Raleigh Guevarra | 1 Mar 06:17 2009
Picon

ISA to pfSense or Windows to FreeBSD - FQDN and DNS

Hi,

 

I am currently doing the migration from ISA to pfSense firewall and I have a webserver hosting different sites, when trying to duplicate the rules of ISA, I noticed  the FQDN of the sites was declared in the firewall rules of ISA (I was not the one who setup the ISA server).

 

What does this mean, FQDN in firewall rules?

Do I really have to declare the FQDN in pfSense, instead of just forward port 80 to the webserver?

All domains were set to our own NS servers (NS1 in W2k3 Active Directory, NS2 in Freebsd), is it safe and wise to use the pfSense gateway as the NS server to replace the current NS1 server?

 

As you noticed, my ultimate goal is to replace the current windows boxes to BSD boxes. Any ideas and info would be greatly appreciated... Thank you in advance.

 

Raleigh


Chris Buechler | 1 Mar 06:30 2009

Re: ISA to pfSense or Windows to FreeBSD - FQDN and DNS

On Sun, Mar 1, 2009 at 12:17 AM, Raleigh Guevarra <deathect@...> wrote:
> Hi,
>
>
>
> I am currently doing the migration from ISA to pfSense firewall and I have a
> webserver hosting different sites, when trying to duplicate the rules of
> ISA, I noticed  the FQDN of the sites was declared in the firewall rules of
> ISA (I was not the one who setup the ISA server).
>
>
>
> What does this mean, FQDN in firewall rules?
>

Depends on how and where they're defined in ISA. Sometimes it's a
substitute for IP address. ISA can also do reverse proxying and other
things, so it can also be a number of other possibilities. I suspect
it's probably just a substitute for an IP.

> Do I really have to declare the FQDN in pfSense, instead of just forward
> port 80 to the webserver?
>

You can't declare the FQDN in pfSense. You just forward port 80.

> All domains were set to our own NS servers (NS1 in W2k3 Active Directory,
> NS2 in Freebsd), is it safe and wise to use the pfSense gateway as the NS
> server to replace the current NS1 server?
>

Not unless you configure a domain forward for your AD domain,
otherwise you'll hose your AD. As long as you do that, you can use
pfSense for DNS.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Paul | 1 Mar 07:25 2009
Picon

Not all Virtual IP's working

We have a block ip address from our provider. The main ip for our 
network and its port forwarding works well. I created 2 more virtual 
ip's. The second set and its port forwarding work with out issue (port 
80) also that go to another server. The 3rd virtual ip I created 
partially works. SSH works. I then forwarded 80 with it and it does not 
work. I can pull up the webpage internally though. Now I do have port 80 
forwarded to different servers depending on the ip on the WAN port. What 
do I need to provide to see why its not working.

Thanks for you help

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Abdulrehman | 1 Mar 17:06 2009
Picon

Re: ISA to pfSense or Windows to FreeBSD - FQDN and DNS

No yo do not have to declare FQDN....and why you want to forward port 80 o webserver....if your webserver is live then you dont have to do port forwarding..

Regards
Abdulrehman

On Sun, Mar 1, 2009 at 10:17 AM, Raleigh Guevarra <deathect-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:

Hi,

 

I am currently doing the migration from ISA to pfSense firewall and I have a webserver hosting different sites, when trying to duplicate the rules of ISA, I noticed  the FQDN of the sites was declared in the firewall rules of ISA (I was not the one who setup the ISA server).

 

What does this mean, FQDN in firewall rules?

Do I really have to declare the FQDN in pfSense, instead of just forward port 80 to the webserver?

All domains were set to our own NS servers (NS1 in W2k3 Active Directory, NS2 in Freebsd), is it safe and wise to use the pfSense gateway as the NS server to replace the current NS1 server?

 

As you noticed, my ultimate goal is to replace the current windows boxes to BSD boxes. Any ideas and info would be greatly appreciated... Thank you in advance.

 

Raleigh


Sean Cavanaugh | 1 Mar 22:28 2009
Picon

Re: ISA to pfSense or Windows to FreeBSD - FQDN and DNS

im assuming the webserver is behind the firewall and he wants to allow people on the internet to be able to see it.

Sent: Sunday, March 01, 2009 11:06 AM
Subject: Re: [pfSense Support] ISA to pfSense or Windows to FreeBSD - FQDN and DNS

No yo do not have to declare FQDN....and why you want to forward port 80 o webserver....if your webserver is live then you dont have to do port forwarding..

Regards
Abdulrehman

On Sun, Mar 1, 2009 at 10:17 AM, Raleigh Guevarra <deathect-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:

Hi,

 

I am currently doing the migration from ISA to pfSense firewall and I have a webserver hosting different sites, when trying to duplicate the rules of ISA, I noticed  the FQDN of the sites was declared in the firewall rules of ISA (I was not the one who setup the ISA server).

 

What does this mean, FQDN in firewall rules?

Do I really have to declare the FQDN in pfSense, instead of just forward port 80 to the webserver?

All domains were set to our own NS servers (NS1 in W2k3 Active Directory, NS2 in Freebsd), is it safe and wise to use the pfSense gateway as the NS server to replace the current NS1 server?

 

As you noticed, my ultimate goal is to replace the current windows boxes to BSD boxes. Any ideas and info would be greatly appreciated... Thank you in advance.

 

Raleigh


Ho Sy Tan | 2 Mar 04:26 2009
Picon

Re: Simple Firewall that needs to allow VPN access to the network and a VLAN on the network.

I want to build a pfSense .iso to setup on my system from pfsense source ?  Who can help me with?
I try to follow the instructions in http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso but some errors was happening. Can anyone show me how to follow instructions this?

Ho Sy Tan | 2 Mar 06:19 2009
Picon

Something went wrong, check errors!


I try to follow the instructions in http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso but some errors was happening.
Error: "Something went wrong, check errors!. Log saved on /usr/obj.pfSensesrc/home/pfsense/freesbie2/.tmp_buildkernel
Can anyone show me how to follow instructions this?
--

______________________
Abdulrehman | 2 Mar 07:14 2009
Picon

Re: ISA to pfSense or Windows to FreeBSD - FQDN and DNS

Oh yes then he has to allow it from firewall...

Regards
Abdulrehman

On Mon, Mar 2, 2009 at 2:28 AM, Sean Cavanaugh <Millenia2000-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org> wrote:
im assuming the webserver is behind the firewall and he wants to allow people on the internet to be able to see it.

Sent: Sunday, March 01, 2009 11:06 AM
Subject: Re: [pfSense Support] ISA to pfSense or Windows to FreeBSD - FQDN and DNS

No yo do not have to declare FQDN....and why you want to forward port 80 o webserver....if your webserver is live then you dont have to do port forwarding..

Regards
Abdulrehman

On Sun, Mar 1, 2009 at 10:17 AM, Raleigh Guevarra <deathect-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:

Hi,

 

I am currently doing the migration from ISA to pfSense firewall and I have a webserver hosting different sites, when trying to duplicate the rules of ISA, I noticed  the FQDN of the sites was declared in the firewall rules of ISA (I was not the one who setup the ISA server).

 

What does this mean, FQDN in firewall rules?

Do I really have to declare the FQDN in pfSense, instead of just forward port 80 to the webserver?

All domains were set to our own NS servers (NS1 in W2k3 Active Directory, NS2 in Freebsd), is it safe and wise to use the pfSense gateway as the NS server to replace the current NS1 server?

 

As you noticed, my ultimate goal is to replace the current windows boxes to BSD boxes. Any ideas and info would be greatly appreciated... Thank you in advance.

 

Raleigh





Paul Mansfield | 2 Mar 11:23 2009

Re: Simple Firewall that needs to allow VPN access to the network and a VLAN on the network.

Chuck Mariotti wrote:
> I've always used the 10.x.x.x series... it's the least characters.... 10.10.9.9, etc...

RFC1918 says you should pick a *random* entry from one of the ranges, so
that if two organisations merge there's less chance or a numbering
collisions.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Abdulrehman | 2 Mar 11:32 2009
Picon

Re: Simple Firewall that needs to allow VPN access to the network and a VLAN on the network.

RFC is right...but it takes more of common sense than technicality..!

Regards
Abdulrehman

On Mon, Mar 2, 2009 at 3:23 PM, Paul Mansfield <it-admin-pfsense-s68hnM6uneIAvxtiuMwx3w@public.gmane.org> wrote:
Chuck Mariotti wrote:
> I've always used the 10.x.x.x series... it's the least characters.... 10.10.9.9, etc...

RFC1918 says you should pick a *random* entry from one of the ranges, so
that if two organisations merge there's less chance or a numbering
collisions.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org

Commercial support available - https://portal.pfsense.org





Gmane