allow access to certain ip's without going through traffic shaper

Re: allow access to certain ip's without going through traffic shaper

And related: Is it possible to make access to pfSense itself bypass the shaper?

I managed to effectively lock myself out of administrating a box by
setting the shaper limit a lot lower than the current bandwidth usage
on the network :(

Regards,
-Jeppe

On Tue, Mar 31, 2009 at 5:40 PM, Chris Flugstad <chris@...> wrote:
> I have a pfsense box/cap portal for a wifi hotspot, 1.2.2 and traffic shaper
> is on.  A client is trying to access a certain ip(ftp) but its getting hosed
> in the traffic shaper.  Most people dont use ftp so normally wouldnt care.
>
> what would be the best way to allow this ip, or person around the traffic
> shaper?
>
> Chris Flugstad
> Cascadelink
> 900 1st ave s, suite 201a
> seattle, wa 98134
> p: 206.774.3660 | f: 206.577.5066
> chris@...
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: support-unsubscribe@... For additional
> commands, e-mail: support-help@... Commercial support
available -
> https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

RE: Template to connect a Cisco router to PFSense using IPSec

I was just collaborating on this for the wiki, here is the link.
http://doc.pfsense.org/index.php/IPSec_between_pfSense_and_a_Cisco_PIX

-----Original Message-----
From: luismi [mailto:asturluismi@...]
Sent: Mon 3/30/2009 3:05 PM
To: support@...
Subject: [pfSense Support] Template to connect a Cisco router to PFSense using IPSec

Is there anyone here, in the list, with a template to configure a Cisco
router against a pfsense firewall using ipsec?

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Re: About Firewall Rules

I know about the firewall rules priority but.......................

I can't reject any package because  but when action's block it's pass and 
when action's reject it's block

--------------------------------------------------
From: "Jostein Elvaker Haande" <jehaande@...>
Sent: Tuesday, March 31, 2009 11:15 PM
To: <support@...>
Subject: Re: [pfSense Support] About Firewall Rules

> rakthum_r_Network&Telecom_IP#1 wrote:
>> I use pfsense 1.2.2 now. When I set firewall rules
>> when action's pass it's pass
>>
>> but when action's block it's pass   0___o'
>>
>> and when action's reject it's block  O . O''''''
>
> Remember that the firewall rules are matched from top to bottom. If a rule 
> is based early in the chain, the following rules will be disregarded 
> seeing as a matching rule was already found.
>
> -- 
> Yours sincerely Jostein Elvaker Haande aka tolecnal
> "A free society is a place where it is safe to be unpopular"
> - Adlai Stevenson
>
> http://tolecnal.net - tolecnal [at] tolecnal [dot] net
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
>
> Commercial support available - https://portal.pfsense.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Re: Template to connect a Cisco router to PFSense using IPSec

On Tue, Mar 31, 2009 at 10:43 PM, Borowicz, Paul
<PBorowicz@...> wrote:
> I was just collaborating on this for the wiki, here is the link.
> http://doc.pfsense.org/index.php/IPSec_between_pfSense_and_a_Cisco_PIX
>

He's running IOS though, which is different from PIX OS. (Luis is a
support customer who opened a ticket on this with more info)

I'm going to write instructions on IPsec with IOS tomorrow.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Re: AW: Firebox X series w/ 1.2 and 1.2.2 issue

I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single
watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any
information on my config if you'd like for testing/comparison.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

> -----Original Message-----
> From: Andrew Cotter [mailto:andrew.cotter@...] 
> Sent: Friday, March 20, 2009 12:35 PM
> To: support@...
> Subject: RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2
> issue
> 
> >Von: Dimitri Rodis [mailto:DimitriR@...] 
> >Gesendet: Freitag, 20. März 2009 18:27
> >An: support@...
> >Betreff: [pfSense Support] Firebox X series w/ 1.2 and 1.2.2 issue
> >
> >
> >	So, I have a pair of firebox x700 units that I have put new CF
> cards
> in. I have tried both 1.2-RELEASE and 1.2.2 (both embedded), >and
> both
> behave the same way.
> >	 
> >	On the serial console, I will see the following:
> >	re4: watchdog timeout
> >	re4: watchdog timeout
> >	....etc
> >	 
> >	If I change the LAN interface to re1, the same thing happens,
> except
> on the serial console I will see:
> >	re1: watchdog timeout
> >	re1: watchdog timeout
> >	...etc
> 
> 
> --------------------------------
> 
> I had a similar issue while I was working on a few X500/700 whatever
> boxes
> last week.  I know people suggest that various low end switches
> produce this
> error, but I had no switch in the mix.
> 
> I was going direct to a desktop and was getting it.  It was a home
> made
> looking cable.  As soon as I plugged in one of our prefab cables it
> went
> away.   Try and switch out the ethernet cable. 
> 
> Let us know.   I have 5 of these boxes in the corner of my office. 3
> of
> which I am planning on deploying in the next two weeks.
> 
> Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Re: AW: Firebox X series w/ 1.2 and 1.2.2 issue

On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson <tnelson@...> wrote:
> I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single
watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any
information on my config if you'd like for testing/comparison.
>

What version are you running on it?  1.2.3 snapshots as of this past
Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per recommendations
of the FreeBSD developer who maintains that code. It may not be an
issue with snapshots since Sunday.

Those who are seeing watchdog timeouts on re or rl cards should try a
1.2.3 snapshot.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Re: AW: Firebox X series w/ 1.2 and 1.2.2 issue

----- "Chris Buechler" <cmb@...> wrote:
> On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson <tnelson@...>
> wrote:
> > I've just acquired an X500 unit and after throwing boatloads of
> traffic through it, I haven't seen a single watchdog timeout. Two
> ports are connected to a switch and a third port to a workstation. I
> can send you any information on my config if you'd like for
> testing/comparison.
> >
> 
> What version are you running on it?  1.2.3 snapshots as of this past
> Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per
> recommendations
> of the FreeBSD developer who maintains that code. It may not be an
> issue with snapshots since Sunday.
> 
> Those who are seeing watchdog timeouts on re or rl cards should try a
> 1.2.3 snapshot.
> 
> ---------------------------------------------------------------------

D'oh! I performed my testing with (oddly enough) the latest 2.0-ALPHA-ALPHA snapshot. For some reason I
don't have the current 1.2.2 
available. Well, that makes my previous post a bit useless...

I'll certainly try on the newest 1.2.3 snapshots. I may be putting this unit into production for a personal
project and would like to have it most stable. 2.0 is rather impressive but I get the impression that it's
not ready for primetime yet... 

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

RE: AW: Firebox X series w/ 1.2 and 1.2.2 issue

What version are you currently running? I have seen watchdog timeouts with 1.2 and 1.2.2. I have 2 units in a
CARP cluster, and 5 of the interfaces are being used (2 WANs, although 1 of the WANs was not configured for
the test, 2 LANs, and 1 dedicated sync interface). I have made various modifications to
/boot/loader.conf which have reduced the watchdog timeouts, but they still show up. The behavior gets
really weird when I have both units operating in a cluster.. 

Anyway, I think it might show up when you use more than 2 interfaces. Initial testing with just a LAN/WAN
setup didn't appear to really have any issues.. then I added a second LAN and a dedicated sync interface for
CARP and threw it into production, and it lasted about 10 minutes before it melted down with watchdog timeouts.

Dimitri Rodis
Integrita Systems LLC 
http://www.integritasystems.com

-----Original Message-----
From: Tim Nelson [mailto:tnelson@...] 
Sent: Tuesday, March 31, 2009 8:38 PM
To: support@...
Subject: Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue

I've just acquired an X500 unit and after throwing boatloads of traffic through it, I haven't seen a single
watchdog timeout. Two ports are connected to a switch and a third port to a workstation. I can send you any
information on my config if you'd like for testing/comparison.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

> -----Original Message-----
> From: Andrew Cotter [mailto:andrew.cotter@...] 
> Sent: Friday, March 20, 2009 12:35 PM
> To: support@...
> Subject: RE: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2
> issue
> 
> >Von: Dimitri Rodis [mailto:DimitriR@...] 
> >Gesendet: Freitag, 20. März 2009 18:27
> >An: support@...
> >Betreff: [pfSense Support] Firebox X series w/ 1.2 and 1.2.2 issue
> >
> >
> >	So, I have a pair of firebox x700 units that I have put new CF
> cards
> in. I have tried both 1.2-RELEASE and 1.2.2 (both embedded), >and
> both
> behave the same way.
> >	 
> >	On the serial console, I will see the following:
> >	re4: watchdog timeout
> >	re4: watchdog timeout
> >	....etc
> >	 
> >	If I change the LAN interface to re1, the same thing happens,
> except
> on the serial console I will see:
> >	re1: watchdog timeout
> >	re1: watchdog timeout
> >	...etc
> 
> 
> --------------------------------
> 
> I had a similar issue while I was working on a few X500/700 whatever
> boxes
> last week.  I know people suggest that various low end switches
> produce this
> error, but I had no switch in the mix.
> 
> I was going direct to a desktop and was getting it.  It was a home
> made
> looking cable.  As soon as I plugged in one of our prefab cables it
> went
> away.   Try and switch out the ethernet cable. 
> 
> Let us know.   I have 5 of these boxes in the corner of my office. 3
> of
> which I am planning on deploying in the next two weeks.
> 
> Andrew

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

RE: AW: Firebox X series w/ 1.2 and 1.2.2 issue

Woohoo! Didn't know you guys got this put in.. I'll test tomorrow or
Thursday as time permits.

Dimitri Rodis
Integrita Systems LLC 
http://www.integritasystems.com

-----Original Message-----
From: cbuechler@...
[mailto:cbuechler@...] On Behalf Of Chris
Buechler
Sent: Tuesday, March 31, 2009 8:49 PM
To: support@...
Subject: Re: [pfSense Support] AW: Firebox X series w/ 1.2 and 1.2.2 issue

On Tue, Mar 31, 2009 at 11:37 PM, Tim Nelson <tnelson@...> wrote:
> I've just acquired an X500 unit and after throwing boatloads of traffic
through it, I haven't seen a single watchdog timeout. Two ports are
connected to a switch and a third port to a workstation. I can send you any
information on my config if you'd like for testing/comparison.
>

What version are you running on it?  1.2.3 snapshots as of this past
Sunday have re(4) and rl(4) from FreeBSD 8-CURRENT per recommendations
of the FreeBSD developer who maintains that code. It may not be an
issue with snapshots since Sunday.

Those who are seeing watchdog timeouts on re or rl cards should try a
1.2.3 snapshot.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org