I was just wondering how to go about setting up
pfsense as a wireless AP.
Currently, I have 2 wired NICs (1 for WAN, 1 for
LAN) and they both work
fine. I added the wireless card and the system
detected it and everything,
but i'm having problems getting it to function
how I want to. Sometimes
I have about 175-200 static clients (contractors)
in the DHCP configuration page and have a need to
disable about 40 (communication on this segment is
restricted by Deny unknown clients) and I was
wondering if you can edit the
/var/dhcpd/etc/dhcpd.conf
file directly to delete these 40 entries in
That doesn't seem to work either ... when the box
is restarted or the service restarted the
removed entries re-appear.
wondering if you can edit the
/var/dhcpd/etc/dhcpd.conf
file directly to delete these 40 entries in
bulk
I'd download the config file via the web
interface for
Try using the console upgrade method (option 13)
... I had the very issues w/ a Soekris box some
time ago and the console option was the only way I
could get that box to upgrade.
Then last night I decided to upgrade this box to
RC2. The web-based
upgrade seemed to do nothing -- the browser
1) is it possible to enable ssh access on WAN?
If yes, how?
It is enabled on all IPs ... just create a rule
on
the WAN to allow it.
2) is it possible to change port number on WAN
side to keep out automated ip-scanner?
Setup is in the System Advanced Functions ...
there you can
I've followed your instructions and I had to
change
some commands.
THEN EDIT THE SSHD CONFIG
I had this idea: have standard port no. 22 for
trusted
LAN and a non-standard port for untrusted WAN
(e.g
Internet). I read the man documentation and I
changed
/etc/ssh/sshd_config by adding
I was browsing through the CVStrack and focused on
19088-19096.
I use the synproxy feature for a few sites that
have publicaly accessible servers in a dmz. I
am just wondering if this patch was successfully
merged in (looks like it was nailed on the 19096
attempt or maybe 19108, but I'm not
1) is it possible to enable ssh access on WAN?
If yes, how?
It is enabled on all IPs ... just create a rule on
the WAN to allow it.
2) is it possible to change port number on WAN
side to keep out automated ip-scanner?
Setup is in the System Advanced Functions ...
there you can enable it on
tunnel
David Strout wrote:
I have a need to setup the following topology
at
several location connected via VPN tunnels.
NET1--RTR1--NET2--pfS1--{INET}--pfS2--NET3--RTR2--NET4
--IPsec TUNNEL--
NET1=10.10.10.0/24
NET2=192.168.100.0/24
NET3=192.168.200.0/24
I have a need to setup the following topology at
several location connected via VPN tunnels.
NET1--RTR1--NET2--pfS1--{INET}--pfS2--NET3--RTR2--NET4
--IPsec TUNNEL--
NET1=10.10.10.0/24
NET2=192.168.100.0/24
NET3=192.168.200.0/24
NET4=10.10.20.0/24
I have a VPN tunnel nailed up
I have several sites up and running on IPsec VPN.
Aside from have an issue last week with the
versions not being in sync and that causing
several of the sites to initiate and then fail,
I've had very few problems with this setup. As I
continue to tune and secure these sites with
policies I come
A good explanation about the date questions that
are being asked.
http://pfsense.blogspot.com/2007/06/explanation-of-snapshot-file-name-dates.html
Hi,
I noticed that the 1.2-BETA-2 iso shows a build
time in
/etc/version.buildtime of Jul 2 20:10.
However, the latest snapshot iso shows a
I've noticed the version thing in the past in that
they aren't alway depicted correctly. I think
they are working to correct this, but at the time
they are busy with other more pressing matters.
My question would be is there a way to extract the
build date/info from the iso/tgz files and name
I have been looking for the new BETA-2 and haven't
found it. Do I have to do a full re-install to
get to BETA-2 ver.?
--
David L. Strout
Engineering Systems Plus, LLC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
I have had the same experience w/ the RV016 and
pfSense. What is the exact version on the linksys
side (have you upgraded the firmware to the
current?), and what build of 1.0.1 pfSense are you
running? I'd move the the current 1.2-BETA SNAP
and upgrade your Linksys to the current 2.0.17.
I
I have the PPTP server enabled on my pfS and I am
trying to run the Fricken PPTP proxy and I get the
following logs upon startup:
Jul 1 08:55:30 Frickin: Network error (Address
already in use)
Jul 1 08:55:30 Frickin: Network error (Address
already in use)
Jul 1 08:55:30 Frickin: Frickin v2.0,
eureka
After logging all traffic out to console and
monitoring this during reboot/boot I came to a
stunning conclusion (or might I say the OS gave me
the answer).
Upon every reboot I would see the following in
dmesg:
Jul 01 08:39:55 192.168.1.1 Jul 1 08:42:00 pf:
tcpdump: WARNING: pflog0:
FYI .
Clearly the below method is a hack, but it seemed
to work on the AMD box that was giving me
heartburn on logging protos correctly. I have
just tried it on the Intel box too and it seems to
have no adverse affect. I just don't know what
the difference is in processing packets on AMD
I have noticed an anomoly in the IPsec tunnels in
the latest build.
The situation:
I have several tunnels created on my pfS server.
I recently upgraded to the latest SNAP (built on
Sun Jul 1 11:24:33 EDT 2007) and I started
noticing tunnel drops soon after.
The Results:
I started noticing that
As soon as I see the below entry in the (IPsec)
logs:
racoon: INFO: received Vendor ID: DPD
The tunnels start dropping.
I have the ping address set to the internal LAN
address on each pfS box and this has worked in the
past (I assume pinging the internal interface
address is a form of DPD). I
Thanks Scott
I though of that and checked ... sure enough there
was a difference in the hub and several of the
spokes I just updated all to the latest
SNAP and all seems to have settled down now. All
7 tunnels up and stable!
Make sure all endpoints are running the same
version.
-2007 4:05 pm
On 7/1/07, David Strout [EMAIL PROTECTED]
wrote:
Thanks Scott
I though of that and checked ... sure enough
there
was a difference in the hub and several of
the
spokes I just updated all to the latest
SNAP and all seems to have settled down now.
All
7 tunnels
Problem is now solved in recent snapshots.
Indeed it is, thanks for all the great work.
I have noticed that all of the entries show as
proto ESP. I seem to remember that some time ago
this same situation crept in after a
logging/logging ports issue a while ago. I seem
to remember that
An updete ...
It seems that TCP packets (looks like UDP and ICMP
are exempt from this issue and report correctly)
are getting reported as ESP proto. I enable the
RAW logging and see the logger stream as I'd
expect to. I have even tried to augment the
/etc/inc/filter.inc file w/ adding a -vv
I have added some sample log data from the problem
server as you asked.
We have some major log display issues back in
1.2 snapshots for some
reason.
Can you add your findings as a comment to this?
http://cvstrac.pfsense.com/tktview?tn=1348,32
Everyone,
I have just installed a Netgear WAG311 in one of
the test servers and all is working GREAT!!! I
just have one question ... is there any plan to
add a MAC filtering feature so that there is an
added layer when running a WiFi NIC, or is this
the 802.1X option? I know that 802.1X (NAC)
PROTECTED]
To: support@pfsense.com
Date: 06-29-2007 8:21 pm
On 6/25/07, David Strout [EMAIL PROTECTED]
wrote:
Morning everyone,
Just wanted to give an update I did an
upgrade on an older
1.2-BETA-1-TESTING-SNAPSHOT-05-??-2007 (I
think it
was around 5-10,11 time frame
the captiveportal function to get nearly
the same functionality...
-Ursprüngliche Nachricht-
Von: David Strout [mailto:[EMAIL PROTECTED]
Gesendet: Freitag, 29. Juni 2007 23:20
An: support@pfsense.com
Betreff: [pfSense Support] WLAN (Atheros) MAC
ACLs
Everyone,
I have just
Is there a difference between SNAPs w/ the same
file date?
I see a SNAP out there from 6-6 but when I upgrade
a system with it, it will show a different build
date ... does this mean that there are in fact
different builds going on daily/semi-daily? I'm
just trying to get some clarity on the
Morning everyone,
Just wanted to give an update I did an
upgrade on an older
1.2-BETA-1-TESTING-SNAPSHOT-05-??-2007 (I think it
was around 5-10,11 time frame) and the logging
seems to work with this.
I have found in testing that anything after the
5-29 builds are broken and if you do a
I also noticed that in the show raw logs mode the
ports do not show.
--
David L. Strout
Engineering Systems Plus, LLC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Actually it seems to be the way the packets are
getting handed off to the pflog0 interface if
you run tcpdump on the physical interface all
ports show as expected. Still digging.
It's because it's also not in the filter.log...
:-(
-Ursprüngliche Nachricht-
Von: David Strout
I find that if you issue the snarf (snaplen)
switch to the tcpdump command it reports the
correct ports. Where is the /usr/sbin/tcpdump -l
-n -e -ttt -i pflog0 issued from .. rc script
I also noticed that in the show raw logs mode
the
ports do not show.
--
David L. Strout
Engineering
Looks like there is a possibility to start the
tcpdump sequence that feeds syslog with a -s 128
parameter, but not sure if it is producing the
desired results.
Check in /etc/inc/filter.inc IIRC.
Scott
On 6/18/07, David Strout [EMAIL PROTECTED]
wrote:
I find that if you issue the snarf
.
Looks like there is a possibility to start the
tcpdump sequence that feeds syslog with a -s 128
parameter, but not sure if it is producing the
desired results.
Check in /etc/inc/filter.inc IIRC.
Scott
On 6/18/07, David Strout
[EMAIL PROTECTED]
wrote:
I find that if you
I just loaded the latest SNAP and enabled the
SNORT package ... I noticed on thing ... purely
functional, but when I go to the Snort: Rules page
and choose a Category from the pull down the Rules
never change. Not a real problem as you can go to
the category page and click the category you want
To follow up ... this might be an IE7 error. I DC
the little error icon in the lower left of the
browser window and get a explanitation of the
error as follows
Line: 150
Char: 5
Error: 'document.forms.1.selectbox' is null or not
an object
Code: 0
URL: https://10.10.10.1/snortrules.php
One more added note ... this functionality seems
to work fine in Firefox arrrgh @[EMAIL PROTECTED] IE
!
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] SNORT Package ?
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date:
I'll be looking forward to that ... not that the current isn' great
or anything ... but I have a few sites where the admins get in and
constantly fool around with setting and end up breaking the platform,
so it'd be nice to be able to put the clamp down on them for certain
Yes. It won't be considered beta at first
though, it'll just be
RELENG_1 snapshots. It'll be a couple months or
more after 1.2 is out
before 1.3 is beta.
I'll be looking forward to that ... not that the
current isn' great or anything ... but I have a
few sites where the admins get in and
Sorry about the double post ... my mail server
issues!!
- Original Message -
I'll be looking forward to that ... not that the
current isn' great
or anything ... but I have a few sites where the
admins get in and
constantly fool around with setting and end up
breaking the platform,
so
Thanks again for the great info and prompt
response!!!
- Original Message -
As previously mentioned, you'll need a dev iso
and roll your own
releng_1 install.
Not sure I have the where-with-all, but I'll
certainly attempt it ... are you are tlking about
building from scratch or from
Thanks for all the helpful info ...
best place to start will be with the dev iso
(doesn't matter what
branch..really)
http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/iso/Developers/
- the
wiki
http://wiki.pfsense.com/wikka.php?wakka=pfSenseHome
and the
development forum
Well it seems very useful to delegate
administration of the pf-box, or just
monitoring the status without granting
unnecessary access to users.
I searched through the list and forums pretty
throughly and didn't find much movement on the
access control features. I did play with the
fbegin.inc
this code to the
releng_1 branch however,
so we'll see it in 1.3. To keep confusion down,
there are no 1.3
snaps currently so you'll need a dev install to
build this I'm afraid.
--Bill
On 6/9/07, David Strout [EMAIL PROTECTED]
wrote:
Well it seems very useful to delegate
If I were planning on migrating from Automatic
outbound NAT rule generation to Manual Outbound
NAT rule generation (Advanced Outbound NAT
(AON)), were could I look to see what NAT rules
are already being generated so as to get a good
overview of what has to be manually created to do
this
Looks like I found the command .
pfctl -s nat (from the command interface OR the
CLI)
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
Subject: [pfSense Support] NAT question
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 06-06-2007 3:56 pm
If I were
I have a follow on question about how to create
the rules for AON for the following NAT entries
.
nat-anchor pftpx/* all
nat-anchor natearly/* all
nat-anchor natrules/* all
#
# VARIOUS SPECIFIC NETWORK NAT RULES HERE
# (I've got this part figured out)
# VARIOUS SPECIFIC NETWORK NAT RULES HERE
Support] NAT question
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 06-06-2007 5:01 pm
David Strout wrote:
I have a follow on question about how to
create
the rules for AON for the following NAT
entries
You don't. The only thing you need to be
concerned about is nat on
blah
I have a specific need to allow clients of a
private net (connected to OPT3 w/ 10.10.10.0/24
reserved DHCP addresses) to connect to the LAN net
(145.191.112.0/20 static addresses via DHCP
reservations). BTW only a small supernet of
address are attached to the pfS box
(145.191.114.0/23).
The
Proof of concept - can this be done???
The customers scenario:
They have a pfS box with four interfaces (fxp0-3)
fxp0=WAN (static)
fxp1=LAN (192.168.1.0/24)
fxp2=DMZ (10.1.1.0/24)
fxp3=WLAN (192.168.2.0/24)
Everything works well and very reliably, but I
have two new networks (VLAN'd w/ Cisco
Now that I plowed through the VLAN issue. I have
been presented with another config question.
Is there any way to have captive portal active on
multiple interfaces?
I dug through the mail lists and the forum, but it
seems that the answer is a resounding no. So
naturally the next question is
I am trying to upgrade from:
1.2-BETA-1
to the latest snap:
pfSense-Full-And-Embedded-Update-1.2-BETA-1-TESTING-SNAPSHOT-05-14-2007.tgz
I am continually getting kicked from the
webConfigurator and then have to ssh to the box
and restart the web service (opt 11). I was
wondering if there is a
I did a reboot and still no go ... is the upgrade
from console available through an ssh session? I
don't see it in the options from ssh.
- Original Message -
Subject: Re: [pfSense Support] upgrading Soekris
4801
From: [EMAIL PROTECTED]
On 5/15/07, David Strout [EMAIL PROTECTED]
wrote
Soekris 4801
From: [EMAIL PROTECTED]
On 5/15/07, David Strout [EMAIL PROTECTED]
wrote:
I did a reboot and still no go ... is the
upgrade
from console available through an ssh session?
I
don't see it in the options from ssh.
Yes, option 13.
13) Upgrade from console
Scott
would reflash.
Scott
On 5/15/07, David Strout [EMAIL PROTECTED]
wrote:
I don't have that option. Here's what my ssh
session looks like:
*** Welcome to pfSense 1.2-BETA-1-embedded on
espfwvpn ***
WAN* - sis0-
xx.xx.xx.xxx
LAN
I am just booting the newest pfsense.img on a
Soekris and get a error:
Configuring CARP interfaces...done.
route: writing to routing socket: No such process
route: writing to routing socket: No such process
route: writing to routing socket: No such process
route: writing to routing socket: No
As usual, I installed the newest 1.2-BETA-1 and
found it to work great for my purposes. I have
come up against a question from several clients
that are now using pfS ...
Is/are there any plans for a session/cookie expire
button/menu item? I have found that there are
cases where someone has been
I just upgraded to the latest snap -
1.0.1-SNAPSHOT-03-23-2007
I am noticing some errors when editing rules and
then again when I try to save the rule.
The following error shows up when I edit a rule:
Warning: Invalid argument supplied for foreach()
in /usr/local/www/firewall_rules_edit.php on
Date: 03-26-2007 10:58 am
Fixed. Please test again about 2 hours from
now.
On 3/26/07, David Strout [EMAIL PROTECTED]
wrote:
I just upgraded to the latest snap -
1.0.1-SNAPSHOT-03-23-2007
I am noticing some errors when editing rules
and
then again when I try to save the rule
PROTECTED] 3/26/2007 11:05 AM
Download the latest snapshot in about 2 hours
and upload it as you did
on the previous one.
Scott
On 3/26/07, David Strout [EMAIL PROTECTED]
wrote:
Will I need to reapply the snap or just grab a
file or two from CVS and apply ???
BTW, thanks for the quick
Download the latest snapshot in about 2 hours
and upload it as you did
on the previous one.
Scott
On 3/26/07, David Strout [EMAIL PROTECTED]
wrote:
Will I need to reapply the snap or just grab a
file or two from CVS and apply ???
BTW, thanks for the quick reply!!
--
David L
This is the error I get when trying to change the
interface setting on the newest snapshot -
pfSense.img.gz 2007-Mar-26 14:19:42 23.3M
application/x-gzip
[Mon Mar 26 20:38:28 2007] [apc-error]
apc_fcntl_create: open(/tmp/.apc.gvBOOZ,
O_RDWR|O_CREAT, 0666) failed: Read-only file
system
[Mon Mar 26
are missing some patience, we are working on
the issue.
Holger
-Original Message-
From: David Strout [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 27, 2007 12:30 AM
To: support@pfsense.com
Subject: [pfSense Support] embedded image RO
file system ..
Am i missing something
imbessed
image errors ...
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 03-26-2007 7:22 pm
On 3/26/07, David Strout [EMAIL PROTECTED]
wrote:
This is the error I get when trying to change
the
interface setting on the newest snapshot -
pfSense.img.gz 2007-Mar-26 14:19:42 23.3M
-
Subject: Re: Re: [pfSense Support] newest imbessed
image errors ...
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 03-26-2007 8:21 pm
On 3/26/07, David Strout [EMAIL PROTECTED]
wrote:
The errors are gone and I am able to assign
interface params, but the halt option doesn't
seem
to work
, David Strout [EMAIL PROTECTED]
wrote:
Running on a Soekris 4801, it has always
worked
before ... i just noticed that it didn't work
when
i had the console cable connected ... usually
I
don't manage it that way except when I upgrade
and
have trouble.
This is also a Soekris 266/4801
Getting back into it here and I have been looking
to grab the latest
SNAP and test it in the lab ... but they seem to
have disappeared
fron Scott's dir. Can someone point me to them?
--
David L. Strout
Engineering Systems Plus, LLC
I see through CVStrack that it was pulled out some
time ago ... just
wondering if there is an update on this.
--
David L. Strout
Engineering Systems Plus, LLC
- Original Message -
SUBJECT: [pfSense Support] VPN NAT-T ??
FROM:[EMAIL PROTECTED]
TO:[EMAIL PROTECTED]
DATE: 01-01-2007 11:36 am
Pardon me if I am missing it somewhere, but I was
looking fo info on
what the SNAPSHOT's fix. Is there a page on the
forum or somewhere
where the details of the SNAPs are posted to see
if they are relevant
to bugs or fixes that we might need to apply. I
have looked on the
forum in the release
All,
I was so impressed w/ the A/A HEAD version while
checking it out on bootable ISO that i put it
right into production between lab segments and
pulled out the 1.0.1 version for the time being.
HoRAHH, this has some real promise and looks great
(added features).
Any timeline on when some of
I noticed some time ago that there are some nice
screen shots of a pfSense w/ user managment
incorporated into the weConfigurator. I am really
excited to see this feature come into play on
pfSense. By any chance are these the alpha,
alpha versions? I posted about this some time
ago and was
Is it my imagination or has the web interface
slowed down? I just upgraded to the official
RC3 and the GUI (webConfigurator) seems MUCH, MUCH
slower a screen redraws and refreshes.
--
David L. Strout
Engineering Systems Plus, LLC
Engineering Systems Plus, LLC
- Original Message -
Subject: Re: [pfSense Support] 1.0-RC3 ?
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 10-08-2006 1:21 pm
I really dont see how on earth this is possible.
What browser?
On 10/8/06, David Strout [EMAIL PROTECTED]
wrote
: [pfSense Support] 1.0-RC3 ?
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 10-08-2006 11:43 am
http://forum.pfsense.org/index.php/topic,2308.msg13469.html#msg13469
-Original Message-
From: David Strout
[mailto:[EMAIL PROTECTED]
Sent: Sunday, October 08, 2006 3:33 PM
To: support
,
and safari and I don't see anything even
remotely close to what you
describe.
And how does flashing have anything to do with
being slow?
On 10/8/06, David Strout [EMAIL PROTECTED]
wrote:
I tried it in all three (IE, Firefox, and
Mozilla
(on Linux)). All of which are the latest
version
endless long to start the pfsense, but I
think it's a side-effect of the embedded RAID-5
controller...
Martin
-Ursprüngliche Nachricht-
Von: David Strout [mailto:[EMAIL PROTECTED]
Gesendet: Sonntag, 8. Oktober 2006 20:27
An: support@pfsense.com; support@pfsense.com
Betreff: Re: RE
Just a quick question about the RC2a,b,c,d,e.tgz files ... should we be applying these to an existing RC2 install, and if so what is the preferred method of applying these patches?--David L. StroutEngineering Systems Plus, LLC
http://forum.pfsense.org/index.php/topic,1383.0.html
I am baffled by the above post on the forum. Like
it or not pfS devs ... PPTP is here to stay and
has it place in networking. I am not a big
supporter of it personally and I am fully aware of
its inherent risks and vulnerabilities. But I
I just did an update to
RELENG_1_SNAPSHOT-07-23-2006, and the only thing
that I see that isn't working are the rrd graphs.
All I get is a little box that says traffic graphs
sometimes when I refresh the screen they show
up, but most times when I go to that page
initially the little box
I get this warning when I look at the DHCP leases
page. I have seen this behavior after rc1.
I did several upgrades (snapshot releases) and am
currently running:
RELENG_1_SNAPSHOT-07-09-2006
And this is the errorI get at the top of the page:
Warning: Invalid argument supplied for foreach()
in
, David Strout [EMAIL PROTECTED]
wrote:
I get this warning when I look at the DHCP
leases
page. I have seen this behavior after rc1.
I did several upgrades (snapshot releases) and
am
currently running:
RELENG_1_SNAPSHOT-07-09-2006
And this is the errorI get at the top of the
page
@pfsense.com
Date: 07-11-2006 1:32 pm
On 7/11/06, David Strout [EMAIL PROTECTED]
wrote:
I get this warning when I look at the DHCP
leases
page. I have seen this behavior after rc1.
I did several upgrades (snapshot releases) and
am
currently running:
RELENG_1_SNAPSHOT-07-09-2006
I noticed that there is a 07.03.2006 snapshot up
on the site ... is there any way to do a firmware
update on the embedded platform, or does it
require a flash re-burn using the img file.
--
David L. Strout
Engineering Systems Plus, LLC
.
-Original Message-
From: David Strout
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 06, 2006 12:54 AM
To: support@pfsense.com
Subject: [pfSense Support] ? on embedded ...
I noticed that there is a 07.03.2006 snapshot
up
on the site ... is there any way to do a
firmware
update
A question regarding pfS on embedded
I have a 512MB CF and the SYSTEM OVERVIEW always
shows 91% disk usage, and if I ssh to the box and
do a df -h it shows a couple of filesystems as
full ... is this correct, a known issue, or am I
burning the flash incorrectly?
I use the command
.
Holger
-Original Message-
From: David Strout
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 06, 2006 2:06 AM
To: support@pfsense.com
Subject: [pfSense Support] another ? on
embedded ...
A question regarding pfS on embedded
I have a 512MB CF and the SYSTEM OVERVIEW
First of all KUDOS to all!!
I just upgraded to BETA3, and everything seems to
work well that I have had a chance to test:
DHCP
PPTP
IPSec
Traffic Shaping
logging GREAT JOB
rules
aliases
routing
I have two questions ... are there any plans to
integrate PPP (dial-up) support into
One other thing (maybe because I upgraded w/ tgz
rather than doing a full/clean intall), but I
noticed that the firmware page has changed ...
only option is to do a manual firmware upgrade ...
did the auto upgrade feature go away .. or should
I try a clean install from ISO?
--
David L. Strout
Everyone,
Some nice additions to this rel. .. KUDOS!!
A question though on port redirecting ...
Here is the setup:
-- pfSense boxes acting as a contractor GW w/
LAN, WAN, OPT1(DMZ) and OPT2(PROXY)
-- WAN is static (business DSL w/ 8 addresses) w/
global IP.
-- LAN is private
to do, but try a
Port Forward on the LAN interface and redirect
all source to all dest
port 80 to the proxy port on the IPCop. Ditto
for HTTPS, although I'm
not sure you can transparently proxy HTTPS.
--Bill
On 4/7/06, David Strout [EMAIL PROTECTED]
wrote:
Everyone,
Some nice additions
I have pfS configured on a high-end Compaq server
4proc w/ a 4 disk array and 12 network interfaces
and have it set up w/ 2 million states and never
run into trouble on that specific server. I have
several heavily populated networks connecting on
different interfaces and dual WAN setup with
Can anyone make a good reccomendation for a
supported Mini-PCI Wireless b/g card?
--
David L. Strout
Engineering Systems Plus, LLC
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
.
Holger
-Original Message-
From: David Strout
[mailto:[EMAIL PROTECTED]
Sent: Sunday, February 26, 2006 11:36 PM
To: support@pfsense.com
Subject: [pfSense Support] Mini-PCI Wireless
Recomendations
Can anyone make a good reccomendation for a
supported Mini-PCI Wireless b
Just upgraded to the latest SNAPSHOT (02-20-06)
from BETA1 and a few thing I notice are:
First, Logging still IS NOT working, I now have no
logs even if the show RAW logs option is
checked. If I run the command /usr/sbin/tcpdump
-l -n -e -ttt -v -i pflog0 from an ssh session I
get traffic but
Just upgraded to the latest SNAPSHOT (02-20-06)
from BETA1 and a few thing I notice are:
First, Logging still IS NOT working, I now have
no
logs even if the show RAW logs option is
checked. If I run the command
/usr/sbin/tcpdump
-l -n -e -ttt -v -i pflog0 from an ssh session
I
get
I may be jumping the gun a bit here, but wanted to
ask about the user rights that I see depicted in
the PIC images. BTW, I am still running BETA1
(pfSense-LiveCD-1.0BETA1.iso), so if this feature
is in the current BTSnapShot then BAM please let
me know.
I have a real need for this at one site
The command: /usr/sbin/tcpdump -l -n -e -ttt -i pflog0Gives logs like this:000319 rule 35/0(match): block in on fxp1: 24.39.185.75.36838 24.39.185.78.1408: S 1674449733:1674449733(0) win 1024You'll notice ... NO PROTOCOL INFO !!!But, a command like this: /usr/sbin/tcpdump -l -n -e -ttt -v -i
logs
no show
From: [EMAIL PROTECTED]
To: support@pfsense.com
Date: 02-05-2006 1:53 pm
Uhh, then you're not on a pfSense box?
On 2/5/06, David Strout [EMAIL PROTECTED]
wrote:
[EMAIL PROTECTED]:~# find / -name filter.inc
[EMAIL PROTECTED]:~#
[EMAIL PROTECTED]:~# ls -al /etc/inc
/usr
/filter.inc does exist, look at
CVSWEB and you will see
that this is where the file lives.
http://cvs.pfsense.com/cgi-bin/cvsweb.cgi/pfSense/etc/inc/
I generally post MD5's on the official beta
builds, not on the snapshot builds.
On 2/5/06, David Strout [EMAIL PROTECTED]
wrote:
I beg your pardon
1 - 100 of 176 matches
Mail list logo