Network Drops. There HAS TO be an easier way!
-
@jcarmi04 said in Network Drops. There HAS TO be an easier way!:
Pfsense version 2.3.4-RELASE-p1 (i386)
pfSense 2.3.4 is 6.5 years old. You should update to current.
I have currently landed on the WAN interface and have a continuous PowerShell script capturing daily traffic. When I check it against my mess of a Pfsense System Log, I do a IP lookup of the inbound WAN interface and then create a firewall rule for the host (or sometimes single address). WTH!
I have no idea what you mean by this.
If not, is there a better way and workflow for me to get these "offenders" blocked?
What offenders, and why are you explicitly blocking them? WAN already blocks all unsolicited inbound traffic.
-
@jcarmi04 What do you mean by offenders?
Do you have ports open on your WAN for something?
If not, all traffic is already blocked by default.Why haven't you updated pfSense?
-
- Backup your pfSense config.
- Update to latest pfSense
- Run a Shields Up! scan on all service ports to determine what ports might be open.
-
Thanks for the note!
@KOM said in Network Drops. There HAS TO be an easier way!:
pfSense 2.3.4 is 6.5 years old. You should update to current.
I may be bound by hardware specs or that I have not updated BIOS? Suggestions?
System pfSense
Serial: 1234567890
Netgate Device ID: b4dfc5c16707f239151a
BIOS Vendor: American Megatrends Inc.
Version: 1.0c
Release Date: 03/11/2009
Version 2.3.4-RELEASE-p1 (i386)
built on Fri Jul 14 14:53:03 CDT 2017
FreeBSD 10.3-RELEASE-p19The system is on the latest version.
Platform pfSense
CPU Type Intel(R) Celeron(R) CPU E3300 @ 2.50GHz
2 CPUs: 1 package(s) x 2 core(s)@KOM said in Network Drops. There HAS TO be an easier way!:
I have no idea what you mean by this.
Here is what I am doing to temporarily resolve these issues:
- PowerShell
1.a. Start-Transcript -path C:/log.txt -Append
1.b. Ping.exe -t google.com | ForEach {"{0} - {1}" -f (Get-Date),$_} - Pfsense\Status\System Logs
2.a. From the logs, I look for similar entries:
1708521292|1|3|10|Probing or server down: <A HREF='/lua/host_details.lua?host=[IP-OMITTED-BUT-CAN-INCLUDE]&ifname=re1'>[IP-OMITTED-BUT-CAN-INCLUDE]</A> > <A HREF='/lua/host_details.lua?host=[IP-OMITTED]&ifname=re1'>c-[IP-OMITTED].hsd1.nh.comcast.net</A> [TCP [IP-OMITTED-BUT-CAN-INCLUDE]:50133 > [IP-OMITTED]:8807 [proto: 0/Unknown][1/0 pkts][60/0 bytes][SYN]]
2.b. Confirm IP against an IP lookup site - Pfsense\Firewal\Rules\WAN
3.a. Block source or subnet
- PowerShell
-
@KOM said in Network Drops. There HAS TO be an easier way!:
ffend
Im with everyone here. First update pfSense to a supported version. Lots of bug fixes and security fixes.
If the problem is still there we can start some triage. -
@Jarhead said in Network Drops. There HAS TO be an easier way!:
Do you have ports open on your WAN for something?
If not, all traffic is already blocked by default.I only have 32400 open for Plex. Everything else should be blocked by default, but, by blocking these individual inbound attempts, it has allowed my network to remain up. Without these being blocked, my network throttles - to the point of being unusable - multiple times throughout the day.
-
@elvisimprsntr said in Network Drops. There HAS TO be an easier way!:
Update to latest pfSense
@michmoor said in Network Drops. There HAS TO be an easier way!:
Im with everyone here. First update pfSense to a supported version. Lots of bug fixes and security fixes.
If the problem is still there we can start some triage.Thanks, all! Here is what I have from the system:
SystemUpdateSystem Update
System Update
Update Settings
Confirmation Required to update pfSense system.
Current Base System2.3.4_1
Latest Base System2.3.4_1
StatusUp to date. -
Many reports of people getting compromised running Plex with open ports. Not to mention security breaches by Plex themselves.
https://www.theverge.com/2022/8/24/23319570/plex-security-breach-exposes-usernames-emails-passwords
A better solution is to host your own VPN service on pfSense (IPSec, OpenVPN, Wireguard, Tailscale, etc.)
-
Netgate dropped support for 32-bit, but your CPU is 64-bit. Since 2.3.4_1 is so old, you might be better off installing from scratch and restoring your config. Also, you might want to upgrade your appliance to something with more performance. Might be a less disruptive migration path to buy new appliance, install from scratch, restore config, then swap out appliance. Also, gives you the benefit of upgrading to more robust ZFS file system.
Need to select latest branch under Update Settings.
Make sure to backup your config first and download the latest version and put on a USB stick just in case you have to re-install from scratch.
-
@elvisimprsntr said in Network Drops. There HAS TO be an easier way!:
un a Shields Up! scan on all service ports to determine what ports might be open.
Cool site - thanks! I passed (with no Common or Service Ports open), but will store this for future testing needs :)