Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Popular
    Log in to post
    • All categories
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All Time
    • Day
    • Week
    • Month
    • D

      Whack-a-mole with DigitalOcean "ET COMPROMISED Known Compromised or Hostile Host Traffic group"
      IDS/IPS • • drewsaur

      25
      0
      Votes
      25
      Posts
      103
      Views

      D

      @bmeeks Thank you so much. I did send you the full log separately. Please let me know if I can get you anything else. And you needn’t do any more. I’m more than happy with what I’ve learned. Cheers!

    • W

      CGNAT UPnP Issue Advice
      General pfSense Questions • • wormuths

      15
      0
      Votes
      15
      Posts
      88
      Views

      G

      @stephenw10 said in CGNAT UPnP Issue Advice:

      Yeah set an override or enable the STUN external IP detection.

      UPnP can still work in that situation if the upstream router is forwarding traffic. So if you set the pfSense as the DMZ IP in your ISP router for example.

      Steve

      For this scenario, where UPnP isn't actually used for anything towards external servers/devices, STUN might work as a way to remove the errors.

      It might also work for e.g. a gaming scenario, at least if the mobile router has a public IP, (I'll make sure to test that). But in this case the mobile router is behind CG-NAT, so it might not work for gaming.

      What I don't understand though, is why does miniupnp give this error and refuses to do it's job if the WAN IP is from the private IP range?
      If the upstream router places pfsense in DMZ, it should still work!

      I have tested this and it does actually work fine if you can "fool it"...

      My failover goes over LTE and the mobile router has a public IP but doesn't do bridging. It does however have DMZ and most importantly, it allows me to set any IP on the LAN interface. If I set it to a public IP, UPnP on pfsense works perfectly fine, giving me Open NAT on all the games I throw at it, double NAT and all. Other routers, like Ubiquiti edgerouter, also work, but they do it even if WAN has a private IP...

      The problem that you run into when doing it this way, is that it breaks the Dynamic DNS setup, since it will now take the fake WAN IP and not use the "Check IP Service".

      I see three simple things that we need here.

      Provide an override selection to prevent miniupnp to check for private IP on the WAN interface. Introduce Gateway Group into the External Interface selection for UPnP, so it can follow the default gateway in a failover scenario, or allow multi select not only for Internal interfaces. Not really a necessity if 1 & 2 are in place but still a good idea to have the option to force "Check IP service" regardless of the WAN IP.
    • Cloudless Smart Home

      ssh vscode
      General pfSense Questions • • Cloudless Smart Home

      12
      0
      Votes
      12
      Posts
      68
      Views

      Cloudless Smart Home

      @stephenw10 the one in the picture above

    • O

      Wireguard Abbruch nach Provider IP-Wechsel
      Deutsch • • orcape

      12
      0
      Votes
      12
      Posts
      51
      Views

      Bob.Dig

      @orcape Wie gesagt, wenn wäre es ein Problem auf der Client Side, also bei OpenWRT. Den Server interessiert es nicht.
      Edit: Gerade mal getestet gegen WG für Android. In der Fritte neu verbunden, dann gewartet bis die entsprechenden E-Mail-Benachrichtungen dazu bei mir eingingen. Davor auf dem Smartphone WiFi aus und WG Client gestartet. Ergebnis, auch nach dem IP-Wechsel und DDNS nach Hause steht die Verbindung.
      Was bei mir aber nicht wirklich funktioniert ist der IPv6-Wechsel, damit hat die Sense so ihre Probleme. WG und DDNS laufen bei mir aber über IPv4.

    • U

      Suricata Rules Update Drops Internet Connection (briefly)
      IDS/IPS • • uplink

      8
      0
      Votes
      8
      Posts
      62
      Views

      U

      @bmeeks

      Yeah, got catch! I checked PfBlocker and the cron job starts at the top of the hour (see screenshot below). I probably should change that to on the half hour 00:30 so they don't collide. I'll try that and report back :)

      screenshot4.jpg

    • Cloudless Smart Home

      Service Status widget not real time?
      General pfSense Questions • • Cloudless Smart Home

      7
      0
      Votes
      7
      Posts
      51
      Views

      Cloudless Smart Home

      @rcoleman-netgate I'm supposed to be patient when I'm troubleshooting? 🤣 thanks for letting me know.

    • altmetaller

      CAM Error beim Aufruf der Firewall-Logs über die GUI
      Deutsch • • altmetaller

      7
      0
      Votes
      7
      Posts
      32
      Views

      N

      Welche Version ist im Einsatz, hier kam ja vor kurzem jemand mit einer 2.3 oder 2.4 an.

      Es gab Probleme in bestimmten Versionen mit der Log Komprimierung, die sollte man abschalten.

      Ein CLI Terminal kopiert das markierte automatisch, kenne das nicht anderes.
      Ansonsten einfach printable output in ein Log schreiben.

      Was die Hardware angeht, ja würde mal Zeit für was neueres, gibt ja auch die IPU Reihe, wenn du dem Hersteller treu bleiben willst.
      Da geht es auch eher um aktuelle Features wie AES usw. Das gibts bei deiner CPU von 2011 noch alles nicht.
      Wie schnell ist das Inet und gibt es des PPPoE bei dir?

    • C

      Work laptop disabling local network
      Cache/Proxy • • cybersamurai

      6
      0
      Votes
      6
      Posts
      58
      Views

      NogBadTheBad

      @steveits is Wi-Fi and Ethernet connected at the same time I wonder.

    • Cloudless Smart Home

      I am getting the flagged as spam when I try to edit my posts
      Forum Feedback • • Cloudless Smart Home

      5
      1
      Votes
      5
      Posts
      28
      Views

      Cloudless Smart Home

      @rcoleman-netgate working now, thanks 👍

    • F

      Dynamic DNS update extremely slow (Cloudflare)
      General pfSense Questions • • flobernd

      5
      0
      Votes
      5
      Posts
      55
      Views

      Bob.Dig

      @flobernd I just did a test but not with pfSense and it was normal, so no problem on CFs side.

    • S

      User cert revoked by itself.
      OpenVPN • • shshs

      4
      0
      Votes
      4
      Posts
      48
      Views

      S

      @jimp thanks a lot, this is exactly my case. Cheers!

    • fireodo

      barnyard2
      IDS/IPS • • fireodo

      4
      0
      Votes
      4
      Posts
      34
      Views

      bmeeks

      @fireodo said in barnyard2:

      @bmeeks said in barnyard2:

      I will make myself a reminder to remove that line in the next package update.

      OK. Have a fine Day and thanks,
      fireodo

      Thank you for reporting the deprecated code!

    • Cloudless Smart Home

      automatically start openvpn server when my phone is not on home wifi project writeup
      General pfSense Questions • • Cloudless Smart Home

      3
      0
      Votes
      3
      Posts
      26
      Views

      K

      @cloudless-smart-home Funny little project :-)

      It’s always usefull to learn about tech by testing various ideas like that. However, the security gains by disabling the service are not really there as it will be available in large parts of the day. Also: it will cost slightly more battery on your phone because it wakes the wifi every minute when you are home.

      I think your next project should be pfBlockerNG and retrieving the AS number of your cell service provider. That way you can create a rule so only IP’s belonging to your provider is able to reach the OpenVPN server. That will have a MUCH more relevant impact on security than turning it on and off.

    • C

      na-320r
      Italiano • • claudiove

      3
      0
      Votes
      3
      Posts
      17
      Views

      C

      grazie x la risposta e per l'ottimismo. ancora qualche dettaglio poi non vi assillo piu'

      a) se compro una sk video su usb , e la collego all'usb dell'apparato, secondo voi vedo l'immagine a monitor?

      b) in alternativa , come collego un monitor all'apparato? l'ho svitato ed aperto, ma nessun negoziante ha saputo collegarmi un monitor

      ancora grazie

    • A

      How to block http inbound connection by http header
      Cache/Proxy • • alexferro32

      3
      1
      Votes
      3
      Posts
      33
      Views

      johnpoz

      @michmoor exactly... To be honest, that is DO - in what scenario would they ever need to be inbound to you?

      Block all of their ASNs

      NetRange: 165.22.0.0 - 165.22.255.255 CIDR: 165.22.0.0/16 NetName: DIGITALOCEAN-165-22-0-0

      pfblocker makes it easy to look up ASNs and put them into a alias and then block that completely from your services you don't want them to be able to talk to.. DO while is a big cloud provider - why would you have need of inbound traffic from them? They are not known for being to particular on how they allow their services to be used.

    • P

      Version 23.01.r.20230202
      Plus 23.01 Development Snapshots • • pfsjap

      2
      1
      Votes
      2
      Posts
      35
      Views

      M

      @pfsjap Seeing this aswell but it's marked as "next stable version". So I think it's the public RC.

    • B

      AYUDA a Configura CANTV de Fibra en pfsense
      Español • • boarlol

      2
      0
      Votes
      2
      Posts
      18
      Views

      B

      @boarlol Screenshot_1.png

    • J

      Squid And Squidguard port allow
      Cache/Proxy • • Jdwind

      1
      0
      Votes
      1
      Posts
      4
      Views

      No one has replied

    • S

      ICAP protocol error
      Cache/Proxy • • Steve Williams

      1
      0
      Votes
      1
      Posts
      5
      Views

      No one has replied

    • V

      pfsense и SkyDNS
      Russian • • valek3306

      1
      0
      Votes
      1
      Posts
      3
      Views

      No one has replied

    • M

      Blocking IoT and other devices on my network
      Firewalling • • MikeHalsey

      1
      0
      Votes
      1
      Posts
      8
      Views

      No one has replied

    • D

      Tackling migration config from mini PC to SG-1100
      Installation and Upgrades • • DominikHoffmann

      1
      0
      Votes
      1
      Posts
      18
      Views

      No one has replied

    • paul.orsini

      GOING THRU SETING UP SEC 1 AND 2 AND FFR BUT NOT SEEING FINAL HAAPY GREEN SKITTLE
      FRR • • paul.orsini

      1
      0
      Votes
      1
      Posts
      13
      Views

      No one has replied

    • S

      Remote Access IPv6 Gateway Monitor
      OpenVPN • • SeaMonkey

      1
      0
      Votes
      1
      Posts
      16
      Views

      No one has replied

    • F

      OpenVPN first user to connect gets in and nobody after
      OpenVPN • • frgeeks

      1
      0
      Votes
      1
      Posts
      17
      Views

      No one has replied

    • I

      Pfsense 2.6 Error para abrir paginas como cpanel, webmail y conectar clientes de correo como outlook
      Español • • inieves

      1
      0
      Votes
      1
      Posts
      12
      Views

      No one has replied

    • L

      RIPE Probe Disconnect every 24-ish hours IPv6 only
      IPv6 • • Lurick

      1
      0
      Votes
      1
      Posts
      20
      Views

      No one has replied

    • T

      Can't turn off DNSBL feeds
      pfBlockerNG • • toolbag

      1
      0
      Votes
      1
      Posts
      43
      Views

      No one has replied