Re: [pfSense] NAT help

2011-09-12 Thread David Burgess
On Mon, Sep 12, 2011 at 9:26 AM, Ray r...@renegade.zapto.org wrote: Hi, I have trouble with the NAT configuration on 2.0RC3. Can someone help?: Are you trying to get internet via pfsense's WAN or via the vpn? Do any of your hosts on any of the local interfaces (vrX) have internet

Re: [pfSense] Replacing a Linux router with pfSense

2011-09-21 Thread David Burgess
On Wed, Sep 21, 2011 at 8:46 AM, Jim Pingle li...@pingle.org wrote: Although for my network I use pfSense at the edge and an Asus RT-N16 running Tomato for my wireless N needs. Ditto, except Netgear WNR3500L + Tomato. Also seriously considered buying a couple Ubiquiti Unifi for the vlan

Re: [pfSense] Sprint Hotspot as Interface?

2011-09-22 Thread David Burgess
On 2011 9 22 11:09, Nathan Eisenberg nat...@atlasnetworks.us wrote: Hey List, I was just handed a sprint 3g/4g hotspot manufactured by Sierra Wireless, which includes connectivity over USB. I was curious if anyone has tried getting BSD to recognize such a device as an interface. I think

[pfSense] wiki account

2011-10-11 Thread David Burgess
I'd like to do some updating and clean-up in the wiki, but I don't see anywhere to register a user account. Is this something the devs can grant to me? Please? db ___ List mailing list List@lists.pfsense.org

[pfSense] NAT reflection and SIP registration

2011-11-23 Thread David Burgess
I have the SIP client in my Android 2.3 phone set up to register to my local Askozia (Asterisk) PBX. The problem I'm having is that if I use the FQDN of the PBX server, the SIP client only registers when I'm off the network. In order to have the SIP client register successfully when on the local

Re: [pfSense] NAT advice

2011-11-29 Thread David Burgess
On Tue, Nov 29, 2011 at 9:27 AM, Ugo Bellavance u...@lubik.ca wrote: I attached a diagram of what I would like to achieve. You can achieve that without NAT. Simply set up pfsense with two interfaces, addressed 172.30.100.254/24 and 192.168.99.4/24 respectively. Now, depending on whether you

Re: [pfSense] Block Rule doesnt work

2012-01-25 Thread David Burgess
2012/1/25 Jürgen Echter j.ech...@echter-kuechen-elektro.de: You're using Reject rather than Block, which operates only on TCP/UDP. Any other packet type will not match that rule. db ___ List mailing list List@lists.pfsense.org

Re: [pfSense] Block Rule doesnt work

2012-01-25 Thread David Burgess
On Wed, Jan 25, 2012 at 12:11 PM, Moshe Katz mo...@ymkatz.net wrote: He said he can access web pages so it's not even rejecting TCP. Thanks. I missed that. Jürgen, are you using a transparent proxy, like squid? I believe this will bypass your firewall rules for ports and interfaces that it

Re: [pfSense] pfSense help with creating rules

2012-02-08 Thread David Burgess
On Wed, Feb 8, 2012 at 5:07 PM, Jason T. Slack-Moehrle slackmoeh...@gmail.com wrote: I do see that: 'Automatic outbound NAT rule generation' is indeed on. Right, so your public IPs are getting NATed on their way through pfsense. Turn it off (ie, from automatic to advanced). db

Re: [pfSense] pfSense help with creating rules

2012-02-08 Thread David Burgess
On Wed, Feb 8, 2012 at 5:13 PM, Jason T. Slack-Moehrle slackmoeh...@gmail.com wrote: So then I would create a rule from from WAN to a specific IP on the DMZ for any 80? I have had that rule in place but I dont get the site when I hit it. I think you're still talking about inbound NAT (aka,

Re: [pfSense] Best way to prevent DHCP DoS attack

2012-02-18 Thread David Burgess
On Sat, Feb 18, 2012 at 11:00 PM, Chris Buechler c...@pfsense.org wrote: it's not able to be limited by the advanced options on a firewall rule. Some managed switches provide the ability to limit traffic at layer 2. It might be worth looking into that option as well. db

Re: [pfSense] High CPU Usage

2012-02-27 Thread David Burgess
On Sat, Feb 25, 2012 at 11:31 PM, Tom S pfsense-l...@y-tech.co.il wrote: The server is IBM with onboard Broadcoms, 3.0ghz Xeon CPU with 2 cores. We have average of 9000-1 states on the state table, something like 1000-1500 users. Your CPU numbers look high to me. I have a system here

Re: [pfSense] High CPU Usage

2012-02-27 Thread David Burgess
On Mon, Feb 27, 2012 at 1:35 AM, David Burgess apt@gmail.com wrote: On Sat, Feb 25, 2012 at 11:31 PM, Tom S pfsense-l...@y-tech.co.il wrote: The server is IBM with onboard Broadcoms, 3.0ghz Xeon CPU with 2 cores. We have average of 9000-1 states on the state table, something like 1000

Re: [pfSense] High CPU Usage

2012-02-27 Thread David Burgess
On Mon, Feb 27, 2012 at 1:36 AM, David Burgess apt@gmail.com wrote: Your CPU numbers look high to me. I have a system here with very similar traffic and pps numbers to yours, albeit with fewer users (~200). Pfsense here is running on an Atom D510 with on-board Intel GBE NICs. 7 vlans

Re: [pfSense] icmp best practices

2012-03-19 Thread David Burgess
On Mon, Mar 19, 2012 at 11:56 AM, Ugo Bellavance u...@lubik.ca wrote: Hi, The system I inherited of denies all ICMP requests by default, even internally. Is that a good idea? I think that echo/reply should at least be allowed internally. Opinions? I'm probably wrong, but I'm not aware

Re: [pfSense] icmp best practices

2012-03-21 Thread David Burgess
On Mon, Mar 19, 2012 at 12:07 PM, David Burgess apt@gmail.com wrote: I have it enabled on all my interfaces I should clarify by saying that I allow ICMP echo requests on all interfaces, not all ICMP. This does not appear to prevent me from receiving other types of ICMP packets, as I can

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-21 Thread David Burgess
On Wed, Mar 21, 2012 at 11:08 AM, Adam Piasecki apiase...@midatlanticbb.com wrote: What hard drive is recommended for pfSense. Or can someone tell me what your running. I use a Lexar Professional 2G and 4G compact flash with the embedded version in a couple of pfsenses. I deployed about a

[pfSense] NAT kills connections

2012-03-21 Thread David Burgess
I hate to resurrect an old thread, but this was never resolved for me, and the workaround that I was using is no longer valid due to a change in the situation. The old thread is here: http://www.mail-archive.com/list@lists.pfsense.org/msg00260.html, but just to quickly recap, I have a web server

Re: [pfSense] NAT kills connections

2012-03-22 Thread David Burgess
On Thu, Mar 22, 2012 at 12:17 AM, Chris Buechler c...@pfsense.org wrote: That's not the same scenario you described in the previous thread unless it's just not explained as thoroughly. In the previous thread I included a second pfsense, but didn't mention it this time since the traffic in

Re: [pfSense] pfSense error, maybe hard drive?

2012-03-22 Thread David Burgess
On Thu, Mar 22, 2012 at 9:15 AM, Adam Piasecki apiase...@midatlanticbb.com wrote: 1) Windows has TRIM support for ware-leveling. Does FreeBSD include this? I can't speak to FreeBSD, but pfsense does not as of 2.0 2) If 8.1 does not support ware-leveling, would it be recommend that we not

Re: [pfSense] NAT kills connections

2012-03-23 Thread David Burgess
On Thu, Mar 22, 2012 at 6:32 AM, Jim Pingle li...@pingle.org wrote: Is this your only WAN? No. It is one of a load-balanced pair. Does your rule passing out traffic to this server have a gateway set? Yes. All traffic from the LAN to this server is policy routed through the correct gateway.

Re: [pfSense] NAT kills connections

2012-03-23 Thread David Burgess
On Fri, Mar 23, 2012 at 12:53 AM, David Burgess apt@gmail.com wrote: Is this the part where I activate Bypass firewall rules for traffic on the same interface? And which pfsense do I need to do that on? I checked that box on both pfsenses separately and neither fixed the problem

Re: [pfSense] NAT kills connections

2012-03-23 Thread David Burgess
On Fri, Mar 23, 2012 at 1:14 AM, David Burgess apt@gmail.com wrote: I'm not sure how to fix this, so hints are most welcome. Well, I think I have a solution. It appears that it is as simple as not setting a gateway in the policy routing rule for destinations that are on an attached subnet

Re: [pfSense] Pfsense Ipad / Iphone - Android - Smartphone App

2012-04-23 Thread David Burgess
On Mon, Apr 23, 2012 at 8:28 AM, justino garcia jgarciaitl...@gmail.comwrote: Hi Group, I noticed Checkpoint, Cisco, Sonicwall, and bunch of other firewalls have a App for SmartPhones and Tabelts. Any idea for Pfsense, IPSEC ssl vpn app??? I would like simple setup for vpn Cyanogenmod

[pfSense] vmware appliance

2012-05-01 Thread David Burgess
The docs (http://doc.pfsense.org/index.php/VMwareAppliance) state that there is no longer a current vmware appliance for download. Is there a particular reason for this? Are there plans to reinstate that at some point? db ___ List mailing list

Re: [pfSense] vmware appliance

2012-05-01 Thread David Burgess
On Tue, May 1, 2012 at 10:10 AM, Moshe Katz mo...@ymkatz.net wrote: If you look at the Snapshots server, it seems that there are VMWare snapshots. Good. Thank you. db ___ List mailing list List@lists.pfsense.org

[pfSense] captive portal and https passthrough

2012-05-01 Thread David Burgess
Hi all, I don't have much experience with captive portal, so I'm doing some testing with 2.0.1 in a vm. It's a bog standard WAN-LAN setup with CP enabled on the LAN. I don't want any authentication, I simply want to present a small html page with links to a couple of web sites. I have created

Re: [pfSense] captive portal and https passthrough

2012-05-01 Thread David Burgess
On Tue, May 1, 2012 at 10:54 AM, David Burgess apt@gmail.com wrote: When the LAN user clicks on the link the browser just times out. I changed the link to http://www.paypal.com, but the browser still times out, and I believe it's because paypal is redirecting to https. To answer my own

Re: [pfSense] is pfSense the right choice?

2012-05-03 Thread David Burgess
On Thu, May 3, 2012 at 11:05 AM, Noam Birnbaum n...@maccentricsolutions.com wrote: Is pfSense the right choice for this environment? You didn't mention the (arguably) most important feature of your proposed environment, which would be throughput expectations. For the feature set you mentioned

Re: [pfSense] is pfSense the right choice?

2012-05-03 Thread David Burgess
On Thu, May 3, 2012 at 11:55 AM, Noam Birnbaum n...@maccentricsolutions.com wrote: Good call, David -- They current have dual WAN -- 40/40 WiMAX and 50/10 cable.  I expect that as they grow these pipes will at least double. pfsense should do fine, but last I looked most of the netgate stuff

Re: [pfSense] High interrupt load on LAGG with LACP

2012-06-05 Thread David Burgess
On Tue, Jun 5, 2012 at 9:42 AM, Jens Kühnel pfse...@jens.kuehnel.org wrote: Sorry, I forgot to mention. The interrupt load happens when no traffic is going through. It's not a traffic problem. What you're describing is odd, but I will echo Chris' point, which is that the ALIX has no hope

Re: [pfSense] Low(ish) cost pfSense platforms

2012-06-09 Thread David Burgess
On Jun 9, 2012 12:47 PM, Larry Sampas la...@larrysampas.com wrote: For my small-office installs the Supermicro Atoms are doing great, but I have not yet had one at scale (thousands of concurrent states running at 20Mbps). I have that same board on a 30/3 connection that hits 30,000 states on a

Re: [pfSense] Encrypt Microwave Link?

2012-06-26 Thread David Burgess
On Tue, Jun 26, 2012 at 1:46 PM, Paul Cockings opensourceproje...@mail26.com wrote: 1. (broad question... beat me up if like..)  Are microwave links hackable and therefore I should consider some type of encryption on that link Unless it's a laser, wireless transmitter is broadcasting to the

Re: [pfSense] Network freezes on IBM x3550, Broadcom NICs

2012-06-28 Thread David Burgess
On Thu, Jun 28, 2012 at 10:11 PM, Paul Gear p...@gear.dyndns.org wrote: What should be my next troubleshooting step? memtest? Different NICs? Have you looked at your MBUF usage (netstat -m)? I get similar symptoms after running out of MBUFs, but if you followed the first step in the doc you

Re: [pfSense] web site access disappears

2012-08-08 Thread David Burgess
On Wed, Aug 8, 2012 at 10:00 AM, Karmstrong karmstr...@kyronex.com wrote: We have run into the common problem of web site access randomly stopping. For instance, at one of our locations google.com no longer works. At others, yahoo.com can not be accessed. We can not pull the sites up in a

Re: [pfSense] Soekris net5501-70 additional PCI network card does not work

2012-09-26 Thread David Burgess
On Sep 26, 2012 4:50 AM, İhsan Doğan ih...@dogan.ch wrote: the built in Via Rhine ethernet interfaces do not support VLAN HW tagging News to me. I have one running with vlans just fine. You may have other issues. db ___ List mailing list

Re: [pfSense] Soekris net5501-70 additional PCI network card does not work

2012-09-26 Thread David Burgess
On Sep 26, 2012 5:50 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: Update: a quick read of its spec sheet indicates it only supports 3.3v: http://soekris.com/products/net5501.html So it might be that your Intel NIC is expecting 5v signalling, especially if it's an old (pre-PCI 2.2) card.

Re: [pfSense] Detecting Torpig with pfsense?

2012-10-05 Thread David Burgess
On Oct 5, 2012 7:57 AM, Ståle Johnsen stale.john...@gmail.com wrote: Hi. I don't think that is possible since the logged incident was a couple of days ago and I as far as I know torpig does not send data to the CC server all the time? As suggested earlier, I would block everything to those

[pfSense] CPU frequency no longer displayed

2012-10-09 Thread David Burgess
After rebooting pfsense this morning the dashboard is displaying CPU TypeIntel(R) Core(TM) i3 CPU 540 @ 3.07GHz. Whereas it used to display the actual CPU frequency (powerd is enabled), now it does not. Any idea why? db ___ List mailing list

Re: [pfSense] fast CF cards?

2012-11-06 Thread David Burgess
On Tue, Nov 6, 2012 at 12:30 PM, Jim Pingle li...@pingle.org wrote: I have a Sandisk 200x (30MB/s) 4gb card here that is very speedy. However, it has an annoying quirk with the disk layout that makes FreeBSD spit an error message on every rw mount. Annoying log spam, but it's still speedy.

Re: [pfSense] fast CF cards?

2012-11-07 Thread David Burgess
On Wed, Nov 7, 2012 at 9:46 AM, Jim Thompson j...@netgate.com wrote: We've also never had a Kingston CF fail that I know of. Thanks, everybody, for the feedback. I settled on a Sandisk 200x 8GB. There were some Kingston's available with much faster ratings, but after reading some reviews of

Re: [pfSense] update from 2.0.1 to 2.1 HEAD

2012-12-08 Thread David Burgess
On Sat, Dec 8, 2012 at 9:20 AM, David Lawley dlaw...@carolina.rr.com wrote: Been thinking about updating to current 2.1 Beta. Curious what issues folks have run into, if any. I'm sure there might be one or two gotchas along the way... Some CF cards are exceptionally slow to change from ro

Re: [pfSense] update from 2.0.1 to 2.1 HEAD

2012-12-12 Thread David Burgess
On Sat, Dec 8, 2012 at 11:10 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: You, sir, have my thanks. Good news: http://forum.pfsense.org/index.php/topic,48256.msg302923.html#msg302923 I haven't tried it myself yet. db ___ List mailing list

Re: [pfSense] 2.0.2 release now available

2012-12-24 Thread David Burgess
On Mon, Dec 24, 2012 at 2:04 AM, Chris Buechler c...@pfsense.org wrote: Renato (rbgarga), a long time contributor on the open source side, is starting full time with us on January 2. His first month will largely be dedicated to 2.1, and a month of work will be enough to get it to RC1 status

[pfSense] dashboard graphs fail

2013-01-03 Thread David Burgess
2.0.2-RELEASE (amd64) Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz I have a traffic graphs applet running on the dashboard. This machine has 16 interfaces, but only 6 graphs are expanded by default. The graphs update every 1 second. Under 2.0 (and the betas) these graphs worked well, even when running

Re: [pfSense] WRAP

2013-01-05 Thread David Burgess
On 2013-01-05 4:59 AM, Eugen Leitl eu...@leitl.org wrote: With the speed of courrent connections (100+ MBit/s) lulz. You noticed Hugo is in Canada, eh? To be fair, we can get up to 250 Mbps in a few urban centres, but 6/1 DSL is way more common by my accounting. That said, I ran pfSense on an

Re: [pfSense] WRAP

2013-01-05 Thread David Burgess
On 2013-01-05 10:16 AM, David Burgess apt@gmail.com wrote: Hugo Sorry, Ugo, autocorrect. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Bridging WAN to OPT for only one IP in a /27

2013-01-31 Thread David Burgess
On Thu, Jan 31, 2013 at 12:29 PM, j...@millican.us j...@millican.us wrote: Hello, Probably a newbish question but I would like a sanity check before I go down a blind alley. I have a /27 from my provider feeding into a pfSense 2.0.2 box. I was hoping to be able to Bridge the WAN to one of

Re: [pfSense] 2.0.1-RELEASE Not blocking

2013-02-21 Thread David Burgess
On Thu, Feb 21, 2013 at 11:03 AM, Gerald Waugh gwa...@frontstreetnetworks.com wrote: I must be missing something basic. I have setup several pfSense systems, but my latest one in not blocking. this current firewall I have several firewall rules for the WAN port, and none are working. stupid

Re: [pfSense] 2.0.1-RELEASE Not blocking

2013-02-21 Thread David Burgess
On Thu, Feb 21, 2013 at 2:12 PM, Gerald Waugh gwa...@frontstreetnetworks.com wrote: No rules are currently defined for this interface All incoming connections on this interface will be blocked until you add pass rules. Are you using squid or some other proxy? If your hosts are talking to a

Re: [pfSense] Snort taking ages to reload

2013-02-22 Thread David Burgess
On Fri, Feb 22, 2013 at 9:22 AM, b...@todoo.biz b...@todoo.biz wrote: Hi, I was wondering if It is normal that snort takes ages to reload after each modification we are doing ? It takes an average of 1 to 5 minutes to reload and give back the control through the GUI. Which version of

Re: [pfSense] SOHO Router for VPN to pfSense

2013-04-29 Thread David Burgess
On Mon, Apr 29, 2013 at 10:01 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 2:35 pm, j...@millican.us wrote: I have a task to connect a number of small/home offices via VPN (OpenVPN is preferred but could be IPSEC) to a central location that has a pfSense box as its FW/Router.

Re: [pfSense] SOHO Router for VPN to pfSense

2013-04-29 Thread David Burgess
On Mon, Apr 29, 2013 at 10:35 AM, Chris Bagnall pfse...@lists.minotaur.ccwrote: On 29/4/13 5:11 pm, David Burgess wrote: It could just be my own ignorance, but I have had little success trying to connect a pair of pfsense firewalls via OpenVPN. Really? I must admit it's always Just Worked

[pfSense] boot delays

2013-05-02 Thread David Burgess
I'm sure this is documented somewhere, but I just can't find it, so I apologize for asking again. There appear to be two delays when booting pfsense, the first at the F1 prompt, the second at the menu of 10 ways to boot pfsense. I'm running nanoBSD, so I don't want to remove the F1 prompt, but I

Re: [pfSense] Need advise or best practice for pfsense NAT

2013-05-22 Thread David Burgess
On 2013-05-21 10:28 PM, Makara chanmak...@gmail.com wrote: Hi List, We are using pfsense for NAT purpose, around 1000 customers concurrent and the bandwidth is around 500MBPS. We have problem the pfsense is stuck around 1 or 2 week always. You may want to try some of these:

Re: [pfSense] Multiple Crashes 2.0.2

2013-06-04 Thread David Burgess
On Tue, Jun 4, 2013 at 9:36 AM, Nishant Sharma codemarau...@gmail.comwrote: On 4 Jun 2013 20:59, Ermal Luçi e...@pfsense.org wrote: That means probably mbuf exhaustion. Can you try up kern.ipc.nmbclusters=131072 That is already in place. I increased it after few crashes 3 months

Re: [pfSense] Multiple Crashes 2.0.2

2013-06-04 Thread David Burgess
Let me keep an eye on MBUF utilisation tomorrow. Does anyone know the SNMP OID for MBUF, if it can be monitored over it? Maybe not as handy as SNMP, but I have used the following cron job to monitor mbufs. 00***root/bin/date /conf/netstat-m.log ; /usr/bin/uptime

[pfSense] lock-ups

2013-06-08 Thread David Burgess
*2.1-BETA1 * (amd64) built on Wed May 1 12:20:46 EDT 2013 FreeBSD 8.3-RELEASE-p8 https://fv.tfcg.co:444/# I've had a couple of lock-ups in the past month where pfsense is unresponsive on all interfaces, at least at layer 3. This is a remote site so I don't have access to layer 2 or the vga

Re: [pfSense] lock-ups

2013-06-08 Thread David Burgess
On Sat, Jun 8, 2013 at 8:36 PM, Jason Pyeron jpye...@pdinc.us wrote: ** The only time I have observed that type of problem was when the power supply was browning out, ensure that your power supply is of a good quality and sufficient amperage. Thanks for the input. My power supply is

Re: [pfSense] Allow group of non-contiguous IP's to LDAP

2013-09-03 Thread David Burgess
Use an alias as your source. Aliases can be created in Firewall: Aliases and can reference multiple addresses, ranges, and/or subnets. db On Tue, Sep 3, 2013 at 2:30 PM, Marc R. Meshurle Jr. m...@katotech.com wrote: I have a situation where I am doing external LDAP authentication with a mail

Re: [pfSense] Allow group of non-contiguous IP's to LDAP

2013-09-03 Thread David Burgess
On Tue, Sep 3, 2013 at 2:38 PM, David Burgess apt@gmail.com wrote: Use an alias as your source. Aliases can be created in Firewall: Aliases and can reference multiple addresses, ranges, and/or subnets. db Sorry for the previous top-post. Gmail is sneaky. db

Re: [pfSense] routing - additional route on WAN doesn't work

2013-09-25 Thread David Burgess
On Wed, Sep 25, 2013 at 2:17 PM, Adam Thompson athom...@athompso.net wrote: If I'm not mistaken, this is the rule that prevents me from reaching the remote subnet via 184.70.48.188. Unfortunately, this is a system-generated rule. Suggestions? Are you suggesting that all of the traffic

[pfSense] bug upgrading to 2.1 on nanobsd?

2013-09-30 Thread David Burgess
In a recent thread there was mention of a RRD bug when upgrading to 2.1 on nanobsd systems where the /tmp filesystem would fill up, resulting in a sytem with no valid interfaces. I have two production systems to be upgraded, one running 2.0.1 and the other running 2.1RC0, both nanobsd, so this

Re: [pfSense] RRD traffic lost after 2.0.3 - 2.1

2013-10-01 Thread David Burgess
On Tue, Oct 1, 2013 at 3:45 AM, Seth Mos seth@dds.nl wrote: No idea why it isn't doing that for you. I only know of issues on nanobsd. Cheers, Seth That's twice in 12 days you've mentioned that. Care to elaborate? I've done some searching and found nothing that looks like what you've

[pfSense] RFC 3021

2013-10-01 Thread David Burgess
Are there any plans to implement this in pfsense? I do a lot of PtP links and this would be handy. db ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] NSA: Is pfSense infiltrated by big brother NSA or others?

2013-10-09 Thread David Burgess
On Wed, Oct 9, 2013 at 10:38 AM, Jim Thompson j...@netgate.com wrote: So asking the question is stupid(*), because a lie is indistinguishable from the truth. I disagree on that point. Even if one is sure to get a no answer, regardless of the truth, it is still useful to ask the question for

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

2013-10-09 Thread David Burgess
On Oct 9, 2013 7:05 PM, Jens Kühnel pfse...@jens.kuehnel.org wrote: NanoBSD, update 2.1 and embedded, but could not find anything. I also checked the forum, but I could only find file system full when I too came up dry when researching this issue. I ended up grabbing a spare system and

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

2013-10-11 Thread David Burgess
On Fri, Oct 11, 2013 at 2:58 PM, Jens Kühnel pfse...@jens.kuehnel.orgwrote: and are where are possibilities to change that? It's not in the fstab! /etc/rc.embedded ___ List mailing list List@lists.pfsense.org

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

2013-10-11 Thread David Burgess
On Fri, Oct 11, 2013 at 3:25 PM, Jim Pingle li...@pingle.org wrote: On 2.1 you can adjust the /var and /tmp sizes under System Advanced on the Miscellaneous tab. Right! I had forgot about that. So following the original topic, could one more probably ensure a successful upgrade to 2.1 by

Re: [pfSense] Processes

2014-01-22 Thread David Burgess
On Jan 22, 2014 6:59 PM, Brian Caouette bri...@dlois.com wrote: What would cause CPU to run high on pfSense? I'm not running any extra packages. I am back to the base install. I doubled my memory thinking it would help with performance. It didn't. Is there a way to see everything running and

[pfSense] Fwd: shaper hint

2014-02-04 Thread David Burgess
pfsense 2.1 amd64 I'm using the shaper with the priq scheduler and a WAN bandwidth of 2100 kbit/s. Looking at my RRD Quality graphs, latency to my next hop on WAN gets really high and packet loss tops 50% during a period of time where the WAN out max speed is showing 2.27 Mbps. How is the WAN

[pfSense] ICMP host unreachable and RFC1918

2014-02-11 Thread David Burgess
pfsense 2.1 I have internal subnets in the 10.0.0.0/14 address space and also a public subnet x.x.x.240/28 that is routed statically to pfsense's WAN address. pfsense sits at the edge of the network and I have another router whose only internet access is through pfsense. The x.x.x.240/28 public

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread David Burgess
On Feb 11, 2014 5:55 AM, Jim Thompson j...@netgate.com wrote: Thanks for this. As before, we'll supply a solution for pfSense on the ERL after 2.2 (based on FreeBSD 10) after 2.2 drops. -- Jim That's great news. Does anybody care to speculate whether FreeBSD will be able to take advantage

Re: [pfSense] FreeBSD 10.0 on Ubiquiti EdgeRouter Lite

2014-02-12 Thread David Burgess
On Wed, Feb 12, 2014 at 8:30 AM, Jim Thompson j...@netgate.com wrote: you know it’s ipv4-only, right? (there should be a layer2 version as well, but you can’t run both.) If I had a choice between v4-only acceleration and no acceleration, I'd take the former. I'm using two of these devices

Re: [pfSense] Netgate's customized pfSense release

2014-02-13 Thread David Burgess
On Thu, Feb 13, 2014 at 9:54 AM, Andrew Hull l...@coffeebreath.org wrote: My knee jerk reaction is that this is A Bad Thing(tm), and I reloaded the devices with images from ESF. Does anyone here have a strong opinion one way or the other? My first reaction is that the branding is a good

[pfSense] uploading partial config does not apply changes

2014-02-20 Thread David Burgess
pfsense 2.1 Sometimes I want to make multiple changes to a portion of my config, such as static routes. Rather than plowing through the GUI, I just download that portion of the config, edit, and upload again. At this point the GUI tells me the config has been uploaded, but the new static routes

[pfSense] gateway not accepting alternative monitor IP

2014-02-20 Thread David Burgess
pfsense 2.1 amd64 When I enter an alternative monitoring IP and hit save, pfsense takes me back to the list of gateways and the monitoring IP is listed as the default. I've tried entering a couple of addresses in there and they don't stick after hitting Save or Apply. What am I missing? db

Re: [pfSense] gateway not accepting alternative monitor IP

2014-02-20 Thread David Burgess
On Thu, Feb 20, 2014 at 9:39 PM, Ryan Coleman ryanjc...@me.com wrote: I saw this today with 2.0.3 and it was caching the page. Have you tried a different browser? Yes, and from a different computer. I've also tried force reloading the page. db ___

Re: [pfSense] Limiter with dynamic pipe on floating rules

2014-02-21 Thread David Burgess
On Fri, Feb 21, 2014 at 7:50 AM, tibz ti...@tibir.net wrote: Basically, we are protecting a /24 public network and would like to limit some IPs to some bandwidht, ie: IP-1 to IP-10 at 1mbps each IP11 to IP-20 at 2mbps each IP21 to IP-30 at 5mbps each the rest default up to 10mbps each I

Re: [pfSense] gateway not accepting alternative monitor IP

2014-02-24 Thread David Burgess
On Sun, Feb 23, 2014 at 3:37 AM, Chris Buechler c...@pfsense.org wrote: Do you by chance have duplicate gateway entries in your config? There was a duplicate entry in the config. I deleted it and all is working as expected now. Thanks for the tip. On a related note, is there no partial config

[pfSense] can ping gateway on link

2014-02-24 Thread David Burgess
I have a gateway on a local link (via wireless bridge) that is being reported as down. When I attempt to ping that gateway from the shell I get [2.1-RELEASE][root@pfsense]: ping 10.1.0.253 PING 10.1.0.253 (10.1.0.253): 56 data bytes ping: sendto: Invalid argument but if I 'arping' the same host

Re: [pfSense] can ping gateway on link

2014-02-24 Thread David Burgess
On Mon, Feb 24, 2014 at 3:19 PM, Brian Candler b.cand...@pobox.com wrote: Do you see anything in 'dmesg' when you do this? Yes. Thanks for the tip. I see nothing but a sea of arpresolve: can't allocate llinfo for 10.1.0.253. Some googling turns up this: https://redmine.pfsense.org/issues/337

Re: [pfSense] can ping gateway on link

2014-02-25 Thread David Burgess
On Tue, Feb 25, 2014 at 2:20 AM, Brian Candler b.cand...@pobox.com wrote: This looks wrong. I don't see why destination 10.1.0.253 has a static route to 10.1.0.253. I agree. I'm not sure why that's there. Here's some additional info. Action -- Result 1. set all gateways to default -- no

Re: [pfSense] can ping gateway on link

2014-02-25 Thread David Burgess
After some playing with it I've learned a few things. The gateway groups appear to be irrelevant to my problem. Setting a gateway as DNS server breaks the system. Reversing the setting doesn't fix the problem because the self-referring route remains. I tried deleting the route in the shell but I

Re: [pfSense] can ping gateway on link

2014-02-25 Thread David Burgess
On Tue, Feb 25, 2014 at 10:11 AM, Brian Candler b.cand...@pobox.com wrote: Regards, Brian. Thanks for your input. I have decided to eliminate 10.1.0.253 as a DNS resolver altogether, since the possiblity exist to create a DNS loop due to the way my network is configured. I have opted instead

[pfSense] RFC3442 problem

2014-02-25 Thread David Burgess
pfsense 2.1 amd64 From the RFC: When a DHCP client requests the Classless Static Routes option and also requests either or both of the Router option and the Static Routes option, and the DHCP server is sending Classless Static Routes options to that client, the server SHOULD NOT

Re: [pfSense] RFC3442 problem

2014-02-25 Thread David Burgess
On Tue, Feb 25, 2014 at 11:45 AM, David Burgess apt@gmail.com wrote: If I didn't get it wrong, this is how it breaks down: Ok, so I did get it wrong. The RFC states that with a mask width of 0, there are 0 significant octets in the destination descriptor, so my string had an extra 00

Re: [pfSense] RFC3442 problem

2014-02-25 Thread David Burgess
On Tue, Feb 25, 2014 at 4:59 PM, Jeremy Porter jpor...@electricsheepfencing.com wrote: The correct fix, is don't use the Static Route option, as class full routes haven't made any sense since 1993. DHCP option 121 is specifically for classless routes. I've always seen the server side

[pfSense] blank lines in DHCP lease list

2014-02-26 Thread David Burgess
Pic attached. This situation has survived many reboots. Is there are remedy for this? db attachment: blanks.PNG___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] blank lines in DHCP lease list

2014-02-26 Thread David Burgess
On Wed, Feb 26, 2014 at 3:46 PM, Ryan Coleman ryanjc...@me.com wrote: Did you update the software before they started appearing? I’ve seen things from 2.0 to 2.1 not carry over all their information. I believe this system was a fresh install of 2.1 with config by hand. I know that I did

Re: [pfSense] blank lines in DHCP lease list

2014-02-26 Thread David Burgess
It's funny how something can dog you for a long time, and as soon as you ask for help, you get new insight. I found and deleted three staticmap/ tags in the DHCP config file, uploaded it again, and the lines are gone. db ___ List mailing list

Re: [pfSense] Captive Portal: Per-client speed

2014-03-10 Thread David Burgess
On Wed, Mar 5, 2014 at 11:31 AM, Ryan Coleman ryanjc...@me.com wrote: It appears I can throttle individual users on the Captive Portal, but how can I limit the speed of that entire network? Is that through Traffic Shaping? And how would I do that? Create a limiter (up and down, if desired)

Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE

2014-03-19 Thread David Burgess
On Mar 19, 2014 2:33 PM, Brian Candler b.cand...@pobox.com wrote: (1) MTU problem / PMTU discovery / blocked ICMP Was my first thought. db ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE

2014-03-20 Thread David Burgess
On Thu, Mar 20, 2014 at 10:12 AM, Ryan Coleman ryanjc...@me.com wrote: So I’m going to try and fix it if there’s someone that is willing to help me out today.. this just blows my mind - it’s like it loses the firewall configuration and then falls to a default. None of the VLANs are passing

Re: [pfSense] restoring nanobsd config to full install

2014-03-26 Thread David Burgess
On Wed, Mar 26, 2014 at 9:57 AM, Vick Khera vi...@khera.org wrote: it should work. it will prompt you for the new NICs to map into WAN/LAN and you're good to go. I'm just getting a generic error. I don't see anything in the system log or dmesg to indicate what went wrong. I did edit the config

Re: [pfSense] restoring nanobsd config to full install

2014-03-26 Thread David Burgess
On Wed, Mar 26, 2014 at 10:12 AM, David Burgess apt@gmail.com wrote: I'm just getting a generic error. I found a missing xml tag using N++'s XML plugin from where I had manually added some vlan interfaces. You learn something every day. db

Re: [pfSense] RDP port forward based on destination name.

2014-03-27 Thread David Burgess
On Thu, Mar 27, 2014 at 1:37 PM, greg whynott greg.whyn...@gmail.com wrote: if you RDP to: you'll land on the internal server: host1.foo.com 10.101.1.2 host2.foo.com 10.101.3.4 host3.foo.com 10.101.1.8 If you're using pfsense's DNS forwarder you can add host overrides

Re: [pfSense] apinger not noticing good connection

2014-04-22 Thread David Burgess
Anyone else seeing apinger losing packets while ping doesn't? For many days now the gateway widget on my 2.1 box has been reporting packet loss in the 300-500% range. Meanwhile ping and RRD show no packet loss. This same system was recently showing a baseline of 2% loss in RRD while ping showed

[pfSense] Some packages not reinstalled after upgrade

2014-05-03 Thread David Burgess
I just upgraded a nanoBSD system from 2.1 to 2.1.3. All appeared to go well, except that the Quagga OSPF package was not automatically reinstalled after the reboot. Four other packages were automatically reinstalled. I thought I saw Quagga OSPF being installed when I reloaded the dashboard

Re: [pfSense] Some packages not reinstalled after upgrade

2014-05-03 Thread David Burgess
On Sat, May 3, 2014 at 4:23 AM, David Burgess apt@gmail.com wrote: I just upgraded a nanoBSD system from 2.1 to 2.1.3. All appeared to go well, except that the Quagga OSPF package was not automatically reinstalled after the reboot. Four other packages were automatically reinstalled. Just

  1   2   >