Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - wgstarks

Pages: [1] 2 3 4 5 6
1
DHCP and DNS / Re: DNS Resolver Log Error sending queries to 1.1.1.1
« on: April 05, 2018, 09:31:41 am »
The Cloudflare settings still are not working and Cloudflare is reporting that they are not experiencing any service problems. Perhaps they have made some change that either inadvertently or deliberately blocks this? Regardless, it seems that it isnít likely to work ďas isĒ.

Hope Iím wrong.😕

2
We will be updating the blog post with that information, for now just replace the Cloudflare IP's with Quad9 ones (9.9.9.9 and 149.112.112.112).
Thanks. That worked.

Iíve seen similar reports on other forums regarding cloudflareís primary server not working. Hopefully whatever the issue is will get resolved soon.

3
DHCP and DNS / DNS list spring cleaning question
« on: April 04, 2018, 09:36:07 am »
Iíve setup DNS with TLS using quad9 (for now) as suggested on the netgate blog. IF Iím understanding the blog post correctly, all my dns quiries will go through the quad9 servers. Can I go ahead and delete the other 4 or 5 dns servers that I have configured in general settings?

4
We're seeing it as well. While we're investigating this issue, it seems to work with quad9 so I suggest you try it.
What changes need to be made to use quad9?

5
Packages / Re: Snort fails after OS update
« on: April 02, 2018, 01:40:07 pm »
Thanks. Worked great.

6
Packages / Re: Snort fails after OS update
« on: April 02, 2018, 11:45:26 am »
Will this also remove all my previous settings?

7
Packages / Re: Snort fails after OS update
« on: March 30, 2018, 09:37:48 am »
Yes. Retried probably 5 or 6 times. I get the same result each time.

8
Packages / [SOLVED] Snort fails after OS update
« on: March 29, 2018, 01:37:45 pm »
Just updated to 2.4.3 and noticed that Snort wasn't running. Checked the package manager and it showed an update for Snort. When I try to update I get this-
Code: [Select]
>>> Upgrading pfSense-pkg-snort...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-pkg-snort: 3.2.9.6 -> 3.2.9.6_1 [pfSense]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-pkg-snort from 3.2.9.6 to 3.2.9.6_1...
[1/1] Extracting pfSense-pkg-snort-3.2.9.6_1: .......... done
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/APACHE20
pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/LICENSE
pfSense-pkg-snort-3.2.9.6: missing file /usr/local/share/licenses/pfSense-pkg-snort-3.2.9.6/catalog.mk
pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.DGfxfSvviirT -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory
Failed

9
Hardware / Re: New pfsense for soho
« on: February 09, 2018, 07:57:52 pm »
I didnít have any problems with mine. Make sure you re-install though. I wouldnít trust the pre-installed software.

10
Got it all sorted out now. Thanks. Netgearís documentation is rather limited sometimes and their support is not the fastest but got all my misconfigurations corrected.

11
That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

Diagnostics > Packet Capture for ARP on that interface and see what you see.

No. I think this is caused by my own ignorance.  :D

12
Thanks. I set a reserved IP for en-0 on the unraid server and then bonded en-0 and en-1. I'm sure that's what is causing this problem. The MAC address shown in the log entry is for en-1 on the unraid server.

Just to be sure I've got it right, I just need to uncheck the ARP Table Static Entry option?

13
I'm seeing this entry flooding my system log-
Code: [Select]
Jan 22 17:09:09 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:09:40 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:11 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:10:41 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:12 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:11:42 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:08 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
Jan 22 17:12:13 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for 10.0.1.20 on em1
10.0.1.20 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?

14
IDS/IPS / Re: How to add custom rules to Suricata
« on: January 11, 2018, 08:40:24 am »
Thanks. Wonder how many IPís this hosting server has?😏

15
IDS/IPS / Suricate settings-which snort rules package?
« on: January 10, 2018, 08:51:05 am »
Did a little research regarding the use of snort rules packages in suricata. I found that any snort rules package should work with the exception that incompatible rules will just generate an error. Not sure what the best practice is though? Should i just use the rules for the most up to date version of snort? Or maybe its better to use an older version with better compatibility?

Pages: [1] 2 3 4 5 6