Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Trel

Pages: 1 2 3 [4] 5
46
Hardware / Supermicro A1SAi - No ports detected
« on: July 30, 2014, 12:33:01 pm »
We're trying to install pfsense on a Supermicro A1SAi motherboard.
It's not detecting any of the onboard NIC ports.  We got this motherboard specifically for the amount of ports it had available.

Is there anything that can get those recognized?  (I have tried 2.2 as well)

47
DHCP and DNS / Variables in Custom Dynamic DNS urls
« on: July 24, 2014, 10:19:31 am »
Is %IP% the only variable or are any of the other fields available as variables for the update URL?

48
I have Suricata enabled for two interfaces WAN and LAN (which is a bridge of LAN1 and LAN2 which are two ports on an intel 4port 10/100/1000 card).

- When I click the icon to stop Suricata on an interface, the page reloads, but nothing was stopped.
--(At this point, the only way I can get that to function again is to stop the service from Status->Services)
- Many times when I check, the LAN interface will show as not running, and I have to start it again.

49
Packages / Suricata Packet Log Location
« on: July 09, 2014, 09:48:34 am »
I turned on packet logging for an interface to test with, but I can't find where to actually access those logs.

I kept getting the "Suspicious User Agent" alert so I wanted to look at the packets to see what actually it's flagging.

50
Assuming all rules would be the same action (only allow, or only block, and not a mix of the two).

If I had aliases that had common IPs or ports, would that cause any problems if I had rules for both?

Such as
Alias 1: ports 1-20
Alias 2: ports 15-25

and then I allow them both.

51
IPsec / IPsec with Android Problems
« on: April 17, 2014, 12:45:32 pm »
Has anyone gotten IPsec to work with the lastest release of PFSense and Android 4.4?

I followed the tutorial in the Wiki, but I can never connect.

It looks like it starts to work, but then

Code: [Select]
Apr 17 13:38:29 racoon: ERROR: phase1 negotiation failed due to time up. 3e92ef9c45b7d058:c4e9a0229b25ce71
Apr 17 13:37:54 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by X.X.X.X[500] (1).
Apr 17 13:37:51 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by X.X.X.X[500] (1).
Apr 17 13:37:48 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by X.X.X.X[500] (1).
Apr 17 13:37:45 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by X.X.X.X[500] (1).
Apr 17 13:37:42 racoon: [Unknown Gateway/Dynamic]: NOTIFY: the packet is retransmitted by X.X.X.X[500] (1).

(newest at top)

Anyone have any idea what I could do here?

52
General Questions / High CPU usage issue
« on: February 14, 2014, 07:32:22 pm »
I keep having high CPU usage and every time I check, it's always the same process (check_reload_status) using it all.

Does anyone know what could be happening here?

53
Firewalling / Which is preferred blocking outgoing or blocking incoming
« on: February 10, 2014, 12:27:47 pm »
If I have two LAN interfaces, which would be the preferred setup?

Block outgoing traffic to other LAN on each interface
or
Block incoming traffic from other LAN on each interface?


54
DHCP and DNS / Does adding MACs to the whitelist blacklist all others?
« on: January 29, 2014, 04:12:07 pm »
I have an interface with some blacklisted MAC addresses

Vendor A is blacklisted
Vendor B is blacklisted

I then have a second DHCP pool, on that
Vendor B is whitelisted

Do I need to put Vendor A on the blacklist for that second pool as well or does using the whitelist automatically block them?
If not, what would I have to do on that second pool to make it only assign based on what's in the whitelist?

55
webGUI / How to give limited users access to use packages
« on: January 02, 2014, 10:43:21 am »
I have a log admin user.  I installed a package (syslog-ng) and I want to give that user access to utilize that package.
Is there any way to do that?

They are a limited user with specific privileges.

56
General Questions / Assistance with vlans on a dell switch and pfsense
« on: December 27, 2013, 11:58:13 am »
Can anyone who's set up vlans on a dell switch before assist me with both the dell and pfsense ends?
The switch is a powerconnect 2724 (web managed).
I'm not sure what settings to use there, but what I would like to do is
One port on the switch is a vlan b, everything else is vlan a, and the port to the firewall (pfsense) is both.
I'm not sure what to do on either end as I'm not at all familiar with vlans.


57
webGUI / Strange default login page behavior in WebGUI for limited accounts
« on: December 24, 2013, 11:32:35 am »
Easiest way to test this

Code: [Select]
Make an account
Assign dashboard permission
save
Assign reboot permission
save
log in with that account
Result: Dashboard comes up with ability to access the reboot page

Code: [Select]
Make an account
Assign reboot permission
save
Assign dashboard permission
save
log in with that account
Result: Reboot page comes up instead of dashboard


It seems to default to the page when logging in of the first permission.
However, there is no way to reorder the permissions which leads me to believe that this is not the intended behavior.

58
Captive Portal / How can I reset login page to default
« on: December 21, 2013, 11:18:16 am »
If I want to go back to the default PFSense captive portal login, how can I clear my custom uploaded one?

59
IPsec / IPSec service core dumps upon login
« on: December 19, 2013, 08:52:42 am »
I followed this tutorial.

https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0#IPsec_Server_Setup

The IPSec log is
Code: [Select]
Dec 18 14:30:29 racoon: INFO: unsupported PF_KEY message REGISTER
Dec 18 14:31:22 racoon: INFO: unsupported PF_KEY message REGISTER
Dec 18 14:31:34 racoon: [Self]: INFO: respond new phase 1 negotiation: <snip>[500]<=><snip>[5806]
Dec 18 14:31:34 racoon: INFO: begin Aggressive mode.
Dec 18 14:31:34 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
Dec 18 14:31:34 racoon: INFO: received Vendor ID: RFC 3947
Dec 18 14:31:34 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 14:31:34 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Dec 18 14:31:34 racoon: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-00
Dec 18 14:31:34 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Dec 18 14:31:34 racoon: INFO: received Vendor ID: CISCO-UNITY
Dec 18 14:31:34 racoon: INFO: received Vendor ID: DPD
Dec 18 14:31:34 racoon: [<snip>] INFO: Selected NAT-T version: RFC 3947
Dec 18 14:31:34 racoon: INFO: Adding remote and local NAT-D payloads.
Dec 18 14:31:34 racoon: [<snip>] INFO: Hashing <snip>[5806] with algo #2 (NAT-T forced)
Dec 18 14:31:34 racoon: [Self]: [<snip>] INFO: Hashing <snip>[500] with algo #2 (NAT-T forced)
Dec 18 14:31:34 racoon: INFO: Adding xauth VID payload.
Dec 18 14:31:34 racoon: [Self]: INFO: NAT-T: ports changed to: <snip>[5792]<-><snip>[4500]
Dec 18 14:31:34 racoon: ERROR: ignore information because ISAKMP-SA has not been established yet.
Dec 18 14:31:34 racoon: INFO: NAT-D payload #0 doesn't match
Dec 18 14:31:34 racoon: INFO: NAT-D payload #1 doesn't match
Dec 18 14:31:34 racoon: INFO: NAT detected: ME PEER
Dec 18 14:31:34 racoon: INFO: Sending Xauth request
Dec 18 14:31:34 racoon: [Self]: INFO: ISAKMP-SA established <snip>[4500]-<snip>[5792] spi:<snip>:<snip>
Dec 18 14:31:34 racoon: INFO: Using port 0
Dec 18 14:31:34 racoon: user '<snip>' authenticated
Dec 18 14:31:34 racoon: INFO: login succeeded for user "<snip>"

(Personal info snipped)


And then the system log

Code: [Select]
Dec 18 14:32:16 kernel: pid 91307 (racoon), uid 0: exited on signal 11 (core dumped)

60
Packages / Question on using Bandwidthd
« on: September 25, 2013, 10:35:41 am »
If I have bandwidthd installed and I only want to monitor bandwidth that isn't internal what do I have to do to achieve that?

The only way I can get it working right now is binding to LAN which shows all traffic including internal.
When I bind to WAN, I get nothing.

Pages: 1 2 3 [4] 5