Archive for June, 2005

Improved pfSync and misc other items

Wednesday, June 29th, 2005

Just located a rather interesting bug that could cause some interruptions during reboots if your using carp / pfsync. 0.68.5 addresses this issue and many other minor items.

We are winding down on all of the necessary features and looking towards a beta #1 product now!

Colin is hard at work on redoing the binary upgrade system adding in some rather interesting features. Stay tuned. We’re beta bound real soon!

Welcome to the 0.68.X series

Monday, June 27th, 2005

After a somewhat long habit of having to pull down updates due to defects we are happy to announce that the 0.68.X series is now posted and seems to be stable.

New in this series is:

  • Improved trafffic shaper with many presets for games, voip providers, etc
  • A completely rewritte package manager with the features required to take us forward
  • LiveCD that doubles as an installer. You can now try before “you buy” pfSense
  • New alerts system that can alert you of problems when you login
  • Certificate support imported from m0n0wall
  • Much more that I cannot recall now. Give it a try!


Saturday, June 11th, 2005

Scott and I commited code last night to get non-load balanced multiple WAN connections working. What this means is that you can now use the rules system to direct which link an arbitrary connection will go out.


  • On OPT2 I have a static IP’d 384/384 DSL connection
  • On WAN I have a dynamic IP 6000/768 cable connection
  • I’d prefer all my traffic to go through the cable connection except for my servers and a handful of things that require me to have a static IP.

Steps to make this work

  • On the interface screen for OPT2 put in a gateway address.
  • In the advanced outbound NAT screen set up NAT entries for your OPT2 and WAN interfaces with the traffic that you want going through it. In my case I create NAT entries for my DMZ and my LAN on the OPT2 interface and a NAT entry for the LAN on my WAN interface. This sets up the NAT side so that when traffic leaves through those interfaces it’ll use the right source address.
  • Now for the fun part, rules.
  • In the DMZ rules screen, I set up each pass rule to have the gateway on my OPT2 interface. Edit the rule and towards the bottom you’ll see a gateway option.
  • On the LAN rules screen, I create a couple rules to direct specific traffic out OPT2.
  • If the above rules aren’t created, the system will use your default gateway (the WAN gateway is considered default).

Give it a whirl!

New xml system tag introduced

Friday, June 10th, 2005

I just added a system->afterfilterchangeshellcmd xml tag.

This basically gets invoked after any filter or networking related changes and can help with situations such as this.


Wednesday, June 8th, 2005

This is so cool I’d thought I would share it with everyone.

m0n0mon is a neat tool that monitors snmp from m0n0wall and pfSense (will work for other devices as well) and shows a small graph in the tray and on your windows based box in real time.

Hat’s off to the developer.. Very neat idea!

New version posted!

Tuesday, June 7th, 2005

We have just posted 0.67.0 . There are many new improvements to this version including:

  • All kinds of new packaging (major rewrites by colin)
  • Many new options to the now renamed EZ Shaper Wizard from Magic Shaper Wizard by Bill and Scott
  • Many new improvements to the Service Manager from Scott
  • New UPNP package from Scott
  • Incoming and outgoing SHAPING via HFSC by Bill

Package system status report (and developer documentation)

Monday, June 6th, 2005

Over the past few days a lot of work on the package system has taken place. Major changes include:

  • Service manager from Scott.
  • XMLRPC for package information
  • Smarter installation and deinstallation utilities
  • Various performance improvements, code cleanups, and bugfixes.

Although we’ve tried to keep breakage to a minimum, look for issues with the new package code (and the packages themselves) in the next few versions. Those running the ro wrapsoekris image may be the most heavily impacted by this update. Be sure to file tickets for anything you spot at our bug tracker.

Also, we have begun to create developer documentation with robodoc. You can find the most recent set here.

Do you game?

Sunday, June 5th, 2005

If so help us out and do a little reseach and tell us what ports (tcp and udp) your favorite game uses. I’ve just added CounterStrike support to the new “Experimental Traffic Shaper Wizard”.

Here’s what the HFSC queues look like so far:

# pfctl -sq | grep Gam
queue qLANRoot bandwidth 3Mb priority 6 {qLANdef, qLANacks, qVOIPDown, qP2PDown, qGamesDown}
queue qGamesDown bandwidth 0 b priority 5 hfsc( red ecn )
queue qWANRoot bandwidth 300Kb priority 6 {qWANdef, qWANacks, qVOIPUp, qP2PUp, qGamesUp}
queue qGamesUp bandwidth 0 b priority 5 hfsc( red ecn )

Big thanks to Bill who has been working _HARD_ on getting us up and on HFSC and to do this _CORRECTLY_.

The evil version (0.66.6)

Saturday, June 4th, 2005

A new version has been posted that includes many new features/updates.

  • Based on freebsd current as of June 1st
  • Bill has commited a bunch of new code that removes ipfw from the traffic shaper. In addition there is a new traffic shaping wizard (this one is a real wizard) but is not linked in yet.
  • New bridge patch from Andrew.
  • All kinds of new graphics from Holger
  • Some minor package adjustments from Colin
  • A new captive portal from Scott

Give it a try and let us know what you think.

1U Rackmount VIA 1Ghz appliance

Wednesday, June 1st, 2005

Now that the dust is starting to settle on pfSense I was able to get the donated 1U 1GHZ mahchine from Hacom booted and working on pfSense. This unit is incredibly fast and you cannot even tell that the machine is powered on due to the fact that it’s incredibly quiet.

The specs are:
1U Rackmount VIA 1Ghz Nehemiah Padlock 2-10/100M LAN 1-Gigabit Ethernet Firewall/VPN/VoIP Platform

Thanks again to Hacom and we’ll keep pfSense running on this!