Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - tacfit

Pages: [1] 2
Cache/Proxy / Sarg Reports Showing up Blank
« on: August 06, 2015, 01:39:16 pm »

We are attempting to run sarg reports using squid on pfsense 2.2.4-RELEASE (i386) and get completely blank reports.

The squid package we have installed is 2.7.9 pkg v.4.3.6 and the sarg package is 0.6.4 which we installed using the gui package manager.

The install and configuration went without errors but clicking on the View Report tab initially yielded "Error: Could not find report index file."

Applying this fix
took care of that allowing reports to be generated on schedule. We can now see the list of reports (generated hourly) along with a summary with number of users and data usage for each report on the main page.  The only problem now is that the reports are completely empty. (see screenshots) Clicking on a reports generates a table with headings and absolutely nothing under it.

Real Time data is showing up perfectly.

Squid is setup as a transparent proxy and appears to be working perfectly. Logs are being generated as expected and where specified.

In Sarg:
Proxy server is set to squid
"Report settings" are set to default values
Limit values are all set to unlimited except "Reports days limits" which is set to 14 days
"Exclude" settings are all left blank
"Users" settings are left to default values
A schedule is setup and enabled to run every hour

Is there something obvious I've missed?

Thanks in advance!

General Questions / Full crash on 2.0 release
« on: September 29, 2011, 09:17:18 am »
We upgraded our 2.0 RC3 machine to 2.0 release this morning, and it worked for about 4 hours before biting the dust. I'm trying to find out more about what happened, but I'm told the system by the guy onsite that it "did a Unix version of a BSOD".

I've just updated this ticket with this info, but I'll post it here also for anyone else's benefit. I've tested layer7 a bit more today, and am seeing some strange behaviour. I've added some Layer7 rules, and am then watching the System log. Look down for some lines from the log. Currently, my layer7 is configured with NO block rules, only queue rules. However, it appears that only some of my queues are acceptable destinations. Specifically, 4 of my queues (I've tested multiple times) result in the log output saying "rule altq" and all the rest of my queues result in the log saying "rule action block". That sounds like a problem... unless I'm reading into this log too much. I've attached my shaper config to the ticket, for anyone that's interested.

May 26 07:46:52 ipfw-classifyd: Loaded Protocol: xboxlive (rule altq)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: teamfortress2 (rule altq)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: tar (rule action block)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: subspace (rule altq)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: stun (rule action block)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: radmin (rule action block)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: quicktime (rule action block)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: postscript (rule action block)
May 26 07:46:52 ipfw-classifyd: Loaded Protocol: nntp (rule action block)

Firewalling / Bonjour/Multicast DNS flooding
« on: March 24, 2011, 12:29:05 pm »
Hey guys, we've had this issue come up before and couldn't find a solution, today it's come back. We have one particular Mac OS X machine that periodically floods our network with multicast DNS packets. The destination is (multicast address), and it's UDP traffic. I believe it's part of the Bonjour discovery service.

I can't figure out how to handle this traffic, it's overwhelming my firewall (and it's happened in the past). The default rule blocks the traffic, but so I guess it's more of a switching issue (and nothing in pfsense)... something about how we handle multicast traffic within the LAN? I'd really appreciate if someone can advise me here. This client has sent 16GB in the last 2 hours alone.  "But I'm not even surfing the web!" he says.

I upgraded to the latest version this AM: 2.0-RC1 (i386) built on Wed Mar 16 17:04:38 EDT 2011. Been going through everything making sure it works as expected, and I've found that the traffic shaper doesn't seem to be following the size limits established. My primary WAN is capable of traffic >10Mbps, but I've configured the shaper WAN queue to only be 2.5Mbps. When I run speed tests behind the shaper, I can see the traffic is hitting the shaper queues, but I'm getting speeds in the realm of 15Mbps... basically it's topping out my connection and not caring about the 2.5Mbps queue size I established.

Is this a bug, or is this behaviour in the shaper that I'm not aware of?

We're using this snapshot: "Wed Sep  1 11:07:08 EDT 2010" and are seeing a lot of these messages in our system log. I assume it's because of our layer7 filtering. Any suggestions? The server is a brand new Dell PowerEdge R250, with 2GB of RAM. Utilization is low across the board.

ipfw-classifyd: unable to write to divert socket: No buffer space available

Hey guys, I had this question last week and found a bunch of unanswered forum topics that I can't reply to anymore to answer them. I consulted the manual and it also didn't explain clearly why there are 2 queues to specify on the shaper rules pages, so I spoke with support and Jim clarified it for me. The two queues are required because the shaper is stateful, so regardless of the direction of traffic that your rule is trying to match, there will generally be some return traffic, in the form of ACKs or any other confirmation packets that are returning. The second queue is for matching those returning packets.

So if your traffic is outbound (LAN > WAN) then you're most interested in the target outbound queue, and the inbound queue will catch the returning confirmation/ACK packets. And if the traffic is inbound, the reverse applies.

Hope that helps someone. Thanks a lot to Jim at the support team for the thorough and clear explanation!

Surely this has bugged people before... I still need an answer:
When working with a bridged interface, and creating firewall rules, which interface's subnet should you specify as the source of traffic? I've got LAN and Wireless bridged, but I don't know whether to select "LAN net" or "Wireless net" as the source of my traffic for firewall rules.

Hey all, I love my pfsense boxes, but have run into a bit of a problem. I've attached a CRUDE image below. The blue network is the LAN. Forgive my artistic failings, I'm an IT Manager.

Current Situation
We have a main office, and a dedicated fiber remote link to a data centre. In the main office, the remote link is just patched straight into a switch, and the data centre end is viewed as part of the LAN. There's no routing device needed at present, on the main office side.
In the data centre, the remote link connects to a pfsense box, which has an IP in the LAN as stated above. There's also a protected network, for our web servers, as well as a connection to the internet.

This works wonderfully, except that we've had some provider problems with the fiber link lately, and need a failover option, in case the fiber is down.

Proposed Situation
I've been proposed by a company to use Cisco 1811 devices at either end of the link, that will handle the failover to a VPN connection. However, I was hoping I could accomplish this using pfsense boxes instead. I'd obviously need one in the main office side (where we currently don't need one) that would handle the failover from that side, and the box in the data centre (or a second box) would be needed to failover from that side

I'm just not sure how to configure the failover, whether the pfsense load balancer can handle failing over to a VPN, and so on. Can any of you wise folk share your advise?

Firewalling / Sending IPs of email server behind pfsense
« on: April 15, 2008, 09:31:53 am »
Hey folks,

I feel like this should have a simple solution, or no solution, and I feel silly asking it, but I've Googled and thought about it... and well, here we are.

Situation is: We have an email server behind pfsense. When that server sends out email, the originating IP that recipients see is that of our firewall. I would much rather the "sending" IP be the public IP of my mail server... but how do I do this?

Thanks guys.

Hey all,

I'm seeing some odd behaviour with my static routes, and I'm not sure if I got something wrong along the way.

Maybe these two images can help.

Hey all, I'm so frustrated by this issue. I've hunted around and tried everything I can think of, searched the forums, checked the FAQ, etc.

The subject pretty much says it all. I've added a virtual IP on the LAN interface, and have created LAN rules and a NAT rule allowing all traffic out from a specific IP range. This IP range is not my usual LAN subnet... hence the creation of a virtual IP, so the firewall can "hear" the requests. I've set that virtual IP as the gateway of a test client in that new subnet.

When I try to access anything beyond the pfsense box though, I get nothing. Can't ping, can't tracert, browse, anything. Looking at the firewall logs, I can see this traffic is being passed though! So, I'm not really sure how to proceed. Perhaps this is an unsupported configuration?

Installation and Upgrades / pfSense 1.2 RC3. Like a rock
« on: November 14, 2007, 06:38:10 am »
Upgrade went flawlessly (from 1.2 RC2). Web gui feels much more responsive... I don't know if that's the lighthttpd changes or what, but it's nice. I had posted elsewhere about issues with the log list, those are totally gone. As present, everything looks great to me.

I use multi WANs and multi LANs, and would love to have traffic shaping abilities. I'm wondering in what way the shaper doesn't work. Is it simply that the wizard can't handle it?
Looking at the rules it would seem that I could create rules applicable to my other networks.

Also, when saying traffic shaper doesn't work for multi-WAN... does that mean it will only work on 1 specific WAN/LAN, or will it just stop everything from working?

Expired/Withdrawn Bounties / DHCP leases filtered by interface - 50$
« on: September 17, 2007, 12:10:08 pm »
I was surprised to notice this wasn't already done. Under Status > DHCP Leases, I'd love to be able to filter the list by the interface the DHCP server is serving on. I use DHCP for two interfaces, but the lease list throws them all in together.

Any takers?

Pages: [1] 2