to see if _any_ packets are being
received by the SIP peer...
You need to ensure that you _don't_ have siproxd package installed, as
this can interfere with your non-NAT set up.
Thanks a lot again, regards!!!
2018-01-09 12:17 GMT-03:00 Giles Coochey :
On 09/01/2018 14:34, Roberto Carna w
On 09/01/2018 14:34, Roberto Carna wrote:
Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote
peer out of the pfSense. I connect PBX and Peer in order to establish
a SIP trunk.
In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all.
So we have generated two firewa
On 29/01/2015 12:47, Giles Coochey wrote:
I was running pfsense 2.1.5 (i386) on my Soekris 6501-70 with an mSata
disk drive without any problems.
I recently upgraded to pfsense2.2 (i386) and it appears to be crashing
once a day or so.
Now that I've disabled read-only /var & /tmp i
ue with Soekris
6501 hardware and pfsense 2.2 (i386)?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Descripti
helpful.
I'm using NFSEN http://nfsen.sourceforge.net/
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Sign
your 10/8.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@c
ding drive failure (drive
completely fails within a week or so). I would work to get Physical Disk
#2 replaced - if under warranty you might be able to get a replacement
shipped now, on the basis of the error message.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 7
l-up connections, and isn't perfectly suited
for running server side applications on the client end. PPPoE & PPPoA
built on this, I guess, to allow ISPs to continue to use their RADIUS
infrastructure for customers authentication as they moved to broadband /
cable based connections.
--
only have a
passing relationship with, before it is passed to someone else), would
be pretty bad practice.
The bug itself seems to be a genuine problem, the way the bug is put
forward doesn't do much for motivating its resolution.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec
you here?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing
ood design, especially if you might want to add later VLANs to the
design...
VLANs complexify your needed configuration, and might be where other
admins could trip up.
Might be good to have a look at your routing table, on the diagnostics
menu in the Web interface.
--
Regards,
Giles Coochey, CCNP, C
n ILO interface? Is that an interface for a subnet that
uses ILO type management cards, or are you trying to use an ILO port on
the firewall as a routed interface (which wouldn't work as the ILO is a
seperate system on the server).
Thanks
Giles
--
Regards,
Giles Coochey, CCNP, C
sing?
Niklas
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7584 634135
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Descri
need to uncheck "Block private networks" on your WAN
interface.
Lastly, I'm assuming that you have disabled NAT already, and that your
ISP is doing NAT for both your LAN and WAN subnets.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44
On 10/07/2014 13:34, Stefan Baur wrote:
Am 10.07.2014 14:16, schrieb Giles Coochey:
On 10/07/2014 13:05, Ryan Coleman wrote:
I am not sure that’s how Dyn works?
As far as I understand it Dyn gets a request and it looks at the
originating IP address, then makes the change.
I believe that it
recall I have done that in the past with
the dyndns client (ddclient ) script. If you don't specify a specific
IP, it defaults to the origin source.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
On 20/05/2014 12:28, Ryan Coleman wrote:
On May 20, 2014, at 1:59, Giles Coochey wrote:
s
Not to mention that if I ran a PE 2850 at home there would probably be
complaints about the noise!!! Those things *scream* in the audible sense!!!
Typically just on the first boot - mine always
there would probably be
complaints about the noise!!! Those things *scream* in the audible sense!!!
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description:
you've
managed typos in describing your problem, then you've probably made them
when configuring it!
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Desc
pfsense, are earlier versions vulnerable?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
settings?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
___
List
sents problems
with third party packages, and would mostly be mitigated by not allowing
the web interface to be accessible from non-trusted networks / IPs.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.
and you can virtually
map the virtual interface on pfsense to the physical interface on the
machine hosting the virtual machines.
Both methods can be done, not sure which would be the best, it would
depend on the hypervisor.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0)
should be done by pfsense.
Thank you for your time and sorry for my bad english
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444
ues these create.
Either way, not following the rules will create a performance issue,
which you might be able to move around to other systems on the subnet,
but still a performance issue.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
h
Twofish? Schneier said in 2007 he'd recommend that over
Blowfish. Is there any mechanism to insert ciphers into Pfsense that are
not currently supported?
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.coochey.net
http://www.net
Dear Sir,
Through participating on the pfsense support and discussion list,
someone from an IP address under your control has attempted to
unsubscribe me from this list.
I see this as an abuse of the mailing list and hope that you take
appropriate action. The IP that the request came from was:
someone in the know, to answer in the no.
On 10/10/2013 12:33, Rüdiger G. Biernat wrote:
This discussion about security/NSA/encryption IS important. Please go on.
Von Samsung Mobile gesendet
Ursprüngliche Nachricht
Von: Giles Coochey
Datum:10.10.2013 11:39 (GMT+01:00)
An:
clearly about discussing pfsense, therefore it is
on-topic, I could equally take the stance, take your technical
discussions to the dev list, however I am not the type of exclusive
close-minded minded person that you appear to be. Please stop hijacking
this thread.
--
Regards,
Giles Cooc
regard to privacy law etc...
however, that is a valid sub-topic for a discussion list that addresses
devices that are designed and implemented to safe-guard privacy.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
http://www.cooc
fficult once you get your head around it.
You might want to do some design clean up in the future, to ensure that
contiguous ranges of IPs serve the purpose of going through the tunnel.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 8444 780677
+44 (0) 7983 877438
ht
other virtual hosts,
which connect externally through the PFsense virtual machine.
You may find some quirky stuff going on if you use a NAT interface for
your external access, but otherwise it runs *without any issues*.
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
config though).
--
Regards,
Giles Coochey, CCNP, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@list
changed to DOWN
bge0: link state changed to UP
bge0: watchdog timeout -- resetting
bge0: link state changed to DOWN
bge0: link state changed to UP
I had something similar, with a VM implementation, it seemed to go away
when I increased the memory on the system.
--
Regards,
Giles Coochey, CCNP
ar setting).
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@lists.pfsens
f it's an old (pre-PCI 2.2) card.
This could be a power issue, the soekris boxes are low power and can't
run all the peripherals that match the interface's form factor.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http
On 04/07/2012 11:06, Tonix (Antonio Nati) wrote:
Il 04/07/2012 11:44, Ermal Luçi ha scritto:
On Wed, Jul 4, 2012 at 10:44 AM, Tonix (Antonio Nati)
wrote:
Il 02/07/2012 15:51, Jim Pingle ha scritto:
On 7/2/2012 9:38 AM, Tonix (Antonio Nati) wrote:
Too much confusion in keeping filters tables
interfaces
in the filter flow you design.
As far as I remember PF does let you specify INPUT or OUTPUT
interface, but not INPUT and OUTPUT.
That would be some feat indeed... the output interface isn't known until
the packet has been routed.:-)
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSe
is dropped or accepted prior
to any of routing, NAT etc... and a lot fewer CPU instructions are wasted.
Just a thought?
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME
push it out to the perimeter edge.
Note also there is a RBL style DNS zone for Tor IPs as well, which is
useful for web page scripting.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Hi,
Is there a package that would allow me to block Tor exit nodes?
Thanks
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description: S/MIME Cryptographic Signature
mentation. We ran a couple of STM-1 links over
Microwaves, our equipment had some basic encryption, not very strong -
about DES standard.
Would need line of sight interception for that.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www
Many thanks all
Have you tried temporarily allows pfsense to run on HTTP instead of
HTTPS and seeing if your issues still occur?
I'm not sure whether the URL re-write will work when HTTPS is in use.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.cooche
operative:
ProxyPass / http://172.16.45.133/
ProxyPassReverse / http://172.16.45.133/
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
gi...@coochey.net
smime.p7s
Description:
honest, rather than attempt to block individual types of traffic,
you would be better off by putting in a policy that blocks all traffic
and then allows legitimate traffic.
Squid and Dans Guardian would be good starting points for this.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44
ea?
You might want to do a packet capture on your Public and Private
interfaces to make sure that the NAT is doing what you expect it to.
Then you can probably work through the problem yourself.
--
Regards,
Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http
nt distribution that
is only designed to run on x86 / x86_64 hardware.
Do you intend to virtualize it on your UltraSparc IIi processor in a x86
/ x86_64 emulator?
Thanks
--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.cooc...@netsecspec.co.uk
Tel: +44 (0) 7983 877 438
you can Google
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.cooc...@netsecspec.co.uk
Tel: +44 (0) 7983 877 438
Live Messenger: gi...@coochey.net
http://www.netsecspec.co.uk
http://
2012 at 10:44 PM, Giles Coochey wrote:
Have you tried toggling the 'Static Route Filtering' option in the Advanced
settings?
--
--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.cooc...@netsecspec.co.uk
Tel: +44 (0) 7983 877 438
Live Messenger: gi...@coochey.net
1.1 port
587 to 10.0.1.2 port 587. Is this possible?
___
Have you tried toggling the 'Static Route Filtering' option in the
Advanced settings?
--
Best Regards,
Giles Coochey, CCNA Security, CCNA
NetSecSpec Ltd
giles.cooc...@netsecspec.co.uk
Tel:
Just a note -
When starting a new thread or question can you please not reply to an
existing email and modify the subject.
Some of us with threaded mail readers might be ignoring the existing
thread you hijack, and therefore not see your query and not be able to
help you out.
If you need t
51 matches
Mail list logo