On 10/12/11 2:23 am, Chris Buechler wrote:
Depends on your machine and cost of power. The 5 watts of an
ALIX/other embedded router vs. most PCs will save you roughly 80 watts
of power usage (some PCs will be quite a bit more, some less). That's
about 700 Kwh a year of power savings assuming 24/7
On 21/12/11 10:49 pm, Erik Anderson wrote:
After connecting the SSD to the 5501, the bootloader started just
fine, and it loaded the kernel, but failed when trying to mount the
root partition.
Appreciate this isn't really an answer to your original question, but is
there a reason why you don't
On 1/2/12 2:15 pm, Seth Mos wrote:
I am seeking a user(s) that has access to a 6RD IPv6 connection so we
can test our development 6RD code.
Out of curiosity (and this is more aimed at ISPs than end users), is
implementing the various IPv6 'workarounds' - for want of a better word
- actually a
On 3/2/12 4:56 pm, - Dickie Bradford - wrote:
Does anyone know why sticky connections do not work on https ?
Is it possible that although the url is the same, the IP address behind
it fluctuates. As I understand things, the 'sticky connections' option
is by IP (i.e. layer 3) rather than by ur
On 16/2/12 9:32 pm, bsd wrote:
Use the zabbix package and configure some checks in your conf file seems the
most straightforward way to answer your request.
I must admit the existence of this had completely passed me by.
What extra 'stuff' does it allow to be monitored/graphed over and above
On 19/3/12 11:54 pm, Moshe Katz wrote:
I have ICMP blanket allowed on both pfSense installations that I have (home
and work).
+1. We have an ICMP Echo blanket allow rule on all our pfSense
deployments (several dozen).
As others have indicated, it's a useful troubleshooting tool, and also a
On 20/3/12 3:09 am, Adam Thompson wrote:
(And, really, you can afford the labour to implement HA Exchange and all this
complexity, but you can’t afford to upgrade to a single Comcast or Verizon
business-grade connection??? Either you work for peanuts, or maybe someone in
your office can’t do
On 20/3/12 6:30 pm, Nachtfalke wrote:
For security issues you should think about "Tunneling IP traffic over ICMP". So
allowing ping top the world could be a risk but probably ping the GW/pfsense is not a big
problem.
http://en.wikipedia.org/wiki/ICMP_tunnel
I've only skim-read it, but doesn't
On 20/3/12 6:54 pm, Steven Anderson wrote:
2. I can for 10 dollars a month receive from Comcast 4 dynamic IP addresses on
my internet connection. While Verizon would cost me another 100 bucks a month
for business class connection. I would rather not make this a one show pony and
only be able t
Thanks for the list of stuff that works.
Out of curiosity - how are folks planning on doing multi-WAN load
balancing in the v6 world?
With NATed v4 it was simple: get public IP from each ISP, use that on
the WAN, then use RFC1918 addresses on the LAN, translating to each
ISP's public IP as r
Are there any plans to incorporate something like NAT64 (or another
4-to-6 translation method) to allow v6-only networks?
Kind regards,
Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.
On 23/4/12 1:40 pm, Jim Pingle wrote:
http://doc.pfsense.org/index.php/Multi-WAN_for_IPv6
Already have that covered... (and it works for me at my house).
Excellent! Thanks for the link.
I shall give it a try over the weekend (it's the one thing that's been
holding me back from a fully v6'd ne
Greetings list,
For many years I've been deploying pfSense on ALIX boards. They've
proven to be reliable and a good balance between cost and performance.
Price in the UK is about 120 GBP (including PSU and chassis), which
means that they're cost-comparable with Draytek's higher end units
(whi
On 8/6/12 6:12 pm, Tim Nelson wrote:
If you really don't need the throughput of an additional physical NIC, a VLAN
capable switch will give you as many 'ports' as you need. :)
That is in fact what I'm currently doing (with the HP 1700-8 switches).
But it's a two-box solution which, in some en
On 9/6/12 2:14 am, Dave Warren wrote:
So they're not horrible choices (Mine is running on a P4 right now), but
they're not my first choice. Still, the upfront cost for these beasts is
cheap, going newer enough to cut power may not be worth it.
I guess that depends how much you're paying for pow
On 26/6/12 9:23 am, Pim van Stam wrote:
For higher demands than a Alix can deliver we use Jetway MB's with a
daughterboard option, like the NC9C-550-LF and AD3INLANG
Links:
http://www.jetway.com.tw/jw/ipcboard_view.asp?productid=781&proname=NC9C-550-LF
http://www.jetway.com.tw/jw/ipcboard_view.a
On 26/6/12 8:46 pm, Paul Cockings wrote:
1. (broad question... beat me up if like..) Are microwave links
"hackable" and therefore I should consider some type of encryption on
that link
You should probably let the list have a bit more detail about the type
of links you're setting up - specific
On 26/6/12 10:09 pm, Jim Thompson wrote:
Why? I it's a satellite link. Likely Ku-band, but could be C-band, or even
something else.
Is it? You seem to have made an assumption that it's a satellite link.
There are plenty of point-to-point microwave links that don't go
anywhere near a satell
On 26/6/12 10:33 pm, Ian Bowers wrote:
Chances are it wont even be
close to fiber speed.
I'm not sure 'fibre speed' really exists (apart from light itself, of
course). Ultimately it's going to depend on the transceivers you have at
each end of the link. There are plenty of cases where you mig
On 1/7/12 4:47 pm, Eugen Leitl wrote:
Are there any JunOS features you consider killer that
are not in pfSense 2.1? What would be these features?
'JunOS' is a fairly vague comparison point - the JunOS feature set
supported by the big Juniper routers is somewhat different from that
supported b
On 2/7/12 2:31 pm, Jim Pingle wrote:
No, that'll never happen. Bloating the system is never the correct
answer.
+1. I couldn't agree more.
Kind regards,
Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsen
Greetings list,
In recent months I've done quite a few pfSense installs with 2.1. I've
tended to simply download the latest snapshot as and when I've needed to
image a new CF card (all our deployments are embedded).
However, in recent days - especially after seeing a post on here last
week a
On 8/8/12 5:15 pm, Moshe Katz wrote:
We do this at my office. We have 1-to-1 NAT for our public IPs to our
Servers. On WAN, we set a rule for "Allow ICMP from * to *". You may be
able to get by with a more-restrictive rule but this is the one we use.
We always allow ping responses from our p
Greetings list,
For my sins, I'm currently helping a residents' group set up wireless
broadband in a rural area. I estimate they could end up with around 750
'subscribers' who will want service.
I've never really used the PPPoE server in pfSense in anger - in the
past I've tended to use Linu
I've used PPTP without any difficulty connecting from Android devices to
pfSense in the past.
I'll leave others to discuss the relative security merits of each (but
yes, L2TP by itself will not encrypt).
Kind regards,
Chris
--
This email is made from 100% recycled electrons
_
On 26/9/12 12:35 pm, İhsan Doğan wrote:
As mentioned, I don't have any issues with built-in Via Rhine
interfaces. My problem is, that the Intel card on the PCI slot does not
work.
You need to ascertain whether it's the card or the slot that's the
problem. Try the card in a different machine (e
On 26/9/12 12:35 pm, İhsan Doğan wrote:
As mentioned, I don't have any issues with built-in Via Rhine
interfaces. My problem is, that the Intel card on the PCI slot does not
work.
You need to ascertain whether it's the card or the slot that's the
problem. Try the card in a different machine (e
On 31/10/12 12:17 pm, Pankaj Kumar wrote:
Hi, I have PfSense 2.0.1 installed with Multi WAN. today i figure out some
websites are not working on my LAN
please anybody can help me ?
You will probably find that certain sites don't like connections coming
from multiple different IP addresses - it
On 1/11/12 6:45 am, Vinod Nadiadwala wrote:
I would like to load balacing between PPPOE connection which is ISP1 and
Static IP connection which is ISP2, please guide me is it possible to do it
with pfsense, if yes tell me the procedure.
Yes, it's perfectly possible, and in the newer 2.x builds
On 6 Nov 2012, at 19:24, David Burgess wrote:
> With that in mind, can anybody recommend a CF card with good write speed and
> good reliability?
We've used a mix of Sandisk, Transcend and Kingston cards over the years. Of
those:
- nearly all the Kingston cards have failed sooner or later - so
On 20/11/12 2:53 pm, James Caldwell wrote:
Trying to figure out a good solution for monitoring users and building reports
to try and enforce acceptable use policies and procedures but I would really
like to avoid using any solution other than pfSense. Having asked around and
checked the forum
On 8/12/12 5:58 pm, David Burgess wrote:
Some CF cards are exceptionally slow to change from ro mount to rw.
Recent builds allow you to manually change this from the UI so that
you don't have to wait 40 seconds each time you make a config change.
You, sir, have my thanks.
I was going to reply
On 12/12/12 10:09 pm, David Burgess wrote:
Good news:
http://forum.pfsense.org/index.php/topic,48256.msg302923.html#msg302923
I haven't tried it myself yet.
A quick follow up on this. Having updated my home pfSense to the latest
2.1-beta1 snapshot this evening, I can confirm the long delay whe
On 21/12/12 11:31 pm, James Caldwell wrote:
I'm always a little leary of the 'beta' term. Once you guys stamp it as a
release quality build I'll move up to it no problem.
If you want v6 support, you don't get a lot of choice at the moment :-)
FWIW, I've been using 2.1 nightlies in production
On 5/1/13 5:16 pm, David Burgess wrote:
lulz. You noticed Hugo is in Canada, eh? To be fair, we can get up to 250
Mbps in a few urban centres, but 6/1 DSL is way more common by my
accounting.
Likewise here in the UK. Whilst there are some places with FTTC
(80Mbps/20Mbps) or cable (100/10), the
On 10/1/13 1:06 pm, Jürgen Echter wrote:
we just use NAT (Port Forwarding) to access the ports on our server.
Im really interested how others solve this kind of trouble??
Are you able to try putting the Asterisk box on a separate public IP and
use either 1:1 NAT or a bridged OPT interface to g
> I'm using 2.0.1-RELEASE, in a dual-WAN configuration with loadbalancing.
> Some websites that require a login apparently do not like that, as I'm
> constantly being asked to re-authenticate. Is there a way to make pfSense
> remember the pairs of source and destination IP, and only use the oth
On 19 Feb 2013, at 22:30, - Dickie Bradford - wrote:
> I had the same issue with https and constantly having to re-login, the way i
> worked around it was to force all https connections out the fastest wan link.
> Its not ideal , but it was the only way I found to address it.
This is usually
On 17/3/13 6:38 pm, Gerald Waugh wrote:
thanks for the response, I have ports set for '*' any
I moved this rule to the top of the rules list
TCP/UDP * * * * * none Internet to servers
Out of curiosity, have you tried protocol = * rather than just TCP/UDP?
Just a
Greetings list,
I have quite a few pfSense deployments out there with early builds of
2.1 snapshots. These are mostly running on ALIX embedded systems with 1
or 2GB compact flash cards.
Has anyone tried using the updater in the WebGUI on embedded systems?
I'd like to bring them up to date wi
How captured the bandwith total for months?
In my experience this sort of thing is best done on an external box with
something like Cacti via SNMP from pfSense.
This way you aren't at risk of losing your stats on the pfSense box if
you need to upgrade or reimage for whatever reason.
Kind r
On 24/4/13 1:28 pm, eyobe kebede wrote:
after along period of communication they give us new WAN ip 10.130.51.83
and and public ip of 197.156.75.54 how can I include the two ip addresses?
Is it just me or is this a *really* weird way of doing things? It's
almost as if your provider is doing so
Some ISPs that are particularly stingy with IPs and bad at routing have
been doing this.
I might be missing something, but it does seem like a pretty awful, and
at best very temporary 'solution' to IPv4 shortage.
I must admit if I were the OP, I'd probably be looking for a new DSL
provider.
On 24/4/13 7:05 pm, Mathieu Simon wrote:
Depends what you think about "high specs" many 1 GE ports or even 10 GE,
lots of cores etc?
This. You also have to decide whether you actually need "high specs" in
a router. There's little point in paying for multiple GigE or 10GE ports
if your interne
On 25/4/13 11:00 am, David Ross wrote:
http://store.netgate.com/Netgate-m1n1wall-2D3-2D13-Black-P216C83.aspx
No SSD. Runs off a 4GB CF Card.
Worth also adding this for folks who are in the UK (or for whom sourcing
stuff from the UK is cost effective):
http://linitx.com/product/13242
(similar
On 25/4/13 2:04 pm, Ugo Bellavance wrote:
I used a nagios plugin in the past that did a check on bandwidth use. It
didn't check the total data transfer like what you're asking, but it was
checking the % use of a link. I used to configure nagios so that it
warns me when my 15 mbps link was used a
On 25/4/13 4:20 pm, Odhiambo Washington wrote:
Whenever I am logged into my pfSense box via SSH, I always get logged
out within some time, even when I am running something. Where can I
change that timeout value?
I have pfSense SSH windows open at the moment which have been active for
several d
On 29/4/13 2:35 pm, j...@millican.us wrote:
I have a task to connect a number of small/home offices via VPN (OpenVPN
is preferred but could be IPSEC) to a central location that has a
pfSense box as its FW/Router. Does anyone have any recommendations
based on their personal experiences as to whic
On 29/4/13 5:11 pm, David Burgess wrote:
It could just be my own ignorance, but I have had little success trying to
connect a pair of pfsense firewalls via OpenVPN.
Really? I must admit it's always Just Worked for me (even going across
versions, e.g. 1.2 to 2.0). Far easier than trying to pers
On 8/5/13 7:41 pm, Marco wrote:
no IP configured
This would be your problem.
How can I make the pfsense box visible from the LAN side? Am I doing
something wrong or is this expected?
I suspect it's expected behaviour. If you want to use pfSense purely as
an access point, then you're probab
Greetings list,
One of our clients is currently building a property in the middle of
nowhere, and traditional (*DSL/cable/wireless) services aren't feasible,
which leaves the only option being satellite.
Unfortunately, satellite broadband services available to them only seem
to offer a dynam
On 23/5/13 4:38 pm, Vick Khera wrote:
As far as I know, there is no automatic way to have a "backup" IPsec
connection.
I wonder if the situation is any better with another 'type' of VPN -
i.e. OpenVPN?
I wonder if you could, for example, create two OpenVPN connections which
run at all times
On 23/5/13 4:50 pm, Vick Khera wrote:
Still, what happens if site 1 wan1 goes down, and site 2 wan 2 goes down?
I suppose theoretically you could have 4 VPNs:
1 - 1
1 - 2
2 - 1
2 - 2
Though the OSPF rules to do that would be... interesting, to say the
least :-)
Kind regards,
Chris
--
This
On 23/5/13 4:46 pm, master8...@aol.com wrote:
And I use Quagga OSPF to handle the routing/failover.
Shame it can't all be done on the pfSense box though. I seem to recall
there was an OSPF package in the dim and distant past, but I've no idea
if it's still being maintained...
Kind regards,
On 27/5/13 6:18 pm, Zach Underwood wrote:
network 216.105.159.0/24
network 216.105.158.0/24
network 216.105.157.0/24
network 216.105.128.0/24
network 216.105.135.0/24
network 216.105.136.0/23
network 216.105.141.0/24
network 216.105.143.0/24
network 216.105.144.0/22
network 216.105.153.0/24
netwo
On 28/5/13 12:13 am, Zach Underwood wrote:
Right now we have large blocks many /24 that are not in use at this
time.
You lucky person, you :-)
The rest of us are struggling to get assignments of new v4 space, so I
suspect you're sitting on a gold mine there...
We dont want to advertise tho
Greetings list,
Following the recent thread entitled 'dual ISP BGP', I am curious as to
how ready people using the OpenBGP package feel it is for use as a
datacentre router managing several full BGP feeds and IXPs/private peers).
One of our clients has traditionally used Quagga for this task,
On 28/5/13 9:06 pm, Adam Thompson wrote:
Interesting... I've had exactly the opposite experience.
If the Mikrotik forums are to be trusted, there are certainly quite a
few people who have run into problems running full tables on even their
high end Mikrotik platforms.
Despite Quagga's 'quir
On 29/5/13 9:39 am, Eugen Leitl wrote:
Which hardware are you using? If you're pushing 5 GBit/s you
might be running into hardware limitations. There was a thread
about it on nanog a week or two ago.
I'm quite impressed Mikrotik hardware is able to sustain 5Gbps with full
BGP tables from multi
On 30/9/13 7:56 am, Seth Mos wrote:
I finally bit the bullet and signed up for PI space with a ASN and
hopefully that's that.
Worth mentioning here that no more IPv4 PI ranges will be allocated - at
least not within RIPE jurisdiction (conservation rules kicked in when we
started on the last /
On 1 Oct 2013, at 14:31, Eugen Leitl wrote:
> But you're going to pay the annual fee. Or is PI
> for end user through sponsoring LIR possible without
> incurring annual costs?
I can't speak for other jurisdictions, but in RIPE-land, most LIRs charge
around 70GBP per annum to sponsor each alloca
I've deliberately stayed out of the political discussion, but interested in
this more technical discussion…
On 10 Oct 2013, at 14:50, Giles Coochey wrote:
> 2. Cipher Selection - we're not all cryptoanalysts, so statements like 'trust
> the math' don't always mean much to us, given the reports
Greetings list,
Does anyone know if it's possible to 'sync' alias lists across pfSense units?
I could probably knock something together in $scripting_language_du_jour to
backup each unit's config, update the alias list, then restore the new config
back to the device, but a) that would involve r
On 10 Oct 2013, at 15:25, Vick Khera wrote:
> The HA facility of pfSense will sync various configs. Look at the checkboxes
> to determine what gets synced to see if that is suitable for your need.
Is that not designed for multiple units at one site?
In this scenario, the client has units at dif
On 11/10/13 2:37 pm, Seth Mos wrote:
And which country would that be? I mean the Brittish MI4? tapped the
Belgian telecom network for over a year to listen into the EU politicians...
Who is this MI4 of whom you speak? :-)
In very broad terms, UK to USA equivalents would be as follows:
GCHQ =
On 24/10/13 5:30 pm, Thinker Rix wrote:
I want to have:
- full Gigabit wire speed between the DMZ and the LAN zone (i.e. 2x
Gigabit at max)
Would have thought you'd be fine here.
- full 450Mbps between the WLAN and pfsense
Even with 450Mbps *radios* I'd be amazed if you get more than ~80Mbp
On 25/10/13 12:02 am, Thinker Rix wrote:
Ok, I see. Does this change with a router that has a Gigabit-NIC to
connect with pfSense, or isn't that the bottle neck?
I've never encountered even a 100Mbps NIC being a wireless bottleneck at
2.4Ghz. The limitation is effective throughput through the
On 24/10/13 8:09 pm, Moshe Katz wrote:
This doesn't *exactly *help, but there's a thread from February 2012 on the
FreeBSD forums showing that a quad-core Xeon will easily route 800 Mbps
(100Mpps) with very low load averages.
It does, however, raise a very important point when dimensioning
net
On 24/10/13 7:31 pm, Adam Thompson wrote:
If I upgraded to a better-quality unit, or switched to licensed
spectrum, I could probably eliminate the variability and increase speed
simultaneously.
Indeed, we have Ubiquiti kit running point to point links in the 5Ghz
unlicensed spectrum (band C) o
On 3/11/13 3:27 pm, Peder Rovelstad wrote:
Just a quick question for anyone who cares to reply, something I can't
figure out. I have the default "LAN -> Any" rule active on the LAN
interface, but I often see block entries such as those attached, in this
case from my kid's iPad to Google. Other
On 6/11/13 7:11 am, Thinker Rix wrote:
Unfortunately the motherboards I plan to buy supports only the
above-mentioned CPUs.
- Pentium
- 4th generation core i3
- Xeon E3-1200 v3
If your board supports a Core i3, it is *very* unlikely that it won't
also support the i5 of the same generation (i.e
On 6/11/13 12:30 pm, Eugen Leitl wrote:
Anyone running pfSense on a HP Microserver G8?
I have - in the past - had it running on a G5 and a G6 if that's any help.
One of our clients is using it on a G7.
lspci on both mine show:
Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev
We recently relocated and are waiting to get our primary connection
installed, so in the mean time we're on a 3Mb/0.75Mb DSL line. However,
pfSense often shows 6Mb/s coming out of the LAN during a download.
Same problem here.
I am not seeing incorrect traffic graphs in 2.1, and I am using VLANs
On 7/11/13 1:42 pm, Vick Khera wrote:
Broadcom chips work pretty well with FreeBSD.
I have four HP 1U servers in the G5 generation which I find to be extremely
fast and reliable.
+1 (well, G6s in my case). Not had a problem with Intel or Broadcom
under either Linux or FreeBSD.
I generally tr
On 13/12/13 5:48 am, Walter Parker wrote:
What do I need to do to get the firewall to use the COMCASTGW for responses
to packets sent to the COMCAST interface?
Unless you're using advanced outbound NAT, this should happen automatically.
You said:
I have a rule on the Comcast interface the all
On 13/12/13 1:12 pm, Jim Pingle wrote:
* Don't use interface groups or multi-interface floating rules for WAN rule
I stand corrected. You learn something new every day :-)
As an aside, is there any way to 'fix' this? On a system with 4 or 5
WANs, the ability to define inbound rules that apply
Greetings list,
I've recently been working on a project in which Squid would be beneficial.
So I thought a good starting point would be to try installing one of the
pfSense Squid packages on my home pfSense, play around with the config,
etc. before setting it up for the project in question. I
On 28/1/14 4:41 pm, Brian Caouette wrote:
I'm running the 3.x over here with no problems. I haven't really noticed
much of a performance gain however. I've been reading up on tweaking the
settings but so far our hit rate has only been 1-2%.
Thanks - I'll give that a try.
In this context, it's
On 29/1/14 10:57 am, Brian Candler wrote:
My uplink is using PPPoE into a DSL router in bridged mode. The
connectivity is fine, but the MTU is 1492 and I would like to bump this
up to 1500 (assuming the router will take ethernet frames which are 1508
bytes).
I looked at this about a year ago wh
On 14/2/14 3:37 pm, Thinker Rix wrote:
I have had entered some domain names there in the past, which always
worked flawlessly.
Recently I changed ISP and since then the domain names are not resolved
anymore to IPs, so that the traffic using those aliases gets blocked by
the firewall.
When resolvi
On 14/2/14 4:48 pm, Thinker Rix wrote:
Any ideas what could be the problem?
Have you tried entering the DNS servers your ISP supplies via PPP or
DHCP (look on the Status -> Interfaces page, they should be listed on
there) manually on the General settings page, then disabling DNS via
PPP/DHCP
On 15/2/14 6:22 pm, Brian Caouette wrote:
I've been trying to use unbound with poor results. Currently it resolves
very very slowly. About 4 times longer then the default dns forwarder.
Once the site is found and loaded however browsing the site is
incredibly fast. Curious what might be the cause
Greetings list,
A few days ago I finally found time to upgrade my ageing pfSense 2.1-RC0
at home to 2.1 final. Since that upgrade I've noticed that pfSense
doesn't seem to be handling state killing on failed gateways very well.
A bit of background: I live in a rural location with poor broadba
On 1/3/14 2:37 am, Ryan Coleman wrote:
I just checked google and the “best” solution from a few versions ago is to
reserve the MAC IP to something out of range.
I’d like to find a “simple” way to do that for my customer. Is there a better
way to block a MAC?
At the risk of thinking outside th
On 11/3/14 6:48 pm, Justin Edmands wrote:
The current rules all read * for the Gateway. Do all of my current LAN,
OpenVPN, and IPSec rules need to be altered to include the Gateway as the
new Failover1 rule?
Those that rely on the WANs, yes. Rules to allow traffic to pass between
your VPNs and
On 20/3/14 7:14 pm, A Mohan Rao wrote:
I m using squid squid guard and light squid for user access websites
reporting with live but there is pfsense not read or show ftp server access
logs.
I also try as pfsense firewall client and to to any other ftp sites then
download files but in proxy filter
On 20/3/14 7:19 pm, A Mohan Rao wrote:
Ok thanks but if i need how i maintain ftp traffic logs.
Not really relevant to the question, I appreciate, but I can't think of
a good reason why you'd want to do that, unless of course you're running
the FTP server, in which case your FTP server should
On 20/3/14 7:22 pm, A Mohan Rao wrote:
Also i struggling to block https social networking sites like facebook etc
from last 1to 1.5 years. I used for block that domain through DNS
FORWARDER. But when user use open dns its working pls any idea its very
helpful for me.
You might find it easier to
On 20/3/14 8:42 pm, Rafael Akchurin wrote:
May be this will be of any help -
http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/
That approach does require that your users 'trust' the proxy and allow
the necessary certificates.
It's all well and good i
Greetings list,
I appreciate this is something of a blast from the past, but I'm hoping
some of you will still have 1.2 systems in use and might be able to shed
some light on this.
Recently, one of our clients sublet part of their building to another
company, and asked me to split their LAN
On 24 Mar 2014, at 19:19, A Mohan Rao wrote:
> I need to block whatsapp facebook etc android apps of pfsense users.
Given that you seem to want to block everything under the sun (though I still
don't understand why), how about doing it the other way round? Why not decide
what you *do* want you
On 27/3/14 8:17 pm, Walter Parker wrote:
That's what I would recommend. The VPN can serve as a second gateway to
protect the RDP from the outside world, so you could pitch this solution as
higher security method of network access.
This.
There seem to be lots of dictionary attacks against RDP s
On 28/3/14 4:03 pm, Walter Parker wrote:
I'd love it if there was simple solution, but I don't see one that would
compatible with today's internet. Much of the original design of the
internet was for a 1 to 1 mapping of IP addresses, rather than a 1 to many
mapping (which is why there is usually
On 2/4/14 9:17 pm, Thinker Rix wrote:
Unfortunately again only 3 NICs... and Realteks with bad performance.
I would love to see such a board one day with at least 4-8 NICs.
On that subject, we've recently been experimenting with these:
http://linitx.com/product/jetway-jbc373-intel-atom-d525-bar
On 13/4/14 4:25 pm, Adam Thompson wrote:
As to the "liberated" comment, let us know when you've figured out how
to make a completely open eReader that doesn't sell for >$1000.
Nexus 7 + fbreader (freely available)?
Opens all the usual suspects (pub, mobi, pdf, etc.)
If you don't mind one of th
On 14/4/14 5:11 pm, cbr wrote:
I don't believe you can completely disable IPv6 via webUI of pfSense
Perhaps the bigger question here is "why isn't the OP using v6?" :-)
Kind regards,
Chris
--
This email is made from 100% recycled electrons
___
List
The GS108T-200 is the one with a web-based config tool
Worth adding that you can pick up the HP 1700-8 for less than £60 these
days, now that it's been superceded by the 1810-x series switches.
Fairly intuitive web interface and talks SNMP too. Admittedly not
gigabit, but as a multi-WAN VLAN
On 23/4/14 4:46 pm, Vick Khera wrote:
I reconfigured them to use geom mirror instead, and everything has
been much better since. The FreeBSD kernel does a fine job managing
the mirror all by itself.
We have some DL160s with the same B110i controller running as Linux KVM
host machines, and like
On 29/4/14 7:40 pm, Vick Khera wrote:
I've now upgraded 3 separate ALIX boards to 2.1.2 (one from 2.1.0, the
other two from 2.0.1) with zero failures.
Perhaps try upgrade from the console menu. Just make sure that the
upgrade URL is configured correctly for the i386 version of pfsense.
Also wor
On 30/4/14 12:31 am, Ryan Coleman wrote:
4GB CF cards are pretty cheap these days - I would just buy one in the store
($20) or online ($10 or so) and image that, pop it in the firewall and import
your config.
Agreed, if the devices are suitably close to you. A bit more of a
problem if they'r
1 - 100 of 182 matches
Mail list logo
