On a multi-wan installation, I'd like to combine policy based
routing (ie send web connections through ADSL with high download
bandwith, and VPNs through slower but more reliable SDSL), and OLSR to
ensure evriything goes through the remaining link if one of them
(probably the ADSL one) is
On Wed, Oct 1, 2008 at 00:15, Erwan David [EMAIL PROTECTED] wrote:
On a multi-wan installation, I'd like to combine policy based
routing (ie send web connections through ADSL with high download
bandwith, and VPNs through slower but more reliable SDSL), and OLSR to
ensure evriything goes
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port 80 and 443. I have
also(just to be sure) allowed *ALL* traffic out from my static ip on
my macbook. Problem is I can't get to the site subaru.com.
I don't see anything in the logs and
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz [EMAIL PROTECTED] wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port 80 and 443. I have also(just
to be sure) allowed *ALL* traffic out from my static ip on my macbook.
Problem is I can't
i'm connected via cable modem, mtu is set to 1500.
thanks
-phil
On Oct 1, 2008, at 5:23 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 6:18 PM, BSD Wiz [EMAIL PROTECTED] wrote:
pfSense 1.2.1 RC1
only add-on package installed is iperf.
I have rules to allow allow traffic out on port
It may be helpful to see your rulesets on your LAN and WAN interfaces... or
paste the pertinent XML from your config file..
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- BSD Wiz [EMAIL PROTECTED] wrote:
i'm connected via cable modem, mtu is set to 1500.
thanks
I had this same issue with fedex.com a while back
Adjusted mtu, did a fresh install, never could find a solution... one day it
started working again.
(weird thing was half our clients could connect and half could not.)
-Tim
-Original Message-
From: Tim Nelson [mailto:[EMAIL PROTECTED]
Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies on ICMP to
automagically determine the proper MTU...
On nearly all of my installations, I'm blocking EVERYTHING including ICMP on
the WAN and PMTU still works fine. Maybe you have it blocked elsewhere?
Just a thought...
Tim
so i'm not the only one
i tried fedex just for kicks and it works :)
weird...
-phil
On Oct 1, 2008, at 5:56 PM, Tim Dickson wrote:
I had this same issue with fedex.com a while back
Adjusted mtu, did a fresh install, never could find a solution...
one day it started working again.
yes, i block ICMP inbound at the WAN.
-phil
On Oct 1, 2008, at 6:00 PM, Tim Nelson wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies
on ICMP to automagically determine the proper MTU...
On nearly all of my installations, I'm blocking EVERYTHING
including ICMP on
And a big 'Sorry' to the list for not removing that huge chunk of XML from my
reply... :-(
Tim Nelson
Systems/Network Engineer
Rockbochs Inc.
(218)727-4332 x105
- Tim Nelson wrote:
Turn logging on for your last rule on your LAN that drops all otherwise
specified traffic. Your logs
Can you telnet to port 80 to subaru.com? What IP do you get if you ping
it. I get 67.202.194.73.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:19 PM, Tim Nelson [EMAIL PROTECTED] wrote:
And a big 'Sorry' to the list for not removing
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any rule.
thanks!
-phil
On Oct 1, 2008, at 6:19 PM, Tim Nelson wrote:
And a big 'Sorry' to the list for not removing that huge chunk of
XML from my
i can only telnet to port 80 from the pfsense box. i cannot telnet
from my machines on the lan.
if i try and ping subaru.com it resolves to 67.202.194.73 but it
seems that they drop ICMP traffic.
thanks,
-phil
On Oct 1, 2008, at 6:24 PM, Curtis LaMasters wrote:
Can you telnet to port
Check with your upstream provider, to make sure they are not blocking
it.. Or you can check yourself by bypassing the firewall.
Adam
BSD Wiz wrote:
logging is already turned on for the drop all rule. it doesn't show
anything getting blocked when i go to subaru.com.
let me try the any to any
What happens in your state table when users on the lan try to go to the
site?
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Oct 1, 2008 at 6:29 PM, BSD Wiz [EMAIL PROTECTED] wrote:
i can only telnet to port 80 from the pfsense box. i cannot telnet from
already did.
if i plug directly into my cable modem i can get there.. plus i can
telnet from the pfsense box to subaru.com over port 80.
-phil
On Oct 1, 2008, at 6:30 PM, [EMAIL PROTECTED] wrote:
Check with your upstream provider, to make sure they are not
blocking it.. Or you can check
looks normal.
tcp
67.202.194.73:80 - 172.16.0.25:49657
SYN_SENT:ESTABLISHED
tcp
172.16.0.25:49657 - 24.183.138.36:59156 - 67.202.194.73:80
ESTABLISHED:SYN_SENT
there, now you all know my public ip :)
-phil
On Oct 1, 2008, at 6:30 PM, Curtis LaMasters wrote:
What happens in your state
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson [EMAIL PROTECTED] wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery) relies on ICMP
to automagically determine the proper MTU...
On nearly all of my installations, I'm blocking EVERYTHING including ICMP on
the WAN and PMTU still
New Zealand, like several other countries and several more countries since,
has changed daylight savings rules earlier last year. pfsense's zoneinfo is
dated Jan 2007 and out of date by a long shot - I remember Linux distros
updating their zoneinfo about mid last year.
This means times are now
no luck with the any any rule either. same thing.
this is really strange. i'll keep poking around.
thanks again gents.
-phil
On Oct 1, 2008, at 6:15 PM, Tim Nelson wrote:
Turn logging on for your last rule on your LAN that drops all
otherwise specified traffic. Your logs should show
On Wed, Oct 1, 2008 at 8:29 PM, Volker Kuhlmann [EMAIL PROTECTED]wrote:
New Zealand, like several other countries and several more countries since,
has changed daylight savings rules earlier last year. pfsense's zoneinfo is
dated Jan 2007 and out of date by a long shot - I remember Linux
do you guys think i should revert back to version 1.2 and test it?
-phil
On Oct 1, 2008, at 6:59 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 7:00 PM, Tim Nelson [EMAIL PROTECTED]
wrote:
Are you blocking any ICMP traffic? PMTU (MTU path discovery)
relies on ICMP to automagically
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz [EMAIL PROTECTED] wrote:
do you guys think i should revert back to version 1.2 and test it?
I would say there isn't a good chance that would change anything, but
someone seems to be reporting a similar problem on the forum that
reportedly didn't exist in
yeah, 1.2 doesn't work either. the problem does in fact appear to
only affect certain hosts as other machines on my network can reach
the site. specifically, an iphone and freebsd server.
-phil
On Oct 1, 2008, at 10:04 PM, Chris Buechler wrote:
On Wed, Oct 1, 2008 at 9:23 PM, BSD Wiz
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz [EMAIL PROTECTED] wrote:
yep, i looked at it using tcpdump. i just see syn packets going out the
door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330 subaru.com.http: S
3917131801:3917131801(0) win 65535 mss 1460,nop,wscale
On Wed, Oct 1, 2008 at 11:12 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Wed, Oct 1, 2008 at 11:55 PM, BSD Wiz [EMAIL PROTECTED] wrote:
yep, i looked at it using tcpdump. i just see syn packets going out the
door, i never get any syn-acks back.
22:50:47.417326 IP unixbox.gnet.49330
i know, i just want to check out the new wrx's and sti!!
tried messing with the mtu without any luck.
ok, here is tcpdump running on my pfsense firewall(unixbox.gnet). you
can see my request to subaru.com and then the reply comes to the
firewall but never get's passed to my computer. what's
28 matches
Mail list logo