Great steps so far but im stuck at the point of joining the domain, i keep getting
cannot join as standalone machine

can anyone help with this?

@stephenw10 Hmm i'm pretty sure it was the serial image. To be sure, i'm going to rufus the thumbdrive again and make certain its the serial image. Then i'll boot the laptop again with the setup and install to the mSATA. Going to take screenshots of securecrt when the m270 boots this time too.

@yon-0 said in some services show can't start:

Updating pfSense repository catalogue...
pkg-static: No SRV record found for the repo 'pfSense'
pkg-static: An error occured while fetching package

This is a DNS error. Check pfSense can resolve.

@kasalencar
Olá pessoal, conseguiram resolver?
Estou com os mesmos problemas acima.
Complicado o squidanalyzer

@silence So far, it seems to be just one of my gmail accounts.
I'm not sure why that one is in paranoid mode, but the others are acting normally.
We''ll call it okay for now. :) Thanks for the responses!

@guitarcleiton:

@pskinfra:

@guitarcleiton:

@pskinfra:

Caro Reinaldo.Pereira

Tenho um dos meus PFSense´s com rede lan totalmente bloqueada ( sem proxy, direto nas regras do FW ), e foi solicitado apenas a liberação do Skype.

Fiz conforme o "Aliases" informado, pesquisei também em bgp.he.net  e mesmo assim a aplicação não funciona. Obs: Até abre a página do Skype, mas não renderiza completamente.

Cenário do FW para apenas um Host:

Um cliente host com ip 192.168.90.62;

PASS  -> ALL -> 192.168.90.62 -> skypenet
PASS  -> ALL -> 192.168.90.62 -> skypehost
Reject   -> ALL -> 192.168.90.62 -> ALL

Também peguei o seguinte bloco das redes compartilhadas nesse link: https://docs.google.com/document/d/1ozabua0GGD8bikNAk_exJhMZYSrNxKb4npWmFH1ok1w/edit

Manda um print de sua regra, pela que eu entendi lendo seu relato, sua regra esta errada.

Segue guitarcleiton,

Por padrão tudo é bloqueado no PFSense, não precisa da segunda regra negando acesso.
crie a segunda regra liberando a outra aliase tem que ter as  2 SkypeHost e SkypeNet

Obrigado caro guitarcleiton. Eu sei do bloqueio sim!
Essa regra é específica em função de 2 coisas: Logs e pela ação Reject ser mais rápido no bloqueio ao usuário/cliente.

Abraços!

Часть 2

That's correct, there is no run-time patch for the issue.
https://redmine.pfsense.org/issues/12954

Steve

Yes, I only have a firebox X750e, so I only make this widget for my usage :)
But don't hesitate to make a pull request if you want add more compatibility

@johnpoz Thanks for the notification: the DNS, at least, should now be working.

Yes, if Squidguard broke because some dependency was no longer viable we would look to correct that.

Hello all,

Thanks for pursuing this for months and years. I am finally returning to pfSense+ after time away because of things like this being fixed!

I have now been using the new "Coservative" firewall settings for over two weeks, and I can say with confidence that it 100% fixed the problem with my Samsung Galaxy S8+. No more issue with texts. No more issue with wi-fi calling. Everything works exactly as it should. 🙂

Final followup here for me (I hope): Unbound 1.5.2rc1 has just been released, http://www.unbound.net/pipermail/unbound-users/2015-February/003774.html

Interesting part of the release notes in our case:

This release fixes a DNSSEC validation issue when an upstream server
with different trust anchors introduces unsigned records in messages.
Harden-glue when turned off allows potentially poisonous records in
the cache in the hopes of that enabling DNS resolution for 'impossible
to resolve' domains, it is fixed to have 'less cache poisoning',
quotes added because it is by definition not secure to turn off
harden-glue.  New features are that "inform" can be used to see which
IPs lookup a domain, and unbound-control can use named unix pipes.

According to Chris in Redmine, this should be fixed in 2.2.1.

learning more: I see node_exporter for armv7:
https://www.freshports.org/sysutils/node_exporter/

Does anyone have experience with this? How to get it installed, would it work on the SG3100?

may be I go the issue we just nee dot reboot the firewall and select the old kernel and boot the firewall after boot it will reboot again and you can access the latest version of firewall which 2.8.0 I tried and it work for me.

@jsmiddleton4 Thank you. I appreciate that! You are right, probably no one is going to hack into my APs but being in IT for years, I also know how us IT nerds are, so its more I want to just be aware. I cant be aware of everything nor will i know how everything works but the more I know about my network and what looks right/doesnt the better off i'll be. Its all fun and learning for me especially now that im in more of a project management role instead of IT i actually WANT to work on these types of projects and learn for fun.

Let alone, watching Mr. Robot did not help in the 'people are hacking you' thoughts. lol.

DHCP6 will come down the road. My next goal is setting the plugins up and watching everything. I am curious because i just got alerted that im over my data cap again!

Something is def. off since its not every month. Ive already got a good idea of whats on my network but i've been running ip scanner for a few months now and just noticed a few more things that im gonna double-check.

Good information to note in regards to the NICs etc.