Re: [pfSense] [liberationtech] NSA Laughs at PCs, Prefers Hacking Routers and Switches

2013-09-04 Thread Walter Parker
I'd suggest installing pfSense at a home location for benefits that pfSense provides. The ability for you to see what is going on on your network is much greater than with any of the consumer routers. If you get a little Netgate SBC, you can have a ofSense router with the same size and power specs

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
The big problem with asking the question "Has the NSA required you to add a back door?" is that no small company that wants to say in business can or will say yes (If they do, no one will trust/use the product unless forced themselves). The company will agree/be forced to say no. How does one tell

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
About that made in the USA thing, the NSA has deals with overseas companies as well... Plus, the GCHQ and several other foreign spy agency's have done similar things, so if you starting asking, you discover that the major governments are trying to do this and have succeed more often than we would

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
To answer your question about throwing the first stone. Your question reads a bit like the "Are you a criminal/commie?" questions. Many people would object to the question at the start because it implies that the people being asked the question has done something wrong. Watching the reactions to po

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
Also, per the founder's statements, this was not the first request. He had "helped" the government with requests for information about other users in the past... See the latest Wired/Ars Tech write ups for what was different this time. Walter On Wed, Oct 9, 2013 at 1:16 PM, David Ross wrote:

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
wife yet?" and tell me if you would be upset if someone asked you that question. Walter On Wed, Oct 9, 2013 at 1:26 PM, Thinker Rix wrote: > Hi Walter, > > > On 2013-10-09 21:53, Walter Parker wrote: > >> To answer your question about throwing the first stone. Your qu

Re: [pfSense] NSA: Is pfSense infiltrated by "big brother" NSA or others?

2013-10-09 Thread Walter Parker
gards, Pim > > > On 9 okt. 2013, at 22:26, Thinker Rix wrote: > > > Hi Walter, > > > > On 2013-10-09 21:53, Walter Parker wrote: > >> To answer your question about throwing the first stone. Your question > reads a bit like the "Are you a criminal/commie?&

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

2013-10-09 Thread Walter Parker
There is an issue with doing NanoBSD (the embedded image) upgrades from 2.0.X to 2.1 that can cause /var to fill up. The fallout effect of this causes the interfaces to not come up. If you search the mailing list archives you will see that it has hit other people and that workarounds are required t

Re: [pfSense] naive suggestion: conform to US laws

2013-10-11 Thread Walter Parker
As I see it, there are are two things that can happen here 1) NSA breaks into pfSense without knowledge of the staff => The only solution is source code and binary review. This is not an option for people like Thinker Rix or other non coders. The mostly spot for this to happen is upstream from the

Re: [pfSense] naive suggestion: conform to US laws

2013-10-11 Thread Walter Parker
Who would you trust more that ESF? Why,specifically, would you trust another group of people to be more trustworthy? I admit to have a USA bias, but for the issue in question, I don't there being a much better choice. The UK has less freedoms in this matter. But then this is turning into a case of

Re: [pfSense] naive suggestion: conform to US laws

2013-10-11 Thread Walter Parker
s). But that is me, maybe you prefer to decide to move first and then figure out where you are going after you have left (rather than planning where you are going before you leave). Walter On Fri, Oct 11, 2013 at 12:11 PM, Thinker Rix wrote: > On 2013-10-11 21:20, Walter Parker wrote: > &

Re: [pfSense] naive suggestion: conform to US laws

2013-10-11 Thread Walter Parker
to the targeted countries. It is probably no exaggeration to state that this 20th century version of the "Trojan horse" is quite likely the greatest sting in modern history. On Fri, Oct 11, 2013 at 12:49 PM, Adrian Zaugg wrote: > > > On 10/11/13 8:20 PM, Walter Parker

Re: [pfSense] Alix Update 2.0.3 to 2.1 fails with 11 interfaces (/var full)

2013-10-11 Thread Walter Parker
So, if I have an ALIX that I would like to upgrade, how much would I have to increase /tmp and /var by to have the upgrade run to completion without filling the partitions? Walter On Fri, Oct 11, 2013 at 2:25 PM, Jim Pingle wrote: > On 10/11/2013 4:58 PM, Jens Kühnel wrote: > > I'm not a Free

[pfSense] Interface stops working

2013-11-11 Thread Walter Parker
I have a pfSense 2.0.3 box with 5 interfaces, two of which are on motherboard ethernet controllers using the NVIDIA nForce4 CK804 MCP9 Networking Adapter chipset. These two connections connect to the upstream IP (WAN) and to the old IP space for the local network (LAN). I've been seeing the the c

[pfSense] Multi-WAN network access

2013-12-04 Thread Walter Parker
Hi, I've got a pfSense router with a WAN connection that has 4 interfaces: WAN - A 200 mbs connection. This is on a /20 subnet and the other side is the default route. LAN - This is a static routed /24 network from the company providing the 200 mbs WAN connection COMCAST - This is a static routed

Re: [pfSense] Bug in DynDNS notification sequence

2013-12-06 Thread Walter Parker
You don't need to open your rule set to allow every one on the internet to ping any address. Just allow the HE broker subnet to ping any address in the tunnel subnet. On Dec 5, 2013 11:51 PM, wrote: > > Hello list, > > The DynDNS logic seems to work in this wrong order: > > 1 Figure out the new

[pfSense] Multiple routing tables

2013-12-11 Thread Walter Parker
I've been asked if pfSense has multiple routing tables. Specifically, there is kernel option in FreeBSD: options ROUTETABLES=2 Which enables you to setup a second routing table for a second interface. Does pfSense use multiple ROUTETABLES? If not, why not and does the existing policy based rou

[pfSense] MultiWAN with SSH

2013-12-12 Thread Walter Parker
Hi, I have a pfSense box with multiple WAN connections (on on TW and one on Comcast) I appear to got MultiWAN working for outbound traffic, in that: I can ping/traceroute from either interface and the traffic routes out and comes back. But inbound traffic only appears to work if it comes into the

Re: [pfSense] is it possible to rename gateways in 2.1 release AMD64?

2014-01-07 Thread Walter Parker
Once you create a gateway, you can not rename it from the GUI. I had to delete and re-create my gateway in order to rename it. On Tue, Jan 7, 2014 at 12:02 PM, Matthias May wrote: > Am 07.01.2014 20:52, schrieb Joe Landman: > > Hi folks: >> >> I am trying to match a spec we've been given as

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker
By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN traffic, you will need to allow it (add rules on both the WAN and LAN sides). But you might want to notice something else. If PFSense is operating as a straight up router where you don't want NATing of the LAN packets, then you w

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker
n of 192.168.1.1 of which is dhcp > assigns my laptop .101 when plugged in. > > Brian > > > On 1/14/2014 12:50 PM, Walter Parker wrote: > > By default, PFSense blocks WAN to LAN traffic. If you want WAN to LAN > traffic, you will need to allow it (add rules on both

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker
gt; So for whatever reason its not being passed to the lan. > > > On 1/14/2014 1:13 PM, Walter Parker wrote: > > From the PFSense UI, select Firewall->NAT. Then click on the Outbound tab. > Then select the Manual Outbound NAT rule generation radio button (this > turns of

Re: [pfSense] WAN not accepting traffic

2014-01-14 Thread Walter Parker
l. Wouldn't that cover it? > > Sent from my HTC > > > - Reply message - > From: "Walter Parker" > To: "pfSense support and discussion" > Subject: [pfSense] WAN not accepting traffic > Date: Tue, Jan 14, 2014 8:04 pm > > > You mi

Re: [pfSense] Fwd: lighttpd errors

2014-03-23 Thread Walter Parker
You could try installing a packet sniffer and watching the traffic. Walter On Sun, Mar 23, 2014 at 2:38 PM, Brian Caouette wrote: > How can this happen with only two computers powered up on the lan? Any > way to get more details? > > > On 3/19/2014 7:58 AM, Brian Caouette wrote: > > > > > --

Re: [pfSense] Sending logs to external server

2014-03-24 Thread Walter Parker
>From the status menu, select System Logs >From the system logs page, click on Settings Scroll down to Remote logging Options Enable Remote logging For the remote Syslog Servers, enter the address of your syslog server (any Linux or FreeBSD server running a copy of syslog that will take outside lo

Re: [pfSense] RDP port forward based on destination name.

2014-03-27 Thread Walter Parker
That's what I would recommend. The VPN can serve as a second gateway to protect the RDP from the outside world, so you could pitch this solution as higher security method of network access. Walter On Thu, Mar 27, 2014 at 1:09 PM, compdoc wrote: > > I'm not very familiar with TMG from Microsof

Re: [pfSense] RDP port forward based on destination name.

2014-03-28 Thread Walter Parker
The big problem that I see people have that that want to do networking based on hostnames rather than IP addresses. Such as how named virtual hosting works on Apache. But the problem is that the hostname is translated to an IP address on the client side and the only thing the server sees is the IP

[pfSense] Packages didn't install after upgrade from 2.0 to 2.1.1

2014-04-07 Thread Walter Parker
I upgraded my ALIX system running 2.0 to 2.1.1. The base upgrade appeared to go fine, I got the screen that said the system was upgrading all of the packages, but after the system restarted, none of the pacakges on the old system were listed as installed on the new system. But the service screen s

Re: [pfSense] Network Traffic Monitoring w/o Webgui

2014-04-07 Thread Walter Parker
I'd expect that you should be able to enable SNMP, set a non default password (please don't use public) and add a firewall rule to allow UDP on port 161 to/from your mrtg server. I'd recommend using Cacti as your mrtg server (if you want a FOSS solution). Walter On Mon, Apr 7, 2014 at 10:23 AM,

Re: [pfSense] Network Traffic Monitoring w/o Webgui

2014-04-07 Thread Walter Parker
quickly become expensive (1000's to 10,000's dollars) as the size of your network grows. Walter On Mon, Apr 7, 2014 at 10:47 AM, Brian Caouette wrote: > What is Cacti? FOSS? > > > On 4/7/2014 1:42 PM, Walter Parker wrote: > > I'd expect that you should be a

Re: [pfSense] Network Traffic Monitoring w/o Webgui

2014-04-08 Thread Walter Parker
Of *Chuck > Mariotti > *Sent:* April-07-14 1:04 PM > > *To:* pfSense Support and Discussion Mailing List > *Subject:* Re: [pfSense] Network Traffic Monitoring w/o Webgui > > > > It's been a few years, but a simple windows version... > > > > http://oss.oetik

Re: [pfSense] How to allow only incoming HTTP/HTTPs traffic from WAN interface?

2014-04-12 Thread Walter Parker
How about configuring the firewall to block everything and then then create a rule that forwards/allows only port 80 and 443 to the reverse proxy server. Configure the reverse proxy server to only support HTTP traffic (on port 80 and using SSL on 443). Then you don't need to do DPI. I'd say you don

Re: [pfSense] How to allow only incoming HTTP/HTTPs traffic from WAN interface?

2014-04-14 Thread Walter Parker
a rule for each of these > domains will be painfull after a while i assume. But on the other hand, i > will be using this reverse proxy node as the first entry point to my DDoS > protection network, so not sure whether DPI is a good thing here or not. > > > On Sat, Apr 12, 2014 at 11:

Re: [pfSense] High iostat

2014-05-12 Thread Walter Parker
pfSense has menu options that allow to move/create /tmp and /var in RAM. These can be found in System>Advanced>Miscellaneous. Then logging would be written to the RAM disk. Note that the logs will be lost when the power goes out. You will need to setup a scheduled job that does backups if you wis

Re: [pfSense] Poweredge 2850

2014-05-19 Thread Walter Parker
The amd64 is for all 64 bit machines (amd64 and Intel EMT64) The x86 is for all 32 bit machines (Intel and AMD) According the spec sheet, http://www.dell.com/downloads/global/products/pedge/en/2850_specs.pdf, that is a 64 bit machine. Note, because AMD developed 64 for the x86 first, the BSDs cal

Re: [pfSense] Poweredge 2850

2014-05-19 Thread Walter Parker
D64. I’ve never touched an > Itanium-driven machine. > > > On May 19, 2014, at 18:06, Walter Parker wrote: > > The amd64 is for all 64 bit machines (amd64 and Intel EMT64) > The x86 is for all 32 bit machines (Intel and AMD) > > According the spec sheet, > http://www.d

Re: [pfSense] installing vmtools

2014-05-21 Thread Walter Parker
Given than pfSense 2.1.3 uses FreeBSD 8.3 as the base OS, wouldn't http://ftp1.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/perl5/ be better location to use for packages? Walter On Wed, May 21, 2014 at 11:57 AM, Moshe Katz wrote: > On Wed, May 21, 2014 at 2:39 PM, Florio, Christop

Re: [pfSense] Disk Space

2014-06-07 Thread Walter Parker
If you wish to learn more about how UNIX operating systems work, there are a few pages that about what devfs does and means. http://www.freebsd.org/cgi/man.cgi?query=devfs&sektion=5 http://en.wikipedia.org/wiki/Device_file A very short summary is that UNIX systems use multiple mount points in th

Re: [pfSense] Squid3 with https filtering

2014-06-18 Thread Walter Parker
There is a way to auto configure the proxy settings on modern browsers, so that you don't have to manually configure them individually WPAD and Proxy auto-config http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol http://en.wikipedia.org/wiki/Proxy_auto-config Walter On Wed, Jun 18,

Re: [pfSense] https transparent proxy project failed...

2014-06-26 Thread Walter Parker
HTTPS was designed to cause a transparent proxy to fail (that was one of the major design goals, no third party [such as squid] could read to the traffic). As mentioned before, to make this work, you must either drop the requirement that the proxy be transparent (Note, explicit proxies can be auto

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

2014-07-10 Thread Walter Parker
I think you might have a misconception in your request. Whe you say: >To resolve this issue I need to "mangle" forwarded IP packets by >incrementing their TTL by 1. This would effectively hide the above >included results. If anyone knows how to do this either through the web >interface or throug

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

2014-07-10 Thread Walter Parker
I disagree that this is a vulnerability/weakness. If this is truly your only issue with the network, I'd call it good and done if you are not the DOD/NSA. If you are, then you need to start again with an even more secure foundation. Walter On Thu, Jul 10, 2014 at 2:25 PM, Blake Cornell < bcorn

Re: [pfSense] Enumerating NAT Hops - Information Disclosure - TTL++ mangle.

2014-07-12 Thread Walter Parker
00 >> Garden City, NY 11530 USAhttp://www.integrissecurity.com/ >> O: +1(516)750-0478 >> M: +1(516)900-2193 >> PGP: CF42 5262 AE68 4AC7 591B 2C5B C34C 7FAB 4660 F572 >> Free Tools: https://www.integrissecurity.com/SecurityTools >> Follow us on Twitter: @integrissec >> >> O

Re: [pfSense] Difference between APU4 and APU1C4

2014-07-22 Thread Walter Parker
I see a few things going on here: >From the Netgate site, the difference between the APU1C and the APU1C4 DIY kits is 2GB vs 4GB. The Kits are $179 and $199 and include the board, a case and power plug. The kit from PCEngines is just the board (I don't see any that says it comes with a plug or a

Re: [pfSense] Cannot go to HTTPS sites using WAN interface

2014-09-09 Thread Walter Parker
Yes, check to make sure that the WebConsole interface (on 443) is not conflicting with with your other rules. Check for allow/deny rules in both Squid and pfSense to make sure that you don't have a conflict. On Tue, Sep 9, 2014 at 1:34 PM, Satvinder Singh < satvinder.si...@nc4worldwide.com> wrot

Re: [pfSense] Pftop confusion.

2014-09-24 Thread Walter Parker
To see which client is eating your bandwidth, when using Traffic Graph, switch from WAN to LAN. Then the dynamic list of hosts will show client IP addresses and not your link address. On Wed, Sep 24, 2014 at 7:55 AM, Muhammad Yousuf Khan wrote: > Exactly this is how i learn that my whole link is

Re: [pfSense] Https blocking

2014-09-24 Thread Walter Parker
A suggestion: Null route all facebook addresses. That usually kills any traffic. Be aware that it kills all traffic to those addresses (HTTP, HTTPS, SMTP, POP3, DNS). FYI, getting snotty to people that are asking for help usually turns them off of wanting to help you... Walter On Wed, Sep 24,

Re: [pfSense] Reports

2014-09-26 Thread Walter Parker
First time I would do is make sure that you have added static IP address reservations for those the MAC addresses using the DHCP server page for each piece of IP gear that your children have. If you click on All Leases, it will show you every device that has tried to get an address. You can take th

Re: [pfSense] Install CD - I don't know where to go with this

2014-10-31 Thread Walter Parker
I use imgburn to burn all of my pfSense CDs (and Windows, Linux and FreeBSD DVDs). I second the recommendation. If you have picked the correct image, it should boot unless there is something strange with the HP hardware. The fact that a Windows disk boots doesn't prove that hardware isn't "strange"

Re: [pfSense] Recomend

2014-11-27 Thread Walter Parker
I'd be a little worried about the SD card and squid, but not the current ADD solution from Netgate. On Nov 27, 2014 2:05 PM, "Brian Caouette" wrote: > I've been looking at the kit at Netgate for $199 to replace my poweredge > 2850 for pfSense. My concern is the sd/flash memory and the use of squi

Re: [pfSense] Recomend

2014-11-30 Thread Walter Parker
If you are getting the Netgate kit, I'd suggest just getting the Intel m525 SSD that they offer. This is a modern SSD with wear leveling that keeps software like a squid cache from burning out the drive early. It will fit and work without having to build a custom cable and have to tape a drive to t

Re: [pfSense] Recomend

2014-12-16 Thread Walter Parker
too? I don't understand your comment > about get it now before it has any issues. > > Brian > > > On 11/30/2014 3:07 PM, Walter Parker wrote: > > If you are getting the Netgate kit, I'd suggest just getting the Intel > m525 SSD that they offer. This is a modern SSD

[pfSense] Today's Infoworld Deep End column

2014-12-22 Thread Walter Parker
Just thought I'd note that Paul Venezia, who does the Deep End column for Infoworld, just gave a positive heads up to pfSense and the APU1 DIY kit from Netgate. http://www.infoworld.com/article/2861574/network-security/you-should-be-running-pfsense-firewall.html Walter -- The greatest dangers

[pfSense] pfSense 2.2RC resolv.conf settings

2015-01-11 Thread Walter Parker
Hi, I just put pfSense 2.2RC on my filewall and I noticed that the PHP code that generates the resolv.conf file will add the line "options edns0" to resolv.conf if the the unbound config has the edns option set. I didn't see any way in the GUI to set this option. I'm I missing something, or has t

Re: [pfSense] CVE-2015-0235 - Uncertain if pfSense/OpenBSD is vulnerable?

2015-01-27 Thread Walter Parker
First, pfSense is from FreeBSD, not OpenBSD. Second xBSD uses libc by default, not glibc. glibc is a GNU/Linux port of the libc from UNIX systems. I wouldn't expect to see recent glibc errors in xBSD, as there are separate code bases at the system level. Walter On Tue, Jan 27, 2015 at 10:45 AM,

Re: [pfSense] Firewall Hardware/Setup for Datacenter...

2015-02-05 Thread Walter Parker
I've used pfSense in a VM on my ESXi application server. This is mostly to firewall the Windows VMs from the Internet. If you want fail-over, I'd suggest getting one of the new Netgate ( http://store.netgate.com/NetgateAPU2.aspx or http://store.netgate.com/1U-Rack-Mount-Systems-C84.aspx) or pfSens

Re: [pfSense] Firewall Hardware/Setup for Datacenter...

2015-02-05 Thread Walter Parker
n Thu, Feb 5, 2015 at 9:19 AM, Jason Whitt wrote: > > Ive ran as vm's using vmxnet3's as well as physical on these > http://m.newegg.com/Product/index?itemnumber=16-101-837 > > > > Both are viable options. > > > > Jason > > Sent from my iPhone &g

Re: [pfSense] Squid not logging traffic

2015-02-16 Thread Walter Parker
In Realtime, you can use the dashboard app. For plugins, BandwidthD and Darkstat have some information. I've used netflow on other systems to get this sort of information, but for pfSense you would have to setup a second box that ran the netflow visualizer to see the traffic information from one

Re: [pfSense] Squid not logging traffic

2015-02-16 Thread Walter Parker
a "bit of programming" might radically differ from yours :) If I can find the time, I'll see if I can find any notes. Walter On Mon, Feb 16, 2015 at 2:58 PM, Volker Kuhlmann wrote: > On Tue 17 Feb 2015 10:33:21 NZDT +1300, Walter Parker wrote: > > > In Realtime, y

Re: [pfSense] Squid not logging traffic

2015-02-16 Thread Walter Parker
; On Feb 16, 2015, at 6:27 PM, Walter Parker wrote: > > For the real time monitor, if you switch from WAN to LAN, you can see who > is doing spikes. For the other items, you can see how much bandwidth each > internal IP addresses has used in one of those packages. Unless you have > se

Re: [pfSense] serial port sadness

2015-02-23 Thread Walter Parker
I had a problem like this, so I replaced the cheap converted with one "made" by a California company (it was much nicer, real drivers and instructions for $5 more). I got no output until I remembered that I might need a null modem adapter. Once I added that to mix everything worked like a charm (te

Re: [pfSense] Cannot install 2.2 on Alix board (latest firmware)

2015-03-09 Thread Walter Parker
I installed it on an ALIX with a 4GB card without issues. I'd suggest getting a serial cable so that you can see the output from the system as it boots (make sure you a null modem cable or adapter). Walter On Mon, Mar 9, 2015 at 5:11 AM, Kostas Backas wrote: > Hello, > > I have difficulties in

Re: [pfSense] pfSense FreeBSD Version

2015-03-10 Thread Walter Parker
To do this, you will have to grab the sources for pfsense, then grab the build tools, and then try building a custom version of pfSense using a snapshot from https://www.freebsd.org/snapshots/ as the base OS rather than FreeBSD 10.1 as the base OS. You should also check if the person was suggestin

Re: [pfSense] Setup Question - Routing

2015-03-24 Thread Walter Parker
Using a chart like http://www.engineeringradio.us/blog/wp-content/uploads/2013/01/Subnet_Chart.pdf you can see the different /28 and /29 subnets that exist on a /24 network. You would bind the .248/29 network to the WAN interface (use a /29 to leave a few extra addresses). Then you would bind an

Re: [pfSense] Assign IP Address with /32 Mask on WAN Interface

2015-03-30 Thread Walter Parker
A /32 net mask is not used for used for regular routing interfaces. It has a specialized use, usually used for virtual interfaces. On a Cisco router, it would be used for a loopback interface. It is sometimes used as the subnet mask for an IP alias address on host systems (where all routing is done

Re: [pfSense] testing email

2015-04-08 Thread Walter Parker
After renabling my account, I saw this email (but not the earlier emails from today). Walter On Wed, Apr 8, 2015 at 11:58 AM, Mike Montgomery wrote: > I got the same re-enable email to my gmail account. > > On Wed, Apr 8, 2015 at 2:48 PM, WebDawg wrote: > > > Same here, > > > > > > > > Viruse

Re: [pfSense] testing email

2015-04-08 Thread Walter Parker
Thank you. On Wed, Apr 8, 2015 at 12:16 PM, Chris Buechler wrote: > This should be fixed. mailer-daemon@ ended up as a list member in > mailman, AFAICT from day one of this list, but in the past few days > ended up being spoofed to send a couple viruses to the list. Those > messages bounced for

Re: [pfSense] Using on Fiber

2015-06-05 Thread Walter Parker
There is a serverfault question about this: http://serverfault.com/questions/380778/vmware-seems-to-throttle-scp-copies-what-can-be-the-reason?rq=1 SCP does (did) have performance problems. They fall into two groups. First, over a WAN the internal buffer was a bit too small for high speed (100 meg

Re: [pfSense] Notification about soon-to-expire certificates

2015-06-18 Thread Walter Parker
If your network is large enough to have a monitoring package (like Nagios), some of them support certificate checking. Walter On Thu, Jun 18, 2015 at 7:19 AM, Philipp Tölke wrote: > Hi all, > > we use incoming OpenVPN to access some external installations. Some of those > installations are in r

Re: [pfSense] Notification about soon-to-expire certificates

2015-06-19 Thread Walter Parker
, Philipp Tölke wrote: > Hi Walter, > > thanks for your answer! > > On 19.06.2015 01:24, Walter Parker wrote: >> >> If your network is large enough to have a monitoring package (like >> Nagios), some of them support certificate checking. > > > Can nagios access

Re: [pfSense] Small form factor pfsense box

2015-08-02 Thread Walter Parker
The Project sells hardware: http://store.pfsense.org/hardware/ I bought small form factor routers from Netgate before and I'm happy. http://store.netgate.com/Routers-C178.aspx Walter On Sun, Aug 2, 2015 at 10:04 PM, Cheyenne Deal wrote: > Does anyone have any recommendations for a small form

[pfSense] Bandwidth graph

2015-10-16 Thread Walter Parker
Years ago, there was a package for pfSense that graphed total bandwidth for the Day, Month, Year using bar charts. It would show the top days with bandwidth and total usage for the month. It was not bandwidthD or the RRD graphs. I can't find it anymore. What was it called and why was it removed?

Re: [pfSense] Bandwidth graph

2015-10-16 Thread Walter Parker
the > developer. > > > > On Oct 16, 2015, at 1:11 AM, Walter Parker wrote: > > > > Years ago, there was a package for pfSense that graphed total bandwidth > for > > the Day, Month, Year using bar charts. It would show the top days with > > bandwidth and

Re: [pfSense] PFSense for high-bandwith environments

2016-02-18 Thread Walter Parker
There is an optimization coming for pfsense. There is a new user space routing daemon. netmap I think, that can reach line rate on 10G NICs (14.88 Mpps). There was a BSDCon that talked about a future version of pfsense using this system. It uses ipfw, so there a bit a work to adapt it to pfsense.

Re: [pfSense] PFSense for high-bandwith environments

2016-02-23 Thread Walter Parker
On Tue, Feb 23, 2016 at 3:19 PM, Giles Davis wrote: > On 19/02/2016 17:12, David Burgess wrote: > > I'm a little surprised at your experience. A few years ago I built a > > PFSense unit with an Intel motherboard, 1st gen Core i3 CPU, and a > > single onboard Intel (em) GBE NIC. All routing was do

Re: [pfSense] 2.3 show stopper - bind package missing -- don't install if you need bind!

2016-04-13 Thread Walter Parker
For a list of Packages in 2.3, see https://doc.pfsense.org/index.php/Package_Port_List For a list of packages removed from 2.3, see https://doc.pfsense.org/index.php/2.3_Removed_Packages Walter On Wed, Apr 13, 2016 at 3:17 PM, Steve Yates wrote: > I should restate/clarify that I was looking a

[pfSense] Upgraded to new pfSense Router, can't find RRD graphs after restore

2016-05-07 Thread Walter Parker
Hi, I just upgraded from my old ALIX router that I brought from Netgate several years ago (which has worked great for the past several years). The new box is nice, it is much faster. I restored my old 2.2.5 config on the new system and I have a few questions: Where are the RRD graphs (I don't se

[pfSense] USB hard drive on SG-2220

2016-05-27 Thread Walter Parker
Hi, I just plugged a small WDC USB 2.0 hard drive into my pfSense firewall as an external, second drive and everything booted: da1 at umass-sim1 bus 1 scbus7 target 0 lun 0 da1: Fixed Direct Access SCSI device da1: 40.000MB/s transfers da1: 238475MB (488397168 512 byte sectors) da1: quirks=0x2 B

Re: [pfSense] Strange fe80::1:1 link-local address on LAN interface

2016-05-27 Thread Walter Parker
In IPv6, Link Local fe80::1:1 is like what IPv4 does when there isn't a DHCP server (it auto assigns an address from 169.254.0.0/16 ). The IPv6 RFC documents two ways to generate these link local address. The second method generates addresses that are not dependent on the MAC address. Unlike the I

Re: [pfSense] Restoring DHCP table from 2.2.x into 2.3.x

2016-05-29 Thread Walter Parker
You could try copying the the entries from the old XML and paste it in the new XML file. Walter On Sun, May 29, 2016 at 3:32 PM, Dave Warren wrote: > Howdy! > > I am looking at replacing my 2.2.something pfSense box with a fresh > install of 2.3. Is it possible to restore just the DHCP configu

Re: [pfSense] Restoring DHCP table from 2.2.x into 2.3.x

2016-05-29 Thread Walter Parker
I restored from that config and things worked just fine. Walter On Sun, May 29, 2016 at 4:44 PM, Dave Warren wrote: > On 2016-05-29 17:35, Walter Parker wrote: > >> You could try copying the the entries from the old XML and paste it in the >> new XML file. >> > >

Re: [pfSense] enabling authenticated ntp ?

2016-05-30 Thread Walter Parker
Not that I have seen. I had an idea for authenticated NTP awhile back, but was waiting until I had upgraded to 2.3 before I looked at what it would take to add. This weekend I had the time to build a test environment, so I might try doing it over the next few months. Walter On Mon, May 30, 2016

[pfSense] pfSense store router positioning

2016-06-05 Thread Walter Parker
Hi, I've be doing a bit of remodeling in the household and I noticed an interesting issue with the temperature of the the router (an SG-2220). If I put the router flat, it heated up to 53 Celsius (9AM mid 70's Fahrenheit room temp). WHen I turned the router in the side, it dropped from 53 to 46 in

Re: [pfSense] 3 hard locks this week... any ideas?

2016-09-01 Thread Walter Parker
On Thu, Sep 1, 2016 at 3:06 PM, compdoc wrote: > >>Coming back tonight to do memtest, SpinRite on the SSD, etc..., > > Spinrite on an ssd is a terrible idea. It's an ancient program thats even a > bad idea to use on hard drives. > > It doesn't even work on drives larger than 1TB, because it was w

Re: [pfSense] Lightning strike

2016-10-13 Thread Walter Parker
On Thu, Oct 13, 2016 at 2:40 PM, Volker Kuhlmann wrote: > On Wed 27 Jul 2016 13:40:16 NZST +1200, Chris Buechler wrote: > > > > I find this really really annoying of pfsense! Especially for headless > > > systems. Hey, why run with only one interface and some functionality > > > missing when one

Re: [pfSense] pfsense default firewall configuration

2016-11-15 Thread Walter Parker
I moved from IPCop to pfSense years ago. It was good enough then. It is better now. Without an idea of what you customization are, we can't tell you how many rules you might need to add to get the same functionality from a pfSense setup. On Tue, Nov 15, 2016 at 8:19 AM, Ryan Coleman wrote: > I w

Re: [pfSense] How to ...

2017-02-22 Thread Walter Parker
One thing to consider with a DNS query to mapping system is the effect of DNS caching. Many systems now have local caches, so you will only see the DNS lookup once. For the traffic flows. you might want to look at netflow. It can be setup to send the data to a collector system and you will be able

[pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
I think I'm missing something simple with my Acme Client setup in pfsense. I followed the following steps and I'm get a TSIG error (note NSUPDATE worked when run by hand). - dnssec-keygen -a HMAC-MD5 -b 512 -n HOST fw.sample.com - Copy secret from Kfw.sample.com.*.key (note this secret has

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
Walter On Sun, Aug 6, 2017 at 5:48 PM, Jim Pingle wrote: > On 8/6/2017 8:03 PM, Walter Parker wrote: > > I think I'm missing something simple with my Acme Client setup in > pfsense. > > I followed the following steps and I'm get a TSIG error (note NSUPDATE > >

Re: [pfSense] Acme client - DNS server setup/dns client secret issue.

2017-08-06 Thread Walter Parker
le.com; }; notify yes; }; On Sun, Aug 6, 2017 at 7:05 PM, Jim Pingle wrote: > > On 8/6/2017 9:47 PM, Walter Parker wrote: > > How do I get the Acme package to let me update the sample.com > > <http://sample.com> zone, to add the host for > > _acme-challenge.f

Re: [pfSense] pfSense virtualisation

2017-10-10 Thread Walter Parker
On Tue, Oct 10, 2017 at 12:57 PM, Doug Lytle wrote: > >>> Or do you think I am absolutely crazy? Or maybe Just one Hardware and > one virtual? > > Quite a few of my firewalls are virtualized using ESXI and have done so > for a few years now. > > Doug >

Re: [pfSense] acme package: DNS-nsupdate configurable update zone

2017-11-16 Thread Walter Parker
On Thu, Nov 16, 2017 at 4:22 AM, Brian Candler wrote: > On 16/11/2017 10:30, Brian Candler wrote: > >> Unfortunately in the pfSense (2.4.1) GUI, I can't see a way to configure >> this. >> >> I would like either: >> >> - an extra setting for "dynamic update zone", which is appended to the >> nsupd

Re: [pfSense] Moving traffic between LAN & OPT1

2017-12-23 Thread Walter Parker
On Fri, Dec 22, 2017 at 8:25 PM, Antonio wrote: > Hi, > > I'm not sure how you move traffic between the above interfaces. I was > under the impression that all you needed was a "Default allow LAN to any > rule" and job done. Yet i'm struggling to get devices of different > interfaces to communica

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

2018-01-03 Thread Walter Parker
On Wed, Jan 3, 2018 at 2:25 PM, Steve Yates wrote: > I'm not a developer but I would think it's dependent on FreeBSD releasing > the update, plus testing by pfSense/Netgate. However, I would think > there's not much concern with PCs running pfSense, since raw code would not > normally be running

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
Well, both Intel and AMD starting shipping the AES-NI instructions 8 years ago... How long does a project need to wait before it can require a feature found on all major x64 processors? Waiting 8-9 years seems reasonable to me. Given the fact that the project is only supporting 64-bit and suggest

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
this, but I fear that I will *have to* if I can't > replace my hardware by the time support for software AES ends entirely. > > See: > https://ark.intel.com/Search/FeatureFilter?productType= > processors&SocketsSupported=LGA771&AESTech=true > > > I thank you fo

Re: [pfSense] Configs or hardware?

2018-02-15 Thread Walter Parker
rtant enough to you switch gets addressed in 2.5 > but not in 2.4 might occur (gosh that’s an awful sentence, Jim). > > > I understand that a lot of people are effectively threatening to switch > > to OpnSense due to this, but I fear that I will *have to* if I can't > > replace

[pfSense] ZFS on 2.4.2

2018-02-21 Thread Walter Parker
Hi, I have 2.4.2 installed on an SG-2220 from Netgate [nice box]. I just bought a 6TB powered USB drive from Costco and it works great (the drive has its own power supply and a USB hub). I want to use it take ZFS backups from my home server. I edited /boot/loader.conf.local and /etc/rc.conf.local

Re: [pfSense] ZFS on 2.4.2

2018-02-28 Thread Walter Parker
Forgot to CC the list. On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker wrote: > Thank you for the backup script. > > By my calculations, 2G should be enough. If I limit the ARC cache to 1G, > that leaves 1G for applications & kernel memory. As I'm not serving the 6TB > d

Re: [pfSense] ZFS on 2.4.2

2018-03-06 Thread Walter Parker
sniping or do you know something that will cause my specific use case to fail at some point in the future? Walter > On 3/1/2018 1:49 AM, Walter Parker wrote: > >> Forgot to CC the list. >> >> On Wed, Feb 28, 2018 at 10:13 PM, Walter Parker >> wrote: >> &g

  1   2   >