headers
Chris Buechler | 8 Sep 2011 09:59
Picon

HEADS UP: this mailing list has moved

The mailing list has moved to list@... This list server
is being decommissioned. Your email address on this list has been
subscribed to the new list, and you will receive a welcome message on
that list shortly.

The old support <at>  and discussion <at>  emails will bounce. Feel free to
continue existing threads, but you'll have to change the to address to
list@...

Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Arquivos | 6 Sep 2011 21:08
Picon

Outbound port forward

Hi all.

I have a pfSense 2.0 box with 1 LAN and two WAN´s; Actually i´m facing a
problem: 
i need to forward all the requests going out by the port 53 (DNS) to a
single external DNS server, in dispite off the DNS configured in the
clients. Can someone help me in that? 

Danilo

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 5 comments |
headers
Austin G. Smith | 6 Sep 2011 20:09

STP on Redundant Transparent Firewalls

Greetings-

 

We have 2 pfsense machines that are bridged on different vlans operating as a transparent firewall.  These machines are setup for CARP replication to each other, which is verified functioning.  However, for somereason, the STP is not quite functioning on the secondary PBX.  We have to keep one of the interfaces down, or we get in a loop situation. 

 

Has anyone experienced this behavior that can advise a work around?  What are we missing here?

 

Thank you-

 

Austin Smith, A+, NET+, SMBE, MCSA
Director of Information Techology
Digital Compass
 
(404) 410-2708 direct
(404) 410-2701 fax
949 W. Marietta Street, Suite x104
Atlanta, GA 30318
 
**For immediate assistance please contact our technical team at 888-640-2260**
Permalink | Reply | 1 comment |
headers
Giacomo Di Ciocco | 6 Sep 2011 17:37

IPSEC client behind pfsense nat unable to make particular type traffic

Hello Everyone,
I had two guests using IPSEC VPN unable to connect to their exchange 
servers while connected to their company VPN, when using the old router, 
a linux machine doing outbound NAT, they were not experiencing this; one 
of these guests experiences such problem also from its home ADSL link.

Apart from the protocol specific problem mentioned above their VPN is 
working fine.

I'm asking you because I cannot figure how there can be different 
behaviours for the "same" type of traffic (it is encrypted!).

I'm using AON with lan->wan rule for port 500 and after that i have a 
global lan->wan rule.

Thank you,
Giacomo.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Ivanildo Galvão - IT Services | 6 Sep 2011 17:12
Picon

Install NIC Atheros of mainboard

xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

 

Good afternoon, how do I recognize the pfSense an onboard NIC ? Is there any command or some way for him to download the driver from the internet via shell?
The card in question is Atheros AR8158 - 10/100 Controller, the offboard Realtekhas been recognized and is usually configured as a WAN, the need to enable Atheros to be onboard LAN.

 

 

Sds,

 

 

 

Ivanildo Galvão - MCP, MCT, MCSA, VSP

Consultor de Tecnologia

Tel. (84) 3201 2146                 | Cel. (84) 9111 8873

ivanildo-8vsvu/pafSijyxCuvWNt+1AUjnlXr6A1@public.gmane.org    | www.itservices.com.br

Twitter: <at> ivanildogalvao

  

 

 

 

 

 

Permalink | Reply | 2 comments |
headers
Ivanildo Galvão - IT Services | 6 Sep 2011 14:37
Picon

Install NIC

Good afternoon, how do I recognize the pfSense an onboard NIC ? Is there any command or some way for him to download the driver from the internet via shell?
The card in question is Atheros AR8158 - 10/100 Controller, the offboard Realtekhas been recognized and is usually configured as a WAN, the need to enable Atheros to be onboard LAN.

 

 

Sds,

 

 

Ivanildo Galvão - MCP, MCT, MCSA, VSP

Consultor de Tecnologia

Tel. (84) 3201 2146                 | Cel. (84) 9111 8873

ivanildo-8vsvu/pafSijyxCuvWNt+1AUjnlXr6A1@public.gmane.org    | www.itservices.com.br

Twitter: <at> ivanildogalvao

  

 

 

 

 

 

Permalink | Reply | 0 comments |
headers
Glenn Kelley | 3 Sep 2011 00:36

Squid VideoCache

I am now running a 2.0 Snapshot (latest) and loving what the team has done with 2.0.x 
Amazing! 

My question today rests around the Squid VideoCache instructions located here: http://doc.pfsense.org/index.php/Setup_VideoCache_with_Squid#Install_VideoCache 

At present many of the instruction sets on the system appear to be for the 1.2.x release - 
Are these instructions still good to follow for the 2.0.x release? 

(appear they may work - but figured it would be best to ask) 

Thank you

Glenn

Permalink | Reply | 1 comment |
headers
Giacomo Di Ciocco | 2 Sep 2011 17:17

Routing/NAT issue

Hello everyone,
please consider this scenario: http://www.deffie.it/garbage/theproblem.png

Servers are reaching the internet from their public IP in the /26 and 
they have PFSense /26 IP as their default route, this is ok.

Users from LAN are reaching the internet with the PFSense IP in the /30 
but it is not conceptually correct, how can make services and LANs to 
reach the internet from the /26 address assigned to pfsense ?

Thank you,
Giacomo.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 2 comments |
headers
Ray | 2 Sep 2011 13:09

Problem with forwarding between interfaces

 Hi,

 I've set up 2.0r3 on an ALIX2D13 box. Largely things work fine, but I 
 have a routing issue that I can't get my head around. I'll quickly 
 describe my setup first and then explain the problem I'm facing:

 The ALIX2D13 has 3 Ethernet interfaces. I use the first (vr0) as WAN 
 connection with DHCP. Works fine.

 The second Ethernet interface has a static private IP and serves as my 
 backdoor into the box when I screw up things on the other interfaces. 
 Also works fine.

 The ALIX has a Wifi card built in that runs as access point. This 
 access point, am openVPN tap client interface and the third Ethernet 
 interface are all part of a bridge (br0). Via VPN, the bridge gets an IP 
 assigned using a DHCP Server at the other end of the VPN tunnel in a 
 data center. Works also.

 When I connect to the WIFI access point provided by the ALIX box, the 
 client box contacts the DHCP server at the far end of the VPN tunnel for 
 an IP address. This also works. Part of the DHCP-provided information is 
 the gateway to be used by the client, which is set as the IP of the 
 bridge interface in the ALIX box. Here the problem comes in: the 
 Internet-bound traffic arrives at the ALIX, and my hope would be that it 
 is routed out directly via the WAN interface. However, it somehow 
 disappears there or hits some kind of wall. I should say that in the 
 advanced setting of pfSense I completely turned off packet filtering for 
 the moment, so that the firewall is not the problem.

 From Linux, I know that IP forwarding can be enabled with echo "1 > 
 /proc/sys/net/ipv4/ip_forward". I assume, FreeBSD is doing this in some 
 similar way? Is this feature enabled by default in pfSense? if not, 
 could that be the problem?

 Are there any diagnostic dumps I could add to provide more detailed 
 info?

 I would really appreciate a hint or two...

 Thanks,
 Ray

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Ivanildo Galvão - IT Services | 1 Sep 2011 22:19
Picon

Static ARP

xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

What does this function in pfSense DHCP?

 

 

Enable Static ARP entries

 

Note: Only the machines listed below will be able to communicate with the firewall on this NIC.

 

 

Sds,

 

 

Ivanildo Galvão - MCP, MCT, MCSA, VSP

Consultor de Tecnologia

Tel. (84) 3201 2146                 | Cel. (84) 9111 8873

ivanildo-8vsvu/pafSijyxCuvWNt+1AUjnlXr6A1@public.gmane.org    | www.itservices.com.br

Twitter: <at> ivanildogalvao

  

 

 

 

 

 

De: Ian Bowers [mailto:iggdawg-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
Enviada em: quinta-feira, 1 de setembro de 2011 14:04
Para: support-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
Assunto: Re: [pfSense Support] how to block the bit torrent

 

if you use any technology to classify and/or block bit torrent at layer 4, all someone has to do is change their source port to something different, or proxy the connection so the destination port is different.  Or if you're particularly unlucky, they might use VPN to mask it.  

 

This is why you cannot depend on a fire-and-forget solution to do all the blocking for you.  it's better to identify the offending traffic, save some pcaps to show what the user was doing, then deal with the user themselves face to face or over email.  Notify them that their activity is a breach of security policy. 

 

What is reading have you done on traffic shaping, packet filtering, IDS, etc?  No offense, but I think you may lack some fundamental understanding of the technologies involved.  Please take that as an observation only, I'm not talking down to you.  You've asked a number of very basic questions today, so I'm trying to get a good handle of where you're at.  

 

 

Regards,

- Ian

 

 

On Thu, Sep 1, 2011 at 11:49 AM, suresh suresh <suresh.notionink-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

suppose i block through the traffic shapers means what will happen

if user changes bit torrent port in his/her machine only he/her download torrent or bit torrent automatically changes the port number start downloading.please help me.

Thank you,

Regards,
Suresh

 

On Thu, Sep 1, 2011 at 9:06 PM, Ian Bowers <iggdawg-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

savvy users will use a different port.  if your goal is to say "we block bit torrent", this shouldnt matter.  if your goal is to actually block bit torrent or successfully enforce security policy, this may not be sufficient.

 

On Thu, Sep 1, 2011 at 11:32 AM, suresh suresh <suresh.notionink-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

if we disable the bit torrent using traffic shapers.. bit torrent will be block or what will happen.please help me

Thank you,

Regards,
Suresh

 

On Thu, Sep 1, 2011 at 8:44 PM, Ian Bowers <iggdawg-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

pfsense is the freebsd, so one way or another you can install the snort.  there is a pfsense package for it though for easy installation and maintenance.  you may want to google IDS and how to tune it before deploying it.  IDS isn't something you want to walk into blind.

 

On Thu, Sep 1, 2011 at 11:04 AM, suresh suresh <suresh.notionink-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

we can install the snort in pfsense 1.2.3?

 

On Thu, Sep 1, 2011 at 8:13 PM, Ian Bowers <iggdawg-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

You won't find much success in trying to block bittorrent with a firewall.  Your best bet is to use IDS (eg: snort) or another sort of categorization software or appliance to identify who is using bittorrent and deal with them at layer 8 via company security policy.  Torrenting is one place where you simply cannot deploy a fire-and-forget solution and hope for it to actually work.

 

Regards,

-Ian

 

On Thu, Sep 1, 2011 at 9:38 AM, suresh suresh <suresh.notionink-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:

Hi All,

 

how to block the bit torrent in my nlan network.. and how to block the websites,and how to block the websites except some lan connection. please help me.

 

Thank you,

 

Regards,

suresh

 

 

 

 

 

 

 

Permalink | Reply | 10 comments |
headers
Vick Khera | 1 Sep 2011 19:31

PPTP "not working" after update on Tuesday

Office firewall has been running 2.0-RC2 from some time in May.  PPTP
was working fine and dandy from iOS devices.  Just click the vpn on
and off you went.

Yesterday I updated the firewall to the latest snapshot of RC3 (Aug 30
18:45:48).  Since this time, after the PPTP connect succeeds.  The
pfSense logs show full success and assignment of the IP address to the
client, yet no traffic will pass.

The only two "tools" to test on the iOS device are mail and the
browser, and neither makes a connection to the server inside the
office.

The PPTP firewall filter tab has the "allow" rule.  No other changes
were made to the configuration other than running the upgrade.

If I ping back from the inside host to the assigned IP, it replies
"sendto: Host is down" *immediately*.  Normally pinging a dead IP
takes a while before it responds with that.

Anyone else observing this?  What else can I poke around to find
exactly where it fails?

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 3 comments |

Gmane