Oh, I see. I'm using the wrong branch!

Ok, so LAN is always the 2nd physical interface and pfSense will always use it for the initial web configuration after completing the console config?

But I really wanted to make the first 2 physical interfaces WAN1 and WAN2. I guess I got a little OCD in that regard. :)

EDIT: I was able to export the config.xml and rearrange the interfaces to the order I wanted. All good now.

@javcasta hi there, did you use the above solution in the end? do you mind sharing please?

It was not possible to change it correctly from gui.
I have connected to console using putty change IP of the interface and later created new gateway via gui and assigned it to the network card.

@jimp Tried that also and got 63 for both.

@mrjoli021 said in Suricata blocking Alexa:

Could someone explain to me how to match the rule name to what I see in the "Wan Categories?

If I look a the alert tab I am getting "ET CINS Active Threat Intelligence Poor Reputation IP group 16" According to the Wan categories I am not seeing anything remotely similar to the rule name. What am I missing?

It's not always super easy to make that connection. In this case of this particular rule, it is coming from the ET CINS list of possible bad (or blacklisted) IP addresses. Here is a link to the source of this data: http://www.cinsscore.com/.

So on the CATEGORIES tab there is an Emerging Threats rule set with ET CINS and I think there is also one called ET CIARMY or something similar. These are what I would characterize as "dumb" rules. I don't mean dumb as in useless, but rather "dumb" as in it is simply a list of IP addresses, and if the source or destination IP in a packet is in the list you get an alert.

One problem with rules of this type is that the owners of IP blocks changes. And that is happening a bit more frequently now since the IPv4 address space has been exhausted, and therefore there is a lot swapping and trading going on for money among owners. So an IP block that might have been used by a spammer last month may, this month, be use by a CDN network that is distributing Amazon Prime, Hulu or Netflix streams. So these lists have to be taken with a grain of salt.

@jimp Thank you for the quick reply him - time to order our SG-5100s!

Redis would be a good choice for exporting the logs. A user contributed support for that into the Suricata package a little while back.

Next time I update Suricata I will include a warning in the Help Text for the syslog export settings sections cautioning that the data will be truncated by the FreeBSD syslog daemon.

TEC to RS485_contr_2.jpg

Thought I would give a quick update on this for those who care :)

I bought the i5 jobbie. A bit on the steep side in terms of price and spec but I had no other short-term solutions.
Must say, it's a nice bit of kit. 6 Intel LAN (I do wonder if they fake though 😆 ), i5, I put 4GB RAM in and a spare 60GB MSATA I had.

Setup was painless. I did a final backup of my existing one, installed pfSense and restored the backup. A quick interface remapping and I was done. Shut down, switched out and booted. It all worked :)

Thoughts:

Speedtest always showed around 290/300 over wifi. I now easily get 350-360. (Wifi is Ubiquiti kit) VPNs are faster. Much much faster. I always use PIA and peer locally but only ever got 70-80Mb/s down. Never an issues as I don't need more than that (other than speed test 😁 ) I now get full bandwidth. I got 340 to NL (I am not in NL....) So, a combination of faster CPU and AES offloading makes a massive difference. Odd thing though, I never saw the CPU peg on the old j1900 which lead me to believe it was ok. Acid test. Not once have the kids simultaneously gone "DaaaAAAAAaaaaaDDDD I'm lagging!" from across the house Likewise, myself and my wife have continued to work on video calls without issue.

Could I have bought one of the £200 cheaper Atom ones and had the same result. Probably.
Would I recommend this setup for someone? Sure. It's compact, neat, costs about the same as a self-build (but looks better)

A gamble but it paid off (so far). Thanks for your help on this. Hopefully someone else reads it and benefits.

FB

@xxnumbxx said in Home Network Layout, Traffic Shapping & More questions.:

Web Filtering

I want web filtering on LAN2 so the kids are not getting to porn sites and such. I have used this with
untangle and found it to work great, is there something similar for pfSense? I have heard of
Squidguard but not sure if this is the best route.

I can suggest pfBlockerNG-Dev package. Spend sometime browsing here and post specific questions there: https://forum.netgate.com/category/26/traffic-shaping

We need more specifics to even begin to offer anything helpful. How is your network laid out?

Deleted from within the user manager 😉

If you need to do it transparently you need to set Squid to listen on the OpenVPN interface so it adds the required port forwards.

To do that you need to assign the OpenVPN server as an interface:
Selection_829.png

Enable the new interface, rename it if you wish. Then you can select it in Squid.

Steve

@dennypage Agreed. I think it must be the YouTube mobile app caching the duplicates.

If that doesn't pan out, you can try switching back to sc:

kern.vty=sc hint.sc.0.flags="0x180" hint.sc.0.vesa_mode="279"

Zabbix is just pulling the hardware interface name. You're going to have to look at aliasing it on the Zabbix side. How to do that would be a question for a Zabbix forum, not a pfSense one.