Trojan virus in PFsense box
-
Torpig only infects Windows hosts, so the problem is not pfSense, but a system somewhere on your network.
-
I'm curious why they see those ports being sourced from my pfsense's WAN IP address. I thought it might be originated from the client that connects into the portal. But I'm using Public IP's for the clients and I'm not doing NAT so they should see it coming from the client's IP address. Does pfsense doing some translation inside even I'm using Public IPs for the LAN? Any thoughts would be appreciated.
-
Did you disable NAT Completely? (Switch to Manual outbound NAT and then delete the resulting rules). It may still be using NAT even though you are using public IPs.
Proxies of any kind can also make things appear to come from pfSense's WAN IP, though squid and such don't typically coexist well with Captive Portal on pfSense.
-
Yes my PFsense is set to 'Automatic outbound NAT rule generation' and when I switch to manual I notice this default rule:
WAN 149.142.28.0/23 * * * * * NO Auto created rule for LAN
I deleted it then I put it back to automatic. And when I switched it back again to manual the default rule came up again. So I deleted it again and now I set it as manual. I remember having issue before when I set it to manual but I'll see if there will be a problem. Thanks.
-
Looks like clients are unable to establish connections when I enabled Manual Outbound NAT rule generation and without any mappings. Should I need to create mappings if I enable AON?
-
Yes my PFsense is set to 'Automatic outbound NAT rule generation' and when I switch to manual I notice this default rule:
WAN 149.142.28.0/23 * * * * * NO Auto created rule for LAN
I deleted it then I put it back to automatic. And when I switched it back again to manual the default rule came up again. So I deleted it again and now I set it as manual. I remember having issue before when I set it to manual but I'll see if there will be a problem. Thanks.
By putting it on automatic it will still NAT.
You need to leave it on Manual and delete the rule. Do not set it back to automatic, as that will just cause it to use NAT again.
If your clients can't connect with manual NAT and no rules, then your IP routing for your public IPs may not be correct, but that is up to you and your ISP.
-
Thanks. Do I need to configure routing in the PFsense or in my router where the pfsense is connected? As far as the routing configuration in my router is concerned it looks ok. But I don't have any routing configured on my pfsense. The LAN and WAN interface of my PFSense are connected on the same switch (Cisco 6500) but on separate VLAN.
-
On your Cisco, you should route the "lan side" subnet to the WAN IP address of pfSense. pfSense should handle the internal routing properly.
something like
ip route a.b.c.d 255.255.255.0 w.x.y.z
Where w.x.y.z is the WAN IP
-
Or activate RIP on the pfsense if you are also running RIP on your cisco :)
-
Or activate RIP on the pfsense if you are also running RIP on your cisco :)
That, too. Personally, I have an inherent distrust of dynamic routing protocols. It's a bit more to manage by hand but at least I know the routes won't disappear at random…
-
I'm running dynamic routing protocols (OSPF and BGP) in my Cisco switch. From the router's perspective, the routing is working between the two Vlans (LAN and WAN) I created for my PFSense . I thought there's some routing configuration I need to create inside PFSense box.
-
There isn't an OSPF daemon for pfSense at the moment, and the BGP package is currently geared toward WAN routing and not internal (but it might work, I'm not very familiar with BGP).
The easiest thing to do would be as I said, add a manual route for your lan-side subnet pointed at the pfSense WAN IP.