Almost certainly just poorly configured by default rather than anything malicious. Any real attack or scan would be across a range of ports/services and wouldn't waste time hitting the same port repeatedly.

If you change the rule to reject instead of block they might get the message and stop trying.

Steve

@mephmanx said in GNUPG install on PFSense:

organization background tasks that are backed by git repos for config and update purposes.

Why would you do this on the "firewall" wouldn't those make more sense to do on some resource inside the org? What part of the firewalls role do these tasks help with?

Problem I have seen over the years is people think oh well this "box" I have is only using like 3% of its cpu doing its current thing, why not just leverage these unused cycles for doing other than firewall things..

Is that the case here? Do you not have some other resource on your network that could perform these background tasks?

@johnpoz thank you for your reply and suggestions.
thank you to all of you, guys.

I really appreciated your help.

Regards,
Mauro

You can spoof the MAC address on the VLAN parent interface. So assign/enable that, if it is not already, and apply the MAC there.

@rloeb Instant turnaround from Netgate support!!! Got it running. Now need to update system version.

@getcom dang man! i feel for you. keep up the good work and keep those ruzzkies out !!!

@cniles said in Need hlep with Captive Portal. I had it working but I changed somthing and can't get it to work:

but I changed a setting, and the captive portal will not show up

Like what ?
Disable the captive portal network interface ? (sorry, had to ask that)
No info can not generate useful info.

The sited "captive-portal-does-not-redirect" link above is not some kind of optional step : you have to follow it.

Added to these steps, I'll add :

Take note of the interface on which the portal runs :

942cfca3-0303-4f25-9fe8-cef146119f31-image.png

and then de activate the portal :

70cc5b63-b108-4050-97a3-8d26748331b5-image.png

and save.

Get the network settings of the interface on pfSense :

b417c976-ba99-427d-8536-c9e9633f9123-image.png

and that it has a /24 mask/size (to the right of the IP)

and also check that the DHCP server is activated on that interface.

Check that the resolver has the 'good' settings :

939c028f-e592-4828-8fd8-f1232d078f52-image.png

Note : the SSL/TLS Certificate is a "don't care" here.

Now locate (physical) on pfSense and test this interface.

When you connect to it, lookup up the IP you received. It must be an IP in the portal network you've found above.
Also, what was the gateway you received ? And the DNS. These two must be identical the the pfSense IP for your portal network.

What are the firewall rules for the portal interface ?

For testing purposes, you should use this rule :

f70d6727-8d9e-4b69-8042-ea9c4c364def-image.png

Later on, you can change - or remove - this rule for more, restricting rules.

On the device your using to test, preferably a PC type device, test DNS.
It has to work.

The above steps tell you that the interface works fine.

If you have any questions, tell us.

Btw : up until here, everything I've mentioned and showed is pretty 'default', no special settings are needed.
You've probably figured out that my example is using a dedicated Network for the captive portal. That's because a captive portal is a special case network : it should host devices that you don't 'trust', as it is meant to be an access for visiting devices. Your own devices should be on the default LAN interface.
This makes things easier to implement and understand. Its not mandatory.

@stephenw10 Yeah, I also noticed the error messages while trying to establish the bond on the command line.

All my other devices are Linux based and there it is absolutely not problem to have two LACP bonds in another active-backup bond. This has been working reliably for years. I've been tinkering with OpenWRT in the recent hours, and there it's also possible.

@steveits said in Netgate 1100 high memory utilization:

ZFS ARC

Thank you, did it and now it looks more "normal".
0177cdce-1b2a-42a0-a947-6a7ec19f28ea-imagen.png

@phlmike said in Odd dns replies from ARIN and now another server:

I only use pfBlockerNG

A quick google for pfblocker and PTR seems to point to it doing them.. I don't use most of pfblocker functionality - I only use to mange some aliases via geoip and other lists for native aliases.

Nor have I noticed any sort of blocks from dns root or gltd or in-appr servers.. But if I had to guess it prob related to that.. flagging @BBcan177 as he would be the guy to when and how pfblocker might do ptrs.. But even if was doing them the responses shouldn't be blocked unless issue with states or the answer coming in on on some interface pfsense doesn't expect the answer to come on

@bavcon22 Solution is to order another home Licence for pfsense+. It Would Be Nice if the licence will not be lost when the hardware changed.

@stephenw10 No issues found. :/

That ^.

It sounds like you may be confusing the WAN and LAN addresses. The webgui will be accessible on both the WAN and LAN IP addresses from a client on the LAN side.
All traffic inbound on the WAN side is blocked by default.

Steve

Yeah 👍

These days, most devices get an IPv4 'because there is one' but if you look closely, they all use the other one : IPv6.
Even when I'm posting here, on this forum, it's a solid IPv6 - no IPv4 in sight.

So, I stuffed the dhcp6d full with 'static' global "DUID" based IPv6 assignments.
Not that I'm trying to know these addresses, but that every device has a host name that I chose and remember.

Thank you @gertjan for the reply. I'm a newbie and I appreciate all the info and experience :)

By the way, StarLink has arrived and configured for failover for students and guests. The current Internet (the expensive, guaranteed bandwidth) access is configured as the failover for the rest.

Does anyone have an IP list for HBO Max to whitelist in PfSense?

@udasboot Excellent, very happy your persistence with the ISP got a resolution.

Enjoy the awesomeness that pfSense brings to your network quality and capabilities!

@pootle I don't recommend everyone do this because it is dangerous but you can shave the last 1/8" (3mm) off a shroud to get it to fit most things!

Before
IMG_2029 Medium.jpeg
After
IMG_2030 Medium.jpeg

Solved : false positive verified by Malwarebytes -

This was due to a database that dynamically applies new patterns in the wild to proactively block emerging threats and was obviously an FP.

This should be resolved in the next database update (give it about 30 minutes)

[https://forums.malwarebytes.com/topic/296960-false-positive-pfsense-router-webgui/#comment-1563675](link url)

It will not be that fast is my bet but It is now confirmed and can move on
Hopefully this helps someone else as well

And thank you guys very much !! and for humoring me along the way :)

It didn't happen in previous releases because php didn't change major versions.

The same thing (or similar) did happen when we moved from php5 to php7 a few years ago. We mitigated numerous php issues in testing but with a major version change like that there were always going to be some we didn't find.

Steve