On 13/11/10 02:01, Karsten Becker wrote:
Hi all.
I have the problem that if I'm connected with OpenVPN (Ubuntu 10.04), I
get stalled copies when doing scp. CIFS copies work.
Has anybody an idea where to start fire fighting or by what this could
be caused?
try reducing MTU, or, unblocking
On 25/10/10 16:33, James Bensley wrote:
pfSense doesn't allow you to configure an IP address, mask and gateway
for every interface on the box, only the interfaces assigned as LAN
and WAN.
for the sake of the record, that's entirely wrong... the web ui allows
you add new interfaces and rename
On 17/11/10 04:01, Chris Buechler wrote:
On Tue, Nov 16, 2010 at 1:13 PM, Paul Mansfield
it-admin-pfse...@taptu.com wrote:
On 16/11/10 14:48, James Bensley wrote:
After completing it I installed Tunnelblick on my MacBook Pro running
it works, but dns is not set,
Not that I've seen, having
On 16/11/10 14:48, James Bensley wrote:
After completing it I installed Tunnelblick on my MacBook Pro running
it works, but dns is not set, you have to use tap device and then dhcp
on the Mac does its trick... otherwise you have to create a special
network profile called openvpn or something
On 21/10/10 14:23, James Bensley wrote:
If anyone comes across this on the archives, due to the lack of a
compiler et all I found no way to achieve compiling SA on pfSense
pfsense is based on freebsd 7.2, get a copy here...
ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/7.2-RELEASE/
you
argh, sorry, I didn't see the 2.0 bit... don't know which version it
uses, but the same would apply, use pkg_add and if needed set the env
var so it can find the package repository.
but I would advise grabbing the appropriate version of freebsd and using
that as a build platform rather than
On 15/10/10 18:15, Gavin Spurgeon wrote:
Does pfSense support the RTL8100CL Nic ?
possibly yes, possibly no
a year ago I used a dell vostro 220 as a firewall for a satellite
office, the realtek onboard interface worked fine
then I used a vostro 230, and freebsd refused to recognise the onboard
On 19/10/10 13:36, Vincent Hoffman wrote:
On 19/10/2010 12:32, Paul Mansfield wrote:
On 15/10/10 18:15, Gavin Spurgeon wrote:
Does pfSense support the RTL8100CL Nic ?
possibly yes, possibly no
a year ago I used a dell vostro 220 as a firewall for a satellite
office, the realtek onboard
On 14/10/10 23:44, Gavin Spurgeon wrote:
Just stumbled upon this cool little PCI card over @ LinITX.com
...
mode, If I had a pfSense unit that could use this (or similar) PCI card
I could scrap my current Cheap Home Router and just have a pfSense box
connected direct to my ISP.
having
On 15/10/10 15:17, Luke Jaeger wrote:
Certain sites refuse to fully load behind our pfsense 1.2.2 firewall.
it sounds a bit like MTU being broken
try reducing mtu to 1400?
-
To unsubscribe, e-mail:
On 28/09/10 17:53, Chuck Mariotti wrote:
I purchased an Internet Connected Samsung HDTV for my home in Canada and
as Chris B says, get a VPS in geographic area of choice and set up a VPN
on local network, set up VPN end point with a routing policy to send
traffic from your TV to the VPS. you
On 10/09/10 03:02, Kevin Tollison wrote:
I would look at the brand of CF card. ... I remember Kingston being one of
them
I will never use kingston after reading this:
http://www.bunniestudios.com/blog/?p=918
-
To
On 07/09/10 20:24, bsd wrote:
Here are the results of the test you have asked :
great, thanks for that, useful to know that linux and freebsd give
similar performance as a basic router.
I'd imagine using a kernel customised for the specific processor you
could get a performance boost with both
On 06/09/10 21:58, bsd wrote:
I have made a simple configuration which looks like that :
Station_1 WAN pfSense_FW LAN Station_2
it'd be interesting to compare the same hardware running linux; if you
don't feel like installing, boot a live CD; just ifconfig the
interfaces, and turn on IP
On 07/09/10 09:41, Rabeendran, Rajeevan wrote:
Hello
I have a problem when i copy a huge File over 2GB between WAN -LAN -WAN.
The Firewall breaks the connection. Is there a limit?
It is not a FTP connection, just a normal NFS connecion.
I've been able to download DVD ISOs (suse linux
On 12/08/10 23:51, RB wrote:
Pretty much any port you allow out (or even SSL websites) raw will
have this problem and you'll never reach 100% closure. You can
approximate 100% with application proxies that monitor for and cut off
abberrant behavior, but they'll never be perfect.
indeed,
On 01/09/10 16:00, Michael Riglin wrote:
options, I wanted to ask the list for any experience-based
recommendations on low power consumption appliances for purchase that
have enough CPU power to support 100 Mbps and above. (Quality and
future-proofing is more important than cost.)
the jetway
On 02/09/10 19:52, Karl Fife wrote:
did you login to try tcpdump, and use ntpq -c lpeers and similar?
Has anyone else has seen OpenNTPD fail similarly? I've never seen my
other pfSense instances drift by more than a few hundred milliseconds.
We have some market traders that rely on a very
On 04/08/10 12:49, Stefan Baur wrote:
I know that I could log to an external syslog server, however, in my
follow the changes I suggested previously on this list, whereby you bind
existing syslog to localhost and newsyslogd to LAN and get existing
syslog to repeat logging to newsyslogd
On 10/08/10 03:32, Chris Buechler wrote:
if your provider provides ipv6 as well as ipv4 and devices on your lan
are also ipv6, then you're more likely to have a major security breach??
has IPv6, you can end up with a public IPv6 address either via
stateless autoconfiguration or DHCPv6 and be
On 10/08/10 12:59, Mark Wiater wrote:
I'd actually prefer however to access information in the system from the CLI.
This would actually allow me to gather other information like states per host
for instance, on an automated basis.
I would suggest setting up munin, install munin-node on yr
thinking aloud...
if your provider provides ipv6 as well as ipv4 and devices on your lan
are also ipv6, then you're more likely to have a major security breach??
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For
On 07/08/10 06:06, Tortise wrote:
My ISP advised us not use common private LAN addresses for this
Woops - sorry for being misleading. I meant (and use) random numbers
taken from within the private address ranges. (10.x.x.x etc)
rfc1918, IIRC, actually says to choose a random range.
at $JOB
On 09/08/10 17:57, Nathan Eisenberg wrote:
thinking aloud...
if your provider provides ipv6 as well as ipv4 and devices on your lan
are also ipv6, then you're more likely to have a major security
breach??
It's only really thinking out loud if you including your reasoning, otherwise
it's
On 05/08/10 06:51, David Burgess wrote:
my DSL and LAN ports will be on the same switch, different vlans. This
...
what are my risks? I know it has been said on this list that WAN and
if you can clearly label the switch so that you yourself cannot make a
mistake when connecting cables
if you
On 05/08/10 07:53, Seth Mos wrote:
Do note, that if you ever write the device from start to end that this
negates the wear levelling. It then only has the spare cells on the
drive or card to remap blocks (~7%).
does freeBSD support trim with SSDs?
On 04/08/10 18:31, Tim Nelson wrote:
There is no option for legacy mode in the BIOS. :-(
presumably there's no PS2 keyboard port?
or if there is, your keyboard isn't the type which can turn into a ps2
keyboard using the oversized purple usb-to-ps2 plug thing that some come
with?
I have a ps2
On 05/07/10 16:37, David Rees wrote:
I've got a system (1.2.3, set up in a cluster) which has a couple of
...
phantom rules - rules that exist in the config.xml file, but don't
...
It appears that somehow they lost their interface element and since
it occurred to me, could you not re-create
On 30/06/10 21:29, Luke Jaeger wrote:
thanks Jim -
I got the impression from reading the pfsense forum that there is a way
to block https for specific domains by denying the connect method - am I
understanding this wrong?
you should definitely be able to create an ACL for access to
On 28/06/10 07:56, bsd wrote:
Hello,
I have configured couple of devices for clients based on large disk size (160
Go or 250Go) - I would like to know if It is possible to increase the size of
the clog limit for log rotation… or if it is possible to entirely remove
the clog system and
On 14/06/10 16:16, Paul Mansfield wrote:
On 09/06/10 21:58, John Busch wrote:
- I could SSH into 192.168.9.1, and the session would last 5-10
seconds before freezing (^C, ^Z did nothing).
it sounds as if you had two openvpn clients running at the same time,
are you using shared key?
I've also
On 01/06/10 18:05, Ian Bowers wrote:
But all a router is
really doing is passing traffic from the ISP into the LAN. As long as
you configure it to just pass traffic and allow telnet/ssh access from
the LAN only, there is really very little to exploit.
a simple cisco 2600 series router with
On 01/06/10 11:29, Adam Egan wrote:
Hi all,
Odd problem.
Attachments take an AGE to download from Hotmail.
As far as I can tell it does not affect our POP3 mail or Google Mail.
I have pfSense 1.2.2 with squid running as a transparent proxy. No
fancy routing, just NAT.
MTU path
On 31/05/10 08:23, bsd wrote:
I am looking for a guide or an answer that could help me to understand how
pfSense is architectured
maybe buy the book off amazon?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For
On 12/04/10 16:56, Charles Goldsmith wrote:
My home pfsense has been rebooting on me periodically and I haven't
been able to figure out why. It seems to be on a 36 hour schedule.
From the logs, I don't see much:
the logs seem to show only what happened after reboot
consider setting up an
On 08/04/10 12:33, innocent.mayu...@pccb.go.tz wrote:
Dear support,
We are using pfsense and with a subscribed bandwidth of 1 Mb up and down.
While monitoring through the RRD Graphs we are not going past 600 bits/s
Kindly advice what we can amend or configure in order to monitor our true
On 06/04/10 17:39, Tim Dressel wrote:
On Tue, Apr 6, 2010 at 3:05 AM, Paul Mansfield
I've found ntop to be hit and miss in terms of stability, when it works
...
I found darkstat to be more reliable if a bit basic
[trimmed old text; please also consider trimming when responding to posts
On 02/04/10 20:12, Tim Dressel wrote:
super stable. But with the ntop package things goes south quickly. I've
I've found ntop to be hit and miss in terms of stability, when it works
it works well but for certain combinations of
environment/build/phase-of-the-moon it's unstable to the point of
On 05/04/10 16:55, Chris Buechler wrote:
Without a pcap showing the actual traffic, there's no telling what's
happening. The only sure thing is neither the client or server is
closing the TCP connection if you see it as ESTABLISHED:ESTABLISHED.
worth using TCPDUMP on the firewall and looking
On 30/03/10 17:06, Bastian Schern wrote:
Do you have an idea how to find out were the problem with asymmetric
routing is?
traceroute from each endpoint to the other and use tcpdump on firewalls
to observe if the packets go where you expect them?
On 18/03/10 16:21, Joseph Rotan wrote:
Hi,
i'm curently jammed in setting up VPN on my pfsense box been reading all
the discussion it seems most have achieved a VPN configuration. I not
specialise on IT pros but interested to learn. Is there anyone could
please help me out in setting up
I would like to fix/break wpad as suggested here:
http://www.mercenary.net/blog/index.php?/archives/42-HOWTO-WPAD.html
is there any way to insert the additional dhcp configuration options
into pfsense's dhcp configuration - there's no text field to allow
arbitrary insertion of my own config - so
On 26/02/10 10:38, Abdulrehman wrote:
I need to setup an OpenVPN scenario with pfsense. I want to connect to a
remote network and also want to use the gateway of that remote network.
Means if i am connected to VPN then all my internet traffic will go out
through gateway of that network. Is it
On 16/02/10 05:42, Chris Buechler wrote:
This depends on how much you trust your switches, and more so, how
much you trust your admins. It's usually easier to inadvertently
configure something on the wrong VLAN than it is to plug something
into the wrong switch. Especially if you have people
yes, it works. for each WAN, specify a gateway. in NAT specify advanced
outbound rules and have a rule for each WAN
on the rules for each LAN, ensure that you specify the outbound interface
-
To unsubscribe, e-mail:
On 02/02/10 14:41, Zhu Sha Zang wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I'm receiving a lot of this typo of messages in my wan:
1. 692357 rule 39/0(match): block in on re0: 0.0.0.0.68
255.255.255.255.67: BOOTP/DHCP, Request [|bootp]
stick a rule at the top to quietly drop
just a heads-up really about new IPv4 blocks now in use, so check your
bogon filter update scripts are working and you don't drop 1/8 and 27/8
Paul
-- Forwarded message --
From: Leo Vegoda
Date: 2010/1/21
Hi,
The IANA IPv4 registry has been updated to reflect the allocation
of
On Tue, Jan 12, 2010 at 8:50 PM, Ugo Bellavance u...@lubik.ca wrote:
I'm running pfsense 1.2.2 on a pentium 4, 3.0 ghz, 1 GB RAM. HDD install.
When I start a download from a nearby centos mirror, directly from the
firewall (using fetch), I get the full bandwith available from my ISP (60
On 08/01/10 18:39, Ruben Lacumba wrote:
Hi,
new comer to pfsense, hearing interesting to pfsense, i plan to deploy
please don't hijack threads
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional
if you put multiple lines of configuration in an openvpn server config,
all the end of lines are lost and the whole lot is run together on one
line when you look at the generated /var/run/openvpn_serverXX.conf file
am running the full pfsense1.2.3-release, upgraded from previous versions
is this
On 08/01/10 16:21, Tim Nelson wrote:
- Paul Mansfield it-admin-pfse...@taptu.com wrote:
if you put multiple lines of configuration in an openvpn server
config,
all the end of lines are lost and the whole lot is run together on
one
line when you look at the generated /var/run
I tweak /etc/inc/system.inc so that syslogd is bound ONLY to localhost,
and then I can set pfsense to also log to another local IP, then install
syslog-ng on that IP so that I can do interesting things to the logs and
also push them remotely.
Please can you change the default configuration by
can't see why not, connect its WAN to your LAN, and in wan port rules
permit access to squid from the WAN, you'll have to configure clients
to point to it, or adjust existing firewall rules
you'd probably want to configure its GUI and SSH to be permitted from
the WAN port too.
On 07/01/10 15:13, Robert Mortimer wrote:
Agreed - Though in our case they aren't supposed to be grownups as
this is a grade 7 thru 12 secondary school. And the students using Tor
sounds like you ought to be signing them up to a CIA training school
instead :-)
You can still personal
On 05/01/10 16:11, Luke Jaeger wrote:
Has anyone had any success blocking Tor thru pfsense/squidguard? Some of
our savvier students are starting to use it to get around the content
filters ...
that's a classic case of having a permit any + deny specific policy.
You'll have to turn it round,
On 06/01/10 16:46, Robert Mortimer wrote:
On 05/01/10 16:11, Luke Jaeger wrote:
Has anyone had any success blocking Tor thru pfsense/squidguard?
Some
of
our savvier students are starting to use it to get around the
content
filters ...
that's a classic case of having a permit any + deny
On 18/12/09 10:58, Tapani Tarvainen wrote:
On Fri, Dec 18, 2009 at 11:13:45AM +0200, Tapani Tarvainen
(pfse...@tapanitarvai
I took a stab at hacking filter.inc and modified it so that if
there's source-address modifier in the nat rule, it uses it
as source in the rdr entry.
Does anybody
On 18/12/09 07:26, Seth Mos wrote:
Op 17-12-2009 11:35, Paul Mansfield schreef:
has anyone upgraded a pfsense cluster running 1.2.2-release to 1.2.3?
Yes.
am using many CARP addresses on WAN and LAN ports, IPSEC, OpenVPN, and
advanced outbound nat.
I am using multiple WAN connections
has anyone upgraded a pfsense cluster running 1.2.2-release to 1.2.3?
am using many CARP addresses on WAN and LAN ports, IPSEC, OpenVPN, and
advanced outbound nat.
am just being uber cautios!
-
To unsubscribe, e-mail:
On 14/12/09 23:47, Jeppe Øland wrote:
As for the PCIe wireless card: it's a MSI brand card, using a Ralink NIC.
(MS-6894, Ralink chip: RTL8187SE)
I guess thats a RealTek wireless card ... probably next to useless for
pfSense or?
realtek != ralink
yup, that's a realtek
since reading some
On 15/12/09 14:35, Seth Mos wrote:
Paul Mansfield schreef:
On 14/12/09 23:47, Jeppe Øland wrote:
As for the PCIe wireless card: it's a MSI brand card, using a Ralink
NIC.
(MS-6894, Ralink chip: RTL8187SE)
I guess thats a RealTek wireless card ... probably next to useless for
pfSense
On 13/12/09 05:07, Jeppe Øland wrote:
Just stumbled over this:
MSI Industrial WindBOXII
http://www.logicsupply.com/products/ms_9a25
Not cheap - but it's got everything in a nice pre-packaged box.
nice! it has an Intel NIC. not sure what options there are for mini-PCIe
cards with gigabit
On 12/12/09 16:19, Nenhum_de_Nos wrote:
I couldn't upgrade from webui from 1.2.3-RC1 to Release
I upgraded a 1.2.3-RC1 to -Release this morning, uploading the full
update via web ui and it just worked (TM), so you must have been
unlucky :-/
On 14/12/09 14:13, Duncan Hall wrote:
Today I had an issue where the pfsense firewall (1.2.3RC3) could not
access the remote syslog on another server because of a network fault
(dead switch).
The end result of this was the firewall stopped responding after
behaving intermittently. I imagine
I just upgraded a 1.2.1-release directly to 1.2.3-release with no
hitches at all. wasn't a particularly busy box but still relatively
important, and no complaints so far!
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
On 11/12/09 15:00, R. M. Molenaar wrote:
How did you update youir box?
With an update file or new full installation?
with the update file using the web ui.
-Oorspronkelijk bericht-
Van: Paul Mansfield [mailto:it-admin-pfse...@taptu.com]
Verzonden: vrijdag 11 december 2009 15
On 11/12/09 15:50, David Burgess wrote:
I've been happily using 1.2.3-RC1 for many months now on a Soekris
net5501 and a 100GB 2.5 SATA drive. I like the idea of an embedded
system on a CF card, but that's not possible or advisable for me as
I'm running the squid and freeswitch packages.
can
you'll have to renumber, or some some horrendous bodging with multiple
nat boxes at both sites which will cause more pain!
meanwhile, a message from 13 years ago in rfc1918.
http://www.faqs.org/rfcs/rfc1918.html
If two (or more) organizations follow the address allocation
specified in this
On 06/12/09 07:21, mehma sarja wrote:
64GB SSD is under a hundred bucks now and it seems a fanless REGULAR
system (Atom 323) is do-able which should make for an awesome pfsense
application. Any Atom smashers out there?
see mail archives, there was a flurry of discussion about ita few months
snipped excess quoting - please learn to trim!
On 04/12/09 11:02, Gabriel - IP Guys wrote:
Basically, what I want to do is have traffic come in on my secondary
ISP, and return packets return out the correct interface, instead of
being blocked. Is that possible?
what people initially thought
On 04/12/09 16:08, Joseph L. Casale wrote:
I have been asked to monitor traffic, per user through our openvpn
pfsense setup, as its
setup for filtering (Therefor I know what ip each user uses), I
presume this can easily be
done by looking at traffic between the opt int and the lan int.
On 11/11/09 20:29, Vick Khera wrote:
my traffic over it. That is, I'd like to configure firefox to use a
local proxy (either socks5 or regular proxy, what have you) that then
uses the privacy forwarding via one of these services.
I find proxyproxy firefox extension/plugin is very powerful,
I'd be very interested if there was a project to add varnish reverse
proxy to pfsense. It claims to be both linux and freebsd compatible.
http://varnish.projects.linpro.no/
One could of course hack it in manually but having it as even the
simplest package would be nice.
Paul
On 11/11/09 15:39, Scott Ullrich wrote:
On Wed, Nov 11, 2009 at 10:21 AM, Rainer Duffnerrai...@ultra-secure.de wrote:
varnish also works in 32bit FreeBSD.
At least for test-purposes, it did for me.
You have to limit the amount of RAM it grabs, though, or it will crash
immediately.
Even with
On 11/11/09 01:12, Chris Buechler wrote:
On Tue, Nov 10, 2009 at 8:04 PM, Mattmnaism...@gmail.com wrote:
Hi,
I have a router behind pfsense with multiple internal subnets behind that.
Will a pfsense port forward from the WAN to any of my internal subnets work
? Assuming pfsense can route to
On 27/10/09 15:42, Jeppe Øland wrote:
Has anybody tried pfSense with a board like this?
http://www.avalue.com.tw/products/ECM-945GSE.cfm
Dual Marvell 88E8053 Gigabit Ehternet
hmmm.
-
To unsubscribe, e-mail:
On 22/10/09 20:04, Chris Flugstad wrote:
I cant reach an endpoint from 1 location, but can reach it from
somewhere farther up the stream. It's not dying on my end. The admin for
the other end is scratching his head.
sounds like someone upstream has an out of date bogons filter?
So. anyone
On 15/10/09 18:25, Ryan wrote:
Does anyone make an atom board with intel onboard. I'd rather intel if
i had my choice. I have seen a couple of flexatx atom boards that look
real promising, but they don't have intel nics.
I built a box with a jetway atom board and triple intel gigE daughter
On 16/10/09 16:41, Eugen Leitl wrote:
On Fri, Oct 16, 2009 at 04:35:07PM +0100, Paul Mansfield wrote:
I built a box with a jetway atom board and triple intel gigE daughter
board - search the mail archives - pfSense booted fine and detected the
onboard realtek as re0 and the intels as em0
On 16/10/09 17:27, Curtis Maurand wrote:
Check this one out. It should work just fine. Very inexpensive.
http://www.newegg.com/Product/Product.aspx?Item=N82E16816101262
pretty good box at the price; I guess it would be a bit noisy for a home
or office environment, 1U server fans tend to
On 13/10/09 15:32, Luke Jaeger wrote:
I have all my users (teachers students) on the same LAN. I'd like to
block students from Facebook but still allow it for teachers. Can I do
this without an additional LAN segment? Maybe by means of LDAP groups?
use squid, implement username/passwords and
On 09/10/09 07:58, Curtis LaMasters wrote:
I would also like to note that I am only having this issue on 2
interfaces which both happen to be VLAN interfaces. I hope that
helps.
if you're using a managed switch, is it reporting any errors?
if Ciscos see bpdus incorrectly they can go into
On 07/10/09 18:47, Evgeny Yurchenko wrote:
Has anybody noticed this behavior?
The simplest set up: two pfSenses with LAN WAN and CARP on both
interfaces (with separate interface for SYNC).
When there is little traffic active pfSense sends CARP packets with
priority 0 every second, everything is
On 08/10/09 02:13, Anil Garg wrote:
Will something like this work and be secure enough.
no.
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial
On 05/10/09 10:26, Jeremy Bennett wrote:
Is there a way to flush everything stored on the device but the config?
open a shell and take a peek in /var/named and see if there's anything
obvious; be careful to delete only files and not directories otherwise
things will break.
sorry to be
On 04/10/09 20:26, Teletreff wrote:
Best Choice for small Switches is Netgear (Many Models in all Categories)
personally I'd rather take my chance with a second-hand Cisco off ebay
(which is what I did at home) - a 24 x 10/100 port switch with a couple
of gigabit uplinks for home file
I assume you're retyping the config rather than giving us
grep -v ^# squid.conf
you sure the cache size 1500 is 1500MB and not 1500KB? is it using
sufficient disk space? if the disk cache is too small it'll be pointless
having it.
also, have you turned logging level up too far, if you log
On 30/09/09 12:57, Chris Bagnall wrote:
So, a couple of questions for other multi-WAN users if I may:
1) is this workaround still necessary in more recent versions of pfSense
(=1.2.3)?
2) if so, is there any way to work around the two limitations above?
use sftp instead?
:-P
On 28/09/09 15:20, Joseph L. Casale wrote:
...
Interface VLAN tagDescription
em2 50 NegriBossi
In the Interface Assignment Tab, I have:
Interface Network port
LAN em0
WAN bge0
OPT1em1
OPT2VLAN 50 on em2
you
please can /etc/inc/system.inc be changed so that syslogd ONLY binds to
127.0.0.1 rather than *.*.*.*
this makes it much easier to also install syslog-ng so that you can
supplement the local clog stuff with a full log and reflect it to a
remote site (you'd install syslog-ng, make it bind to, say,
On 22/09/09 11:00, Jure Pečar wrote:
I have a simple pfsense setup that does NAT for our office.
we found that desktop streaming clients were quite tolerant of
nat-related issues but mobile phones were not, and as a consequence when
we set up darwin streaming server behind pfsense with port
On 22/09/09 17:36, Scott Ullrich wrote:
That is normal. Traffic on the firewall itself prefers the system
routing table. Clients behind the firewall will prefer the IPSEC
tunnel. Pretty sure that is documented somewhere on the doc site.
if you want connections initiated by the
On 09/09/09 21:22, Dominik Schips wrote:
Hello,
I'd like to ask how to backup pfSense the correct way?
I installed rsync on the pfsense box and added a cron job so that it
could copy over all configs, current and old, to an offsite server. it
runs a few times a day as we don't make too many
Bill Marquette wrote:
I'm sure there's a good reason to have triple redundancy, but I can't
I think you can reach a point where too much redundancy can make the
system so complex as to be hard to manage and so user error probability
will rise and make things less complex.
Borowicz, Paul wrote:
The solution seems to be to change the MTU on the terminal to 1400, this
allows for the MTU overhead of 40 for citrix and 60 for the VPN (as far
as I understand).
so long as you're not blocking icmp and killing MTU path discovery you
shouldn't need to set MTU anywhere.
Chris Buechler wrote:
On Fri, Aug 28, 2009 at 6:47 AM, luismiasturlui...@gmail.com wrote:
After a failover, ipsec will negotiate everything again no?
yes, and you do get a short drop-out but it is useable; we have two
sites each with master/slave pfSense using CARP clustering and ipsec
could you force squid + transparent proxying to record traffic usage and
use some clever squid configs and cron to change behaviour?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail:
Leon Strong wrote:
Yep, i'm wondering if it's something else causing the issue now..
I've attached a screenshot image of where the bootup hangs (in verbose
mode)., also, the box hasn't actually hung if you alt-ctrl-delete -
this appears to using the same driver for the controller on the
Joseph L. Casale wrote:
Anyone know what is involved in setting up a cert when using a windows CA?
I can use OpenSSL on a Linux host to do the conversion from the format the
Windows CA outputs (I don't know if I can output it natively?). What do I
use for the RSA private key, or more to the
Kevin Kimani wrote:
telnet: Unable to connect to remote host: Connection timed out
two words: nat reflection
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
1 - 100 of 263 matches
Mail list logo