pfSense Support List

Aarno Aukia | 1 Mar 2010 08:38

Picon

1.2.3: dnsmasq and mac os x 10.6 snow leopard

Hello,

I just found out my new mac os x 10.6 snow leopard machine seems to
have problems with DNS TTL 0, dnsmasqs default TTL for local entries
(http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps-dropping-dns.html#post912124).
Adding " --local-ttl 1" to the dnsmasq $args in /etc/inc/services.inc
(around line 634 on this 1.2.3-rc3 nanobsd) seems to work out the
issues, although I'll keep testing it for some more time...

-Aarno
--

-- 
Aarno Aukia
Atrila GmbH
Switzerland

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Hiren Joshi | 1 Mar 2010 11:24

RE: Slow TCP connection

I'm not hitting the max states (this is set to a high enough number) and
a tcp dump is impractical as this is not a consistent failure.

> -----Original Message-----
> From: Evgeny Yurchenko [mailto:evg.yurch@...] 
> Sent: 26 February 2010 14:44
> To: support@...
> Subject: Re: [pfSense Support] Slow TCP connection
> 
> Hiren Joshi wrote:
> > Hi,
> >
> > I'm running a load of performance tests and I've found that 
> one in every
> > 100 odd TCP connections takes a few seconds to make the 
> initial call.
> > Once the connection has been established things go quickly but the
> > initial connection sometimes hangs for a second or two.
> >
> > Can someone point me in the right direction as to what sort 
> of debugging
> > I can run or what logs to look at for this?
> >
> > Thanks,
> > Josh.
> > pfsense 1.2-RELEASE.
> >   
> Aren't you running into maximum number of states/
> Do you get tcpdump for this slow TCP connection initiation?
> Evgeny.

(Continue reading)

Scott Ullrich | 1 Mar 2010 15:45

Picon

Re: 1.2.3: dnsmasq and mac os x 10.6 snow leopard

On Mon, Mar 1, 2010 at 2:38 AM, Aarno Aukia <aarnoaukia@...> wrote:
> Hello,
>
> I just found out my new mac os x 10.6 snow leopard machine seems to
> have problems with DNS TTL 0, dnsmasqs default TTL for local entries
> (http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps-dropping-dns.html#post912124).
> Adding " --local-ttl 1" to the dnsmasq $args in /etc/inc/services.inc
> (around line 634 on this 1.2.3-rc3 nanobsd) seems to work out the
> issues, although I'll keep testing it for some more time...

That does not make any sense to me.  I have quite a number of Macs and
do not see this issue.

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Vick Khera | 1 Mar 2010 22:01

Re: 1.2.3: dnsmasq and mac os x 10.6 snow leopard

On Mon, Mar 1, 2010 at 9:45 AM, Scott Ullrich <sullrich@...> wrote:
> That does not make any sense to me.  I have quite a number of Macs and
> do not see this issue.
>

Ditto.  My entire home network is Macs (5 of them) and I never have
seen any issues with the dns on pfsense.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Mr. Kai Lan | 1 Mar 2010 22:07

Re: 1.2.3: dnsmasq and mac os x 10.6 snow leopard

Hi there, we have 3 mac, never have problem with pfsense, never seen the issue you mentioned. I think you
might have to carefully check everything in you network.

On 1 Mar 2010, at 21:01, Vick Khera wrote:

> On Mon, Mar 1, 2010 at 9:45 AM, Scott Ullrich <sullrich@...> wrote:
>> That does not make any sense to me.  I have quite a number of Macs and
>> do not see this issue.
>> 
> 
> Ditto.  My entire home network is Macs (5 of them) and I never have
> seen any issues with the dns on pfsense.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
> 
> Commercial support available - https://portal.pfsense.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Chris Buechler | 2 Mar 2010 00:12

Picon

Re: 1.2.3: dnsmasq and mac os x 10.6 snow leopard

On Mon, Mar 1, 2010 at 9:45 AM, Scott Ullrich <sullrich@...> wrote:
> On Mon, Mar 1, 2010 at 2:38 AM, Aarno Aukia <aarnoaukia@...> wrote:
>> Hello,
>>
>> I just found out my new mac os x 10.6 snow leopard machine seems to
>> have problems with DNS TTL 0, dnsmasqs default TTL for local entries
>> (http://www.mac-forums.com/forums/os-x-operating-system/164649-snow-leopard-keeps-dropping-dns.html#post912124).
>> Adding " --local-ttl 1" to the dnsmasq $args in /etc/inc/services.inc
>> (around line 634 on this 1.2.3-rc3 nanobsd) seems to work out the
>> issues, although I'll keep testing it for some more time...
>
> That does not make any sense to me.  I have quite a number of Macs and
> do not see this issue.
>

It's only for local entries, and I bet you (and most others) don't
resolve entries off the firewall's hosts file. A TTL 0 is a bit
unusual in that scenario, it should be safe to set it to 1 for
everything. I committed that change to 2.0.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Richard Johnson | 2 Mar 2010 03:13

<OpenVPN> Viscosity assigning wrong IP

I am using the viscosity client on a MacBook (running snow leopard) connecting to a pfsense box (v1.2.3).

For some strange reason, my viscosity client is assigning itself 172.16.101.6 (GW of 101.5) and the server
shows 101.2 assigned to client (GW of 101.1).

Has anyone else seen this before?

Thanks for any assistance that you can provide

Rich Johnson
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Chris Buechler | 2 Mar 2010 03:44

Picon

Re: <OpenVPN> Viscosity assigning wrong IP

On Mon, Mar 1, 2010 at 9:13 PM, Richard Johnson
<rich.johnson@...> wrote:
> I am using the viscosity client on a MacBook (running snow leopard) connecting to a pfsense box (v1.2.3).
>
> For some strange reason, my viscosity client is assigning itself 172.16.101.6 (GW of 101.5) and the
server shows 101.2 assigned to client (GW of 101.1).
>

Sounds like it's doing as it should, if you use a /24, the tun will
initially assign .1 and .2 to itself, and the first client connection
gets .6 with .5 as its gateway.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Chris Buechler | 2 Mar 2010 06:31

Picon

Re: Slow TCP connection

On Mon, Mar 1, 2010 at 5:24 AM, Hiren Joshi <josh@...> wrote:
> I'm not hitting the max states (this is set to a high enough number) and
> a tcp dump is impractical as this is not a consistent failure.
>

tcpdump is never impractical. :)  In fact it's really the only way
you're going to get any further with this. 1 in 100 or even 1 in 1000
isn't difficult to handle, just get the headers in the capture to keep
the size down, and the analysis tools in Wireshark make it easy to
pick out the problem without browsing through thousands of frames. Get
two simultaneous captures, one on LAN (or whatever internal interface)
and one on WAN.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

JASON JAMES | 2 Mar 2010 16:33

Picon

Picon

Squid + Content filtering

I know this has been asked several times and I have searched but came up
with no solid answers. We're running PFsense as our FW + Squid as a web
cache for a fairly large school district. We're migrating away from our
paid content filtering solution and are looking at Dans guardian. I
realize that there is no package for DG and probably will never be. What
we would like to do is run SQUID on one box and DG by itself on another.
Is this possible? We've purchased the PFSense handbook which is great btw
(thanks). There obviously isnt much information on this subject in it
however so we would greatly appreciate any information that anyone
currently has. 

Summary:

PFSense acting as Firewall + Web cache
Seperate server running Dans guardian for content filtering.

Squidguard is not really an option for us because there is no current way
to setup bypass accounts for specific users or integrate with AD. 

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org

Group

gmane.comp.security.firewalls.pfsense.support.

Project Web Page

pfSense Support List

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 14

Articles in period: 132

March 2010

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

HEADS UP: this mailing list has moved (8 Sep 2011)
Outbound port forward (6 Sep 2011)
STP on Redundant Transparent Firewalls (6 Sep 2011)
IPSEC client behind pfsense nat unable to make particular type traffic (6 Sep 2011)
Install NIC Atheros of mainboard (6 Sep 2011)
Install NIC (6 Sep 2011)
Squid VideoCache (3 Sep 2011)
Routing/NAT issue (2 Sep 2011)
Problem with forwarding between interfaces (2 Sep 2011)
Static ARP (1 Sep 2011)
PPTP "not working" after update on Tuesday (1 Sep 2011)
Block Website (1 Sep 2011)
suresh suresh wants to chat (1 Sep 2011)
Limiters (1 Sep 2011)
how to add the wifi (1 Sep 2011)
assign the bandwidth (1 Sep 2011)
how to block the bit torrent (1 Sep 2011)
Conectividade Social (31 Aug 2011)
DHCP Static Mapping - In Português (31 Aug 2011)
DHCP Static Mapping (31 Aug 2011)
ntop crashes (31 Aug 2011)

Archives

71	September 2011
281	August 2011
170	July 2011
180	June 2011
145	May 2011
116	April 2011
297	March 2011
147	February 2011
287	January 2011
240	December 2010
204	November 2010
232	October 2010
181	September 2010
243	August 2010
157	July 2010
233	June 2010
145	May 2010
233	April 2010
132	March 2010
199	February 2010
265	January 2010
362	December 2009
278	November 2009
325	October 2009
194	September 2009
384	August 2009
359	July 2009
269	June 2009
176	May 2009
251	April 2009
364	March 2009
274	February 2009
409	January 2009
205	December 2008
257	November 2008
362	October 2008
362	September 2008
189	August 2008
268	July 2008
237	June 2008
362	May 2008
282	April 2008
318	March 2008
273	February 2008
381	January 2008
234	December 2007
302	November 2007
278	October 2007
221	September 2007
242	August 2007
259	July 2007
237	June 2007
300	May 2007
279	April 2007
420	March 2007
310	February 2007
286	January 2007
240	December 2006
403	November 2006
367	October 2006
370	September 2006
320	August 2006
386	July 2006
502	June 2006
453	May 2006
418	April 2006
426	March 2006
363	February 2006
442	January 2006
407	December 2005
620	November 2005
1165	October 2005
668	September 2005
616	August 2005
299	July 2005
185	June 2005
102	May 2005
79	April 2005
23	March 2005

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template