Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - pfBasic

Pages: [1] 2 3 4
1
General Questions / NTP time offset?
« on: August 08, 2017, 06:57:19 pm »
Is there a way (CLI or tunable maybe?) that I could create an offset for my NTP server on the network?

Such as distributing the time provided by say "time.nist.gov" + 500ms, or something along those lines?

2
IDS/IPS / Block VPN connections over TCP 443 with Suricata?
« on: July 15, 2017, 05:41:13 pm »
Does anyone have or know of a ruleset that would detect/block VPN connections?

I know of maintained IP lists (shallalist) that can be used to block connections to public VPN providers IP addresses.
However, this does nothing to prevent a connection to a private VPN as it wouldn't be on any list.


Obviously TCP 443 is going to stay open and everyone knows this. So how about inspecting headers and identifying a VPN SSL connection so it can be shut down? What would those rules be?

3
I'm trying to setup an ELK stack. Everything is up and running, but the filter I used just keeps tagging all of my logs with "_grokparsefailure" and "_geoipfailure", I'm not getting anything usable out of my logs.

How can I get the raw remote-syslog output from pfSense.

I'm trying to see exactly what the ELK stack is receiving before anything is processed.

Also - I found this: https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2

It shows the pfSense 2.2 filterlog format as
Code: [Select]
<Timestamp> <Hostname> filterlog: <CSV data>
Is that still the same in 2.4.0? Has the Rsyslog format changed since 2.2 (or 2.3)? - If so, what is it in 2.4.0 BETA?


4
2.4 Development Snapshots / Network Down after latest Snapshot
« on: July 05, 2017, 03:16:52 pm »
I was told to start a new thread on this although I believe it is related to previosuly posted issue on Unbound commit problems.


Updated, rebooted.

After 20-30 minutes webgui was still not accessible.

SSH in, restart webconfigurator. Was able to access webgui via IP only, hostname fails for DNS resolution - can't even resolve hostname to unbound.

When I finally get into the WebGUI I see the following services down:

Bandwidthd - don't care
DHCPD - kind of need that
DNSBL - not an immediate concern
NTPD - time would be nice
Suricata - not an immediate concern
Unbound - need that

I can successfully start all services except for DNSBL, that won't stay up.

Unbound & DHCPD will start, but I still can't even resolve local hostnames, have to access via IP.


OpenVPN services are all up, but fail to connect. I see RESOLVE: Cannot resolve host address errors throughout the logs
This again points in the direction of an issue with Unbound.

I've rebooted several times, rebooted modem, nothing. I've run a zpool scrub, all is good.


I was told I could revert to an older snapshot with the system - patches package. But I don't know how to do that. Tried putting in the URL of an older snapshot, but it fails to fetch.


Any help greatly appreciated! Would honestly just like to get the network back up ASAP by reverting to an old snapshot before troubleshooting why it isn't working. Would really appreciate someone telling me specifically how to do that.
I can successfully start


5
DHCP and DNS / Gateway Group for Unbound?
« on: July 02, 2017, 05:39:05 pm »
I seem to remember seeing somewhere that there are a lot of implicit rules in pfSense that don't show up in the GUI (at least by default) in order to let many services work without configuration (DHCP, etc).

EDIT: The rules found at https://hostname.domain:port/status.php#FirewallGeneratedRuleset

I was wondering if there was a way to edit these rules, specifically in order to apply a gateway group to Unbound.

I know that I can select the outbound interfaces for Unbound, but I'm not sure how that works (how does it decide which interface to use when >1 is selected?).


I would like to have a gateway group for Unbound to push all DNS requests out through VPN but with a failover to WAN if the VPN goes down:
VPN1 = Tier 1
VPN2 = Tier 1
WAN = Tier 2

Is this possible in some way?

6
pfBlockerNG / What's up with the whitelist not working on DNSBL?
« on: June 29, 2017, 10:48:36 am »
What am I not understanding here?

In this case I have the domain I want in the Custom Domain Whitelist section, saved and reloaded (been on the list for weeks).
Code: [Select]
.icloud.com
However, I'm still getting the DNSBL certificate when I visit this site.

When I go to my DNSBL Alerts, I see the traffic being flagged, and I also see that it is correctly identified as already being on the whitelist.
So what is happening here? DNSBL recognizes the traffic as being whitelisted but is still blackholing it? This makes no sense to me.

7
Trying to update version to latest and it says success, system reboots but then states that same version is installed?


I am currently at 2.4.0.b.20170621.0152

I tried to update to 2.4.0.b.20170621.?13xx? < something along those lines, an update released this afternoon.


It succeeds, but when I log back in I'm still at 2.4.0.b.20170621.0152?

8
OpenVPN / Working OpenVPN (PIA) just stopped working?!
« on: June 21, 2017, 01:46:24 pm »
As stated, I have had a working OpenVPN config for many months now. All of the sudden today it goes to 100% packet loss and stays down. Nothing was happening (changing) with pfSense at the time. I've posted the log file at verbosity=11. From what I can tell it's an authentication failure, but I don't know what part of authentication is failing or why?

Here's what I've tried so far.
  • Verified that the VPN servers I was trying to connect to were up
  • Rebooted my modem
  • Rebooted pfSense
  • Update to latest 2.4.0 BETA (2.4.0.b.20170621.0152)
  • Verified my VPN subscription was up to date
  • Verified my VPN user/pass was up to date/didn't need to be renewed
  • Verified my VPN user/pass was correct in pfSense auth file
  • Tried VPN user/pass in auth file (how it was originally) & in GUI fields
  • Disabled IDS/IPS & cleared snort2c table to ensure it wasn't blocking anything
  • Verified my VPN providers CA was correct & up to date in pfSense in case of file corruption or revocation/change
  • Scrubbed my zpool to ensure no corruption


Had to post log output to several posts. Included as an attachment as well.

EDIT: It looks like this might be an issue with the latest 2.4.0 BETA build. https://forum.pfsense.org/index.php?topic=132538.msg728694#msg728694

9
Hardware / DOCSIS Modem Suggestions?
« on: May 21, 2017, 01:40:02 am »
I'm not convinced yet but my modem seems to have been acting flaky the last couple of days (speeds drop dramatically, reset modem and speeds are back to normal).

Does anyone have any recommendations for a quality DOCSIS modem?

I'm open to buying something nicer (business class hardware) used if it's worth it.

10
As the title states, I've disabled an entire rule set. I stopped suricata on the interface in questions, I cleared the snort2c table, and i reset the states and the alerts for the interface then i restarted suricata on the interface.

As soon as i start it back up it shows traffic that matches the rules, it shows that the rule is disabled, but it also shows that the IP has been added to snort2c!

When i go to the snort2c table, it is indeed on the list.

Why?

How do i get rid of rules I don't want?

11
As stated in title,  could we get gateway groups added to the outbound interface list on unbound?

12
2.4 Development Snapshots / System Update Failing
« on: May 16, 2017, 08:18:02 pm »
I went to update to the latest build and got a failure

Code: [Select]
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
>>> Unlocking package pfSense-kernel-pfSense... done.
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (120 candidates): .......... done
Processing candidates (120 candidates): . done
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
python2: 2_3 [pfSense]

Installed packages to be UPGRADED:
unbound: 1.6.1 -> 1.6.2 [pfSense]
pfSense-rc: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core]
pfSense-kernel-pfSense: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core]
pfSense-default-config: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core]
pfSense-base: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core]
pfSense: 2.4.0.b.20170513.1656 -> 2.4.0.b.20170516.0622 [pfSense]
icu: 58.2,1 -> 58.2_2,1 [pfSense]

Number of packages to be installed: 1
Number of packages to be upgraded: 7

The operation will free 112 MiB.
9 MiB to be downloaded.
pkg: https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/All/pfSense-2.4.0.b.20170516.0622.txz: Not Found
>>> Locking package pfSense-kernel-pfSense... done.
Failed

So then I tried to update from console and it looks like it's working (no errors) but it just goes back to the menu immediately and nothing happens. The system doesn't appear to do anything and certainly doesn't reboot or show a new version?
Code: [Select]
Enter an option: 13

>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
>>> Unlocking package pfSense-kernel-pfSense... done.
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        python2: 2_3 [pfSense]

Installed packages to be UPGRADED:
        unbound: 1.6.1 -> 1.6.2 [pfSense]
        pfSense-rc: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core                                                                                                                                                                                               ]
        pfSense-kernel-pfSense: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [                                                                                                                                                                                               pfSense-core]
        pfSense-default-config: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [                                                                                                                                                                                               pfSense-core]
        pfSense-base: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-co                                                                                                                                                                                               re]
        pfSense: 2.4.0.b.20170513.1656 -> 2.4.0.b.20170516.0622 [pfSense]
        icu: 58.2,1 -> 58.2_2,1 [pfSense]

Number of packages to be installed: 1
Number of packages to be upgraded: 7

The operation will free 112 MiB.
9 MiB to be downloaded.

**** WARNING ****
Reboot will be required!!
Proceed with upgrade? (y/N) y
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking for upgrades (120 candidates): .......... done
Processing candidates (120 candidates): . done
The following 8 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        python2: 2_3 [pfSense]

Installed packages to be UPGRADED:
        unbound: 1.6.1 -> 1.6.2 [pfSense]
        pfSense-rc: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-core                                                                                                                                                                                               ]
        pfSense-kernel-pfSense: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [                                                                                                                                                                                               pfSense-core]
        pfSense-default-config: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [                                                                                                                                                                                               pfSense-core]
        pfSense-base: 2.4.0.b.20170514.1010 -> 2.4.0.b.20170516.1310 [pfSense-co                                                                                                                                                                                               re]
        pfSense: 2.4.0.b.20170513.1656 -> 2.4.0.b.20170516.0622 [pfSense]
        icu: 58.2,1 -> 58.2_2,1 [pfSense]

Number of packages to be installed: 1
Number of packages to be upgraded: 7

The operation will free 112 MiB.
9 MiB to be downloaded.
pkg: https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/All/pf                                                                                                                                                                                               Sense-2.4.0.b.20170516.0622.txz: Not Found
>>> Locking package pfSense-kernel-pfSense... done.


Any suggestions? I've tried rebooting then attempting the update again.

13
As stated, the traffic graphs on my dashboard stopped working on update to 2.4.0.b.20170512.1940. No issues before this update.

14
General Discussion / Web Managed Switch Recommendations? (USED)
« on: April 29, 2017, 06:50:33 pm »
I didn't think this was appropriate in the Hardware section since it is not pfSense specific.

I was wondering what your experienced recommendations were for an entry-level (semi)-managed switch?

I just picked up a TP-Link SG-108E to get access to VLANs, but it is getting (what seems to me like) a lot >1% of "Bad Rx Packets" on VLAN tagged ports.

I'm all for buying used networking gear to get quality stuff at a discount.

Looking for:
  • All full duplex gigabit ports
  • Supports 802.1Q VLANs
  • Web/GUI managed (or CLI if it is very well documented for beginners) just not looking to learn switch CLI for my home network
  • L2 (L3 switch doesn't seem necessary for a small home network and I'd like something pretty cheap)
  • Some PoE would be a big plus
  • ~8 ports
  • Preferably passively cooled, definitely very quiet if active cooling
  • Can be had used for <$75, the cheaper the better

Obviously the TP-Link SG-108E fits the bill other than PoE, but I'm betting there's something better out there that can be had for cheap if bought used.

15
General Questions / Trying to figure out VLANs, 3 LAN's, 1 Ubiquiti AP
« on: April 23, 2017, 04:37:50 pm »
I've never tried VLANs before so I'm assuming I'm making a dumb mistake somewhere.

What I want to do:
Add two VLANs, one for Guest use, the other for Internet of Things. I want both of them to be wireless via my Ubiquiti AP.


My Network:

pfSense igb3 > Web Managed Switch (SG108E) Port 1 >> Ubiquiti AP AC PRO Port 3     -&-     Desktop Port 7   


What I did:

  • pfSense:
     created two VLANs and assigned them to igb3
          Guest: Tag=10, Priority=0
          IoT: Tag=20, Priority=0
     Enabled each VLAN interface, assigned them static IPs, and enabled each of their DHCP servers accordingly
          Guest: 192.168.10.1/24
          IoT: 192.168.20.1/24
     Added Firewall Rules to the Guest & IOT Interface
          For now to ensure rules aren't the issue, it's an allow anything rule

  • Switch (SG108E):
     Enabled 802.1Q VLANs
          VLAN   1: Default_VLAN/Members: 1-8/Tagged:-/Untagged:1-8

          VLAN 10: Guest/Members: 1,3/Tagged:1/Untagged:3

          VLAN 20: IoT/Members: 1,3,7/Tagged:1/Untagged:3,7

NOTE: What I'm trying to do is setup two more WiFi SSID's for the Guest VLAN and the IoT VLAN. The AP is on port 3. I would also like to be able to access the IoT VLAN on my desktop on port 7 (but that really isn't important).

     The guide I followed said to assign a PVID to each port for the VLAN I'm using on it. However, I can only assign one PVID to each port. So how does that work when I need to put two VLANs through the same port? Also, from my understanding the PVID is assigning a tag to traffic coming to the switch from the port, so that the traffic is tagged on its way to the tagged port (1). On my Ubiquiti AP, I can select a VLAN tag for each SSID, so why is PVID necessary? TL;DR, I didn't add any PVIDs, every port is the default 1.

  • Ubiquiti AP AC PRO
     Added a Guest SSID and enabled VLAN tag
          Selected to use VLAN with VLAN ID: 10
     I haven't added the IoT SSID yet


The problem: When I try to connect to the Guest SSID, it can't get an IP address. I've tried restarting the DHCP services, resetting state tables, but the problem remains. I'm sure I've screwed this up somehow I just don't know how. Can anyone guide me here?!

Pages: [1] 2 3 4