[pfSense Support] Next proxy for pfSense firewall
Hello, I'm setting up pfSense as a deparmental firewall within my network in order to seperate a specific LAN from the rest of the world. In order to access the Internet by means of HTTP or FTP protocols I must refer my browser to a proxy server. When I try to download any packages (CVS) the browser just times out and I don't get any pages served up. I think I need a next proxy to be set in order for the pfSense machine to access the Internet through the proxy, but I haven't found any setting of this type anywhere in the web interface. Does such a parameter exist? must it be set manually in a configuration file? Thanks in advance for any help Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Next proxy for pfSense firewall
Do you mean the pfSense itself has to go to the internet through a proxy? This is not supported and there are no settings for it. The package manager tries to access the package repository at pfsense.com and is not able to utilize a proxy for that. Maybe you can setup rules at the proxy to allow only the pfsense transparently through or unproxied access? Holger -Original Message- From: Joseph Favia Jr. [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 10:58 AM To: support@pfsense.com Subject: [pfSense Support] Next proxy for pfSense firewall Hello, I'm setting up pfSense as a deparmental firewall within my network in order to seperate a specific LAN from the rest of the world. In order to access the Internet by means of HTTP or FTP protocols I must refer my browser to a proxy server. When I try to download any packages (CVS) the browser just times out and I don't get any pages served up. I think I need a next proxy to be set in order for the pfSense machine to access the Internet through the proxy, but I haven't found any setting of this type anywhere in the web interface. Does such a parameter exist? must it be set manually in a configuration file? Thanks in advance for any help Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, Holger Bauer [EMAIL PROTECTED] wrote: Do you mean the pfSense itself has to go to the internet through a proxy? This is not supported and there are no settings for it. The package manager tries to access the package repository at pfsense.com and is not able to utilize a proxy for that. Maybe you can setup rules at the proxy to allow only the pfsense transparently through or unproxied access? Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, Bill Marquette [EMAIL PROTECTED] wrote: Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ FWIW, I just commited the changes to move the configuration of this into /etc/inc/globals.inc. Still will require modification after each upgrade, but that file is a tad smaller and if you are/were running CARP, means your rule sync will still work. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] ftp forwarding
On Jan 3, 2007, at 8:57 PM, nix4me wrote: I have pfsense setup and i have a ftp server on 192.168.1.102. I set up NAT inbound for the ftp port (2121) and also the passive ports (4-40100) to go to 192.168.1.102. I let the firewall rules autogenerate. http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowTo smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] ftp forwarding
Vivek Khera wrote: On Jan 3, 2007, at 8:57 PM, nix4me wrote: I have pfsense setup and i have a ftp server on 192.168.1.102. I set up NAT inbound for the ftp port (2121) and also the passive ports (4-40100) to go to 192.168.1.102. I let the firewall rules autogenerate. http://wiki.pfsense.com/wikka.php?wakka=IncomingFTPHowTo Thanks for the reply. I actually have it working nicely. I am not using the ftp helper because i assign the passive port range manually to my ftp server (proftpd). All that is required is inbound NAT for the control port and active port (control -1) and then a NAT for the passive range (4-40100 in my case). Then let the firewall rule autogenerate. Works perfectly. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Hi, Is the modified globals.inc file kept anywhere that can be downloaded? I tried modifying the xmlrpc_client.inc file myself but keep getting an error when I attempt to access the packages. A complete example would be appreciated. This is the message in the system log : php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 Thanks joe Scrive Bill Marquette [EMAIL PROTECTED]: On 1/4/07, Bill Marquette [EMAIL PROTECTED] wrote: Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ FWIW, I just commited the changes to move the configuration of this into /etc/inc/globals.inc. Still will require modification after each upgrade, but that file is a tad smaller and if you are/were running CARP, means your rule sync will still work. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Next proxy for pfSense firewall
http://cvstrac.pfsense.com/chngview?cn=16046 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 4:47 PM To: support@pfsense.com Subject: Re: [pfSense Support] Next proxy for pfSense firewall Hi, Is the modified globals.inc file kept anywhere that can be downloaded? I tried modifying the xmlrpc_client.inc file myself but keep getting an error when I attempt to access the packages. A complete example would be appreciated. This is the message in the system log : php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 Thanks joe Scrive Bill Marquette [EMAIL PROTECTED]: On 1/4/07, Bill Marquette [EMAIL PROTECTED] wrote: Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ FWIW, I just commited the changes to move the configuration of this into /etc/inc/globals.inc. Still will require modification after each upgrade, but that file is a tad smaller and if you are/were running CARP, means your rule sync will still work. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Squid transparent proxy
And how can you expect help if you don't give any information to work from!!! As extremely brilliant as the developers are... they cannot read your mind (or your problems, which seem abundant) If you want help... be willing to work a bit, or be gone! -Tim -Original Message- From: SDamron [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 03, 2007 6:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] Squid transparent proxy You have just earned your 15 minutes of fame, now everyone on the entire internet can google search your name and come up with the profound statement you just made...congratulations. On 1/3/07, Tim Martin [EMAIL PROTECTED] wrote: Yea, fuck you too, asshole! lol Bill Marquette wrote: On 1/3/07, Tim Martin [EMAIL PROTECTED] wrote: Excuse me for saying anything at all! You're excused. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Stop Spam Now: http://www.spamarrest.com/affl?4025320 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- --- A fight to the death between zombies has a few inherent problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? Cheers Joe Scrive Bill Marquette [EMAIL PROTECTED]: On 1/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Thanks alot Bill! I've tried the changes but I still get an error, although different. I have no control over the proxy machine so I can't get much info from that box to help me understand what doesn't work. I'm going to upgrade the release of pfSense first and then try with both the production proxy and another proxy that can be used for testing purposes, which I will be able to access and eventually modify. I'll try to produce some feedback. OK, think I fixed it. Pull down the files in http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested it at work, seems to be fine now. I'd like some feedback from people NOT running proxies on whether this change breaks packages for them or not. I'd like to MFC this today if possible so I can forget about it :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Joseph Favia Jr. Security Consultant Tel. Fisso: 0803855397 Tel. Mobile: 3486712036 Fax: 0803855950 Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DLgs. 196/03 e collegate), questa mail รจ destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. E' proibito leggere, copiare, usare o diffondere il contenuto della presente mail senza autorizzazione. Se avete ricevuto questo messaggio per errore, siete pregati di rispedire lo stesso al mittente. Grazie. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? lol, good point. I'll work on that in a bit. Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dynamic DNS
is possible to add support to dnspark.net? https://www.dnspark.net/api/dynamic/update.php?hostname=$HOSTip=$IP it's similar to other services. Or to add an Custom option where the parameters can be loaded direcltly for any service. PD: Sorry for my english __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
I'm not seeing that on my test install. You might make sure that the changes you made to xmlrpc_client.inc have been reverted. --Bill On 1/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hello, Another side effect that I've been seeing is the following after applying any changes in the policy: Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pkg-utils.inc:908) in /usr/local/www/firewall_rules_edit.php on line 335 Any thoughts? Joe Scrive [EMAIL PROTECTED]: Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? Cheers Joe Scrive Bill Marquette [EMAIL PROTECTED]: On 1/4/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Thanks alot Bill! I've tried the changes but I still get an error, although different. I have no control over the proxy machine so I can't get much info from that box to help me understand what doesn't work. I'm going to upgrade the release of pfSense first and then try with both the production proxy and another proxy that can be used for testing purposes, which I will be able to access and eventually modify. I'll try to produce some feedback. OK, think I fixed it. Pull down the files in http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested it at work, seems to be fine now. I'd like some feedback from people NOT running proxies on whether this change breaks packages for them or not. I'd like to MFC this today if possible so I can forget about it :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Remote administration through WAN interface
http://faq.pfsense.org/index.php?action=artikelcat=10id=41artlang=en; highlight=webgui%20wan If your WAN is in a private range you als oneed to disable the block private subnets at interfaceswan. Holger -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:31 PM To: support@pfsense.com Subject: [pfSense Support] Remote administration through WAN interface Hello, I would like to allow remote administration of a pfSense firewall by means of a web browser (http) but cannot get it to work through the WAN interface. (Yeah, I know the implications of such a configuration! I'd like to change it to https once I get it to work...) There apparently are no precise settings to be made, so I thought it was only a matter of filter rules on the WAN interface. After defining the rules I see a PASS in the log, but my browser still fails to connect to the web interface. Is it something forbidden by design? Did I miss some setting? or do I have to set up some port forwarding rules even for access to the pfSense box? Thanks in advance Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RE: ****SPAM**** [pfSense Support] Dynamic DNS
The HEAD version (Developementversion of pfSense 2.0) already has a custom option to do so. You'll just have to wait for this version to come out (release when it's done, don't ask). ;-) Holger -Original Message- From: pablo hide [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 7:41 PM To: support@pfsense.com Subject: SPAM [pfSense Support] Dynamic DNS is possible to add support to dnspark.net? https://www.dnspark.net/api/dynamic/update.php?hostname=$HOSTip=$IP it's similar to other services. Or to add an Custom option where the parameters can be loaded direcltly for any service. PD: Sorry for my english __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense on WRAP
Timo Boettcher wrote: * nix4me [EMAIL PROTECTED] wrote: I have a WRAP board (266mhz 128mb ram). I've read where pfsense takes up more resources than the 1.22 version of m0n0wall but I don't see any talk of how much more. Will pfsense run ok on my WRAP for my home 10mbit/1mbit cable connection? Works for me here (same wrap, 10Mbit/1MBit DSL-line). Didn't do any load test other than throughput, though. Especially, I didn't test high packetrate apps (p2p-filesharing) or crypto-stuff (vpn). Timo Well it seems to be holding its own. At idle, it reports ~5% CPU and ~40% memory usage. With a full 10mbit download, it was up to ~50% / 50%. So it seems to be working within its limits. Im running ftp server but no p2p. The configuration webpage speed is a tad sluggish, but I can live with that as long as it routes without slowdown. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
