Re: [pfSense] boot/loader.conf.local deleted upon reboot

2018-05-16 Thread PiBa
Looks like everything that has the word 'console' in there gets deleted from loader.conf.local.. I suppose the 'platform' is not one of these.?:     if ($specific_platform['name'] == 'RCC-VE' ||         $specific_platform['name'] == 'RCC' ||         $specific_platform['name'] == 'SG-2220') {    

Re: [pfSense] routing between subnets at same Interface - configuration not working on 2.4.1

2018-05-14 Thread PiBa
and see if things improve.. Regards, PiBa-NL Op 14-5-2018 om 10:39 schreef Fabian Bosch: Hi - Attachements not working so here is the XML Plaintext:     17.9                 normal         pfSenseOne         xy.zz                     all                         system             1998

Re: [pfSense] Maximum CARP Addresses?

2018-02-15 Thread PiBa
must be inside the same subnet as the CARP VIP upon which they are placed." and that that is nolonger the case. The limit of max 255 is still there afaik.. Regards, PiBa-NL ___ pfSense mailing list

Re: [pfSense] routing between subnets at same Interface - configuration not working on 2.4.1

2018-01-30 Thread PiBa
Hi Fabian, Have you set?: System/Advanced/Firewall & NAT: "Static route filtering, Bypass firewall rules for traffic on the same interface" As for your 'static routes', i'm not sure what purpose they serve.. Routing between subnets known on a pfSense interface is 'automatic'.

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

2017-10-11 Thread PiBa
P. You do/not/need to install the CA certificate configured below on clients. Content filtering (such as Antivirus)/will not/be available for SSL sites. " Regards, PiBa-NL ___ pfSense mailing list Support the project with Gold!

Re: [pfSense] rules were ignored.

2017-08-21 Thread PiBa
. :/ Regards, PiBa-NL Op 21-8-2017 om 21:40 schreef greg whynott: Hi PiBa, - The rules are applied inbound from wifi zone on the pfs interface. - inside is defined by an alias which describes all our internal RFC1918 networks.  Without the use of an exclusion operator. - transparent http proxy

Re: [pfSense] rules were ignored.

2017-08-21 Thread PiBa
' or something similar? Also are any proxy's or other gateway/advanced configurations used? Though only reason i think something might 'disapear' or change kinda spontaneous is if the rules have a gateway defined that went down. Can you describe the rules in detail? Regards PiBa-NL Op 21-8-2017 om 19

Re: [pfSense] HAproxy URL Redirect

2017-05-05 Thread PiBa
that you can use acl's to match foo/foobar hostnames and then perform a action to redirect.. Regards, PiBa-NL Op 5-5-2017 om 21:48 schreef Daniel: Hi there, i have a hopefully a quick questions ;) I have serval Domains and just one SSL Certificate. I bought a Certificate for Now I

Re: [pfSense] Routing between interfaces

2017-02-11 Thread PiBa
Op 11-2-2017 om 17:24 schreef Matthew Pounsett: On 11 February 2017 at 08:48, PiBa <> wrote: Make sure that 'internal' traffic is not pushed out over the gatewaygroup to the WAN interfaces. So create pass rules above the pbr>gatewaygroup rules, to allow internal

Re: [pfSense] Routing between interfaces

2017-02-11 Thread PiBa
Make sure that 'internal' traffic is not pushed out over the gatewaygroup to the WAN interfaces. So create pass rules above the pbr>gatewaygroup rules, to allow internal trafffic to just take the regular routes. Op 11-2-2017 om 3:06 schreef Matthew Pounsett: I've been employing a terrible

Re: [pfSense] haproxy crl modification requires service reload

2016-08-19 Thread PiBa
Its expected behavior.. Packages are not (yet) notified of certificate changes, so cannot easily decide if a reload is required. Might come in a future version :) Op 15-8-2016 om 21:06 schreef T: Hello, 2.3.2-RELEASE (amd64) + haproxy. I use haproxy with certs based authentication. As

Re: [pfSense] DMZ not working since upgrade 2.3

2016-06-25 Thread PiBa
lt;> | Viadeo <> | <> Not really sure what the issue is just yet. Hope some of my comments help get you closer ;) You might also try calling ovh and try t

Re: [pfSense] DMZ not working since upgrade 2.3

2016-06-25 Thread PiBa
oment.. Do you have any packages installed? Snort or Suricata can sometimes unexpectedly block traffic you do want.. Or other configurations like limiters/shapers or openvpn/ipsec networks can possibly interfere.. Regards, PiBa-NL ___ pf

Re: [pfSense] [Bulk] Strange problem with HAProxy failing after WAN IP changes

2016-05-02 Thread PiBa
Hi, Afaik, haproxy does not and did not reload on a wan-ip change on either pfSense version. There are a few options though. -make haproxy frontend listen on 'any' -or use a portforward to forward incoming traffic to , haproxy could then be listening on localhost:80. Regards, PiBa

Re: [pfSense] [Bulk] Re: Upgrade to 2.3

2016-01-20 Thread PiBa
Op 20-1-2016 om 14:45 schreef J. Echter: Am 20.01.2016 um 14:35 schrieb Brian Caouette: Ive been following the forum discussions on 2.3 and was confident the packages I used were ready for 2.3 so I bit the bullet and upgraded. I find all my failed packages with the same error on attempt to

Re: [pfSense] [Bulk] Re: darkstat

2015-11-08 Thread PiBa
Package still seems to exist available for installation on my 2.2.5 box. If its already installed its nolonger listed between the available packages.. Maybe looking in the wrong place? Op 8-11-2015 om 16:36 schreef Ryan Coleman: From October 16 (Subject: "Bandwidth graph”): Was it

Re: [pfSense] GUI performance on an ALIX 2d3

2015-08-13 Thread PiBa
Probably this caused it workaround also there, as written in; * The forcesync patch for#2401 still considered harmful to the filesystem and has been kept out. As such, there may be

Re: [pfSense] reverse proxy situation

2015-05-31 Thread PiBa
if and how actively they are changing.? Though few commits can mean its very stable and feature complete. It can also mean its not being actively maintained. So still doesnt say much.. Greets PiBa-NL Adam Thompson schreef op 31-5-2015 om 16:04: Reverse proxy. Need to multiplex multiple

Re: [pfSense] from LAN to OPT1, pfsense forces all http connections to https

2015-04-20 Thread PiBa
Go to System/Advanced/Adminaccess then disable the WebGUI redirect. That is still receiving traffic on *:80 and redirecting to the webgui port.. Bob McClure Jr schreef op 20-4-2015 om 19:09: On Mon, Apr 20, 2015 at 09:52:20AM -0400, ED Fochler wrote: You may be getting overruled by the self

Re: [pfSense] [Bulk] Re: [Bulk] Invalid IP range allowed in firewall alias, breaks ruleset

2015-04-20 Thread PiBa
? Reading what I just wrote, what happens if a valid hostname ever can't be resolved in the future? The rule stops working then also? -- Steve Yates ITS, Inc. PiBa wrote on Mon, Apr 20 2015 at 12:27 pm: Problem is that what you typed validates as a valid 'hostname'.. Steve Yates

Re: [pfSense] [Bulk] IP Alias -vs- Proxy ARP for NAT

2015-03-08 Thread PiBa
Says it all: Which is better, that depends on what you need it to do. Tim Hogan schreef op 8-3-2015 om 13:48: I am setting up my firewall to do 1:1 NAT with a block of public IP addresses. I have found several posts about setting

Re: [pfSense] [Bulk] Re: NAT Port Forward to IP in subnet host with different default gateway

2015-02-22 Thread PiBa
that tries to distinguish between client-ip's will be useless though.. Greets, PiBa-NL ___ pfSense mailing list Support the project with Gold!

Re: [pfSense] [Bulk] Re: openvpn - how do i nat the vpn segment?

2015-01-20 Thread PiBa
Check you have 'manual outbound nat' selected, otherwise the manual rules dont apply.. As to view the actual pf rules created you can look at the file /tmp/rules.debug using for example the menu option diagnostics/editfile. Or run pfctl -sn on ssh/console to view nat rules. Antonio Prado

Re: [pfSense] [Bulk] Re: DNS-based inbound NAT?

2014-12-14 Thread PiBa
HAProxy can also be used for this. Brian Henson schreef op 14-12-2014 20:13: I second using a reverse proxy for this. You can use the squid package or even use the Mod_security and proxy pass directive On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz

Re: [pfSense] [Bulk] OpenVPN Non-admin users.

2014-12-01 Thread PiBa
-using the OpenVPNManager (there is a checkbox to include it in the installer in the openvpnexport package) Karl Fife schreef op 1-12-2014 21:37: I'd like to poll how others have dealt with the issue of non-admin Windows users running OpenVPN (TUN) for remote access. If you recall, non-admin

Re: [pfSense] States Issue with Asterisk behind pfSense

2014-09-28 Thread PiBa
containing this change: p.s. im not a 'pfSense dev' , just a user and contributer.. use it at your own risk ;).. Greets PiBa-NL Espen Johansen schreef op 28-9-2014 19:26: If this is to be implemented it should be a tick box on each

Re: [pfSense] [Bulk] Re: Https proxy squid3 squidguard squid3 not working

2014-09-22 Thread PiBa
it released, there is no workaround.. There seems to be some work going on for that though.. If you can compile squid yourself on FreeBSD 8.3 you might be able to use that specific development branch. My two cents, PiBa-NL Nicola Ferrari (#554252) schreef op 22-9-2014 8:24: That's the correct

Re: [pfSense] [Bulk] Added ntopng.pbi via command line, how do I add to webui?

2014-09-17 Thread PiBa
packages from the command line pfSsh.php playback installpkg Some Package pfSsh.php playback uninstallpkg Some Package pfSsh.php playback listpkg Greets PiBa-NL Wade Blackwell schreef op 18-9-2014 1:48: Good

Re: [pfSense] [Bulk] limiter per IP without listing IP individually

2014-09-12 Thread PiBa
it possible to easily specify bandwidth limits per host. Greets PiBa-NL greg whynott schreef op 12-9-2014 17:07: Hello, I have a pfsence box with about 300 people behind and 5 network segments. The internet port is 100 megabits. I'd like to limit each IP to 5 megabits up/down. There is a lot

Re: [pfSense] [Bulk] Re: Another OPT1 routing question

2014-08-10 Thread PiBa
if you still have it but want to have pfSense use the same mac's that the (virtual) nic really have. I suspect that this is now causing the 'duplicate' mac on the pfSense interfaces. Greets PiBa-NL compdoc schreef op 10-8-2014 16:21: em1 third MAC address (up) -- shouldn't that be the second

Re: [pfSense] [Bulk] Re: Web Server Load Balance

2014-08-06 Thread PiBa
and reply need to go through haproxy.. Greets PiBa-NL Satvinder Singh schreef op 6-8-2014 19:44: Hi, I have tried having the Virtual Server on a different subnet and created rules in the firewall, but still doesn't work. I have tried having all 3 (2 Nodes + Virtual Server) then creating a NAT

Re: [pfSense] Host Connectivity on a Specific Subnet

2014-07-12 Thread PiBa
Please note that dns configuration options can add route's. (what gateway is configured behind the dns, if any?) /* setup static routes for DNS servers. */ Greets PiBa-NL Espen Johansen schreef op 13-7-2014 0:44: Other

Re: [pfSense] pfsense openvpn Road Warrior

2014-03-19 Thread PiBa
On Windows Vista/7/8 Administrator permissions are required to add routes. This either means running OpenVPNgui 'As Administrator'. Or using the 'OpenVPNManager' program installed as a service that runs the actual openvpn process in the background. (there is a checkbox in the

Re: [pfSense] pfsense openvpn Road Warrior

2014-03-19 Thread PiBa
Manually pushing routes from the advanced section is in general not needed if the 'local network(s)' is filled in in the WebGui. Holger Bauer schreef op 19-3-2014 10:44: Hi Mohan, make sure you have appropriate rules under firewallrules, openvpn tab to allow access. Also make sure your

Re: [pfSense] [Bulk] Re: Multiple static IPs from one ISP - Virtual IPs? - Trying this again

2014-03-03 Thread PiBa
traffic. (portforwards automatically create them if you allow it to, 1on1 does not..) Greets PiBa Bryan D. schreef op 3-3-2014 21:29: Is the VIP CARP or IP Alias? ... according to the VIP capabilities chart, they're the only VIP kinds that can do ICMP:

Re: [pfSense] Errors from packages that are no longer installed on pfsense

2014-02-20 Thread PiBa
Install cron package and remove the obsolete commands from there. Howard Fleming schreef op 20-2-2014 20:32: I am getting the following email alerts from my pfsense 2.1 box: Subject: Cron root@grey /usr/local/bin/vnstat -u X-Cron-Env: SHELL=/bin/sh X-Cron-Env:

Re: [pfSense] Restoring from XML prevents VM from booting

2014-02-05 Thread PiBa
Seems to me like this should never be possible from a config upload.. Is it possible for either of you to post the config file that causes this to happen? (preferebly to the redmine bugtracker) -Make sure to strip change with a texteditor all private information like passwords / ip's /