on pfSense.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
just fine. It also doesn't have an ARP entry for 64.79.96.148
which is the WAN IP of the second router.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https
Steve Yates wrote on Wed, Mar 18 2015 at 7:02 pm:
and pinging .150 yields Destination host unreachable since it doesn't think
it
has anywhere to send the routed traffic. I noticed our office router does not
detect an ARP entry for the CARP IP.
Turns out there was a stray static
IPs from the /29 to provide NAT to a separate network on private IPs.
--
Thanks all,
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Steve Yates wrote on Wed, Mar 25 2015 at 1:22 pm:
In my other thread, diagnosing why failback only moved back the WAN
IPs, if the physical host had its network restarted underneath my router VM.
Sorry, had that backwards FWIW; it only moved back the LAN. Again, not
a normal
fine for me. Is your firewall log set
to show packets logged by the default block rule?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
connects to the Internet directly, and pfSense connects
to the Internet separately (so they are in parallel), and you have two WAN IP
addresses, that will work.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman
Using CARP implies that you care about reliability during edge cases and
partial failures. If so, then you need to do it right and use 3 IPs where
you want 1 carp.
I hear you. I guess part of me just dislikes the possibility of wasting 12 or
18 IPs (6 per subnet) a few years down the
Steve Yates wrote on Mon, Mar 2 2015 at 1:05 am:
the scenario is: no NAT, multiple public IPs in use on the LAN side
from two different subnets, and pfSense acting as a firewall.
I received an email directly...to perhaps shorten my example, if we
have two public subnets 1.1.1.0/28
Steve Yates wrote on Mon, Mar 2 2015 at 9:09 am:
I received an email directly...to perhaps shorten my example, if we
have two public subnets 1.1.1.0/28 and 2.2.2.0/28, I would like to use both of
those subnets on different servers, use pfSense as the firewall, and use CARP
Steve Yates wrote on Fri, Feb 27 2015 at 12:29 pm:
Two WAN IP, two LAN IP, and two more for sync.
And reading this, I didn't write what I meant, so to just correct it
all, 3 WAN, 3 LAN, and 2 for sync.
--
Steve Yates
ITS, Inc.
___
pfSense
Chris L wrote on Fri, Feb 27 2015 at 3:34 pm:
On Feb 27, 2015, at 12:37 PM, Steve Yates wrote:
Chris L wrote on Fri, Feb 27 2015 at 12:10 pm:
Hopefully the provider can just route the additional subnet to your
existing WAN IP. Then you don’t need to do anything with CARP/HA
except make
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm:
If enable the HA sync setting for Synchronize Config to IP with the
backup node's IP, and Remote System Username and Password for the backup,
I get errors on the master like:
[ An authentication failure occurred while trying to access
Steve Yates wrote on Wed, Mar 18 2015 at 4:49 pm:
Is it hard coded to use admin?
Never mind, I reread the docs again. Enter admin for the Remote
System Username (other usernames will not work
___
pfSense mailing list
https
was clicking around a lot, but
it seems to be repeatable.
--
Steve
Steve Yates wrote on Mon, Mar 23 2015 at 2:50 pm:
Just ran into an odd scenario in my testbed...if pfSense (router1) is in a VM
(Parallels Cloud/Virtuozzo), and I run service network restart on the host
for
that VM, pfSense fails
PCI scanning is now failing TLS 1.0 connections. Is it as simple as
adding tls-version-min 1.1 (or 1.2) to the OpenVPN: Server/Advanced
configuration/Advanced text box?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https
/packet level. At that point
(theoretically) I suppose CloudFlare would have to have functionality to act as
a firewall? And pfSense configured to only allow traffic from it.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org
Ermal Luçi wrote on Wed, Jun 17 2015 at 10:22 am:
On Wed, Jun 17, 2015 at 4:40 PM, Steve Yates st...@teamits.com wrote:
OpenVPN requires a self-signed cert.
Can you report the issue with OpenVPN on self-signed cert?
It's been a few months but if I recall correctly, on page
it wasn't honoring the Suppress instruction.
--
Steve Yates
ITS, Inc.
Steve Yates wrote on Mon, Jul 13 2015 at 3:16 pm:
I got Suricata installed and operating. I found, oddly, that the
highest
volume of packet errors alerted was to/from Symantec IPs. I added that
subnet as trusted
to the WAN side of pfSense,
so they would not be using pfSense at all.
You can't connect the networks through pfSense and around it at the same time...
--
Steve Yates
ITS, Inc.
Justin Edmands wrote on Mon, Jul 27 2015 at 3:53 pm:
I have setup a dual gateway setup I have created to test a future
, with the LAN computers behind it.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
I think you're looking for Snort or Suricata. Presumably someone would
have detections for asterisk by now?
--
Steve Yates
ITS, Inc.
mayak wrote on Sat, Jul 25 2015 at 7:31 am:
hi all,
i have a number of asterisk instances behind pfsense -- 5060 is open to the
public
points, wireless clients, or bridges, but
not more than one. I would expect if you connect the printer to the LAN, then
anyone using the printer would need to connect to the LAN's AP instead of
directly to the printer.
--
Steve Yates
ITS, Inc
by default.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
. However,
IPs from within that /24 still show in the Alerts tab?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
> I don't have any trouble adding NAT
> rules that forward the .217 through to my internal network.
If that works, it sounds like .217 is your IP, and not your gateway as
they documented. What is the gateway on your WAN connection?
--
Steve Yates
IT
) System/Packages shows v1.2.20 installed. Looking at its changelog page, it
looks like 2.3.6 is the OpenVPN version?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
the public IP for the passive connection,
instead of the server's LAN IP. However (not tested) that may well break
internal FTP, unless perhaps requests to the WAN IP are reflected back inside.
I think I would even expect internal FTP users to have to connect via the WAN
IP also.
--
Steve Yates
Ryan Coleman wrote on Thu, Jul 9 2015 at 5:24 pm:
I switched it to port 21 and it’s still not working externally, either.
Not sure if you said what FTP client you're using. FileZilla has some
debug logging modes that might help narrow down the issue.
--
Steve Yates
ITS, Inc
?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
hared LAN
IP, it listens on that alias. Did you check your firewall log/rules?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
the time zone to be set in php.ini or other PHP-read
.ini files. It's just a warning so isn't an indicator of a problem in and of
itself.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support
> 2.- The WAN network don't work. No access to Internet using or not,
> DNS service in pfSense box. ping, traceroute, dig directly from
> pfSense box not work.
If you can't ping/traceroute by IP address, it's not a DNS issue.
--
Steve Yates
on firewall rules which the
OP specifically asked about and I'll admit I didn't realize pfSense had.
I couldn't find a "part 2" though...?
>> A quick Googling came up with this:
>>
>> http://www.wedebugyou.com/2012/11/how-to-prevent-and-mitigat
being fixed. Until then, 2.1.5 rules the
> roost.
Per that bug report (https://redmine.pfsense.org/issues/4326), it
sounds like it's only an issue if NAT is being used, correct? They work if NAT
is not in use?
--
Steve Yates
ITS, Inc.
___
Steve Yates wrote on Tue, Nov 24 2015 at 9:28 am:
> We haven't used wireless with pfSense yet. The manuals for the
> hardware models don't seem to mention how to set up the optional
> wireless. The doc site suggests not using wireless in pfSense?
> (https://doc.pfsense.o
r document.getElementById like so
and it will save a lot of repeated text on a page that big:
function x() {
return document.getElementById(arguments[0]);
}
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/l
Jumping in midway through, 193.168.1.0/24 belongs to Universite du Luxembourg.
If that's not you then the other end could be routing packets there.
--
Steve Yates
ITS, Inc.
-Original Message-
> On Wed, May 25, 2016 at 8:54 PM, Lyle <l...@lcrcomputer.net> wrote:
>
>>
looked a while back it seemed like Snort and Suricata were similar but
Snort was single thread and Suricata could multi-thread.
https://github.com/Snorby/snorby/wiki/Snort-vs-Suricata-vs-Sagan
http://wiki.aanval.com/wiki/Snort_vs_Suricata
--
Steve Yates
ITS, Inc.
-Original Message-
From
, and we haven't had the problem lately. My
guess is the more individual rules that one disables, the longer it takes to
sync, and the larger sync info is. Then at some point something crashed and
reset the rules to not have any disabled, after which the sync is smaller.
--
Steve Yates
ITS, Inc
#pfSense_2.3_Upgrade_Guide has
text:
See Package Port List for a list of packages currently available on 2.3.
Links to -> https://doc.pfsense.org/index.php/Package_Port_List
Also, from the blog entry on the 2.3.1 release:
https://doc.pfsense.org/index.php/2.3_Removed_Packages
--
Steve Yates
ITS, Inc.
-Origi
.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Eschner
Sent: Monday, June 20, 2016 1:28 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: [pfSense] add Blocking in suricata just fo
Steve Yates wrote on Tue, Dec 15 2015 at 5:04 pm:
> Per that bug report (https://redmine.pfsense.org/issues/4326), it
> sounds like it's only an issue
> if NAT is being used, correct? They work if NAT is not in use?
To follow up I set up a limiter on our data cent
Ethernet port speed is
still going to be 100 because the only choices are 10, 100, 1000, or 10 Gbit.
Likewise, if the colo has a lot of traffic, he may not get a 100 Mbps
download speed when testing.
--
Steve Yates
ITS, Inc.
___
pfSense
.
...maybe "restarting packages" is interfering with the Suricata sync?
Or possibly the default Suricata sync timeout of 150 seconds needs to
be a *lot* higher?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.
Steve Yates wrote on Tue, Jan 12 2016 at 1:25 am:
> 6) I started on pfSense 2.2.5 and upgraded both routers to 2.2.6 since it
> said it
> fixed some sync issues. On at least two occasions, with 2.2.6, I start
> getting
> "unread notice" alerts for sync errors, and can
but I've never had a
problem upgrading 2.x versions. That said I read the changelog-in-progress for
2.3 and it looks like a big overhaul.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
issue...
Steve Yates
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
ork?
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
t shows
the block in your firewall log. And just to over clarify, it is the FTP server
that tells the client what port to use, so you can't control that unless you
control the FTP server.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https:/
://www.dshield.org/block.txt
and https://secure.dshield.org/block.txt either of which are probably better
to use/list since they use HTTPS.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
is hardcoded to use "admin"...but it sounds like you get
a successful sync so that can't be it.
Now I only have issues with the Suricata package sync occasionally causing the
web GUI (I think PHP-FPM really, which prevents the GUI from working) on the
slave to stop responding.
--
Steve Yate
kages are not available. See Package Port List for a list of packages
currently available on 2.3."
https://doc.pfsense.org/index.php/Package_Port_List
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jeff H
Sent: Wednesday, Apri
ility list for 2.3.x?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of mayak
Sent: Wednesday, April 13, 2016 5:17 AM
To: pfSense support and discussion <list@lists.pfsense.org>
Subject: [pfSense] 2.3 show stopper - bind package
if you open the PDFs
on their site. They do list compressed read and write speeds for some drives
so be careful what table you're reading.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Karl Fife
Sent: Wednesday, May 18, 2016 1
"
My second question was going to be about getting IPv6 to the PCs inside the
tenant router but unless I'm mistaken I need a couple more /64 networks for
that (what a waste of IPs...I know there's a lot but still...).
Thanks,
Steve Yates
ITS, Inc.
__
The schedules are created under Firewall/Schedules and then can be applied to a
limiter. On a limiter you'd need at least two Bandwidth entries, one for each
schedule (day/night).
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf
2601:249::::/64
...with the LAN IP range. (yes, it is spelled "prefixs")
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz
Sent: Wednesday, May 18, 2016 10:10 PM
To: pfSense Support and Discussio
Is there a way to force pfSense to do NAT for IPv6? If so then we could make
it work. I understand that's not the point of IPv6 but...
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Moshe Katz
Sent: Thursday, May 19, 2016 2
, and 192.168.199.0/24 for
OpenVPN. 192.168.199.0/24 is just used to route packets from the remote PC to
behind the router.
You wrote "/130" for the CARP WAN alias...I'm assuming that's a typo and should
be "/29" like the others.
--
Steve Yates
ITS, Inc.
-Original Message-
Fro
https://doc.pfsense.org/index.php/Upgrade_Guide#Upgrading_High_Availability_Deployments
"Generally the recommended path for upgrading a High Availability cluster is to
first upgrade the secondary node."
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto
You should not have to route anything manually. Your data center or ISP routes
the /25 to 212.168.31.130. In essence, packets are sent there for you.
PfSense then "knows" the LAN side is the /25 and sends them to the LAN.
--
Steve Yates
ITS, Inc.
-Original Message-
to use a limiter
on a LAN upload.
I did see the known issue that limiters don't currently work on NATted
interfaces so don't have them set up on the WAN side.
Thanks,
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org
fore limit the connection if a tenant was, let's say, hosting a web
server and a remote user uploaded a file into the building.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg
Sent: Thursday, May 12, 2016 1:17 PM
To: pfSen
No we're actually using NAT and private IPs inside the building. We use 1:1
NAT if a tenant needs a public IP.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg
Sent: Thursday, May 12, 2016 2:38 PM
To: pfSense Support
I have the limiters configured as you show. But are you saying you would
normally set your limiter on rules on both the LAN and WAN? Basically, I
should set it on LAN for now and when the bug is fixed set it on WAN also?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List
Are you using dots in your FQDNs? Those aren't valid alias names... 'The name
of the alias may only consist of the characters "a-z, A-Z, 0-9 and _".'
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Martin Fuchs
Sen
Is there a length limit for alias names?
If it's an invalid alias I would think one of the logs should show something
when the firewall rules are applied...I recall seeing errors in there before...
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun
s not permitted on their equipment"
Is that even possible? How would they prevent that other than tying the IP
address to a MAC address?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Wednesday, May 4, 2016 5:12 AM
and such but
unless you're expecting a super high number of connections I would probably
just turn it on and check the settings periodically.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Olivier Mascia
Sent: Thursday, April
To rule out any missing firewall rules, on Status: System logs: Settings, check
"Log packets matched from the default block rules put in the ruleset" and see
if it starts logging your pings from the LAN.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto
n Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] 2.3 show stopper - bind package missing -- don't install
if you need bind!
On Wed, Apr 13, 2016 at 1:48 PM, Steve Yates <st...@teamits.com> wrote:
> The release notes don't mention specific package compatibility
Yes it does.
"
I'm just brainstorming here but for your specific example could you do
something like delegate wildcard record *.example.com to the public DNS
servers? Or mail.example.com, etc.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf
as
someone pointed out that may use far more power in the long run.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen
Sent: Wednesday, August 3, 2016 2:37 AM
To: pfSense Support and Discussion Mailing List <list@
This may or may not be related but after he upgrade to 2.3.1 I did find a
continual stream of checksum error alerts in Suricata. As found online,
disabling Hardware Checksum Offloading fixed it, even though this is on a
virtual machine.
--
Steve Yates
ITS, Inc.
-Original Message
licate this at will...in this case an "rsync --dry-run" is plenty.
It doesn't seem to have any effect on traffic since the copy works fine, it
appears to just be a logging issue.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https:/
/rc.filter_configure_sync.
My question is, is there an accepted way to hide that info? It fills up the
system logs/General page...
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold
pfBlockerNG blocks by country, which is what your image showed.
One caveat to country blocking is Microsoft has started using IPv4 blocks
allocated to it in other countries for its Azure service, since they ran out.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list
allocated to
Hewlett-Packard...? That might also be interfering with your routing.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Antonio
Sent: Sunday, August 14, 2016 3:55 AM
To: list@lists.pfsense.org
Subject: [pfSense] NAT from
?
Either as a remote site or as a SOHO router + VPN host? Just wondering how the
ARM CPU would stack up. The specs say 200k active (non-VPN) connections...
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo
oad speed anyway.
--
Steve Yates
ITS, Inc.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
That's what I'm trying to ask, if the SG-1000 would work for that.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao
Sent: Tuesday, January 24, 2017 11:41 PM
To: pfSense Support and Discussion Mailing List <l
he console would show a stream of errors that pointed to the
drive, don't recall them now of course.
--
Steve Yates
ITS, Inc.
-Original Message-
I had an issue at one point with hard disks dropping out because of the idle
time set on my Western Digital drives. You say you just upgra
If I'm following, you're using a public IP:port. Did you set up NAT
Reflection? (System/Advanced/Firewall & NAT)
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Berg
Sent: Monday, February 13, 2017 3:45 PM
To:
I saw something similar once after an upgrade, installing packages, when
pfSense's DNS wasn't running. Linux doesn't really do a round-robin or
last-known-good DNS search, it just keeps trying the failing ones. I don't
recall noticing it on the main screen though.
--
Steve Yates
ITS, Inc
In Status/System Logs/Settings check the "Log packets matched from the default
block rules in the ruleset" option and see if the firewall log shows blocked
packets.
Are the interfaces set to block private networks, since you are using those on
all interfaces?
--
Steve Yate
When editing an alias the Hint line shows, "FQDN hostnames are periodically
re-resolved and updated. If multiple IPs are returned by a DNS query, all are
used."
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WolfS
uot; Restarting named will flush updated data from .jnl files back to the
zone file."
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Satish Patel
Sent: Thursday, September 22, 2016 1:55 PM
To: m...@fuckaround.
I don't know if you need forwarding for this. Can you just add an NS record to
the example.com zone for site2.example.com pointing to 10.0.10.1 (well, a
hostname that points to that IP)?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org
If you want the pfSense to be between your laptop and the Internet your laptop
would need to be on the LAN side of the pfSense.
Why are you using a public IP range on the LAN side of your router? That will
also cause problems. Did you mean to write (or use) 172.16.30.10?
--
Steve Yates
ITS
pfblockerng.php?pfb=pfB_Africa_v4.; So you
could keep your list somewhere else on a web server.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of qmail
Sent: Friday, September 30, 2016 10:30 AM
To: list@lists.pfsense.org
Subject
Basically, but doing it directly would avoid dealing with the package.
I guess it's just down to how often the chosen list is updated. And, if it's
just via allocation, aren't they done allocating IPv4 blocks...
--
Steve Yates
ITS, Inc.
-Original Message-
From: List
ly, but if DNS isn't working that could be an issue. In
other words if DNS is running then 127.0.0.1 will always be the first DNS
server used.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer
Sent: Friday, Oct
te syncing completely. I haven't gone that far
but did check "No pfSync" on the firewall rule per the below, to no avail.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates
Sent: Friday, July 8, 2016 4:30 PM
Not sure. Router restart?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin
Sent: Friday, October 21, 2016 11:08 AM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense]
The Rules page logs traffic for the rule, in bytes, in the States
column. You can also set allow rules to log traffic but that will be a lot of
log entries.
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin
System/High Availability Sync page shows checkboxes for what to sync.
-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen
Sent: Wednesday, November 16, 2016 1:05 AM
To: pfSense Support and Discussion Mailing List
it would need the
same ports.
One gotcha that caught me...under "System/High Availability
Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote
System Username" field. That field is ignored, and "admin" is always used.
--
Steve
Are your rules disappearing on the slave, the master, or both?
Brainstorming, do both have the same name for the pfsync interface? Meaning
the slave isn't named PFSYNC-SLAVE or something like that?
--
Steve Yates
ITS, Inc.
-Original Message-
From: List [mailto:list-boun
1 - 100 of 188 matches
Mail list logo