On 9/26/07, Chris Buechler [EMAIL PROTECTED] wrote:
I'm no firewall programming network guru, if I was i'd be working with
you already on the project, so please forgive some lack of detailed
knowledge of the system. But since I was using inexpensive switches I
had assumed pfSense had
Use advanced outbound NAT.
On 10/1/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote:
Dear Folk,
I am using PFSense to provide Internet access to a housing area. Where
subscribers need to dial a PPPoE connection to PFSense in order to access
the Internet. The PPPoE server on PFSense is
On 9/25/07, Paul M [EMAIL PROTECTED] wrote:
2/ why didn't pfsense pick up the dead unit when I connected and know to
redirect, or at least only fail the once?
Nope. The load balancing is performed by pf which has no concept of
dead servers. The actual monitoring is performed in userland
On 9/25/07, Paul M [EMAIL PROTECTED] wrote:
p.s. does the load balancer have any sort of session affinity?
Not really. Under System-Advanced you can turn on sticky sessions,
but that only works for a user as long as they still has active TCP
states on the firewall to an existing server. We can
On 9/24/07, Paul M [EMAIL PROTECTED] wrote:
Hi,
Having successfully used pfsense as a clustered firewall with CARP for
external and internal shared IPs, I am trying its load balancing feature
to manage a pool of web servers.
So, created a pool with 2 httpd's, and it works. However, when I
On 9/6/07, cassio lima [EMAIL PROTECTED] wrote:
yes,
some features as captive vestibule and radius and wpa, this functionality
We do WPA today.
are not being developed for the staff of the pfsense. Some form exists to
synchronize ?
Mainly just looking at the diffs in code between m0n0
Nope. You looking for a project?
--Bill
On 9/5/07, cassio lima [EMAIL PROTECTED] wrote:
hi
Head of the pfsense is synchronized with the new characteristics of new
monowall??
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
On 9/3/07, Lance Peterson [EMAIL PROTECTED] wrote:
Hadn't thought about it being a FreeBSD problem with limited driver support
for common home user NIC's. That very well may be the problem, in my case.
Fortunately, I didn't have to buy new, higher level NIC's to get my Linux
firewall up and
On 9/2/07, Tortise [EMAIL PROTECTED] wrote:
Thanks Bill
They are static IP's, so I assume (you may know better?) DHCP lease times are
(or should be?) irrelevant.
Not sure if this what you mean but this might answer?
No worries, if it's static assigned and not a dhcp static assignment
then
Shouldn't that be nat on vlan0 not nat on bge1? Not quite sure how
this is working actually. I'm surprised we give access to the parent
interface of a vlan trunk.
--Bill
On 9/3/07, Eugen Leitl [EMAIL PROTECTED] wrote:
I (still) have an unresolved issue with my work firewall
(1.2-RC2) which
the same hardware -- problem solved -- no more lost connections.
Definately seems like a PFSense problem, in my opinion.
Sorry if this is a little off topic or already discussed, I just scanned
though these replies and wanted to post my experience with lost connections.
On 9/3/07, Bill Marquette
On 9/2/07, tester [EMAIL PROTECTED] wrote:
Few ISPs (especially home users offers) reset their
connection every 24h. I don't live in New Zealand, so
I don't know Telstraclear Network, but are you really
sure is it an equipment issue or a line problem (e.g.
interferences, etc...)?
If you can,
From the shell, do a 'netstat -s -ppfsync' on both boxes for me
please. I suspect the hanging is related to another issue I'm having
with FreeBSD/pf (not a pfSense specific issue). No comment on your
other problems.
--Bill
On 8/31/07, Ron Garcia-Vidal [EMAIL PROTECTED] wrote:
Even more
Or bridge DMZ to WAN.
--Bill
On 8/28/07, Chris Buechler [EMAIL PROTECTED] wrote:
On Tue, 2007-08-28 at 22:20 +0300, Android Andrew[:] wrote:
Hello!
My situation:
I have router with several interfaces. There are two LANs with private
IPs, two DMZ with public IPs in my network. Public IP
On 8/20/07, Joel Newkirk [EMAIL PROTECTED] wrote:
Is there any way I can load-balance incoming SMTP across a pool of mail
nodes, but still retain the original source IP on the packets?? I'm
unable to find anything in the interface, nor any relevant search
results here in the forum or
wiki.pfsense.org is the developers wiki. Should give you some good pointers.
--Bill
On 8/9/07, David L. Strout [EMAIL PROTECTED] wrote:
I was just looking at this possibility and wondering if anyone knows of a
good place to start (documentation, mail-list trail, etc.) to start on this
RELENG_1. This won't show up in 1.2.
--Bill
On 8/7/07, David L. Strout [EMAIL PROTECTED] wrote:
Everyone,
I see that BillM has been doing some work on the login page according to
tickets I see in the timeline ... my question ... what is the best branch to
test the user restrictions
:
Is this the FeeBSD6 or 7 head ISO that I should use?
- Original Message -
Subject: Re: [pfSense Support] user restrictions features
From: Bill Marquette [EMAIL PROTECTED]
To: support@pfsense.com
Date: 07-08-2007 7:56 pm
pIs it in :/p
h2/FreeBSD7/head/iso//h2
h2or/h2
h2/FreeBSD6/head/iso
If you choose to ignore my suggestion, then you'll never find the file
you are looking for.
--Bill
On 8/6/07, tester tester [EMAIL PROTECTED] wrote:
Hello,
--- Bill Marquette [EMAIL PROTECTED] ha
scritto:
/etc/sshd - you'll of course have to modify it again
after upgrade.
I am looking
On 8/5/07, tester tester [EMAIL PROTECTED] wrote:
I think there is a file or script used as 'prototype'.
If I modify it, I can add those three lines and get
the desired result. Unluckily I don't know which is
the exact filename and its path. Maybe somebody who
knows 'pfSense Internals' better
On 7/31/07, Matthew Grooms [EMAIL PROTECTED] wrote:
nat on $ext proto udp from $prv_net port 500 to any - ( $ext ) port 500
nat on $ext proto udp from $prv_net port 4500 to any - ( $ext ) port 4500
... which acts like a VPN pass-through by forcing the source port to not
be translated. This is
On 8/1/07, Matthew Grooms [EMAIL PROTECTED] wrote:
Bill,
Thanks for the information. I'm not a pfsense developer but I would have
to disagree with your last statement. In my opinion, making exceptions
in the default rules to work around antiquated VPN clients is the wrong
way to go. Maybe
On 8/1/07, Paul M [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
It's worth noting that pfSense does this by default. Some IPSec
concentrators also expect the udp traffic to source from port 500 and
won't allow connections from arbitrary ports (Nortel Contivity is such
a beast). And yes
It was announced on the blog:
http://pfsense.blogspot.com/2007/07/12-release-candidate-1-released.html
--Bill
On 7/25/07, Chris Bagnall [EMAIL PROTECTED] wrote:
Greetings list,
Whilst configuring a couple of new routers (soekris 4801 boxes with 256mb compact flash
cards), I noticed there
I'm biased (core dev), but pfSense is built on FreeBSD 6.2-STABLE.
We're basically the userland layer (although we do have a handful of
well tested - usually backported - kernel patches). What you risk by
going to a non-release version is that we won't generate rules
correctly (trust me when I
that there are some
more nics needed that go to one switch connected tot he uplink router ?
Regards,
Martin
-Ursprüngliche Nachricht-
Von: Bill Marquette [mailto:[EMAIL PROTECTED]
Gesendet: Montag, 23. Juli 2007 02:23
An: support@pfsense.com
Betreff: Re: [pfSense Support] Gateway in rules
Nope
Sounds like you want to round robin your source IPs, not round robin
across upstream WAN connections. Am I correct?
--Bill
On 7/20/07, Fuchs, Martin [EMAIL PROTECTED] wrote:
Hmmm, strange...
When defining another gateway and making a traceroute it shows me the default
gateway as the first
Nope. Don't think we support that functionality. Any particular
reason you need it?
--Bill
On 7/22/07, Fuchs, Martin [EMAIL PROTECTED] wrote:
That's correct... any idea for this ?
-Ursprüngliche Nachricht-
Von: Bill Marquette [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 22. Juli
I believe others on the list actually do this.
A-B tunnel is defined as 192.168.0.0/16 (hub site) to 192.168.1.0/24 (spoke)
A-C tunnel is defined as 192.168.0.0/16 (hub site) to 192.168.2.0/24 (spoke)
C and B can communicate via A as the spoke networks are within the
network defined for A.
We don't support that type of setup. Nor would a bigger PC with more
interfaces actually solve your problem. FWIW, FreeBSD itself doesn't
really support what you want (although it might be possible to hack
using ng_eiface).
--Bill
On 7/13/07, Marc Eggenberger [EMAIL PROTECTED] wrote:
Hi
Please clarify. If you are referring to IPS, you get what you pay for
(and in the case of PIX, I'm not convinced you actually do get what
you paid for).
--Bill
On 7/11/07, Ugo Bellavance [EMAIL PROTECTED] wrote:
Hi,
We are comparing the use of PfSense and Cisco pix to do IPSec
I know of no official audit of our code. Nor have I ever seen a post
to bugtraq, full-disclosure, or anything on secunia. But take that
for what it's worth...nothing.
--Bill
On 7/11/07, Ugo Bellavance [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
Please clarify. If you are referring
Proto ESP.
--Bill
On 7/3/07, Siju George [EMAIL PROTECTED] wrote:
Hi,
I am on a MS Windows XP system behind a pfSense firewall.
All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF.
I am able to connect to another Fortigate IPSEC VPN Server on the
Internet using
You mean something like http://cvstrac.pfsense.org/? That would be
the bug tracking system that also tracks our commits, not only will
you see a list of all open tickets (under reports), but you'll get a
list of checkins between any two arbitrary dates you choose.
--Bill
On 6/30/07, Dimitri
multicast - I've seen bad drivers out there in the past (usually it's
a few lines of code missing somewhere in the driver). Honestly, you'd
be more likely to have issues with ALTQ than with CARP, but it's
certainly possible. Good luck.
--Bill
On 6/29/07, Chris Daniel [EMAIL PROTECTED] wrote:
On 6/25/07, Siju George [EMAIL PROTECTED] wrote:
Hope still these is no Password protected local login into the console.
Yes I saw the Console disable option and I am using it :-)
Just in case I am not able to access the system due to some network
problem and the console menu is disabled How do
Not sure if this made it into b1 or not, but I believe on at least the
most recent snaps you only need to install to hard drive (on the
surrogate host) and configure it for serial console via the web UI.
Technically the 4801 never really needed a serial only kernel - the
WRAP did due to BIOS
We have narrowed this down to somewhere between 5/29 and 6/11 - I
suspect it's a change that occurred on 6/3. Does anyone have a snap
_built_ on 6/2 and/or on 6/4 that they can test to confirm this
behavior? To be clear, I'm looking for the line that says Built on,
not the snapshot-mm-dd line.
system since some work did occur during that
time frame. Also, no FreeBSD changes occurred to this that I can find
- so it looks pfSense related, but not in the UI code.
--Bill
On 6/17/07, Heiko Garbe [EMAIL PROTECTED] wrote:
Hi Bill,
is this helpful?
Greetings
heiko
Bill Marquette schrieb:
We
04-06 ans the error is not there...
It's shown there normally as 192.168.10.255:137 or 24.64.176.24:24784 as it
should be...
-Ursprüngliche Nachricht-
Von: Bill Marquette [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 17. Juni 2007 21:03
An: support@pfsense.com
Betreff: Re: [pfSense Support
That looks more like a protocol decode issue to me. 224.0.0.2 is a
multicast address, I wouldn't be surprised if that really wasn't UDP.
Can you show an example of a TCP log entry w/out ports, or something
to a non-multicast address? Thanks
--Bill
On 6/16/07, Heiko Garbe [EMAIL PROTECTED]
On 6/10/07, David Strout [EMAIL PROTECTED] wrote:
Is there any way to snap the features into a current branch?? I looked for
As previously mentioned, you'll need a dev iso and roll your own
releng_1 install.
the RELENG_1 like someone replied, but I can seem to find them. I have a
On 6/10/07, David Strout [EMAIL PROTECTED] wrote:
Again, I will attempt this ... not really sure
where to start but I am thinking that I will fire
up a FreeBSD VM and get started there are
there any docs/hints/FAQs on this process?
best place to start will be with the dev iso (doesn't
It's too late for 1.2, we're already in the beta cycle for that
branch. I have backported this code to the releng_1 branch however,
so we'll see it in 1.3. To keep confusion down, there are no 1.3
snaps currently so you'll need a dev install to build this I'm afraid.
--Bill
On 6/9/07, David
On 6/9/07, Chris Buechler [EMAIL PROTECTED] wrote:
Is the snapshot site
down this morning? Having some trouble getting to
it.
Not that I'm aware of, it's working for me right now, but Scott may have
been doing something with it earlier.
It was down, Scott was working on it :)
--Bill
1.2 beta has many load balancing related fixes and features, you
really want to use the beta or one of the recent snaps.
--Bill
On 6/7/07, Quirino Santilli [EMAIL PROTECTED] wrote:
Hello,
I'm finally going to install pfsense in production for his load-balancing
and fail-over features.
State table filling? Try increasing it in System-Advanced.
--Bill
On 6/3/07, Tortise [EMAIL PROTECTED] wrote:
Hi
I am finding pfSense hangs in the sense that the connection between WAN and LAN
just vanishes and can only be fixed by rebooting.
I suspected hardware, replaced a NIC and
On 5/28/07, David Strout [EMAIL PROTECTED] wrote:
I have a specific need to allow clients of a
private net (connected to OPT3 w/ 10.10.10.0/24
reserved DHCP addresses) to connect to the LAN net
(145.191.112.0/20 static addresses via DHCP
reservations). BTW only a small supernet of
address are
Won't work. The same upstream gateway IP will result in all traffic
being sent down one link or the other (whichever one is the primary
WAN). As I previously mentioned, you will need another device between
WAN2 and the upstream gateway to provide pfSense with a different
subnet and different
Do both WANs have the same layer 3 gateway (ie are they on the same
subnet) or are you just purely talking about the upstream IP you wish
to monitor. If the same gateway, you'll likely run into some wierd
problems, if it works at all. If that's the case, you should insert
one more routing
Once you create the vlan's, you'll go in and add another opt interface
that will correspond to the vlan you added to the physical interface.
I don't have a box in front of me to walk through the menu's, but the
bottom line is that what you want to do is doable in pfSense and is
all configured
On 5/17/07, Tortise [EMAIL PROTECTED] wrote:
Hi Bill
for me
rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing.
rl2 = LAN and connected to LAN switches.
Can I presume that means you have checked and confirmed there are no similar
messages in your System Logs?
I
Nowhere, there's no RC1 yet. You might mean Beta 1, it can be pulled
down from any of our official mirrors, listed on the downloads page.
--Bill
On 5/17/07, Anil garg [EMAIL PROTECTED] wrote:
-
To unsubscribe, e-mail:
Which interface is rl1..ditto for rl2. Also, any chance that both
sides of the firewall are plugged into the same switch? I've had the
same modem you mention running on pfsense without any problems, so
this smells of a different issue to me.
--Bill
On 5/16/07, Tortise [EMAIL PROTECTED] wrote:
I suspect he's talking about NAT-PMP
(http://files.dns-sd.org/draft-cheshire-nat-pmp.txt)
--Bill
On 5/11/07, Chris Buechler [EMAIL PROTECTED] wrote:
Alexander Norman - XH.se wrote:
Hi
Does anyone know if PFSense supports NAT hairpin translation?
This is what reflection is for. Though the
On 4/27/07, RB [EMAIL PROTECTED] wrote:
Authentication by IP is a bad idea, restricting who can connect in the
first place and proceed to authentication stage is a further line of
Having been an enterprise firewall admin in the midst of previously
established enterprise firewall admins, the
I think the issue is that Pablo has no IP for the MAC in question. He
wants it to get a dynamic allocation from DHCP. The problem I believe
is that you have to static assign an IP to the MAC hence, his setup
cannot work. We shouldn't allow for MACs w/out static IPs to be
configured, I'd
On 5/7/07, Chris Buechler [EMAIL PROTECTED] wrote:
Until then, this is a function of your browser, you can look at ways to
get your browser to clear HTTP basic authentication credentials without
closing the browser.
Unfortunately, short of closing the browser (assuming the save
credentials
This was committed to the RELENG_1 branch (sponsored by two different
entities) right after the branch point for 1.2 and will be in our next
release after 1.2.
--Bill
On 5/6/07, David Strout [EMAIL PROTECTED] wrote:
As usual, I installed the newest 1.2-BETA-1 and
found it to work great for my
On 5/5/07, Daniel Lloyd [EMAIL PROTECTED] wrote:
Are the rules generated by miniupnpd supposed to bypass traffic shaping?
After a few weeks of bashing my head against pftop and pfctl trying to
figure out why one client was able to completely bypass all traffic shaping,
I disabled miniupnpd,
Move the servers to an OPT interface - I believe that will work. The
way the port forwards (rdr in pf terminology) works it can't change
the destination address/port for a packet and send it back out the
same interface.
--Bill
On 5/5/07, Matthias Hertzog [EMAIL PROTECTED] wrote:
Hi Scott
The telnet server probably has no route back to 192.168.1.0/24.
You'll need to either add a route on that machine pointing back at
your OPT interface or use advanced outbound nat and nat the traffic
from your 192.168.1.0/24 network to something (like the 172.22.99.197
address of your firewall)
Both boxes are likely polling the web servers in question, hence the
traffic from both machines.
You might confirm that you have rules loaded to allow this traffic.
--Bill
On 4/24/07, Gary Buckmaster [EMAIL PROTECTED] wrote:
Prior to trying to install this into production, I had this entire
On 4/24/07, Gary Buckmaster [EMAIL PROTECTED] wrote:
This issue turned out to be primarily a configuration problem, although
it serves as a good lesson for others to learn from so I'll post the
reply for the sake of posterity.
background
We currently have 16 web servers in production handling
On 4/21/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi, I have some issue with implmenting VLAN, can someone help to comment?
I have 2 boxes of pfsense. I connected the LAN interfaces of both boxes with
a crossover cable and I defined VLAN 1 (Tag 1) on both LAN interfaces. From
the interfaces,
On 4/21/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill,
I suppose I did, unless there are something I was not aware. I created a
VLAN on the NIC, and assign the VLAN ID to OPT1 in the interface menu.
Well, I dunno what rules you have, so I can't comment on whether you
did it right or not.
On 4/19/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi, my webConfigurator failed to start after a new installation (newly
compiled binary). The error messages found in the system log are:
Error: cannot determine root pwd in sync_webgui_passwords(). Root user
struct follows:
Unable to
On 4/19/07, Bill Marquette [EMAIL PROTECTED] wrote:
please see my email about releng_1 being somewhat unstable right now.
also, see the many emails on roll your own, you're on your own. I'd
expect that anyone running their own builds is following the CVS tree
and is planning on actually
On 4/18/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill, what did you mean by local changes? Did you mean that the
builder download the latest pfsense_local.sh and try to merge with the
current pfsense_local.sh in my builder_scripts folder?
yes
--Bill
On 4/12/07, Rob Terhaar [EMAIL PROTECTED] wrote:
so does this mean 1.2 is close?!?!?
excited!
The message in itself doesn't, no. 1.2 has already been branched
though, so yes it's close.
--Bill
-
To unsubscribe, e-mail:
Heads up for those that are using snapshots - I just commited the
usermanager code from the HEAD branch to the RELENG_1 branch (this
won't go into 1.2). There may be some breakage in the tree - it was
tested pre-commit, but the diff was rather ugly so I'm not 100% sure
until the next snap run
Thanks, I'll check out the RIP issue.
--Bill
On 4/5/07, Samer Chaer [EMAIL PROTECTED] wrote:
Hello,
I have PFsense snapshot 27-3-2007, but when I click save on the RIP routed
package the system shows a WARNING message saying:
Warning: fopen(/usr/local/pkg/routed.xml): failed to open
stream:
Fixed, check the next snapshot in a couple hours. The last embedded
build that I see has a date of 2007-Apr-04 03:12:30, you'll want
something after that (in the process of building now).
--Bill
On 4/5/07, Samer Chaer [EMAIL PROTECTED] wrote:
Hello,
I have PFsense snapshot 27-3-2007, but
On 4/5/07, Samer Chaer [EMAIL PROTECTED] wrote:
Dear Bill,
did you fix the rip down after pfsense restart problem?
Good point, probably not. I'll check it out in a couple hours.
--Bill
-
To unsubscribe, e-mail: [EMAIL
You mean /etc/rc.initial?
--Bill
On 3/26/07, Bassam A. Al-Khaffaf [EMAIL PROTECTED] wrote:
Dear All,
I posted this question in the form 5 days ago and I did not get any single
reply, and then I decided to post it here thought I may get a concern about
it.
I am trying to customize the
http://atm.tut.fi/list-archive/snap-users/msg00951.html Sounds like it is
vendor config like say a Cisco (which I also happen to notice in your log).
I believe that's the vendor lock-in flag.
--Bill
On 3/23/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi, I am still figuring out how to get
On 3/24/07, Matthew Grooms [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
http://atm.tut.fi/list-archive/snap-users/msg00951.html Sounds like it
is vendor config like say a Cisco (which I also happen to notice in your
log). I believe that's the vendor lock-in flag.
--Bill
The modecfg
On 3/22/07, Dimitri Rodis [EMAIL PROTECTED] wrote:
Of course it's a code thing (what isn't ;) .. I was trying to gain some
technical insight as to why it doesn't function, and why it works with
NAT as opposed to a bridge. From my (I'm sure, oversimplified)
impression, if packets are passing
On 3/22/07, Dimitri Rodis [EMAIL PROTECTED] wrote:
I don't mean the traffic shaper *wizard*, I'm talking about the traffic
shaper itself. (I can config the rules myself if that means it will
function on bridged connections)
I know what you're asking. Since the wizard is the supported method
On 3/15/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi, I have a question related to Traffic Shaper and Polic based Routing
Suppose that I have 3 interfaces, LAN, WAN and LAN2, and Traffic Shaper has
been enabled between WAN/LAN interfaces. It seems to me that it also affects
the bandwidth
with the WAN interface? May
be the attachment can explain my question.
Regards,
Kelvin
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 14, 2007 2:02 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Traffic Shaper
On 3/13/07, Kelvin
On 3/15/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill, one more questions. Does the traffic shaper work if the LAN
interface is Bridged to the WAN interface?
It won't work correctly. This has been discussed on the lists and in
the forums in the past. Some people claim it works for them,
/16/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill, yes, I refer to the part about redirect connectiosn on the
LAN. In which application scenerio that we need to redirect connection
on the LAN?
Regards,
Kelvin
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent
On 3/14/07, Pablo Montoro Escaño [EMAIL PROTECTED] wrote:
I believe HFSC has a limitation of 64 queues compiled in
by default so beware that you don't go past that.
Could anyone confirm this?
Yes
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/altq/altq/altq_hfsc.h?annotate=1.1.1.1
On 3/13/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi, is there a document somewhere that I can read and understand about the
mechanism for Traffic Shaper? Or if someone can verify whether my concept is
right:
1. Before anything can be defined, we must first define a pair of Parent
Queues,
On 3/13/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill,
Thank you for the replies, it has been very helpful. For clarification:
For Item 6: When you said that it does nothing, did you mean thet the
Direction field in traffic shaping rules does nothing at all? Whether
it is any, in and out?
On 3/13/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill,
I realized the error message associated with the traffic shaping rules
was caused by the script (that writes the rule files onto the disk)
called when the user press the Save button in the traffic shaping rule
definition page.
The
On 3/13/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill, sorry to trouble u again... How many Parent Queues can we
define?
All queues have to tie back into the root queues, which are parent
queues, outside of that, there shouldn't be any limitations. It's
useful to note that the wizard
On 3/10/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
I have a question regarding the function to Disable Console Menu I
realized that even if I activate this function (to disable console menu) in
the System/Advanced menu, I am still able to see the console menu via SSH
connection. Is this
On 3/7/07, Odd Kåre Qvam Trøen [EMAIL PROTECTED] wrote:
Hi!
I've been using m0n0wall for several years, but now I've ported to
pfsense. The firewall is great, but now I'm stuck with a problem. I
cannot connect to an ftp that got high ports.
The initial login port is done on 21, and data ports
On 3/7/07, Odd Kåre Qvam Trøen [EMAIL PROTECTED] wrote:
I agree, but since the ftp service I connect to is setup by another
party I must use the settings they dictate. If I were the admin for the
ftpserver port 21 20 would be my pick also.
BTW, is this 1.0.1 or a snapshot build?
--Bill
On 2/28/07, Sloan Miller [EMAIL PROTECTED] wrote:
Users of Small Office and Home Office networks are quickly finding the
need for more advanced features such as VLAN's
These people are graduating from the basic Netgear and Linksys gear, and
needing the features of pfSense. pf docs are not clear
Will the switch send vlan 1 tagged or untagged? If it's tagged, just
create vlan1 on the pfsense box. If it's going to send it untagged
(most switches will for native vlans), then you'll need an IP on the
physical interface (I'm not entirely sure if we support that setup).
--Bill
On 2/22/07,
On 3/1/07, Eugen Leitl [EMAIL PROTECTED] wrote:
firewalls, so I could reconfigure the firewalls via the serial console (I used
minicom, which is in the Debian depository -- anyone knows anything more
basic?).
tip/cu? :)
Moral: networking is unsuitable for dumb people.
Ahahaha, yep :-P
-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, February 26, 2007 10:44 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] HEADS UP -- IPSEC Filtering now in recent
snapshots
On 2/20/07, John Cianfarani [EMAIL PROTECTED] wrote:
Catching up on the list here and I saw
On 2/20/07, John Cianfarani [EMAIL PROTECTED] wrote:
Catching up on the list here and I saw this, that awesome work!
Curious does this mean we are any closer to doing NAT for traffic in/out of
a IPSec tunnel.
For some form of closer. Sadly, not really. IPSec policy takes
affect before
On 2/12/07, Vaughn L. Reid III [EMAIL PROTECTED] wrote:
I have posted a $400.00 USD bounty for implementing a logoff feature in
the fourms. Also, I have added a $100.00 USD bonus for the
implementation of a checkbox that will enable or disable https access
via the WAN interface.
Vaughn Reid
On 2/12/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
I've got a question associated with multi-wan load balancing. I have 2
physical network interface connected to 2 different network. I have
configured it with Load Balancing. I monitored that behavior of the Load
Balancing and I realized that
On 2/12/07, Kelvin Chiang [EMAIL PROTECTED] wrote:
Hi Bill, thank you for the response. I did not create any specific rules
or NAT to support this. All I did was create a pool of 2 gateways. If I
have 2 outgoing sessions from 2 computers, is it supposed to put each
session on each Internet link?
On 2/6/07, Matt Cohen [EMAIL PROTECTED] wrote:
Topell.com
The Topell boxes are some nice units (surprisingly light for a rack
mount box too!). Front swappable CF card slot - makes for REALLY easy
upgrades (and rollback) :) I did give them some feedback on the box
which will hopefully help
201 - 300 of 769 matches
Mail list logo