Re: DNS cache poisoning (solved)

On Thu, Jul 31, 2008 at 3:01 AM, Beat Siegenthaler
<beat.siegenthaler@...> wrote:
> A bit Off-Topic...
>
> You can find no Information about DNS-Cache Poisoning at ZyXEL's Website. As
> manufacturer of "NAT-Serializers" this is poor behavior.

Wow, indeed it is. I would suggest contacting them, I'm sure you won't
be the first. Maybe they'll get the point eventually...

> Not for old and probably not patchable Routers nor the Information that
> maybe newer Products can solve this issue.
>
> Does somebody know a consumer grade DSL-Router who does NAT with port
> randomization "out of the box"?

Not sure if my Westell does or not, I use the IP passthrough so my
firewall gets the public IP and would suggest you do the same if
possible. I do use its NAT for my dual WAN test network, but don't
really care what it does for that usage.

Re: cannot update firmware

--------------------------------------------------
From: "Chris Buechler" <cbuechler@...>
Sent: Thursday, July 31, 2008 6:12 PM
To: <support@...>
Subject: Re: [pfSense Support] cannot update firmware

> On Thu, Jul 31, 2008 at 9:38 AM, Sean Cavanaugh
> <millenia2000@...> wrote:
>> I have a 1.2-RELEASE setup that runs perfectly fine. I wanted to install
>> 1.2.1 on it to try it out
>> but I cannot get the system to upgrade the firmware at all. Thru the web
>> interface i get the usual
>> hoops about the file not being digitally signed but it takes it and goes 
>> on
>> its merry way of processing it.
>> I even get the pages all saying "An upgrade is currently in progress. The
>> firewall will reboot when the operation is complete."
>>
>> It will just sit there and never do anything more. I have also tried 
>> using
>> the upgrade thru the console which
>> gets me the following before dumping back to the main menu screen
>>
>> Broadcast Message from admin@...
>>         (/dev/ttyp0) at 6:01 EDT...
>>
>> Beginning pfSense upgrade.
>>
>> /etc/rc.firmware: Cannot fork: Resource temporarily unavailable

Re: pfSense 1.2-RELEASE: Performance Issue?

Bill Marquette wrote:
> Here's a suggestion somewhat out of left field.  What about MTU?  Any
> chance the provider changed it on you?  A machine right on the edge

good point. maybe Ted can check he's not blocking MTU path discovery, 
and/or drop his MTU to, say, 1400?

IPv6

Hello,

Are there any plans to improve the IPv6 support of pfSense?

Ihsan

--

-- 
ihsan@...		http://blog.dogan.ch/

Re: PF and UT not working

ram wrote:
>
>
> On Wed, Jul 30, 2008 at 7:03 PM, Curtis LaMasters 
> <curtislamasters@...
<mailto:curtislamasters@...>> wrote:
>
>     This may have been beaten to death now but if UT is truely in a
>     bridge mode, you shouldn't need an IP address on it except for
>     management.  If that is the case, I could change the IP of UT to
>     something in the private range and see if your issues clear up. 
>     What is your internet connection.  I am going to assume a cable or
>     DSL modem of some sort.  What may be happeing is your cable modem
>     sees the IP of your PF box and the MAC of your UT box and somehow
>     not getting the rest of the ARP information.
>
>  
>  
> Hi
>  
> yes as per the suggestion i have changed UT box IP to another range 
> for checking
> but still i get authentication success, and takes lot of time to 
> resolve domain, and lost the connection.
>  
> I have Dedicated Internet, and own DNS Server in my network.
> If i remove UT from network i can get all the things working perfect 
> with out any issue
>  
> but when i involve UT in bridge mode i am having this problem..

Re: IPv6

Ihsan Dogan wrote:
> Hello,
>
> Are there any plans to improve the IPv6 support of pfSense?
>
>
>
>
> Ihsan
>
Currently none of the developers has an IPv6 network with which to do 
testing.  There have been a number of queries on this subject, including 
a fairly long thread on this mailing list.  For further details, I'd 
encourage you to review the archives of this thread. 

WinSCP and Port 223 - SFTP

Re: IPv6

Am 1.8.2008 15:40 Uhr, Gary Buckmaster schrieb:

>> Are there any plans to improve the IPv6 support of pfSense?
>>
> Currently none of the developers has an IPv6 network with which to do 
> testing.  There have been a number of queries on this subject, including 
> a fairly long thread on this mailing list.  For further details, I'd 
> encourage you to review the archives of this thread.

Ok. Thanks for your reply.

Ihsan

--

-- 
ihsan@...		http://blog.dogan.ch/

Re: WinSCP and Port 223 - SFTP

On Sat, Aug 2, 2008 at 5:28 AM, Tortise <tortise@...> wrote:
> Hi
>
> When I run a connection thru pfSense (1.2 CF) almost immediately following
> successful connection WinSCP loses the connection with an "Server
> unexpectedly closed network connection" error message.  Happens with client
> LAN side and WAN side.

WAN side...as in, pfSense isn't in the path of the traffic anymore?

> Trying "FTP RFC 959 data port violation workaround" makes no difference.

SFTP has nothing to do with FTP.

--Bill

Re: WinSCP and Port 223 - SFTP

Thanks Bill

WAN side for me meant a Path of:

Client WinSCP ("WAN side") => Internet => pfSense / NAT => LAN Server

LAN side was indirect, however to me should still work and has done in the past

Client WinSCP on LAN  directed to pfSense WAN IP => NAT => LAN Server

Kind regards
David Hingston 

----- Original Message ----- 
From: "Bill Marquette" <bill.marquette@...>
To: <support@...>
Sent: Sunday, August 03, 2008 10:00 AM
Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP

On Sat, Aug 2, 2008 at 5:28 AM, Tortise <tortise@...> wrote:
> Hi
>
> When I run a connection thru pfSense (1.2 CF) almost immediately following
> successful connection WinSCP loses the connection with an "Server
> unexpectedly closed network connection" error message.  Happens with client
> LAN side and WAN side.

WAN side...as in, pfSense isn't in the path of the traffic anymore?
{Deleted}