Archive for May, 2005

Captive Portal and Traffic Shaping to PF

Friday, May 27th, 2005

I’ve just finished up the conversion of Captive Portal from IPFW to PF. This basically leaves us dependent on IPFW for just Traffic Shaping now (ALTQ). However Bill has created a patch against PF that allows advanced branching to anchored tags that will allow us to still have our Traffic Shaper logic seperate from the firewall rules.

So in a nutshell the GUI won’t be changing but the backend will be changing a great deal! Prepare for a interesting weekend.


Sunday, May 22nd, 2005

I have to admit 6-Current seems to be really hooking us up. Not only do I have fewer patches to apply (ipfw altq, pf 3.7) it seems to have some massive architecture to deal with the locking situation. Our upload php add-on which refreshes every second or so use to take “5 clicks” to upload 27 megs but on the new version its only “2 clicks, or 2 refrehses vs 5)! This is really un-scientific but I see a pattern.

Hats off to the FreeBSD developers, we’re regaining lost 4.X ground!


Thursday, May 19th, 2005

After getting somewhat tired of Kernel Panics I decided to give FreeBSD 6 a whirl. So far it seems very stable and much faster. If you’d like to check it out visit this url for a full update.

Be sure to let me know how it goes. I’m heavily considering switching over to CURRENT and release pfSense around the time 6 gets released in the next couple months timeframe.

Problem city!

Tuesday, May 17th, 2005

Over the last week or so I was in BSDCan and a lot of amazing stuff has been added to pfSense. With the amazing new additions comes amazing new bugs so we are hard at work trying to fix them. Please stay put on you’re current version and if you’ve updated to 0.63.7+ you may want to consider downgrading to 0.63.6. We’ll send an email out once we get all the bugs squashed (or we tear all our hair out, whichever comes first).

Authentication system changes

Sunday, May 15th, 2005

While we’re still setup for HTTP Basic authentication, we’re no longer doing it at the web server level, it’s been moved to the PHP layer. This change will eventually allow us to move to a more robust authentication scheme that will allow for role based access and even offloading authentication to centralized servers (LDAP, RADIUS, SecurID, etc). Let us know if there are any problems (and please please let us know if somehow we missed a PHP file!) This does have the potential to impact security of the firewall so it’s important.

Calling for tutorial helpers!

Wednesday, May 4th, 2005

A great new program has been released called Wink that can help record “Tutorials”. I would like to formally request some help from some of our users to compile some helpful how-to tutorials. An example of a helpful tutorial would be in setting up carp for failover on an internal and external address. Things such as capturing the configuration of “Advanced Outbound Nat” would be pricess IMHO!

If you would like to help please help yourself in compiling the tutorial or give us an email requesting assistance, direction, etc.

Filtering bridge + Traffic Shaper

Sunday, May 1st, 2005

After a long wait Filtering Bridge + Traffic Shaping is now working correctly!

If you have a need for a bridged setup, give it a try!