On Thu, Aug 14, 2008 at 10:14 PM, Aliet Santiesteban Sifontes
[EMAIL PROTECTED] wrote:
Well, my pps requirements are 500 kpps, we expect to improve to 400
In lab testing of FreeBSD 6.2, I ran out of horsepower on my two test
boxes (HP DL145G2 - dual core Opteron boxes) generating around 400k
pps
On Sat, Aug 2, 2008 at 5:28 AM, Tortise [EMAIL PROTECTED] wrote:
Hi
When I run a connection thru pfSense (1.2 CF) almost immediately following
successful connection WinSCP loses the connection with an Server
unexpectedly closed network connection error message. Happens with client
LAN side
On Sat, Aug 2, 2008 at 5:07 PM, Tortise [EMAIL PROTECTED] wrote:
Thanks Bill
WAN side for me meant a Path of:
Client WinSCP (WAN side) = Internet = pfSense / NAT = LAN Server
LAN side was indirect, however to me should still work and has done in the
past
Client WinSCP on LAN directed
Here's a suggestion somewhat out of left field. What about MTU? Any
chance the provider changed it on you? A machine right on the edge
would handle fragmentation somewhat more gracefully than a firewall
that might decide to drop certain inappropriately fragmented frames.
This would also cause
On Wed, Jul 30, 2008 at 8:29 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Wed, Jul 30, 2008 at 7:30 PM, Ted Crow [EMAIL PROTECTED] wrote:
what I can see.
- the DMZ speed is 40-60Mbps to the Internet and 50-60Mbps to the LAN.
How are you testing? I've pushed more than that through a 500
I think you ran into something we just noticed ourselves yesterday.
--Bill
On Mon, Jul 28, 2008 at 5:40 PM, DLStrout [EMAIL PROTECTED] wrote:
et al,
So I was inspired to dig into the newest Alpha2X 1.3 today and fired up the
VM and was pleasantly greeted w/ an XML error:
XML error: no
Nope, at this point, nothing necessary. Thanks
On Tue, Jul 29, 2008 at 8:09 PM, DLStrout [EMAIL PROTECTED] wrote:
I see loads of errors when trying to configure interfaces/addresses. I can
fire it up here in a bit and give you more details unless you've pinpointed
the issue and need nothing
On Mon, Jul 28, 2008 at 7:19 AM, DLStrout [EMAIL PROTECTED] wrote:
I have been tinkering w/ the Shrew Soft VPN client and was wondering if
there is anyway (maybe I'm missing it) to setup IPsec clients to be dhcp
over IPsec or IKE config pull/push clients? I see in the Shrew docs that
this
On Mon, Jul 28, 2008 at 9:42 AM, DLStrout [EMAIL PROTECTED] wrote:
Though this is a great idea (to test on 1.3) I/we aren't ready to put a 1.3
alpha2x box into production at this site, and have had several scaving
emails this morning at the suggestion from me to do so (ah ha ha, -- go
figure).
On Tue, Jul 22, 2008 at 1:02 AM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Chris Buechler wrote:
How is your outbound NAT configured? Even static port won't rewrite
the source ports to something incremental, it just retains whatever
the source port is.
Automatic outbound NAT rule
On Tue, Jul 22, 2008 at 1:17 AM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Beat Siegenthaler wrote:
Upps, stop the press...
I apologize for the hype. No cause for alarm.
Packet Dump at the pfSense WAN side shows a excellent entropy.
I did not realize that there is another DSL natting
On Mon, Jul 21, 2008 at 3:39 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Chris Buechler wrote:
No, pf has randomized source ports on all NATed TCP and UDP traffic for 8
years. I was surprised to find out that's the
On Mon, Jul 21, 2008 at 5:54 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
done a dump on pfSense at the dmz-side. It looks that the source ports from
BIND are very good in random. But at the wan-side, the ports are just
ascending more or less. What about the mentioned UDP timeout?
Shouldn't
On Sun, Jul 13, 2008 at 2:40 PM, Boddin Gregory [EMAIL PROTECTED] wrote:
snip
2. I setuped a virtual server with IP 10.85.9.40 (and also tried the
snip
# /sbin/pfctl -a slb -s nat
rdr inet proto tcp from any to 10.85.9.254 port = isi-gl - {
10.85.10.244, 10.85.10.245 } port 80 round-robin
On Wed, Jul 9, 2008 at 2:54 AM, Ahmed Abdallah [EMAIL PROTECTED] wrote:
I'm trying to get the HEAD version of pfSense, so I added the HEAD to
PFSENSETAG in pfsense_local.sh. It worked but the resulting iso did not
contain php and the initialization scripts failed to start.
We killed HEAD, it
On Tue, Jul 8, 2008 at 1:55 PM, RB [EMAIL PROTECTED] wrote:
Does pfSense offer an alternative to the Juniper SSL VPN solutions ?
rant
snip parts that I'm not interested in arguing :)
Furthermore, the clientless VPN solutions reduce the operator's
control over the endpoints, degrading the
On Tue, Jul 8, 2008 at 6:06 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On 7/8/08, Bill Marquette [EMAIL PROTECTED] wrote:
With OpenVPN, you only have control of the client at time of install.
With the clientless solutions from Juniper, F5, et al, they usually
have the ability to check
I'm guessing this is more likely a bad regexp, looking at the fact
that all block rules listed are @2.* - it may or may not be related
to shaper changes, if so, it's likely that it's a trigger for the bug,
not the cause of the bug.
--Bill
On Mon, Jul 7, 2008 at 12:47 AM, sai [EMAIL PROTECTED]
On Tue, Jul 1, 2008 at 4:02 AM, Ahmed Abdallah [EMAIL PROTECTED] wrote:
Is there no way of building pfSense now ? I need to do that urgently, so plz
if anyone knows how to build it in this state advice me ?
Did you bother to try the document I pointed you at?
--Bill
I'm not sure how up to date that document is (and it looks like we
have a couple of 'build' docs on the wiki). This one
http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso has been gone
through a number of times by myself and had various fixes applied to
it. You might try it out.
--Bill
On
On Thu, Jun 26, 2008 at 3:43 AM, Hiren Joshi [EMAIL PROTECTED] wrote:
After a bit of investigation, our ISP has admitted to a routing problem
with their switch. Thanks for the suggestions, it looks like pfsense was
doing the correct thing!
I do a have a slightly related question: does the RDD
Two things...try your build again, you might have gotten tripped up
during an upstream FreeBSD commit. Second, check the kernel make flag
(MAKEJ_KERNEL) and lower it. I think we default to 4, it's been known
to cause (us) issues during kernel build, you might try -j1 or -j2.
--Bill
On Wed, Jun
On Tue, Jun 24, 2008 at 8:39 AM, Angelo Turetta
[EMAIL PROTECTED] wrote:
I know there's a huge overhaul of the build system ongoing, I just wanted to
be sure the obvious didn't go unnoticed. From
http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/old/?C=M;O=A
pfSense-20080524-1842.iso.gz
On Tue, Jun 24, 2008 at 2:46 PM, Scott Ullrich [EMAIL PROTECTED] wrote:
On Tue, Jun 24, 2008 at 9:54 AM, Bill Marquette
There was a number of items in CVS (binaries) that have been nuked.
Instead of just pointing out that the sizes are smaller, what is wrong
with the latest snaps
On Tue, Jun 17, 2008 at 4:34 AM, Matias Surdi [EMAIL PROTECTED] wrote:
In our current firewall (using iptables) we have a set of rules that makes a
DNAT redirectin ALL outgoing udp port 53 (DNS) traffic to an internet DNS
server, so that everybody is forces to use it.
Is it possible to
On Tue, Jun 17, 2008 at 10:34 AM, Patrick M. Murray, M.F.A.
[EMAIL PROTECTED] wrote:
I'm going to run the CF card and see how long it lasts :) they are cheaper
each day - wouldn't be a big loss and i can always yank the card and back it
up anytime.
It's not great uptime yet and I'm not
On Tue, Jun 17, 2008 at 2:54 PM, Patrick M. Murray, M.F.A.
[EMAIL PROTECTED] wrote:
is there any noticeable speed increase or decrease?
Over an hdd given the box it's on, it boots WAY faster. I'm using a
2GB Sandisk Extreme II card, so it's pretty blazing fast for pfSense.
For normal
On Tue, May 6, 2008 at 5:30 PM, David Rees [EMAIL PROTECTED] wrote:
OK, attached is a patch to /etc/config.inc that makes sure that the
config.xml and config.cache is updated atomically. The patch adds a
function function write_safe_file with 3 arguments: $file, $content,
$force_binary.
On Thu, May 15, 2008 at 11:05 AM, Ron Lemon [EMAIL PROTECTED] wrote:
I would like to take a reasonable machine and run some virtualization
software on it so that I can run both pfSense and a copy of a standard
workstation image so I can use it for remote testing. The workstation image
will
On Mon, May 12, 2008 at 4:23 AM, Tortise [EMAIL PROTECTED] wrote:
The above issue (and the earlier pfSense hanging...) have not recurred
since the upgrade.
Good to hear, thanks for the update.
I was not aware of a particular fix that might have addressed this, however
looking around it is
On Wed, Apr 30, 2008 at 12:30 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote:
I created Ticket #1706 regarding the load-balancing issue. Does anyone have
an estimate of how long time before bugs are fixed? Could I do a workarround
meanwhile?
Thanks for filing the ticket. I just got back
we aren't installing the reply-to logic on WAN for
some reason (probably cause nobody had a setup where machines on wan2
tried to connect to services on wan). Can you file a bug on
cvstrac.pfsense.com for this, please? Thanks
--Bill
Martin
Bill Marquette skrev:
On Thu, Apr 24, 2008
On Thu, Apr 24, 2008 at 4:22 AM, Martin Kruse Jensen [EMAIL PROTECTED] wrote:
The /tmp/rules.debug can be found at http://pastebin.com/m39a0c097
Before getting /tmp/rules.debug i did the following:
- Created failover gateway in Services - Load-balancer (loadbalancetowan)
- Set the default
On Wed, Apr 23, 2008 at 9:27 AM, Gary Buckmaster
[EMAIL PROTECTED] wrote:
For public-facing services like email or web service, create a policy route
to ensure that all traffic for those services from those services egresses
your network on the Interface listed by your DNS response.
pfSense
On Wed, Apr 23, 2008 at 6:31 PM, Tortise [EMAIL PROTECTED] wrote:
Hi
I have been testing NAT with UDP and a port range of 10001 - 16383. This
is on 1.2 final, embedded on i386.
You might want to disable NAT reflection (System-Advanced if my
memory serves) if you need to redirect that
On Wed, Apr 23, 2008 at 7:15 PM, Tortise [EMAIL PROTECTED] wrote:
As always thank you again Bill
Now I think the penny has dropped and I now understand that message Not
installing nat reflection rules for a port range 500
duh, yeah :) So yeah, the reflection rules aren't enabled for large
On Thu, Apr 17, 2008 at 9:00 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Thu, Apr 17, 2008 at 8:50 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
One last thing:
Is there currently any way to *not* assign an IP directly to the WAN
interface in a CARP config?
No, not at this
Sun engineers have a McDonalds down the hall.
http://blogs.sun.com/mikebelch/entry/ethernet_interfaces_what_s_in
--Bill
On Wed, Apr 9, 2008 at 3:46 PM, Tim Nelson [EMAIL PROTECTED] wrote:
I'll have to check a few of my systems when I arrive home to double check
the part number. The chipsets
On Wed, Apr 9, 2008 at 6:36 PM, Andy Dills [EMAIL PROTECTED] wrote:
On Wed, 9 Apr 2008, Chris Buechler wrote:
Andy Dills wrote:
Good news, it appears my assumption was correct. There exists a flaw in
the realtek chipset (as quoted earlier in the thread), and it appears
that a
On Sun, Apr 6, 2008 at 10:17 PM, Jared B. Griffith
[EMAIL PROTECTED] wrote:
That's what we have already, which I would really prefer to not do this as
it's more machines to maintain and more possiblities of something going
wrong.
I don't know why it's not part of it already since I know that
On Tue, Apr 1, 2008 at 9:44 AM, Anil Garg [EMAIL PROTECTED] wrote:
However most examples are for WAN side traffic and for keeping internet
alive. I will keep trying to find something that shows how servers can be
balanced.
If balancing is what you need, then use the load balancer built into
On Thu, Mar 27, 2008 at 9:44 AM, Paul M [EMAIL PROTECTED] wrote:
Eric Baenen wrote:
Using scp -c blowfish definitely improved things - went from 60Mbps
transfer to 70Mbps and cpu load on the pfSense firewalls varied from 50%
to 70%.
interesting, I tried this across our lanex and got
On Sat, Mar 22, 2008 at 7:22 PM, Eric Baenen [EMAIL PROTECTED] wrote:
The VPN connections from each lab to the core are OpenVPN, UDP, shared key,
AES 128bit (for now), LZO compression enabled.
SNIP
As I said before - all is working fine - except: when doing rsync's over
ssh/scp from the lab
I'm not sure what you are asking here so I'll give a couple possible answers.
a. I've used pfSense to connect to Nortel Contivities using branch
office tunnels - took longer to setup on the Nortel side than the
pfSense side.
b. Not sure if the Contivity client software could use pfSense as a
On Feb 7, 2008 12:03 PM, Chris Buechler [EMAIL PROTECTED] wrote:
You can accommodate for switch failure with CARP. Plug one firewall into
one switch and the other into another.
FWIW, I do exactly this at work. A machine in each datacenter (a few
miles apart), connected to switches in their own
On Feb 11, 2008 9:25 AM, Holger Goetz [EMAIL PROTECTED] wrote:
Hi Anders,
This is no recommendation, just a FYI, but:
Did you come across this website: http://www.myus.com/ - i never tried, but
it might be a way. I know there are US based mail order companies willing to
ship to such a
None known. I used to run pfflowd on OpenBSD for quite some time in
high throughput environments. It's worth noting that it only sends
events from the master box in the cluster.
--Bill
On Jan 29, 2008 7:16 AM, Angelo Turetta [EMAIL PROTECTED] wrote:
The description says that pfflowd uses the
If editing on the box, rm /tmp/config.cache to make sure you load up a
pristine copy of config.xml
--Bill
On Jan 28, 2008 9:40 PM, Michael Richardson [EMAIL PROTECTED] wrote:
On 1.2 RC4 :(
Really no other ideas but to reset? I have sooo much config time in this box
that might make me cry.
FWIW, this method of install does work with 1.2RC4 as I just did it in
VMWare Server 1.0.4 on a 64bit Ubuntu host. Install was to a Sandisk
Extreme III 2G card that I no longer have any use for (too small for
my camera) via generic (slow) pile of crap USB - CF card reader (not
sure where my good
On Jan 25, 2008 2:47 PM, Anil Garg [EMAIL PROTECTED] wrote:
Ok. I will leave paging on. I just kind of think its silly that for one
user at home I still hear my hdd constantly make noise of read-write... But
then I am not technical enough to know what is causing that..
I'm reasonably
On Jan 23, 2008 9:47 PM, Richard Sperry [EMAIL PROTECTED] wrote:
Your NIC must support VLAN tagging. I'm sure the dev's would love to take
your money, any open source project could use support (although I don't
think this is GPL or other, I thinks it is directly under Scott Ulrich) .
BSD
Huh? Consider me annoyed, what the hell is this referring to? It
certainly isn't the return receipt crap.
--Bill
On Jan 22, 2008 3:30 AM, Richard Sperry [EMAIL PROTECTED] wrote:
This is just a message to annoy everyone stating that I did learn to read,
and don't need to have a nanny telling
On Jan 18, 2008 4:06 AM, Paul M [EMAIL PROTECTED] wrote:
Curtis LaMasters wrote:
I have a client that that has an application server being installed very
soon that will require them to send and email to a server that is on the
can't you use a different DNS server (or use views -
We're a first match system. Make sure your ACL allowing access to the
DMZ is in front of the load balancer rule.
--Bill
On Jan 18, 2008 6:04 AM, David Barbero [EMAIL PROTECTED] wrote:
Hello everyone.
I have a question regarding the load balancer system, the ip monitor
has to be the router
On Jan 18, 2008 9:02 AM, Curtis LaMasters [EMAIL PROTECTED] wrote:
I'm doing a 1:1 NAT for each of these servers; they are on the same VLAN if
that matters. But it doesn't seem to matter weather or not NAT reflection
is enabled.
The 1:1 NAT will do it, I assumed it was a port forward. It's
On Jan 16, 2008 8:04 PM, Richard Sperry [EMAIL PROTECTED] wrote:
Does anyone know if 802.11x is enabled on the WAN? I have really slow
speeds on comcrap, and I know this is an issue if your running windows.
Not that I'm aware of and I've never had issues with either of my
current Comcast wans
On Jan 16, 2008 10:06 PM, Curtis LaMasters [EMAIL PROTECTED] wrote:
I guess I'm failing to put this together802.11x is a wireless standard
that has not yet been defined...and 802.1x is network access control...does
Comcast require this?
Good point...I kinda assumed the 1x was meant and not
Your reply traffic from 192.168.12.0/24 is bypassing the pfsense box
and returning directly to your PC. This breaks stateful inspection.
You are better off moving 192.168.12.0 behind the pfsense box on
another nic, or adding a static route on your PC tht points
192.168.12.0 at the same place you
On Dec 26, 2007 12:13 PM, James Kusler [EMAIL PROTECTED] wrote:
It gave the choices 'CARP', 'Web Proxy', and 'Other'. So if that has
changed in the newer version that may help.
If it truly says Web Proxy, you didn't get an official release from
us! It should read, CARP, Proxy ARP, and Other.
On Dec 26, 2007 1:30 PM, James Kusler [EMAIL PROTECTED] wrote:
Or I can bridge the modem and connect using the firewall on PPPoE.
With PPPoE and pfSense terminating the connection, 'other' is the
option you want for virtual IPs.
--Bill
On Dec 12, 2007 3:40 PM, Tim Nelson [EMAIL PROTECTED] wrote:
Does pfSense (any version) support any of Intel's quad port gigabit cards for
PCI-E? I'm looking specifically at the PRO/1000PT that uses the 82571GB
chipset. The FreeBSD HCL lists this controller but I was hoping to see if
anyone
On Dec 11, 2007 2:43 PM, Russ Bennett [EMAIL PROTECTED] wrote:
Hello,
I've setup a 1:1 nat and entered in the rules. Nothing was getting
through so I looked at the log and I can see the rule getting hit
properly except within the log I get the following message
You are probably seeing
On Nov 30, 2007 3:14 AM, Linus Nordberg [EMAIL PROTECTED] wrote:
Hi,
How are security issues in upstream software like the FreeBSD kernel
handled by the pfSense project? In the particular case of
If we determine there is a security issue in upstream software that
impacts pfSense we'll roll a
Yes. You'll need to create a subnet alias - say dynamicip and
populate it with the addresses (you can use cidr blocks here to reduce
the number of entries you need in the alias) that are dynamic, then
create a rule that uses the alias as the source address.
--Bill
On Nov 29, 2007 4:53 PM,
..
192.168.99.199/32
(or some variant of this if I get fancier with the subnet mask)
Am I understanding correctly?
Dimitri Rodis
Integrita Systems LLC
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 29, 2007 3:14 PM
To: support
You might look at the code a little closer. It happens on the first
day of the month at 2:01am. In fall the worst that would happen if it
happens to fall on the same day is the code will run twice. In
spring, we could potentially miss the run _if_ the time zone change
occurs on the first.
So what's the melp.com in your network settings?
--Bill
On Nov 27, 2007 7:29 PM, Raleigh Guevarra [EMAIL PROTECTED] wrote:
Hi,
I need your help on how to fix it coz I still can't get resolve the local
IPs
When I ping the server, gateway.elp.com locally this what it returned
Try 1.2RC3.
--Bill
On Nov 23, 2007 2:41 AM, Vinton McClure [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I installed pFSense 1.0.1 this afternoon, and the Intel GigE adapters
are not recognized on my motherboard. The motherboard is a Supermicro
X7DBE -
Are you resetting the modem after moving the laptop? Most cable
modems are locked to a single MAC address on the ethernet side and
will only allow the first device seen after power on. Outside of
that, I can only see us caching if you are using the squid proxy
package.
--Bill
On Nov 19, 2007
Likely because carp passwords are only there to protect from
misconfiguration, not to actually protect your network. The password
is used to create a (replayable) hash that all systems in the carp
cluster agree on. We'll consider the patch all the same as it's a
good idea :)
--Bill
On Nov 19,
How about a read only mercurial feed? I can have it available inside
of 48 hours (it's already converted, just needs a little finishing
up).
--Bill
On Nov 20, 2007 3:51 PM, RB [EMAIL PROTECTED] wrote:
Thanks for the patch! Can we get a patch against HEAD as well?
More difficult than I
This was actually discussed at the hackathon. I believe Seth is working on it.
--Bill
On Nov 15, 2007 8:59 AM, RB [EMAIL PROTECTED] wrote:
Is there any particular reason the UI choice was made not to utilize
alias specifications in the static routes UI? I ask because I have a
large number
Unfortunately we have no way (today) of performing QOS inside the
tunnel. This is due to how IPSec in the FreeBSD kernel works and how
altq works. Also, the enc(4) interface can only block traffic inbound
to the firewall over the tunnel.
--Bill
On Nov 13, 2007 4:25 PM, Wade Blackwell [EMAIL
On 10/26/07, Chris Daniel [EMAIL PROTECTED] wrote:
You can't make init scripts in the XML config file, no. I don't think
it's quite within the scope of a configuration file to store scripts,
anyway. But if you have something you want to be run on boot, use
shellcmd and earlyshellcmd.
Don't
On 10/22/07, Arnold Greyling [EMAIL PROTECTED] wrote:
On Mon, Oct 22, 2007 at 09:56:13AM -0700, Pierre Frisch wrote:
Hello,
I am having a problem with the bogon prevention option. I have traffic
from France on the 77.x.x.x range. In particular one of my customer
has the 77.201.119.176
On 10/22/07, Michael Richardson [EMAIL PROTECTED] wrote:
So if I create the needed SA's, pfSense will create the routes for me?
FreeBSD IPSec will.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands,
On 10/21/07, Michael Richardson [EMAIL PROTECTED] wrote:
Upstream box isn't pfSense and does VERY little. Nothing I can do on the
downstream box (pfSense) ?
Any chance you can put the NAT box in front of WAN and not WAN2? I'm
assuming that WAN isn't used for anything that NAT messes with too
On 10/21/07, Gabriel Green [EMAIL PROTECTED] wrote:
I am going to try a snapshot tonight as a last ditch effort; it looks like
one was updated today. Or maybe I am misunderstood in that it's always that
way.
Snaps are built every couple hours. The snapshot box builds each
platform on each
The subnet will need to be part of your tunnel definition. There is
no need to add it as a route.
--Bill
On 10/21/07, Michael Richardson [EMAIL PROTECTED] wrote:
I'd like to create a static route that points to a gateway over an IPSEC
tunnel but there is no IPSEC interface (as there is for
On 10/20/07, Michael Richardson [EMAIL PROTECTED] wrote:
One of the primary reasons I wanted a dual-wan configuration was so our 1st
15Mb line wasn't saturated with large file transfers, which we do regularly.
The next reason is for fail-over and/or load-balancing.
That said, I've implemented
On 9/25/07, Bill Marquette [EMAIL PROTECTED] wrote:
no, it says the IP is already in the list and refuses to add it; I guess
that javascript could be changed to say are you sure and make it possible.
Hmmm, the hackathon is coming up in a couple weeks. I'll take a look
On 10/18/07, Paul M [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
You'll need another box to handle the WAN2. Can't have two nics on
the same network, nor can you do multi-wan on one nic :)
not even if you set that nic to trunk/802.1q, and used a vlan-aware switch?
I'll correct my
On 10/17/07, Paul M [EMAIL PROTECTED] wrote:
Chris Buechler wrote:
The default number of max states is 10 000. I use a dual core
...
Roughly 1 KB RAM per state. Conservatively, you should be able to use 1
GB RAM solely for states, so you can do about a million easily.
how does it
On 10/17/07, Andrew Kemp [EMAIL PROTECTED] wrote:
Has anything been done about this? I'm borderline ready to quit using
pfsense and just rebuild a server to handle my needs since the dhcp
options are must have in my case.
Have you tried a recent snapshot or even 1.2RC2? Reading through the
You'll need another box to handle the WAN2. Can't have two nics on
the same network, nor can you do multi-wan on one nic :)
--Bill
On 10/17/07, Michael Richardson [EMAIL PROTECTED] wrote:
I've got two 15Mb connections from my ISP, each with its own IP, but both
having the same gateway.
it. The box handling the multi-wan needs three
interfaces, the box handling the second wan (so you get a different
gateway) just needs two interfaces. It's kind of annoying, but only
way to make it work.
--Bill
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent
On 10/17/07, Ugo Bellavance [EMAIL PROTECTED] wrote:
Hi,
We all know that when a DNS query is made, the reply may come back
using TCP if the response is too large.
The TCP reply won't be initiated by the remote site. If the response
is too large for the DNS server to send back in a
.
It is currently referenced by the filter rules via policy based
routing.;
- }
- }
- }
- }
-
--Bill
On 10/16/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Bill Marquette [EMAIL PROTECTED] написано 15.10.2007 17:28:44
diff -rub, not diff -lsf please...those were completely unreadable.
Also, no need to tgz them. Thanks
--Bill
On 10/15/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Espen Johansen [EMAIL PROTECTED] написано 12.10.2007 16:49:27:
Please send the files in diff -rub format. And send them to
On 10/12/07, Tortise [EMAIL PROTECTED] wrote:
I am sorry for the usual question, where does one get 1.2RC-3 please?!
Kind regards David
It's not yet released, but can be found on the snapshot server in the
location Espen pointed you at.
--Bill
and editing/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we
are load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL
Yikes, we certainly never tested for satellite latencies. The fping
command line we use is:
/usr/local/sbin/fping -B1.5 -t400 -r3 -q
This should give us successive tries of:
400ms timeout
600ms timeout
900ms timeout
1350ms timeout
I'll have to check what the fping exit code is if it's missing
i'm not sure I understand how your network is layed out from your
description. Any chance you could whip up a network diagram that
shows what you have configured? You can use http://www.gliffy.com/ if
you need a quick, free diagramming tool :)
--Bill
On 10/9/07, Gabriel Green [EMAIL PROTECTED]
On 10/10/07, Chris Bagnall [EMAIL PROTECTED] wrote:
Of course, in the UK ADSL is presented via PPPoA, which necessitates a
separate ADSL modem/router for each ADSL connection. In the limited space
of a wall box,
adding 5 ADSL modems with their 12v power supplies etc. does consume a vast
-robin sticky-address
Secondary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin
Thanks,
Lee
Bill Marquette wrote:
Hmm
Per
http://www.freebsd.org/cgi/man.cgi?query=vlanapropos=0sektion=0manpath=FreeBSD+6.2-RELEASEformat=html
vr(4) doesn't support oversize frames. Without this support your
firewall will fragment frames - due to the issues this causes, we do
not support vlan configurations on hardware that isn't
: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 10, 2007 10:27 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] SOEKRIS NET5501
Per
http://www.freebsd.org/cgi/man.cgi?query=vlanapropos=0sektion=0manpath=FreeBSD+6.2-RELEASEformat=html
vr(4) doesn't support oversize
Inbound or outbound load balancing?
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi There,
Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working,
the two machines are syncing settings and the carp is working properly.
However, if I reboot the
/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are
load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote:
Inbound
You won't be able to test load balancing of virtual servers from
inside your network. It's a pf thing and unlikely to ever get
resolved.
--Bill
On 10/9/07, Paul M [EMAIL PROTECTED] wrote:
Thanks for reading this.
pair of pfsense firewalls with
* external carp IP 1.2.3.4
* internal carp IP
101 - 200 of 769 matches
Mail list logo
