pfSense Support Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Pakken

Pages: 1 [2] 3
16
Cache/Proxy / Re: squid 0.3.9.2 ICAP protocol error.
« on: October 12, 2015, 08:10:31 am »
I actually managed to get it going by deleting all of the advanced feature .conf

Stop&Start antivirus service and everything's fine. I must admit I didn't further investigate the issue but it's worth a try.
By the way, great job doktornotor, seriously.
Bye

17
Routing and Multi WAN / Re: Static routes and multiwan
« on: May 27, 2015, 03:21:50 am »
There are no downsides I guess, it's just pfsense behaviour that puts policy routing above static routing, which is the opposite on what happens in fortinet units for example.
It's just a matter of what you're used to :)

Thank you, have a nice day!


18
Routing and Multi WAN / Re: Static routes and multiwan
« on: May 26, 2015, 12:25:05 pm »
Thanks for the answer, but making it work wasn't even close to be a problem. My question was more related to: is PBR the only viable way to route traffic across multiple gateways in pfsense? Thank you!

19
Routing and Multi WAN / Static routes and multiwan
« on: May 26, 2015, 09:37:22 am »
I'm currently working with a multiwan (2 dsl and 1 high-speed wireless wan link with a /29 routed static ip class) pfsense setup.

Given the fact the 2 dsl links external ip's are dynamically assigned by my isp, I need to ensure that some traffic goes straight through the other gateway due to access lists based on external ip set on the remote endpoint.

That said, I'm used to work with Fortinet firewalls and, to achieve this, all you need to do is add a static route with the destination IP and the internal gateway you wish to pass traffic to.
All I could see so far is that this won't work with pfsense. Is PBR and perhaps an "apply instantly on hit" flag the only way to achieve this in Pfsense?

Thank you in advance


20
General Questions / Re: Periodic since 2.2 pages load blank, certs invalid
« on: February 09, 2015, 06:32:10 am »
So far happened only one time for me.
After enabling dnssec and disabling all the forwards to public dns servers it seems to be fixed.
In addition, I've created a floating rule to block every local subnet to that 195.22.0.0 range.

Will keep you updated.
To be honest the strange thing is that in a couple of years of pfsense pre-2.2 and dnsmasq this never happened.
The problem appeared straight after upgrading to 2.2 and dnsresolver even tho, once again, only happened one time so far to me.

Best regards

21
General Questions / Re: pfSense 2.2 on VMware ESXi 5.5 hangs
« on: February 05, 2015, 04:08:25 pm »
Just to add an additional feedback, I've been running pfsense on ESXi 5.5 for more than a year without any kind of problem.
Started with pfsense 2.1, updated to 2.2 1 month ago.

2 vcpu out of an octa-core dual Xeon setup, 1 GB ram and 20GB hard drive space on a blazingly fast SSD drive. Open vm tools installed.
Not much to say but the fact that pfsense is running smooth 24/7.

Happily upgraded v-nics to vmxnet3 (data transfer across networks routed through the fw and throughput stability improved by a fair amount) upon upgrading to 2.2 build. :)





22
God, and I thought I was the only one having this problem since I came up reading this thread.

Any news about that? Same invalid cert, same google dns.
Spent the last night trying to figure out what the he** could have happened.

23
That's the problem then... :)

24
Thank you for your answer, yes I did. Looks like a bug tbh

25
Fresh install, didn't try the NAT redirect setup yet, but when trying to bind everything above port 1024 doesn't seep to pop up errors.
The strange thing is that the above mentioned system tunable seems to have no impact even if the reverse proxy clearly states that lowering the value to 0 should solve the problem.
Thank you.
:)

26
Hey there, in pfsense 2.1.5 I've got a pretty simple setup (2 wans, 3 lans and a dmz) with a couple of web servers, and multiple websites, behind a pfsense virtual firewall (ESX) and squid3 set to work in reverse proxy mode. Everything's fine.

Same setup on a 2.2 setup won't work. Neither does with the last squid3 release/package.
Everytime I try to bind it to listen on port 80, I get an error message saying I need to lower net.inet.portrange.first from 1024 to 0, which I did at least 20 times ;D with no results, tried restarting squid-restarting the entire vm, no results.
In the squid's log all I get is a permission denied when trying to bind on port 80.

Is this a known issue?
Thank you for all your hard work, everything but squid is running great on 2.2RC.

Luca

27
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.

From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.

Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)

Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?


I did a basic setup and I'm able to get 'Unable to forward this request at this time.' error... The way I have my test VM setup, it wont be able to send to any external servers... What I did notice is that it couldn't bind to port 80. I was able to change the port to 9080 and it was able to bind with it.  So I think its working but something is preventing it from binding with port 80. My normal practice for reverse proxy is setup a WAN NAT Port 80 redirect it to loopback:9080. Have a reverse proxy listen to loopback:9080... Maybe something like that will work for you?

Noticed this in the squid.log

2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 35 to 192.168.0.70:80: (13) Permission denied
2015/01/11 18:51:15 kid1| commBind: Cannot bind socket FD 36 to 192.168.120.128:80: (13) Permission denied

Thank you for those infos.  :)
I've usually never set up a NAT rule to make reverse proxy work properly.
All I had to do was pulling out a wan rule with destination wan address on port 80/443, and everything was ready to go.
That's pretty strange. Will see what I can get out of it.
Cheers!

28
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.

From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.

Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)

Quoting myself, anyone tried Squid's reverse proxy within the new 0.2.2 package yet?


29
just a wild guess, compare your advanced settings under system. I think you have to disable the web GUI redirect

That's the first thing I've checked.
The reverse proxy part seems to be broken, at least for me, at the moment.

30
Nothing particular that could point me in the right direction so far.
To be fairly honest, I didn't test it like it should be so can't say much so far.

From what I've seen it will always try to forward pfsense webgui on the external FQDN, regardless of what you've set on the backend servers/redirets/mappings etc.

Again, I doubt it's a matter of settings since the same net, same webservers and so on are working right now on 2.1.5.
Will try to provide you some more informations as soon as I can.
Cheers ;)


Pages: 1 [2] 3