Re: [pfSense Support] Next proxy for pfSense firewall
On 1/12/07, Joseph Favia Jr. <[EMAIL PROTECTED]> wrote: Is there any update on this issue? have you done any testing to see if the packages get installed? All my attempts were unsuccessful. Thanks Joe Nope. I know what the problem is though...when calling pkg_add -r we need to set the http/ftp_proxy variables. I've been somewhat busy with work so haven't had the time to mess with it yet. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Is there any update on this issue? have you done any testing to see if the packages get installed? All my attempts were unsuccessful. Thanks Joe Bill Marquette wrote: On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? lol, good point. I'll work on that in a bit. Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Joseph Favia Jr. Security Consultant - Managed Security Services Eunics spa Tel. Fisso: +390803855397 Tel. Mobile: +39 3486712036 Fax: +39 080 3855951x Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DLgs. 196/03 e collegate), questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. E' proibito leggere, copiare, usare o diffondere il contenuto della presente mail senza autorizzazione. Se avete ricevuto questo messaggio per errore, siete pregati di rispedire lo stesso al mittente. Grazie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
I'm not seeing that on my test install. You might make sure that the changes you made to xmlrpc_client.inc have been reverted. --Bill On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hello, Another side effect that I've been seeing is the following after applying any changes in the policy: Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pkg-utils.inc:908) in /usr/local/www/firewall_rules_edit.php on line 335 Any thoughts? Joe Scrive [EMAIL PROTECTED]: > Hi, > > The list of available packages gets displayed just fine, but the installation > procedure produces a regular error on all of the packages I've tried to > installed. > > This is what kind of appear on screen : > > Downloading package configuration file... done. > Saving updated package information... done. > Downloading nmap and its dependencies... done. > Checking for successful package installation... failed! > > Installation aborted. > > Did you successfully install any of the packages? > > > Cheers > > Joe > > > > Scrive Bill Marquette <[EMAIL PROTECTED]>: > > > On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Thanks alot Bill! I've tried the changes but I still get an error, > although > > > different. I have no control over the proxy machine so I can't get much > > info > > > from that box to help me understand what doesn't work. I'm going to > upgrade > > the > > > release of pfSense first and then try with both the production proxy and > > another > > > proxy that can be used for testing purposes, which I will be able to > access > > and > > > eventually modify. I'll try to produce some feedback. > > > > OK, think I fixed it. Pull down the files in > > http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested > > it at work, seems to be fine now. I'd like some feedback from people > > NOT running proxies on whether this change breaks packages for them or > > not. I'd like to MFC this today if possible so I can forget about it > > :) > > > > --Bill > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Hello, Another side effect that I've been seeing is the following after applying any changes in the policy: Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pkg-utils.inc:908) in /usr/local/www/firewall_rules_edit.php on line 335 Any thoughts? Joe Scrive [EMAIL PROTECTED]: > Hi, > > The list of available packages gets displayed just fine, but the installation > procedure produces a regular error on all of the packages I've tried to > installed. > > This is what kind of appear on screen : > > Downloading package configuration file... done. > Saving updated package information... done. > Downloading nmap and its dependencies... done. > Checking for successful package installation... failed! > > Installation aborted. > > Did you successfully install any of the packages? > > > Cheers > > Joe > > > > Scrive Bill Marquette <[EMAIL PROTECTED]>: > > > On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Thanks alot Bill! I've tried the changes but I still get an error, > although > > > different. I have no control over the proxy machine so I can't get much > > info > > > from that box to help me understand what doesn't work. I'm going to > upgrade > > the > > > release of pfSense first and then try with both the production proxy and > > another > > > proxy that can be used for testing purposes, which I will be able to > access > > and > > > eventually modify. I'll try to produce some feedback. > > > > OK, think I fixed it. Pull down the files in > > http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested > > it at work, seems to be fine now. I'd like some feedback from people > > NOT running proxies on whether this change breaks packages for them or > > not. I'd like to MFC this today if possible so I can forget about it > > :) > > > > --Bill > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? lol, good point. I'll work on that in a bit. Thanks --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Hi, The list of available packages gets displayed just fine, but the installation procedure produces a regular error on all of the packages I've tried to installed. This is what kind of appear on screen : Downloading package configuration file... done. Saving updated package information... done. Downloading nmap and its dependencies... done. Checking for successful package installation... failed! Installation aborted. Did you successfully install any of the packages? Cheers Joe Scrive Bill Marquette <[EMAIL PROTECTED]>: > On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Thanks alot Bill! I've tried the changes but I still get an error, although > > different. I have no control over the proxy machine so I can't get much > info > > from that box to help me understand what doesn't work. I'm going to upgrade > the > > release of pfSense first and then try with both the production proxy and > another > > proxy that can be used for testing purposes, which I will be able to access > and > > eventually modify. I'll try to produce some feedback. > > OK, think I fixed it. Pull down the files in > http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested > it at work, seems to be fine now. I'd like some feedback from people > NOT running proxies on whether this change breaks packages for them or > not. I'd like to MFC this today if possible so I can forget about it > :) > > --Bill > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Joseph Favia Jr. Security Consultant Tel. Fisso: 0803855397 Tel. Mobile: 3486712036 Fax: 0803855950 Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DLgs. 196/03 e collegate), questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. E' proibito leggere, copiare, usare o diffondere il contenuto della presente mail senza autorizzazione. Se avete ricevuto questo messaggio per errore, siete pregati di rispedire lo stesso al mittente. Grazie. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Thanks alot Bill! I've tried the changes but I still get an error, although different. I have no control over the proxy machine so I can't get much info from that box to help me understand what doesn't work. I'm going to upgrade the release of pfSense first and then try with both the production proxy and another proxy that can be used for testing purposes, which I will be able to access and eventually modify. I'll try to produce some feedback. OK, think I fixed it. Pull down the files in http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ again. I tested it at work, seems to be fine now. I'd like some feedback from people NOT running proxies on whether this change breaks packages for them or not. I'd like to MFC this today if possible so I can forget about it :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Thanks alot Bill! I've tried the changes but I still get an error, although different. I have no control over the proxy machine so I can't get much info from that box to help me understand what doesn't work. I'm going to upgrade the release of pfSense first and then try with both the production proxy and another proxy that can be used for testing purposes, which I will be able to access and eventually modify. I'll try to produce some feedback. Cheers, Joe Scrive Bill Marquette <[EMAIL PROTECTED]>: > On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi, > > > > Is the modified "globals.inc" file kept anywhere that can be downloaded? I > tried > > modifying the xmlrpc_client.inc file myself but keep getting an error when > I > > attempt to access the packages. A complete example would be appreciated. > This > > is the message in the system log : > > > > php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 > > I had to modify three files for this. I'm not 100% convinced it's > correct and has had zero testing. I commited it to get feedback > though as I'm not running a proxy. Until this is tested, I won't be > applying these changes to the RELENG_1 branch. But copy the three > files located at http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ > to /etc/inc on your pfSense install (I'd recommend upgrading to the > latest snapshot before doing this as these are the latest files out of > the RELENG_1 branch in CVS). Revert the changes you made to > xmlrpc_client.inc obviously :) Then edit /etc/inc/globals.inc and > fill in these variables appropriately: > > "xmlrpcproxy" => "", > "xmlrpcproxyport" => 0, > "xmlrpcproxyuser" => "", > "xmlrpcproxypass" => "", > > > xmlrpcproxy should be the IP or hostname of your HTTP proxy > xmlrpcproxyport should be the port to use > > The comments on this from xmlrpc_client.inc are: > * @param string $proxy the URL of the proxy server to use, if > any. > * If this parameter doesn't specify a > * protocol and $port is 443, ssl:// is > * assumed. > * @param integer $proxy_port a port for connecting to the remote > server. > * Defaults to 8080 for http:// connections > and > * 443 for https:// and ssl:// connections. > * @param string $proxy_user a user name for accessing the proxy server > * @param string $proxy_pass a password for accessing the proxy server > > > So you might need to play wwith the host a bit and use http:// and > ssl:// as needed. > > --Bill > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, Is the modified "globals.inc" file kept anywhere that can be downloaded? I tried modifying the xmlrpc_client.inc file myself but keep getting an error when I attempt to access the packages. A complete example would be appreciated. This is the message in the system log : php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 I had to modify three files for this. I'm not 100% convinced it's correct and has had zero testing. I commited it to get feedback though as I'm not running a proxy. Until this is tested, I won't be applying these changes to the RELENG_1 branch. But copy the three files located at http://www.pfsense.org/~billm/patches/XMLRPC_Proxy/ to /etc/inc on your pfSense install (I'd recommend upgrading to the latest snapshot before doing this as these are the latest files out of the RELENG_1 branch in CVS). Revert the changes you made to xmlrpc_client.inc obviously :) Then edit /etc/inc/globals.inc and fill in these variables appropriately: "xmlrpcproxy" => "", "xmlrpcproxyport" => 0, "xmlrpcproxyuser" => "", "xmlrpcproxypass" => "", xmlrpcproxy should be the IP or hostname of your HTTP proxy xmlrpcproxyport should be the port to use The comments on this from xmlrpc_client.inc are: * @param string $proxy the URL of the proxy server to use, if any. * If this parameter doesn't specify a * protocol and $port is 443, ssl:// is * assumed. * @param integer $proxy_port a port for connecting to the remote server. * Defaults to 8080 for http:// connections and * 443 for https:// and ssl:// connections. * @param string $proxy_user a user name for accessing the proxy server * @param string $proxy_pass a password for accessing the proxy server So you might need to play wwith the host a bit and use http:// and ssl:// as needed. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Next proxy for pfSense firewall
http://cvstrac.pfsense.com/chngview?cn=16046 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 04, 2007 4:47 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Next proxy for pfSense firewall > > Hi, > > Is the modified "globals.inc" file kept anywhere that can be > downloaded? I tried modifying the xmlrpc_client.inc file > myself but keep getting an error when I attempt to access the > packages. A complete example would be appreciated. This is > the message in the system log : > > php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 > > > Thanks > > joe > > > > > Scrive Bill Marquette <[EMAIL PROTECTED]>: > > > On 1/4/07, Bill Marquette <[EMAIL PROTECTED]> wrote: > > > Actually, not entirely true :) If you feel like editing > code, this > > > is a simple change. > > > > > > /etc/inc/xmlrpc_client.inc around line 645 you should see: > > > /** > > > * The name of the proxy server to use, if any > > > * @var string > > > */ > > > var $proxy = ''; > > > > > > Put your proxy server inside the single quotes. Read the next > > > couple of comment blocks for other settings. This > naturally won't > > > stay through an upgrade, but should get you running until > we have a > > > more configurable way to do it. For some reason I thought we > > > already did :-/ > > > > FWIW, I just commited the changes to move the configuration of this > > into /etc/inc/globals.inc. Still will require modification > after each > > upgrade, but that file is a tad smaller and if you are/were running > > CARP, means your rule sync will still work. > > > > --Bill > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
Hi, Is the modified "globals.inc" file kept anywhere that can be downloaded? I tried modifying the xmlrpc_client.inc file myself but keep getting an error when I attempt to access the packages. A complete example would be appreciated. This is the message in the system log : php: /pkg_mgr.php: XMLRPC communication error: Unknown error: 0 Thanks joe Scrive Bill Marquette <[EMAIL PROTECTED]>: > On 1/4/07, Bill Marquette <[EMAIL PROTECTED]> wrote: > > Actually, not entirely true :) If you feel like editing code, this is > > a simple change. > > > > /etc/inc/xmlrpc_client.inc around line 645 you should see: > > /** > > * The name of the proxy server to use, if any > > * @var string > > */ > > var $proxy = ''; > > > > Put your proxy server inside the single quotes. Read the next couple > > of comment blocks for other settings. This naturally won't stay > > through an upgrade, but should get you running until we have a more > > configurable way to do it. For some reason I thought we already did > > :-/ > > FWIW, I just commited the changes to move the configuration of this > into /etc/inc/globals.inc. Still will require modification after each > upgrade, but that file is a tad smaller and if you are/were running > CARP, means your rule sync will still work. > > --Bill > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, Bill Marquette <[EMAIL PROTECTED]> wrote: Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ FWIW, I just commited the changes to move the configuration of this into /etc/inc/globals.inc. Still will require modification after each upgrade, but that file is a tad smaller and if you are/were running CARP, means your rule sync will still work. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Next proxy for pfSense firewall
On 1/4/07, Holger Bauer <[EMAIL PROTECTED]> wrote: Do you mean the pfSense itself has to go to the internet through a proxy? This is not supported and there are no settings for it. The package manager tries to access the package repository at pfsense.com and is not able to utilize a proxy for that. Maybe you can setup rules at the proxy to allow only the pfsense transparently through or unproxied access? Actually, not entirely true :) If you feel like editing code, this is a simple change. /etc/inc/xmlrpc_client.inc around line 645 you should see: /** * The name of the proxy server to use, if any * @var string */ var $proxy = ''; Put your proxy server inside the single quotes. Read the next couple of comment blocks for other settings. This naturally won't stay through an upgrade, but should get you running until we have a more configurable way to do it. For some reason I thought we already did :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Next proxy for pfSense firewall
Do you mean the pfSense itself has to go to the internet through a proxy? This is not supported and there are no settings for it. The package manager tries to access the package repository at pfsense.com and is not able to utilize a proxy for that. Maybe you can setup rules at the proxy to allow only the pfsense transparently through or unproxied access? Holger > -Original Message- > From: Joseph Favia Jr. [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 04, 2007 10:58 AM > To: support@pfsense.com > Subject: [pfSense Support] Next proxy for pfSense firewall > > Hello, > > I'm setting up pfSense as a deparmental firewall within my > network in order to seperate a specific LAN from the rest of > the world. In order to access the Internet by means of HTTP > or FTP protocols I must refer my browser to a proxy server. > When I try to download any packages (CVS) the browser just > times out and I don't get any pages served up. I think I need > a "next proxy" to be set in order for the pfSense machine to > access the Internet through the proxy, but I haven't found > any setting of this type anywhere in the web interface. Does > such a parameter exist? must it be set manually in a > configuration file? > > Thanks in advance for any help > > Joe > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For > additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
