Re: [pfSense] Open VPN configure ( Urgent)

2015-03-22 Thread Steve Yates
on pfSense. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] ARP for CARP

2015-03-18 Thread Steve Yates
just fine. It also doesn't have an ARP entry for 64.79.96.148 which is the WAN IP of the second router. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https

Re: [pfSense] ARP for CARP

2015-03-19 Thread Steve Yates
Steve Yates wrote on Wed, Mar 18 2015 at 7:02 pm: and pinging .150 yields Destination host unreachable since it doesn't think it has anywhere to send the routed traffic. I noticed our office router does not detect an ARP entry for the CARP IP. Turns out there was a stray static

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-03-06 Thread Steve Yates
IPs from the /29 to provide NAT to a separate network on private IPs. -- Thanks all, Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] CARP sync of skew results in blank Status on backup router, breaking failover

2015-03-25 Thread Steve Yates
Steve Yates wrote on Wed, Mar 25 2015 at 1:22 pm: In my other thread, diagnosing why failback only moved back the WAN IPs, if the physical host had its network restarted underneath my router VM. Sorry, had that backwards FWIW; it only moved back the LAN. Again, not a normal

Re: [pfSense] pfSense 2.2.1 HA setup does not sync states

2015-03-27 Thread Steve Yates
fine for me. Is your firewall log set to show packets logged by the default block rule? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] newbie question

2015-03-23 Thread Steve Yates
connects to the Internet directly, and pfSense connects to the Internet separately (so they are in parallel), and you have two WAN IP addresses, that will work. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-03-02 Thread Steve Yates
Using CARP implies that you care about reliability during edge cases and partial failures. If so, then you need to do it right and use 3 IPs where you want 1 carp. I hear you. I guess part of me just dislikes the possibility of wasting 12 or 18 IPs (6 per subnet) a few years down the

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-03-02 Thread Steve Yates
Steve Yates wrote on Mon, Mar 2 2015 at 1:05 am: the scenario is: no NAT, multiple public IPs in use on the LAN side from two different subnets, and pfSense acting as a firewall. I received an email directly...to perhaps shorten my example, if we have two public subnets 1.1.1.0/28

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-03-02 Thread Steve Yates
Steve Yates wrote on Mon, Mar 2 2015 at 9:09 am: I received an email directly...to perhaps shorten my example, if we have two public subnets 1.1.1.0/28 and 2.2.2.0/28, I would like to use both of those subnets on different servers, use pfSense as the firewall, and use CARP

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-02-27 Thread Steve Yates
Steve Yates wrote on Fri, Feb 27 2015 at 12:29 pm: Two WAN IP, two LAN IP, and two more for sync. And reading this, I didn't write what I meant, so to just correct it all, 3 WAN, 3 LAN, and 2 for sync. -- Steve Yates ITS, Inc. ___ pfSense

Re: [pfSense] Running as a VM, multiple WAN subnets

2015-03-01 Thread Steve Yates
Chris L wrote on Fri, Feb 27 2015 at 3:34 pm: On Feb 27, 2015, at 12:37 PM, Steve Yates wrote: Chris L wrote on Fri, Feb 27 2015 at 12:10 pm: Hopefully the provider can just route the additional subnet to your existing WAN IP. Then you don’t need to do anything with CARP/HA except make

Re: [pfSense] CARP authentication requires user admin?

2015-03-18 Thread Steve Yates
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm: If enable the HA sync setting for Synchronize Config to IP with the backup node's IP, and Remote System Username and Password for the backup, I get errors on the master like: [ An authentication failure occurred while trying to access

Re: [pfSense] CARP authentication requires user admin?

2015-03-18 Thread Steve Yates
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm: Is it hard coded to use admin? Never mind, I reread the docs again. Enter admin for the Remote System Username (other usernames will not work ___ pfSense mailing list https

Re: [pfSense] CARP failover works but it only fails back the LAN

2015-03-23 Thread Steve Yates
was clicking around a lot, but it seems to be repeatable. -- Steve Steve Yates wrote on Mon, Mar 23 2015 at 2:50 pm: Just ran into an odd scenario in my testbed...if pfSense (router1) is in a VM (Parallels Cloud/Virtuozzo), and I run service network restart on the host for that VM, pfSense fails

[pfSense] Requiring TLS 1.1 for OpenVPN

2015-04-30 Thread Steve Yates
PCI scanning is now failing TLS 1.0 connections. Is it as simple as adding tls-version-min 1.1 (or 1.2) to the OpenVPN: Server/Advanced configuration/Advanced text box? -- Steve Yates ITS, Inc. ___ pfSense mailing list https

Re: [pfSense] Pfsense + Cloudflare

2015-04-30 Thread Steve Yates
/packet level. At that point (theoretically) I suppose CloudFlare would have to have functionality to act as a firewall? And pfSense configured to only allow traffic from it. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org

Re: [pfSense] IKEv2 agile VPN from Win7/Win8 to pfSense 2.2.2

2015-06-17 Thread Steve Yates
Ermal Luçi wrote on Wed, Jun 17 2015 at 10:22 am: On Wed, Jun 17, 2015 at 4:40 PM, Steve Yates st...@teamits.com wrote: OpenVPN requires a self-signed cert. Can you report the issue with OpenVPN on self-signed cert? It's been a few months but if I recall correctly, on page

Re: [pfSense] Suricata alert suppression

2015-07-29 Thread Steve Yates
it wasn't honoring the Suppress instruction. -- Steve Yates ITS, Inc. Steve Yates wrote on Mon, Jul 13 2015 at 3:16 pm: I got Suricata installed and operating. I found, oddly, that the highest volume of packet errors alerted was to/from Symantec IPs. I added that subnet as trusted

Re: [pfSense] CARP development testing within our network -- broadcast storm?

2015-07-27 Thread Steve Yates
to the WAN side of pfSense, so they would not be using pfSense at all. You can't connect the networks through pfSense and around it at the same time... -- Steve Yates ITS, Inc. Justin Edmands wrote on Mon, Jul 27 2015 at 3:53 pm: I have setup a dual gateway setup I have created to test a future

Re: [pfSense] CARP development testing within our network -- broadcast storm?

2015-07-27 Thread Steve Yates
, with the LAN computers behind it. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] bsd/pfsense equivalent to fail2ban

2015-07-27 Thread Steve Yates
I think you're looking for Snort or Suricata. Presumably someone would have detections for asterisk by now? -- Steve Yates ITS, Inc. mayak wrote on Sat, Jul 25 2015 at 7:31 am: hi all, i have a number of asterisk instances behind pfsense -- 5060 is open to the public

Re: [pfSense] Primer for AP/bridge setup? (based on Re: Access Point Recommendations?)

2015-07-24 Thread Steve Yates
points, wireless clients, or bridges, but not more than one. I would expect if you connect the printer to the LAN, then anyone using the printer would need to connect to the LAN's AP instead of directly to the printer. -- Steve Yates ITS, Inc

Re: [pfSense] How do I harden my pfsense install WRT TLS and ssh?

2015-07-24 Thread Steve Yates
by default. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Primer for AP/bridge setup? (based on Re: Access Point Recommendations?)

2015-07-24 Thread Steve Yates
. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

[pfSense] Suricata alert suppression

2015-07-13 Thread Steve Yates
. However, IPs from within that /24 still show in the Alerts tab? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Help with provider assigning multiple IP addresses over PPPoE

2015-11-15 Thread Steve Yates
> I don't have any trouble adding NAT > rules that forward the .217 through to my internal network.  If that works, it sounds like .217 is your IP, and not your gateway as they documented. What is the gateway on your WAN connection? -- Steve Yates IT

[pfSense] 2.2.5 upgrade - failed to open openvpn-client-export-2.3.6.tgz

2015-11-09 Thread Steve Yates
) System/Packages shows v1.2.20 installed. Looking at its changelog page, it looks like 2.3.6 is the OpenVPN version? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Steve Yates
the public IP for the passive connection, instead of the server's LAN IP. However (not tested) that may well break internal FTP, unless perhaps requests to the WAN IP are reflected back inside. I think I would even expect internal FTP users to have to connect via the WAN IP also. -- Steve Yates

Re: [pfSense] FTP issues on 1:1

2015-07-09 Thread Steve Yates
Ryan Coleman wrote on Thu, Jul 9 2015 at 5:24 pm: I switched it to port 21 and it’s still not working externally, either. Not sure if you said what FTP client you're using. FileZilla has some debug logging modes that might help narrow down the issue. -- Steve Yates ITS, Inc

Re: [pfSense] FTP issues on 1:1

2015-07-07 Thread Steve Yates
? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Unbound DNS Resolver doesn't listen on IP aliases even when selected in settings

2015-11-17 Thread Steve Yates
hared LAN IP, it listens on that alias. Did you check your firewall log/rules? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Strange timezone behavior and then full stop

2015-08-26 Thread Steve Yates
the time zone to be set in php.ini or other PHP-read .ini files. It's just a warning so isn't an indicator of a problem in and of itself. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support

Re: [pfSense] pfSense + AD not resolving DNS

2015-10-01 Thread Steve Yates
> 2.- The WAN network don't work. No access to Internet using or not, > DNS service in pfSense box. ping, traceroute, dig directly from > pfSense box not work. If you can't ping/traceroute by IP address, it's not a DNS issue. -- Steve Yates

Re: [pfSense] Shutdown Interface?

2015-12-09 Thread Steve Yates
on firewall rules which the OP specifically asked about and I'll admit I didn't realize pfSense had. I couldn't find a "part 2" though...? >> A quick Googling came up with this: >> >> http://www.wedebugyou.com/2012/11/how-to-prevent-and-mitigat

Re: [pfSense] Lost limiter config after upgrade

2015-12-16 Thread Steve Yates
being fixed. Until then, 2.1.5 rules the > roost. Per that bug report (https://redmine.pfsense.org/issues/4326), it sounds like it's only an issue if NAT is being used, correct? They work if NAT is not in use? -- Steve Yates ITS, Inc. ___

Re: [pfSense] Multiple SSIDs

2015-11-24 Thread Steve Yates
Steve Yates wrote on Tue, Nov 24 2015 at 9:28 am: > We haven't used wireless with pfSense yet. The manuals for the > hardware models don't seem to mention how to set up the optional > wireless. The doc site suggests not using wireless in pfSense? > (https://doc.pfsense.o

[pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-11 Thread Steve Yates
r document.getElementById like so and it will save a lot of repeated text on a page that big: function x() { return document.getElementById(arguments[0]); } -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/l

Re: [pfSense] IPSec nat issue

2016-05-26 Thread Steve Yates
Jumping in midway through, 193.168.1.0/24 belongs to Universite du Luxembourg. If that's not you then the other end could be routing packets there. -- Steve Yates ITS, Inc. -Original Message- > On Wed, May 25, 2016 at 8:54 PM, Lyle <l...@lcrcomputer.net> wrote: > >>

Re: [pfSense] Snort or Suricata

2016-06-13 Thread Steve Yates
looked a while back it seemed like Snort and Suricata were similar but Snort was single thread and Suricata could multi-thread. https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan http://wiki.aanval.com/wiki/Snort_vs_Suricata -- Steve Yates ITS, Inc. -Original Message- From

Re: [pfSense] Snort or Suricata

2016-06-13 Thread Steve Yates
, and we haven't had the problem lately. My guess is the more individual rules that one disables, the longer it takes to sync, and the larger sync info is. Then at some point something crashed and reset the rules to not have any disabled, after which the sync is smaller. -- Steve Yates ITS, Inc

Re: [pfSense] How to determine supported packages without installing

2016-06-17 Thread Steve Yates
#pfSense_2.3_Upgrade_Guide has text: See Package Port List for a list of packages currently available on 2.3. Links to -> https://doc.pfsense.org/index.php/Package_Port_List Also, from the blog entry on the 2.3.1 release: https://doc.pfsense.org/index.php/2.3_Removed_Packages -- Steve Yates ITS, Inc. -Origi

Re: [pfSense] add Blocking in suricata just for some IPs

2016-06-20 Thread Steve Yates
. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner Sent: Monday, June 20, 2016 1:28 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] add Blocking in suricata just fo

Re: [pfSense] Lost limiter config after upgrade

2016-01-11 Thread Steve Yates
Steve Yates wrote on Tue, Dec 15 2015 at 5:04 pm: > Per that bug report (https://redmine.pfsense.org/issues/4326), it > sounds like it's only an issue > if NAT is being used, correct? They work if NAT is not in use? To follow up I set up a limiter on our data cent

Re: [pfSense] Slow speed on 100Base TX full duplex.

2016-01-11 Thread Steve Yates
Ethernet port speed is still going to be 100 because the only choices are 10, 100, 1000, or 10 Gbit. Likewise, if the colo has a lot of traffic, he may not get a 100 Mbps download speed when testing. -- Steve Yates ITS, Inc. ___ pfSense

Re: [pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-15 Thread Steve Yates
. ...maybe "restarting packages" is interfering with the Suricata sync? Or possibly the default Suricata sync timeout of 150 seconds needs to be a *lot* higher? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.

Re: [pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-15 Thread Steve Yates
Steve Yates wrote on Tue, Jan 12 2016 at 1:25 am: > 6) I started on pfSense 2.2.5 and upgraded both routers to 2.2.6 since it > said it > fixed some sync issues. On at least two occasions, with 2.2.6, I start > getting > "unread notice" alerts for sync errors, and can

Re: [pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-17 Thread Steve Yates
but I've never had a problem upgrading 2.x versions. That said I read the changelog-in-progress for 2.3 and it looks like a big overhaul. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Suricata sync crashes WebConfigurator, and other issues

2016-01-18 Thread Steve Yates
issue... Steve Yates ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

2016-02-12 Thread Steve Yates
ork? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] FTP trouble.

2016-02-11 Thread Steve Yates
t shows the block in your firewall log. And just to over clarify, it is the FTP server that tells the client what port to use, so you can't control that unless you control the FTP server. -- Steve Yates ITS, Inc. ___ pfSense mailing list https:/

Re: [pfSense] pfblockerng

2016-01-23 Thread Steve Yates
://www.dshield.org/block.txt and https://secure.dshield.org/block.txt either of which are probably better to use/list since they use HTTPS. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Sync problem betweens 2 nodes

2016-04-01 Thread Steve Yates
is hardcoded to use "admin"...but it sounds like you get a successful sync so that can't be it. Now I only have issues with the Suricata package sync occasionally causing the web GUI (I think PHP-FPM really, which prevents the GUI from working) on the slave to stop responding. -- Steve Yate

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Steve Yates
kages are not available. See Package Port List for a list of packages currently available on 2.3." https://doc.pfsense.org/index.php/Package_Port_List -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeff H Sent: Wednesday, Apri

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Steve Yates
ility list for 2.3.x? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of mayak Sent: Wednesday, April 13, 2016 5:17 AM To: pfSense support and discussion <list@lists.pfsense.org> Subject: [pfSense] 2.3 show stopper - bind package

Re: [pfSense] Soeckris Net5501 SSD

2016-05-18 Thread Steve Yates
if you open the PDFs on their site. They do list compressed read and write speeds for some drives so be careful what table you're reading. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife Sent: Wednesday, May 18, 2016 1

[pfSense] IPv6 with Comcast and two pfSense - invalid prefix length, XID mismatch

2016-05-18 Thread Steve Yates
" My second question was going to be about getting IPv6 to the PCs inside the tenant router but unless I'm mistaken I need a couple more /64 networks for that (what a waste of IPs...I know there's a lot but still...). Thanks, Steve Yates ITS, Inc. __

Re: [pfSense] Limiter on WAN based on time?

2016-05-24 Thread Steve Yates
The schedules are created under Firewall/Schedules and then can be applied to a limiter. On a limiter you'd need at least two Bandwidth entries, one for each schedule (day/night). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf

Re: [pfSense] IPv6 with Comcast and two pfSense - invalid prefix length, XID mismatch

2016-05-19 Thread Steve Yates
2601:249::::/64 ...with the LAN IP range. (yes, it is spelled "prefixs") -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz Sent: Wednesday, May 18, 2016 10:10 PM To: pfSense Support and Discussio

Re: [pfSense] IPv6 with Comcast and two pfSense - invalid prefix length, XID mismatch

2016-05-19 Thread Steve Yates
Is there a way to force pfSense to do NAT for IPv6? If so then we could make it work. I understand that's not the point of IPv6 but... -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz Sent: Thursday, May 19, 2016 2

Re: [pfSense] Routing Issue

2016-05-10 Thread Steve Yates
, and 192.168.199.0/24 for OpenVPN. 192.168.199.0/24 is just used to route packets from the remote PC to behind the router. You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and should be "/29" like the others. -- Steve Yates ITS, Inc. -Original Message- Fro

Re: [pfSense] 2.2.6 HA to 2.3 Upgrade Advice

2016-05-10 Thread Steve Yates
https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments "Generally the recommended path for upgrading a High Availability cluster is to first upgrade the secondary node." -- Steve Yates ITS, Inc. -Original Message- From: List [mailto

Re: [pfSense] Routing Issue

2016-05-10 Thread Steve Yates
You should not have to route anything manually. Your data center or ISP routes the /25 to 212.168.31.130. In essence, packets are sent there for you. PfSense then "knows" the LAN side is the /25 and sends them to the LAN. -- Steve Yates ITS, Inc. -Original Message-

[pfSense] Limiters on LAN, WAN

2016-05-12 Thread Steve Yates
to use a limiter on a LAN upload. I did see the known issue that limiters don't currently work on NATted interfaces so don't have them set up on the WAN side. Thanks, Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org

Re: [pfSense] Limiters on LAN, WAN

2016-05-12 Thread Steve Yates
fore limit the connection if a tenant was, let's say, hosting a web server and a remote user uploaded a file into the building. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg Sent: Thursday, May 12, 2016 1:17 PM To: pfSen

Re: [pfSense] Limiters on LAN, WAN

2016-05-12 Thread Steve Yates
No we're actually using NAT and private IPs inside the building. We use 1:1 NAT if a tenant needs a public IP. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg Sent: Thursday, May 12, 2016 2:38 PM To: pfSense Support

Re: [pfSense] Limiters on LAN, WAN

2016-05-12 Thread Steve Yates
I have the limiters configured as you show. But are you saying you would normally set your limiter on rules on both the LAN and WAN? Basically, I should set it on LAN for now and when the bug is fixed set it on WAN also? -- Steve Yates ITS, Inc. -Original Message- From: List

Re: [pfSense] firewall rules with fqdn-alias

2016-05-17 Thread Steve Yates
Are you using dots in your FQDNs? Those aren't valid alias names... 'The name of the alias may only consist of the characters "a-z, A-Z, 0-9 and _".' -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs Sen

Re: [pfSense] firewall rules with fqdn-alias

2016-05-18 Thread Steve Yates
Is there a length limit for alias names? If it's an invalid alias I would think one of the logs should show something when the firewall rules are applied...I recall seeing errors in there before... -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun

Re: [pfSense] 2.3-REL, HA, WAN CARP IPv6 MAC seen as active on both NICs

2016-05-04 Thread Steve Yates
s not permitted on their equipment" Is that even possible? How would they prevent that other than tying the IP address to a MAC address? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia Sent: Wednesday, May 4, 2016 5:12 AM

Re: [pfSense] pfSense on vmware ESXi 6.0

2016-04-14 Thread Steve Yates
and such but unless you're expecting a super high number of connections I would probably just turn it on and check the settings periodically. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia Sent: Thursday, April

Re: [pfSense] IPV6 WAN/LAN routing

2016-04-20 Thread Steve Yates
To rule out any missing firewall rules, on Status: System logs: Settings, check "Log packets matched from the default block rules put in the ruleset" and see if it starts logging your pings from the LAN. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Steve Yates
n Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind! On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates <st...@teamits.com> wrote: > The release notes don't mention specific package compatibility Yes it does. "

Re: [pfSense] DNS Forwarder # exception

2016-07-22 Thread Steve Yates
I'm just brainstorming here but for your specific example could you do something like delegate wildcard record *.example.com to the public DNS servers? Or mail.example.com, etc. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf

Re: [pfSense] looking for perfect pfsense box for home?

2016-08-03 Thread Steve Yates
as someone pointed out that may use far more power in the long run. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Wednesday, August 3, 2016 2:37 AM To: pfSense Support and Discussion Mailing List <list@

Re: [pfSense] pfsync_undefer_state: unable to find deferred state

2016-07-15 Thread Steve Yates
This may or may not be related but after he upgrade to 2.3.1 I did find a continual stream of checksum error alerts in Suricata. As found online, disabling Hardware Checksum Offloading fixed it, even though this is on a virtual machine. -- Steve Yates ITS, Inc. -Original Message

[pfSense] pfsync_undefer_state: unable to find deferred state

2016-07-08 Thread Steve Yates
licate this at will...in this case an "rsync --dry-run" is plenty. It doesn't seem to have any effect on traffic since the copy works fine, it appears to just be a logging issue. -- Steve Yates ITS, Inc. ___ pfSense mailing list https:/

[pfSense] Xinetd error message repeating every 15 minutes

2016-07-05 Thread Steve Yates
/rc.filter_configure_sync. My question is, is there an accepted way to hide that info? It fills up the system logs/General page... -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold

Re: [pfSense] add Blocking in suricata just for some IPs

2016-06-20 Thread Steve Yates
pfBlockerNG blocks by country, which is what your image showed. One caveat to country blocking is Microsoft has started using IPv4 blocks allocated to it in other countries for its Azure service, since they ran out. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list

Re: [pfSense] NAT from WAN to LAN

2016-08-15 Thread Steve Yates
allocated to Hewlett-Packard...? That might also be interfering with your routing. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Antonio Sent: Sunday, August 14, 2016 3:55 AM To: list@lists.pfsense.org Subject: [pfSense] NAT from

[pfSense] SG-1000 and VPN

2017-01-24 Thread Steve Yates
? Either as a remote site or as a SOHO router + VPN host? Just wondering how the ARM CPU would stack up. The specs say 200k active (non-VPN) connections... -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo

Re: [pfSense] SG-1000 and VPN

2017-01-26 Thread Steve Yates
oad speed anyway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] SG-1000 and VPN

2017-01-25 Thread Steve Yates
That's what I'm trying to ask, if the SG-1000 would work for that. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao Sent: Tuesday, January 24, 2017 11:41 PM To: pfSense Support and Discussion Mailing List <l

Re: [pfSense] PFsense 2.3.2-P1 dies

2017-01-25 Thread Steve Yates
he console would show a stream of errors that pointed to the drive, don't recall them now of course. -- Steve Yates ITS, Inc. -Original Message- I had an issue at one point with hard disks dropping out because of the idle time set on my Western Digital drives. You say you just upgra

Re: [pfSense] small problem with squid

2017-02-14 Thread Steve Yates
If I'm following, you're using a public IP:port. Did you set up NAT Reflection? (System/Advanced/Firewall & NAT) -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Berg Sent: Monday, February 13, 2017 3:45 PM To:

Re: [pfSense] pfsense really slow

2016-09-06 Thread Steve Yates
I saw something similar once after an upgrade, installing packages, when pfSense's DNS wasn't running. Linux doesn't really do a round-robin or last-known-good DNS search, it just keeps trying the failing ones. I don't recall noticing it on the main screen though. -- Steve Yates ITS, Inc

Re: [pfSense] nat or routing?

2016-09-09 Thread Steve Yates
In Status/System Logs/Settings check the "Log packets matched from the default block rules in the ruleset" option and see if the firewall log shows blocked packets. Are the interfaces set to block private networks, since you are using those on all interfaces? -- Steve Yate

[pfSense] NAT reflection after the fact

2016-09-26 Thread Steve Yates
IP of the NAT 1:1. Do I need a rule on the LAN side, since the traffic would be coming from the LAN side? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense Aliases / firewall rule with an FQDN and multiple entries

2016-10-07 Thread Steve Yates
When editing an alias the Hint line shows, "FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used." -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WolfS

Re: [pfSense] bind DNS question

2016-09-22 Thread Steve Yates
uot; Restarting named will flush updated data from .jnl files back to the zone file." -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel Sent: Thursday, September 22, 2016 1:55 PM To: m...@fuckaround.

Re: [pfSense] bind domain specific forwarder

2016-09-22 Thread Steve Yates
I don't know if you need forwarding for this. Can you just add an NS record to the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a hostname that points to that IP)? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org

Re: [pfSense] Pfsense lan config

2016-08-29 Thread Steve Yates
If you want the pfSense to be between your laptop and the Internet your laptop would need to be on the LAN side of the pfSense. Why are you using a public IP range on the LAN side of your router? That will also cause problems. Did you mean to write (or use) 172.16.30.10? -- Steve Yates ITS

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

2016-09-30 Thread Steve Yates
pfblockerng.php?pfb=pfB_Africa_v4.; So you could keep your list somewhere else on a web server. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of qmail Sent: Friday, September 30, 2016 10:30 AM To: list@lists.pfsense.org Subject

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

2016-09-30 Thread Steve Yates
Basically, but doing it directly would avoid dealing with the package. I guess it's just down to how often the chosen list is updated. And, if it's just via allocation, aren't they done allocating IPv4 blocks... -- Steve Yates ITS, Inc. -Original Message- From: List

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

2016-10-10 Thread Steve Yates
ly, but if DNS isn't working that could be an issue. In other words if DNS is running then 127.0.0.1 will always be the first DNS server used. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer Sent: Friday, Oct

Re: [pfSense] pfsync_undefer_state: unable to find deferred state

2016-10-18 Thread Steve Yates
te syncing completely. I haven't gone that far but did check "No pfSync" on the firewall rule per the below, to no avail. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Friday, July 8, 2016 4:30 PM

Re: [pfSense] rules cleanup and approval process

2016-10-21 Thread Steve Yates
Not sure. Router restart? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin Sent: Friday, October 21, 2016 11:08 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense]

Re: [pfSense] rules cleanup and approval process

2016-10-21 Thread Steve Yates
The Rules page logs traffic for the rule, in bytes, in the States column. You can also set allow rules to log traffic but that will be a lot of log entries. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin

Re: [pfSense] pfsense + carp + ha

2016-11-16 Thread Steve Yates
System/High Availability Sync page shows checkboxes for what to sync. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Wednesday, November 16, 2016 1:05 AM To: pfSense Support and Discussion Mailing List

Re: [pfSense] pfsense + carp + ha

2016-11-15 Thread Steve Yates
it would need the same ports. One gotcha that caught me...under "System/High Availability Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote System Username" field. That field is ignored, and "admin" is always used. -- Steve

  1   2   >