Your last point was correct. Some sites enforce an IP:login relationship. If you load balance HTTPS, then those sites will fail if any part of the connection goes across the "wrong" wan.

Use a failover group for HTTPS instead of load balancing, or perhaps try enabling sticky connections under System > Advanced on the Misc tab under Load Balancing.

You should not have the source port set to 443 in your timed https rule. Set it to '*'.

Steve

@deej1:

Sorry the logs are always empty, they don't have anything useful in them at all.

I find this so surprising I need clarification: When you write "the logs are empty" do you mean "the logs contain nothing at all" or do you mean "the logs don't report anything that seems relevant to this particular problem"?

@deej1:

Hope that is enough info, Thanks for your help

Thanks for the additional information. Unfortunately it is not enough for me to be able to identify the problem.

When I asked @wallabybob:

When pfSense has "fallen over"
1. What is reported on the client when you attempt to ping an internet host by IP address (say 8.8.8.8, a Google name server)?
2. What is reported on the pfSense console when you attempt to ping a client computer?

I was looking for more details than @deej1:

The pfsense box cannot ping 8.8.8.8,

Ping can report a number of different errors and the exact text of the report contains considerably more information than the high level summary "cannot ping". Please provide the details I asked for.

Your report @deej1:

The pfsense box cannot ping 8.8.8.8,

seems to contradict your earlier report that you can ping from pfsense shell to an external website. Maybe the details of the ping response will explain the apparent contradiction. Can you explain this apparent contradiction? (Note I get ping response from 8.8.8.8 over the public internet.)

None of your pfSense interfaces has a public IP address. So what is between pfSense and the targets of the nessus scan? What is between pfSense and the public internet?

There was a glitch a while back that prevented the remounting command functioning but I thought that had been fixed with 2.0.1.
The / and /cf should be mounted read only in Nanobsd.

[2.0.1-RELEASE][root@pfsense.fire.box]/root(27): mount -p /dev/ufs/pfsense0      /                      ufs    ro,sync,noatime        1 1 devfs                  /dev                    devfs  rw                      0 0 /dev/md0                /tmp                    ufs    rw                      2 2 /dev/md1                /var                    ufs    rw                      2 2 /dev/ufs/cf            /cf                    ufs    ro,sync,noatime        1 1 devfs                  /var/dhcpd/dev          devfs  rw                      0 0

You can try remounting it RO manually:

/etc/rc.conf_mount_ro

Steve

You have to block using firewall rules.  We do block 443/HTTPS traffic to Facebook CIDR networks during regular office hours.

For us, we block the following destination CIDR networks:

69.63.176.0/20
69.171.224.0/19
63.135.80.0/20
66.220.144.0/20
65.201.208.24/29
65.204.104.128/28
74.119.76.0/22
204.15.20.0/22
173.252.64.0/18
96.16.0.0/15

Ok so this seems to have something to do with me setting up an ipsec tunnel. I have a second pfsense install that I know was able to check for updates. I then setup a tunnel to another location and then noticed it could no longer check for updates. Nothing else has changed. Even if I disable ipsec it can still not check for updates.

I have another tunnel I need to setup to another pfsense but I don't want to break that one too.

Any ideas?

As I understand it, you need to use Microsoft's RADIUS implementation via IAS in order to authenticate PPTP sessions against AD. IAS doesn't need to be on the domain controller (it can be on a member server) but IAS needs to be installed somewhere and pfSense needs to be configured to auth via RADIUS against it.

I wouldn't worry about it too much. If you run the mount command when connected to the box you'll see the flash filesystems are also mounted with the synchronous option (from my ALIX setup below):

/dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
/dev/ufs/cf on /cf (ufs, local, noatime, synchronous)
devfs on /var/dhcpd/dev (devfs, local)

Synchronous means the system will sync all writes and not return from a command until the write has been completed. Even if a power failure were to happen with the filesystem mounted read-write it shouldn't cause any lost data as commands don't return until the write is verified as on-disk.

@johnpoz
You helped me. You gave me some good tips. There will be other - non technical - solutions which will stop this kind of traffic. It is just a kind of forensic :)

pfSense logs only to ram. If you need long term logging you will need to use a syslog server. See:
http://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog

Steve

@balubeto:

pfSennse 2.0.1 can also directly manage the PPPoA protocol

No.

@balubeto:

or I are obliged to set the ADSL 2+ modem in PPPoA mode?

Yes.

Your ADSL modem will probably talk PPPoE to pfSense but pfSense needs something else to handle the carriage of PPP in ATM cells.

Numerous ISPs, and businesses that aren't ISPs but act as one (generally sharing their Internet amongst a building of other tenants), do exactly what you describe. Limiters generally the best for that type of usage, and the easiest to configure.

Check a sqlite sample on cpan.

using DBD
http://search.cpan.org/~msergeant/DBD-SQLite-0.31/lib/DBD/SQLite.pm
http://mailliststock.wordpress.com/2007/03/01/sqlite-examples-with-bash-perl-and-python/

using DB
http://search.cpan.org/~vxx/SQLite-DB-0.04/lib/SQLite/DB.pm

Remember to create the sqlite database first

att,
Marcello Coutinho

The reason for going with a smoothwall, Endian, or untangled type of distro is the subscriptions for the web filtering, anti virus, spam control ect… As well as they, like mentioned have done a lot of work to make the underlying packages pfsense uses to work, in a much more solid versital form.

I would love to run it all in one box but i have yet to see it possible to provide the features we need to meet certain security standards while keeping the speed there. And i am guess this is why I see a lot of people who have pfsense and untangled combo.