The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - wgstarks

Pages: [1]
1
IDS/IPS / Suricate settings-which snort rules package?
« on: January 10, 2018, 08:51:05 am »
Did a little research regarding the use of snort rules packages in suricata. I found that any snort rules package should work with the exception that incompatible rules will just generate an error. Not sure what the best practice is though? Should i just use the rules for the most up to date version of snort? Or maybe its better to use an older version with better compatibility?

2
IDS/IPS / How to add custom rules to Suricata
« on: January 09, 2018, 09:07:52 pm »
I've found quite a few posts regarding syntax for custom rules but no discussion of how to actually add the rules. Is it as simple as pasting them into the Defined Custom Rules?

3
Packages / Snort blocking all torrents
« on: January 08, 2018, 08:36:12 am »
Recently installed Snort configured to not block any traffic (alerts only) and loaded the ET rules. Wanted to get an idea of what problems I would have with false positives. After a day or so I realized that snort actually was blocking torrent traffic. The only way I could find to pass the traffic was to uninstall the snort package. Iím sure this whole issue is probably due to ignorance on my part, so Iím looking for advice on how to install and test the package without any major disruptions to my network. Or maybe snort isnít a good fit with torrents? Should I try some other package?

4
pfBlockerNG / How to stop pfblockerNG from blocking sites??
« on: January 01, 2018, 10:29:10 am »
Foolishly when I installed pfblockerNG I failed to consider how blocking online advertisers would effect my ability to shop online. Now if I google an item that I want to purchase I just get a 1x1 pixel page. I tried whitelisting the blocked sites in the "alerts" tab, but that just results in another block alert the next time I try to visit the site and if I try whitelisting again I get a message that the site is already whitelisted. I have deleted all my IPv4 listings and their associated rules. I've run multiple updates in pfb. I even tried clearing the cache on my browser. What did I miss? My goal now is just to block malicious traffic, but not sure how to remove the blocks for ads?

5
General Discussion / Help with a Netgear GS724T Managed Switch and VLAN's
« on: December 28, 2017, 06:40:19 pm »
I'm trying to setup VLANs on a managed switch using this router-on-a-stick guide. The guide is for a 10 port switch and I'm trying to adapt it for my 24 port switch. Most of my machines in the local LAN are assigned to VLAN20 but after applying the settings I can no longer connect to the pfsense firewall at all. Do I need to setup a VGA monitor and keyboard to the pfsense box to change any services on it after applying the setting to my switch? It's running headless currently, but already configured to provide DHCP and DNS services on the LAN port which is connected to port 1 on my switch.

6
pfBlockerNG / When should I block inbound?
« on: December 23, 2017, 12:47:30 pm »
Iíve just recently installed pfSense and pfblockerng and this is all a little outside my expertise.

Most of the guides Iíve read have recommended using ďdeny bothĒ, but with the default blocking of all inbound traffic I can see that ďdeny outboundĒ would probably make more sense.

When and why would I ever need to deny inbound traffic? Iím sure there is a reason why this option was included.

7
General Discussion / Switching to AT&T fiber
« on: December 12, 2017, 07:59:46 pm »
I currently use my local cable company as my ISP. Iíll probably eventually switch to Google Fiber but it looks to be at least a year before they have their network completed in my area. In the meantime Iím thinking about AT&T fiber. Their prices are much cheaper than my current ISL and speeds would be at least doubled.

Not sure what changes I might need to make in my WAN configuration though (if any). Currently I get an IP via DHCP from my cable modem. I think that this would probably be the same with whatever equipment AT&T provides, but thatís just a guess on my part. I havenít been able to find any details on exactly what equipment they issue. Hoping other users might have some experience with this and any other gotchas I might need to watch out for?

8
Iíve been running OpenVPN-Access Server (aka OpenVPN-AS) in a docker on another machine for about a year now and really like it. Fairly easy to configure and havenít had any issues.

The how-to articles include instructions for installing OpenVPN-AS.

They also include instructions for installing OpenVPN Remote Access Server

Iím not sure which I should install. The OpenVPN Remote Access Server has a wizard so Iím sure Installation would be quick and easy. From the descriptions Iíve found it seems that the two software packages are very similar. The few screenshots Iíve seen from OpenVPN Remote Access Server are completely different from OpenVPN-AS though.

Are these two different user interfaces for the same software? The names are so similar that I suspect this may be true.

If not, which should I install? Easy installation/use would be my primary goal as long as security considerations are equal. I typically stick with default settings mostly anyway.

9
webGUI / How do I get private key for CA?
« on: December 03, 2017, 08:43:49 am »
I have a Positive SSL certificate from Comodo which I have installed as a certificate, but Iím struggling with getting Commodo installed as a CA. I have the intermediate package from Comodo but not sure how to get the private key? Itís my understanding that this key was generated with the CSR but Iím not sure how to retrieve it from my system?

10
Packages / Acme/LE help
« on: December 02, 2017, 07:08:26 pm »
I'm trying to get LE certificate following the instructions here. I'm trying to set nsupdate for validation as recommended, but I don't know what to paste into the KEY field.



Every time I try to generate a certificate I get a null key error.

11
Hardware / ZFS or UFS for single SSD
« on: November 30, 2017, 02:53:14 pm »
I just setup my pfSense box a few days ago. During the install process I was presented with an unexpected choice between ZFS and UFS. I chose one of the ZFS options initially but got an error that 2 drives were needed for this option so switched to UFS. Today I saw a post regarding trim support only in ZFS. Makes me wonder if I should reinstall and change the file format to ZFS if that is even possible with a single SSD?

12
General Questions / SSH login using default user ďadminĒ
« on: November 30, 2017, 09:42:40 am »
Iím a new pfSense user with a new pfSense install. Tried to login to the box via ssh for the first time yesterday using ssh admin@<IP> but the password wasnít accepted. Just kept getting prompted for the password until the connection was eventually refused and I would have to start over. I know the password is correct, it works for webgui login.

I was able to eventually login to ssh by creating a new user in the webgui with group ďadminsĒ which worked without issue. Still wondering why I canít login to ssh using the default admin user?

13
Hardware / How to enable speedstep in bios on minisys box
« on: November 28, 2017, 06:55:05 am »
Iím working on configuring my new pfSense box and would like to use powerd, but for that to work I need to enable Intel SpeedStep. Iíve been through the bios several times. I donít see any settings for speedstep in advanced>cpu. Am I looking in the wrong menu?

14
Installation and Upgrades / Initial setup network configuration
« on: November 17, 2017, 12:18:35 pm »
I imagine this has been discussed, but Iím not having much luck finding any info.

I will be receiving my hardware for my first pfSense router in a few weeks and Iím pretty much a noob at this. Was thinking that when I connect the box initially I would just have a WAN connection to my existing local network and a LAN connection to one desktop to be used for configuring the new router. That way my network wonít have much down time, since it will still be managed by the old router, and I can take my time with the configuration.

Not sure if this is a good idea or a noob mistake. I think this will setup a double nag with both routers running. Iíve always heard thatís bad, but since I donít have any background with network design I could use some input from more experienced users.

Is this a good plan?

Is there a better way to accomplish the initial setup?

Iím using an AirPort Extreme for routing right now and I donít see any way to export dhcp reservations and network settings to the new pfSense box. Maybe Iím missing something. Would really appreciate any advice.

15
Hardware / New pfsense for soho
« on: November 16, 2017, 10:24:25 am »
Iím just getting started with pfsense. Want to get something for my home network that will be somewhat future proof and supports AES-NI. Plan to install snort and OpenVPN at a minimum. Probably a few other packages as well. No WiFi though. Iíll use seperate APís for that.

Iíve been looking at this- https://www.amazon.com/Firewall-Appliance-Gigabit-AES-NI-Barebone/dp/B072ZTCNLK

Itís manufactured by a California based company with good user reviews so hopefully hardware support would be good if needed. Hoping to get some feedback from the pfsense community though, if anyone is already using this box. Also not sure how much ram and storage to purchase. My inclination is 8GB ram and a 120GB SSD, but maybe thatís overkill?

Pages: [1]