Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - GemeenAapje

Pages: [1]
IDS/IPS / Snort - prevent blocking self
« on: February 07, 2018, 03:56:07 am »
Hi guys

I'm trying to configure snort to add some additional security to be web server.

At the moment I'm running it and monitoring the alerts without blocking.

My web server is within my home network and I'm running snort on pfSense router on the WAN interface only. Is this correct practice?

One thing i see, for example, is when I'm using Deezer that I see my own external IP flag up as accessing iTunes, for example "ET POLICY iTunes User Agent"

Before I enable blocking, I really want to be 2000% sure that my own IP is never going to be added to the banned list, blocking my web server from accessing the outside world.

Any advice greatly welcome.


General Questions / VLAN WAN dies when PPPoE is enabled
« on: January 29, 2018, 06:24:02 pm »
Hi guys
I'm trying to setup pfSense to work with my new internet provider (XS4ALL in the Netherlands).

Here internet is being run over VLAN 6.

I've followed some handy configuration instructions I found online, but for my setup it fails.

I can enable the interface with VLAN 6, runs fine and shows "up".  It can also get a DHCP IP address.

But when I switch the PPPoE the link goes down and refuses to come up.

I tried various MTU settings but the only way I can get the interface back online is to remove PPPoE and set it back to static/dynamic IP again.

It's a VM running:
2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

It's on a HP Proliant 380 G9 using on-board 1gbps LAN card.

I've set the port switch in ESXi to be on VLAN 6 also.

Really hope someone can help me.


IDS/IPS / Unknown snort rule
« on: July 21, 2017, 02:44:31 am »
Hi all
I'm new to pfSense and Snort but have spent the best part of a week playing with the system.

Since adding Snort we've found lots of weird behaviour, like Netflix just stopping half-way through a movie etc.

Looking at my logs I see many alerts for things I wouldn't expect - like it's blocking HTTPS for example.  The rule mentioned is nowhere to be found (Googled a lot before posting here).

For example...
07/21/17-09:35:29.838333 ,1,70856,1,"https",TCP,,37191,,443,56737,Misc activity,3,
07/21/17-09:35:29.838333 ,1,70542,1,"netflix",TCP,,37191,,443,56737,Misc activity,3,
07/21/17-09:35:29.838802 ,1,70856,1,"https",TCP,,37191,,443,56738,Misc activity,3,
07/21/17-09:35:29.838802 ,1,70542,1,"netflix",TCP,,37191,,443,56738,Misc activity,3,
07/21/17-09:35:29.839073 ,1,70856,1,"https",TCP,,37191,,443,56739,Misc activity,3,

If I look for the rule numbers I cannot find them online.

Why would HTTPS be being blocked? It makes no Pfsense ;-)



IPsec / VPN Newbie question - which VPN to use?
« on: July 20, 2017, 04:27:17 am »
hi all

can someone please help me.... how do I decide which VPN setup to use?

Purpose: Need to access my home network from Windows 7-10 and Android. Nothing else is important.

Needs to be as secure as possible - i.e. that nobody can brute-force it within a reasonable length of time.

I cannot understand which is best to use. For example IPSec IKEv2 / EAP-MSCHAPv2   vs   OpenVPN

Any idea where I should start?


NAT / Urgent help: pfsense login on WAN port!
« on: July 17, 2017, 04:28:13 am »
Hi guys

I desperately need urgent help please.

I have the following setup...

PfSense as router > another pfsense as load balancer > 2 VM's (web farm) running IIS 10.

There are multiple websites on the VMs.
Port Forward/NAT is enabled on the router pointing to the load balancer IP  (ports 80 and 443)
The load balancer splits the traffic over 2 web servers.
Both pfSense devices are listening on port 444 (as https) and not 443, to save confusion/conflicts.
The WAN port should NOT have pfsense web GUI available at all, and is disabled.

Here's the problem...
SOME of my sites work  fine and show perfectly normal (from outside the network accessing via the WAN link).
But some show the pfSense login!!!!  It even forwards my port 443 to 444!!!!  What the hell?  Nowhere do I have it set to do this, nor should the login be available to WAN clients!

I can see this when accessing via the Google PageSpeed test for example. I see pfsense as the thumbnail/screenshot for one site, but not for other sites.

I'm freaking out and need help asap please.


Pages: [1]