Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Trel

Pages: 1 2 [3] 4 5
General Questions / Restarting services from command line
« on: February 05, 2015, 10:25:05 am »
I'm looking for the correct command line to restart a service, specifically unbound in this case, but if it could be expanded for any service that would be helpful.

I'm using unbound as my only resolver and I'm having the following issue

Perodically, it will stop resolving.
Doing a drill command directly from pfsense will return blank results.

If I go to services and restart unbound, it immediately begins working again.

Things to note:
- I have "Service Watchdog" installed and set to watch unbound, but this does nothing because when this happens, the service is still running
- The drill command works in both states, but returns a completely blank result when this occurrs
- Internet access is not affected, just DNS, so I am able to connect to sites via IP as well as remotely connect to my firewall to restart the service
- There is nothing in the logs at all that indicate what might have happened

I just noticed that when I upgraded from 2.1 to 2.2, it put me onto the x86 version.
(Which explains why I had to reset my RRD data)

Backing up my config, reinstalling (the x64 version) and restoring the config should get me up and running without any issues other than RRD data again, correct?

DHCP and DNS / NameCheap DNS Failing but custom works
« on: January 30, 2015, 12:08:00 pm »
Code: [Select]
Jan 30 13:06:46 php-fpm[47200]: /services_dyndns_edit.php: phpDynDNS: (Success) IP Address Updated Successfully!
Jan 30 13:06:46 php-fpm[47200]: /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wancustom''1.cache: 999.999.999.999
Jan 30 13:06:46 check_reload_status: Syncing firewall
Jan 30 13:05:20 php-fpm[21847]: /services_dyndns_edit.php: phpDynDNS: (Error) CUSTOM-DNS
Jan 30 13:05:20 php-fpm[21847]: /services_dyndns_edit.php: phpDynDNS: updating cache file /conf/dyndns_wannamecheap''2.cache: 999.999.999.999

Here's the relavant log info (my IP and actual domain is replaced)

Using the namecheap entry I get "(Error) CUSTOM-DNS", and it does not update.
If I use a custom entry and just hardcode the namecheap update URL, I get the success and it does update

(And to be on the safe side, I tried both with an @ AND a www record)

Is this something on my end or should I open a bug report on this?

Packages / Clear out all old config from package
« on: January 30, 2015, 08:47:33 am »
Is there any way to clear out all asscociated config from a package?
Removal and reinstallation doesn't help as the settings and config persist.

Right now the only thing I can see that might work is backing up the config, stripping out all reference and restoring to a fresh install.
Is there any other way?

If needed: syslog-ng is an example of a package that has the config persist through uninstalls with no option to not.

DHCP and DNS / unbound cache poisoning question
« on: January 28, 2015, 06:53:14 pm »
Since unbound is a resolver and not just a forwarder, can its cache be poisoned?

If so if I have two isolated network segments with pfsense between them, could one end poison the cache such that things resolve incorrectly on the other?

webGUI / What determines how many logs are shown?
« on: January 28, 2015, 01:17:27 pm »
If I go to my system logs and firewall tab, I see

"Last 36 firewall log entries.Max(50)"

If I manually change the quantity to 200, I see

"45 matched log entries.Max(200)"

My question is, since 45 is under the 50 maximum, why is it truncating the list to X entries under the default max view?

General Questions / Periodic since 2.2 pages load blank, certs invalid
« on: January 26, 2015, 10:07:48 am »
This has now happened three times

The symptoms I can see are

1. HTTP Webpages load blank
2. HTTPs webpages give a security error
3. Accessing pages by IP works
4. Any IP based connection works
5. Tracert appears valid

When this happens, if
1. I release and renew the IP for the WAN it works again
2. If I reboot PFSense, it works again

Additionally, while this is occuring
1. I CAN access the firewall's GUI internally (correct behavior)
1. I CAN access the firewall's GUI externally (correct behavior)

This started happening since I upgraded to 2.2 on Saturday morning.
No new rules have been created, no new firewall logs are showing up when this happens, nothing not usual in any of the log tabs.

This is a physical box with PFSense installed directly.
I just rebooted it remotely, to get everything back up and working.

Does anyone know what's going on here, or where I can look for more info?

EDIT: I should add, that the packages I have installed are
1. arping
2. Cron
3. File Manager
4. Notes
5. OpenVPN Client Export Utility

Captive Portal / Question on captive portal setup
« on: January 06, 2015, 03:28:56 pm »
A setup I'm looking to achieve is

--INTERNET--[existing firewall]---LAN--[pfsense box w/captive portal]--LAN--[Access Point]--clients

I'm not sure if this is strictly a question for the captive portal forum though.

General Questions / Is there any way to install Imagemagick?
« on: December 18, 2014, 02:53:21 pm »
Is there any way to get Imagemagick installed for use with scripts on pfsense?

I am trying to do this because of reasons.

webGUI / Delete active online DHCP lease
« on: November 20, 2014, 04:47:45 pm »
From the webgui, I can't delete an active DHCP lease if the machine is marked online from active view.
However if I switch to "show all configured leases" I then have the option to delete a lease for a machine that's online.

Is it intended to only be able to do it from one and not the other?

Routing and Multi WAN / I'm having a vlan problem with my setup
« on: November 11, 2014, 07:28:28 pm »
Let me start with right now the only rule on my vlan interface is an allow any out.

My setup is LAN is a bridge of port 0 and 1.
I created a vlan (101) on port 0 and assigned it to OPT7

I enabled DHCP and connected a machine to the port on my switch for that vlan.
I got the correct IP which means it's hitting the firewall on the right vlan.

However, I can ping the firewall, and I can ping IPs on LAN, but I can't seem to resolve any DNS.
I'm not sure where to look.  All other interfaces seem to be working.

Anyone have any ideas what might be the issue?  I'm using a Dell powerconnect switch, and since I'm getting the proper IP and can ping correctly, I don't think this is an issue with the switch.

Wireless / Is there any way to create an exception for client isolation?
« on: September 16, 2014, 10:01:59 am »
I have client isolation turned on for my guest wireless.

However, there is one device which I do want to allow communication with.  Is there any method (including NAT, or virtual IPs, etc) that would allow me to let this one device be able to be communicated with over wireless while keeping client isolation on for everything else?

Right now, I'm thinking this may work
1. Create a virtual IP alias for the interface on a different subnet for the guest wifi interface
2. Create a static lease for the device pointing to that IP for the gateway with an IP in that range
3. Create rules to allow communication two and from that IP

Would that work as it would have to pass through pfsense rather than direct wifi device to wifi device?

EDIT: looks like I can't use static DHCP for step 2 there, so I can't test that way.

OpenVPN / Any way to deal with fast changing IP
« on: August 20, 2014, 03:41:43 pm »
My phone carrier uses an IP that changes pretty quickly.
So quickly that I most of the time cannot establish a VPN connection to my network.

Are there any setting changes I could make to mitigate this?

If I'm not reserving specific IPs, what's the difference between whitelisting a list of MAC addresses, and registering static dhcp entrees with no defined IP and turning on deny unknown clients?

Pages: 1 2 [3] 4 5