Categories

  • 406
    Topics
    1.4k
    Posts

    C

    this was their answer:

    "If you get 3 Full Views, please check this guide: https://docs.netgate.com/tnsr/en/latest/dynamicrouting/bgp/tuning.html"

    well... yes thank you.

  • 117.0k
    Topics
    733.9k
    Posts

    K

    @keyser thanks for the response, yes im using the default allow all firewall rules, to simply things, i will just work with one vlan iot, which i want a computer attached to port 10 to connect to...
    pfsense itself is installed on a minpc with two ports, wan goes to cable modem and lan goes to switch on port 16

    this is settings for port 10 on which computer connecting to this should be on vlan 20
    decd999f-575c-47b6-aab7-c3e3615a44f3-image.png
    this is the setting for iot network:
    e753ee7d-a722-4d0e-98da-7372914145c8-image.png

    port 16 is uplink port to pfsense:
    f3aaa044-c900-4abc-a17c-1ab5ad6e78c1-image.png

    on the pfsense router i created the vlan id...
    565024fc-0685-4eed-972f-2ec3de8d9b66-image.png

    i assigned to a interface, gave it a static ip of 192.168.20.1/24
    d18c6eb3-f721-4d1f-a30d-58afb5c2117d-image.png
    configured dhcp:
    db606821-c99e-4d0c-ab9e-763372910575-image.png

    firewall rule is set to allow all
    0428926e-cef8-44f6-919d-f39a6cf264c2-image.png
    lan rules are default
    5a8034b4-0ebd-41a3-82df-046d0af80d05-image.png

    happen to see what i might be missing

  • Discussions about pfSense software packages

    Cache/Proxy IDS/IPS Traffic Monitoring pfBlockerNG UPS Tools ACME FRR Tailscale WireGuard
    19.5k
    Topics
    123.4k
    Posts

    R

    @reberhar

    Thanks all for your help...

    Concerning the problem I am having with pfBlocker's CARP VIP not coming backup after doing pfBlocker an update and then pfb_dnsbl stopping. ..

    So after a pfBlockerng update, the pfBlocker CARP VIP on the primary does not show MASTER or SECONDARY it is just blank and pfb_dnsbl stops. Then the secondary pfBlocker CARP VIIP takes over.

    So if I make like I am editing the primary pfBlocker CARP VIP from the firewall menu and just save it the primary pfBlocker CARP VIP becomes MASTER and the secondary one becomes backup.

    Then I can start pfb_dnsbl successfully.

    Here is something from the general logs.

    Jul 26 09:16:52 php 40257 [pfBlockerNG] DNSBL parser daemon started
    Jul 26 09:16:52 lighttpd_pfb 39134 [pfBlockerNG] DNSBL Webserver started
    Jul 26 09:16:52 lighttpd_pfb 36785 [pfBlockerNG] DNSBL Webserver stopped
    Jul 26 09:16:41 kernel carp: 4@igb1: BACKUP -> MASTER (preempting a slower master)
    Jul 26 09:16:40 check_reload_status 441 Reloading filter
    Jul 26 09:16:40 kernel carp: 4@igb1: INIT -> BACKUP (initialization complete)
    Jul 26 09:16:39 php-fpm 97364 /rc.filter_synchronize: XMLRPC reload data success with https://10.1.10.2:443/xmlrpc.php (pfsense.restore_config_section).
    Jul 26 09:16:38 php-fpm 97364 /rc.filter_synchronize: Beginning XMLRPC sync data to https://10.1.10.2:443/xmlrpc.php.
    Jul 26 09:16:38 php-fpm 97364 /rc.filter_synchronize: XMLRPC versioncheck: 23.3 -- 23.3
    Jul 26 09:16:38 php-fpm 97364 /rc.filter_synchronize: XMLRPC reload data success with https://10.1.10.2:443/xmlrpc.php (pfsense.host_firmware_version).

    Now I have 3 systems like this and one works correctly. There is an HA pair of two DELL Optiplex I-7 boxes on the pair that seems to be ok. The two pairs that are giving problems have the secondary pfsense running in a Virtualbox 7.0.2 guest machine using Paravirtualized Network adapters. Both have been recently updated to virtualbox 7.0 because a kernel update to Ubuntu 22.04 gave problems.

    On reading the Virtualbox 7.0 ... forums, the developer mentioned that 7.0 . .. is really just in beta.

    The CARP system seems to be fine otherwise. Once I have done the manual intervention things are fine until pfBlocker does its updates again.

    I am wondering about trying a different network adapter than Paravirtualized, at least for the CARP VIP.

    Observations? Suggestions? What am I missing?

    Thanks

    The other machines CARP pair

    Jul 26 08:18:16 php-fpm 31382 /rc.carpmaster: HA cluster member "(10.33.10.1@em1): (GREENLAN)" has resumed CARP state "MASTER" for vhid 5
    Jul 26 08:18:15 check_reload_status 457 Carp master event
    Jul 26 08:18:15 kernel carp: 5@em1: BACKUP -> MASTER (preempting a slower master)
    Jul 26 08:18:15 php-fpm 19625 /rc.carpbackup: HA cluster member "(10.33.10.1@em1): (GREENLAN)" has resumed CARP state "BACKUP" for vhid 5
    Jul 26 08:18:15 php-fpm 19625 /rc.filter_synchronize: XMLRPC reload data success with https://172.16.1.3:443/xmlrpc.php (pfsense.restore_config_section).
    Jul 26 08:18:14 check_reload_status 457 Reloading filter
    Jul 26 08:18:14 kernel carp: 5@em1: INIT -> BACKUP (initialization complete)
    Jul 26 08:18:14 check_reload_status 457 Carp backup event
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.16.1.3:443/xmlrpc.php.
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: XMLRPC versioncheck: 23.3 -- 23.3
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_sJul 26 08:18:16 php-fpm 31382 /rc.carpmaster: HA cluster member "(10.33.10.1@em1): (GREENLAN)" has resumed CARP state "MASTER" for vhid 5
    Jul 26 08:18:15 check_reload_status 457 Carp master event
    Jul 26 08:18:15 kernel carp: 5@em1: BACKUP -> MASTER (preempting a slower master)
    Jul 26 08:18:15 php-fpm 19625 /rc.carpbackup: HA cluster member "(10.33.10.1@em1): (GREENLAN)" has resumed CARP state "BACKUP" for vhid 5
    Jul 26 08:18:15 php-fpm 19625 /rc.filter_synchronize: XMLRPC reload data success with https://172.16.1.3:4443/xmlrpc.php (pfsense.restore_config_section).
    Jul 26 08:18:14 check_reload_status 457 Reloading filter
    Jul 26 08:18:14 kernel carp: 5@em1: INIT -> BACKUP (initialization complete)
    Jul 26 08:18:14 check_reload_status 457 Carp backup event
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.16.1.3:4443/xmlrpc.php.
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: XMLRPC versioncheck: 23.3 -- 23.3
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: XMLRPC reload data success with https://172.16.1.3:4443/xmlrpc.php (pfsense.host_firmware_version).
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.16.1.3:4443/xmlrpc.php.
    Jul 26 08:18:11 php-fpm 70712 /firewall_virtual_ip_edit.php: Beginning configuration backup to https://acb.netgate.com/save
    ynchronize: XMLRPC reload data success with https://172.16.1.3:443/xmlrpc.php (pfsense.host_firmware_version).
    Jul 26 08:18:12 php-fpm 19625 /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.16.1.3:443/xmlrpc.php.
    Jul 26 08:18:11 php-fpm 70712 /firewall_virtual_ip_edit.php: Beginning configuration backup to https://acb.netgate.com/save

  • 42.2k
    Topics
    265.2k
    Posts

    B

    @viragomann es sind 4 Proxmox Server, einer davon hat 3 * 10gbit nics die anderen jeweils nur eine, jeder der Proxmox Server hat eine seperate WAN Verbindung. Das ganze soll dazu dienen das auf jedem Server eigene VMs in einem eigenen Privaten LAN laufen diese aber miteinander kommunizieren können. Die Pfsense sind auf jedem Server Virtualisiert.

  • Information about hardware available from Netgate

    2.4k
    Topics
    18.8k
    Posts

    D

    I cannot find a measurable or noticeable difference between 0, 50, and 80. My 4200 was set at 80 when I got it so I've put it back to that and left it.

  • Information about hardware available from Netgate

    44
    Topics
    210
    Posts

    GertjanG

    @LesserBloops said in Netgate Security Advisory: CVE-2024-6387:

    I had no idea System_Patches existed until happening upon this thread

    Yeah .... well, scrap what's I've said above.
    I'll rephrase, and express my real opinion :
    It must be a package, so when an update exists, it will get flagged on the dashboard as 'update == patches' exist. That's the great thing about the pfSense package system.
    I was wondering : why isn't this build into pfSense directly ? But that would mean that there will be another thing to check, pfSense packages updates and patches updates. Another dashboard widget ?
    So : upon pfSense installation : advise the user to pick this package ?
    Or, don't signal the admin, and install the package without admin consent ?
    Humm, maybe not ...

    Right now, any package is installed with admin consent, as you have to install them 'ones'.

    Parches proposed by this package are only mostly 'quality of live' amelioration. But ones in a while they are a must have, as it solves a real issue. Then the question doesn't exist anymore : people will find the forum for support, will find that there is a solution ... a patch, and so on ...

    Real issues, like urgent software updates like (example) curl, unbound nginx etc etc (tyhese are not pfSense packages, but FreeBSD packages ! - or FreeBSD updates ported to their pfSense equivalent by Netgate ) are already getting updated using the command line ( SSH or console !! ) option 13.

    @LesserBloops : I've got one for you : Auto update check, checks for updates to base system + packages and sends email alerts
    "Install" that one also. You maybe not knowing it, but you need it 😊
    Btw : you will need to install the Cron pfSense package.

    This script file tells me, as I receive a mail, if anything has an upgrade waiting. Even pfSense itself.

  • Feel free to talk about anything and everything here

    Forum Feedback Community Job Board
    3.4k
    Topics
    18.3k
    Posts

    stephenw10S

    You have rep >5 now so you should be good.