On 1/23/06, Chris Buechler [EMAIL PROTECTED] wrote:
Ideally, I'd do what Bill described, since the routing is much nicer,
and the filtering capabilities are much better.
One note on that. Since we currently can't filter traffic coming in
off the IPSec tunnel, this setup would actually increase
General rule of thumb is that if FreeBSD 6 supports it, it'll work. I
don't have any machines with PCIe busses, but I can highly recommend
the Intel cards (em driver) for PCI/PCI-X bus machines.
--Bill
On 1/23/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hello all,
We have just brought a
Nope, valid question, valid concern. Even though it doesn't directly
affect us, we're applying the fix anyway.
--Bill
On 1/25/06, David Strout [EMAIL PROTECTED] wrote:
I see that after doing
# cat /etc/pf.conf | grep scrub
#scrub in all
Sorry for jumping the gun and the added noise.
I did your research for you because I was curious. I'd suggest you
look a little harder before spreading FUD. If you aren't going to
bother spending five minutes doing correct research, I'm certainly not
going to go out of my way implementing uninteresting features which I
don't need or use.
FYI, you can also syslog to a remote host. And there's numerous
syslog daemons for Windows if you don't have another unix machine to
direct the syslog traffic at.
--Bill
On 1/27/06, Insik Lee [EMAIL PROTECTED] wrote:
On 1/26/06, Insik Lee wrote:
Right now I'm having some issues with
On 1/30/06, Rainer Duffner [EMAIL PROTECTED] wrote:
Hello,
we need to allow access to a certain subnet from *, except for some
hosts, which should only be allowed from specific IPs.
I have, in rules.debug:
pass in quick on $wan proto tcp from $FIRSTEXTIP to $hostalias1 flags
S/SA keep
On 1/30/06, Rainer Duffner [EMAIL PROTECTED] wrote:
What open issues are there left in the current beta1 or pre-beta2?
I'm not doing anything right now. Due to interoperability-issues with
MS-ISA-SERVER 2004, we're not even doing VPN. I just need filtering to
work for now
Here's the known
On 1/31/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Hi all.
Just a question: is it possible to protect the console menu asking a
password, like what it happens when you log in via ssh?
Thank you in advance.
Yes, go to System: Advanced in the webUI. There's an option there
for the
Real mail clients don't care :)
--Bill
On 2/5/06, Holger Bauer [EMAIL PROTECTED] wrote:
The problem is, it can break mailing list archives and start new topics
though it only is an answer to an already existing one. I'll keep it in
international settings for now until somebody is
On 2/6/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Woops, try this link:
http://www.pfsense.org/mirror.php?section=tutorials/policybased_multiwan/policybased_multiwan.pdf
On 2/6/06, Scott Ullrich [EMAIL PROTECTED] wrote:
On 2/6/06, Brad Bendy [EMAIL PROTECTED] wrote:
Ive been running
On 2/6/06, Brad Bendy [EMAIL PROTECTED] wrote:
Yeah, exactly! Another twist to is acutally then have CARP on top of the whole
thing for failover firewalls :) I knew I would have to use Virtual IPs, but
im still confused on how I would define the new default gateway for the
second subnet, and
We're also waiting on review of these:
http://cvstrac.pfsense.org/rptview?rn=16
And I personally would like some more feedback on the shaper changes
that went in right after beta1. I have reason to believe it's still
broken (looking like a possible FreeBSD issue), but confirmation
outside of
By any chance do you have any of these:
Synchronize rules
Synchronize aliases
Synchronize nat
Synchronize ipsec
Synchronize Wake on Lan
Synchronize Static Routes
Synchronize Load Balancer
Synchronize Virtual IPs
Synchronize traffic shaper
Synchronize DNS Forwarder
Synchronize to IP
Checked or
On 2/16/06, Chris Green [EMAIL PROTECTED] wrote:
I am running PFSense 1.0b1. I am having an issue with outbound NAT Mapping
not working properly and am looking for some assistance.
The firewall has an outside IP address of x.x.x.66. It has an additional IP
address of x.x.x.67 set as a
On 2/16/06, Colin Baker [EMAIL PROTECTED] wrote:
Thanks for the reply. I did upgrade to the latest BIOS, but I'm still
seeing the same Boot error message. This was previously running
m0n0wall on another CF card, so it should have been all set for booting
from flash. It is a larger (1GB)
On 2/18/06, Luiz Vaz [EMAIL PROTECTED] wrote:
Another thing, i setup my VMWare image with php dbg. Now i´m using it to
debug the php code while i write some custom things.
After, i compiled the pecl-radius extension to php and it is working
fine!
So, can i send to the list the
Not sure if you've tried this, if it'll make a difference, or what
exactly it'll do, but try
Prefer old IPsec SAs in System-Advanced
I'm having no problems with my tunnels, pfsense-pfsense and
pfsense-nortel contivity, but they're both network tunnel configs with
static IPs, not road warrior.
On 2/20/06, John Cianfarani [EMAIL PROTECTED] wrote:
Holy crap Batman! This might have fixed it.
Did a little bit of testing only with the pix as the remote client it
comes up after simulated power outages and builds the tunnel again
without issue.
Tested with long/short SA see how it reacts
You've horribly butchered bits vs bytes. Everything in the shaper
wizard is in bits. A 6Mb connection is 6Megabits, not 6MegaBytes,
hence the 600KByte download (notice the conversion I did?) FYI, if
you have 5 lines, you probably want to reserve 5 x line rate - if line
rate is 96Kb/sec then you
On 2/21/06, John Cianfarani [EMAIL PROTECTED] wrote:
Where are they put out? I never saw anything on the list/blog/ or
pfsense homepage?
In just about every traffic shaper related thread in either the lists
or the forums (which I rarely visit - the list is the best place to
get my attention).
The permissions code is only in HEAD and will not make it into 1.0.
--Bill
On 2/23/06, David Strout [EMAIL PROTECTED] wrote:
I may be jumping the gun a bit here, but wanted to
ask about the user rights that I see depicted in
the PIC images. BTW, I am still running BETA1
Try the following diff:
Index: services.inc
===
RCS file: /cvsroot/pfSense/etc/inc/services.inc,v
retrieving revision 1.72.2.24
diff -u -r1.72.2.24 services.inc
--- services.inc21 Feb 2006 05:58:30 - 1.72.2.24
+++
ok, try this diff out then:
Index: services_dhcp.php
===
RCS file: /cvsroot/pfSense/usr/local/www/services_dhcp.php,v
retrieving revision 1.38.2.9
diff -u -r1.38.2.9 services_dhcp.php
--- services_dhcp.php 20 Feb 2006 21:02:12
Thanks for the update. I just spent a number of hours on the shaper
and think I found the problem. This does appear to be an OS level bug
but I've sort of worked around it in our config. Beta 2 is just
around the corner, the fixes, which require the wizard to be re-run
(I've enforced this for
Wow, I ran that code for the better part of a year and didn't discover
that :-/ I do recall having a /29 and making use of adv. outbound NAT
though, but come to think of it, I wanted CARP so delegated PPPOE
termination to the modem. Hmmm...Just to clarify (it's early and I
haven't looked at the
On 2/27/06, Robert Goley [EMAIL PROTECTED] wrote:
I will retest with Beta2. I had the same results that John reported
with Vonage lines. I only had to test it with one of the lines.
Robert
Thanks...the workarounds kinda suck IMO and we're still seeing issues
on WRAPs (but not all of
:
Physhical interface.
Like redirect lan to squid server.
Redirect all pppoe_clients to squid server
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: 27 February 2006 15:00
To: support@pfsense.com
Subject: Re: [pfSense Support] outbound nat on pppoe
Wow, I
On 2/27/06, Charles Sprickman [EMAIL PROTECTED] wrote:
Since I was bitching about Vonage, I'll be sure to grab the latest
snapshot and see what happens.
Of note, I know that we're still not getting stuff in the right queues
- I've been sidetracked with this much larger issue. So, don't be
Same behaviour currently. I'll probably end up just changing the
wording of that option, not the behaviour as I'm not willing to break
peoples existing configs. This might get changed for a potential
Beta3 (I wouldn't be surprised if we have one as we have more work to
do on the shaper that
On 3/5/06, Szasz Revai Endre [EMAIL PROTECTED] wrote:
I tried booting BETA2 today on an old ibm ~166mhz.
It goes up until the screen where a big floppy appears (when did you
change the bootloader ? :) ).
I have an option to press F1 .. And afterwards nothing happens.
Any idea?
Big
it at low speed. Hmm the bootloader isn't a big floppy
then, that must be some stupid menu from IBM..
Usually I do test, but you replied faster than i imagined :D:D
Thanks!
On 3/5/06, Bill Marquette [EMAIL PROTECTED] wrote:
On 3/5/06, Szasz Revai Endre [EMAIL PROTECTED] wrote:
I tried booting
On 3/14/06, John Wells [EMAIL PROTECTED] wrote:
Guys,
I've been working through my first pfsense install, and have been
extremely impressed with all design decisions...until this morning.
My configuration is pretty easy:
- LAN
- WAN
- DMZ
- DMZ for wireless with PPTP VPN into LAN
On 3/15/06, Peter Curran [EMAIL PROTECTED] wrote:
I have been asked to setup a couple of pfsense boxes as a high-availability
pair, using CARP. One problem is that only 5 public IP addresses are
available for the site and 4 are needed to access servers on the DMZ.
Do all four need high
On 3/15/06, Simon O'Sullivan [EMAIL PROTECTED] wrote:
And in what cases should each of these virtual IP's be used?
CARP would typically be used for a high availability setup. This
would be when you either have (or plan to have) two firewalls in a
redundant setup and a virtual address floating
On 3/16/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Maybe the new card is overpowering the power supply. I have lockups
as well when I use certain 12v power supplies on my Soekris units...
He stated this was on a server, not a WRAP/Soekris. :) But I can
second the sentiment on the Soekris
Hmmm...what model Intel NICs are these? I'll try and get a couple
boxes together at work as I've got a ton of the dual and quad port
PCI-X cards.
--Bill
On 3/26/06, Simon O'Sullivan [EMAIL PROTECTED] wrote:
Is there anyone out there who has successfully setup a carp system with
Intel gigabit
On 3/29/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Uhhh, whats the difference from freebsd's rc.conf and in this case!?
The CARP passwords would be listed in rc.conf on a stock FreeBSD
system, too... So I fail to see your point.
I believe he's talking about the remote sync password. Not much
On 3/30/06, Jason J Ellingson [EMAIL PROTECTED] wrote:
But, could the rules be applied to data being received from a tunnel?
With mobile IPSec clients (ignoring PPTP as an option), there is no way to
control data received. You can only have filters on what goes into a tunnel
and not what is
On 3/30/06, Scott Ullrich [EMAIL PROTECTED] wrote:
On 3/30/06, Bill Marquette [EMAIL PROTECTED] wrote:
Hmmm...I did some work on porting enc(4) over from OpenBSD - I don't
recall how far I got though (or for that matter, where that work
is...I suspect I just lost it two weeks ago in a hard
Yeah...just do the opposite of what you did to set it up :) go into
the carp settings, select all the sync options, point it at the newly
rebuild box, hit save...it'll sync across - uncheck all the sync
options so you can go back to being the slave box. CARP should still
be master at this point.
On 4/4/06, Randy B [EMAIL PROTECTED] wrote:
And yes, we are open to replacing it with something else if someone
wants to do the plubming.
If given the choice between ntp.org
(http://ntp.isc.org/bin/view/Main/NTPcopyrightStatement) and OpenNTP
(OpenBSD), which would you prefer?
Don't know
On 4/5/06, Charles Sprickman [EMAIL PROTECTED] wrote:
I just thought I'd share this. While searching for a patent, I ended up
with an error page that mentioned pfsense:
The requested URL could not be retrieved
While trying to retrieve the URL: http://patimg1.uspto.gov/.piw?
The
On 4/5/06, Denny [EMAIL PROTECTED] wrote:
just upgrade successfully.
remove and re run the traffic wizard.
choose the lan and wan interface.
after wizard finish and done reloading,
i goto traffic shaper menu and it say rule changes and need to reload.
so i click the apply changes button.
On 4/5/06, Charles Sprickman [EMAIL PROTECTED] wrote:
On Wed, 5 Apr 2006, Bill Marquette wrote:
On 4/5/06, Charles Sprickman [EMAIL PROTECTED] wrote:
I just thought I'd share this. While searching for a patent, I ended up
with an error page that mentioned pfsense:
The requested
patch to our altq-vlan.diff :) If you replaced altq-vlan.diff with
Angelo's that's all that was needed.
--Bill
On 4/5/06, Scott Ullrich [EMAIL PROTECTED] wrote:
I have updated the altq-vlan.diff patch, but what is the 2nd patch for?
On 4/5/06, Angelo Turetta [EMAIL PROTECTED] wrote:
I was
] wrote:
Bill Marquette
[EMAIL PROTECTED] wrote in
message
news:[EMAIL PROTECTED]
msntp and openntp size comparison
pfsense
# ls -la `which msntp`
-rwxr-xr-x 1 root wheel 455176 Nov 28 16:29 /usr/local/bin/msntp
openbsd
$ ls -la `which ntpd`
-r-xr-xr-x 1 root bin 38784 Feb 14 23:40
I probably don't fully understand what you're trying to do, but try a
Port Forward on the LAN interface and redirect all source to all dest
port 80 to the proxy port on the IPCop. Ditto for HTTPS, although I'm
not sure you can transparently proxy HTTPS.
--Bill
On 4/7/06, David Strout [EMAIL
On 4/7/06, David Strout [EMAIL PROTECTED] wrote:
Thanks for the reply.
Yes, I am trying to redirect all http(s) traffic
(while not interrupting any other traffic) to the
proxy server on the OPT2 network to either
transparently proxy or possibly authenticate users
for http(s) access. I
Haven't seen that one before (and I just upgraded my main box to the
4-08 snapshot). What happens if you delete that rule (I assume it's
not needed based on your wording)?
--Bill
On 4/10/06, William Armstrong [EMAIL PROTECTED] wrote:
phantom rule is inserted on my system config.xml
PS...proxy arp virtual IP type _might_ do what you want, I suspect not though.
--Bill
On 4/10/06, Bill Marquette [EMAIL PROTECTED] wrote:
On 4/10/06, William M. Sandiford [EMAIL PROTECTED] wrote:
Is it possible to add IP aliases to the LAN interface? I would like to have
more than one IP
On 4/10/06, William M. Sandiford [EMAIL PROTECTED] wrote:
I want to do the equivalent of the following from a FreeBSD rc.conf file
where fxp0 is the interface (can be sis0 or whatever)
ifconfig_fxp0=inet 1.1.1.1 netmask 255.255.255.0
ifconfig_fxp0_alias0=inet 2.2.2.2 netmask 255.255.255.0
On 4/11/06, Randy B [EMAIL PROTECTED] wrote:
On 4/5/06, Vivek Khera [EMAIL PROTECTED] wrote:
ISC's ntp is well known and understood and considered very accurate.
I see no other choice.
After Running OpenNTP for a while now, I feel less uncomfortable with it -
after the first 12 hours or
On 4/11/06, Roy Walker [EMAIL PROTECTED] wrote:
Forgive me, I must not be understanding you. You mean something
upstream from the firewall, like your ISP's gateway address? That
doesn't make any sense. Why would you take a web cluster off-line
because the upstream gateway went down?
The
On 4/13/06, Guilherme Oliveira [EMAIL PROTECTED] wrote:
Hi.
How can I do Raid with pfSense without vinum, gmirror or ccd ?
Is there some package to install ?
Thanks in advance.
Hardware RAID controllers are supported. If you really want software
RAID, you'll have to roll your own image.
On 4/13/06, Guilherme Oliveira [EMAIL PROTECTED] wrote:
Well, I'll do it but I don't know how can pfSense be used in corporate
environments if it can't do RAID. And I don't know a better place of a
firewall other than a corporation.
I would expect the decision to utilize RAID to be followed
Yes.
http://cvstrac.pfsense.com/rptview?rn=21
--Bill
On 4/16/06, Ash Varma [EMAIL PROTECTED] wrote:
so.. is there a changelog for the snapshot releases ?
On 4/16/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Please help us test!
http://forum.pfsense.org/index.php?topic=1043.0
I plan
On 4/17/06, Craig Roy [EMAIL PROTECTED] wrote:
A complete reinstall using Beta2 was required and complete manual setup of
Rules and NAT and Load Balance to continue operations.
Static Routes does not permit allocating OPT1 as a Gateway.
No need to enter the static routes for the monitor IP
The slbd errors can be safely ignored for WAN load balancing - I've
replied that elsewhere (forum I believe) and will be cleaning up those
info messages for RC1. I'll need a copy of your /tmp/rules.debug,
/var/etc/slbd.conf, and /conf/config.xml and a netstat -rn output
would be useful to
Can you clarify the Monitor IP is Bad IP address error? I don't
know where you're seeing that (other than during boot).
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On 4/18/06, Nate Steffan [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
On 17 Apr 2006 16:16:37 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
After bootup I would not like to show the pfsense menu. This is a security
risk for me as pressing 8 will give a root shell. I would instead
Horizon IT Consultants
[EMAIL PROTECTED]
AUSTRALIAN RESELLER
FOR
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 19 April 2006 1:53 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] pfSense Beta3 available
Can you
Scott
asked for them.
Kindest Regards,
Craig Roy
Horizon IT Consultants
[EMAIL PROTECTED]
AUSTRALIAN RESELLER
FOR
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, 19 April 2006 3:07 PM
To: support@pfsense.com
Subject: Re
On 4/19/06, Nate Steffan [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
On 4/18/06, Nate Steffan [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
On 17 Apr 2006 16:16:37 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
After bootup I would not like to show the pfsense menu
On 4/23/06, Anders D. Hansen [EMAIL PROTECTED] wrote:
On Apr 20, 2006, at 18:12 , Scott Ullrich wrote:
I have Beta1 running on an embedded device and want to replace this
box with a server running Beta3.
Can I import the configuration from Beta1 and install this on the new
server
On 4/23/06, Sithi [EMAIL PROTECTED] wrote:
Hello,
This is our current situation,
We have 25 workstations connected together by LAN
We have 2 different ISP connection, both static, same DNS servers, but
different gateways
At present we have 2 sets of LAN, one connecting 10 computers to
I see this error once or twice in a google search, but no answers.
--Bill
On 4/24/06, PFsense Question [EMAIL PROTECTED] wrote:
Hello,
Since we upgraded are PFsense machine from Beta 2 to Beta 3. It has happened
two
times that are dhclient has died unexpectedly. The error from the
On 4/24/06, Sithi [EMAIL PROTECTED] wrote:
thanks Mr. Bill
As you had said, this
Quote
Does this web site tie it's session authentication to IP address? IE,
if a user comes in using two different source addresses will they get
kicked out? If so, WAN load balancing won't work for you
On 4/26/06, mOjO [EMAIL PROTECTED] wrote:
the epic struggle continues...
i have Cable internet with a 8mb download and 768kb upload. my pfSense
box is an old AMD K6-2 350mhz box with 128MB ram.
i used the traffic shaper wizard (god bless the wizard) to configure my
QoS and it does work but i
How much RAM in the box? Just a guess, you used a swap partition with
the hard drive install, but didn't with the CF install (gee, I can't
possibly imagine why not ;-P) and have less than 64M ram.
--Bill
On 4/26/06, Tim Roberts [EMAIL PROTECTED] wrote:
I have a piece of junk test box that
On 5/4/06, Pedro Paulo de Magalhaes Oliveira Junior
[EMAIL PROTECTED] wrote:
Hello, I'm thinking about developing an IPS to pfsense. Does anybody knows
how to kill tcp connection or udp connection in pf based in string match?
For specific states, to use pf(4) to kill it you will need to add
Update /etc/platform to read pfSense instead of embedded I believe.
--Bill
On 5/10/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
I run pfsense on a wrap platform. I'm aware of the differences in the image
(R/O CF mount, no packages, etc).
I'd like to replace my CF card with a 1GB (or larger)
Sounds like you upgraded the box, but not the pfSense development
checkout. Follow the full directions for building an update and you
should get a beta4 tarball.
--Bill
On 5/11/06, Tommaso Di Donato [EMAIL PROTECTED] wrote:
Hi guys!
Just a question: I'm compiling a modified version of
On 5/11/06, D.Pageau [EMAIL PROTECTED] wrote:
On 4/26/2006 10:03 AM, Henk van Kester wrote:
It looks like the OPENVPN log is not working? (Beta3)?
I confirm on BETA4 log are in system.log instead of openvpn.log
I've also found a cutpaste error in diag_logs_openvpn.php where
- ?php
On 5/12/06, thomas hahusseau [EMAIL PROTECTED] wrote:
Hello,
I would like to know if it's possible to run the OSPF protocol on PFSense
via a plug-in (in this case where is it ?) or via a routing daemon like
quagga or zebra (in this case how can i compile this demon on whith pfsense
? there is
This also has been answered before. Use google.
--Bill
On 5/12/06, thomas hahusseau [EMAIL PROTECTED] wrote:
Hello,
i would like yo install routing demons Quagga on pfsens i found quagga
package for freebsd and transfered it on pfsense the install it , but
quagga.info tell me to modify the
Well for me...I have commit access to pfSense, I don't for Sonic or Cisco ;-P
For everyone else...
1. Good luck getting a quick patch for a small bug from Cisco -
personal experience tells me that unless it's a sev 1 (network down)
AND you have a good support contract with them, you won't get
This...
struct pf_state {
u_int64_tid;
u_int32_tcreatorid;
struct pf_state_host lan;
struct pf_state_host gwy;
struct pf_state_host ext;
sa_family_t af;
u_int8_t proto;
u_int8_t direction;
As previously mentioned, this is entirely unsupported.
Use your FreeBSD system admin skillz to do the following:
pkg_add -r quagga
And then configure to your hearts content. And this has absolutely
been discussed - two seconds of googling came up with this:
On 5/16/06, Peter Curran [EMAIL PROTECTED] wrote:
Bill
Thanls for that info - looks like all states are going to set most of these
data chunks, so are likely to be bumping the 1K mark.
On a related point. I have bumped my max state size to 100K states. My
master is running with around 33K
On 5/17/06, Chris Buechler [EMAIL PROTECTED] wrote:
Bill Marquette wrote:
It's as secure as the switches vlan implementation.
That and your switch configuration. Refer to your switch vendor's
documentation on recommendations for secure VLAN configurations. Even
though Cisco has gone to great
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using dedicated (untagged) vlans for each port in a
trunk configuration is a good idea too if your switch supports this.
Trunked vlans? How this looks like?
Again, I think my terminology is getting the better of me.
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
On Wed, 17 May 2006 15:32:41 -0500
Bill Marquette [EMAIL PROTECTED] wrote:
On 5/17/06, Ispánovits Imre [EMAIL PROTECTED] wrote:
True, seconded :) Using dedicated (untagged) vlans for each port in a
trunk configuration is a good idea
32bit 33Mhz PCI slots? 500Mbit...approx.
--Bill
On 5/18/06, Ebay [EMAIL PROTECTED] wrote:
I am using an MSI motherboard with a 2 gig Celeron processor, 512 megs ram,
and 3ea realtec gigabit network cards. Does anyone know what kinda
thoughput would be possible in this configuration. I
On 5/26/06, Scott Ullrich [EMAIL PROTECTED] wrote:
Okay if nobody has anything else rolling I need hard numbers on what
to implement. What are we going with...?
Let's try to keep this from flaming each other and keep it
constructive if possible. Either way this issue must change for 1.1.
Why are you sending DNS queries from the outside world to dnsmasq?
Shouldn't these be forwarded to your bind server so that the world
view gets matched instead of your internal view?
--Bill
On 5/27/06, Paul Willard [EMAIL PROTECTED] wrote:
I've got a dns server locally which uses views.
from
Per the forum he's running Beta 2. He's been advised to upgrade to
the latest beta as there were numerous load balancer fixes commited
after beta 2.
--Bill
On 5/30/06, Ebay [EMAIL PROTECTED] wrote:
did you change the gateway in the FirewallRulesLan to the load balancer
you created? I only
Anti-spoofing is important and a sufficient use case. Please try to
convince us why we're wrong. We're not going to spend any time trying
to convince you why we're right.
--Bill
On 6/1/06, Molle Bestefich [EMAIL PROTECTED] wrote:
Scott Ullrich wrote:
I agree with Bill.
Covered that one
traffic with a source IP from the network(s) directly connected
to the specified interface(s) from entering the system through any other
interface.
--Bill
PS. how many threads are we going to have for this?
On 6/1/06, Chris Buechler [EMAIL PROTECTED] wrote:
Molle Bestefich wrote:
Bill
Wow, I go off and have a few beers and this turns into a 25 message discussion!
On 6/1/06, Randy B [EMAIL PROTECTED] wrote:
I find it irrelevant to the discussion what others are doing, though :-).
Simply that this concept is alien to me, and I'm trying to grasp
context - the more outside
On 6/2/06, Molle Bestefich [EMAIL PROTECTED] wrote:
Eric, thanks for providing use cases!
Sadly, I think I can dismiss them as requiring per-interface rulebases.
At the least, I'll try. You be the judge :-).
Eric W. Bates wrote:
A small IT company. Has a DMZ for their web/mail etc. Has a
On 6/5/06, Chris Buechler [EMAIL PROTECTED] wrote:
Ah, ok, yeah you're right on that. But that's useless. Who cares what
the destination port was prior to NAT? That only matters if you open
up, say, port 88 and 888 on the WAN, going to the same internal host on
the same internal port, say
On 6/6/06, Angelo Turetta [EMAIL PROTECTED] wrote:
I think filtering both before and after NAT is out of scope (pf is not
designed to do that).
correct
What could be easily done to alleviate 'the missing' would be to add to
the 'rdr' UI the possibility to specify the FROM part of the rule.
On 6/6/06, Lawrence Farr [EMAIL PROTECTED] wrote:
So do you set these up as virtual IP's then? Or is it a recent change
(im still on RELENG_1_SNAPSHOT_03-26-2006).
No, allowing source address to be used in the port forward syntax
isn't in RELENG_1 and won't be. I think it's a good idea and
Not sure that we enable tunnel to tunnel routing. Not sure if there's
an option either, but that's what I'd look for.
--Bill
On 6/7/06, Brad Bendy [EMAIL PROTECTED] wrote:
Hello,
I have a setup as follows:
Core-Firewall
- -
- -
? I hope that but for version
1.0 it has to be done this way.
Holger
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 07, 2006 7:56 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] IPSEC Firewall Rules
Not sure that we enable tunnel
ntop package or pfflowd package and use a collector.
--Bill
On 6/8/06, Oscar Rylin [EMAIL PROTECTED] wrote:
Hi,
We're running pfSense on our company LAN (public /24, no NAT), filtering out
unwanted traffic, using pptp VPN etc. - everything's working great!
That said,
I'd love being able to
You'll need a rule for the remote networks that bypasses the load
balance rule and just uses the default gateway. The way we have load
balancing working with multiple wans bypasses the kernel routing
table.
--Bill
On 6/9/06, Bo Rasmussen [EMAIL PROTECTED] wrote:
Hello all,
We have setup one
I answered this in another thread ([pfSense Support] pfsense beta-4
multiple ipsec clients from lan to wan) less than two hours ago.
--Bill
On 6/9/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi,
I just updated to latest releng_1 and it still has this same problem.
I have a carp+dual wan
Src port: *
Dst: 192.168.150.0/24
Dst port: *
Gateway: wan1 gw.
So the 192.168.150.0/24 is my remote pvn network, and the other the local LAN.
Is this what you propose?
Kind regards,
Bo
-Oprindelig meddelelse-
Fra: Bill Marquette [mailto:[EMAIL PROTECTED]
Sendt: 9. juni 2006 16:40
Til
On 6/13/06, Raja Subramanian [EMAIL PROTECTED] wrote:
On 6/13/06, Holger Bauer [EMAIL PROTECTED] wrote:
beta4 doesn't report this, but RC1 is sending some syslog info about the
monitor IP:
Jun 13 09:33:08 slbd[412]: Service wanpool changed status, reloading
filter policy
All the
201 - 300 of 769 matches
Mail list logo