Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - chrcoluk

Pages: [1] 2
1
2.4 Development Snapshots / pkg tool needs some common sense?
« on: September 28, 2017, 03:19:58 am »
So today I installed 2.4.1 on my new unit.

There was an issue with ipv6 due to a configuration issue, the unit had an active ipv6 address but traffic was dead, everything just basically timed out, ipv4 was fine.

I noticed the pkg tool was very stupid in how it handled the problem.

Basically it took me almost 4 hours to run a config restore because the pkg install process took ages.  it tried to connect via ipv6, waited a massive 15 mins (extremely high timeout), then fell back to ipv4, did this for every connection it had to do, before I eventually got to the end of the process.

In the gui, if trying to do any package management, it would just spin the circle for 15 minutes before giving a vague failure message, so seems there was no fallback attempt made.

So I suggest a few things.

1 - more verbose output, pfsense is I would hope not a "not for dummies" design by making messages as low verbosity as possible.  Often during the cli package process it just sat there with no indications of what was going on, my patience allowed it to finish.
2- a sane timeout such as 6 seconds, not 900 seconds.
3 - prevent it from automatically checking for updates (extra connections needed) every time a pkg install command is run, add some intelligence to it so if e.g. it know it checked only 15 mins ago there is no need to check again right now.

During the 4 hours, there was no firewall active, I had e.g. login attempts to sshd from internet bots, the firewall was down because the pfblockerng tables were none existant due to waiting for the pkg restore process.  So the restore process activates altered rules related to packages before the packages are restored.

2
Hardware / i350 mini pcie problems
« on: September 12, 2017, 01:47:42 pm »
Continuation of my discussion from fq_codel thread, here is some pictures of the card.

I flashed the latest firmware to the card yesterday and will try it again today to see if any improvement.


3
2.4 Development Snapshots / Setting vanished on latest RC build
« on: September 11, 2017, 01:39:33 pm »
There is a setting in general settings where can choose how often the dash updates, its now gone and I find the preconfigured refresh not to my liking.  Anyone else noticed the option is missing?

4
List is here

https://raw.githubusercontent.com/409H/EtherAddressLookup/master/blacklists/domains.json

It seems to parse the list ok as after the download it correctly lists the number of domains.

Code: [Select]
[ EthADdressLookup ] Downloading update .. 200 OK
  Remote timestamp missing .
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # Alexa    Final               
  ----------------------------------------------------------------------
  3312     3304       0          0          0          3304                 
  ----------------------------------------------------------------------

However it then fails I am showing the errors for first 10 entries or so.

Code: [Select]
[ DNSBL FAIL ] [ Skipping : EthADdressLookup ]

/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword '0xproject.io'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:1: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword '0xtoken.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:2: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword 'aragonproject.io'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:3: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword 'bitsdigit.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:4: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword 'bitspark2.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:5: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword 'bittreat.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:6: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword 'bittrex.cam'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:7: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword 'bittrex.comze.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:8: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword 'coin-dash.com'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:9: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword 'coin-wallet.info'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:10: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword 'coindash.ru'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: stray '"'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword ','
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword '60'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword 'IN'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword 'A'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: unknown keyword '10.10.10.1'
/var/db/pfblockerng/dnsbl/EthADdressLookup.bk:11: error: stray '"'

any ideas, or is it simply an incompatible feed?

5
So updated my snapshot from late january to the today snapshot via the supported method of hitting update in the GUI.

Watched it on the terminal and some php warnings/errors popped up but I now dont have access to them as it since rebooted to finish the update, after the update I had to report a bug due to php module errors causing startup warnings.

Post update analysis seems to indicate 3 php modules failed to update and by coincidence those 3 modules also have 444 perms instead of 644.

So is there a log somewhere so I can debug what happened during the upgrade process?

I fixed the perms to 644 and will do another snapshot update later after a new one is available to see if the modules get replaced.

6
the status_ntpd.php page will only work if you globally allow queries, I modified the code in a patch so it does not carry out the check, this means if you dont have an ACL to allow it for localhost you will get some kind of error, but for those who want this behaviour I am pasting the patch.

I didnt submit this as I think its not clean enough, its probable any proper solution would still need to generate the proper error page so basically a proper solution would need to check if an ACL is enabling access.

Code: [Select]
--- status_ntpd.php.orig        2017-08-06 23:16:40.585209000 +0100
+++ status_ntpd.php     2017-08-06 23:27:51.295867000 +0100
@@ -33,128 +33,127 @@
 
 require_once("guiconfig.inc");
 
-if (!isset($config['ntpd']['noquery'])) {
-       if (isset($config['system']['ipv6allow'])) {
-               $inet_version = "";
-       } else {
-               $inet_version = " -4";
-       }
-
-       exec("/usr/local/sbin/ntpq -pn $inet_version | /usr/bin/tail +3", $ntpq_output);
+//if (!isset($config['ntpd']['noquery'])) {
+if (isset($config['system']['ipv6allow'])) {
+       $inet_version = "";
+} else {
+       $inet_version = " -4";
+}
 
-       $ntpq_servers = array();
-       foreach ($ntpq_output as $line) {
-               $server = array();
-               $status_char = substr($line, 0, 1);
-               $line = substr($line, 1);
-               $peerinfo = preg_split("/[\s\t]+/", $line);
-
-               $server['server'] = $peerinfo[0];
-               $server['refid'] = $peerinfo[1];
-               $server['stratum'] = $peerinfo[2];
-               $server['type'] = $peerinfo[3];
-               $server['when'] = $peerinfo[4];
-               $server['poll'] = $peerinfo[5];
-               $server['reach'] = $peerinfo[6];
-               $server['delay'] = $peerinfo[7];
-               $server['offset'] = $peerinfo[8];
-               $server['jitter'] = $peerinfo[9];
-
-               switch ($status_char) {
-                       case " ":
-                               if ($server['refid'] == ".POOL.") {
-                                       $server['status'] = gettext("Pool Placeholder");
-                               } else {
-                                       $server['status'] = gettext("Unreach/Pending");
-                               }
-                               break;
-                       case "*":
-                               $server['status'] = gettext("Active Peer");
-                               break;
-                       case "+":
-                               $server['status'] = gettext("Candidate");
-                               break;
-                       case "o":
-                               $server['status'] = gettext("PPS Peer");
-                               break;
-                       case "#":
-                               $server['status'] = gettext("Selected");
-                               break;
-                       case ".":
-                               $server['status'] = gettext("Excess Peer");
-                               break;
-                       case "x":
-                               $server['status'] = gettext("False Ticker");
-                               break;
-                       case "-":
-                               $server['status'] = gettext("Outlier");
-                               break;
-               }
+exec("/usr/local/sbin/ntpq -pn $inet_version | /usr/bin/tail +3", $ntpq_output);
 
-               $ntpq_servers[] = $server;
+$ntpq_servers = array();
+foreach ($ntpq_output as $line) {
+       $server = array();
+       $status_char = substr($line, 0, 1);
+       $line = substr($line, 1);
+       $peerinfo = preg_split("/[\s\t]+/", $line);
+
+       $server['server'] = $peerinfo[0];
+       $server['refid'] = $peerinfo[1];
+       $server['stratum'] = $peerinfo[2];
+       $server['type'] = $peerinfo[3];
+       $server['when'] = $peerinfo[4];
+       $server['poll'] = $peerinfo[5];
+       $server['reach'] = $peerinfo[6];
+       $server['delay'] = $peerinfo[7];
+       $server['offset'] = $peerinfo[8];
+       $server['jitter'] = $peerinfo[9];
+
+       switch ($status_char) {
+               case " ":
+                       if ($server['refid'] == ".POOL.") {
+                               $server['status'] = gettext("Pool Placeholder");
+                       } else {
+                               $server['status'] = gettext("Unreach/Pending");
+                       }
+                       break;
+               case "*":
+                       $server['status'] = gettext("Active Peer");
+                       break;
+               case "+":
+                       $server['status'] = gettext("Candidate");
+                       break;
+               case "o":
+                       $server['status'] = gettext("PPS Peer");
+                       break;
+               case "#":
+                       $server['status'] = gettext("Selected");
+                       break;
+               case ".":
+                       $server['status'] = gettext("Excess Peer");
+                       break;
+               case "x":
+                       $server['status'] = gettext("False Ticker");
+                       break;
+               case "-":
+                       $server['status'] = gettext("Outlier");
+                       break;
        }
 
-       exec("/usr/local/sbin/ntpq -c clockvar $inet_version", $ntpq_clockvar_output);
-       foreach ($ntpq_clockvar_output as $line) {
-               if (substr($line, 0, 9) == "timecode=") {
-                       $tmp = explode('"', $line);
-                       $tmp = $tmp[1];
-                       if (substr($tmp, 0, 6) == '$GPRMC') {
-                               $gps_vars = explode(",", $tmp);
-                               $gps_ok = ($gps_vars[2] == "A");
-                               $gps_lat_deg = substr($gps_vars[3], 0, 2);
-                               $gps_lat_min = substr($gps_vars[3], 2);
-                               $gps_lon_deg = substr($gps_vars[5], 0, 3);
-                               $gps_lon_min = substr($gps_vars[5], 3);
-                               $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
-                               $gps_lat = $gps_lat * (($gps_vars[4] == "N") ? 1 : -1);
-                               $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
-                               $gps_lon = $gps_lon * (($gps_vars[6] == "E") ? 1 : -1);
-                               $gps_lat_dir = $gps_vars[4];
-                               $gps_lon_dir = $gps_vars[6];
-                       } elseif (substr($tmp, 0, 6) == '$GPGGA') {
-                               $gps_vars = explode(",", $tmp);
-                               $gps_ok = $gps_vars[6];
-                               $gps_lat_deg = substr($gps_vars[2], 0, 2);
-                               $gps_lat_min = substr($gps_vars[2], 2);
-                               $gps_lon_deg = substr($gps_vars[4], 0, 3);
-                               $gps_lon_min = substr($gps_vars[4], 3);
-                               $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
-                               $gps_lat = $gps_lat * (($gps_vars[3] == "N") ? 1 : -1);
-                               $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
-                               $gps_lon = $gps_lon * (($gps_vars[5] == "E") ? 1 : -1);
-                               $gps_alt = $gps_vars[9];
-                               $gps_alt_unit = $gps_vars[10];
-                               $gps_sat = (int)$gps_vars[7];
-                               $gps_lat_dir = $gps_vars[3];
-                               $gps_lon_dir = $gps_vars[5];
-                       } elseif (substr($tmp, 0, 6) == '$GPGLL') {
-                               $gps_vars = preg_split('/[,\*]+/', $tmp);
-                               $gps_ok = ($gps_vars[6] == "A");
-                               $gps_lat_deg = substr($gps_vars[1], 0, 2);
-                               $gps_lat_min = substr($gps_vars[1], 2);
-                               $gps_lon_deg = substr($gps_vars[3], 0, 3);
-                               $gps_lon_min = substr($gps_vars[3], 3);
-                               $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
-                               $gps_lat = $gps_lat * (($gps_vars[2] == "N") ? 1 : -1);
-                               $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
-                               $gps_lon = $gps_lon * (($gps_vars[4] == "E") ? 1 : -1);
-                               $gps_lat_dir = $gps_vars[2];
-                               $gps_lon_dir = $gps_vars[4];
-                       } elseif (substr($tmp, 0, 6) == '$PGRMF') {
-                               $gps_vars = preg_split('/[,\*]+/', $tmp);
-                               $gps_ok = $gps_vars[11];
-                               $gps_lat_deg = substr($gps_vars[6], 0, 2);
-                               $gps_lat_min = substr($gps_vars[6], 2);
-                               $gps_lon_deg = substr($gps_vars[8], 0, 3);
-                               $gps_lon_min = substr($gps_vars[8], 3);
-                               $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
-                               $gps_lat = $gps_lat * (($gps_vars[7] == "N") ? 1 : -1);
-                               $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
-                               $gps_lon = $gps_lon * (($gps_vars[9] == "E") ? 1 : -1);
-                               $gps_lat_dir = $gps_vars[7];
-                               $gps_lon_dir = $gps_vars[9];
-                       }
+       $ntpq_servers[] = $server;
+}
+
+exec("/usr/local/sbin/ntpq -c clockvar $inet_version", $ntpq_clockvar_output);
+foreach ($ntpq_clockvar_output as $line) {
+       if (substr($line, 0, 9) == "timecode=") {
+               $tmp = explode('"', $line);
+               $tmp = $tmp[1];
+               if (substr($tmp, 0, 6) == '$GPRMC') {
+                       $gps_vars = explode(",", $tmp);
+                       $gps_ok = ($gps_vars[2] == "A");
+                       $gps_lat_deg = substr($gps_vars[3], 0, 2);
+                       $gps_lat_min = substr($gps_vars[3], 2);
+                       $gps_lon_deg = substr($gps_vars[5], 0, 3);
+                       $gps_lon_min = substr($gps_vars[5], 3);
+                       $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
+                       $gps_lat = $gps_lat * (($gps_vars[4] == "N") ? 1 : -1);
+                       $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
+                       $gps_lon = $gps_lon * (($gps_vars[6] == "E") ? 1 : -1);
+                       $gps_lat_dir = $gps_vars[4];
+                       $gps_lon_dir = $gps_vars[6];
+               } elseif (substr($tmp, 0, 6) == '$GPGGA') {
+                       $gps_vars = explode(",", $tmp);
+                       $gps_ok = $gps_vars[6];
+                       $gps_lat_deg = substr($gps_vars[2], 0, 2);
+                       $gps_lat_min = substr($gps_vars[2], 2);
+                       $gps_lon_deg = substr($gps_vars[4], 0, 3);
+                       $gps_lon_min = substr($gps_vars[4], 3);
+                       $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
+                       $gps_lat = $gps_lat * (($gps_vars[3] == "N") ? 1 : -1);
+                       $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
+                       $gps_lon = $gps_lon * (($gps_vars[5] == "E") ? 1 : -1);
+                       $gps_alt = $gps_vars[9];
+                       $gps_alt_unit = $gps_vars[10];
+                       $gps_sat = (int)$gps_vars[7];
+                       $gps_lat_dir = $gps_vars[3];
+                       $gps_lon_dir = $gps_vars[5];
+               } elseif (substr($tmp, 0, 6) == '$GPGLL') {
+                       $gps_vars = preg_split('/[,\*]+/', $tmp);
+                       $gps_ok = ($gps_vars[6] == "A");
+                       $gps_lat_deg = substr($gps_vars[1], 0, 2);
+                       $gps_lat_min = substr($gps_vars[1], 2);
+                       $gps_lon_deg = substr($gps_vars[3], 0, 3);
+                       $gps_lon_min = substr($gps_vars[3], 3);
+                       $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
+                       $gps_lat = $gps_lat * (($gps_vars[2] == "N") ? 1 : -1);
+                       $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
+                       $gps_lon = $gps_lon * (($gps_vars[4] == "E") ? 1 : -1);
+                       $gps_lat_dir = $gps_vars[2];
+                       $gps_lon_dir = $gps_vars[4];
+               } elseif (substr($tmp, 0, 6) == '$PGRMF') {
+                       $gps_vars = preg_split('/[,\*]+/', $tmp);
+                       $gps_ok = $gps_vars[11];
+                       $gps_lat_deg = substr($gps_vars[6], 0, 2);
+                       $gps_lat_min = substr($gps_vars[6], 2);
+                       $gps_lon_deg = substr($gps_vars[8], 0, 3);
+                       $gps_lon_min = substr($gps_vars[8], 3);
+                       $gps_lat = $gps_lat_deg + $gps_lat_min / 60.0;
+                       $gps_lat = $gps_lat * (($gps_vars[7] == "N") ? 1 : -1);
+                       $gps_lon = $gps_lon_deg + $gps_lon_min / 60.0;
+                       $gps_lon = $gps_lon * (($gps_vars[9] == "E") ? 1 : -1);
+                       $gps_lat_dir = $gps_vars[7];
+                       $gps_lon_dir = $gps_vars[9];
                }
        }
 }
@@ -194,14 +193,14 @@
 function print_status() {
        global $config, $ntpq_servers;
 
-       if (isset($config['ntpd']['noquery'])):
+//     if (isset($config['ntpd']['noquery'])):
 
-               print("<tr>\n");
-               print('<td class="warning" colspan="11">');
-               printf(gettext('Statistics unavailable because ntpq and ntpdc queries are disabled in the %1$sNTP service settings%2$s'), '<a href="services_ntpd.php">', '</a>');
-               print("</td>\n");
-               print("</tr>\n");
-       elseif (count($ntpq_servers) == 0):
+//             print("<tr>\n");
+//             print('<td class="warning" colspan="11">');
+//             printf(gettext('Statistics unavailable because ntpq and ntpdc queries are disabled in the %1$sNTP service settings%2$s'), '<a href="services_ntpd.php">', '</a>');
+//             print("</td>\n");
+//             print("</tr>\n");
+       if (count($ntpq_servers) == 0):
                print("<tr>\n");
                print('<td class="warning" colspan="11">');
                printf(gettext('No peers found, %1$sis the ntp service running?%2$s'), '<a href="status_services.php">', '</a>');

7
2.4 Development Snapshots / dpinger loss high and loss low
« on: July 16, 2017, 02:44:26 pm »
How is this configured on 2.4 as detailed in this post?  https://forum.pfsense.org/index.php?topic=103818.0

thanks

8
Documentation / [HOW TO] usb tether on pfsense 2.4 as router
« on: July 11, 2017, 02:36:40 am »
This is a short guide on how to usb tether a android phone to pfsense and then have pfsense provide internet access to your lan over the tethered connection.

This sadly requires a custom kernel, I can provide the kernel here for download (pfsense 2.4) if permission is granted by the pfsense staff.

1 - Prepare a FreeBSD 11.0 machine to use for building the kernel, it can be physical or virtual doesnt matter.  No ports or packages need to be installed, it can be built using base tools in the OS.

2 - Download/clone the pfsense fork of the freebsd src-tree from github, located here, make sure to use master branch https://github.com/pfsense/FreeBSD-src to the build machine.

3 - cd in the FreeBSD-src folder, in my case its '/root/work/pfsense/pfsense/tmp/FreeBSD-src' as I cloned into /root/work

4 - run this command 'make buildkernel KERNCONF=pfSense' this will compile the kernel so wait a while.

5 - then run this command after its done to copy the kernel somewhere, e.g. to /root/work/pfsense/kernel 'make installkernel KERNCONF=pfSense KODIR=/root/work/pfsense/kernel'

6 - cd into the directory above the kernel so e.g. 'cd /root/work/pfsense'

7 - tarball the kernel ' tar -zcvf kernel.tar.gz kernel'

8 - put the tarball on your pfsense unit in /boot

9 - rename current kernel to something like kernel.stock so 'mv kernel kernel.stock'  this means if for some reason the kernel doesnt boot you can still manually boot to the stock kernel.

10 - untar the kernel and delete the tarball, so 'tar -zxvf kernel.tar.gz' and 'rm kernel.tar.gz'

11 - reboot

At this point you are booted into the new kernel.  The difference between this kernel and the stock is you now have all the modules, the actual kernel is the same.

12 - load the following 2 modules as follows
'kldload if_urndis'
'kldload if_ipheth'

13 - Plugin in the phone to a usb port.

14 - Enable mobile data mode and then enable usb tether on the phone.  At this point a ue0 device should appear in ifconfig but it wont have an ip address yet.

15 - In the pfsense gui navigate to interface assigments and assign one of the OPT devices to ue0.

16 - Now edit the OPT device and select DHCP for ipv4, then save and apply.  At this point ue0 should get an ip address.

17 - Navigate to routing settings.

18 - Choose edit for the OPT_DHCP device, and tick default gateway box, save and apply.

19 - you should now be online on the pfsense unit and lan devices that use pfsense as their gateway.

Additional notes.

1 - You may need to add a firewall rule for the opt device to allow traffic,
2 - If you dont want it as the default gateway then you can adjust the gateway settings differently.

9
General Questions / pfsense beta branch and tracking FreeBSD releases
« on: June 12, 2017, 05:02:38 am »
Historically when FreeBSD release a new minor release, does pfsense beta update to it?

So in this case pfsense 2.4 and FreeBSD 11.1 which is coming this summer, can I expect pfsense 2.4 to migrate to 11.1?

The reason for the question is that FreeBSD11-STABLE has a fair few nasty bugs fixed which exist in 11.0, including some kernel panic bugs affecting my unit, since pfsense doesnt follow the STABLE branch, these fixes will all be in 11.1 so I am hoping pfsense will migrate to 11.1 in the 2.4 branch.

https://www.freebsd.org/releases/11.1R/schedule.html

10
Feedback / forum jumping to bottom of page
« on: February 27, 2017, 05:25:15 am »
Anyone else got this issue? It maybe started for me about 1-2 weeks ago.

If I load any page on this forum after loading it jumps to the bottom so I have to scroll up manually.

11
webGUI / webGUI access log can it be disabled?
« on: February 17, 2017, 10:37:06 am »
I have observed nginx.log logs all the access in the gui, this can be quite a heavy log e.g. sitting on the home page with one web client logs more than 200 lines a minute.

This log appears to not be configurable, so if local logging is enabled it will log to /var/log, and if remote logging is enabled it gets sent to that also, but is no option to not send it.

So can it be disabled elegantly?

12
2.4 Development Snapshots / SFTP Issue
« on: February 13, 2017, 05:16:21 pm »
It's supposedly an easy to use file manager (for being an ncurses application) but since there are better ones like Filezilla, WinSCP and others that can use an SFTP connection and offer a proper GUI on your workstation I don't see why you would want to install it on pfSense.

Is SFTP supposed to work out of the box on pfsense? (Assuming a ssh key is added for the client).

I had to use winscp which I hate using because if I use a ftp client with SFTP I get the following message.

Code: [Select]
[23:15:20] [R] Auth Type: Public Key
[23:15:20] [R] Authentication succeeded
[23:15:20] [R] SSH Connection open
[23:15:20] [R] SSH Error: 101 Invalid Packet
[23:15:20] [R] [info] subsystem request for sftp failed, subsystem not found.
[23:15:20] [R] [execute] /usr/lib/openssh/sftp-server
[23:15:20] [R] SSH Error: 101 Invalid Packet
[23:15:20] [R] [execute] /usr/lib/sftp-server

If it is supposed to work maybe a bug should be filed? This is on pfsense 2.4.

Also I dont see the harm of making a pkg for mc providing the dependencies are low, as everyone has their favourite tools.

confirmed adding this line to /etc/ssh/sshd_config makes it work

Code: [Select]
Subsystem sftp internal-sftp pfsense 2.4

13
Feedback / smite and applaud list
« on: January 19, 2017, 06:53:17 pm »
is there a way to view who is giving me smite's?

thanks

14
2.4 Development Snapshots / 2.4 dhcp problem
« on: January 15, 2017, 12:46:40 pm »
Order of events

Built in wireless card in laptop setup with static dhcp lease ip 192.168.1.125
AC wireless dongle which was unused the MAC was entered with a static ip of 192.168.1.225
I decided to start using the dongle.
Disabled built in wireless card on laptop.
Plugged in dongle to laptop.
It connected using the correct 192.168.1.225 ip, however I want to use .125
Changed the MAC for built in wireless card to use 192.168.1.25
Changed AC dongle to use 192.168.1.125 and applied settings.
Laptop still on 192.168.1.225
Ran dhcp release in windows
Recconected laptop and still 192.168.1.225
Tried disabling the dongle in device manager and enabling again.
Still 192.168.1.225

On the Status - DHCP Leases screen the AC Dongle shows as online and using 192.168.1.125
There is nothing showing at all on the leases screen using 192.168.1.225 although thats what the laptop is using.

I have double checked the laptop is configured to use DHCP for ipv4.  There is no other DHCP server active on my lan.

15
IPv6 / occasional warnings in ipv6 logs
« on: January 13, 2017, 06:45:22 pm »
I have noticed occasionally in the wan_dhcp6 renewal process I am seeing logged kernel errors (warnings) reporting it cannot foward src.

examples below

Code: [Select]
Jan 13 22:39:15 kernel cannot forward src fe80:4::c6e9:84ff:x:x, dst x0:1450:4009:80e::200e, nxt 6, rcvif igb1, outif igb0
Jan 13 22:41:25 kernel cannot forward src fe80:4::c6e9:84ff:x:x, dst x0:1450:4009:80e::200e, nxt 6, rcvif igb1, outif igb0
Jan 13 22:42:18 kernel cannot forward src fe80:4::c6e9:84ff:x:x, dst x1:578:3::34d1:3bdc, nxt 6, rcvif igb1, outif igb0
Jan 13 22:43:36 kernel cannot forward src fe80:4::c6e9:84ff:x:x, dst x0:1450:4009:80d::200a, nxt 6, rcvif igb1, outif igb0


I censored some octets, the dst octets are very close to my actual wan ip prefix but not quite in the same range.

From what I can observe there is no actual ipv6 outages as the connection is monitored and I have idle ssh sessions which are remaining connected, so just curious on thoughts on what I am seeing.  If there is a way to silence it and if it represents a real problem.

Pages: [1] 2