I had found an older thread saying that the "XCBC" hashes were OK, since they
were effectively "free" as long as you used one of the AES-GCM ciphers.
Same thread (can't find it now, sorry) also indicated that the GCM mode ciphers
were more, uh, completely??/rapidly?? accelerated than CBC.
Can't v
Well, that explains why the rest isn't working.
Fix DNS and you problems will (hopefully) go away.
-Adam
On December 4, 2017 2:41:25 PM CST, Pete Boyd
wrote:
>On 04/12/2017 20:39, Adam Thompson wrote:
>> Do you have functional DNS from the CLI?
>
>No, I can't ping
The "no address record" error is interesting... Do you have functional DNS from
the CLI?
-Adam
On December 4, 2017 2:29:09 PM CST, Pete Boyd
wrote:
>On 04/12/2017 20:11, Steve Yates wrote:
>> If you ssh to the device and pick the option to update from its
>console menu, does it update there?
>
Yes, there's downtime to set up LAGs. So this won't help avoid all downtime.
Since the SG-2440 just went EOL, I would expect the SG-4860 will also go EOL
soon, perhaps next quarter (Q1’18).
There is a small performance hit. It's not large - certainly not large enough
that I ever cared to measur
If you're going to even consider blaming widely-used software for hardware
problems, then absolutely, yes, please do this, if only to stop the accusations.
If you don't reboot regularly, now's a good time to change that policy, too.
We aren't running NetWare 3.1 any more. No reboots = no patche
No, you misunderstood the last response.
You have not provided enough information yet to determine what the problem is.
Three things have been suggested:
1. It *might* be a bug *similar* to one someone else encountered using
different hardware (which does not even exist on your firewall),
2. You
The only thing I would caution against is having your only gateway to the
Internet running on a single host or cluster - this makes troubleshooting VERY
difficult when the host or cluster fails. Been there, done that.
So I have one H/W gateway running the internet pipe, then all the internal
fi
The speedteet server code is not optimized for high upload speed measurement.
When running speedtest from a machine on the same subnet, in the same rack in
the same data center as the speedtest server (I worked for an ISP) you will
still get funny results. Or even two VMs running on the same h
I always thought that this behaviour was because of the way IPSec is bolted on
to the network stack in FreeBSD 9, that IPsec literally took over the packet
before it could get NAT'd.
Certainly, I was recently surprised to discover that IPSec VPN tunnels take
precedence over local connected inter
Error messages.
Log files.
Configuration data.
Network topology.
Route tables.
We have nothing to work with yet.
-Adam
(Yes, I know I'm being hypocritical here because I've done the same thing.
Thank you for not reminding me...)
On August 17, 2017 10:51:43 AM CDT, Kleber Carvalho
wrote:
>He
Any ideas how I install an IPSec tunnel to a remote subnet that overlaps with a
local subnet while not completely killing the local subnet?
This isn’t _quite_ as insane as it sounds at first glance:
The SPD (i.e. Phase 2) selectors on my side are from a single /32 IPv4 address
on the LAN tha
True, but it's also a journaling filesystem (effectively, even if that's not
quite the curvy technical term for it) so is far less prone to random
corruption on hard (unexpected) shutdowns / reboots.
Best of both worlds is to use ZFS boot off mirrored disks, but that also
increases cost and only
act, my main guest WiFi network runs
> *only* IPv6.
> Most of my guests only care about Gmail and YouTube, and those have
> been
> IPv6 enabled for ages. It's an experiment to see how many visitors can
> get away with not noticing that they have no IPv4 connectivity.
>
> Mosh
So? Neither do I. I don't have native IPv6 at the office either. But both
are fully IPv6-connected.
That's what Hurricane Electric tunnels are for. (And SIXXS, formerly, but
they've decided that IPv6 penetration has reached a point where they're not
needed anymore. Hahahaha...)
http://www.
Sadly, yes. Partly due to providers like OVH who don't "get" prefix delegation.
Also, how else do you multi-home without running BGP? (Keeping in mind that
the overwhelming majority of networks around the world have no access to BGP.)
That's one of the specific use cases for Network Prefix Tra
(If you work for Netgate – would a paid support subscription include helping me
diagnose the problem here, and get this working? I’m not 100% clear if this is
in scope or not.)
I’ve encountered an – apparently – unusual problem when trying to enable 1:1
NAT for IPv6.
I’m also having a simi
; services listening on x.x.x.1, x.x.x.2, x.x.x.3 etc, works like a charm.
>
> JC
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Adam
> Thompson
> Sent: August-01-17 12:57 PM
> To: list@lists.pfsense.org
> Subject: [pfS
I can't speak to their other platforms, but the Private Cloud offering is based
on VMware, and does not permit the use of MAC addresses other than the one
assigned to the VM. So CARP immediately fails there.
Amusingly (not), there's even special plug-in in the VMware client that is
supposed to
Wondering how anyone else manages (or would manage) this scenario:
* Private Cloud at OVH. (Runs VMware, which isn't terribly relevant
AFAICT.)
* OVH provides a single VLAN that is connected directly to their router
* ALL public IP addresses are terminated on that VLAN (i.e. bound
directly to
Not just default - many MUAs (gmail, outlook, virtually every web-based
service) don't correctly handle or in some cases even _permit_ the traditional
method at all.
Much like IRC and two spaces a a period, in-line or appended replies are now
historical relics, broadly replaced by things that c
Jim,
Asking you to speculate here...
Assuming someone *is* working on drivers for the chip's crypto capabilities,
when that finally happens, do you have any notion of how much faster IPsec will
get? Are we talking 2x or 100x?
-Adam
On January 25, 2017 7:45:49 PM CST, Jim Thompson wrote:
>Stev
In pfSense 2.3, how do I cause the firewall to generate IGMPv2 or v3
Query packets?
I know there's an IGMP proxy feature, but that's kind of useless without
a querier.
I don't actually need the firewall to do multicast routing, I just need
a querier so snooping works on one of my subnets.
Thank
On 16-05-02 06:20 AM, Rafael Aquino wrote:
De: "Frans Meulenbroeks"
Has anyone experience using USB3 to ethernet adapters ? I need an extra
interface but my HW (Intel NUC) does not have room for another card).
Anything recommendable?
Best regards, Frans.
Hi there,
I´ve tried once an USB Multi-
OK, I'm lost... In v2.3, what service, and/or where in the GUI, should
I go to make pfSense act as a slave (authoritative) DNS server?
On a related note, in Services / DNS Resolver / General Settings, what
does "DNS Query Forwarding" do?
There's no description, so I assume if it's *not* set, u
I just watched the last hangout that jimp did on Remote Access VPNs, and
I'm wondering: is there no way to do user authentication against a
back-end LDAP or RADIUS server when using IKEv2-EAP-MSCHAP2?
Thanks,
-Adam
___
pfSense mailing list
https://list
Oh, god, not again...
Search the list archives from about a month ago.
The consensus was, roughly, that the Ubiquity UniFi products were pretty good
but had some quirks.
As i recall, everything else discussed was either:
-insanely expensive, or
-crap (or both), or
-only works well for one or two
I'm 95% sure the answer is "wait for the developers to fix those issues"
and/or "become a developer and fix those issues" :-).
Configuration of lighttpd is controlled by the pfSense management
framework, so once you discover the correct invocation, you could
locally modify the PHP file that ge
On 07/24/2015 01:09 AM, Dave Warren wrote:
On 2015-07-23 21:24, Adam Thompson wrote:
On 2015-07-23 10:46 AM, Karl Fife wrote:
Your point about having a one-off solution is a great one.
Installing a single UniFi AP would be unnecessarily complex.
The TP-Link TL-WA801nd is a BGN-only device
recommendation at all, but stay away from EnGenius devices. OK
hardware & good price, but (e.g.) my AP comes with an open DNS resolver
that can't be disabled, and they don't seem to think it's a problem at
all...
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (
On 07/21/2015 09:37 AM, Jim Pingle wrote:
On 07/20/2015 07:09 PM, Adam Thompson wrote:
But I do have one issue/question/comment about the pricing of that bundle:
there are still only 2 support incidents bundled.
It seems that if I bought two 4860s and tie-wrapped them to my own shelf, I’d
I had to buy a new
shelf) but would get 4 support incidents included with my purchase.
Also, the price for a 2-incident support pack is $399, but I can buy a SG-2220
for only $299 and get the same # of support incidents.
Have I missed something? Is this intentional?
--
-Adam Thompson
I figured out part of the answer to my own question:
Manually navigate to “https://pfsense/vpn_ipsec_phase1.php?mobile=true” to
create Mobile IPsec phase 1 entries.
No idea what that breaks, yet.
--
-Adam Thompson
athom...@athompso.net
From: Adam Thompson
Sent: Monday, July
clients without
clicking that button.
Help…
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
My first instinct is to look at PVST+ interoperability issues because of the
multi-vendor network, but we need a LOT more detail on the network topology to
even make intelligent guesses.
You've essentially said "I've got this car, with four Goodyear tires, and my
trailer makes a funny noise. FY
See my comment on another email, but I discovered that works fine if you import
each cert in the chain and then select the intermediate signing cert as the CA.
-Adam
On June 17, 2015 10:43:20 AM CDT, Steve Yates wrote:
>Ermal Luçi wrote on Wed, Jun 17 2015 at 10:22 am:
>
>> On Wed, Jun 17, 2015
The "issue" with OpenVPN is merely that I have to prime each client system with
both software and configuration file(s), which isn't always possible or
feasible in my environment.
-Adam
On June 17, 2015 10:22:04 AM CDT, "Ermal Luçi" wrote:
>On Wed, Jun 17, 2015 at 4:40 PM, Steve Yates wrote:
Whoops, that wasn't aimed at me in the first place.
Nonetheless, I have a pretty good example of why OpenVPN "requires" a
self-signed cert in CB's answer to issue #4756.
-Adam
On June 17, 2015 10:41:28 AM CDT, Adam Thompson wrote:
>The "issue" with OpenVPN is
the requirements.
Are there any tricks that aren't obvious?
Thanks,
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
...this is what you wind up with normally, until/unless you create a rule
explicitly allowing the DMZ host to talk to the LAN, so yes, it's definitely
possible.
-Adam
On June 6, 2015 8:18:35 AM CDT, "Marc R. Meshurle Jr."
wrote:
>Here's a question - I have a single IP with my ISP and want to t
oxy or a user proxy. I'm
>confused
>after reading your mail a few times.
>
>Brgds, Espen
>31. mai 2015 15:35 skrev "Espen Johansen" :
>
>> Exclude varnish its primarily made for frontend LB proxy.
>>
>> søn. 31. mai 2015, 15:32 skrev Adam Thompson :
x27;t easily done with haproxy.
>I could be wrong but if you're looking for SSL offloading (I ensure all
>traffic goes over SSL) varnish and squid would be out of the
>picture. Travis Hansen
>travisghan...@yahoo.com
>
>
>On Saturday, May 30, 2015 8:25 PM, Adam Thompson
bug?
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (204) 489-6515 - fax
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
P
mapping), is there any compelling reason to use one over another on
pfSense 2.2 today? FWIW, this firewall is relatively underpowered
(PowerEdge 1750, dual 2.4GHz P4-era Xeons).
--
-Adam Thompson
athom...@athompso.net
+1 (204) 291-7950 - cell
+1 (204) 489-6515 - fax
__
More or less: if you can run pfSense at all, you won't run out of memory for
state tables.
Captive portal does consume additional memory, but not large amounts.
For several hundred users behind a captive portal, I would err on the side if
caution and use a system with at least 2GB of RAM, prefera
This could be the Android IPv6 problem, if the amazon devices are using v5.0 or
newer base software.
-Adam
On May 26, 2015 12:28:51 PM CDT, Mamun Ahmed wrote:
>Hi everyone,
>
>I am at a loss as to why this has recently started happening? My setup
>is as follows:
>
>BT infinity broadband vdsl r
Doh. Of course, I saw the problem about two ohnoseconds after
posting... I picked the WAN interface, not the *tunnel* interface.
Works fine now... *blush*
-Adam
On 05/20/2015 08:09 AM, Adam Thompson wrote:
I've got a site that uses ULA IPv6 addresses (fd60:7f9c:65d8::/48),
and a r
I've got a site that uses ULA IPv6 addresses (fd60:7f9c:65d8::/48), and
a routed subnet courtesy of HE ( 2001:470:1f11:103d::/64).
Unsurprisingly, that's routed to this site over an HE tunnel on gif0.
IPv6 from pfSense itself appears to work just fine; I can successfully
communicate from pfSe
It's not a routing issue, it's a bug/mis-feature in FreeBSD's IPSec stack.
See
https://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN
for more info.
-Adam
On 04/24/2015 09:37 AM, Gregory K Shenaut wrote:
pull request on the github project?
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
On 2015-04-13 05:32 PM, Volker Kuhlmann wrote:
On Sun 12 Apr 2015 09:22:32 NZST +1200, Adam Thompson wrote:
I recall seeing reports of problems with Sun 'qfe' (quad-port hme)
interfaces on this list previously; does anyone know what the
current status is? Do they work properly in
n adequate stress test :-/.
Comparison data? *Educated* guesses? Thoughts? Although it's
pointless to ask, please try to keep baseless fanboi-type opinions to
yourselves. I'm already a fan of pfSense, and I've explained above why
I couldn't use it
I recall seeing reports of problems with Sun 'qfe' (quad-port hme)
interfaces on this list previously; does anyone know what the current
status is? Do they work properly in 2.2.1 i386?
Thanks,
-Adam
--
-Adam Thompson
athom...@at
- surprise
- a timeout.
Yet NTP from *behind* the firewall works fine.
Anyone else seeing this problem? Any ideas?
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project
On 03/31/2015 02:35 PM, Jim Thompson wrote:
We have plans in this area, but they’re not ‘pfDNS’.
The pedant in me insists that should be "dnsSense", not "pfDNS".
Or even "bindSense" or "unboundSense", or... etc.
I'd rather you guys focused on improving the routing capabilities,
personally. (
Sadly, I know several xDSL providers who offer a default gateway not in the
client's subnet. (LOL: my phone auto-corrected "subnet" to "fuckety". No
kidding.)
Linux and Windows and MacOS can deal with this level of brain-deadness, *BSD
cannot.
However, the good news is that if your network is
Performance and flexibility. OpenVPN is good at getting unicast IP traffic
from A to B, but it's difficult to, say, run OSPF over it. It also need
ridiculous amounts of CPU time to encrypt, especially painful in situations
that don't need encryption.
So, yeah, there are a LOT of use cases wher
So if you don't wind up using them for CARP, use them for something else. Get
a smaller subnet from your provider and give back the original subnet.
If you have multiple subnets, the provider-facing one should not be used for
published services; in fact those addresses don't even have to be publ
Steve,
Unless you want to impose significant limitations on yourself, you will need a
total of 3 IPs for every CARP interface.
I've run systems with single-IP CARP, and unless you have absolutely no choice,
it's not worth the headache.
The unanswered question is how your provider will do routing,
Jim, do you read User Friendly? The arc about putting Sid in the Home for
Obsolete Programmers, in particular? ;-)
But, yeah, having spent my early career in narrowband (serial of all shapes and
sizes and speeds) it's a nightmare of incompatible connectors and protocols.
USB is freaking awesom
thing I can find that covers is it this:
https://doc.pfsense.org/index.php/Remote_Config_Backup
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
SNMP support exists, although not everything is available that way.
Otherwise the doc wiki has a page on authenticating automated web requests -
RTFM.
-Adam
On January 27, 2015 10:55:00 AM CST, Wolf Noble wrote:
>I'm sure this has been asked, but I've not found anything in the few
>minutes I po
pfSense can do that, 600 users is OK. Up to 1gbps is OK on almost any
server-grade hardware.
VPN is built in.
IDS/IPS requires installation and configuration of the Snort add-on package.
Firewall is built in.
Monitoring and logging are built in, but may or may not meet your needs.
pfSense can
Jim/other:
Do you have any guidelines for sizing VPN throughput when using the
pfSense Certified VFA ?
--
-Adam Thompson
athom...@athompso.net
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
hich don't
appear to have made it into the FreeBSD port yet.
I run a pair of BGP routers using CARP to an upstream peer who only
wants to configure a single IP address and a single session. Works OK
in practice under OpenBSD, not sure how well the pfSense package
(FreeBSD port) handles
OpenBGPd works quite well with CARP interfaces, actually... My primary
commercial IPv4 transit uses exactly that.
But that functionality might need a newer version of OpenBGPd than we have
right now... The package is getting a little long in the tooth.
-Adam
On January 8, 2015 9:23:10 AM CST, Se
0 days, we were moving away
from OpenBGPD to (IIRC) quagga/zebra... but OpenBGPD is the only BGP
implementation I'm seeing now. What happened there?
Third, is there still no way to run BGP and OSPF on the same system??
--
-Adam Thompson
a
On 14-11-25 10:14 AM, Espen Johansen wrote:
https://blog.pfsense.org
25. nov. 2014 17:11 skrev "Adam Thompson" <mailto:athom...@athompso.net>> følgende:
I'm looking, but I can't find anywhere what *time* the Gold
hangout is going to be (or was...) today
I'm looking, but I can't find anywhere what *time* the Gold hangout is
going to be (or was...) today. Anyone know?
--
-Adam Thompson
athom...@athompso.net
Cell: +1 204 291-7950
Fax: +1 204 489-6515
___
List mailing list
List@lists.p
of the world).
For now, I've simply moved the server semi-permanently; this was an
unusual and temporary configuration to begin with.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
27;s a hassle probably not worth the
>effort in
>> terms of gains. Some people do it as a means to increase iSCSI
>traffic
>> performance but others say the throughput gain is dubious at best. I
>would
>> make sure some doofus didn't enable jumbo frames on your N
gt;make sure some doofus didn't enable jumbo frames on your NFS server and
>if
>so then turn it off and check the MTU setting in the network stack on
>the
>NFS server as well.
>
>I may not know what the hell i'm talking about though so someone else
>can
>feel fre
Been there, done that. My firewalls now run on hardware :-).
The other possibility is to run redundant firewalls in *different* ESX clusters
so that a failure in one doesn't take you completely offline.
-Adam
On November 6, 2014 10:44:06 AM CST, Brian Caouette wrote:
>Problem is I can't even ru
know there's an option to disable pf scrub, but
that's only supposed to affect NFSv3 (AFAIK), and this also affects
NFSv4-over-TCP and CIFS.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://li
use UBNT's competitor, MikroTik, as a good
example of how to build decent products the wrong way, but Brocade was
my target here. You're a paragon of open-source stewardship in comparison!
--
-Adam Thompson
athom...@athompso.net
___
Li
shitstorm. I like getting paid
for my work, too!
(Or wonder in silence what it must be like to work in the same place as Jim
Thompson.)
Can't be any worse than my last corporate job. In fact, would probably
be *much* better... I don't hav
tionship between Netgate, ESF, and pfSense is. Even I'm a little
bit vague on the finer points.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
our, but the "secret sauce" is
knowing precisely where to direct that labour to maximize the value to
his paying customers.
The rest of us get enough value from the software as it is.
--
-Adam Thompson
athom...@athompso.net
___
List m
One nit: yes, I can sell something called "pfSense", as that's the
freely-downloadable software under a (IIRC) BSD license.
I can't sell something called "NetGate".
I can't produce a derivative work and call it pfSense. (This is a gray area,
admittedly.)
But, at least here, I'm quite sure I can
+1 for HP ProCurve, except for the stuff they inherited from 3Com...
I've also had reasonably good luck with Netgear and D-Link managed switches.
The Cisco SMB stuff seems OK hardware-wise, but the software is questionable.
Note that all three of these options come with lifetime, free, firmware upd
There's also the unofficial VMware ESXi white-box HCL, but it hasn't really
been updated since v4.x.
Agreed that if this is anything more than a test system, stick with the HCL and
a support contract. Been there, done that, have the scars to prove it ...
-Adam
On September 19, 2014 12:18:31 PM
You don't have a pfSense problem at all, you have a VMware problem.
Suggest you visit any one of hundreds of VMware support forums or lists to find
out how to manage virtual networks.
There are also a lot of old threads on the pfSense forum discussing this.
-Adam
On September 19, 2014 11:28:28 A
Yes, but not often.
-Adam
On September 8, 2014 7:45:10 AM CDT, Bob Gustafson wrote:
>Is anyone else on this list getting bounce notices?
>
>On 09/08/2014 01:50 AM, Bounced mail wrote:
>> The message was not delivered due to the following reason:
>>
>> Your message was not delivered because the de
that will allow this with out 2 interfaces. Most require 2
>> physical, but some will allow for 2 or more vlans. Again, do not do
>it.
>>
>> 16. aug. 2014 22:13 skrev "Adam Thompson" > <mailto:athom...@athompso.net>> følgende:
>>
>> On 1
effectively eliminating 99% of the security a firewall gives you. (And,
yes, it is possible to directly attack private IP addresses on most ISPs.)
If you're determined to deploy this model, you'll have to run a bare OS
that can route, i.e. Linux, OpenBSD, FreeBSD, etc. and c
etime. If you can cause the
new firewall to proactively overwrite each local host's ARP cache (e.g.
by pinging each host from the firewall) then you can probably get that
down quite a bit.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
ling list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
--
-Adam Thompson
athom...@athompso.net
Cell: +1 204 291-7950
Fax: +1 204 489-6515
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
lic WiFi network, especially through
some sort of login web page (like you do at public hotspots) then
connecting a firewall to it is probably not going to work well, if at all...
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
Stefan: just ignore the message.
It's there because ZFS is in the pfSense kernel, even though it isn't used
today.
If you don't mount any ZFS file systems, and you don't tweak any of the values,
all it does is use up a bit of memory.
-Adam
On July 30, 2014 4:40:04 PM CDT, Stefan Baur
wrote:
>
Faster caching when using squid and/or some of the other packages?
But, yes, it would be a bit silly, regardless.
-Adam
On July 30, 2014 9:43:01 AM CDT, Vick Khera wrote:
>On Wed, Jul 30, 2014 at 9:50 AM, Paul Mather
>wrote:
>> Personally, I think ZFS on i386 has become a losing proposition as
7;s almost certainly going to be a Default-Deny rule, which means
you're missing a firewall rule somewhere.
Do you have a rule allowing all protocols from OPT1 to LAN?
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
If you run (from memory, here!) "clog -f /var/log/filter.log" while the packet
is arriving, you should see what rule is blocking it.
You may want to set up a capture in your terminal emulator, as there will
likely be a lot of unrelated output and it'll scroll off-screen quickly.
-Adam
On July 17
Not really possible. If tcpdump cann't show you the packet, then the problem
is occurring before pfSense... i.e. in the WAN optimizer.
On July 17, 2014 12:01:12 PM CDT, NetSys Pro wrote:
>Adam,
>Thanks for your reply.First of all, as I said before, I had already
>posted the same question on the
How do you know pfSense is dropping the packet? Does it show up in a packet
capture on OPT1?
-Adam
On July 17, 2014 5:12:07 AM CDT, NetSys Pro wrote:
>Hello Adam,Anything else I could try?
>Thanks
>
>Subject: Re: [pfSense] Disable antispoofing on an interface
>From: athom...@athompso.net
>Date:
I suspect you need to be looking not for anti-spoofing but for anti-bogon rules.
Can't remember what pfSense calls it offhand.
-Adam
On July 14, 2014 6:19:22 PM CDT, NetSys Pro wrote:
>Hello everyone,
>
>First of all, please note that I have already posted the question below
>
>on the pfSense fo
On 2014-06-06 08:38, Brian Caouette wrote:
> For the past few days
I was experiencing issues were squidguard did not always work. Finally
this morning I stumble into the problem. It turns out that if you enable
the save bandwidth feature in chrome you can access all the adult sites.
If you shu
On May 28, 2014 10:33:59 AM CDT, Brian Caouette wrote:
>4.1 appears to be the newest this hardware can use.
>
>On 5/28/2014 11:19 AM, Ryan Coleman wrote:
>> 4.1?
>>
>> in /5.x/ you can assign VLANs to NICs and then different NICs to VMs.
>
>> I don't know about 4.1.
>>
>> On May 28, 2014, at 10:11
tially including pre-built
hardware), talk to Netgate or ESF; both hang out here (in fact, the two
entities are closely related).
--
-Adam Thompson
athom...@athompso.net
Cell: +1 204 291-7950
Fax: +1 204 489-6515
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
e probably won't make all that much
difference at the scales you're talking about, but I admit I've never
tried transparent mode at >1Gbps.
--
-Adam Thompson
athom...@athompso.net
___
List mailing list
List@lists.pfsense.org
https
On May 11, 2014 1:37:01 PM CDT, Mehma Sarja wrote:
>My Samsung Chromebook bypasses my router/OpenDNS because it has it's
>own
>DNS entries.
>
>Yudhvir
>
>
>
>> Basically it takes a DNS call the first time and goes elsewhere. then
>it
>> corrects itself. If he’s got a different DNS set up then eith
On May 8, 2014 12:05:34 PM CDT, Brian Candler wrote:
>On 08/05/2014 11:51, Olivier Mascia wrote:
>> On the WAN interface, I’m currently allowing full ICMPv6 in, albeit
>only from Global Unicast and Multicast addresses.
>> That is: only from 2000::/3 and ff00::/8.
>I don't think you'll see any pack
1 - 100 of 255 matches
Mail list logo