firewall blocking legit traffic

Discussion:

Brad Gillette

2009-03-12 02:25:37 UTC

I am using pfSense as transparent briding firewall and overall is working
pretty good and how I want it to work except for some traffic that is coming
in on my LAN interace is being blocked by the 'default deny rule'. I'm
allowing all traffic that is generated on the LAN side to leave. I see
where some others have ran into a similar problem. I do run 2 different IP
subnets on my LAN and a router on the WAN side of the pfSense box routes
between. Some of the traffic between the 2 subnets is getting blocked and
some gets passed just fine.

Gary Buckmaster

2009-03-12 13:40:08 UTC

Permalink

Brad Gillette wrote:
> I am using pfSense as transparent briding firewall and overall is
> working pretty good and how I want it to work except for some traffic
> that is coming in on my LAN interace is being blocked by the 'default
> deny rule'. I'm allowing all traffic that is generated on the LAN
> side to leave. I see where some others have ran into a similar
> problem. I do run 2 different IP subnets on my LAN and a router on
> the WAN side of the pfSense box routes between. Some of the traffic
> between the 2 subnets is getting blocked and some gets passed just fine

This is typically a misconfiguration in your firewall rules. By default
the LAN is in a default allow state. If you are bumping up against the
default deny rule, then you are either using an OPT interface as a LAN,
which is fine, just realize that all OPT interfaces come in a default
deny state, and make your firewall rules accordingly.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Brad Gillette

2009-03-12 13:50:52 UTC

Permalink

How can I tell if my LAN is on a opt interface?

On Thu, Mar 12, 2009 at 8:40 AM, Gary Buckmaster <gary-+oj2b/mWtm+O2/***@public.gmane.org
> wrote:

> Brad Gillette wrote:
>
>> I am using pfSense as transparent briding firewall and overall is working
>> pretty good and how I want it to work except for some traffic that is coming
>> in on my LAN interace is being blocked by the 'default deny rule'. I'm
>> allowing all traffic that is generated on the LAN side to leave. I see
>> where some others have ran into a similar problem. I do run 2 different IP
>> subnets on my LAN and a router on the WAN side of the pfSense box routes
>> between. Some of the traffic between the 2 subnets is getting blocked and
>> some gets passed just fine
>>
>
> This is typically a misconfiguration in your firewall rules. By default
> the LAN is in a default allow state. If you are bumping up against the
> default deny rule, then you are either using an OPT interface as a LAN,
> which is fine, just realize that all OPT interfaces come in a default deny
> state, and make your firewall rules accordingly.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

Gary Buckmaster

2009-03-12 14:07:24 UTC

Permalink

Brad Gillette wrote:
> How can I tell if my LAN is on a opt interface?
>
> On Thu, Mar 12, 2009 at 8:40 AM, Gary Buckmaster
> <gary-+oj2b/mWtm+O2/***@public.gmane.org <mailto:gary-+oj2b/mWtm+O2/***@public.gmane.org>> wrote:
>
> Brad Gillette wrote:
>
> I am using pfSense as transparent briding firewall and overall
> is working pretty good and how I want it to work except for
> some traffic that is coming in on my LAN interace is being
> blocked by the 'default deny rule'. I'm allowing all traffic
> that is generated on the LAN side to leave. I see where some
> others have ran into a similar problem. I do run 2 different
> IP subnets on my LAN and a router on the WAN side of the
> pfSense box routes between. Some of the traffic between the 2
> subnets is getting blocked and some gets passed just fine
>
>
> This is typically a misconfiguration in your firewall rules. By
> default the LAN is in a default allow state. If you are bumping
> up against the default deny rule, then you are either using an OPT
> interface as a LAN, which is fine, just realize that all OPT
> interfaces come in a default deny state, and make your firewall
> rules accordingly.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> <mailto:support-unsubscribe-***@public.gmane.org>
> For additional commands, e-mail: support-help-***@public.gmane.org
> <mailto:support-help-***@public.gmane.org>
>
> Commercial support available - https://portal.pfsense.org
> <https://portal.pfsense.org/>
>
>
You said you run two different IP subnets on your LAN, how are you
accomplishing this? Through a physically separate card or some other
means? This is likely to be the starting point to your issue.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Brad Gillette

2009-03-12 14:20:52 UTC

Permalink

The router on the WAN side of my pfsense box routes between the 2
subnets....my private numbers are nat'd behind one of my public numbers for
access to the internet but the router has a static route setup to to route
traffic between the subnets.

On Thu, Mar 12, 2009 at 9:07 AM, Gary Buckmaster <gary-+oj2b/mWtm+O2/***@public.gmane.org
> wrote:

> Brad Gillette wrote:
>
>> How can I tell if my LAN is on a opt interface?
>>
>> On Thu, Mar 12, 2009 at 8:40 AM, Gary Buckmaster <
>> gary-+oj2b/mWtm+O2/***@public.gmane.org <mailto:gary-+oj2b/mWtm+O2/***@public.gmane.org>> wrote:
>>
>> Brad Gillette wrote:
>>
>> I am using pfSense as transparent briding firewall and overall
>> is working pretty good and how I want it to work except for
>> some traffic that is coming in on my LAN interace is being
>> blocked by the 'default deny rule'. I'm allowing all traffic
>> that is generated on the LAN side to leave. I see where some
>> others have ran into a similar problem. I do run 2 different
>> IP subnets on my LAN and a router on the WAN side of the
>> pfSense box routes between. Some of the traffic between the 2
>> subnets is getting blocked and some gets passed just fine
>>
>>
>> This is typically a misconfiguration in your firewall rules. By
>> default the LAN is in a default allow state. If you are bumping
>> up against the default deny rule, then you are either using an OPT
>> interface as a LAN, which is fine, just realize that all OPT
>> interfaces come in a default deny state, and make your firewall
>> rules accordingly.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
>> <mailto:support-unsubscribe-***@public.gmane.org>
>> For additional commands, e-mail: support-help-***@public.gmane.org
>> <mailto:support-help-***@public.gmane.org>
>>
>> Commercial support available - https://portal.pfsense.org
>> <https://portal.pfsense.org/>
>>
>>
>> You said you run two different IP subnets on your LAN, how are you
> accomplishing this? Through a physically separate card or some other means?
> This is likely to be the starting point to your issue.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

Brad Gillette

2009-03-12 22:50:39 UTC

Permalink

I looked at my interfaces....I have a WAN and LAN interfaces. My specific
problems are connections from clients to my Novell Netware
servers.....pfSense is apparently blocking traffic when a connection is
already established or won't keep a connection alive. I also run an inhouse
instant messaging system and I see traffic from the clients to the server
get blocked, it works so some traffic gets through.

Alex

2009-03-14 15:42:47 UTC

Permalink

On Fri, Mar 13, 2009 at 12:50 AM, Brad Gillette <brad-***@public.gmane.org> wrote:
> pfSense is apparently blocking traffic when a connection is
> already established or won't keep a connection alive.

Yep. I have exactly the same problem on 1.2.1. pfSense seems that it
can't track the state of the connections made on the same interface
but belong to different networks. It initially allows the connection
as it is in the rules but later on *some* packets are dropped by the
default rule even if there is an "Allow All" rule before it.

Enabling "Static Route Filtering" to bypass firewall rules for traffic
on the same interface didn't work for this problem.

I also faced this problem with a Linux/Netfilter firewall but didn't
try it on anything else yet (not even on pfSense 1.2.2).

As a workaround I routed the traffic from the L3 switch before
reaching pfSense but that left me with limited filtering capabilities
:/

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Brad Gillette

2009-03-15 00:57:43 UTC

Permalink

Well thanks Alex....there is definitely a problem. I am going to be forced
to configure my setup in a more complex way. The beauty of the way I wanted
is that the pfSense could simply be taken out of line in case of problems
and although my network would be left unprotected at least it would continue
to work with no reconfiguration of any other equipment.

I've ran into another problem...when I change the LAN ip address, it appears
that the firewall rule for the LAN has to be changed. The default rule that
exists there, LAN Net to any, doesn't work anymore and has to changed to
reflect the subnet of the new range.

Oh well...its a work in progress....I wonder if there is a way to disabe
'stateful packet inspection'.

But anyways, just like you are saying...Initial connections seem to work
great in most cases but eventually will quit working. My Novell clients end
up having problems talking to my servers and I have another client/server
(library card catalog) that refuses to talk at all.

On Sat, Mar 14, 2009 at 10:42 AM, Alex <alex.tsr-***@public.gmane.org> wrote:

> On Fri, Mar 13, 2009 at 12:50 AM, Brad Gillette <brad-***@public.gmane.org>
> wrote:
> > pfSense is apparently blocking traffic when a connection is
> > already established or won't keep a connection alive.
>
> Yep. I have exactly the same problem on 1.2.1. pfSense seems that it
> can't track the state of the connections made on the same interface
> but belong to different networks. It initially allows the connection
> as it is in the rules but later on *some* packets are dropped by the
> default rule even if there is an "Allow All" rule before it.
>
> Enabling "Static Route Filtering" to bypass firewall rules for traffic
> on the same interface didn't work for this problem.
>
> I also faced this problem with a Linux/Netfilter firewall but didn't
> try it on anything else yet (not even on pfSense 1.2.2).
>
> As a workaround I routed the traffic from the L3 switch before
> reaching pfSense but that left me with limited filtering capabilities
> :/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

Chris Buechler

2009-03-15 04:05:21 UTC

Permalink

On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <brad-***@public.gmane.org> wrote:
>
> I've ran into another problem...when I change the LAN ip address, it appears
> that the firewall rule for the LAN has to be changed. The default rule that
> exists there, LAN Net to any, doesn't work anymore and has to changed to
> reflect the subnet of the new range.
>

LAN subnet as specified in firewall rules changes when the LAN subnet
changes. If you are using that rather than specifying the actual
network, it will properly update automatically when you apply changes
on a LAN IP change. I've done that on numerous occasions and just did
it again and verified it does update properly.

> I wonder if there is a way to disabe
> 'stateful packet inspection'.
>

Add rules with "no state". What most people run into is asymmetric
routing as someone noted earlier in this thread. If the firewall
doesn't see both directions of the network traffic, it can't properly
stateful filter. In 1.2.1 and newer it's tighter as the newer pf
defaults to flags S/SA on pass rules.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Brad Gillette

2009-03-15 13:01:09 UTC

Permalink

Do I need to change rules on the LAN side only to 'no state'?

On Sat, Mar 14, 2009 at 11:05 PM, Chris Buechler <cmb-***@public.gmane.org> wrote:

> On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <brad-***@public.gmane.org>
> wrote:
> >
> > I've ran into another problem...when I change the LAN ip address, it
> appears
> > that the firewall rule for the LAN has to be changed. The default rule
> that
> > exists there, LAN Net to any, doesn't work anymore and has to changed to
> > reflect the subnet of the new range.
> >
>
> LAN subnet as specified in firewall rules changes when the LAN subnet
> changes. If you are using that rather than specifying the actual
> network, it will properly update automatically when you apply changes
> on a LAN IP change. I've done that on numerous occasions and just did
> it again and verified it does update properly.
>
>
> > I wonder if there is a way to disabe
> > 'stateful packet inspection'.
> >
>
> Add rules with "no state". What most people run into is asymmetric
> routing as someone noted earlier in this thread. If the firewall
> doesn't see both directions of the network traffic, it can't properly
> stateful filter. In 1.2.1 and newer it's tighter as the newer pf
> defaults to flags S/SA on pass rules.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

Brad Gillette

2009-03-15 15:25:53 UTC

Permalink

Update....turned the state type to 'none' on lan side only, wan side only,
both wan and lan....still getting the same results.

On Sun, Mar 15, 2009 at 8:01 AM, Brad Gillette <brad-***@public.gmane.org>wrote:

> Do I need to change rules on the LAN side only to 'no state'?
>
>
> On Sat, Mar 14, 2009 at 11:05 PM, Chris Buechler <cmb-***@public.gmane.org> wrote:
>
>> On Sat, Mar 14, 2009 at 8:57 PM, Brad Gillette <brad-***@public.gmane.org>
>> wrote:
>> >
>> > I've ran into another problem...when I change the LAN ip address, it
>> appears
>> > that the firewall rule for the LAN has to be changed. The default rule
>> that
>> > exists there, LAN Net to any, doesn't work anymore and has to changed to
>> > reflect the subnet of the new range.
>> >
>>
>> LAN subnet as specified in firewall rules changes when the LAN subnet
>> changes. If you are using that rather than specifying the actual
>> network, it will properly update automatically when you apply changes
>> on a LAN IP change. I've done that on numerous occasions and just did
>> it again and verified it does update properly.
>>
>>
>> > I wonder if there is a way to disabe
>> > 'stateful packet inspection'.
>> >
>>
>> Add rules with "no state". What most people run into is asymmetric
>> routing as someone noted earlier in this thread. If the firewall
>> doesn't see both directions of the network traffic, it can't properly
>> stateful filter. In 1.2.1 and newer it's tighter as the newer pf
>> defaults to flags S/SA on pass rules.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
>> For additional commands, e-mail: support-help-***@public.gmane.org
>>
>> Commercial support available - https://portal.pfsense.org
>>
>>
>

Vaughn L. Reid III

2009-03-25 13:16:15 UTC

Permalink

I have a pfsense router configured with the following WAN setup. It's
running 1.2.2.

Wan Physical Interface Contains:
WAN is mapped to the default untagged interface (I know this isn't a
completely normal setup with VLAN's also on the interface too, but it's
a legacy setup I've inherited and am not currently able to change)
WAN2 through WAN5 are mapped to 802.1q VLANS on this same physical interface

With this configuration, I have noticed the following behavior when
viewing traffic RRD graphs:
The WAN interface in the RRD page shows the sum of all traffic on the
actual physical interface, including the VLAN traffic.
Each WAN interface VLAN shows only the traffic on that VLAN.

Is this a bug, or is this expected behavior?

Thanks,

Vaughn Reid III

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chris Buechler

2009-03-25 19:50:49 UTC

Permalink

On Wed, Mar 25, 2009 at 9:16 AM, Vaughn L. Reid III
<vaughn_reid_iii-***@public.gmane.org> wrote:
> I have a pfsense router configured with the following WAN setup. It's
> running 1.2.2.
>
> Wan Physical Interface Contains:
> WAN is mapped to the default untagged interface (I know this isn't a
> completely normal setup with VLAN's also on the interface too, but it's a
> legacy setup I've inherited and am not currently able to change)
> WAN2 through WAN5 are mapped to 802.1q VLANS on this same physical interface
>
> With this configuration, I have noticed the following behavior when viewing
> traffic RRD graphs:
> The WAN interface in the RRD page shows the sum of all traffic on the actual
> physical interface, including the VLAN traffic.
> Each WAN interface VLAN shows only the traffic on that VLAN.
>
> Is this a bug, or is this expected behavior?
>

Expected, there is no way to differentiate between tagged and untagged
traffic. It's showing you the traffic that's passing over that
interface, which includes the VLANs assigned as other interfaces. You
shouldn't use the parent interface with VLANs (for reasons completely
unrelated to this, and not product/vendor specific). I would plan to
change that, or just live with the understanding that the parent
interface will always have the sum of all VLAN traffic and that your
network is possibly open to VLAN hopping from tagged to parent
interface.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Vaughn L. Reid III

2009-03-25 21:07:12 UTC

Permalink

Thanks for the confirmation that I'm experiencing expected behavior. I
thought that was the case, but I wanted to be sure.

Vaughn III

Chris Buechler wrote:
> On Wed, Mar 25, 2009 at 9:16 AM, Vaughn L. Reid III
> <vaughn_reid_iii-***@public.gmane.org> wrote:
>
>> I have a pfsense router configured with the following WAN setup. It's
>> running 1.2.2.
>>
>> Wan Physical Interface Contains:
>> WAN is mapped to the default untagged interface (I know this isn't a
>> completely normal setup with VLAN's also on the interface too, but it's a
>> legacy setup I've inherited and am not currently able to change)
>> WAN2 through WAN5 are mapped to 802.1q VLANS on this same physical interface
>>
>> With this configuration, I have noticed the following behavior when viewing
>> traffic RRD graphs:
>> The WAN interface in the RRD page shows the sum of all traffic on the actual
>> physical interface, including the VLAN traffic.
>> Each WAN interface VLAN shows only the traffic on that VLAN.
>>
>> Is this a bug, or is this expected behavior?
>>
>>
>
> Expected, there is no way to differentiate between tagged and untagged
> traffic. It's showing you the traffic that's passing over that
> interface, which includes the VLANs assigned as other interfaces. You
> shouldn't use the parent interface with VLANs (for reasons completely
> unrelated to this, and not product/vendor specific). I would plan to
> change that, or just live with the understanding that the parent
> interface will always have the sum of all VLAN traffic and that your
> network is possibly open to VLAN hopping from tagged to parent
> interface.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chuck Mariotti

2009-03-26 03:31:26 UTC

Permalink

I have the option of staying/working from a home on a the Lake for a number of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately, the only internet access is dialup, which is not acceptable (of course).

After much poking around, I borrowed my wife's iPhone, went up to the highest point in the house, stuck it up against each window, and low and behold with one of those windows... one bar of 3G. 3G / Edge jumped In and Out, but it was definitely there. Some tests were pretty good... 2mbit down, 500kup... others, pretty bad... very bad... 3G signal would go down, etc... but it's there!

The one problem is, there are no leaves on the trees yet... and it's just one bar of signal. So I imagine it will get worse in a couple of months time.

Second problem is, that the wireless provider here (Rogers) sells a USB Stick that will give me 3G Internet Access (like the iPhone). Model Ovation MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern is that this thing is as bad or Worse than the iPhone for receiving 3G signals. I would really like to not have to worry about signals here. Does anyone know if the antenna on this thing is significantly better than an iPHone? Will I get 0 bars or 5 bars?

Third Problem is, I have more than one computer. I'd like to share this connection. This is where pfSense comes in. I tried looking this up on the hardware list, but I don't see it. I see someone referencing it on a BSD list, but version 8.0... Does anyone know if these work with pfSense 1.2.2 as a WAN connection? There are pre-fab 3G Routers that work with it, but they are $$$.

Fourth Problem is, this is a separate problem, that maybe I can get an alternative in place if needed, but my cell phone is 3G as well. No signal = no calls. I have looked at Signal Boosters for areas/building, but they seem to be insanely expensive.

Anyone have any suggestions or solutions to this problem?

Regards,

Chuck

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Glenn Kelley

2009-03-26 04:09:50 UTC

Permalink

ubnt.com is a good place to start.

First - check with someone in town (that can be 30 miles away even)

see if you can get a cablemodem or dsl or something there -
then antenna away

Great stuff !

On Mar 25, 2009, at 11:31 PM, Chuck Mariotti wrote:

> I have the option of staying/working from a home on a the Lake for a
> number of weeks this summer here in Ontario/Canada. Nice and
> relaxed. Unfortunately, the only internet access is dialup, which is
> not acceptable (of course).
>
> After much poking around, I borrowed my wife's iPhone, went up to
> the highest point in the house, stuck it up against each window, and
> low and behold with one of those windows... one bar of 3G. 3G / Edge
> jumped In and Out, but it was definitely there. Some tests were
> pretty good... 2mbit down, 500kup... others, pretty bad... very
> bad... 3G signal would go down, etc... but it's there!
>
> The one problem is, there are no leaves on the trees yet... and it's
> just one bar of signal. So I imagine it will get worse in a couple
> of months time.
>
> Second problem is, that the wireless provider here (Rogers) sells a
> USB Stick that will give me 3G Internet Access (like the iPhone).
> Model Ovation MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern
> is that this thing is as bad or Worse than the iPhone for receiving
> 3G signals. I would really like to not have to worry about signals
> here. Does anyone know if the antenna on this thing is significantly
> better than an iPHone? Will I get 0 bars or 5 bars?
>
> Third Problem is, I have more than one computer. I'd like to share
> this connection. This is where pfSense comes in. I tried looking
> this up on the hardware list, but I don't see it. I see someone
> referencing it on a BSD list, but version 8.0... Does anyone know if
> these work with pfSense 1.2.2 as a WAN connection? There are pre-fab
> 3G Routers that work with it, but they are $$$.
>
> Fourth Problem is, this is a separate problem, that maybe I can get
> an alternative in place if needed, but my cell phone is 3G as well.
> No signal = no calls. I have looked at Signal Boosters for areas/
> building, but they seem to be insanely expensive.
>
> Anyone have any suggestions or solutions to this problem?
>
> Regards,
>
> Chuck
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

lists

2009-03-26 12:38:41 UTC

Permalink

Glenn Kelley wrote:
> ubnt.com is a good place to start.
>
> First - check with someone in town (that can be 30 miles away even)
>
> see if you can get a cablemodem or dsl or something there -
> then antenna away
>
> Great stuff !
>
>
> On Mar 25, 2009, at 11:31 PM, Chuck Mariotti wrote:
>
>> I have the option of staying/working from a home on a the Lake for a
>> number of weeks this summer here in Ontario/Canada. Nice and relaxed.
>> Unfortunately, the only internet access is dialup, which is not
>> acceptable (of course).
>>
>> After much poking around, I borrowed my wife's iPhone, went up to the
>> highest point in the house, stuck it up against each window, and low
>> and behold with one of those windows... one bar of 3G. 3G / Edge
>> jumped In and Out, but it was definitely there. Some tests were
>> pretty good... 2mbit down, 500kup... others, pretty bad... very
>> bad... 3G signal would go down, etc... but it's there!
>>
>> The one problem is, there are no leaves on the trees yet... and it's
>> just one bar of signal. So I imagine it will get worse in a couple of
>> months time.
>>
>> Second problem is, that the wireless provider here (Rogers) sells a
>> USB Stick that will give me 3G Internet Access (like the iPhone).
>> Model Ovation MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern
>> is that this thing is as bad or Worse than the iPhone for receiving
>> 3G signals. I would really like to not have to worry about signals
>> here. Does anyone know if the antenna on this thing is significantly
>> better than an iPHone? Will I get 0 bars or 5 bars?
>>
>> Third Problem is, I have more than one computer. I'd like to share
>> this connection. This is where pfSense comes in. I tried looking this
>> up on the hardware list, but I don't see it. I see someone
>> referencing it on a BSD list, but version 8.0... Does anyone know if
>> these work with pfSense 1.2.2 as a WAN connection? There are pre-fab
>> 3G Routers that work with it, but they are $$$.
>>
>> Fourth Problem is, this is a separate problem, that maybe I can get
>> an alternative in place if needed, but my cell phone is 3G as well.
>> No signal = no calls. I have looked at Signal Boosters for
>> areas/building, but they seem to be insanely expensive.
>>
>> Anyone have any suggestions or solutions to this problem?
>>
>> Regards,
>>
>> Chuck
<snippage>

http://rastforum.com/index.php?topic=30.0

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

lists

2009-03-26 12:40:16 UTC

Permalink

<snipped>
>>>
>>>
>>> Anyone have any suggestions or solutions to this problem?
>>>
>>> Regards,
>>>
>>> Chuck
> <snippage>
>
> http://rastforum.com/index.php?topic=30.0
>
> <snipped>
>
Sorry, this one is better: http://www.usbwifi.orconhosting.net.nz/

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chuck Mariotti

2009-03-26 14:52:16 UTC

Permalink

So I assume this means that it will work for a 3G USB Stick, not just WiFi?

If so, I wonder if I can just get a used Dish Network or DirecTV dish and use that. They're super cheap and look like they're already tuned.

-----Original Message-----
From: lists [mailto:lists-***@public.gmane.org]
Sent: Thursday, March 26, 2009 8:40 AM
To: support-***@public.gmane.org
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?

<snipped>
>>>
>>>
>>> Anyone have any suggestions or solutions to this problem?
>>>
>>> Regards,
>>>
>>> Chuck
> <snippage>
>
> http://rastforum.com/index.php?topic=30.0
>
> <snipped>
>
Sorry, this one is better: http://www.usbwifi.orconhosting.net.nz/

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Jonathan Reed

2009-03-26 06:01:55 UTC

Permalink

I cant speak on pfsense part, but I had a similar problem at our cottage
last summer (also in Ontario) and I learned that an ISP did indeed service
the area with high-speed wireless. The nearest gas station is a 30 mins
drive and yet we have a decent broadband connection up there. Check for a
wireless provider who serves your area. Never know, maybe you'll be in luck.

On Wed, Mar 25, 2009 at 11:31 PM, Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>wrote:

> I have the option of staying/working from a home on a the Lake for a number
> of weeks this summer here in Ontario/Canada. Nice and relaxed.
> Unfortunately, the only internet access is dialup, which is not acceptable
> (of course).
>
> After much poking around, I borrowed my wife's iPhone, went up to the
> highest point in the house, stuck it up against each window, and low and
> behold with one of those windows... one bar of 3G. 3G / Edge jumped In and
> Out, but it was definitely there. Some tests were pretty good... 2mbit down,
> 500kup... others, pretty bad... very bad... 3G signal would go down, etc...
> but it's there!
>
> The one problem is, there are no leaves on the trees yet... and it's just
> one bar of signal. So I imagine it will get worse in a couple of months
> time.
>
> Second problem is, that the wireless provider here (Rogers) sells a USB
> Stick that will give me 3G Internet Access (like the iPhone). Model Ovation
> MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern is that this thing is
> as bad or Worse than the iPhone for receiving 3G signals. I would really
> like to not have to worry about signals here. Does anyone know if the
> antenna on this thing is significantly better than an iPHone? Will I get 0
> bars or 5 bars?
>
> Third Problem is, I have more than one computer. I'd like to share this
> connection. This is where pfSense comes in. I tried looking this up on the
> hardware list, but I don't see it. I see someone referencing it on a BSD
> list, but version 8.0... Does anyone know if these work with pfSense 1.2.2
> as a WAN connection? There are pre-fab 3G Routers that work with it, but
> they are $$$.
>
> Fourth Problem is, this is a separate problem, that maybe I can get an
> alternative in place if needed, but my cell phone is 3G as well. No signal =
> no calls. I have looked at Signal Boosters for areas/building, but they seem
> to be insanely expensive.
>
> Anyone have any suggestions or solutions to this problem?
>
> Regards,
>
> Chuck
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>
>

Chuck Mariotti

2009-03-26 14:20:10 UTC

Permalink

I wish... unfortunately, they've had several evaluations and they're on the wrong side of the lake and behind a hill.

From: Jonathan Reed [mailto:jreed777-***@public.gmane.org]
Sent: Thursday, March 26, 2009 2:02 AM
To: support-***@public.gmane.org
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?

I cant speak on pfsense part, but I had a similar problem at our cottage last summer (also in Ontario) and I learned that an ISP did indeed service the area with high-speed wireless. The nearest gas station is a 30 mins drive and yet we have a decent broadband connection up there. Check for a wireless provider who serves your area. Never know, maybe you'll be in luck.

On Wed, Mar 25, 2009 at 11:31 PM, Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org<mailto:cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>> wrote:
I have the option of staying/working from a home on a the Lake for a number of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately, the only internet access is dialup, which is not acceptable (of course).

After much poking around, I borrowed my wife's iPhone, went up to the highest point in the house, stuck it up against each window, and low and behold with one of those windows... one bar of 3G. 3G / Edge jumped In and Out, but it was definitely there. Some tests were pretty good... 2mbit down, 500kup... others, pretty bad... very bad... 3G signal would go down, etc... but it's there!

The one problem is, there are no leaves on the trees yet... and it's just one bar of signal. So I imagine it will get worse in a couple of months time.

Second problem is, that the wireless provider here (Rogers) sells a USB Stick that will give me 3G Internet Access (like the iPhone). Model Ovation MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern is that this thing is as bad or Worse than the iPhone for receiving 3G signals. I would really like to not have to worry about signals here. Does anyone know if the antenna on this thing is significantly better than an iPHone? Will I get 0 bars or 5 bars?

Third Problem is, I have more than one computer. I'd like to share this connection. This is where pfSense comes in. I tried looking this up on the hardware list, but I don't see it. I see someone referencing it on a BSD list, but version 8.0... Does anyone know if these work with pfSense 1.2.2 as a WAN connection? There are pre-fab 3G Routers that work with it, but they are $$$.

Fourth Problem is, this is a separate problem, that maybe I can get an alternative in place if needed, but my cell phone is 3G as well. No signal = no calls. I have looked at Signal Boosters for areas/building, but they seem to be insanely expensive.

Anyone have any suggestions or solutions to this problem?

Regards,

Chuck

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org<mailto:support-unsubscribe-***@public.gmane.org>
For additional commands, e-mail: support-help-***@public.gmane.org<mailto:support-help-***@public.gmane.org>

Commercial support available - https://portal.pfsense.org

Vick Khera

2009-03-26 14:09:54 UTC

Permalink

Chuck Mariotti

2009-03-26 15:07:25 UTC

Permalink

The USB stick I am talking about is apparently plug&play and no drivers needed. Of course, I assume this means it's a generic driver that is included with the consumer OS's. My big question is, does it work with pfSense.

-----Original Message-----
From: Vick Khera [mailto:vivek-***@public.gmane.org]
Sent: Thursday, March 26, 2009 10:10 AM
To: support-***@public.gmane.org
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?

On Wed, Mar 25, 2009 at 11:31 PM, Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org> wrote:
> I have the option of staying/working from a home on a the Lake for a number of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately, the only internet access is dialup, which is not acceptable (of course).

I've been pondering building a DIY mobile hot-spot based on a CDMA or
other 3g usb stick + pfSense on an ALIX board. I could just plug it
into my car and take it along with me wherever I go...

When we were at BSDCon in DC last month, the local wifi provided was
over a shared connection built this way by hand using an OpenBSD
laptop as the gateway to the verizon network via usb stick. It worked
quite well for the first day :-)

The adapter they had at that time showed itself as a traditional USB
serial port with a modem attached to it. All they had to do was run
PPP on it to authenticate (not sure if it was PPPoE or just plain
PPP). If it is PPPoE then I would think pfSense could do it if we
convinced it to talk over the USB serial port rather than a real
ethernet.

Being an a perpetual "lack of time" situation I haven't gotten around
to diving into this project, but I would be interested in hearing if
anyone has gotten pfSense to talk directly to such a modem. Heck,
that would make for an awesome failover connection at the office, too!

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chris Buechler

2009-03-27 03:51:45 UTC

Permalink

On Thu, Mar 26, 2009 at 10:09 AM, Vick Khera <vivek-***@public.gmane.org> wrote:
>
> When we were at BSDCon in DC last month, the local wifi provided was
> over a shared connection built this way by hand using an OpenBSD
> laptop as the gateway to the verizon network via usb stick. It worked
> quite well for the first day :-)
>

The "first day" part is key there. :) It fell apart after that.

pfSense doesn't support any 3G devices. The driver support on FreeBSD
in our experience is somewhere between poor and non-existent depending
on the card. The cards with driver support tend to be old ones you
can't get new anymore.

3G requires PPP support as it's functionally virtually identical to a
POTS dial up modem. PPP dial up support may appear in 2.0. 3G drivers
is a bigger problem.

There are some boxes that'll output 3G to Ethernet in some fashion
(router generally), but they aren't cheap. $200-300 USD if I recall.
That may be the best bet. One caveat though - don't know how it is in
.ca but most providers here in the US will limit you to 5 GB and
charge an exorbitant amount per MB above that.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Tortise

2009-03-27 07:18:41 UTC

Permalink

Check out the Linksys wrt54g3g which I use with a 3G XU870, (cheap 2nd hand) works well for portable Internet connections for a
battery of wireless notebooks. It runs from 12V so car battery power is also an option.

The code is open source and published by Linksys, whether that makes the drivers accessible I am not sure.

Kind regards
David

----- Original Message -----
From: "Chris Buechler" <cmb-***@public.gmane.org>
To: <support-***@public.gmane.org>
Sent: Friday, March 27, 2009 4:51 PM
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile InternetStick (Rocket) with pfSense?

On Thu, Mar 26, 2009 at 10:09 AM, Vick Khera <vivek-***@public.gmane.org> wrote:
>
> When we were at BSDCon in DC last month, the local wifi provided was
> over a shared connection built this way by hand using an OpenBSD
> laptop as the gateway to the verizon network via usb stick. It worked
> quite well for the first day :-)
>

The "first day" part is key there. :) It fell apart after that.

pfSense doesn't support any 3G devices. The driver support on FreeBSD
in our experience is somewhere between poor and non-existent depending
on the card. The cards with driver support tend to be old ones you
can't get new anymore.

3G requires PPP support as it's functionally virtually identical to a
POTS dial up modem. PPP dial up support may appear in 2.0. 3G drivers
is a bigger problem.

There are some boxes that'll output 3G to Ethernet in some fashion
(router generally), but they aren't cheap. $200-300 USD if I recall.
That may be the best bet. One caveat though - don't know how it is in
.ca but most providers here in the US will limit you to 5 GB and
charge an exorbitant amount per MB above that.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

2009-03-27 13:57:45 UTC

Permalink

On Fri, Mar 27, 2009 at 01:18, Tortise <tortise-wUU9E3n5/m4qAMOr+***@public.gmane.org> wrote:
> Check out the Linksys wrt54g3g which I use with a 3G XU870, (cheap 2nd hand) works well for portable Internet connections for a
> battery of wireless notebooks. It runs from 12V so car battery power is also an option.

Actually the best 3G router option I've found is an Alix 6b2. It has
a miniPCI Express slot you can use for the cellular connection (no
miniPCI solutions exist AFAIK) and an LX800 with 256MB of memory.
$113 for the board, $10 for the case, and $??? for a card and
continued connectivity.

I also thought the wrt54g3g would be nice and have actually spend a
considerable amount of time working with it and getting better support
for it into OpenWRT. For the price, the hardware is anemic compared
to the 6b2. Their implementation of a TI cardbus on the mipsel
architecture is buggy to say the least, and added to the rather awful
"open source" releases they made it's been impossible to get a
2.6-series linux kernel running on it. It is one of the two remaining
piles of Broadcom fail that force *WRT to continue to support
2.4-series kernels.

Linksys' releases are generically okay, but largely just pay lip
service to the open source concept. Once you start digging into
model-specific features (like the G3G cardbus or the AG310's SIP
interface) you run into a brick wall of binary lumps that "happened"
to get shipped with the release instead of the source you were looking
for.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chuck Mariotti

2009-03-27 14:45:42 UTC

Permalink

Well, I do happen to have an Alix 6b2 here... my question is, what software are you running to allow you to use 3G? pfSense? If so, what miniPCI Express slot card are you using exactly? I assume this means I could throw on a HUGE antenna?! All I have to do is put in a SIM and it goes type of thing? Acts like a regular WAN port...?

More info PLEASE!

-----Original Message-----
From: RB [mailto:***@gmail.com]
Sent: Friday, March 27, 2009 9:58 AM
To: ***@pfsense.com
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile InternetStick (Rocket) with pfSense?

On Fri, Mar 27, 2009 at 01:18, Tortise <***@paradise.net.nz> wrote:
> Check out the Linksys wrt54g3g which I use with a 3G XU870, (cheap 2nd hand) works well for portable Internet connections for a
> battery of wireless notebooks. It runs from 12V so car battery power is also an option.

Actually the best 3G router option I've found is an Alix 6b2. It has
a miniPCI Express slot you can use for the cellular connection (no
miniPCI solutions exist AFAIK) and an LX800 with 256MB of memory.
$113 for the board, $10 for the case, and $??? for a card and
continued connectivity.

I also thought the wrt54g3g would be nice and have actually spend a
considerable amount of time working with it and getting better support
for it into OpenWRT. For the price, the hardware is anemic compared
to the 6b2. Their implementation of a TI cardbus on the mipsel
architecture is buggy to say the least, and added to the rather awful
"open source" releases they made it's been impossible to get a
2.6-series linux kernel running on it. It is one of the two remaining
piles of Broadcom fail that force *WRT to continue to support
2.4-series kernels.

Linksys' releases are generically okay, but largely just pay lip
service to the open source concept. Once you start digging into
model-specific features (like the G3G cardbus or the AG310's SIP
interface) you run into a brick wall of binary lumps that "happened"
to get shipped with the release instead of the source you were looking
for.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-***@pfsense.com
For additional commands, e-mail: support-***@pfsense.com

Commercial support available - https://por

2009-03-27 16:03:46 UTC

Permalink

On Fri, Mar 27, 2009 at 08:45, Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org> wrote:
> Well, I do happen to have an Alix 6b2 here... my question is, what software are you running to allow you to use 3G? pfSense? If so, what miniPCI Express slot card are you using exactly? I assume this means I could throw on a HUGE antenna?! All I have to do is put in a SIM and it goes type of thing? Acts like a regular WAN port...?
>
> More info PLEASE!

Unfortunately, the project died on the vine before I could get a
miniPCI-E card purchased (was using the sierra 595 with the G3G and
the sierra 860 on a laptop), but Sierra Wireless cards all work quite
well.

Generally speaking (as has been noted here), they appear as USB serial
devices that you use as a PPP device and dial a short ("*99#" for US
AT&T) number. We were using OpenWRT, in which the 'comgt' package
provides sane defaults for most 3G setups, including EVDO. Since
OpenWRT is packaged for x86, there's no reason it won't run on the
6b2; of course, there's also no reason you shouldn't be able to use
pfSense as well. All you need is a card that comes up as a USB serial
device (some require special drivers and don't very well), and you
should be able to run PPP on your platform of choice.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Tortise

2009-03-27 20:39:46 UTC

Permalink

"Actually the best 3G router option I've found is an Alix 6b2. It has
a miniPCI Express slot you can use for the cellular connection (no
miniPCI solutions exist AFAIK) /"

Would the Dell 3G Mini PCI Express modules used in their notebooks work?

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

2009-03-27 21:21:11 UTC

Permalink

On Fri, Mar 27, 2009 at 14:39, Tortise <tortise-wUU9E3n5/m4qAMOr+***@public.gmane.org> wrote:
> "Actually the best 3G router option I've found is an Alix 6b2. It has
> a miniPCI Express slot you can use for the cellular connection (no
> miniPCI solutions exist AFAIK) /"
>
> Would the Dell 3G Mini PCI Express modules used in their notebooks work?

Probably, but I have no idea what the actual chipset is. The 6b2's
Express slot is USB-only (remember that Mini PCI Express is either
PCI-E or USB-2.0), so you'd have to make sure that you get a card that
supports the USB side. That said, I seem to have seen a lot more
USB-based than PCI based mP-E cards, so your chances are good.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Dave Donovan

2009-03-27 19:51:50 UTC

Permalink

On Wed, Mar 25, 2009 at 11:31 PM, Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org> wrote:
> I have the option of staying/working from a home on a the Lake for a number of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately, the only internet access is dialup, which is not acceptable (of course).
>
> After much poking around, I borrowed my wife's iPhone, went up to the highest point in the house, stuck it up against each window, and low and behold with one of those windows... one bar of 3G. 3G / Edge jumped In and Out, but it was definitely there. Some tests were pretty good... 2mbit down, 500kup... others, pretty bad... very bad... 3G signal would go down, etc... but it's there!

Hey Chuck,

I've got an HTC TyTn II. I think you told me that you had the same
one, or a similar one. It has a connector for 2 external antennae.
One is for GPS, I think the other is for cellular. The external
antenna may also solve the all-or-nothing issue with your 3g phone by
giving you a bit of a boost.

There is a registry hack to make the device support WiFi tethering.
In this case, you would be turning the phone into a WiFi AP and you
could just connect to the phone using pfSense and any supported
wireless card, including your Alix. Bridging 3g to WiFi with a
commodity phone simplifies that part of the equation. Make sure to
turn off the Bluetooth radio as it seems to interfere with reception.
(this may also help on the Iphone)

I know a TyTn isn't exactly cheap but if you don't have one already,
you might be able to get one cheap with a screen defect or something.
It's also quite possible that other, older/cheaper models would serve
as well but I can only speak for what I've got.

You could also jail break the Iphone and tether to it. Signal
strength is an issue as you pointed out. I haven't seen an external
antenna connector on the Iphone. I don't know how your wife would
feel about you putting her Iphone in a tupperware container and
hoisting it up a pole just so you could have Internet access. :-)

If you were doing wireless tethering, you wouldn't strictly need
pfSense in this arrangement. One benefit to using it would be
tunneling, with OpenVPN or IPsec, back to work/home. If you turn on
compression you could boost your effective throughput with some types
of traffic and possibly reduce your cellular data usage.

Good luck,

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Dave Warren

2009-03-28 14:49:30 UTC

Permalink

In message <4ad1738e0903271251l1713a491y14a69e8496202b43-JsoAwUIsXosN+***@public.gmane.org>
Dave Donovan <donovan.david-***@public.gmane.org> was
claimed to have wrote:

>I've got an HTC TyTn II. I think you told me that you had the same
>one, or a similar one. It has a connector for 2 external antennae.
>One is for GPS, I think the other is for cellular. The external
>antenna may also solve the all-or-nothing issue with your 3g phone by
>giving you a bit of a boost.

You're correct, this is an external antenna jack.

>There is a registry hack to make the device support WiFi tethering.

Note that this needs WM6.0, WM6.1 apparently allows the carrier to
detect tethering and bill you extra (not that Rogers does this, to my
knowledge, but they could start)

>I know a TyTn isn't exactly cheap but if you don't have one already,
>you might be able to get one cheap with a screen defect or something.
>It's also quite possible that other, older/cheaper models would serve
>as well but I can only speak for what I've got.

They're surprisingly cheap on eBay/Craigslist now (vs the $600 I paid
for an unlocked unit when they first came out)

I could probably be talked into selling mine with some minor cosmetic
damage for $250 or so (I haven't looked at the new/replacement costs
yet, I just know what I want to buy instead, I need a replacement as
part of $DAYJOB involves testing WM software)

Contact me off-list if this looks useful. Note that you'll probably
have to reflash the firmware, I'm on a modified one, although I could
probably flash a stock AT&T image back on the device before sending it
out.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Dave Warren

2009-03-28 14:49:30 UTC

Permalink

In message
<8A93EAA824A48B4ABC87B3E3DA03256BA953670082-***@public.gmane.org> Chuck
Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org> was claimed
to have wrote:

>I have the option of staying/working from a home on a the Lake for a number
>of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately,
>the only internet access is dialup, which is not acceptable (of course).

I spent my last summer working remotely from various campsites and
cabins, it's well worth the pain.

>After much poking around, I borrowed my wife's iPhone, went up to the highest
>point in the house, stuck it up against each window, and low and behold
>with one of those windows... one bar of 3G. 3G / Edge jumped In and Out,
>but it was definitely there. Some tests were pretty good... 2mbit down,
>500kup... others, pretty bad... very bad... 3G signal would go down, etc...
>but it's there!
>
>The one problem is, there are no leaves on the trees yet... and it's just
>one bar of signal. So I imagine it will get worse in a couple of months time.
>
>Second problem is, that the wireless provider here (Rogers) sells a USB
>Stick that will give me 3G Internet Access (like the iPhone). Model Ovation
>MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern is that this thing
>is as bad or Worse than the iPhone for receiving 3G signals. I would
>really like to not have to worry about signals here. Does anyone know
>if the antenna on this thing is significantly better than an iPHone?
>Will I get 0 bars or 5 bars?

In my experience, the iPhone's 3G antenna / transmitter is less able to
cope with inconsistent or spotty signal then either my AT&T Tilt or my
Razr2 V9 (all on Rogers Wireless 3G)

Also investigate whether you can find an external antenna for whatever
device you end up, a $100 whip style antenna will take an unreliable
signal and make it reliable, a Yagi will make you think you're
hardwired.

>Anyone have any suggestions or solutions to this problem?

Depending on the area, you might want to take a look at TELUS' data
services. I much prefer Rogers on my primary service, but I've taken my
TELUS EVDO card out camping with me, one trip we moved to a new
campground every day for almost two weeks only once ending up without a
solid EVDO signal, whereas we only had reliable 3G every third or fourth
day, we ended up having to fall back on GSM/EDGE the other days.

My experience was in Western Canada though, out east you might have
better luck with Bell rather then TELUS.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

John Sellens

2009-03-26 15:25:58 UTC

Permalink

| From: Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>
|
| The USB stick I am talking about is apparently plug&play and no drivers nee=
| ded. Of course, I assume this means it's a generic driver that is included =
| with the consumer OS's. My big question is, does it work with pfSense.

Would the Rogers "Portable Internet" service work for you?
It looks like "plug box into wall, get RJ45 ethernet out the other side".
http://www.rogers.com/web/content/internet-portable

And as others have mentioned, there are apparently a bunch
of companies offering wireless in cottage country.

Hope that helps - enjoy the lake!

John

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Chuck Mariotti

2009-03-26 15:35:04 UTC

Permalink

I have tried it, no luck... it is not in their service area. Even the external version is not close enough. 3G seems to be the only real option other than finding someone across the lake and relaying it across (not really an option).

-----Original Message-----
From: John Sellens [mailto:jsellens-Iv5KO+h6AVB+***@public.gmane.org]
Sent: Thursday, March 26, 2009 11:26 AM
To: support-***@public.gmane.org
Subject: RE: [pfSense Support] Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?

| From: Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>
|
| The USB stick I am talking about is apparently plug&play and no drivers nee=
| ded. Of course, I assume this means it's a generic driver that is included =
| with the consumer OS's. My big question is, does it work with pfSense.

Would the Rogers "Portable Internet" service work for you?
It looks like "plug box into wall, get RJ45 ethernet out the other side".
http://www.rogers.com/web/content/internet-portable

And as others have mentioned, there are apparently a bunch
of companies offering wireless in cottage country.

Hope that helps - enjoy the lake!

John

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Tim Nelson

2009-03-26 16:45:02 UTC

Permalink

----- "John Sellens" <jsellens-Iv5KO+h6AVB+***@public.gmane.org> wrote:
> | From: Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>
> |
> | The USB stick I am talking about is apparently plug&play and no
> drivers nee=
> | ded. Of course, I assume this means it's a generic driver that is
> included =
> | with the consumer OS's. My big question is, does it work with
> pfSense.
>
> Would the Rogers "Portable Internet" service work for you?
> It looks like "plug box into wall, get RJ45 ethernet out the other
> side".
> http://www.rogers.com/web/content/internet-portable
>
> And as others have mentioned, there are apparently a bunch
> of companies offering wireless in cottage country.
>
> Hope that helps - enjoy the lake!
>
> John

Have you considered a satellite connection? It sounds like your situation is temporary.. but there are a handful of companies that will lease or otherwise rent a small satellite dish with service for such instances. Keep in mind it may be a bit spendy... like $250 for a two week period, but it will be broadband. :-)

Look online for keywords like BGAN, portable satellite rental, etc.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

mayak chunder-qwern

2009-03-26 17:04:09 UTC

Permalink

There's always Eutelsat or perhaps another two-way DVB-RCS solution, but
$$$.

Maybe someone rents the dish and the modem?

Cheers

Mayak

On Thu, 2009-03-26 at 11:45 -0500, Tim Nelson wrote:
> ----- "John Sellens" <jsellens-Iv5KO+h6AVB+***@public.gmane.org> wrote:
> > | From: Chuck Mariotti <cmariotti-0rzm6KYc5ZHQT0dZR+***@public.gmane.org>
> > |
> > | The USB stick I am talking about is apparently plug&play and no
> > drivers nee=
> > | ded. Of course, I assume this means it's a generic driver that is
> > included =
> > | with the consumer OS's. My big question is, does it work with
> > pfSense.
> >
> > Would the Rogers "Portable Internet" service work for you?
> > It looks like "plug box into wall, get RJ45 ethernet out the other
> > side".
> > http://www.rogers.com/web/content/internet-portable
> >
> > And as others have mentioned, there are apparently a bunch
> > of companies offering wireless in cottage country.
> >
> > Hope that helps - enjoy the lake!
> >
> > John
>
>
> Have you considered a satellite connection? It sounds like your situation is temporary.. but there are a handful of companies that will lease or otherwise rent a small satellite dish with service for such instances. Keep in mind it may be a bit spendy... like $250 for a two week period, but it will be broadband. :-)
>
> Look online for keywords like BGAN, portable satellite rental, etc.
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
> For additional commands, e-mail: support-help-***@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe-***@public.gmane.org
For additional commands, e-mail: support-help-***@public.gmane.org

Commercial support available - https://portal.pfsense.org

Continue reading on narkive:

Search results for 'firewall blocking legit traffic' (Questions and Answers)

replies

antivirus vs firewall?

started 2009-09-23 14:54:06 UTC

security

replies

Once a virus has placed itself in a system what can a firewall do to the virus? can it do anything?

started 2011-09-27 14:26:55 UTC

security

replies

is windows xp firewall safe enough?