Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rebman77

Pages: [1] 2 3
1
Hi,

I am new to pfsense, can someone have a look at the attached image and tell me if it looks correct please.

Was looking at this guide, https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense and comparing to your screenshot.  What are the implications of unchecking the "invert match" box and not disabling NAT reflection?

2
DHCP and DNS / "Enable DNSSEC Support" and OpenDNS
« on: September 09, 2017, 09:14:19 am »
So I know OpenDNS doesn't support DNSSEC...

I currently am using OpenDNS with my pfSense setup and any guides I find say to always uncheck the "Enable DNSSEC Support" option within the DNS Resolver settings.  I thought these two guides below were pretty straightforward and consistent and after reading through them I had two questions:

https://everyjuans.blogspot.com/2017/02/how-to-configure-pfsense-with-opendns.html
https://disloops.com/opendns-on-pfsense/

So my first question is this, I've been running with OpenDNS with the DNSSEC support option enabled, and other than some errors in the log (like below), everything seems to be working on the surface.  So with it enabled, what breaks when using OpenDNS?  Should I even be able to resolve addresses at all?  The way I understood it, is that Opendns would just not work with that option enabled, which then got me thinking is something wrong with my setup??

info: failed to prime trust anchor -- DNSKEY rrset is not secure . DNSKEY IN

All three OpenDNS test sites work fine with DNSSEC enabled:
http://welcome.opendns.com/
http://www.internetbadguys.com/
http://www.exampleadultsite.com/

Also, ipleak.net shows all Opendns servers and a "nslookup youporn.com 8.8.8.8" resolves to a OpenDNS block page, so appears pfSense is properly forcing all resolutions to use OpenDNS.


My second question is both guides say to check the "Disable DNS Forwarder" option under the General Setup.  I've currently been running with it unchecked and everything seems ok.  Any burning reason I need to check it?  What are the implications by not checking it?

3
I had the same problem.  See the end of this thread for the solution that worked for me.

https://forum.pfsense.org/index.php?topic=130993.0

4
IDS/IPS / Re: Snort failing to start on WAN
« on: May 26, 2017, 04:23:00 pm »
I had the very same problem after upgrading to 3.2.9.3.  After disabling 2002802, the WAN service started without issue.

How in the world did you figure out it was that specific SID?  Just curious if I'm missing something in a log that would have helped me troubleshoot.

Here was my error:

Code: [Select]
FATAL ERROR: /usr/local/etc/snort/snort_41202_em0/rules/snort.rules(1420) byte_test rule option cannot extract more than 4 bytes without valid string prefix.

5
pfBlockerNG / Re: DNSBL - Blocking of iOS App Downloads
« on: May 17, 2017, 06:43:23 pm »
Bingo!  Adding the CNAME entry to the white list resolved it.

6
pfBlockerNG / DNSBL - Blocking of iOS App Downloads
« on: May 17, 2017, 05:44:39 pm »
Can't seem to figure this one out.  With DNSBL enabled, I am unable to download / update iOS apps on any of my iOS devices.  Works fine with DNSBL disabled.  See attached image of the alert that gets generated in DNSBL.  What I can't figure out is which list is generating the block and even adding the domain to the whitelist doesn't resolve the issue.  Hovering over the 'plus' sign, says "This Domain is already in the DNSBL WhiteList" and it won't let me add it again.

I guess I could disable every list until I figure out which one is causing the problem, but hoping someone has some tips  on an easier way of identifying which list is generating the block.  Also, would be good to better understand why it's still getting blocked even if it's defined in the WhiteList.  I also confirmed this is the only alert being generated when attempting to download/update iOS apps.

7
Will this fix be in the 2.4 release?

8
pfBlockerNG / Blacklists UT1
« on: January 07, 2017, 01:36:38 pm »
Does anyone know if pfBlockerNG can be used with Blacklists UT1?  https://dsi.ut-capitole.fr/blacklists/index_en.php  Tried to set it up, but getting errors when trying to download the lists.

9
Firewalling / Re: Block Mirai?
« on: October 28, 2016, 06:18:47 pm »
Was looking over the link below and just wondering with what happened with Mirai, is there any other special setup requirements that we should consider when setting up pfSense?  e.g. Will the "default" firewall rules, snort, etc... cover these types of attacks?

https://www.us-cert.gov/sites/default/files/publications/DDoS%20Quick%20Guide.pdf



10
I'm seeing the same spam in my system log.  I tried the suggestion, but that didn't resolve it.  I didn't have any interfaces selected under the TFTP Proxy section when I checked.  Tried selecting all my interfaces, then saved it, then deselected them, then saved again.  But messages still appear every 15 min.


Code: [Select]
Jun 10 21:00:00 xinetd 23343 Reconfigured: new=0 old=1 dropped=0 (services)
Jun 10 21:00:00 xinetd 23343 readjusting service 6969-udp
Jun 10 21:00:00 xinetd 23343 Swapping defaults
Jun 10 21:00:00 xinetd 23343 Starting reconfiguration

11
General Questions / Error written to System Log after clearing log
« on: June 10, 2016, 08:59:20 pm »
Not a big deal, but just curious.  Each time the system log is cleared, there's a nginx error added to the system log like below:

Code: [Select]
nginx: 2016/06/10 20:46:39 [error] 30871#0: send() failed (54: Connection reset by peer)
Other than the error message that gets written, I can't see any other problems.  Was just curious if this is a known issue, or if something was going on with my setup.  I'm running 2.3.1-RELEASE-p1.

12
IDS/IPS / Re: Snort - portscan/Portsweep from WAN interface suddenly
« on: June 02, 2016, 08:14:41 pm »
I'm seeing the same thing. I just noticed it today, but not sure how long it's been occuring.  I was running Snort rules from Jun 1st and EMThreat rules from Jun 2nd and still seeing problems.  Snort is blocking facebook, google, bing and others.  I forced an update and both rulesets are now dated Jun 2.  We'll see if that fixes it.

I've always had my portscan sensitivity set to "low" and haven't changed anything with my Snort setup for months.  So hoping it was just a bad batch of rules.

13
I piddled around with this a bit more.  My only guess is at some point when I turned on RAM disks, the /var/db/pkg database became corrupted some how.  I traced the functions that are used to determine if an upgrade is needed and found that the call to "pkg info -e pfSense-base-pfSense" never returns a value (the function also calls "info -e pfSense-base" and "info -e pfSense", all of which return nothing).  I think at this point the only resolution is a reinstall.

Here's the snippet of code from pkg-utils.inc that is returning false, which then it generates the message "Unable to check for updates":

...
   $base_pkg = get_base_pkg_name();
   $meta_pkg = get_meta_pkg_name();

   if (!$base_pkg || !$meta_pkg) {
      return false;
   }
...

14
I'm having the same problem.  Was playing around and enabled the RAM disks, then lost the ability to get updates.  Packages still install, but seems that just the system update is broken.  I've disabled RAM disks, but still no luck getting updates.  Tried the "playback gitsync master" from the console suggestion.  It sync'd, but still no luck getting the system update to work.  Appreciate if anyone has suggestions.  Would rather not have to reload.

15
No, it does not currently work with the latest build of 2.3.  I see in the link below the driver has been updated, just can't tell which version of FreeBSD it will go in.

https://svnweb.freebsd.org/base/head/sys/dev/e1000/e1000_i210.c?revision=295323&view=markup&sortby=date

Pages: [1] 2 3