Re: [pfSense] Small form factor pfsense box
My 6 year old Alix SFF box from Netgate is still my firewall and has proven to be the best value for my money. They, pfSense, continue to support it and I have not had to buy multiple cheapo machines during these years. On Mon, Aug 3, 2015 at 2:57 AM, Jim Thompson j...@netgate.com wrote: Thank you. These: http://store.pfsense.org/SG-2220/ http://store.netgate.com/mobile/ADI/RCC-DFF-2220.aspx Seem like just what Cheyanne asked for. -- Jim On Aug 3, 2015, at 12:48 AM, Walter Parker walt...@gmail.com wrote: The Project sells hardware: http://store.pfsense.org/hardware/ I bought small form factor routers from Netgate before and I'm happy. http://store.netgate.com/Routers-C178.aspx Walter On Sun, Aug 2, 2015 at 10:04 PM, Cheyenne Deal deal.cheye...@gmail.com wrote: Does anyone have any recommendations for a small form factor machine for pfsense? I am looking for dual gb interfaces and able to handle at least a 50mb internet connection ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] Dashboard Source
Hi all, If available open source, can someone point me to the source directory for the pfs dashboard? Yudhvir ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense Hardware Sizing Captive Portal Usage
In my experience at home, Windows users consume up to a couple of thousand states streaming Indian soap operas. Whereas korean soap opera streaming on Mac books take a tenth of that with adblock. I guess my point is state count depends upon what your users are doing. Yudhvir ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bacula-client 7.0.5 on pfsense 2.2
1. Another thing to compare the version of your dir and fd to see if they are close enough. old fd and new dir do not mix. old dir and new fd are ok unless they versions are too far apart. 2. The /usr/pbi/bacula-i386/local/etc/bacula/bacula-fd.conf - check to see if the name password matches with dir. 3. In the pf console, type bconsole and see if it connects with the dir. If not, check it's conf file: /usr/pbi/bacula-i386/local/etc/bacula/bconsole.conf 4. I COULD see bacula-fd in top when I first started it. Now I cannot - that's good news because I can find the fault for you. You will have to wait till tomorrow. Yudhvir On Sun, Feb 8, 2015 at 11:15 AM, mehmasa...@gmail.com mehmasa...@gmail.com wrote: i'd use find and there is also a pseudo config file in a bin directory which points to the actual fd executable that t find. You can edit the top section of that to reflect your install. I'll take a look on my system and get back to you. Yudhvir ਯੁਧੱਵੀਰ 408 915 9709 408%C2%A0915%C2%A09709 -- Original message-- *From: *J. Echter *Date: *Sun, Feb 8, 2015 10:17 AM *To: *list@lists.pfsense.org; *Subject:*Re: [pfSense] bacula-client 7.0.5 on pfsense 2.2 Yes it was working on the old pfsense, i checked the config and it still shows the same contents. How do i check for a double install? i already removed and reinstalled the package. thanks Am 08.02.2015 um 18:39 schrieb mehmasa...@gmail.com: You don't mention if you had fd working on the earlier version of pf. You must have checked the config file for password and dir settings. The upgrade might have changed it because this might be a fresh install of fd. You say it is not listening, that sounds like there is an attempt at a new install. Check for multiple installs. Yudhvir ਯੁਧੱਵੀਰ 408 915 9709 408%C2%A0915%C2%A09709 -- Original message-- *From: *J. Echter *Date: *Sun, Feb 8, 2015 4:56 AM *To: *pfSense support and discussion; *Subject:*[pfSense] bacula-client 7.0.5 on pfsense 2.2 Hi,i'm fiddling with bacula-client on upgraded pfsense 2.2.i don't see any error in the logs, i don't see any error with bacula-fd-f (run in foreground) -d 10 (debug level 10)i even don't see it spitting out errors as the config file isn't existant[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ls/usr/local/etc/bacula/bacula-fd.confls: /usr/local/etc/bacula/bacula-fd.conf: No such file or directory[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ps aux | grep bacularoot59559 0.0 0.2 56420 7364 - Ss1:50PM 0:00.00/usr/local/sbin/bacula-fd -u root -g wheel -v -c/usr/local/etc/bacula/bacula-fd.confroot99408 0.0 0.1 18884 2384 0 S+1:50PM 0:00.00 grepbaculanetstat doesn't show it listening too:Active Internet connectionsProto Recv-Q Send-Q Local Address Foreign Address(state)tcp4 0 0 pfsense.https 10.0.1.14.38261TIME_WAITtcp4 0 0 pfsense.38791 10.0.1.14.40513 ESTABLISHEDtcp6 0 0 localhost.3493 localhost.56539 ESTABLISHEDtcp6 0 0 localhost.56539 localhost.3493ESTABLISHEDudp4 0 0 192.168.100.1.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *. * udp4 0 0 192.168.4.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.1.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.3.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 pfsense.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp6 0 0 localhost.ntp *.* udp4 0 0 localhost.ntp *.* udp6 0 0 fe80::d227:88ff:.ntp *.* udp4 0 0 192.168.2.1.ntp *.* udp4 0 0 host-62-245-238-.1194 *.* udp4 0 0 localhost.tftp *.* udp4 0 0 localhost.tftp-proxy *.* icm4 0 0 host-62-245-238-.* *.*any hints to solve this?thanks!!___pfSense mailing listhttps://lists.pfsense.org/mailman/listinfo/listSupport the project with Gold! https://pfsense.org/gold ___pfSense mailing listhttps://lists.pfsense.org/mailman/listinfo/listSupport the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] New guy to Pfsense needs advice
I'd go with an application based on DPI. pf is perfect for such a project. Look at audiblemagic.com 's copysense applianceas to what can be accomplished. Mehma On Mon, Sep 8, 2014 at 7:14 PM, Hamdan montolivo1...@gmail.com wrote: I'm computer networking information security Dan Sent from my iPhone On Sep 8, 2014, at 9:03 PM, Mehmasarja mehmasa...@gmail.com wrote: Senior year in what program? Yudhvir On Sep 8, 2014, at 5:09 PM, Hamdan Khalifah montolivo1...@gmail.com wrote: Hello everyone, I am a senior year I have project about Pfsense, and I am not sure which should I focus on Routing, Firewall, VPN, or other stuff. May you advise me which field of Pfsense is great for a senior project? Note: Im not good at programming. Thank you all. Dan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Difference between APU4 and APU1C4
Cool down BOTH of you. The IT community is filled with such tempers. Stop acting like kids. What do you want Ryan, a timeout? Yudhvir ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disable antispoofing on an interface
Post your logs. Is this behavior the same from either LAN? Is this setup virgin, meaning did it work with older pfSense versions and is now misbehaving or is this a fresh setup? Obviously the IPsec/UDP link should be simplified and tested to isolate the problem. You can also test the setup on different hardware. Is the current system on VMs? I'm no expert - you've probably tried all this, so let us know how that went. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] apu.4c silently dies
Many roads lead to ... gut says SSD - I'd try running off CD first. On Mon, May 19, 2014 at 10:15 PM, mayak ma...@australsat.com wrote: hi all, i have a new apu.4c with a Kingston SSD unit will run sometimes for days, or sometimes for several hours, before becoming unresponsive: - no mac response from ethernet cards - serial console dies -- no errors displayed - no errors in system log - no crash report on reboot what is the best approach to finding out what is happening? thanks m ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] My son is able to bypass my captivate portal
My Samsung Chromebook bypasses my router/OpenDNS because it has it's own DNS entries. Yudhvir Basically it takes a DNS call the first time and goes elsewhere. then it corrects itself. If he’s got a different DNS set up then either CP does not work or, potentially, it could be bypassed. — ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Version 2.1.2 - Thanks for the UNPRECEDENTED Level of Support
Thanks go out to Chris, Jim and the whole pfSense team for what must be back breaking work coming on the heels of the 2.1.1 release! This kind of commitment speaks volumes for the quality of products coming out of Netgate. Yudhvir ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] FreeBSD on Rockchip
Just though it might be of some interest to the group. http://radxa.com/2013/10/18/freebsd-11-0-is-booting-on-radxa-rock/ Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?
Dear Worried user, Since pfSense is opensource, please check the code and report back if there are any backdoors or nasty stuff in there. Thanks for being a conscientious user and not wanting to shift work onto others. Mehma On Wed, Oct 9, 2013 at 7:20 AM, Thinker Rix thinke...@rocketmail.comwrote: Dear pfsense-team, today I posted the following on your blog at http://blog.pfsense.org/?p=712 “Worried User Says: Your comment is awaiting moderation. October 9th, 2013 at 7:55 am Hi guys, I want to ask if you have been approached by any US government officials, such as NSA, FBI, etc. and been asked/ forced to include any backdoors, spyware, loggers, etc. into pfsense and if you did so. Thank you Worried User” Some minutes later I could see that my entry was not released to the public - but deleted by the moderator, without any further comment. Please take a stand to this. Regards ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NETGATE FW-7535 pfSense 2.0.2-RELEASE OpenVPN Data Corruption
Jim, Netgate has a solid reputation for quality stuff and I happen to be a happy customer. On occasion when I've called with technical questions, your support has been very good. Enough for me to recommend your company and products... and support. Therefore, I find your starting tone a bit defensive. The customer in question obviously had the need to make the changes he did. And it messed up the machine. We all get that. You do not need to point that out. Yudhvir On Mon, Sep 30, 2013 at 8:23 AM, Jim Thompson j...@netgate.com wrote: Netgate sold you a FW-7535 with a CF card and either 1MB or 2MB of ram, originally. You changed the ram and installed an SSD, reloaded pfSense, and now you want to complain that Netgate couldn’t… what, exactly? There are thousands of FW-75xx systems in the world, happily running pfSense. The problems we have tend to develop when people assume they know better about what the machine can support, and start treating it like a garden-variety PC. It’s not. It shares the Intel architecture, sure, but it’s an embedded system, with attendant requirements (mostly environmental) that no PC would deal with for long. I actually know that the replacement unit you received was running (“in service”) between two fiber connections. The one you received was one of the last remaining 7535s(*), in something like mint condition, which we could lay our hands on. It was pulled from a live environment, put back through the factory load process, and shipped to you. It goes without saying that there was no “packet corruption” evident when it was last in-service here. I, for one, would be curious to know if the ‘corruption’ which you accuse recurs with the original, as-shipped configuration. Jim (*) Another choice was to take the 7535 we have running Asterisk (FreePBX), and refurbish it to factory fresh. On Sep 29, 2013, at 7:45 AM, master8...@aol.com wrote: I finally was able to receive an advanced replacement from Netgate a few weeks ago. I swapped it out leaving my old install intact and the problem disappeared on the new device. After all the installs with the various Netgate FW models over the years (not the m1n1wall, those have been awesome but are too outdated for me to be using on 100meg+ internet), Their reliability has been lacking and the issues that arise are always hard to diagnose and prove (freezing, no response situations, corrupting packets). I think I am just going to give up a few Ethernet ports that I don't end up using anyways and start building my own. Jonathon On 8/20/2013 11:08 AM, master8...@aol.com wrote: I switched out the memory and the SSD, reinstalled pfsense, and after a few weeks of operation, VPN traffic started corrupting again. A soft reset doesn't fix it. A hard reset (by pulling the power cord for a few seconds) does. I tried contacting Netgate and didn't receive a response. Does anyone know what could be going on here? Thanks, Jonathon On 7/26/2013 9:04 AM, master8...@aol.com wrote: Scanned the memory with memtest this morning and scanned the Intel SSD as well, it's all fine. I did stumble across something that fixes it though. Pulling the power cord for a few seconds. The act of removing power from my Netgate FW-7535 caused everything to start working. I probably soft reset it from the console 10 times and kept getting corrupted OpenVPN connections until I actually pulled power from the thing. I am starting to lean towards something on it's motherboard being defective. I will switch out the memory and SSD in a few days just to make sure it's not them. Thanks, Jonathon On 7/25/2013 6:25 PM, Bob Gustafson wrote: On 07/25/2013 04:59 PM, master8...@aol.com wrote: The last few months I have been having issues with OpenVPN connections from my road warriors. It appears that most of the traffic crossing the link is corrupted. I can't use remote desktop, it always says because of an error in data encryption, the session will end. I can't use the company intranet, it always displays the pages corrupted or doesn't load them at all. What do I mean by corrupted? See how it butchered the page load of the pfSense web admin interface. http://imgur.com/3B6EAAT This doesn't look too bad. I am assuming that you have sliced out the data for security purposes - or is that the corruption? All of this obvious data corruption and not a single peep in the logs. Nothing, nowhere. I have 20 installs and this is the only one that has ever given me an issue like this. Does anyone have any ideas? Are you saying 20 installs on different hardware, or 20 installs sequentially over several months/versions on the same box. If 20 on separate boxes, I would do a memory test on the failing box. Bob G Thanks, Jonathon ___ List mailing list List@lists.pfsense.org
Re: [pfSense] Optimal Setup
Joseph, Have you tried pinging to 8.8.8.8 from your wan and lan ports? If that works, have you tried pinging to yahoo..com off those ports? This might be a DNS issue. See if you can use the setup wizard to get online and build your rules from there. Your's is a simple setup and the pfsense book is a nice reference to have on the shelf if you are supporting an office. Yudhvir On Thu, Sep 19, 2013 at 3:04 AM, Joseph W Joshua jos...@megvel.me.kewrote: Hello Seth, Thanks for your reply On 09/19/2013 12:59 PM, Seth Mos wrote: Make sure that the private networks rule is not active on your WAN. Am I safe to assume that you are not using the linksys in front of the pfSense WAN and the public IP terminates on pfSense directly? I tried having the public IP terminate on the linksys, then set up the linksys to be ip 192.168.1.1, and gave the pfSense wan as IP 192.168.1.2, but it did not work (router can see internet but laptop cannot.). I then tried(in a fresh install), having the public ip terminate on pfSense directly, with the same results. Assymetric routing doesn't work, and overlapping subnets does not either. -- With Kind Regards, Joseph W. Joshua __**_ List mailing list List@lists.pfsense.org http://lists.pfsense.org/**mailman/listinfo/listhttp://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense 2.1-RELEASE and Gold Subscription Now Available!
Here in California, auto update worked like a charm on my home Alix embedded system. Went from 203 to 210 on 15 sept 2013 around noon. Yudhvir On Sun, Sep 15, 2013 at 11:52 AM, Christian Borchert ccb...@gmail.comwrote: Thanks everyone for all the work! --Original Message-- From: Chris Buechler Sender: list-boun...@lists.pfsense.org To: pfSense support and discussion To: d...@lists.pfsense.org ReplyTo: pfSense support and discussion Subject: [pfSense] pfSense 2.1-RELEASE and Gold Subscription Now Available! Sent: Sep 15, 2013 4:50 AM I'm happy to announce both 2.1-RELEASE, and our new Gold Subscription, including immediate PDF download to the updated 2.1 book for subscribers! Check out the announcements on our blog. http://blog.pfsense.org/?p=712 - 2.1-RELEASE http://blog.pfsense.org/?p=718 - Gold Subscription Thanks for your support! Chris ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Sent via BlackBerry from T-Mobile ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SIP / OpenSIPS issues
I'm no pf sleuth, but I'd try the packet capture with firewall rules in effect and without. Then do a diff between those 2 pcap files. Something may jump out at you. But I can sense, as in pfSense, you've already done that. Yudhvir On Mon, Jun 24, 2013 at 7:01 AM, Carlos Cruz car...@nbtbizcapital.comwrote: Hi.. I've been using pfSense for a while now and I'm very happy with it. But I have had issues with SIP protocol. I have researched the question... but I haven't found an answer. ** ** Can anyone tell me if there are any issue with using pfSense firewall in front of a SIP proxy server, more particularly with OpenSIPS, but I've also tried SipX and I also had difficulties. ** ** I have a public IP that has a 1:1 NAT rule to the internal IP of the test server and all the appropriate ports are open. I have used the Packet Capture feature to see if the packets are reaching their destination... it seems they are, but it seems something is being lost in the translation.** ** ** ** If someone has some insight or expertise I would appreciate some guidance. ** ** Thanks!! Carlos ** ** ** ** ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
I've also had bad luck with SSDs on a Supermicro Atom. If you have access to the hardware, SSD is not a bad option. On Sat, Jun 8, 2013 at 11:17 AM, Aaron C. de Bruyn aa...@heyaaron.comwrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Cleaning up /cf/conf/config.xml Reduced Memory Useage by 10%
Attempting to configure LDAP authentication under System/User Manager, I successfully hosed up my firewall and brought the web GUI to it's knees. The firewall kept working flawlessly. Changing the config file via ssh did not improve the situation. The attempt was to remove the LDAP server setting in the config file. Instead enduring through the slow GUI to undo the LDAP server setting cleared up the sluggish GUI. While I was in the config file, there were a LOT of past package configurations. I cleaned those up and noticed something on the dashboard. M memory useage went from 68% to 57% (I have Snort running on an embedded Alix appliance). Although I cannot definitively say it was because of the config - this is a big difference. Would cleaning up the config file make this big of a difference? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Full Backup/Restore for pfSense
This is the perfect opportunity for *someone* to write one. On Sat, May 4, 2013 at 8:17 AM, Odhiambo Washington odhia...@gmail.comwrote: Hi Jim, Diagnostics - Backup/Restore only handles configuration backup. I am talking about the BSD dump/restore for the whole disk - if that elaborates my needs. On 4 May 2013 17:20, Jim Spaloss jspal...@gmail.com wrote: But they are included. Look under Diagnostics - Backup/Restore. This feature has been there since M0n0wall, although it's functionality has been enhanced in pfSense. On May 4, 2013 5:32 AM, Odhiambo Washington odhia...@gmail.com wrote: Again, at the risk of being so uninformed, I'd like to ask why dump/restore are not part of pfSense. Would the inclusion increase the distro size beyond expectations? I am thinking that I could use dump/restore to create several instances/installs of pfSense without necessarily having to go on an installation/customization spree for packages. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Full Backup/Restore for pfSense
dd is fine unless you have a running database, like with Snort. You'd have to employ some sort of a dump and then dd. On Sat, May 4, 2013 at 11:15 AM, Mehma Sarja mehmasa...@gmail.com wrote: This is the perfect opportunity for *someone* to write one. On Sat, May 4, 2013 at 8:17 AM, Odhiambo Washington odhia...@gmail.comwrote: Hi Jim, Diagnostics - Backup/Restore only handles configuration backup. I am talking about the BSD dump/restore for the whole disk - if that elaborates my needs. On 4 May 2013 17:20, Jim Spaloss jspal...@gmail.com wrote: But they are included. Look under Diagnostics - Backup/Restore. This feature has been there since M0n0wall, although it's functionality has been enhanced in pfSense. On May 4, 2013 5:32 AM, Odhiambo Washington odhia...@gmail.com wrote: Again, at the risk of being so uninformed, I'd like to ask why dump/restore are not part of pfSense. Would the inclusion increase the distro size beyond expectations? I am thinking that I could use dump/restore to create several instances/installs of pfSense without necessarily having to go on an installation/customization spree for packages. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Requesting Speaker for Silicon Valley Linux User Group (SVLUG) Monthly Meeting
Hi, My name is Yudhvir and I am the Speaker Coordinator for the Silicon Valley Linux User Group(SVLUG). We would like a talk about pfSense at one of our monthly meetings in Mountain View, CA. We meet monthly, 1st Wednesday evenings, 7-9 PM, at Symantec's Vcafe room, 350 Ellis Street, Mountain View, CA 94043, near E. Middlefield Road. Starting from 2 January 2013, we have the whole year open for speakers. The talk is mostly technical and experience based. Sometimes, we will get a speaker with some history in the valley or in the industry and the audience is more interested in that. Please let me know. If interested, I'll be asking you to provide a specific topic and a couple of lines about yourself. Yudhvir Singh Sidhu Speaker Coordinator Silicon Valley Linux User Group www.svlug.org 408 677 7660 cell ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Port Forward Question
Want to forward WAN url-a:50 to LAN ip-a:80 andWAN url-a:60 to LAN ip-b:80 There is a dated post which says it cannot be done. Maybe it is do-able now? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Quick Thanks from a Happy user
On 4/25/12 4:29 AM, Christian Neumann wrote: Hi everybody, I just wanted to share how glad we are that pfSense exists. Usually people mostly share problems, but this time I just wanted to highlight what we have been able to achieve with a little bit of customization. Please let me know if this isn't the right forum for this and point to other place where I can share my appreciation. I'm working for a NGO in rural Africa (Malawi) and with pfSense we might probably run the biggest free WiFi hotspot throughout whole Malawi. Nothing special for modern installations, but in places with poor power and high communication costs the dimensions are pretty unique. So far we have around 25 access points that are used by approx. 100 unique systems/users during a typical business day. All this squeezes through a slow, high latency satellite link (~500 kBits/s downstream) and thanks to the Captive Portal components provides free access for all (through our public computers, other laptops as well as smartphones) while it is still manageable. In a nutshell we have/can: - Open access points without passwords (mainly running on dd-wrt) - A custom portal page where users need to register for the first time they connect to the network - RADIUS MAC authentication (yes, yes, it might be possible to fool, but in our context without hard billing requirements good enough) - Default (low) speed group for unknown users through Captive portal bandwidth restriction - Increase (promote) systems/users to higher bandwidth limits by admins - Blocking websites based on domain/URL and time of day - Mail notifications for important events (new user signed up, weekly RRD stats, reboots, ...) - 'Jail' for misbehaving systems and a HTTP redirecting to let them know - Optional Voucher support - Support for internal Voice over IP - (so far only imperfect) RADIUS accounting - Reports with last time systems were connected (usefull for cleanup RADIUS users) - Support for external monitoring solutions of internal network devices All this with ordinary pfSense customizations and a few custom extensions. I feel all this is pretty 'out of the box' pfSense, but I'm also happy to elaborate a bit more on this if someone finds this interesting. Thanks a lot for making our life a bit easier! christian Hi Christian, We have pfSense running in a rural Kenyan district hospital: http://linuxmednews.com/1328842067/index_html How are you doing UPS and VOIP? -- Yudhvir ਯੁਧਵੀਰ ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Huawei in May
I am having an issue getting a Huawei 3G+ GSM USB(MF192 HSPA) modem to work on either a pf 2.1 box. I'd like to be able to ssh in. The location's Internet is via a Dlink DIR-412 router hosting a Huawei USB modem(huawei cdma ec122). The double NATting is making for a very effective firewall and I cannot ssh in. I believe these devices are configured to present themselves as a usb drive first and a windows executable auto runs and configures the modem and turns the device into a modem. There is a way to turn this off and use it under *nix. Is there 3G+ modem card someone can recommend and a reliable source? Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Huawei in May
On 4/21/12 12:43 PM, Odhiambo Washington wrote: On Sat, Apr 21, 2012 at 19:35, Mehma Sarja mehmasa...@gmail.com mailto:mehmasa...@gmail.com wrote: I am having an issue getting a Huawei 3G+ GSM USB(MF192 HSPA) modem to work on either a pf 2.1 box. I'd like to be able to ssh in. The location's Internet is via a Dlink DIR-412 router hosting a Huawei USB modem(huawei cdma ec122). The double NATting is making for a very effective firewall and I cannot ssh in. I believe these devices are configured to present themselves as a usb drive first and a windows executable auto runs and configures the modem and turns the device into a modem. There is a way to turn this off and use it under *nix. Is there 3G+ modem card someone can recommend and a reliable source? @Mehma, MF192 is a ZTE modem, not Huawei. That said, I will tell you that I'd rather a Huawei modem than a ZTE, because ZTE are opaque with their AT command set. Anyway, if you cannot afford a Huawei E160 (I know they went missing in our market), then maybe the expensive Huawei E1820 will do? No, I know you want to save on expenses. So try this on MF192 (I was given the string by a mole I have inside ZTE, but because I am unwilling to buy Orange credit, I never quite got round to testing it). To disable the virtual CD-ROM so that the modem only presents itself as a modem, try the following AT commands from hyperterminal: at OK at%usbmodem? %USBMODEM: 1 OK *at%usbmodem=0* %USBMODEM: [1] CD DRIVER PS: I still believe you can get someone to find a Huawei E160... even 2nd hand. It's guaranteed to work if the ZTE refuses. I recall I proved to you that Huawei works, and recommended it, right? Maybe all that work I did was not useful for you. Hello again Washington, My work with the Siaya site has been technically spotty and the daylight savings time change made our 10 pm their 8 am. It used to be 9 pm. That has caused me to miss many staff meetings. To make matters worse, a few weeks ago there was a ship off the coast of Kenya which severed some fiber optic lines and took down the telecommunications link to the country. Ever since then, I have only been able to talk to a Kenyan cell phone ONCE. Your efforts are very much appreciated and may yield good results when we try them out. And we will do so. I'll report back to this list on my findings. And thanks for the AT commands - so, we put the modem on a Windows machine and try the Hyperterminal settings and then connect it to a BSD box? Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense appliance recommendation?
On 4/1/12 4:06 PM, Luke Jaeger wrote: helping someone spec a new router for a small business network, currently 10 users (more in future, hopefully) - it needs to be a 'set it and forget it' solution so I thought about a pfSense appliance. Anyone have an opinion about a particular make/model? Luke Jaeger | Technology Coordinator Pioneer Valley Performing Arts Charter Public School www.pvpa.org ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list I can share some experiences - a) If you go with an embedded solution(Alix or others), select a very good CF card. Had one which lasted for years, SanDisk I think and the last few have been junk, b) if you are looking at a more traditional machine, go with a 3.5, single platter spinning drive - no SSDs, and finally c) configure a system, turn logging off and burn an image - if something happens to your setup, a restore is just a cd boot away until you get a more permanent solution in place. -- Yudhvir ਯੁਧਵੀਰ ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] What's are highest speeds your setup has seen?
On 3/2/12 1:25 PM, Sean Cavanaugh wrote: Perhaps if you posted what type of scenario you are looking to implement, others can reply with what they built to handle the load. I am thinking of a RFP from an un-named country with current BW of 85 Gbps. They are looking for a system to handle 100 Gbps. I have a gut feeling that this stream needs to be split and filtered that way. I am also wondering how the Great Firewall might be setup. Just never had to deal with such speeds. Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Orange 3G+ USB Dongle
On 2/3/12 6:56 AM, Seth Mos wrote: Try this, connect the 3g dongle, then reboot the device and try to access it again. I have a ZTE modem that does not release the cdrom device until after it is rebooted or I press save on the 3G wan interface again. So it doesn't work on cold boot, but it does work after a warm reboot. Since there is mild interest on the list, I share our findings: UPON CONNECTING the modem, huawei mobile model number EC 122, we see this in /var/log/system.log: feb 3 07:11:02 firewall kernel: da0: HUAWEI SD storage 2.31 removable direct access SCSI-2 device feb 3 07:11:02 firewall kernel: da0: attempt to query device size failed: NOT READY, media not present and we see nothing having to do with usb or huawei in /var/log/system.log The modem light remains a flashing blue as if it is working. I'll try the warm boot, heck even I work well after a warm bath. I am thinking of going over to Safaricom to tide us over. Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Orange 3G+ USB Dongle
On 2/2/12 12:44 PM, Odhiambo Washington wrote: First tell me, which modem is this? ZTE MF192 or the older one? I cannot remember the model. Having the modem bundled with DIR-412 means these guys (Orange) already disabled the virtual CD-ROM, right? That is the only way it would work with the D-Link DIR-412. orange usb modem huawei mobile model number EC 122 ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
