• MOVED: Snort and squid issues

    Locked
    1
    0 Votes
    1 Posts
    813 Views
    No one has replied
  • Blocking webgui access from wlan to wlan access point

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    F
    Hi, I recently changed to a (actuallt two) DAP-1360, but I can't find any option for limiting GUI access. Regards, Floddy
  • Swap Space Keep increase - 2.0 stable release

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    L
    @Nachtfalke: Hi, I am not using HAVP. To block websites I am using squid and squidguard and scanning for viruses I am using Kaspersky Anti-Virus on every workstation. But perhaps it would be easier for you not to stop or disable services you would like to use. Why not buying one more GB of RAM ? i think i will upgrade to 2gb to check the performance . many thanks.
  • Inbound SIP calls dropping

    Locked
    18
    0 Votes
    18 Posts
    23k Views
    B
    Marcello, I did a little research on the cisco "outbound sip proxy" .  And I don't believe it is applicable. According to the documentation this command is used when using SIP endpoints (ip phones) with a CME router.  This is the default mode,  and on inbound calls to a SIP endpoint would cause to hairpin back out, thus causing the call to fail.  So if one is using SIP endoints one might want to disable this feature.  My IP phones are using SCCP, thus it doesn't apply. But, what the hell, I did try it any ways.  So I configured it globally and it had not effect on the SDP contact information being rewritten to a public ip address.  And thus did not change the symptoms in any way.  It is my understanding that it is the responsibility of the sip proxy daemon (sipproxd) plug-in running in pfSense to rewrite the SDP contact address information from the private to the public address.  Is seams that this plugin is just not working. Is there a way to verify or view the activity of the siproxd service.  I have restarted it.  But beyond that what can I do?  What about debugs on the PFSense server?  I'm sure there is something, just not familiar with BSD. Brian
  • Firewall log question - what am I looking at

    Locked
    9
    0 Votes
    9 Posts
    2k Views
    johnpozJ
    I know exactly what the traffic was (SSDP), no need for a capture.  Even though really thats just basic info about the packet no data there. Where are you getting 168.0.1 from??  The packet capture and your blocked firewalls clearly show 192.167 192.167.0.1.1900 > 239.255.255.250.1900: [udp sum ok] UDP, length 252 What does a DNS server have to do with anything?  Why would you be pointing to a 192.168.0.1 address for DNS though? If that traffic is your MODEM – why are you seeing it on your LAN interface??  From that mac, I can tell its a dlink So let me ask again -- what is the exact model of your "modem" and why in the world would be connected to your LAN interface -- not going to work like that.. Is it an OLD Modem or something your just using as a switch?  And you gave it a 192.167.0.1 address? Are you behind a double nat?  Why are you hiding your FULL wan IP??  Here -- just hide the last couple of octets and I can tell if you behind a NAT.  But please draw out where this att modem you think is sending out the traffic -- why are you seeing that traffic on your LAN interface??? most anyone can tell for first couple of octets is what ISP your connected to. As to bleed over, which is why I would like to see a drawing of your layout -- its NOT normally possible to see traffic from your MODEM on your LAN interface, not unless you had you lan connected to the same switch on the modem/router from your isp or something?? [image: wanispublic.jpg] [image: wanispublic.jpg_thumb]
  • Secure levels (?)

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    The bulk of the benefit for securelevels is protection from local users or programs. Technically pfSense is not considered a multi-user system in that way, though 2.0 is starting to blur that line a bit. Even for changing firewall rules that would be a major PITA to accommodate in the GUI because the firewall rules are changed dynamically all the time in circumstances where things change such as WAN IPs and the like. It would probably be a lot of work for very little practical benefit in the way we use FreeBSD with pfSense.
  • MOVED: Dyndns-Adress cannot be accessed from the LAN

    Locked
    1
    0 Votes
    1 Posts
    743 Views
    No one has replied
  • SOLVED - Firewall Schedules

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    jimpJ
    Click the column header to select every day of the week individually. When they are all selected, it will mean "every day" and it doesn't just apply to the selected month.
  • Dynamic DNS hostname as source address?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    If you're on 2.0, make an alias, put the hostname in the alias, and then use the alias in the firewall rule(s).
  • Suppressing firewall log output

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    Create a block rule without logging before this rule that is loggin all blocked traffic.
  • Bridging NICs in pfSense 2.0?

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    chpalmerC
    Ah- I see!   And I only added to my confusion by renaming "opt1" to "bridged"…    ::) Thanks!
  • Outbound FTP (pasv)

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Ftp client doesn t work

    Locked
    1
    0 Votes
    1 Posts
    933 Views
    No one has replied
  • Blocking http traffic when using transparent proxy

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E
    Sorry to drag this thread up again (especially as it's my first post), but is there any way to change this behaviour so that port 80 is redirected to squid after the firewall rules are evaluated, so after a pass/accept? The reason I ask is that I have some internal web pages, some of which need to be accessed from an interface. There are about 5 pages I need accessible atm, but I would like access to all other private IPs blocked. Keeping both the filter and firewall rules updated together is much less desirable, particularly as my current infrastructure is changing. Note: I would still like private pages cached as some reside the other side of a bandwidth metered VPN connection. Also I presume this doesn't effect any hosts blocked by snort does it? Ie it doesn't allow block hosts to still use port 80 through squid?
  • Strange traffic - 100% link utilization

    Locked
    2
    0 Votes
    2 Posts
    971 Views
    F
    Could it be a compromised router and a DoS? I suggest having a look at the traffic exchanged with these hosts via wireshark or something similar to better understand what is going on.
  • SMTP being blocked after a couple of hours

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    R
    Thanks that good advice. will load it as default install and see what happens.
  • External Websites making MSSQL Queries

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    J
    Queries can be slow for a variety of reasons.  You'll want to make sure you are using indexes where ever possible and minimize the amount of data transferred back and forth.  If you are actually connecting through a linked server then things get a lot more complicated as queries that used to run using indexes may not do so anymore (hint: you can't use PART of the primary key in a query and get it to use the clustered index).
  • Odd FTP behaviour

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    G
    thanks for your response. I have just worked out what the problem is… I have just learned that the FTP server has two nics in it - one in the DMZ and the other on the LAN! So whilst I was routing traffic to the FTP server via the pfSense and DMZ interface, the Data stream I guess was coming back direct via the LAN nic. ::)
  • Pf rule processing order and performance

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    F
    just learned something thanks.  I figured they were quick because every rule has worked even though sometimes there is a rule we have that comes after but the first has always been the match so I just wanted to check and confirm. I sure would like to come up with a way of estimating traffic delays based on the amount of rules, hardware, etc. I know there are a lot of variables here but are you aware of any performance stats for systems with 5k-10k rules? Thanks again -Fred
  • Strange issue with logmein.com

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    C
    Don't load balance HTTPS, many HTTPS sites tie your session to a particular IP and hence will do what you're describing. Use failover groups only for HTTPS, generally load balancing is safe for everything else.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.