I am using nmap

By default the WAN interface is firewalled, I did not diasable it.

Perhaps I am not connected to the right box as dyndns may not be working.

Thanks a lot! That did the trick!
-Pat

It's highly unlikely that it's Cisco related. I'm sure your provider doesn't know better and hard codes all the interfaces 100/full. It's a common misconception that it's good to do that, in reality no networking vendor including Cisco recommends doing this. I'm sure if their side was set to auto it would work fine. 100/full connecting to auto == duplex mismatch.

With the media and mediaopt in your config, you're set. It won't ever get overwritten or anything, it's a fully supported option, it's just that since so many people don't understand autonegotiation we hide it to prevent people creating performance problems by forcing when they should leave everything to auto in virtually every circumstance.

embeddeds have the local console on com1 once they start booting. Check the serial console if you get some output there.

Ah yes, the grown up approach.  Explain it to them.  Now to find me some grown ups.

i.e. You'd think that fair use really would be the appropriate method.  A management solution to a management issue.  But alas…

But perhaps this is an great excuse for me to finally roll up my sleeves and start Snorting.

Thanks for the info, guys.

Please note thet DNS can be udp and tcp. Make sure your forward covers udp as well.

Ahh it was something simple then, thanks :D

Cheers again,
Dave

PS. Thanks for the prompt and knowledgable replies you lot =)

a bit off topic :)

A enhancement could be when you add a user in CP there would be a alias option

flow would be like this

user logs in -> alias gets updated with current ip

cmb: Actually, I don't need leases at all. I just want to monitor the DHCP traffic and record it with DHCP Force or a similar tool. I think you are right though, setting up an OPT interface and bridging it is the only option.

Thanks for the info.

I'm getting some behavior that doesn't seem to be fitting that description, but fortunately this is just a test box so I'm going to start disabling rules to make sure none of them are blocking the traffic.

If I'm still having problems I'll post a more detailed breakdown of my rules and the traffic that isn't working.

Thanks

Hi,

there is a "shadow" rule who block all trafic from lan to wan.
So when there are no rules created, the lan can't access to wan except ftp  ??? ??? In fact, he passed.

So i have to create some rules to access from lan to wan except ftp…

Other problem:
I bridged my wlan with the lan. The wlan can't access ftp even if i create a rule for ftp??? but others rules (http,pop3...) are OK.

Any idea?

Thanks a lot,

OK, I'll write it up with one rule per port

Eh, found that having "Static-only ARP entries" enabled caused this.  Even when it's off, it appears to be working sporadically (e.g. pinging the gateway will illicit responses from both the host machine and the gateway).  This is probably an issue with VMWare fusion, not pfsense.

Thanks, i'll do it that way

Nevermind – found out that it was actually a problem using a virtualized client machine.  A physical device worked OK.

yepp on the trafic shaping section its told many times
that imcp (ping) is set to a low priorty when you shape
you can chanche that if you like

butt ping is only for testing
its not just for real world trafic
so that is the resen for the low priorty

Incidentally, at this point, if you're running 1.0.1, you really should be on at least 1.2-Beta-2, especially if you're having problems.

We are still having issues with this.  We reinstalled pfsense but the problem continues.  Basically VPN over UDP is erratic.  It works some of the time but other times does not.  It will work fine for a few days then it will stop working for a day.  One client machine may be working while another isn't.  It seems random.

Is anyone else having a similar problem?  We have not yet upgraded to 1.2-Beta2 (still running beta1), but we might try to see if it fixes any of our issues.

James

Hi,

I htink it will work the same way as BFD for APF, something like it.

Matts