On 9/28/06, Captain Bablam <[EMAIL PROTECTED]> wrote:
OK good to know thank you,
Are there plans to support quagga? I thought I saw that on the
list a while back?
Time. 'nuf said.
--Bill
-
To unsubscribe, e-mail: [EMA
lol. Oh well, too late, it's been beheaded.
--Bill
On 10/3/06, Roberto Greiner <[EMAIL PROTECTED]> wrote:
I don't know exactly how or why, but after about 14 hours reporting
errors, suddenly msntp decided to work and updated the timeinfo properly.
Oct 3 14:52:53 msntp[82526]: msntp: 2006 Oc
On 10/3/06, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
Hi !
Does anyone have the same problem:
Traffic to IPSEc remote LAN works via from LAN subnet, but nor from WLAN
subnet (with atheros chipset) ?
Any try to get it running fails...
Even with LAN: all to all rule and WLAN all to all rule !?
On 10/4/06, Benoît Beaujault <[EMAIL PROTECTED]> wrote:
Hello,
More and more applications, due to firewall filtering, move to HTTP, is
it in the roadmap of pfsense to propose a fonctionnality to filter some
applications over HTTP (peer-to-peer, MSN, ICQ and so on) ?
Start by forcing all your us
On 10/4/06, Captain Bablam <[EMAIL PROTECTED]> wrote:
I have pushed Openvpn through a bluecoat successfully,
Do you know if it is a configuration option or does it kill the
connection irrespective of configuration?
Wade B
Not sure why it doesn't work. I can get the initial connect
On 10/5/06, Brian Quinn <[EMAIL PROTECTED]> wrote:
Hi,
I just migrated from monowall where I has happy enough until it started to
lockup and had to be manually rebooted every few days.
I restored the monowall config.xml in to pfsense and all seemed to be
working.
Or so I thought. Users can no
On 10/5/06, Alan Walters <[EMAIL PROTECTED]> wrote:
Been looking at the ath hal version on pfsense and considering testing
latest version from sam but can not seem to find how to add this into
our
Build routine.
We are running "0.9.16.16" in pfsense and "0.9.18.0" is the latest. How
could we add
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: 05 October 2006 19:10
To: support@pfsense.com
Subject: Re: [pfSense Support] re: ath-hal
On 10/5/06, Alan Walters <[EMAIL PROTECTED]> wrote:
> Been looking at the ath hal version on pfsense and considering tes
On 10/6/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
It's under firewall>nat, portforward. Should be pretty obvious what to do there.
Additionally turn on nat reflection at the very bottom of system>advanced. This
will make the internal server reachable from the wan by it's public IP.
Holger
On 10/8/06, Kristofer Kiik <[EMAIL PROTECTED]> wrote:
Hi,
There does not seem to be a GUI option to limit traffic coming in
through IPSEC. Once you have IPSEC negotiated, all traffic that comes
through that connection has a green light to all of your
lan/dmz/whatever.
I have an IPSEC traffic co
On 10/8/06, Kristofer Kiik <[EMAIL PROTECTED]> wrote:
On 10/8/06, SDamron <[EMAIL PROTECTED]> wrote:
> All traffic coming in through a tunnel is encrypted. The only way to
> limit this traffic is to terminate it and pass it through some kinda
> of other firewall, or IDS.
It is encrypted when it
the tunnel, yer screwed.
--Bill
On 10/8/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
On 10/8/06, Kristofer Kiik <[EMAIL PROTECTED]> wrote:
> On 10/8/06, SDamron <[EMAIL PROTECTED]> wrote:
> > All traffic coming in through a tunnel is encrypted. The only way to
> >
On 10/8/06, Kristofer Kiik <[EMAIL PROTECTED]> wrote:
> Filtering outbound from pfSense may protect your
> network, but leaves your firewall (and it's management interface) open
> to attack.
So to remedy leaving the management interface open to attack, you
decided to leave management interface A
On 10/9/06, Donald Pulsipher <[EMAIL PROTECTED]> wrote:
Can anyone recommend a decent cheap mini pci wireless G card that I can drop
into my soekris hardware that would be supported by pfSense ?
Wistron CM-9's work like a champ:
http://www.netgate.com/product_info.php?cPath=26_34&products_id=
There was a bug report on this in cvstrac that I replied to. But for
the benefit of the list do the following from the shell:
/etc/rc.conf_mount_rw
pw group add -n _ntp -g 123
pw user add -n _ntp -u 123 -g 123 -c 'NTP daemon' -d /var/empty -s /sbin/nologin
/etc/rc.conf_mount_ro
On 10/14/06, kel
Bingo, sounds like IPSec NAT Traversal to me. Any chance that can be
disabled on the Cisco side? I don't know anything about the Cisco
configs, but if you can disable it, there's a good chance this will
work.
--Bill
On 10/14/06, J. Ryan Earl <[EMAIL PROTECTED]> wrote:
No I haven't tried diffe
On 10/14/06, J. Ryan Earl <[EMAIL PROTECTED]> wrote:
Well, I'm trying to route between a 10.2.3.0/24 and 192.168.2.0/24
network... Is that not some part of this functionality? I mean, is
there any reason to not have the kernel support this?
Not the point of my question.
Here's my Cisco cryp
On 10/14/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
You can configure nat-traversal on the PIX with:
isakmp nat-traversal 20 (PIX OS 6.x)
crypto isakmp nat-traversal 20 (PIX OS 7.x)
Look for these lines and disable them. If the error still occurs, it
might help, recompiling
On 10/15/06, PlanAlpha <[EMAIL PROTECTED]> wrote:
1. I have pfsense installed on a cf card. I have installed the squid
package. Does the diskcaching from squid write to my cf card? (worried
about it killing my cf card)
Full install to CF card, not an embedded image I take it. Yes, squids
diskc
On 10/16/06, J. Ryan Earl <[EMAIL PROTECTED]> wrote:
Let me explain something here since I'm not making the problem clear.
The problem has -nothing- at all to do with the Cisco firewall. The
setsockopt errors occur -well before- any communication with the other
end-point of the VPN tunnel. Case
On 10/20/06, PlanAlpha <[EMAIL PROTECTED]> wrote:
I was checking out the rrd graphs after a reboot and was wondering if
this feature is going to kill my cf card since it's writting to it.
Can I turn this off? Should I not be running PFSense on a CF?
RRD writes to a ramdisk. We sync from ramdis
http://wiki.pfsense.com/wikka.php?wakka=BootOptions
On 10/20/06, Bastian Schern <[EMAIL PROTECTED]> wrote:
Hello everybody,
I have little trouble to install pfSense properly. My System will only
produce no IDE errors when I set the DMA mode to UDMA66.
#: atacontrol mode ad0 udma4
In which fil
You might try reinstalling the squid package. There was an ACL bug
that I just commited a fix for.
--Bill
On 10/23/06, Tim Roberts <[EMAIL PROTECTED]> wrote:
I see the acl allowed_subnets src 172.16.0.0/12 . no on the http_access
localnet. there is of course "http_access allow localhost"
Than
On 10/24/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
I run three intel dual cards in mine, total of six ports. I like Holger's
advice, too - I've always made it practice to match all the NICs in a system
whenever possible. Be careful that adding the fourth NIC isn't causing the
system to r
On 10/24/06, Robert Goley <[EMAIL PROTECTED]> wrote:
> Bus order is what changes the order here. It's certainly possible to
> have em0 be em1 after inserting another em card in the machine. Be
> thankful that BSD actually identifies the chipset here...I find it
> impossible to figure out wth h
On 10/24/06, Curtis Maurand <[EMAIL PROTECTED]> wrote:
On linux ifconfig will give you the MAC address. That should be unique
enough for you to figure out what is what.
True...assuming you know the mac of the nic. Straight up dmesg
showing that Intel nic 1 is eth0 and realcrap nic 1 is eth1
On 10/24/06, Sanjay Arora <[EMAIL PROTECTED]> wrote:
Hello all
I am a non-technical user and require load-sharing firewall gateway.
Presently I am using IPcop. I have just installed pfsense 1.0 RC2 on a
machine with 6 ethernet cards, to be installed as LAN, WAN, WAN2, DMZ
& WiFi Zone. Last card
On 10/25/06, Sanjay Arora <[EMAIL PROTECTED]> wrote:
> Doubtful, it'll make the interface much noiser for little benefit. If
> you are a network manager, you really need to understand the
> difference between how netmasks are displayed.
>
Actually, I feel that deployment should be tailored to av
Just a point of clarification...there may be a way to make it work in
the future, but at this time load balanced FTP doesn't work, it will
only use the primary WAN.
--Bill
On 10/25/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
loadbalancing ftp will not be supported. If you use the ftp helper wit
Port forward the ICMP and make sure you create a rule allowing it.
--Bill
On 10/26/06, Rudi Potgieter <[EMAIL PROTECTED]> wrote:
Hi
How do I allow ICMP protocol on a virtual IP setup on WAN interface? Port
forward works on the IP, but I cannot ping it, although I can ping the WAN
interf
On 10/26/06, Rudi Potgieter <[EMAIL PROTECTED]> wrote:
Port forward to which IP? There is a rule created on WAN that allow
ICMP traffic.
To whatever machine you want to ping that accurately reflects the
meaning of the virtual IP. It's your network, you decide.
--Bill
---
Do you have a rule on the LAN interface allowing the 192.168.152.0/24
network to talk to pfSense (let alone through it)?
--Bill
On 10/27/06, Justin Wilson <[EMAIL PROTECTED]> wrote:
Hi all.
We have the following network situation:
http://www.mtin.net/network.jpg
The laptop behind the router c
On 10/27/06, Justin Wilson <[EMAIL PROTECTED]> wrote:
I have tried a rule that says
Source 192.168.152.0/24
Destination: 192.168.128.0/22
Not sure, the only other real suggestion I have is double check the
rule and make sure it's passing ICMP (and whatever other protocols you
want). I think
Actually, if it doesn't exist, reinstall the package, this has been
fixed. squid.conf is dynamically generated on change or boot -
changing it by hand is a recipe for frustration.
--Bill
On 10/29/06, Emanuel Gonzalez <[EMAIL PROTECTED]> wrote:
Hi Tim,
I don't know if you solved your "Access d
On 10/30/06, Dimitri Rodis <[EMAIL PROTECTED]> wrote:
Hey guys--
Grats on release.
I noticed in the changelog the following:
"PF does not know about congestion flags, remove from shaper"
What does that mean?
It means we allowed an option on the front side that PF didn't
support. I caught it
On 10/30/06, Pierre Frisch <[EMAIL PROTECTED]> wrote:
Hi Bill,
Now that 1.0 is out what is the idea for moving to kernel 6.2? Any
idea of the time frame?
Could we find a solution to keep the interface numbering stable i.e.
when adding a NIC not have all interfaces renumbered? This is really
anno
On 10/30/06, Peter Curran <[EMAIL PROTECTED]> wrote:
> Be my guest, I don't plan on going through FreeBSD or Darwin driver
> code to figure out what Apple does or does not do behind the scenes.
> Frankly _all_ open source BSD's behave this way and it's of no
> interest to me to fix it.
>
Bill
I
On 10/30/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
D-link does this more than I change socks... Really do not recommend
their nics at all. I know they are nice and cheap and look attractive
but fight the urge and use a vendor that does not pull these dirty
tricks.
And they like changing ha
On 10/30/06, Peter Curran <[EMAIL PROTECTED]> wrote:
Scott
Neither!! I have deep admiration for you, bill, chris and colin. Not only
for what you have achieved but also for your ability to field some pretty
dumb questions on this list.
I think you SHOULD be less subtle and more upfront with d
You might find this useful if you want to build in a jail instead of a chroot:
http://www.pfsense.com/~billm/builder_jail.txt
It will make jail security somewhat less restrictive, so a dedicated
builder box is recommended (or not running any other jail on the box).
The original intent of the patc
Yep. Enable advanced outbound nat (instead of IPSec passthru), hit
save, delete the auto created rules, and apply.
--Bill
On 11/2/06, Jaye Mathisen <[EMAIL PROTECTED]> wrote:
Is there anyway to just disable the NAT portion, and keep all the cool
firewall management interface, and filtering,
On 11/4/06, Holger Bauer <[EMAIL PROTECTED]> wrote:
We know that it can run with less than 128 MB *IF* you don't push it too hard
and don't use too many features. However our official mininum specs will remain
128 MB RAM.
Holger
Unlike Microsoft, we publish minimum requirements that actually
On 11/5/06, Rob Terhaar <[EMAIL PROTECTED]> wrote:
I store my swapfile on a ram drive!
I certainly hope that's a joke, cause it's the daftest thing I've ever
heard otherwise!!! :)
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTE
On 11/7/06, Tommaso Di Donato <[EMAIL PROTECTED]> wrote:
On 11/6/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
> On 11/5/06, Rob Terhaar <[EMAIL PROTECTED]> wrote:
> > I store my swapfile on a ram drive!
>
> I certainly hope that's a joke, cause it
On 11/7/06, Rob Terhaar <[EMAIL PROTECTED]> wrote:
I know not everyone in the world understands jerky american sarcasm, so just
to clear things up... i was joking. :D
I don't think freebsd will even let you use a ramfs drive to store swap.
See now you've made a challenge ;-P I believe it will
I haven't yet chimed in too much on this thread. When I do, I'll
probably close the thread and start a new one that I can update the
first message in with what I'm planning on doing and what's impossible
and who has made pledges against the bounty.
For the record, the bounty was started for tran
On 11/8/06, Nathan Osborne <[EMAIL PROTECTED]> wrote:
Hi everyone,
I have a pretty basic VLAN question that I haven't been able to find the
answer to: Can pfSense do VLAN trunking? More specifically: I'm
installing a Metro Ethernet connection with pfSense boxes on each end. I
need to tag all
On 11/8/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
On 11/8/06, Craig FALCONER <[EMAIL PROTECTED]> wrote:
> From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> >On 11/8/06, Craig FALCONER <[EMAIL PROTECTED]> wrote:
> >> Should work - I've been playing with vlans and got it all working.
> >>
> >> The
You could try setting the following sysctl to 1:
net.inet.ip.redirect
This at the command line:
sysctl net.inet.ip.redirect=1
I think it's whats stopping pfsense from sending the redirects.
--Bill
On 11/13/06, Mitch Martin <[EMAIL PROTECTED]> wrote:
-Original Message-
From: Peter Al
On 11/13/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
On 11/13/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
> BTW: Although ICMP redirects are considered bad,
> it's a standard of TCP/IP we should honour.
You are not talking about:
# sysctl -a | grep icmp | grep redir
net.inet.icmp.drop_redire
This:
net.inet.icmp.drop_redirect
is NOT the same as:
net.inet.ip.redirect
According to http://people.freebsd.org/~hmp/utilities/satbl/sysctl-net.html
is for ISSUING redirects. Obviously with what you dug up it probably
would have been disabled anyway. But we default pfsense to not
issuing redi
On 11/14/06, Peter Allgeyer <[EMAIL PROTECTED]> wrote:
Am Montag, den 13.11.2006, 18:14 -0600 schrieb Bill Marquette:
> This:
> net.inet.icmp.drop_redirect
> is NOT the same as:
> net.inet.ip.redirect
Ah, my fault, sure you're right. I meant I've played with
net.inet
On 11/14/06, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I have come to learn that system_advanced.php version 1.183 onward
supports zero configuration if avahi is installed. But I could not find any
information on how to do that. To be specific:
1. How can I patch "system_advanced.php" to ve
On 11/14/06, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill,
1. I am confused. The pfsense_local.sh I am using is Revision 1.39. I can't
find any revision newer than this. Besides, even if I find it, you mentioned
that it will screw up the firewall, which I don't think I want to do so.
The b
On 11/14/06, levy16 <[EMAIL PROTECTED]> wrote:
Hi
Useing www interface... several times I get:
Fatal error: Unknown function: parse_config() in /etc/inc/config.inc on
line 198
after that.. i cant use tha interface.. the only solution is down the
router and start it again
did anyone has such an
Neither, it's hardcoded.
--Bill
On 11/17/06, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi,
If I create the web GUI SSL certificate before I activate the HTTPS,
connecting to the web GUI using https uses the SSL certificate I created.
However, if I activate web GUI HTTPS access without creatin
I'm sure it's the same issue.
--Bill
On 11/27/06, Chris Allen <[EMAIL PROTECTED]> wrote:
Hi guys,
It seems that setting the "modulate state" option rather than "keep
state" for TCP connections doesn't work across bridged interfaces in
pfSense (rel 1.0.1, filtering bridge). The packets never
When the IP cameras stop working, what's the state table size? It's
displayed on the initial status screen when you login to pfSense. If
it's closing on 10,000, you might want to raise the limit in
System->Advanced.
--Bill
On 11/27/06, Daniel Orcutt <[EMAIL PROTECTED]> wrote:
Hello,
I curren
Technically speaking you can IP alias on a single interface, but we
don't currently support that. I believe we (pfSense) only support 255
VHIDs (actually, I wouldn't be the least bit surprised if we blow up
long before that) total for the box (our own checks enforce that)
while carp could in theo
On 11/30/06, Mark Kane <[EMAIL PROTECTED]> wrote:
On Thu, Nov 30, 2006, at 14:16:57 -0500, Scott Ullrich wrote:
> Not sure what to tell you then. It works correctly in my case. Maybe
> you have entered the wrong ips?
I appreciate you trying to help. The IPs are definitely correct. The
VoIP ser
On 11/30/06, Mark Kane <[EMAIL PROTECTED]> wrote:
On Thu, Nov 30, 2006, at 15:49:46 -0600, Bill Marquette wrote:
> Code logic that takes advantage of the way pf uses ALTQ. I'm
> surprised your VOIP is making it into this queue at all as it's only
> ever used for empty
Are you using Adv. Outbound NAT? If so, double check your NAT rules
and make sure that you are NATing ICMP for WLAN.
--Bill
On 12/4/06, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
Hi !
I have a LAN and a WAN Interface and a WLAN Interface, too.
There are NO bridges.
I have assigned rules that a
On 12/4/06, Fuchs, Martin <[EMAIL PROTECTED]> wrote:
No outbound nat :-(
Any other hints ?
Can you ping from WLAN to LAN? If that works, then it could be a NAT
issue, if it doesn't work then I'm at a bit of a loss.
--Bill
-
Probably those machines had 192.168.125.65's mac address still cached.
Knowing what the MAC was, they didn't need to do an arp lookup for
their default gateway to send the traffic on. Expect those machines
to stop working before too long ;-P
--Bill
On 12/9/06, Jonathan Horne <[EMAIL PROTECTED]>
worked ok and others didn't might make an
interesting point of research for the curious. of course why anyone
would want to setup networks like that is beyond me but i've always been
curious how in the heck that worked at all...
Bill Marquette wrote:
> Probably those machines had 192.1
On 12/22/06, Josep Pujadas i Jubany <[EMAIL PROTECTED]> wrote:
> Why defragment pfSense ? This is not needed and FreeBSD ffs2 has
> near zero fragmentation... (this doesn't runs on M$ filesystems).
>
> /Xavier
If you are running embedded version in a Compact Flash the system file is
FAT.
Nope
On 1/1/07, Tim Martin <[EMAIL PROTECTED]> wrote:
I installed the latest squid package on 1.0.1 and on a later snapshot and
kept getting some kind of syntax error and PfSense wouldn't load the rules
for the opt1 interface. At first I thought it was because it was
incompatible with the traffic s
On 1/3/07, Tim Martin <[EMAIL PROTECTED]> wrote:
Excuse me for saying anything at all!
You're excused.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On 1/4/07, Holger Bauer <[EMAIL PROTECTED]> wrote:
Do you mean the pfSense itself has to go to the internet through a
proxy? This is not supported and there are no settings for it. The
package manager tries to access the package repository at pfsense.com
and is not able to utilize a proxy for tha
On 1/4/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
Actually, not entirely true :) If you feel like editing code, this is
a simple change.
/etc/inc/xmlrpc_client.inc around line 645 you should see:
/**
* The name of the proxy server to use, if any
* @var string
*/
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi,
Is the modified "globals.inc" file kept anywhere that can be downloaded? I tried
modifying the xmlrpc_client.inc file myself but keep getting an error when I
attempt to access the packages. A complete example would be appreciated. This
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Thanks alot Bill! I've tried the changes but I still get an error, although
different. I have no control over the proxy machine so I can't get much info
from that box to help me understand what doesn't work. I'm going to upgrade the
release
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
Hi,
The list of available packages gets displayed just fine, but the installation
procedure produces a regular error on all of the packages I've tried to
installed.
This is what kind of appear on screen :
Downloading package configuration
ne.
> Downloading nmap and its dependencies... done.
> Checking for successful package installation... failed!
>
> Installation aborted.
>
> Did you successfully install any of the packages?
>
>
> Cheers
>
> Joe
>
>
>
> Scrive Bill Marquette <[EMAIL PROTECTED]
On 1/5/07, Tim Dickson <[EMAIL PROTECTED]> wrote:
I'm not certain about the BSD users... (although it seems logical that
it would work)
I do know that a multiuser environment is being developed and tested and
eventually this will be a feature in PFSense. What release depends on
what bugs arise I
Looks like he's trying RELENG_6 not 6_1. That patch looks reasonable
(I think) Angelo.
--Bill
On 1/11/07, Scott Ullrich <[EMAIL PROTECTED]> wrote:
I believe you have a stale file somewhere. We are not patching
ip_input.c on RELENG_6_1.
Scott
On 1/11/07, Angelo Turetta <[EMAIL PROTECTED]>
On 1/12/07, Joseph Favia Jr. <[EMAIL PROTECTED]> wrote:
Is there any update on this issue? have you done any testing to see if
the packages get installed? All my attempts were unsuccessful.
Thanks
Joe
Nope. I know what the problem is though...when calling pkg_add -r we
need to set the http/
Looks like FreeBSD updated the package on 12/24. I'll commit a fix to
our package repository tonight. Thanks
--Bill
On 1/18/07, Jeremy Rempel <[EMAIL PROTECTED]> wrote:
It installed fine for me in the past, just in the last couple days the
installs failed. I removed the install files, tried
On 1/26/07, Wade Blackwell <[EMAIL PROTECTED]> wrote:
Good afternoon all,
Can PF can support blackholing by routing to /dev/null? It doesn't
look like the web configurator will let me do that magic, how would one go
about adding and deleting routes for that purpose?
Add a static route (Sy
what I expected). So I am sure that i could add an 8,000 line
route add to the rc.local script I was just wondering if there is a more
elegant way to do that. Thanks.
Wade B
On 1/27/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
>
> On 1/26/07, Wade Blackwell <[EMAIL PROTEC
On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
Has anyone thought of adding pfflowd to the embedded image. With some
hackery I have shoe horned it in. So far after running about a week I see
no increaed writes to the CF and thhe data appears to be coming across with
Makes sense, i
On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
On Jan 29, 2007, at 8:40 AM, Bill Marquette wrote:
> On 1/29/07, Ronald L. Rosson Jr. <[EMAIL PROTECTED]> wrote:
>> Has anyone thought of adding pfflowd to the embedded image. With some
>> hackery I hav
On 2/4/07, kevin hawkins <[EMAIL PROTECTED]> wrote:
I see where it replys back from 00:0f:35:46:d0:54 for both nics. I don't see
how that can be I have cable mod 1 pluged into nic one and modem 2 pluged
into nic 2
and switch plugged into nic 3 I have balencing between dc1 and x10
Same provider?
On 2/4/07, Chris Buechler <[EMAIL PROTECTED]> wrote:
Bill Marquette wrote:
>
> Same provider? I'd be willing to bet that both those modems are on
> the same layer 2 ethernet segment and using the same physical router
> with multiple IPs assigned to it's interface.
Is reflection enabled?
--Bill
On 2/4/07, kevin hawkins <[EMAIL PROTECTED]> wrote:
I still can not make it work. I am sitting behind it though that might be
the problem.
On 2/4/07, Holger Bauer < [EMAIL PROTECTED]> wrote:
> It uses 5500 for reverse connection, 5800 for the http serverapplet an
On 2/5/07, Darren Cockburn <[EMAIL PROTECTED]> wrote:
Hi,
Can someone assist me with allowing access back to the console?
And perhaps increasing the logging?
Using:
Version 1.0.1
built on Sun Oct 29 01:13:05 UTC 2006
PlatformpfSense
On the weekend the system went down. It's
On 2/5/07, Darren Cockburn <[EMAIL PROTECTED]> wrote:
Silly me,
Using /usr/sbin/clog shows log entries after the "crash" for ALL logs
(nothing before)
Is there anything I can turn on (newsyslog as an example) that would
keep a better history of events?
You probably want to syslog to a remote
On 2/6/07, Matt Cohen <[EMAIL PROTECTED]> wrote:
Topell.com
The Topell boxes are some nice units (surprisingly light for a rack
mount box too!). Front swappable CF card slot - makes for REALLY easy
upgrades (and rollback) :) I did give them some feedback on the box
which will hopefully help t
On 2/12/07, Vaughn L. Reid III <[EMAIL PROTECTED]> wrote:
I have posted a $400.00 USD bounty for implementing a logoff feature in
the fourms. Also, I have added a $100.00 USD bonus for the
implementation of a checkbox that will enable or disable https access
via the WAN interface.
Vaughn Reid I
On 2/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
I've got a question associated with multi-wan load balancing. I have 2
physical network interface connected to 2 different network. I have
configured it with Load Balancing. I monitored that behavior of the Load
Balancing and I realized that
On 2/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi Bill, thank you for the response. I did not create any specific rules
or NAT to support this. All I did was create a pool of 2 gateways. If I
have 2 outgoing sessions from 2 computers, is it supposed to put each
session on each Internet link
On 2/20/07, John Cianfarani <[EMAIL PROTECTED]> wrote:
Catching up on the list here and I saw this, that awesome work!
Curious does this mean we are any closer to doing NAT for traffic in/out of
a IPSec tunnel.
For some form of closer. Sadly, not really. IPSec policy takes
affect before filte
od work anyhow.
Thanks
John
-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED]
Sent: Monday, February 26, 2007 10:44 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] HEADS UP -- IPSEC Filtering now in recent
snapshots
On 2/20/07, John Cianfarani <[EMAIL PROTECTED]
On 2/28/07, Sloan Miller <[EMAIL PROTECTED]> wrote:
Users of Small Office and Home Office networks are quickly finding the
need for more advanced features such as VLAN's
These people are graduating from the basic Netgear and Linksys gear, and
needing the features of pfSense. pf docs are not clear
Will the switch send vlan 1 tagged or untagged? If it's tagged, just
create vlan1 on the pfsense box. If it's going to send it untagged
(most switches will for "native" vlans), then you'll need an IP on the
physical interface (I'm not entirely sure if we support that setup).
--Bill
On 2/22/07,
On 3/1/07, Eugen Leitl <[EMAIL PROTECTED]> wrote:
firewalls, so I could reconfigure the firewalls via the serial console (I used
minicom, which is in the Debian depository -- anyone knows anything more
basic?).
tip/cu? :)
Moral: networking is unsuitable for dumb people.
Ahahaha, yep :-P G
On 3/7/07, Odd Kåre Qvam Trøen <[EMAIL PROTECTED]> wrote:
Hi!
I've been using m0n0wall for several years, but now I've ported to
pfsense. The firewall is great, but now I'm stuck with a problem. I
cannot connect to an ftp that got high ports.
The initial login port is done on 21, and data ports
On 3/7/07, Odd Kåre Qvam Trøen <[EMAIL PROTECTED]> wrote:
I agree, but since the ftp service I connect to is setup by another
party I must use the settings they dictate. If I were the admin for the
ftpserver port 21 & 20 would be my pick also.
BTW, is this 1.0.1 or a snapshot build?
--Bill
-
On 3/10/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
I have a question regarding the function to "Disable Console Menu" I
realized that even if I activate this function (to disable console menu) in
the System/Advanced menu, I am still able to see the console menu via SSH
connection. Is this fun
On 3/12/07, Kelvin Chiang <[EMAIL PROTECTED]> wrote:
Hi, I have question that may be basic and stupid. What're the differences of
"Proxy ARP" and "Other" Virtual IP? As what I am aware, Virtual IP based on
Proxy ARP replies to ARP requests. Does it mean that "Other" does not? If it
does not, what
301 - 400 of 974 matches
Mail list logo