Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Kalle13

Pages: [1] 2 3
1
That's right.
I have the luck that my server is in my network next to my pfSense router. That's why I can do it the easy way.
Quote
My ISP - as many others others - simply block all outgoing connections to 'port 25' (smtp) except their own mail server.
Before a couple of months my ISP was also blocking port 25. My solution was to call them and to ask if they would unblock the port and they did.  ;D

cheers
Kalle

2
General Questions / Re: Can't get any notifications via mail from pfsense.
« on: December 12, 2016, 02:27:20 pm »
Thank you guys for your help!
Now I get my notifications.
But I've chosen the dark side of the settings-side.
The easiest and the simplest way: Port 25 without SSL on the pfSense settings. ::)

Cheers
Kalle


3
General Questions / Re: Can't get any notifications via mail from pfsense.
« on: December 08, 2016, 02:50:16 pm »
Hello KOM,

thank you for your reply.

Quote
He told you that already.  There is no chain of trust with a self-signed cert.  It's like making a photo ID of yourself at home and then thinking it will get you past airport security.
Ok, no now I understand what you guys want to tell me.

Quote
Genuine SSL certs can be had for cheap.  StartCom offers free certs, as does the Let's Encrypt project.
Thank you for the hint.

Quote
Quote
But before the pfSense Upgrade (like I said in my previous post) it worked just fine.
Is it possible that you had previously imported the pfSense CA cert as a trusted authority?
No, I haven`t. Probably it`s worth a investigation why it worked before the upgrade.

Cheers,
Kalle

4
General Questions / Re: Can't get any notifications via mail from pfsense.
« on: December 07, 2016, 05:29:36 am »
Hello jimp,

thank you for your response.
Quote
If you use a valid certificate and a proper matching hostname/cn it will work.
I can't believe what I am reading. Why can't I use a self signed certificate? Therefore for a user like me who uses pfsense in his home enviroment it is impossible to get notifications via ssl?
But before the pfSense Upgrade (like I said in my previous post) it worked just fine.

Regards
Kalle

5
Hello guys,

first I want to thank all these people who make PFsense possible! Great work!  ;D
I am using it like about one year and it works great!

Unfortunately there is an little issue that I can`t just oversee. I don't get any notifications via mail.
My last notification was in 28th July during the firmware update to 2.3.2 I think: "Firmware upgrade in progress...". After that I got no more notifications.

When I try to send a test notification these lines appeared in my mail.log
Code: [Select]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: connect from unknown[192.168.2.1]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: SSL_accept error from unknown[192.168.2.1]: 0
Nov 29 23:19:46 Mail postfix/smtpd[26590]: warning: TLS library problem: 26590:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1300:SSL alert number 48:
Nov 29 23:19:46 Mail postfix/smtpd[26590]: lost connection after STARTTLS from unknown[192.168.2.1]
Nov 29 23:19:46 Mail postfix/smtpd[26590]: disconnect from unknown[192.168.2.1]

After a little search I found out that this was probably a problem with my certificate.
http://serverfault.com/questions/660241/postfix-tls-error
Also there was a bug (#BUG5604) https://redmine.pfsense.org/issues/5604 with the exact headline like mine and though that the bug is not fixed yet. But I think I was mistaken.

My mail setup is like: I have a mail server, and all my little server and thingies are sending their status via mail to it. All mails from these servers were delivered accept the one from my pfsense box. The smtp connection starts with STARTTLS on port 25 and I have my own self signed certificate.

I hope you might have a little hint for me.

Cheers
Kalle

6
General Questions / Re: nginx - I don`t understand //SOLVED\\
« on: September 19, 2016, 01:31:37 pm »
Hi,

what does
Code: [Select]
sockstat -l | grep :80 say?

Best regards

7
I`ve found the solution for me.  ;D
I simply reinstalled squid.
Now it`s working properly.

Cheers

8
Hi,

thank you for your answer.
What is "MiTM"?
I have had working on version 2.2 without any issue. On 2.3 I uninstalled squidguard and tried pfBlockerNG. But now I want squidguard back. ::)
I will still try on it some time. Perhaps I will do it like you.

Best regards

9
Hi,

I have the same problem. Did you solve it?

Regards
Kalle

10
Cache/Proxy / Re: Squid+Squidguard Broken after 2.3 update
« on: August 26, 2016, 01:17:33 pm »
Ok after a couple of different methods to try and make it  work, uploading tar file, ungz , untar, create and delete folder, move thing s around,

Frustrated I went to my original backup before updating to 2.3, restored it, enabled squid.

And heres the magic, it appears I have to spam the download button (5+ clicks under 2 secs) in squidGuard>Blacklist>Download and tada, it started working.

Hope this might help anyone with this specific problem,


Cheers

It worked! :D
You saved me a lot of time.
Thank you!

Cheers

11
General Questions / Re: nginx - I don`t understand
« on: August 25, 2016, 05:57:40 pm »
Thank you, that worked for me!  ;D

Best regards.

12
General Questions / nginx - I don`t understand //SOLVED\\
« on: August 24, 2016, 05:17:20 pm »
Hi,

I want to get wpad support on my pfsense (2.3.2) and I am following this manual https://nguvu.org/pfsense/pfSense-2.3-WPAD-PAC-proxy-configuration-guide/
At the point where I have to test the second nginx instance I get this output

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: /usr/local/sbin/nginx -c /usr/local/etc/nginx/nginx-wpad.conf
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] still could not bind()


After a little research:

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: sockstat -l | grep :80
root     nginx      89102 8  tcp4   *:80                  *:*
root     nginx      89102 9  tcp6   *:80                  *:*
root     nginx      88826 8  tcp4   *:80                  *:*
root     nginx      88826 9  tcp6   *:80                  *:*
root     nginx      88033 8  tcp4   *:80                  *:*
root     nginx      88033 9  tcp6   *:80                  *:*

Code: [Select]
[2.3.2-RELEASE][admin@pfSense.localdomain]/root: sockstat -l | grep nginx
root     nginx      89102 6  tcp4   *:443                 *:*
root     nginx      89102 7  tcp6   *:443                 *:*
root     nginx      89102 8  tcp4   *:80                  *:*
root     nginx      89102 9  tcp6   *:80                  *:*
root     nginx      89102 10 stream /var/run/php-fpm.socket
root     nginx      88826 6  tcp4   *:443                 *:*
root     nginx      88826 7  tcp6   *:443                 *:*
root     nginx      88826 8  tcp4   *:80                  *:*
root     nginx      88826 9  tcp6   *:80                  *:*
root     nginx      88826 10 stream /var/run/php-fpm.socket
root     nginx      88033 6  tcp4   *:443                 *:*
root     nginx      88033 7  tcp6   *:443                 *:*
root     nginx      88033 8  tcp4   *:80                  *:*
root     nginx      88033 9  tcp6   *:80                  *:*
root     nginx      88033 10 stream /var/run/php-fpm.socket


Why is nginx listening on port 80?
The option for the web GUI is checked on https  ???
I don`t understand this.
Can anyone give me a hint, please.

Thank you and best regards.

13
General Questions / Re: How to configure Nginx in 2.3 for WPAD
« on: August 24, 2016, 03:14:22 pm »
Hi,

here is another manual for pfsense 2.3 in English.

pfSense 2.3 WPAD/PAC proxy configuration guide
https://nguvu.org/pfsense/pfSense-2.3-WPAD-PAC-proxy-configuration-guide/

Best regards

14
Danke für eure Mühe! 8)
Ich habe fertig.
Meine Konfiguration sieht jetzt so aus, dass Squid läuft, aber nicht im "Transparent Mode".
Er ist "normal" konfiguriert so, dass er auf Port 3128 horcht.
Nun habe ich noch den Webserver von der PFsense genutzt (nginx) um WPAD zu machen.
Was soll ich sagen, es läuft! ;D

Beste Grüße
Kalle

15
General Questions / Re: How to configure Nginx in 2.3 for WPAD
« on: April 02, 2016, 09:15:04 pm »
 ;D

I have figured it out by myself.
To configure nginx to serve the wpad files you have to modify this file
Code: [Select]
/usr/local/etc/nginx/mime.types
and add the following lines to it
Code: [Select]
    application/x-ns-proxy-autoconfig     pac;
    application/x-ns-proxy-autoconfig     dat;
    application/x-ns-proxy-autoconfig     da;

Now you must put the three files proxy.pac + wpad.da + wpad.dat in this folder
Code: [Select]
/usr/local/www/nginx/By default (on FreeBSD), nginx defaults to looking for content in /usr/local/www/nginx/.


With the how-to of this sites I am now able two to get auto configuration for my browsers throughout WPAD.
http://www.9ns.co.uk/blog/?p=116
https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/


Hope my post is not to confusing and I could help someone with the same issue. ;)

Best
Regards
Kalle

Pages: [1] 2 3