Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - jimp

Pages: [1] 2 3 4 5 ... 1446
Packages / Re: FreeRADIUS 3.x package NTLM problem
« on: Yesterday at 02:17:11 pm »
Try again on with FreeRADIUS 3.x package version 0.15.5, this should be fixed now.

Can you update FreeRADIUS 3.x and try again? You should see version 0.15.5 now.

The NTLM module was active but not configured. It looks like on FreeRADIUS 2.x it was manually edited and disabled, so I tried to replicate that change in a more FreeRADIUS 3-ish way by removing the ntlm_auth module from the active list. This should have the same effect as what was done in the FreeRADIUS 2.x code.

webGUI / Re: Add a header to webConfigurator server
« on: Yesterday at 12:55:54 pm »
Sounds like someone who doesn't know how to run a scanner. Some default to skipping an address if ping fails. OpenVAS would do that, but it's a simple flag to switch in the scan config.

Hardware / Re: Kernel Panic, submitted this mutliple times.
« on: Yesterday at 12:06:47 pm »
Code: [Select]
Tracing pid 11 tid 100003 td 0xc7716000
hardclock_cnt(1,0,c0d3ecd4,c1f86d1c,c78e8c80,...) at hardclock_cnt+0x24/frame 0xe278eae8
handleevents(0,395,e278eb58,400,c7715640,...) at handleevents+0xee/frame 0xe278eb38
timercb(c1fbcfc0,0,0,0,c2028f00,...) at timercb+0x3b9/frame 0xe278eb94
lapic_handle_timer(e278ebc0) at lapic_handle_timer+0x89/frame 0xe278ebb4
Xtimerint() at Xtimerint+0x2e/frame 0xe278ebb4
--- interrupt, eip = 0xc12d6f43, esp = 0xe278ec00, ebp = 0xe278ec0c ---
cpu_idle_acpi(ffffffff,ffffffff,c1f86d04,c1f86d08,c1f86d14,...) at cpu_idle_acpi+0x43/frame 0xe278ec0c
cpu_idle(0,0,c147ed0b,a3d,0,...) at cpu_idle+0x9a/frame 0xe278ec28
sched_idletd(0,e278ece8,0,0,0,...) at sched_idletd+0x1dd/frame 0xe278eca4
fork_exit(c0d40190,0,e278ece8) at fork_exit+0xa3/frame 0xe278ecd4
fork_trampoline() at fork_trampoline+0x8/frame 0xe278ecd4
--- trap 0, eip = 0, esp = 0xe278ed20, ebp = 0 ---

That is almost certainly a hardware or BIOS issue

Obscurity is not security. This is a bad line of thinking, especially if you wish to sell to Enterprises. Sure, hiding as much as possible from external attackers is nice but hiding from your CS department (or yourself) is generally not a good practice.

This is not security by obscurity. It's reducing unnecessary information exposure. If you rely on the device itself to tell you what version something is, you need to have a proper mechanism setup and in place to do that internally (e.g. SNMP or other means of querying the device).

Being able to determine the OS based on network behavior or daemon responses is not a reliable detection mechanism, and being able to do so is a problem, not a solution. I wouldn't go so far as to say it's a security issue if you can identify the OS, but it's still better if it's not accurately discernible.

DHCP and DNS / Re: filterdns stops working
« on: February 16, 2018, 02:55:27 pm »
Do we have any reliable and predictable way to trigger this issue? Any specific alias contents that cause it? Is there a set interval at which the problem occurs? Is there some other event that causes it to fail?

OpenVPN / Re: Client Export Utility & Multiple OpenVPN Servers
« on: February 16, 2018, 07:33:09 am »
The export package only works with remote access VPNs. You can't export a configuration for site-to-site.

Packages / Re: Quagga update to 1.2.3 fyi
« on: February 16, 2018, 07:32:00 am »
We'll get that updated. It looks like all of those are all for BGP though, not a lot of quagga BGP users out there on pfSense since it's only supported via raw config.

In the meantime, consider switching to FRR instead of using quagga.

Installation and Upgrades / Re: PPPoe not working on 2.4.2
« on: February 16, 2018, 07:27:10 am »
I'm so sorry!
I took the password from config export of the previous firewall.
I should have noticed the "=" sign at the end of pawwsord to notice it has been encrypted  :-[ :-[

Not encrypted, base64 encoded. You can use a base64 decoder to get the real password.

webGUI / Re: Add a header to webConfigurator server
« on: February 16, 2018, 07:26:12 am »

There's a ticket open for this one:

Not sure about the others. Probably due for a review in general, when that ticket gets addressed. Might drop a comment on there with the others.

Installation and Upgrades / Re: Upgrade 2.2.6 to 2.3.5
« on: February 15, 2018, 01:23:41 pm »
The haproxy config won't be removed when you uninstall. That all stays in place. Once you reinstall haproxy the settings will all still be there.

Installation and Upgrades / Re: Upgrade 2.2.6 to 2.3.5
« on: February 15, 2018, 10:13:01 am »
1. Remove packages as the upgrade guide suggests, this is especially important coming from anything pre-2.3 as the package format changed
2. Upgrade
3. Add back the packages you need

General Questions / Re: Can't reset password on Redmine Website
« on: February 14, 2018, 12:00:47 pm »
I reset your last name to "99" (sans quotes). Try it now.

Firewalling / Re: how to load alias table at boot
« on: February 13, 2018, 03:09:55 pm »
Use a URL table alias and point it at the location of the file containing the addresses. It will load them into a table automatically.

General Questions / Re: (solved) Nessus vulnerability false positives
« on: February 13, 2018, 02:32:04 pm »
For what it's worth, I believe it's a benefit that a scanner is unable to properly determine what you're running. Why make it any easier on someone or something to figure out what you've got? :-)

Pages: [1] 2 3 4 5 ... 1446