Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Pakken

Pages: [1]
DHCP and DNS / DHCP and wireless clients
« on: March 03, 2016, 11:10:33 am »
Hi, I'm currently running a pfsense custom made box with a Supermicro A1SAi-2550F, 60GB SSD and a quad gigabit intel network pci-e card. At the moment I'm happily running 2.3 beta snapshot without any kind of problems. The only thing I can't get to work properly, even though I doubt it's pfsense-related, is dhcp with wireless clients, mostly phones and tablets.

I have 2 wireless AP at the 2 extreme edges of the building, on the same vlan, so that clients are roaming between channel 6-11.
Sometimes, mostly when a client gets away and comes back in wireless range later on, they can't get a dhcp lease anymore.
On pfsense system logs I can clearly see that the client requests an IP, the pfsense' dhcp server offers an IP but then there's no bloody way the dhcpack process completes.

Mar 3 17:56:08    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:56:08    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:56:06    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:56:06    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:56:05    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:56:04    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:43    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:43    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:35    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:35    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:27    dhcpd       DHCPOFFER on to 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20
Mar 3 17:54:27    dhcpd       DHCPDISCOVER from 04:4b:ed:22:5d:3c (iPhone-6s) via lagg0_vlan20

And this goes on and on forever until I reboot the AP. Once it's rebooted the clients are once again able to get a lease but as soon as they get off the wireless range and jump in again everything breaks again.

Even though I know this is unlikely to be a pfsense issue (cabled clients work like a charm) I just wanted to know if anyone of you ever faced this problem.
Thank you in advance :)

Routing and Multi WAN / Static routes and multiwan
« on: May 26, 2015, 09:37:22 am »
I'm currently working with a multiwan (2 dsl and 1 high-speed wireless wan link with a /29 routed static ip class) pfsense setup.

Given the fact the 2 dsl links external ip's are dynamically assigned by my isp, I need to ensure that some traffic goes straight through the other gateway due to access lists based on external ip set on the remote endpoint.

That said, I'm used to work with Fortinet firewalls and, to achieve this, all you need to do is add a static route with the destination IP and the internal gateway you wish to pass traffic to.
All I could see so far is that this won't work with pfsense. Is PBR and perhaps an "apply instantly on hit" flag the only way to achieve this in Pfsense?

Thank you in advance

Hey there, in pfsense 2.1.5 I've got a pretty simple setup (2 wans, 3 lans and a dmz) with a couple of web servers, and multiple websites, behind a pfsense virtual firewall (ESX) and squid3 set to work in reverse proxy mode. Everything's fine.

Same setup on a 2.2 setup won't work. Neither does with the last squid3 release/package.
Everytime I try to bind it to listen on port 80, I get an error message saying I need to lower net.inet.portrange.first from 1024 to 0, which I did at least 20 times ;D with no results, tried restarting squid-restarting the entire vm, no results.
In the squid's log all I get is a permission denied when trying to bind on port 80.

Is this a known issue?
Thank you for all your hard work, everything but squid is running great on 2.2RC.


Italiano / Proxy+Reverse Proxy+Adsense
« on: December 12, 2014, 02:43:45 am »
Buongiorno a tutti, brevemente il mio problema questo:
Ho un pfsense multiwan e diverse lan interne, un server esx con su, tra le altre cose, un webserver (centos). Le due LAN principali, quelle destinate alle utenze, navigano dietro un proxy squid mentre i siti web hostati sul webserver in questione sono pubblicati sul web sempre grazie al reverse proxy interno di squid.
Uno dei portali web in questione, registrato su adsense, dovrebbe visualizzare in una precisa posizione i classici banner pubblicitari. Cos , correttamente, se il sito viene visualizzato dall'esterno. Dall'interno, lo stesso sito ovviamente risolto su un ip locale della DMZ. Ora il problema il seguente: sui client che navigano dietro al proxy, i banner pubblicitari non funzionano, sulle subnet di "management"che hanno navigazione diretta e non filtrata da squid, il problema non si presenta.

Avete idea di che diavolo possa essere? Ho disabilitato ogni regola di blacklist o cose simili ma il problema persiste.
Grazie in anticipo

Italiano / dritte su configurazione pfsense
« on: April 22, 2014, 06:58:29 am »
Ciao a tutti, premetto che non ho alcun tipo di esperienza pregressa su questo tipo di cose e vorrei capire se ci che ho in mente di fare tecnicamente fattibile.
Ho un piccolo server basato su Windows server 2008r2 che controlla un dominio AD ed ospita, tra le altre cose, un sito web (database annessi) ed alcuni servizi come TeamSpeak. Il server ha su installato un server dhcp e dns.

Il server in questione dotato di due schede di rete, una con ip che va verso un router e una seconda con ip che ospita i client della lan e sulla quale vengono assegnati tramite reservation gli ip in dhcp per i client.
Siccome ho da poco una seconda linea adsl, mi piacerebbe sfruttare il load balancing sulle due linee ed avevo pensato di interporre al tutto una macchina virtuale (vmware) con pf sense che mi faccia da router multiwan e firewall.

Quanto fattibile la cosa? Sapreste indicarmi a grosse linee come dovrei impostare il tutto, almeno nella fase di configurazione iniziale ed assegnazione degli ip/NIC senza andare a toccare gli ip e classi di ip sul server?

EDIT: sul server ci sono anche alcune macchine virtuali per la gestione di servizi di posta e stampa, ognuna delle quali con un suo indirizzo ip interno appartenente alla lan.

Pages: [1]