• Captive portal and allowed hosts problem

    Locked
    12
    0 Votes
    12 Posts
    15k Views
    C

    a little reply

    my objective was simple
    everyone is  on a domain email hosted by google
    some users have access to the internet
    some users have access to the internet using a portal
    some users have no access
    all users have email using the googlemail settings (ssl in and out)

    environment
    fw + squid proxy + proxylite + portal
    proxy in transparent mode
    old P4 (early model) with 1 gig of ram and 40 gig HD

    I tried the suggestion to use the new version (as I was still on 1.2.3) as that has white pages for the portal
    but that information was not complete (it was well intended)

    with rc2, it kind of worked but my users were complaining that often the email gave an error (unresolved address)
    then I found out that the white list in the portal was not really meant for what I wanted as google uses multiple IP (and not 1 virtual IP)

    then had a heated discussion with no result

    downloaded rc3 (last saterday) to try again

    then I tried to just open the ports for outgoing traffic for mail (again ssl google definition) while blocking http traffic
    but that did not work as I got an error about dns
    I opened port 53 to resolve dns problems but problem still happened

    whatever I did, email was not going out or in

    at the same time RC3 was giving me me grief (machine hung at random times)

    I tried many different combinations but all failed on the basic problem : email coming in for all users even when they are not allowed to use the internet

    it was a desperate step to even look at other Firewalls
    maybe I did not configure the fw correctly but I used the outgoing rules to open ports 53,465,993 and 995 (DNS,SMTP,POP and IMAP for google)
    and this for any IP on the lan network with as destination anywhere

    when I tried the same with endian … endian was already preconfigured to receive email from those ports , the only ports I had to add were the dns and the smtp port .... and voila it worked
    i had to change my requirements : no portal anymore (as the open source endian does not have the portal included)  but hardcoded profiles ... those who can and those who cannot go to the internet ... and all are monitored
    I use the proxy in transparent mode 
    blocked the proxy for any access from those users who cannot
    allowed the proxy for hard coded Ip addresses and for the dhcp addresses xxx.xxx.xxx.xxx/28 (16 addresses)

    sorry if I came over harsh but I did receive also a very direct (!) response from your collegue ....

  • Suggestion: Include xen PV drivers

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ

    This late in the 2.0 release cycle that isn't likely to happen. We're trying to minimize changes, not tack on more stuff, so we can get the release out.

    Look on the bright side, once 2.0 is released, you won't have to recompile for every update, just run with it :-)

    It might be considered for 2.1 or later though. Look on http://redmine.pfsense.org and see if you can find a ticket for that. If there isn't one, make a new Feature Request ticket, and put "Future" as the target.

  • Setup Wizard Password Validation Error

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    That's typically an issue with the browser. If you re-submit/refresh the form, it's fine.

  • WAN Address Incorrect and RRD Graphs not working

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ

    Does the same thing happen on a current snapshot?

    Do you have any Virtual IPs or anything that might be setting that other IP? It must be in the config somewhere or it wouldn't end up on the NIC, especially after a reboot.

  • Captive Portal bytes transferred in radius accounting is incorrect

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    K

    Nope nothing special in the setup. I did a fresh install enabled captive portal on the LAN interface an had this issue.

  • 3 crashes: ram problems?

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    T

    Hi

    A little feedback on my problems:

    Crash for specific GHz hardware:
    I had my solution solved. It was specific for GHz hardware from Applianceshop bought with pfsense 1.x.x and manually updated to 2.0. IF I HAD bought it iwith version 2.0 the crashing would never had occured. Applianceshop guided me to a small modification to make there hardware work with pfsense 2.0 without a saily/weekly crash. The solution can be found here:
    http://forum.pfsense.org/index.php/topic,38660.0.html

    General crahs when using NAT Reflection for 1:1 mapping:
    Later I also added the possibility to use NAT Reflection for an IP address used for 1:1 mapping. Aparently pfsense 2.0 does not support that and the box startet to crash again. Again applanceshop came to my help with a few lines from the manual saying this could not be done. The advise was to downgrade to 1.x.x if this feature was desired.

    msix
    I have no comments on the msix since I do not know what is is, sorry.

    Br. Anders

  • Multiwan browsing and gaming

    Locked
    11
    0 Votes
    11 Posts
    11k Views
    X

    change my pfsense to failover( tier1 and tier2) and fix my port range hope that will fix my failover problem…thanks

  • Traffic Shaper Wizard

    Locked
    27
    0 Votes
    27 Posts
    15k Views
    F

    What happens if you don't do that? Does the wizard let you continue? Does the queuing work?

  • OpenNTP - Lost child; child exited - Terminating

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • OLSR with WAN failover

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • (Solved) Strange timeout issues.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C

    I wrote a mail to my ISP yesterday. And today I upgraded both pfsense installtions to: 2.0-RC3 (amd64) built on Fri Aug 5 20:24:40 EDT 2011

    And the problem seems to be gone. So I wonder if the problem was solved by the pfsense upgrade or my ISP. Though my ISP don't answer support tickets during the night and in weekends. Could someone tell me what has changed from:
    2.0-RC3 (amd64) - built on Tue Aug 2 22:54:59 EDT 2011
    to
    2.0-RC3 (amd64) built on Fri Aug 5 20:24:40 EDT 2011?

    **Edit: Nevermind, the problem came back when I closed the SSH session from Site one's pfsense to Site two's pfsense and further on to the server. Odd.

  • Problem with IPSec VPN

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • Revert back to older 2.0rc3 snapshot possible?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ

    The most current snapshots are indeed more stable than anything from July. Upgrade again to something newer, and you will be better off.

  • Pfsense auto reboot after kernel panic?

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    jimpJ

    It's actually supposed to be automatically rebooting and collecting crash data when it does.

    You are using a build that has known issues. Upgrade to a current snapshot (From August, check the sticky post on this board about fixing your upgrade url) and you probably won't have to worry about it.

  • Can't get Traffic Shaper to identify HFSC of 6 or 7

    Locked
    11
    0 Votes
    11 Posts
    4k Views
    K

    @focalguy:

    @kristiandg:

    @pwipf:

    Oh, and I can't put the IP phone's IP because we're talking more than one phone.

    You can create an alias with your phone's IPs and then use the alias in the wizard.

    Yes, but the addresses would vary (DHCP).  No one statically assigns IPs to phones.  That really would only apply if you had an ATA or something (from vonage), I would think.  But thats OK, because I don't really want it to be done that way anyway - I really want it done based on traffic type.

  • Rrd issue in pfSense-Full-Update-2.0-BETA4-20101110-0504.tgz

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    E

    And also, for me, with RC3:

    Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-traffic.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U' Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/lan-packets.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U' Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-traffic.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U' Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/wan-packets.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U' Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/ipsec-traffic.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U' Aug  4 22:22:20 roadblock php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/ipsec-packets.rrd N:U:U:U:U' returned exit code '1', the output was 'ERROR: expected 2 data source readings (got 4) from N:U:U:U:U'

    I'm guessing because of this, I also can't display the RRD graphs for Traffic or Packets, which generate errors like this:

    php: /status_rrd_graph_img.php: Failed to create graph with error code 1, the error is: ERROR: No DS called 'inpass' in '/var/db/rrd/wan-traffic.rrd'/usr/bin/nice -n20 /usr/local/bin/rrdtool graph /tmp/wan-traffic.rrd-8hour.png --start 1312469706 --end 1312498506 --vertical-label "bits/sec" --color SHADEA#eeeeee --color SHADEB#eeeeee --title "`hostname` - WAN :: Traffic - 8 hours - 1 minute average" --height 200 --width 620 DEF:wan-in_bytes_pass=/var/db/rrd/wan-traffic.rrd:inpass:AVERAGE DEF:wan-out_bytes_pass=/var/db/rrd/wan-traffic.rrd:outpass:AVERAGE DEF:wan-in_bytes_block=/var/db/rrd/wan-traffic.rrd:inblock:AVERAGE DEF:wan-out_bytes_block=/var/db/rrd/wan-traffic.rrd:outblock:AVERAGE CDEF:"wan-in_bits_pass=wan-in_bytes_pass,8,*" CDEF:"wan-out_bits_pass=wan-out_bytes_pass,8,*" CDEF:"wan-in_bits_block=wan-in_bytes_block,8,*" CDEF:"wan-out_bits_block=wan-out_bytes_block,8,*" CDEF:"wan-in_bytes=wan-in_bytes_pass,wan-in_bytes_block,+" CDEF:"wan-out_bytes=wan-out_bytes_pass,wan-out_bytes_bloc

    I'm hoping this doesn't mean I'm about to lose over a years worth of data.

    Cheers.

  • [Solved] Can not assign interfaces in current 2.0RC3 snapshots

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    W

    I just tried the newest snapshot:

    pfSense-Full-Update-2.0-RC3-i386-20110804-1057.tgz

    And I can assign interfaces again in the webinterface.

    This is on the same box, only with a full install on a microdrive.
    Before it was the same microdrive with a nanobsd install. I will try the newest snapshot on nanobsd tomorrow.

    <edit>Tested the microdrive with know working version:

    pfSense-2.0-RC3-1g-i386-20110729-1520-nanobsd-upgrade.img.gz
    and upgraded it to the latest nanobsd version: pfSense-2.0-RC3-1g-i386-20110804-1327-nanobsd-upgrade.img.gz

    And as aspected, all (assigning interfaces) is working fine again.

    Thanks.</edit>

  • Console and web GUI URL update problem

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    jimpJ

    CF is so cheap these days you are probably safest to grab a config backup, ditch that CF, and re-image.

  • Load Balancing broken?

    Locked
    14
    0 Votes
    14 Posts
    4k Views
    S

    Figured I should follow up… This ended up not having anything to do with PFsense. It was an issue with squid 2.6, upgraded to 3.0 (separate box) and everything was stable again.

  • [SOLVED] 2.0-RC2 Both master on only one interface

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    E

    Thanks cmb, you solved the problem.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.