pfSense Support Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Atlantisman

Pages: [1] 2
1
So i followed the instructions found here:

https://forum.pfsense.org/index.php?topic=88940.msg491787#msg491787

Quote
I was playing around with a test box and was able to do the following:
1) Put a private IP on the WAN interface, left gateway empty.
2) Create a CARP VIP on the WAN with a public IP.
3) Go back to WAN interface, add gateway, put in public gateway IP.
4) Turned on AON, set CARP IP as outbound NAT.
I've yet to put this on a live segment and test failover, but it looks promising.

And i have this working. But i am trying to take it a step further and use gateway groups to bond connections and failover, the problem is that my gateways are reporting as down. If i apply a real public static ip back to the WAN interfaces the gateway reports as up once again.

This is probably because the outbound NAT is not applying to traffic sent from apinger, right? How would i fix this?

Thanks.

EDIT:

Nevermind, i think i figured it out. I just setup an outbound NAT rule that applies to the firewall (self) and NATs it to each of the CARP VIPs (1 rule for each WAN interface)

2
Routing and Multi WAN / Multi-Gateway on same interface
« on: November 24, 2015, 05:58:02 pm »
So,

Our ISP has given us two IP blocks with different paths to route across their network. So i would like to setup both gateways as a fail-over.

Is this possible to setup in pfsense? Is it done the same way with gateway groups with multiple interfaces?

Also, they do not support BGP, so that's not an option, but i am mostly worried about outbound traffic right now anyways.

Thanks.

3
Hello,

I recently upgraded from 2.1.x to 2.2.4 and ever since then i have been unable to establish a passive FTP connection from one LAN subnet to another. Here is how i have everything setup:

LAN1: 192.168.10.x
LAN2: 10.0.10.x

FTP server: 10.0.10.16

IPv4 *   LAN1 net   *   10.0.10.16   *   *   none       


As you can see i have a general allow any traffic rule to that specific server. and i can ping it and etc. I can also open an ftp connection to it, the results are attached.


Additionally, i can confirm it is indeed pfsense that is blocking this because if i move the ftp server to LAN1 i have no issues.

Does anyone know how to fix this? Or why this may be happening?

Thanks in advance!

EDIT: I have tried establishing the same FTP connection on multiple computers on LAN1 as well.

EDIT2: Forgot to clarify that i am needing to use passive mode in windows command line for legacy applications.

4
General Questions / pfsense IGMP issues? Not sure.
« on: July 17, 2014, 09:06:50 pm »
Pictured below is a constant IPTV stream going through pfsense(using IGMP Proxy). The problem is that pfsense seems to drop the stream every-so-often(causing the TV service to cut out), without reason.

This has been going on across multiple hardware platforms that i have loaded pfsense on.

Does anyone have any ideas as to why this could be happening?

5
IPsec / IPSec to AWS Problems
« on: July 01, 2014, 05:49:35 pm »
Hello,

I am setting up an IPSec tunnel between Amazon AWS and pfsense so i followed this http://www.seattleit.net/blog/pfsense-ipsec-vpn-gateway-amazon-vpc-bgp-routing/, as i have done in the past without problems, but haven't had online in a while.

Currently i am having a problem with OpenBGP it seems like. The IPSec tunnels come online, but i am unable to route any traffic through it. And i get the following in the OpenBGP status page:

Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
VPC                      7224          6          6     0 Never    Idle

Any suggestions would be great, i am running pfsense 2.1.3 i386


6
Hello,

I just added a second WAN connection to my setup but i am not able to route traffic through it here it what i have done:

Setup the interface with its static IP
Added the new ISP's Gateway to that interface (now pfsense can ping out from that interface)
Made a firewall rule that only applies to my computer and tried to push my traffic through it. This causes the internet to go out on my computer, i can ping the gateway still, but nothing past the gateway.

What am i doing wrong or missing here?


Thank you.

7
Packages / Snort Priority Blocking
« on: May 22, 2014, 04:30:33 pm »
Hello,

I was wondering if there was a way in snort to only block Priority 1 alerts and just ignore 2 and 3 when it comes to blocking?

Thanks.

8
Packages / Problem with Barnyard2
« on: May 21, 2014, 06:36:02 pm »
Hello,

I upgraded to the most recent snort packages and i am having a problem with getting barnyard2 to start here are the logs i get:

May 21 17:34:33   barnyard2[43706]: FATAL ERROR: database [ConvertReferenceCache()], Failed a call to snort_escape_string_STATIC() for string : [ET WEB_SERVER /bin/], Exiting.
May 21 17:34:26   barnyard2[43099]: Daemon parent exiting
May 21 17:34:25   barnyard2[43706]: Writing PID "43706" to file "/var/run/barnyard2_em154818.pid"
May 21 17:34:25   barnyard2[43706]: PID path stat checked out ok, PID path set to /var/run
May 21 17:34:25   barnyard2[43706]: Daemon initialized, signaled parent pid: 43099
May 21 17:34:25   barnyard2[43099]: Initializing daemon mode
May 21 17:34:25   barnyard2[43099]: INFO database: Defaulting Reconnect sleep time to 5 second
May 21 17:34:25   barnyard2[43099]: INFO database: Defaulting Reconnect/Transaction Error limit to 10
May 21 17:34:25   barnyard2[43099]: Log directory = /var/log/snort/snort_em154818
May 21 17:34:25   barnyard2[43099]: Barnyard2 spooler: Event cache size set to [8192]
May 21 17:34:25   barnyard2[43099]: Found pid path directive (/var/run)
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'DNP3_RESERVED_FUNCTION'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '0'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'protocol-command-decode'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '1'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'DNP3_RESERVED_ADDRESS'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '0'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'protocol-command-decode'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '1'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'DNP3_REASSEMBLY_BUFFER_CLEARED'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '0'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'protocol-command-decode'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '1'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'DNP3_DROPPED_SEGMENT'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec '0'. Ignored
May 21 17:34:25   barnyard2[43099]: WARNING: invalid Reference spec 'protocol-command-decode'. Ignored

I am connecting it to a mysql database that is on another host and has BASE configured on it for viewing the logs. Any help would be great.

Thanks.

9
IPv6 / Native IPV6 with DCHP6
« on: May 01, 2014, 04:05:22 pm »
Hello,

I am trying to get IP6 to work on my WAN connection, i know that my ISP (Google Fiber) native supports this but pfsense is not getting an address from them.

I am not super familiar with IP6 so it might be something really easy that i am just missing completely.

I have already activated dhcp6 on the interface, and in pfsense. i only get a link-local address.

Here is the command that i am using to try to debug this issue:

dhcp6c -d -D -f em1

which gives me the following result:

May/01/2014 14:59:52: get_duid: extracted an existing DUID from /var/db/dhcp6c_duid: 00:01:00:01:1a:f4:7b:cf:00:50:56:92:cb:8c
May/01/2014 14:59:52: dhcp6_ctl_authinit: failed to open /usr/local/etc/dhcp6cctlkey: No such file or directory
May/01/2014 14:59:52: client6_init: failed initialize control message authentication
May/01/2014 14:59:52: client6_init: skip opening control port
May/01/2014 14:59:52: cfparse: cfparse: fopen(/usr/local/etc/dhcp6c.conf): No such file or directory
May/01/2014 14:59:52: dhcp6_reset_timer: reset a timer on em1, state=INIT, timeo=0, retrans=383
May/01/2014 14:59:52: client6_send: a new XID (b4045b) is generated
May/01/2014 14:59:52: copy_option: set client ID (len 14)
May/01/2014 14:59:52: copy_option: set elapsed time (len 2)
May/01/2014 14:59:52: client6_send: send solicit to ff02::1:2%em1
May/01/2014 14:59:52: dhcp6_reset_timer: reset a timer on em1, state=SOLICIT, timeo=0, retrans=1088
May/01/2014 14:59:53: copy_option: set client ID (len 14)
May/01/2014 14:59:53: copy_option: set elapsed time (len 2)
May/01/2014 14:59:53: client6_send: send solicit to ff02::1:2%em1
May/01/2014 14:59:53: dhcp6_reset_timer: reset a timer on em1, state=SOLICIT, timeo=1, retrans=2151


The only way i have gotten it to work so far is with a 6to4 Tunnel, but i would like to get it working 100% native.

Thank you.

EDIT: Also, i am running pfsense 2.1.2 amd64

10
General Questions / IGMP Proxy with IPTV
« on: April 02, 2014, 02:37:17 am »
Hello,

I run the pfsense IGMP Proxy for my IPTV service, but it seems to be having issues every-so-often. It seems to cut out completely for at least 10-15 seconds, causing the TV service to skip and be generally terrible. When this happens i see my bandwidth usage drop on the live usage graphs. Does anyone have any idea what i could do to improve IGMP or have any other ideas of what could be causing this issue.

Thanks.

11
IPv6 / DCHP6 Enabled on WAN but no address
« on: February 27, 2014, 02:22:15 pm »
Hello,

I am trying to setup IPV6 on pfsense 2.1, i have enabled it on the interface and set it to DHCP but i do not get an address at all. I do not know much about IPV6 so maybe i am doing something wrong. I do know that my ISP does support IPV6 so it should work.

Thanks a lot in advance.

12
General Questions / IGMP Proxy Issues
« on: February 13, 2014, 02:12:29 pm »
Hello,

I have been experiencing a really strange problem. When i activate IGMP Proxying for my IPTV service it causes my wifi to be extremely spotty. Here is the documentation regarding IGMP Proxying that i have reviewed: http://pfsensesetup.com/igmp-proxy-configuration-in-pfsense/

If anyone can give any insight to this that would be awesome.

Thanks.

EDIT: i believe it has something to do with the way pfsense handles multicast traffic, but i am not sure what to do about it.

13
Wireless / Setting up IGMP Proxying causes wifi issues
« on: February 11, 2014, 10:56:59 pm »
Hello,

I have been experiencing a really strange problem. When i activate IGMP Proxying for my IPTV service it causes my wifi to be extremely spotty. Here is the documentation regarding IGMP Proxying that i have reviewed: http://pfsensesetup.com/igmp-proxy-configuration-in-pfsense/

If anyone can give any insight to this that would be awesome.

Thanks.

EDIT: i believe it has something to do with the way pfsense handles multicast traffic, but i am not sure what to do about it.

14
Firewalling / Upgraded to 2.1, now i cannot access other subnets on LAN
« on: February 05, 2014, 08:11:28 pm »
Hello,

I upgraded to pfsense 2.1, from 2.0.3 and now i cannot access other subnets that my pfsense machine handles.  i.e. if i am on 192.168.2.X and i want to access a machine in the DMZ at 10.0.0.X i am not able to do that. But i can ping pfsense's interface on that subnet (10.0.0.1).

I am not sure what is causing this but i have tried putting allow all rules in the firewall without luck.

If someone could give me any suggestions that would be greatly appreciated.

15
General Questions / 802.1p/q pfsense setup
« on: January 23, 2014, 04:58:30 pm »
Hello, I was wondering if anyone had any idea about how to complete any of the following steps on pfsense 2.0.3?

1. Wan should be on vlan2.
2. DHCP traffic should have 802.1p bit = 2
3. IGMP traffic should have 802.1p bit = 6
4. All other internet traffic 802.1p bit = 3

Thanks.

Pages: [1] 2