Has anyone managed to get the OwnCloud Client to run in pfSense? I'm thinking I could use it to backup our configuration files automatically.

It's probably 128 characters: "Its total length must be less than _PASSWORD_LEN (currently 128 characters)." http://www.freebsd.org/cgi/man.cgi?query=passwd&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html

As the saying goes: Patches accepted.

I don't see anyone here going through the trouble, but if the code shows up…

Odd that you added the card months ago by the problems only showed up in the last few weeks. I suspect you have worked around the problem rather than repaired it. By removing the Atheros card you will have switched up the system resources, possibly freeing some RAM etc. You will have reduced the power draw on certain components. Most likely you opened the case to remove the card moved everything slightly, cables, connectors etc.
Anyway, glad you're not suffering lockups any more!  ;)

Steve

@DaReaLDeviL:

Jun 3 08:21:25 miniupnpd[98076]: SSDP packet sender 192.168.1.199:64391 not from a LAN, ignoring
Jun 3 08:21:25 miniupnpd[98076]: SSDP packet sender 192.168.1.199:64391 not from a LAN, ignoring

You appear to be using a routing daemon of some kind, are you running RIP? Without knowing your exact routing setup, I'm just guessing, but you could probably prevent these log entries with a firewall rule on your LAN interface since they are all from the same IP and port… but if you are actually using UPnP on your network then filtering it out of your router could break things. (I suspect it won't, but what do I know?)

I'd try a rule like this:

ID  Proto  Source        Port    Destination  Port      Gateway      Queue        Schedule
block *  IPv4  192.168.1.199  64391    LAN Address  *        *            *

@DaReaLDeviL:

Jun 3 08:20:20 dnsmasq[12752]: read /etc/hosts - 32 addresses
Jun 3 08:09:07 dnsmasq[12752]: read /etc/hosts - 32 addresses

This one I can't help with other than to suggest you double-check all your dnsmasq settings? Maybe reboot the router to see if it clears up?

@kpa:

Remove the LAN gateway in the LAN interface settings. It is an error to have a gateway for the LAN network because there's no other way out of the LAN network than the pfSense router itself.

AWESOME! This was the issue. Looking back, the 192.168.1.1 gateway was set to default … I removed the bogus gateway and bam were up and running! thanks a lot!

Would I have to bridge the connection/how do i set it up that way?

Have this issue from time to time with Firefox (latest versions, both for Linux and for Windows). Closing the browser (which clears cache, cookies, offline website stuff and so on and so on) and starting a new session resolves the problem every time…

Aha! Yes that is a step forward. It's showing as 'pass' because it's matching the pass rule you setup to allow the forwarded traffic.
Ok, so that confirms that the box is reiving the traffic on the virtual IP, NATing it to the internal address and allowing it to pass through the WAN firewall. Yet you aren't seeing it at the server?
Could you have some asemetric routing issue? Perhaps the returning traffic is not matching the open firewall state? Do you have a rule to allow the return traffic if it isn't? Anything in the firewall logs to show that?

Edit: What is you current WAN firewall rule? Reading back I see that your original rule was for IPv4/TCP only which won't allow ICMP (ping).

Steve

Please don't double-post questions:
https://forum.pfsense.org/index.php?topic=77730.0

@pfissedoff:

Good morning,

I am having trouble with configuring this scenario…

I have squid + dansguardian authenticating users with LDAP, what i would like to do is implement different levels of filtering depending on what group they are a member of, but the documentation is scarce, i have set up dansguardian with the ACLS that i need to apply to a user depending on what group (eg student, staff etc) they are in.

Please could somebody point me in the right direction? or documentation?

Thankyou for your time!

BUMP

Running PFSense 2.1

Squid 2.7.9
Dansguardian 2.12.0.3

Would like to implement multiple groups (Default and one extra group) to apply a stricter set of ACLs to one group

Need documentation or step by step tutorial… I have created ACL's but when i create the group based on my LDAP group it does not populate users and DG service fails to start again until the group is removed.

@trads:

Question is:  If buying PFsense installed on an EMBEDDED device with 4 LAN holes and 1 or 2 for WAN -  instead of using a PC - are the access to the PFSense firewall and its data then completely physically separate from the LAN ports?

No. PfSense running on embedded hardware is not much different to a standard PC. It's still X86 hardware.

If the attack you are describing was at the BIOS level I imagine it via some out-of-band management facility. If that is the case then it's a config issue. IPFire is a mature firewall, i'd be surprised to find they had some huge security hole.

Steve

Yep, did not know that. Thanks.  :)

Ready for eeconfig though!

Steve

You could try the 'memstick' image. That is identical to the install CD but written for running from a USB stick. It will not attempt to write to the USB stick.
You could attempt to run it with the config file on a separate drive like the original m0n0wall install used to, though I think that used a floppy drive. I think I remeber reading it's no longer a supported install type but that doesn't mean it's not possible.

Steve

If the IPs are in a file in the right format you can just copy and paste them into an alias.
The pf-blocker package can import an alias from a file directly.

Steve

Easily missed.  ;)

@stephenw10:

It could be the Sonicwall device is using the same subnet on it's LAN that the pfSense box is using which is killing routing.

Steve

Went with 10.0.0.x on pfsense interface and 192.168.0.x on sonicwall.  It was pulling ip/subnet mask/etc from pfsense not still no actual internet connectivity.  Leaning towards the sonicwall being the issue here.