• Recommend a good free syslog server with a gui?

    15
    0 Votes
    15 Posts
    15k Views
    jimpJ

    @newbieuser1234:

    i setup security onion.  i was a bit confused on the setup. how can it block port scans, etc via snort if it's on the local network and not in bridge mode between the isp and the router.  jimp, do you guys just use the elsa piece of it or do you use snort with it.  I thought pfsense was far easier to configure.

    I don't think we use it for snort, but for other things. I'm not 100% clear on how snort works with it in that kind of setup.

    The ELSA part is of more interest than snort on there for me.

  • Squid: howto seperate subnets from each other?

    11
    0 Votes
    11 Posts
    3k Views
    stephenw10S

    Neither did I until I stumbled across it by accident one day and was forced to think about it.
    I don't think I've ever tested it on a box running Squid though so your situation may be different.

    That's what I meant by VPN-over-DNS, hiding an encrypted tunnel inside dns queries. I have never looked into blocking/detecting it, mostly because last time I looked into setting it up it was not trivial. However I see that Softether supports it so maybe it will be more common: http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#1.6.VPN_over_ICMP.2C_and_VPN_over_DNS%28Awesome!%29
    I assume to do this you still need to actually own a domain though.  :-\

    I'd be interested in any thoughts.

    Steve

  • MOVED: 3g Dongle Will Not Show Up in PPP

    Locked
    1
    0 Votes
    1 Posts
    605 Views
    No one has replied
  • How to log the firewall's logs and then search?

    3
    0 Votes
    3 Posts
    1k Views
    D

    @stephenw10:

    There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

    Steve

    Thanks for that mate.

    If anyone is interested I have built my self a small VM with 80GB hdd.
    Running Centos on there and it's running rsyslog which logs all the firewall data to /var/logs/syslog/firewall.log

    In turn I can grep for addresses and ports on this and have to say it works very nicely.

    I have the option "show raw filter logs" enabled and this does give quite a comprehensive view of all the traffic hitting my firewall.

    For now this will do me nicely but if I feel I need anything else then I'll have another look at that thread.

  • Intel Nic (em) High Cpu Usage

    14
    0 Votes
    14 Posts
    5k Views
    S

    Yeah my network is configured in a weird way i.e my way (it aint easy!)
    Yep you're abs right, it's not behind pfsense, but kinda like "dmz" configured by someone before (now have to configure dmz "properly")

    we're still trying to figure what the hell it sent out!  Thanks to you i was able to pin it!
    Thank you steve and Good day!  :)

  • Kernel: arpresolve: can't allocate llinfo for 192.168.100.1 (cable modem)

    9
    0 Votes
    9 Posts
    19k Views
    J

    @jimp:

    There are many posts here on the forum about that. Search for 192.168.100.1 or the llinfo error and you'll turn up several useful discussions.

    http://forum.pfsense.org/index.php?topic=54171.0
    http://forum.pfsense.org/index.php?topic=56330.0
    http://forum.pfsense.org/index.php?topic=62964.0
    http://redmine.pfsense.org/issues/2704

    Since you mentioned in this post http://forum.pfsense.org/index.php/topic,62964.0.html that with v2.1 might be better I will wait for the final version.
    At least I know what its causing my issue so I know how to fix it.

  • Configuring PFsense with six distinct public C class

    2
    0 Votes
    2 Posts
    1k Views
    Z

    Depends on switching, bandwidth throughput, ect…

    Low bandwidth + managed switches = Assuming the networks are on separate vlans, a pair of interfaces and using vlan separation.
    Low(100MB)/Medium(1GB) bandwidth + unmanaged switches = 7 interfaces one for each network + one to the Cisco.
    1GB+ then a LAAG configuration or 10GB nics.

    Why not just use pfSense as the firewall and default gateway?  ...wouldn't be the first time a 5xx/2xxx/3xxx series router was replaced by a pfSense box;)

  • New user needs help with pfsense VPN and WiFi

    4
    0 Votes
    4 Posts
    2k Views
    stephenw10S

    Ah, two different interpretations of the VPN requirement.
    When you said home country did you mean where your pfSense will be or somewhere else you previously lived?

    Steve

  • MOVED: Transparent proxy don't work properly

    Locked
    1
    0 Votes
    1 Posts
    594 Views
    No one has replied
  • MOVED: quelque information sur Pfsense

    Locked
    1
    0 Votes
    1 Posts
    483 Views
    No one has replied
  • Pfsense for multiple servers and ip's

    4
    0 Votes
    4 Posts
    1k Views
    M

    there will be no problem with the amount of ip, just in case be sure have the same segment on the lan and the network mask, read about nat 1to1 or just in case that have less ip but have mores services, port forwarding

    cheers

  • Performance of Tp-link Tg-3269

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • VLANS not working

    9
    0 Votes
    9 Posts
    3k Views
    M

    hold on, you have some virtual interface to create a vlan? you must have the trunk, and then some vif(default gw for those nics) to connect internal and do the routing and everything! another thing its know if the card support vlan tag, and you should be good, when the package of the new nic, comes can you provide some review of the performance…

  • Turn off logging for one interface

    3
    0 Votes
    3 Posts
    934 Views
    N

    Sweet! Thansk for the quick and seemingly absolutely correct reply :)

  • How to adjust time and date without time server.

    3
    0 Votes
    3 Posts
    7k Views
    R

    OK,

    i entered:
    date 1306171306 which sets the clock on "june 17 2013 at 13:06"

    my mistake was:
    date 201306171306 -> so i entered 2013 for year –> and that didn't work ::)

  • SSH keys

    3
    0 Votes
    3 Posts
    1k Views
    M

    can u elaborate more? What is it for?

    if a user is signing on with there auth keys. why do i need this?

    i can delete them? can i regenerate new keys?

    can i delete the DSA and the other one, and just keep RSA? can i change then to 4096 bits?

    any where i can read up more on this?

  • Feedback on a large pfsense deployment

    7
    0 Votes
    7 Posts
    5k Views
    D

    @cmb:

    I'd just run Security Onion rather than Snort on the firewall.

    I guess he's trying to achieve some sort of IPS-like functionality, where the triggering of a Snort rule not only creates an alert but also dynamically adds the offending IP(s) to the firewall's block-list, similar to what is (at long last ;-) offered by pfSense's Snort-package.

  • PfSense Monitor packet Loss command

    3
    0 Votes
    3 Posts
    3k Views
    M

    i will try them all

  • DNS not working for computers using DHCP

    8
    0 Votes
    8 Posts
    4k Views
    stephenw10S

    For example if I run 'ipconfig /all' on this machine, WinXP home set to get it's details via dhcp from pfSense:

    C:\Documents and Settings\Steve>ipconfig /all Windows IP Configuration         Host Name . . . . . . . . . . . . : NewTuring         Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Mixed         IP Routing Enabled. . . . . . . . : No         WINS Proxy Enabled. . . . . . . . : No         DNS Suffix Search List. . . . . . : fire.box Ethernet adapter Local Area Connection:         Connection-specific DNS Suffix  . : fire.box         Description . . . . . . . . . . . : Realtek RTL8139/810X         Physical Address. . . . . . . . . : 00-30-1B-AB-18-C3         Dhcp Enabled. . . . . . . . . . . : Yes         Autoconfiguration Enabled . . . . : Yes         IP Address. . . . . . . . . . . . : 192.168.2.10         Subnet Mask . . . . . . . . . . . : 255.255.255.0         Default Gateway . . . . . . . . . : 192.168.2.1         DHCP Server . . . . . . . . . . . : 192.168.2.1         DNS Servers . . . . . . . . . . . : 192.168.2.1         Lease Obtained. . . . . . . . . . : 16 June 2013 11:16:05         Lease Expires . . . . . . . . . . : 16 June 2013 13:16:05

    I am then able to ping other machines by their hostname:

    C:\Documents and Settings\Steve>ping NewBabbage Pinging NewBabbage.fire.box [192.168.2.2] with 32 bytes of data: Reply from 192.168.2.2: bytes=32 time<1ms TTL=128 Reply from 192.168.2.2: bytes=32 time<1ms TTL=128 Reply from 192.168.2.2: bytes=32 time<1ms TTL=128 Reply from 192.168.2.2: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.2.2:     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:     Minimum = 0ms, Maximum = 0ms, Average = 0ms

    This works even though 'fire.box' is not a real domain, or at least it's not my domain.

    Interestingly this works even though I don't have 'Register DHCP leases in DNS forwarder' set in pfSense.  :-\

    Steve

  • IP Camera lockup after LACP

    2
    0 Votes
    2 Posts
    1k Views
    D

    Sure sounds like the Teaming on the server and Link Aggregation on the switch is not working together. If you have Intel NICs this article might come in handy:

    http://www.intel.com/support/network/sb/cs-009747.htm

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.