Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Efonne

Pages: [1]
Wireless / MOVED: restrict bandwith for cp users
« on: September 17, 2012, 03:32:48 am »

NAT / MOVED: 1000mbps Router
« on: November 30, 2011, 01:35:06 pm »

If your Alix is displaying #'s constantly instead of booting, it most likely needs a BIOS update.  Instructions are here:

The pfSense 2.0 beta NanoBSD snapshots do not currently use the correct update URL, so they will always say there is an update available.  However, there are currently no auto update snapshots actually being generated for the NanoBSD platform to use on the System: Firmware: Auto Update page, so this notification has no meaning on NanoBSD at the moment.

For reference, the correct auto update URL should be if/when they are available.

Manual update is still available in the webConfigurator or on the console, using snapshots from

As of snapshot builds after this post, there is an NAT reflection implementation included for 1:1 NAT mappings.  It has a separate option in the same area as the other, and like the other it is not enabled by default.  If you want to test it out, enable it by unchecking the box, and let me know if there are any issues (either by posting here or filing a bug report).

The implementation is different than the current implementation used for port forwards (though reflection on port forwards may use an updated version of this implementation in the future).  It should be more efficient in both CPU and RAM utilization since it is implemented entirely with pf rules, rather than having to use an external program, spawning a new process for each connection, in addition to still needing to forward the packets to that program in the first place.

As a part of a rewrite I'm working on for a certain part of, it needs to know which interface would be used for connections to a given IP address outside of the router.  Is there already a defined function or other existing way of doing it?  Preferably the result should match with what the base system would decide, including if there are any additional routes that should be considered.

This work is on 2.0, so anything available in the latest code is fair game here.


Actually, just finding which interface it is accessed through, of the networks directly accessible, probably would be fine.

I have the latest fixes for NAT reflection in 2.0 and it is working fine if I enter in an IP address directly in the port forward rule.  However, if I use an alias instead of the IP address, that alias ends up in inetd.conf and then the entry doesn't work, giving this error over the connection: "nc: getaddrinfo: hostname nor servname provided, or not known"

Sample non-working line:

Code: [Select]
19000 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 $mywebserver 80
If I change the port forward to use the actual IP address instead of the alias, I get this in inetd.conf instead and then it works:

Code: [Select]
19000 stream tcp nowait/0 nobody /usr/bin/nc nc -w 2000 80
I don't really know whether inetd.conf can or cannot use the aliases in some way, but for now I'm assuming it can't.  On my own pfSense box, I've modified the function in that adds rules for NAT reflection so that it resolves the aliases, and now NAT reflection appears to be working as it is supposed to.

I had been wondering why the RRD quality graphs hadn't been working for me, but then I was looking through the scripts related to RRD graphs and found no mention of the quality graphs at all in /var/db/rrd/ nor in the part of /etc/inc/ that generates the script.  When did this get removed?  Or is there another script somewhere that is supposed to handle it?

I am currently using pfSense-2.0-BETA1-512mb-20100122-0133-nanobsd, but I haven't seen it working in any of the builds I've tried in the past month (I hadn't tried any earlier ones, though).

Is support for virtual access points planned for inclusion in the 2.0 release?

Would there currently be any way of a creating a virtual access point from the console and then being able to configure it from the web GUI?

By the way, the notes for the ath driver in FreeBSD 8.0 do suggest that the card I'm using should work with the feature (Atheros 5212 chipset).

I am using an Alix 2c3 with a TP-Link TL-WN660G wireless card.  My WAN is vr0, LAN is bridge0 (OPT1 + OPT2), OPT1 is vr1, OPT2 is ath0, and OPT3 is vr2.  On the configuration pages for OPT1 and OPT2, they both have "None" assigned on the "Type" field.

This has been working great, except that when I save changes to OPT1 or OPT2 there are issues if I click the button to apply the changes (probably related to this bug: ), but no issues if I do a restart instead.  If I do click apply, my LAN interface (the bridge) loses its IP address and even if I set the IP address back, there are still some issues until it is restarted.  In addition to that bug, if I clicked apply it results in there being no menu on the serial console on the next and any subsequent reboots (but boot messages and some system messages still appear).  At this point it was also frequently showing errors in the system log about something like not being able to initialize the console.

A configuration saved from when this is occurring does not cause this issue in an installation that has a properly working serial console menu, and it cannot be fixed by restoring a configuration backup from before or resetting to defaults.  I can fix it by going back to my 1.2.3 release slice and doing the upgrade again (which requires restoring my 1.2.3 config before rebooting into 1.2.3, or the interfaces won't be configured in a working state and the serial console won't recognize any commands, just giving some errors and outputting the menu again each time I try a command).  After upgrading I restore my 2.0 config back onto it.  I must perform the upgrade from the 1.2.3 slice because it gives some type of disk full error if I try to upgrade from a 2.0 build.

Because of these two issues, I've been restarting the system instead of clicking apply whenever I make changes to the wireless configuration.

I'm currently using the pfSense-2.0-BETA1-512mb-20100106-1014-nanobsd build (upgraded from 1.2.3 release, but using a fresh config afterward instead of an upgraded one) and may soon try a more recent build, but this issue has existed in more than one build I've used so far.

Pages: [1]