just thought I'd note that Paul Venezia, who does the Deep End column for Infoworld, just gave a positive heads up to pfSense and the APU1 DIY kit from Netgate. http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html Walter -- The greatest dangers

Re: [pfSense] Recomend

your comment about get it now before it has any issues. Brian On 11/30/2014 3:07 PM, Walter Parker wrote: If you are getting the Netgate kit, I'd suggest just getting the Intel m525 SSD that they offer. This is a modern SSD with wear leveling that keeps software like a squid cache from

Re: [pfSense] Recomend

If you are getting the Netgate kit, I'd suggest just getting the Intel m525 SSD that they offer. This is a modern SSD with wear leveling that keeps software like a squid cache from burning out the drive early. It will fit and work without having to build a custom cable and have to tape a drive to

Re: [pfSense] Recomend

I'd be a little worried about the SD card and squid, but not the current ADD solution from Netgate. On Nov 27, 2014 2:05 PM, Brian Caouette bri...@dlois.com wrote: I've been looking at the kit at Netgate for $199 to replace my poweredge 2850 for pfSense. My concern is the sd/flash memory and

Re: [pfSense] Install CD - I don't know where to go with this

I use imgburn to burn all of my pfSense CDs (and Windows, Linux and FreeBSD DVDs). I second the recommendation. If you have picked the correct image, it should boot unless there is something strange with the HP hardware. The fact that a Windows disk boots doesn't prove that hardware isn't strange

Re: [pfSense] Reports

First time I would do is make sure that you have added static IP address reservations for those the MAC addresses using the DHCP server page for each piece of IP gear that your children have. If you click on All Leases, it will show you every device that has tried to get an address. You can take

Re: [pfSense] Pftop confusion.

To see which client is eating your bandwidth, when using Traffic Graph, switch from WAN to LAN. Then the dynamic list of hosts will show client IP addresses and not your link address. On Wed, Sep 24, 2014 at 7:55 AM, Muhammad Yousuf Khan sir...@gmail.com wrote: Exactly this is how i learn that

Re: [pfSense] Https blocking

A suggestion: Null route all facebook addresses. That usually kills any traffic. Be aware that it kills all traffic to those addresses (HTTP, HTTPS, SMTP, POP3, DNS). FYI, getting snotty to people that are asking for help usually turns them off of wanting to help you... Walter On Wed, Sep 24,

Re: [pfSense] Cannot go to HTTPS sites using WAN interface

Yes, check to make sure that the WebConsole interface (on 443) is not conflicting with with your other rules. Check for allow/deny rules in both Squid and pfSense to make sure that you don't have a conflict. On Tue, Sep 9, 2014 at 1:34 PM, Satvinder Singh satvinder.si...@nc4worldwide.com

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

On 07/10/2014 05:29 PM, Walter Parker wrote: I disagree that this is a vulnerability/weakness. If this is truly your only issue with the network, I'd call it good and done if you are not the DOD/NSA. If you are, then you need to start again with an even more secure foundation. Walter

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

I think you might have a misconception in your request. Whe you say: To resolve this issue I need to mangle forwarded IP packets by incrementing their TTL by 1. This would effectively hide the above included results. If anyone knows how to do this either through the web interface or through

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

I disagree that this is a vulnerability/weakness. If this is truly your only issue with the network, I'd call it good and done if you are not the DOD/NSA. If you are, then you need to start again with an even more secure foundation. Walter On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell

Re: [pfSense] https transparent proxy project failed...

HTTPS was designed to cause a transparent proxy to fail (that was one of the major design goals, no third party [such as squid] could read to the traffic). As mentioned before, to make this work, you must either drop the requirement that the proxy be transparent (Note, explicit proxies can be auto

Re: [pfSense] Squid3 with https filtering

There is a way to auto configure the proxy settings on modern browsers, so that you don't have to manually configure them individually WPAD and Proxy auto-config http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol http://en.wikipedia.org/wiki/Proxy_auto-config Walter On Wed, Jun 18,

Re: [pfSense] installing vmtools

Given than pfSense 2.1.3 uses FreeBSD 8.3 as the base OS, wouldn't http://ftp1.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/perl5/ be better location to use for packages? Walter On Wed, May 21, 2014 at 11:57 AM, Moshe Katz mo...@ymkatz.net wrote: On Wed, May 21, 2014 at 2:39 PM,

Re: [pfSense] Poweredge 2850

The amd64 is for all 64 bit machines (amd64 and Intel EMT64) The x86 is for all 32 bit machines (Intel and AMD) According the spec sheet, http://www.dell.com/downloads/global/products/pedge/en/2850_specs.pdf, that is a 64 bit machine. Note, because AMD developed 64 for the x86 first, the BSDs

Re: [pfSense] Poweredge 2850

different from AMD64. I’ve never touched an Itanium-driven machine. On May 19, 2014, at 18:06, Walter Parker walt...@gmail.com wrote: The amd64 is for all 64 bit machines (amd64 and Intel EMT64) The x86 is for all 32 bit machines (Intel and AMD) According the spec sheet, http://www.dell.com

Re: [pfSense] High iostat

pfSense has menu options that allow to move/create /tmp and /var in RAM. These can be found in SystemAdvancedMiscellaneous. Then logging would be written to the RAM disk. Note that the logs will be lost when the power goes out. You will need to setup a scheduled job that does backups if you wish

Re: [pfSense] How to allow only incoming HTTP/HTTPs traffic from WAN interface?

a rule for each of these domains will be painfull after a while i assume. But on the other hand, i will be using this reverse proxy node as the first entry point to my DDoS protection network, so not sure whether DPI is a good thing here or not. On Sat, Apr 12, 2014 at 11:40 PM, Walter Parker

Re: [pfSense] How to allow only incoming HTTP/HTTPs traffic from WAN interface?

How about configuring the firewall to block everything and then then create a rule that forwards/allows only port 80 and 443 to the reverse proxy server. Configure the reverse proxy server to only support HTTP traffic (on port 80 and using SSL on 443). Then you don't need to do DPI. I'd say you

Re: [pfSense] Network Traffic Monitoring w/o Webgui

years, but a simple windows version... http://oss.oetiker.ch/mrtg/ *From:* List [mailto:list-boun...@lists.pfsense.orglist-boun...@lists.pfsense.org] *On Behalf Of *Walter Parker *Sent:* April-07-14 2:06 PM *To:* pfSense Support and Discussion Mailing List *Subject:* Re: [pfSense

[pfSense] Packages didn't install after upgrade from 2.0 to 2.1.1

I upgraded my ALIX system running 2.0 to 2.1.1. The base upgrade appeared to go fine, I got the screen that said the system was upgrading all of the packages, but after the system restarted, none of the pacakges on the old system were listed as installed on the new system. But the service screen

Re: [pfSense] RDP port forward based on destination name.

The big problem that I see people have that that want to do networking based on hostnames rather than IP addresses. Such as how named virtual hosting works on Apache. But the problem is that the hostname is translated to an IP address on the client side and the only thing the server sees is the IP

Re: [pfSense] Sending logs to external server

From the status menu, select System Logs From the system logs page, click on Settings Scroll down to Remote logging Options Enable Remote logging For the remote Syslog Servers, enter the address of your syslog server (any Linux or FreeBSD server running a copy of syslog that will take outside

Re: [pfSense] WAN not accepting traffic

By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you

Re: [pfSense] WAN not accepting traffic

when plugged in. Brian On 1/14/2014 12:50 PM, Walter Parker wrote: By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating

Re: [pfSense] WAN not accepting traffic

reason its not being passed to the lan. On 1/14/2014 1:13 PM, Walter Parker wrote: From the PFSense UI, select Firewall-NAT. Then click on the Outbound tab. Then select the Manual Outbound NAT rule generation radio button (this turns off Automatic outbound NAT rule generation). Then delete

Re: [pfSense] is it possible to rename gateways in 2.1 release AMD64?

Once you create a gateway, you can not rename it from the GUI. I had to delete and re-create my gateway in order to rename it. On Tue, Jan 7, 2014 at 12:02 PM, Matthias May matth...@may.nu wrote: Am 07.01.2014 20:52, schrieb Joe Landman: Hi folks: I am trying to match a spec we've been

[pfSense] MultiWAN with SSH

Hi, I have a pfSense box with multiple WAN connections (on on TW and one on Comcast) I appear to got MultiWAN working for outbound traffic, in that: I can ping/traceroute from either interface and the traffic routes out and comes back. But inbound traffic only appears to work if it comes into

[pfSense] Multiple routing tables

I've been asked if pfSense has multiple routing tables. Specifically, there is kernel option in FreeBSD: options ROUTETABLES=2 Which enables you to setup a second routing table for a second interface. Does pfSense use multiple ROUTETABLES? If not, why not and does the existing policy based

[pfSense] Multi-WAN network access

Hi, I've got a pfSense router with a WAN connection that has 4 interfaces: WAN - A 200 mbs connection. This is on a /20 subnet and the other side is the default route. LAN - This is a static routed /24 network from the company providing the 200 mbs WAN connection COMCAST - This is a static

[pfSense] Interface stops working

I have a pfSense 2.0.3 box with 5 interfaces, two of which are on motherboard ethernet controllers using the NVIDIA nForce4 CK804 MCP9 Networking Adapter chipset. These two connections connect to the upstream IP (WAN) and to the old IP space for the local network (LAN). I've been seeing the the

Re: [pfSense] naive suggestion: conform to US laws

As I see it, there are are two things that can happen here 1) NSA breaks into pfSense without knowledge of the staff = The only solution is source code and binary review. This is not an option for people like Thinker Rix or other non coders. The mostly spot for this to happen is upstream from the

Re: [pfSense] naive suggestion: conform to US laws

Who would you trust more that ESF? Why,specifically, would you trust another group of people to be more trustworthy? I admit to have a USA bias, but for the issue in question, I don't there being a much better choice. The UK has less freedoms in this matter. But then this is turning into a case of

Re: [pfSense] naive suggestion: conform to US laws

). But that is me, maybe you prefer to decide to move first and then figure out where you are going after you have left (rather than planning where you are going before you leave). Walter On Fri, Oct 11, 2013 at 12:11 PM, Thinker Rix thinke...@rocketmail.comwrote: On 2013-10-11 21:20, Walter Parker wrote

Re: [pfSense] naive suggestion: conform to US laws

. It is probably no exaggeration to state that this 20th century version of the Trojan horse is quite likely the greatest sting in modern history. On Fri, Oct 11, 2013 at 12:49 PM, Adrian Zaugg a...@ente.limmat.ch wrote: On 10/11/13 8:20 PM, Walter Parker wrote: Unless, of course, you are willing

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

So, if I have an ALIX that I would like to upgrade, how much would I have to increase /tmp and /var by to have the upgrade run to completion without filling the partitions? Walter On Fri, Oct 11, 2013 at 2:25 PM, Jim Pingle li...@pingle.org wrote: On 10/11/2013 4:58 PM, Jens Kühnel wrote:

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

The big problem with asking the question Has the NSA required you to add a back door? is that no small company that wants to say in business can or will say yes (If they do, no one will trust/use the product unless forced themselves). The company will agree/be forced to say no. How does one tell

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

About that made in the USA thing, the NSA has deals with overseas companies as well... Plus, the GCHQ and several other foreign spy agency's have done similar things, so if you starting asking, you discover that the major governments are trying to do this and have succeed more often than we would

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

To answer your question about throwing the first stone. Your question reads a bit like the Are you a criminal/commie? questions. Many people would object to the question at the start because it implies that the people being asked the question has done something wrong. Watching the reactions to

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

Walter, On 2013-10-09 21:53, Walter Parker wrote: To answer your question about throwing the first stone. Your question reads a bit like the Are you a criminal/commie? questions. Many people would object to the question at the start because it implies that the people being asked the question has

Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

I'd suggest installing pfSense at a home location for benefits that pfSense provides. The ability for you to see what is going on on your network is much greater than with any of the consumer routers. If you get a little Netgate SBC, you can have a ofSense router with the same size and power