Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Kalle13

Pages: [1]
1
Hello guys,

first I want to thank all these people who make PFsense possible! Great work!  ;D
I am using it like about one year and it works great!

Unfortunately there is an little issue that I can`t just oversee. I don't get any notifications via mail.
My last notification was in 28th July during the firmware update to 2.3.2 I think: "Firmware upgrade in progress...". After that I got no more notifications.

When I try to send a test notification these lines appeared in my mail.log
Code: [Select]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: connect from unknown[192.168.2.1]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: SSL_accept error from unknown[192.168.2.1]: 0
Nov 29 23:19:46 Mail postfix/smtpd[26590]: warning: TLS library problem: 26590:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1300:SSL alert number 48:
Nov 29 23:19:46 Mail postfix/smtpd[26590]: lost connection after STARTTLS from unknown[192.168.2.1]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: disconnect from unknown[192.168.2.1]

After a little search I found out that this was probably a problem with my certificate.
http://serverfault.com/questions/660241/postfix-tls-error
Also there was a bug (#BUG5604) https://redmine.pfsense.org/issues/5604 with the exact headline like mine and though that the bug is not fixed yet. But I think I was mistaken.

My mail setup is like: I have a mail server, and all my little server and thingies are sending their status via mail to it. All mails from these servers were delivered accept the one from my pfsense box. The smtp connection starts with STARTTLS on port 25 and I have my own self signed certificate.

I hope you might have a little hint for me.

Cheers
Kalle

2
General Questions / nginx - I don`t understand //SOLVED\\
« on: August 24, 2016, 05:17:20 pm »
Hi,

I want to get wpad support on my pfsense (2.3.2) and I am following this manual https://nguvu.org/pfsense/pfSense-2.3-WPAD-PAC-proxy-configuration-guide/
At the point where I have to test the second nginx instance I get this output

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: /usr/local/sbin/nginx -c /usr/local/etc/nginx/nginx-wpad.conf
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] still could not bind()


After a little research:

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: sockstat -l | grep :80
root     nginx      89102 8  tcp4   *:80                  *:*
root     nginx      89102 9  tcp6   *:80                  *:*
root     nginx      88826 8  tcp4   *:80                  *:*
root     nginx      88826 9  tcp6   *:80                  *:*
root     nginx      88033 8  tcp4   *:80                  *:*
root     nginx      88033 9  tcp6   *:80                  *:*

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: sockstat -l | grep nginx
root     nginx      89102 6  tcp4   *:443                 *:*
root     nginx      89102 7  tcp6   *:443                 *:*
root     nginx      89102 8  tcp4   *:80                  *:*
root     nginx      89102 9  tcp6   *:80                  *:*
root     nginx      89102 10 stream /var/run/php-fpm.socket
root     nginx      88826 6  tcp4   *:443                 *:*
root     nginx      88826 7  tcp6   *:443                 *:*
root     nginx      88826 8  tcp4   *:80                  *:*
root     nginx      88826 9  tcp6   *:80                  *:*
root     nginx      88826 10 stream /var/run/php-fpm.socket
root     nginx      88033 6  tcp4   *:443                 *:*
root     nginx      88033 7  tcp6   *:443                 *:*
root     nginx      88033 8  tcp4   *:80                  *:*
root     nginx      88033 9  tcp6   *:80                  *:*
root     nginx      88033 10 stream /var/run/php-fpm.socket


Why is nginx listening on port 80?
The option for the web GUI is checked on https  ???
I don`t understand this.
Can anyone give me a hint, please.

Thank you and best regards.

3
General Questions / How to configure Nginx in 2.3 for WPAD
« on: April 02, 2016, 07:16:49 pm »
Hey folks,

I have an issue with the new webserver wich is nginx.
This how to http://www.9ns.co.uk/blog/?p=116 describes how to set up pfsense for WPAD support.
But it refers on the 2.2.6 version of pfsense which has an other webserver installed.
The now present version 2.3 has nginx installed and I am stuck at the point where I have to configure the webserver (nginx) for the wpad.dat wpad.da proxy.pac files.

Can someone please help my with this? 

Best
Regards
Kalle

4
Firewalling / WPAD vs firewall rule
« on: March 30, 2016, 07:14:17 pm »
Hello folks,

this time my interest lies on WPAD.
I want to use Squid with Dansguardian but Squid don't goes into "transparent mode"  due to a bug (PFsense in 2.2.6). Now I have to evade to WPAD.
Now my question:
Why do I have to do the hokus-pokus work with WPAD when there are firewall rules? Why not simply create rules to direct all the traffic to the proxy port? Is not the same as to say to the browser:"Hi there, here is the IP und the port of the proxy!"?

Do I make an error in reasoning?

Best regards
Kalle

5
Hallo wehrte Gemeinde,

ich bin gerade an dem Thema WPAD dran. Mein Ziel ist es Squid mit Dansguardian laufen zu lassen. Da Squid aber leider durch einen Bug in PFsense Version 2.2.6 nicht als "Transparent Proxy" läuft, will ich auf WPAD ausweichen. Nun meine Frage:
Warum macht man den ganzen Hokuspokus mit WPAD, wenn man doch einfach eine Firewallregel erstellen könnte? Man könnte sie doch so schreiben, dass der ganze Traffic auf den Proxyport umgelenkt werden würde. Also doch das gleich als, wenn ich ihm mit WPAD sage:"Hier ist der Proxy und der Port!"

Mache ich einen Denkfehler?  ???

Ich bin gespannt auf eure Antworten! :D

Beste Grüße
Kalle

6
Deutsch / Komme einfach nicht weiter -> DMZ [SOLVED]
« on: February 21, 2016, 07:28:25 am »
Moin wehrte Mitgleider,


ich versuche und probiere schon seid einigen Wochen eine funktionierende DMZ aufzusetzen. Darin befindet sich dann mein Mail Server. (Der funktioniert tadellos hinter meiner Fritz!Box)
Das Internet habe ich schon rauf und runter gesucht, Anleitungen gelesen und Videos angeschaut. Ich habe mir sogar ein Buch gekauft, aber leider kein Erfolg. Langsam bin ich am verzweifeln und glaube auch, dass ich zu doof dafür.


Mein Setup ist wie folgt:

Als erstes habe ich ein Modem im Bridge Mode. Daran angeschlossen ist die Firewall (Alix Board 2D13 - pfSense). Es übernimmt die PPPoE-Einwahl. Das Board hat drei NICs: vr0 = WAN, vr1 = LAN, vr2 = DMZ.
Vom LAN aus kann ich meinen Mail Server über SSH erreihen, aber nicht aus dem Internet; weder über meine Domain (dynDNS) noch direkt über die WAN IP.
Wenn ich meinen Laptop in die DMZ hänge komme ich aber raus und kann surfen.

Meine Konfiguration:

Firewall: LAN -> 192.168.178.*/24 (DHCP)
              DMZ -> 192.168.1.1/24 (static)
              Mailserver -> IP: 192.168.1.2
                                   Subnetmask: 255.255.255.0
                                   Gateway: 192.168.1.1



Hoffentlich könnt ihr mir weiterhelfen! :-\



Pages: [1]