Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - wgstarks

Pages: [1] 2
DHCP and DNS / DNS list spring cleaning question
« on: April 04, 2018, 09:36:07 am »
Iíve setup DNS with TLS using quad9 (for now) as suggested on the netgate blog. IF Iím understanding the blog post correctly, all my dns quiries will go through the quad9 servers. Can I go ahead and delete the other 4 or 5 dns servers that I have configured in general settings?

Packages / [SOLVED] Snort fails after OS update
« on: March 29, 2018, 01:37:45 pm »
Just updated to 2.4.3 and noticed that Snort wasn't running. Checked the package manager and it showed an update for Snort. When I try to update I get this-
Code: [Select]
>>> Upgrading pfSense-pkg-snort...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-pkg-snort: -> [pfSense]

Number of packages to be upgraded: 1
[1/1] Upgrading pfSense-pkg-snort from to
[1/1] Extracting pfSense-pkg-snort- .......... done
Removing snort components...
Menu items... done.
Services... done.
Loading package instructions...
pfSense-pkg-snort- missing file /usr/local/share/licenses/pfSense-pkg-snort-
pfSense-pkg-snort- missing file /usr/local/share/licenses/pfSense-pkg-snort-
pfSense-pkg-snort- missing file /usr/local/share/licenses/pfSense-pkg-snort-
pkg-static: Fail to rename /var/db/snort/sidmods/.disablesid-sample.conf.DGfxfSvviirT -> /var/db/snort/sidmods/disablesid-sample.conf:No such file or directory

I'm seeing this entry flooding my system log-
Code: [Select]
Jan 22 17:09:09 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:09:40 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:10:11 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:10:41 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:11:12 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:11:42 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:12:08 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1
Jan 22 17:12:13 kernel arp: 00:25:90:44:11:e7 attempts to modify permanent entry for on em1 is my unRAID server. Not sure if something is misconfigured there or if it's my pfsense setup. Would appreciate any advice?

IDS/IPS / Suricate settings-which snort rules package?
« on: January 10, 2018, 08:51:05 am »
Did a little research regarding the use of snort rules packages in suricata. I found that any snort rules package should work with the exception that incompatible rules will just generate an error. Not sure what the best practice is though? Should i just use the rules for the most up to date version of snort? Or maybe its better to use an older version with better compatibility?

IDS/IPS / How to add custom rules to Suricata
« on: January 09, 2018, 09:07:52 pm »
I've found quite a few posts regarding syntax for custom rules but no discussion of how to actually add the rules. Is it as simple as pasting them into the Defined Custom Rules?

Packages / Snort blocking all torrents
« on: January 08, 2018, 08:36:12 am »
Recently installed Snort configured to not block any traffic (alerts only) and loaded the ET rules. Wanted to get an idea of what problems I would have with false positives. After a day or so I realized that snort actually was blocking torrent traffic. The only way I could find to pass the traffic was to uninstall the snort package. Iím sure this whole issue is probably due to ignorance on my part, so Iím looking for advice on how to install and test the package without any major disruptions to my network. Or maybe snort isnít a good fit with torrents? Should I try some other package?

pfBlockerNG / How to stop pfblockerNG from blocking sites??
« on: January 01, 2018, 10:29:10 am »
Foolishly when I installed pfblockerNG I failed to consider how blocking online advertisers would effect my ability to shop online. Now if I google an item that I want to purchase I just get a 1x1 pixel page. I tried whitelisting the blocked sites in the "alerts" tab, but that just results in another block alert the next time I try to visit the site and if I try whitelisting again I get a message that the site is already whitelisted. I have deleted all my IPv4 listings and their associated rules. I've run multiple updates in pfb. I even tried clearing the cache on my browser. What did I miss? My goal now is just to block malicious traffic, but not sure how to remove the blocks for ads?

I'm trying to setup VLANs on a managed switch using this router-on-a-stick guide. The guide is for a 10 port switch and I'm trying to adapt it for my 24 port switch. Most of my machines in the local LAN are assigned to VLAN20 but after applying the settings I can no longer connect to the pfsense firewall at all. Do I need to setup a VGA monitor and keyboard to the pfsense box to change any services on it after applying the setting to my switch? It's running headless currently, but already configured to provide DHCP and DNS services on the LAN port which is connected to port 1 on my switch.

pfBlockerNG / When should I block inbound?
« on: December 23, 2017, 12:47:30 pm »
Iíve just recently installed pfSense and pfblockerng and this is all a little outside my expertise.

Most of the guides Iíve read have recommended using ďdeny bothĒ, but with the default blocking of all inbound traffic I can see that ďdeny outboundĒ would probably make more sense.

When and why would I ever need to deny inbound traffic? Iím sure there is a reason why this option was included.

General Discussion / Switching to AT&T fiber
« on: December 12, 2017, 07:59:46 pm »
I currently use my local cable company as my ISP. Iíll probably eventually switch to Google Fiber but it looks to be at least a year before they have their network completed in my area. In the meantime Iím thinking about AT&T fiber. Their prices are much cheaper than my current ISL and speeds would be at least doubled.

Not sure what changes I might need to make in my WAN configuration though (if any). Currently I get an IP via DHCP from my cable modem. I think that this would probably be the same with whatever equipment AT&T provides, but thatís just a guess on my part. I havenít been able to find any details on exactly what equipment they issue. Hoping other users might have some experience with this and any other gotchas I might need to watch out for?

Iíve been running OpenVPN-Access Server (aka OpenVPN-AS) in a docker on another machine for about a year now and really like it. Fairly easy to configure and havenít had any issues.

The how-to articles include instructions for installing OpenVPN-AS.

They also include instructions for installing OpenVPN Remote Access Server

Iím not sure which I should install. The OpenVPN Remote Access Server has a wizard so Iím sure Installation would be quick and easy. From the descriptions Iíve found it seems that the two software packages are very similar. The few screenshots Iíve seen from OpenVPN Remote Access Server are completely different from OpenVPN-AS though.

Are these two different user interfaces for the same software? The names are so similar that I suspect this may be true.

If not, which should I install? Easy installation/use would be my primary goal as long as security considerations are equal. I typically stick with default settings mostly anyway.

webGUI / How do I get private key for CA?
« on: December 03, 2017, 08:43:49 am »
I have a Positive SSL certificate from Comodo which I have installed as a certificate, but Iím struggling with getting Commodo installed as a CA. I have the intermediate package from Comodo but not sure how to get the private key? Itís my understanding that this key was generated with the CSR but Iím not sure how to retrieve it from my system?

Packages / Acme/LE help
« on: December 02, 2017, 07:08:26 pm »
I'm trying to get LE certificate following the instructions here. I'm trying to set nsupdate for validation as recommended, but I don't know what to paste into the KEY field.

Every time I try to generate a certificate I get a null key error.

Hardware / ZFS or UFS for single SSD
« on: November 30, 2017, 02:53:14 pm »
I just setup my pfSense box a few days ago. During the install process I was presented with an unexpected choice between ZFS and UFS. I chose one of the ZFS options initially but got an error that 2 drives were needed for this option so switched to UFS. Today I saw a post regarding trim support only in ZFS. Makes me wonder if I should reinstall and change the file format to ZFS if that is even possible with a single SSD?

General Questions / SSH login using default user ďadminĒ
« on: November 30, 2017, 09:42:40 am »
Iím a new pfSense user with a new pfSense install. Tried to login to the box via ssh for the first time yesterday using ssh admin@<IP> but the password wasnít accepted. Just kept getting prompted for the password until the connection was eventually refused and I would have to start over. I know the password is correct, it works for webgui login.

I was able to eventually login to ssh by creating a new user in the webgui with group ďadminsĒ which worked without issue. Still wondering why I canít login to ssh using the default admin user?

Pages: [1] 2