Looks like everything that has the word 'console' in there gets deleted
from loader.conf.local..
I suppose the 'platform' is not one of these.?:
if ($specific_platform['name'] == 'RCC-VE' ||
$specific_platform['name'] == 'RCC' ||
$specific_platform['name'] == 'SG-2220') {
and see if
things improve..
Regards,
PiBa-NL
Op 14-5-2018 om 10:39 schreef Fabian Bosch:
Hi - Attachements not working so here is the XML Plaintext:
17.9
normal
pfSenseOne
xy.zz
all
system
1998
must be inside the
same subnet as the CARP VIP upon which they are placed." and that that
is nolonger the case.
The limit of max 255 is still there afaik..
Regards,
PiBa-NL
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/li
Hi Fabian,
Have you set?:
System/Advanced/Firewall & NAT: "Static route filtering, Bypass firewall
rules for traffic on the same interface"
As for your 'static routes', i'm not sure what purpose they serve..
Routing between subnets known on a pfSense interface is 'automatic'.
P.
You do/not/need to install the CA certificate configured below on clients.
Content filtering (such as Antivirus)/will not/be available for SSL sites.
"
Regards,
PiBa-NL
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
. :/
Regards,
PiBa-NL
Op 21-8-2017 om 21:40 schreef greg whynott:
Hi PiBa,
- The rules are applied inbound from wifi zone on the pfs interface.
- inside is defined by an alias which describes all our internal
RFC1918 networks. Without the use of an exclusion operator.
- transparent http proxy
' or something similar?
Also are any proxy's or other gateway/advanced configurations used?
Though only reason i think something might 'disapear' or change kinda
spontaneous is if the rules have a gateway defined that went down.
Can you describe the rules in detail?
Regards
PiBa-NL
Op 21-8-2017 om 19
that you can use acl's to match foo/foobar hostnames and then
perform a action to redirect..
Regards,
PiBa-NL
Op 5-5-2017 om 21:48 schreef Daniel:
Hi there,
i have a hopefully a quick questions ;)
I have serval Domains and just one SSL Certificate. I bought a Certificate for
bar.com
Now I
Op 11-2-2017 om 17:24 schreef Matthew Pounsett:
On 11 February 2017 at 08:48, PiBa <pba_...@yahoo.com> wrote:
Make sure that 'internal' traffic is not pushed out over the gatewaygroup
to the WAN interfaces.
So create pass rules above the pbr>gatewaygroup rules, to allow internal
Make sure that 'internal' traffic is not pushed out over the
gatewaygroup to the WAN interfaces.
So create pass rules above the pbr>gatewaygroup rules, to allow internal
trafffic to just take the regular routes.
Op 11-2-2017 om 3:06 schreef Matthew Pounsett:
I've been employing a terrible
Its expected behavior.. Packages are not (yet) notified of certificate
changes, so cannot easily decide if a reload is required. Might come in
a future version :)
Op 15-8-2016 om 21:06 schreef T:
Hello,
2.3.2-RELEASE (amd64) + haproxy.
I use haproxy with certs based authentication.
As
lt;http://fr.linkedin.com/in/jlivars/> | Viadeo
<http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr
<https://www.ipgenius.fr/>
Not really sure what the issue is just yet.
Hope some of my comments help get you closer ;)
You might also try calling ovh and try t
oment..
Do you have any packages installed? Snort or Suricata can sometimes
unexpectedly block traffic you do want.. Or other configurations like
limiters/shapers or openvpn/ipsec networks can possibly interfere..
Regards,
PiBa-NL
___
pf
Hi,
Afaik, haproxy does not and did not reload on a wan-ip change on either
pfSense version.
There are a few options though.
-make haproxy frontend listen on 'any'
-or use a portforward to forward incoming traffic to 127.0.0.1 , haproxy
could then be listening on localhost:80.
Regards,
PiBa
Op 20-1-2016 om 14:45 schreef J. Echter:
Am 20.01.2016 um 14:35 schrieb Brian Caouette:
Ive been following the forum discussions on 2.3 and was confident the packages I used were ready for 2.3 so I bit the bullet and upgraded. I find all my failed packages with the same error on attempt to
Package still seems to exist available for installation on my 2.2.5 box.
If its already installed its nolonger listed between the available
packages.. Maybe looking in the wrong place?
Op 8-11-2015 om 16:36 schreef Ryan Coleman:
From October 16 (Subject: "Bandwidth graph”):
Was it
Probably this caused it workaround also there, as written in
https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes;
* The forcesync patch for#2401
https://redmine.pfsense.org/issues/2401is still considered harmful
to the filesystem and has been kept out. As such, there may be
if and how
actively they are changing.? Though few commits can mean its very stable
and feature complete. It can also mean its not being actively
maintained. So still doesnt say much..
Greets PiBa-NL
Adam Thompson schreef op 31-5-2015 om 16:04:
Reverse proxy. Need to multiplex multiple
Go to System/Advanced/Adminaccess then disable the WebGUI redirect.
That is still receiving traffic on *:80 and redirecting to the webgui port..
Bob McClure Jr schreef op 20-4-2015 om 19:09:
On Mon, Apr 20, 2015 at 09:52:20AM -0400, ED Fochler wrote:
You may be getting overruled by the self
?
Reading what I just wrote, what happens if a valid hostname ever can't
be resolved in the future? The rule stops working then also?
--
Steve Yates
ITS, Inc.
PiBa wrote on Mon, Apr 20 2015 at 12:27 pm:
Problem is that what you typed validates as a valid 'hostname'..
Steve Yates
Says it all: https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
Which is better, that depends on what you need it to do.
Tim Hogan schreef op 8-3-2015 om 13:48:
I am setting up my firewall to do 1:1 NAT with a block of public IP
addresses. I have found several posts about setting
that tries to
distinguish between client-ip's will be useless though..
Greets,
PiBa-NL
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Check you have 'manual outbound nat' selected, otherwise the manual
rules dont apply..
As to view the actual pf rules created you can look at the file
/tmp/rules.debug using for example the menu option diagnostics/editfile.
Or run pfctl -sn on ssh/console to view nat rules.
Antonio Prado
HAProxy can also be used for this.
Brian Henson schreef op 14-12-2014 20:13:
I second using a reverse proxy for this. You can use the squid package
or even use the Mod_security and proxy pass directive
On Sun, Dec 14, 2014 at 1:44 PM, Yehuda Katz yeh...@ymkatz.net
mailto:yeh...@ymkatz.net
-using the OpenVPNManager (there is a checkbox to include it in the
installer in the openvpnexport package)
Karl Fife schreef op 1-12-2014 21:37:
I'd like to poll how others have dealt with the issue of non-admin
Windows users running OpenVPN (TUN) for remote access.
If you recall, non-admin
containing this change:
https://github.com/pfsense/pfsense/pull/1299/files
p.s. im not a 'pfSense dev' , just a user and contributer.. use it at
your own risk ;)..
Greets PiBa-NL
Espen Johansen schreef op 28-9-2014 19:26:
If this is to be implemented it should be a tick box on each
it released, there is no workaround.. There seems to
be some work going on for that though.. If you can compile squid
yourself on FreeBSD 8.3 you might be able to use that specific
development branch.
My two cents,
PiBa-NL
Nicola Ferrari (#554252) schreef op 22-9-2014 8:24:
That's the correct
packages from the command line
pfSsh.php playback installpkg Some Package
pfSsh.php playback uninstallpkg Some Package
pfSsh.php playback listpkg
https://doc.pfsense.org/index.php/2.1_New_Features_and_Changes#SH.2FPHP_Shell_Scripts
Greets PiBa-NL
Wade Blackwell schreef op 18-9-2014 1:48:
Good
it possible to easily specify bandwidth limits per host.
Greets PiBa-NL
greg whynott schreef op 12-9-2014 17:07:
Hello,
I have a pfsence box with about 300 people behind and 5 network
segments. The internet port is 100 megabits. I'd like to limit each
IP to 5 megabits up/down.
There is a lot
if you still have it but want to have pfSense use the same mac's
that the (virtual) nic really have. I suspect that this is now causing
the 'duplicate' mac on the pfSense interfaces.
Greets PiBa-NL
compdoc schreef op 10-8-2014 16:21:
em1 third MAC address (up) -- shouldn't that be the second
and reply need to go through haproxy..
Greets PiBa-NL
Satvinder Singh schreef op 6-8-2014 19:44:
Hi,
I have tried having the Virtual Server on a different subnet and
created rules in the firewall, but still doesn't work. I have tried
having all 3 (2 Nodes + Virtual Server) then creating a NAT
Please note that dns configuration options can add route's. (what
gateway is configured behind the dns, if any?)
/* setup static routes for DNS servers. */
https://github.com/pfsense/pfsense/blob/master/etc/inc/system.inc#L159
Greets PiBa-NL
Espen Johansen schreef op 13-7-2014 0:44:
Other
On Windows Vista/7/8 Administrator permissions are required to add routes.
This either means running OpenVPNgui 'As Administrator'. Or using the
'OpenVPNManager' program installed as a service that runs the actual
openvpn process in the background. (there is a checkbox in the
Manually pushing routes from the advanced section is in general not
needed if the 'local network(s)' is filled in in the WebGui.
Holger Bauer schreef op 19-3-2014 10:44:
Hi Mohan,
make sure you have appropriate rules under firewallrules, openvpn tab
to allow access. Also make sure your
traffic. (portforwards
automatically create them if you allow it to, 1on1 does not..)
Greets PiBa
Bryan D. schreef op 3-3-2014 21:29:
Is the VIP CARP or IP Alias?
... according to the VIP capabilities chart, they're the only VIP kinds that
can do ICMP:
https://doc.pfsense.org/index.php
Install cron package and remove the obsolete commands from there.
Howard Fleming schreef op 20-2-2014 20:32:
I am getting the following email alerts from my pfsense 2.1 box:
Subject: Cron root@grey /usr/local/bin/vnstat -u
X-Cron-Env: SHELL=/bin/sh
X-Cron-Env:
Seems to me like this should never be possible from a config upload..
Is it possible for either of you to post the config file that causes
this to happen? (preferebly to the redmine bugtracker)
-Make sure to strip change with a texteditor all private information
like passwords / ip's /
37 matches
Mail list logo
