Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Gertjan

Pages: [1] 2 3 4 5 ... 162
1
webGUI / Re: Add a header to webConfigurator server
« on: Today at 10:34:41 am »
And what about getting the GUI out of the way - moving it from 443 to another port xyz.
This is still a GUI "all open in the wild" but PCI scans would see this port anymore.
Or is PCI some sort of nmap scan ?

Anyway, I still don't understand why a web interface to control a device should be visible to the Internet - and should be related to money transactions, and thus should comply with these scans. Even if I do not have any answers, I still like to understand the question.

2
webGUI / Re: Add a header to webConfigurator server
« on: Today at 08:14:57 am »
.. as I just figured out.
And these scans are not for free of course.

Quote
Any company that accepts, processes, or stores credit card information needs to comply with the requirements set by the Payment Card Industry Security Standards Council. Merchants passing a free PCI Scan will receive the official certification they need to submit to their acquiring bank.
What has the pfSense WEB GUI to do with money transactions ?

3
webGUI / Re: Add a header to webConfigurator server
« on: Today at 07:51:37 am »
Oops, instead of replying I edited an old message.
Anyway, the results are here : https://forum.pfsense.org/index.php?topic=144026.msg784950#msg784950 (surprise !!)

edit : I'll leave my WAN IP open for some a couple of hours. So everybody can "test".

Also : pretty nice result actually for a connected-device GUI. What was the question again, because now I think I didn't understood the question.

4
webGUI / Re: Add a header to webConfigurator server
« on: Yesterday at 11:26:08 am »
....
But, ok, I'm curious now. I'll open up tomorrow my WAN on port 443 for GUI access, and test the access with ssllabs.com.
I'm not an nginx expert, but I guess I can come up with a small edit that will make the GUI comply.
Done.

It took me some time to setup my DNS, so pfsense.brit-hotel-f*m*l.n*t point to my WAN IP.
Opened WAN GUI access and launched the test : (see image).

My conclusion : The nginx web server used by pfSense is ok - nothing to add or remove.
An A+ out of the box.


PS : I'll throw in a CAA record for even more green ;)

5
Installation and Upgrades / Re: custom config on LiveCD?
« on: Yesterday at 09:36:50 am »
See this https://forum.pfsense.org/index.php?topic=143108.0

How to build a live USB ? Dono. Last time I installed 'from media' was somewhere in 2010 I guess.

Consider installing - which stays a manual operation because it's menu driven, and then, when the GUI is up,  import a config file.

6
General Questions / Re: Bootloop after black out
« on: Yesterday at 03:33:28 am »
Hi,

As you can see in the crash dump, the file system didn't really liked the power outage.
At least one file was deleted when cleaning up.
This file was probably a log file, or other temporarily file. so maybe not related to the crash.
But if it was a config file - like the one for dpinger, well, all explains.

Note : I can't tell from the log why pfSEnse crashed, but on the other hand, I never tried to run pfSense without an UPS ;)

7
Firewalling / Re: Google QUIC protocol issues
« on: Yesterday at 01:06:15 am »
Hi,

I had to look up what that actually is, QUIC..
Is is comparable to SPDY, and if so, then https://blog.chromium.org/2015/02/hello-http2-goodbye-spdy.html
http/2 is the future for every browser.

pfSense handles TCP and UDP just fine, on every port. If something is blocking it for you, then it must be something upstream. Tread the mentioned Wiki page - and point number https://www.ietf.org/proceedings/88/slides/slides-88-tsvarea-10.pdf : it appears "some users" have UDP connectivity problems.
Possible, but be assured that doesn't come from pfSense.

8
This is a good solution, except its difficult to do remotely.

Any other ideas?
Ship a prepared unit to the site, and have the installed one shipped back ?

9
DHCP and DNS / Re: filterdns stops working
« on: February 18, 2018, 11:33:26 am »
I'm not having any issue with filterdns,  but I'm using it, it resolves a couple of (very static) URL's to IPv4 and IPv6.

When you guys kill filterdns, restart it like this :
Code: [Select]
/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 240 -c /var/etc/filterdns.conf -d 7or even
Code: [Select]
/usr/local/sbin/filterdns -p /var/run/filterdns.pid -i 240 -c /var/etc/filterdns.conf -d 7 -f
"-d 7" will produce massive logging is the DNS log. Something might show up.
"-f" will keep it in the foreground, so keep your console access open for the time being. Ctrl-C will end it.

Try also chancing the interval "-i 240" (4 minutes) to "i -600" (every 10 minutes) to give it more time.

Btw : "filterdns" is a pretty simple FreeBSD package (program), you'll find it here : https://github.com/pfsense/FreeBSD-ports/blob/devel/net/filterdns/files/filterdns.c
It doesn't do much, and it depends on one important thing : DNS should be working.
Also, it injects modifications into pf tables.
Knowing that all spawned threads (as many as there are tables) are relaunched every "-i xxx" seconds at the same time, is it possible that "pf " gets "overrun" ?


10
Hi,

Use the GUI (Diagnostics menu) and the console access to check if your pfSense has an Internet connection.

Btw : I voted "1" - or should I vote for the other "1" ? Your vote proposal and question are not clear at all.

11
Have a look at this Captive Portal !

12
That ISPs would give out only 1 /64 is asinine... ...
.... Come on - why are they making it difficult by giving you 1 /64.. Just plain moronic!!!
Oh, man, I understand that so well.
I just forwarded your message to the main support forum of Orange, the biggest ISP in France and Europe (120 million ++ clients).
They just started to implement IPv6 a couple of month ago ...
At least 30 million boxes have hardware that can't operate with IPv6 (chips are IP4v hard wired).
10 $ for each new box  - 20 $ for shipping and handling (can't outsource that one to a low salary country ^^).

I guess I will be using he.net for a long time  :)

13
Installation and Upgrades / Re: PPPoe not working on 2.4.2
« on: February 15, 2018, 09:38:24 am »
Feb 15 15:26:47   ppp      [wan_link0] Name: "e13tkmita-sseu000600"
Feb 15 15:26:47   ppp      [wan_link0] CHAP: Using authname "XXXXXXXXXXXXXXXXXXX"

Feb 15 15:26:47   ppp      [wan_link0] CHAP: sending RESPONSE #1 len: 44
Feb 15 15:26:47   ppp      [wan_link0] CHAP: rec'd FAILURE #1 len: 25
Feb 15 15:26:47   ppp      [wan_link0] MESG: Authentication failed
Looks like a simple auth failure.
Double check login and password ?



14
Installation and Upgrades / Re: Upgrade 2.2.6 to 2.3.5
« on: February 15, 2018, 09:31:32 am »
Hi,

The missing function "pfSense_fsync()" isn't a PHP function (I can't find it) thus probably compiled C code, the function is present in executable (bin file).
Or, it should be there after a successful upgrade.
But it isn't.
Drive errors ? out of disk space, the upgrade failed ? Whatever.

Instead of finding out why, take the 10 minutes shortcut.
Install 2.3.5 (final 32 bits - supported a couple of month before final |.| ) or the future lane : 2.4.2 (64 bits).


15
Installation and Upgrades / Re: Kernel Panic error while installing
« on: February 15, 2018, 09:16:18 am »
Hi,

I rewrite your words :

After you reset the BIOS, You have a working situation.

Then you changed drives, reset the BIOS, and you have a no-go.

The original drives goes back in, another BIOS reset, and still a no-go.
Or, are back at the first, beginning state.

This means that you omitted to mention something that you did ... if not, this is my advise : get certified material because of random failures ;)

Btw : I know, pfSense ought to work on your device.
 

Pages: [1] 2 3 4 5 ... 162