pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - wgstarks

Pages: [1] 2 3 4 5
1
That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

Diagnostics > Packet Capture for ARP on that interface and see what you see.

No. I think this is caused by my own ignorance.  :D

2
Thanks. I set a reserved IP for en-0 on the unraid server and then bonded en-0 and en-1. I'm sure that's what is causing this problem. The MAC address shown in the log entry is for en-1 on the unraid server.

Just to be sure I've got it right, I just need to uncheck the ARP Table Static Entry option?

3
I'm seeing this entry flooding my system log-
Code: [Select]
Jan 22 17:09:09 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:09:40 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:11 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:41 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:12 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:42 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:08 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:13 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
10.0.1.20 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?

4
IDS/IPS / Re: How to add custom rules to Suricata
« on: January 11, 2018, 08:40:24 am »
Thanks. Wonder how many IPís this hosting server has?😏

5
IDS/IPS / Suricate settings-which snort rules package?
« on: January 10, 2018, 08:51:05 am »
Did a little research regarding the use of snort rules packages in suricata. I found that any snort rules package should work with the exception that incompatible rules will just generate an error. Not sure what the best practice is though? Should i just use the rules for the most up to date version of snort? Or maybe its better to use an older version with better compatibility?

6
IDS/IPS / Re: How to add custom rules to Suricata
« on: January 09, 2018, 09:48:00 pm »
Thanks.

Is there a way to pass an FQDN or do I need to just list all their IPís?

7
IDS/IPS / How to add custom rules to Suricata
« on: January 09, 2018, 09:07:52 pm »
I've found quite a few posts regarding syntax for custom rules but no discussion of how to actually add the rules. Is it as simple as pasting them into the Defined Custom Rules?

8
Packages / Re: Snort blocking all torrents
« on: January 08, 2018, 09:31:50 am »
It wasnít checked. I verified it several times. After uninstalling the package the traffic is passing normally though, so it would seem that snort was responsible for blocking it. I was thinking that I must have misconfigured some other snort setting that caused this?

9
Packages / Snort blocking all torrents
« on: January 08, 2018, 08:36:12 am »
Recently installed Snort configured to not block any traffic (alerts only) and loaded the ET rules. Wanted to get an idea of what problems I would have with false positives. After a day or so I realized that snort actually was blocking torrent traffic. The only way I could find to pass the traffic was to uninstall the snort package. Iím sure this whole issue is probably due to ignorance on my part, so Iím looking for advice on how to install and test the package without any major disruptions to my network. Or maybe snort isnít a good fit with torrents? Should I try some other package?

10
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 03, 2018, 07:23:49 am »
Thanks. Actually, I understood that. Should have been more specific.

I can see that the default block rules arenít going to do anything. If I move the any-any rule below them then it wonít do anything. Since Iím a noob at this, Iím not sure if I should modify the any-any rule or just delete the default block rules? My intent with this rule is to allow unlimited acces to the internet.

11
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 03, 2018, 06:59:10 am »
Your Allow any rule will pass all traffic and nothing below it will have any effect.
Are you saying I should modify ďallow anyĒ or delete the rules below it? Or both?

12
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 02, 2018, 06:50:47 pm »
Think I've got everything working now. Thanks @Derelict. Guest network has access to DHCP Server and WAN but no access to firewall or LAN (only other local network currently).

The firewall rules may need some tweaking. Any advice? I checked pinging, that works.




Edit: Caught my mistake with the "Block LAN Access" rule order. It's now one above "Allow Any".

13
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 02, 2018, 12:02:23 pm »
I would disable those rules and add a pass any any rule. Does it work? Then you are not passing traffic you need to pass.
Thanks. Makes a lot of sense. Maybe one of these days Iíll learn to quit following these online step-by-step guides.🙄

14
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 01, 2018, 08:22:40 pm »
Just because it's in a "guide" doesn't mean it's correct.

You only gave half the picture. What destination ports are you passing?

Not sure what you mean by destination ports?

Guess I'm a little slow tonight.:)






15
Firewalling / Re: Create a guest network with VLAN tag 1003
« on: January 01, 2018, 07:56:46 pm »
Just because it's in a "guide" doesn't mean it's correct.

You only gave half the picture. What destination ports are you passing?

Not sure what you mean by destination ports?

Pages: [1] 2 3 4 5