[pfSense] DNS Cache Poisoning
Hi, Somehow are pfsense box DNS Resolver (not forwarder, the resolver) is getting poisoned for some local hostnames sometimes. I have found three different hosts resolving to 208.91.197.132 on three different occasions. When I query the individual DNS servers only the pfsense box itself returns this incorrect result. The other nameserver return the correct result. I tried enabling Experimental Bit 0x20 Support - made no difference. I tried disabling the automatic ACLs for DNS and created my own allowing only local traffic (I didn't know if that fact that we have dual WANs was confusing the built-in ACLs). This did not fix the issue. Just now I completely disabled IPv6 in case that was some sort of back way in to the DNS server. I also set the Unwanted Reply Threshold to 10 million from Disabled. I need to see if these fix the issue. Otherwise I suppose I will set pfsense to simply act as a forwarder. Any thoughts on the best method to approach this? I blocked access to the offending network as well. Thanks, -- 73 Joe Laffey ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] APinger times wrong after a few hours
Hi, I reported this on the forum a while back. Been having this issue since installing version 2.x We have a dual WAN setup. If I restart apinger then the RTT latency times are correct, and it seems to ping the selected hosts (one of which is an alternate host, the other is the gateway). However, after a a while (will check and see how long) the RTT times are suddenly MUCH lower, like it is pinging the wrong host, or something. Any thoughts on this? Anyone else have incorrect ping times from apinger? The issue still persists in 2.2.6-RELEASE. Thanks, -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e38916M/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] msk or em Legacy?
Hi, Which would you favor the msk driver with some on board Marvel controllers (P6T Deluze) or the em driver with a Legacy 10.4 Intel card? This is what it says in dmesg... Legacy Thanks! -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e37579M/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] 2.2.x Gateway Groups vs 1.2.x Load Balancer Pools
Hi, In 1.2.3 we could have multiple Load Balancing Pools for gateways. In general the 2.2.x method is nicer. However, I am having trouble figuring out how to have some LAN hosts send 75% of their connections through WAN1 and 25% through WAN2, while having other hosts send 75% through WAN2 and 25% through WAN1. (These are just hypothetical. I'd like to have certain hosts use certain connections more than others.) I can assign each Gateway a Weight, and I can put those Gateways into Gateway Groups. I can assign priorities in those groups with the tiers. But I can't figure out how essentially have different weights for different gateways based on firewall rules, like I could in 1.2.3 by adding the same gateway multiple times in a Load Balancer Pool (in varying ratios like 2 copies of WAN1 and 3 copies of WAN2, etc.) Thoughts? Is there some way to do this? Thanks in advance, -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e37583M/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Dual Port NIC ports
Hi, Is there any advantage or disadvantage to using the the two port on a dual port NIC vs. one port each on two different dual port NICs? I am building a new box, and it has two dual port Intel NICs (as well as a legacy Intel NIC and a couple of Marvels on the mobo). Does it matter at all which interfaces I put on which ports of those dual port NICs? A lot of data (video frames) is frequently moved between the DMZ and the LAN. So I would want that to be the fastest. (Sorry if this goes through twice. I sent from the wrong address the first time and it was rejected.) Thanks, -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e37581M/ ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] NAT with dual WAN (fwd)
Hi, I have one machine on the DMZ that listens to two different private ips. Let's say 192.168.0.10 and 192.168.0.20. I have a dual wan setup and would like to 1:1 NAT in to those two ips from the two different WAN subnets (say 192.168.10.0/24 and 192.168.20.0/24). So: A) Packets coming in from WAN1 for 192.168.10.10 should go to 192.168.0.10 B) Packets coming in from WAN2 for 192.168.20.20 should go to 192.168.0.20 I have A) above working fine using 1:1 NAT and a Carp Virtual IP. However, when I try the same thing with WAN2 it does not work. I have the virtual IPs and 1:1 NAT setup the same for both. Any thoughts? Is this possible? (Pfsense 1.2.3) Thanks in advance... -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e35661M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Triple WAN
Hi, Anyone using Load Balancing for a triple WAN setup? This work OK in pfSense? What about older 1.2.3 systems? Thanks, -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e35644M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Squid3 with https filtering
On Tue, 17 Jun 2014, A Mohan Rao wrote: actually i need to block https sites like https facebook or https youtube etc with transparent proxy. now pls give any idea...! Simple things like adding bogus DNS records pointing to your own server would stop the majority of non-tech savvy users. Blocking the majority of facebook ips would help too: http://stackoverflow.com/questions/11164672/list-of-ip-space-used-by-facebook -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e34619M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Install on one machine, deploy on another
Will I have any problems if I install a new version of pfsense on one machine and then move the hard drive to another machine? Both are 64bit AMD processors. One a dual core, the other a single core. Thanks in advance. -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e34519M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Install on one machine, deploy on another
Hi, Will I have any problems if I install a new version of pfsense on one machine and then move the hard drive to another machine? Both are 64bit AMD processors. One a dual core, the other a single core. Thanks in advance. -- Joe Laffey The Stable Visual Effects http://TheStable.tv/?e34519M/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list