The pfSense Store

Recent Posts

Pages: [1] 2 3 4 5 ... 10
1

Is there any fix for the duplicate entry mysql issue with Barnyard2? I have started with a fresh Snorby install and DB, and after 5 minutes barnyard2 stops with the duplicate entry. I have cleared the sig_reference table and still get the same issue.


I posted a new thread last evening containing links to two potential solutions.  Those worked for me on my Snorby install, but admittedly I only have a home network's traffic being logged so not very many events at all.  Here is link to that thread:  https://forum.pfsense.org/index.php?topic=75357.0

Also, I'm a bit confused by your two successive posts.  The first one at 8:51 AM says you fixed the problem by removing the sensor name, but then your newer one at 8:55 AM implies the problem still exists.  What underlying DB engine is your MySQL install using?  The Barnyard2 developers say it must be InnoDB.

Bill

Bill - thanks.. I am trying your fixes now.. I have a production firewall/IDS in place that I can generate a ton of events from so I can put it to a good test in a few..

Im using InnoDB with the mysql install - it's actually a fresh Security Onion install that I am logging to.

The issue I fixed with removing the sensor name was not the duplicate entry problem. It was the problem of Barnyard2 wanting to log into mysql with the "root" user instead of whatever user you put in as the mysql username in the barnyard2 tab. If I put in a sensor name (versus leaving it blank) then barnyard always tries to login as 'root'. If I leave the sensor name blank, it logs in properly. It does this with multiple sensors.

Thanks for the feedback on the sensor name anomaly.  I will look into that.  Could be I have a mistake in the code someplace.  I know I never coded "root" by design, but I do have fat fingers when typing... :(

Bill
2
Routing and Multi WAN / Re: Routing between networks
« Last post by Modivion on Today at 02:41:55 pm »
Gotta add that I can actually ping and access pfsense through 192.168.20.1.
3
Polish / squid reverse proxy przekierowanie na https
« Last post by qatrick on Today at 02:41:09 pm »
Witam,
mam dwie maszyny za natem i wykorzystuje subdomeny żeby się do nich dostać, wszystko działa pięknie, tylko chciałbym przekierować nniektóre witryny na https, żeby nie musieć wpisywać tego ręcznie. Problem jest w tym że co bym nie wpisał w zakładce redirections to nic nie daje :/

Może ktoś z was miał już ten problem, albo jest w stnie mi wyjaśnić jak skonfigurować karte redirections?

Pozdrawiam
4
Packages / Re: [SOLVED] Re: Snort 2.9.6.0 - Alerts not being logged
« Last post by bmeeks on Today at 02:40:33 pm »
I then went back and tried to reproduce the original problem by removing the IP Blacklist while still having IP REP enable.  Not only could I not reproduce it, but I kept getting 'packets blacklisted' blocks and alerts without having the blacklist selected

Ops, never mind, I was clicking around too fast.   Adding the blacklist to the interface 'sticks' without hitting Save, meaning you can leave the interface configuration and when you come back it is still there. You can be 'tricked' into thinking it is doing something.

Only when you hit Save does it trigger the interface config reload.

Same for when you remove a list.

This behavior could have unintended consequences for the user.  You continue to see a given blacklist applied (or removed), but it is not doing anything. (Got'a protect dummy users from themselves!   :o )

You're right.  Did not think about that.  I will update it so changing a blacklist or whitelist does the restart.

Bill
5
NAT / Re: Dual WAN manual NAT being blocked by firewall?
« Last post by Modivion on Today at 02:39:33 pm »
Changed it back to automatic mode and assigned different gateways in the allow all rules for both LAN 1 and LAN 2.

That fixed it.

Thanks for the support.
6
I upgraded from 2.0.1 to 2.1.2, my system has two boot environments F1 and F2 after the first upgrade on F2 went fine (booted to F2)

I ran for a week and tested everything ....

Then I upgraded boot environment F1 from 2.0.1 to 2.1.2, but now the / or root fs wouldn't mount R/W and said it needed an fsck

At this point I had a good boot on F2 ( / on /dev/ad4s2a ) and a non-functional boot on F1 ( / on /dev/ad4s1a) obviously not what I want and I was loath to do a fresh install over both my working boot partitions.


Why didn't you just duplicate the working F2 slice to F1 overwriting it? That can be done with a few clicks from the web interface.
7
Routing and Multi WAN / Routing between networks
« Last post by Modivion on Today at 02:38:30 pm »
Hello guys,

So i've set up a PfSense box, all going well so far. I have 4 interfaces.

- WAN1 DHCP
- LAN 192.168.10.1/24
- WAN2 PPPOE
- LAN 192.168.20.1/24

I would like clients on the 192.168.10.1/24 network to be able to talk to clients on the 2nd LAN 192.168.20.1/24.

However, if I ping a client now, it gets timed out. I have checked firewall logs, and nothing is showing blocked there.

Am I missing something here?

Thanks guys.

Roy

8
Booted from a USB CD drive. Wouldn't boot completely; not sure why, last time I CD booted this system it had a SATA CD drive in it - perhaps some oddball interaction of it being a USB CD.

Had tried booting from USB stick, but that wasn't working.

Finally got it to boot by letting the CD boot to the point where it gives the various boot options (had been letting it go from there to option 1, and that was not working), and then choosing (3) boot from USB with the USB stick in. That finally let me install, and the system is now booting from hard disk to 2.1.2, just needs reconfiguring and cutting back from the temporary lash-up that's been replacing it.
9
Deutsch / openvpn und nat / esxi
« Last post by wondermike on Today at 02:28:51 pm »


Hi ich versuche gerade eine VPN-Verbindung mit pfSense aufzubauen. PfSense läuft innerhalb einer VM unter ESXi. Der Server hat 2 physische nics, die pfSense VM hat 3 logische vnics.
Weitere Elemente:
vswitch #1: (vnic1/LAN/192.168.0.1).
vswitch #2: (vnic2/VPN/x.x.x.241), (vnic3/WAN/192.168.10.11)
Physischer DSL-Router (192.168.10.1)
VM1..n hängen am vswitch1 und haben Adressen im Netz 192.168.0.0/24

Diagramm:
Code: [Select]
[openvpn/server x.x.x.18]
      |
   Internet
      |
  DSLrouter
      |
[physischer...switch]
 \_phy...nic1      \_phy...nic2
       |                  |
 ...vswitch2...     ...vswitch1...
 WAN   VPN           LAN  \    \
      \........+...../     VM1...n
           pfSense

(Hoffe es ist klar wie's gemeint ist)

Es gibt bereits eine openvpn-Verbindung, die ich ja ablösen und nach pfSense migrieren möchte.  Deren Konfiguration habe ich mal hier dokumentiert:

Code: [Select]
verb 4
dev tun1
remote x.x.x.18
ifconfig x.x.x.241 x.x.x.254
lport 6888
rport 6888
tun-mtu 1360
disable-occ
ifconfig-nowarn
ping 30
secret ....path-to-the-file.../comserv.secret
up /etc/openvpn/./comserv.up
down /etc/openvpn/./comserv.down
script-security 2

in dem up script, mache ich im Kern ein
Code: [Select]
/sbin/ip route add default dev tun1 table tun1.out
/sbin/ip rule add from x.x.x.241 table tun1.out pref 1000
/sbin/ip route flush cache

Diese alte openvpn-Verbindung funktioniert bisher gut, diese möchte ich wie gesagt aber ablösen.

In pfSense habe ich eine openvpn Client configuration angelegt, dies erlaubt mir eine Verbindung von x.x.x.241/32 (lokal/VPN) nach x.x.x.18/32 (für den Login, der remote endpoint hingegen ist x.x.x.254/32) auf den Ports lport/rport 6888. aktuell schaffe ich es unter pfSense, eine P-t-P-Verbindung von x.x.x.241/32 zu x.x.x.254/32 aufzubauen. Funktioniert an sich gut. Mit anderen Worten - die VPN-Verbindung exponiert die x.x.x.241/32 nach außen.

Unter pfSense fülle ich die folgenden Felder im Bereich der openvpn Client-Konfiguration aus:
Server Mode    Peer-to-Peer (Shared key)
Protocol udp
Device Mode tun
Interface VPN
Local Port 6888
Server host or address x.x.x.18
Server Port 6888
Shared Key: #
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
......
-----END OpenVPN Static key V1-----
Encryption algorithm BF-CBC (128 bit)
IPv4 Tunnel Network x.x.x.241/28
IPv4 Remote Network/s x.x.x.254/32
Advanced: ifconfig x.x.x.241 x.x.x.254
remote x.x.x.18
tun-mtu 1360
disable-occ
ifconfig-nowarn

Diese Firewall- und NAT-Regeln habe ich definiert:

Code: [Select]
        Proto Source Port Destination Port Gateway Queue Schedule
WAN:  IPv4* *    *     *             *     * none  
LAN: IPv4* LAN net * * * * none  
VPN: IPv4* LAN net * * * * none  
OpenVPN: IPv4* * * x.x.x.241 * * none
    

... NAT:
Code: [Select]
NAT:
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports
OpenVPN TCP * *                 x.x.x.241        53 (DNS) 192.168.0.a 53 (DNS)
OpenVPN TCP * * x.x.x.241        22 (SSH) 192.168.0.b 22 (SSH)
OpenVPN ICMP * * x.x.x.241        * 192.168.0.c *
(a, b und c sind Nummern ... das sind VMs)
... usw. ...
mit dem letztlichen Ziel, dass bestimmte VMs (a, b and c) auf Anfragen von außen antworten.

Hier kommt jedoch das Problem: sobald ein ping oder eine TCP-Verbindung von außen auf der exponierten IP x.x.x.241 ankommt, wird's schwierig.

Was mir gelingt: Anfragen werden per NAT-Tabelle an die richtigen VMs weitergeleitet und können dort vom jeweiligen Dienst gelesen/verstanden werden. Die Antwort geht jedoch nicht mehr durch. Ich kann keine blockierten Pakete im Log sehen. Ich kann jedoch sehr wohl sehen, dass die Antworten losgeschickt werden (per tcpdump auf der jeweiligen antwortenden VM, z.B. ICMP echo Replies oder Antworten auf DNS-Anfragen auf Port 53). Keine der Antworten kommt zum Initiator der Verbindung / Kommunikation zurück.

Ich habe das Gefühl, dass mir da nur noch ein winziger Baustein zum Glück fehlt. Habt Ihr eine Idee woran es hängen könnte?

Danke im Voraus & Gruss
Michael

10
Hi,

I upgraded from 2.0.1 to 2.1.2, my system has two boot environments F1 and F2 after the first upgrade on F2 went fine (booted to F2)

I ran for a week and tested everything ....

Then I upgraded boot environment F1 from 2.0.1 to 2.1.2, but now the / or root fs wouldn't mount R/W and said it needed an fsck

At this point I had a good boot on F2 ( / on /dev/ad4s2a ) and a non-functional boot on F1 ( / on /dev/ad4s1a) obviously not what I want and I was loath to do a fresh install over both my working boot partitions.

So I tough dump/restore utilities alas pFsense seems to not deliver /sbin/restore or /sbin/mksnap_ffs both needed to clone onto another boot media.

#####################################
# sometimes the XML config files are just not enough ...
# why is /sbin/restore and /sbin/mksnap_ffs missing ?
#####################################

Painful I had to download the ISO get the utilities I needed, then I was able to make a bootable USB with my configs and all my changes and notes

Okay I could have installed form scratch but that would have been excessive down time on my firewall and also if it all went south I wojuld be SOL.

Once I had a bootable USB thumb drive (yes all works when the SATA drive was pulled) that ran my firewall, I felt completely comfortable doing the following to fix the broken boot environment on my hard drive.

gpart show
df -kl
newfs -L rootfs -U /dev/ad4s1a
mount /dev/ad4s1a /mnt
cd /mnt
pwd
df -kl
dump -0Lauf - /dev/ad4s2a | restore -rf -
cd /mnt/etc


#---------------------------------------------------------------
# update the /mnt/etc/fstab to BOOT the F1 clone
# was /dev/ad4s2a for / and /dev/ad4s2b for swap
# now /dev/ad4s1a for / and /dev/ad4s1b for swap
#---------------------------------------------------------------

vi /mnt/etc/fstab

cd /
umount /mnt


The above (USB prep not shown - but I used the same dump/restore pipeline) took a bit of research but I had solid piece of mind the entire time and now I also have a working USB thumb (the best part all my notes and tweaks also copied over)
Pages: [1] 2 3 4 5 ... 10