Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    GrandStream HT502 BEHIND router

    Scheduled Pinned Locked Moved Firewalling
    25 Posts 4 Posters 12.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007
      last edited by

      As I expected, this was too good to be true…

      I was talking on the phone and suddenly, everything died.  Now when I pickup the phone I hear "Device not registered".

      The ATA lost connectivity to the outside.  See screenshot:  Not Registered.

      Looking in pfsense logs:

      Aug 25 13:44:11 	snort[12247]: [122:21:1] (portscan) UDP Filtered Portscan [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 206.248.144.132 -> 192.0.227.200
      Aug 25 13:44:11 	snort[12247]: [122:21:1] (portscan) UDP Filtered Portscan [Classification: Attempted Information Leak] [Priority: 2] {PROTO:255} 206.248.144.132 -> 192.0.227.200
      Aug 25 13:43:55 	snort[35706]: [140:20:1] (spp_sip) Invite replay attack [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.0.109:5060 -> 206.248.144.132:5060
      Aug 25 13:43:55 	snort[35706]: [140:20:1] (spp_sip) Invite replay attack [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.0.109:5060 -> 206.248.144.132:5060
      Aug 25 13:43:38 	snort[35706]: [140:20:1] (spp_sip) Invite replay attack [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.0.109:5060 -> 206.248.144.132:5060
      Aug 25 13:43:38 	snort[35706]: [140:20:1] (spp_sip) Invite replay attack [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.0.109:5060 -> 206.248.144.132:5060
      

      Could snort cause issues??  I stopped it and rebooted the ATA.  Will post back ASAP if this helped or not.

      ISS11.jpg
      ISS11.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • K
        kejianshi
        last edited by

        Your device should probably have the "NAT" box checked in its settings and also, I had to change my device to time out every 15 seconds instead of 3600.  Same for UDP time-out.  After that, it stayed registered.  If I set my settings same as yours, I'd be offline also.

        Unless their service will boot you for checking in too often, its better to make those numbers smaller.

        And snort…  Geeze.  Don't get me started on SNORT.

        1 Reply Last reply Reply Quote 0
        • P
          pftdm007
          last edited by

          Yep, snort WAS the problem.. I think anyways.  I stopped it, cleared the blocked hosts, rebooted the ATA and bingo! got the phone again!

          I'm not sure of the right way to prevent snort from doing that again…

          1 Reply Last reply Reply Quote 0
          • chpalmerC
            chpalmer
            last edited by

            Registration time is in the locked advanced pages so not an option without help from his voip providers tech support.

            To bypass some filtering issues here I set up a second subnet to run my voip ata's on. Its all great if you have the room to install a third NIC into your box. Otherwise its VLANs and a managed switch…  :P

            Im not sure if Siproxd will bypass snort or not. I only use it to run multiple ata's to multiple external servers. My provider has a production server and a byod server. Plus they are beta testing a cloud based pbx server which I am playing with.

            Triggering snowflakes one by one..
            Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

            1 Reply Last reply Reply Quote 0
            • P
              pftdm007
              last edited by

              To bypass some filtering issues here I set up a second subnet to run my voip ata's on. Its all great if you have the room to install a third NIC into your box. Otherwise its VLANs and a managed switch…  :P

              Unfortunately, I do not have a second PCI clot on that machine so adding another NIC is impossible.

              I also intend to virtualize pfsense at some point on a shiny new dual socket server with LOTS of RAM….  Im not sure how will this work but I know for sure it wont have 3 NIC's (I will be able to install several NICs as the server's mobo will have 6 PCI-E slots but will I need to??)

              Right now, Snort is down.  Unless I know how to make sure it wont block the ATA again, it will remain down.

              You see this is what Ive done:

              Create an alias including all my internal IP's and some outside servers I want to keep free access to,
              Under Snort's config, I went to white-list, added a white-list, and then used the alias I had created

              I really thought this way snort wouldn't interfere with the hosts listed under this alias..

              Apparently not.
              Anybody knows why?

              I did not have to try Siproxd yet because the ATA works flawlessly with my port forwarding setup and snort down.  If I can clear snort's interference out of the equation, and I have problems again, I will try Siproxd.  I just prefer not to mix too many variables together until I really knows whats going on.

              That has been my recipe with pfsense…

              1 Reply Last reply Reply Quote 0
              • P
                pftdm007
                last edited by

                THings were too good to be true… Until I added a domain in squidguard target categoriues and suddenly the whole router crawled to a stop.. I knew what it was 1000000%

                See http://forum.pfsense.org/index.php/topic,63025.msg357852.html#msg357852

                Clearly nobody thinks this is a problem.  IMO something is severely broken in pfsense's packages.

                See the result of ps -A:

                20 million havp and squidguard processes running anybody think its normal?!

                $ ps -A
                  PID  TT  STAT      TIME COMMAND
                    0  ??  DLs  177:38.54 [kernel]
                    1  ??  SLs    0:00.05 /sbin/init --
                    2  ??  DL     1:50.16 [g_event]
                    3  ??  RL     4:25.76 [g_up]
                    4  ??  DL     2:53.40 [g_down]
                    5  ??  DL     0:00.00 [crypto]
                    6  ??  DL     0:00.00 [crypto returns]
                    7  ??  DL     0:00.00 [sctp_iterator]
                    8  ??  DL     1:03.50 [pfpurge]
                    9  ??  DL     0:00.00 [xpt_thrd]
                   10  ??  DL     0:00.00 [audit]
                   11  ??  RL   23533:39.71 [idle]
                   12  ??  WL   483:41.74 [intr]
                   13  ??  DL     0:00.00 [ng_queue]
                   14  ??  DL     7:57.60 [yarrow]
                   15  ??  DL     0:42.49 [usb]
                   16  ??  DL     1:39.58 [acpi_thermal]
                   17  ??  DL     0:16.16 [pagedaemon]
                   18  ??  DL     0:00.36 [vmdaemon]
                   19  ??  DL     0:00.04 [pagezero]
                   20  ??  DL     0:03.54 [idlepoll]
                   21  ??  DL     0:17.68 [bufdaemon]
                   22  ??  DL    15:17.22 [syncer]
                   23  ??  DL     0:14.00 [vnlru]
                   24  ??  DL     0:21.51 [softdepflush]
                   40  ??  DL     0:19.84 [md0]
                  245  ??  INs    3:21.70 /usr/local/sbin/check_reload_status
                  247  ??  IWN    0:00.00 check_reload_status: Monitoring daemon of check_reloa
                  257  ??  Is     0:00.02 /sbin/devd
                 2396  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 2715  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 2738  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 2845  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 4907  ??  D      0:09.28 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 5011  ??  D      0:08.78 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 5319  ??  D      0:09.04 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 5396  ??  D      0:09.29 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 5529  ??  Is     0:00.13 /usr/local/sbin/sshlockout_pf 15
                 5736  ??  D      0:08.72 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 6035  ??  Is     0:00.00 /usr/sbin/sshd
                 6365  ??  D      0:22.03 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 6468  ??  D      0:23.23 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 6515  ??  D      0:21.55 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 6801  ??  Is     0:00.07 dhclient: re0 [priv] (dhclient)
                 6848  ??  D      0:21.44 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 7114  ??  D      0:21.84 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                 8100  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 8230  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 8480  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 8808  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 9023  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 9289  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 9496  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                 9753  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                10724  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                10778  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                10913  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                12344  ??  Ss     0:20.32 dhclient: re0 (dhclient)
                13208  ??  Ss     0:15.62 /usr/sbin/cron -s
                16871  ??  Ss     4:33.25 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log 
                17328  ??  D      0:17.47 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                17662  ??  D      0:17.63 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                17685  ??  D      0:17.99 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                17777  ??  D      0:17.64 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                17814  ??  D      0:17.42 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                17934  ??  D      0:33.44 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                18190  ??  D      0:33.49 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                18243  ??  D      0:34.27 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                18529  ??  D      0:32.95 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                18705  ??  D      0:33.19 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                20216  ??  S      0:00.67 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                20557  ??  S      0:00.47 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                20578  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                20768  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                20884  ??  Is     0:00.04 /usr/local/sbin/squid -D
                20949  ??  S      0:00.17 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                21239  ??  S      0:00.27 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                21403  ??  S      0:00.02 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                21675  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                21798  ??  I      0:00.30 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                21881  ??  S      0:00.09 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                22095  ??  Ds   307:46.96 /usr/local/bin/ntop -i re0,re1 -u root -d -4 -M -x 81
                22142  ??  Is     2:19.13 /usr/local/sbin/filterdns -p /tmp/filterdns.pid -i 30
                22209  ??  I      0:00.02 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                22304  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                23045  ??  Ds    71:53.62 /usr/local/sbin/clamd -c /usr/local/etc/clamd.conf
                23741  ??  DL     0:06.21 [md10]
                24125  ??  Ss     7:37.85 /usr/local/sbin/apinger -c /var/etc/apinger.conf
                25631  ??  SN     0:00.00 sleep 60
                25762  ??  R      0:00.01 ps -A
                28072  ??  S      0:59.81 /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfig
                28602  ??  IWs    0:00.00 /usr/local/bin/php
                30096  ??  IWs    0:00.00 /usr/local/bin/php
                30530  ??  Ss     0:25.95 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroo
                32419  ??  S      0:06.04 /usr/local/bin/php
                32731  ??  D      0:50.29 /usr/local/bin/php
                38698  ??  S      0:01.39 (squid) -D (squid)
                38859  ??  I      0:00.00 (unlinkd) (unlinkd)
                39204  ??  I      0:00.09 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39339  ??  I      0:00.07 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39437  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39503  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39559  ??  Ss     2:04.82 /usr/local/bin/ntpd -g -c /var/etc/ntpd.conf
                39682  ??  S      0:00.07 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39825  ??  S      0:00.09 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                39965  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                40116  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                40538  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                40849  ??  I      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                40980  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                41205  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                42829  ??  I      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                42997  ??  D      0:09.75 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43100  ??  IWs    0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /
                43129  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                43158  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                43186  ??  D      0:09.26 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43229  ??  R      0:11.26 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43281  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                43530  ??  I      0:01.81 minicron: helper /usr/local/bin/ping_hosts.sh  (minic
                43541  ??  D      0:09.40 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43674  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                43677  ??  I      0:09.61 /usr/local/bin/rrdtool -
                43730  ??  D      0:31.64 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43739  ??  D      0:09.46 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                43767  ??  IWs    0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts
                43771  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                43823  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44076  ??  R      0:30.82 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                44086  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44098  ??  I      0:00.10 minicron: helper /etc/rc.expireaccounts  (minicron)
                44167  ??  IWs    0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_u
                44226  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44348  ??  D      0:30.33 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                44389  ??  S      3:08.20 /usr/local/sbin/dnsmasq --local-ttl 1 --all-servers -
                44473  ??  D      0:31.46 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                44562  ??  I      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44594  ??  I      0:00.01 minicron: helper /etc/rc.update_alias_url_data  (mini
                44657  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44676  ??  INs    0:00.02 /usr/sbin/inetd -wW -R 0 -a 127.0.0.1 /var/etc/inetd.
                44736  ??  R      0:32.10 (squidGuard) -c /usr/local/etc/squidGuard/squidGuard.
                44811  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                44910  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                45068  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                45118  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                45263  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                45599  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                45796  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                46069  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                46356  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                46702  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                46944  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47136  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47311  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47382  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47469  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47705  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                47919  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                48205  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                48545  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                48681  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                48716  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                48874  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                49163  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                49502  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                49515  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                49847  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                50167  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                50227  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                50540  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                50757  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51098  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51166  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51192  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51209  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51454  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51585  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51676  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51734  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                51769  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                52037  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                53482  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                53518  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                54795  ??  Ss    17:23.59 /usr/sbin/powerd -b adp -a adp
                56210  ??  I      0:00.00 sleep 55
                59021  ??  Ss     0:00.09 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                59708  ??  S      0:00.95 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                59959  ??  S      0:00.60 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                59965  ??  S      0:00.82 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                60073  ??  S      0:00.01 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                60360  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                60528  ??  S      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                61680  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                61798  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                61995  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                62170  ??  I      0:00.00 /usr/local/sbin/havp -c /usr/local/etc/havp/havp.conf
                16277  v0- S      1:16.15 /usr/sbin/tcpdump -s 256 -v -S -l -n -e -ttt -i pflog
                16308  v0- S      1:51.49 logger -t pf -p local0.info
                32161  v0- I      0:49.28 /bin/sh /usr/local/pkg/sqpmon.sh
                52753  v0- SN     4:51.06 /bin/sh /var/db/rrd/updaterrd.sh
                52813  v0  Is+    0:00.01 /usr/libexec/getty Pc ttyv0
                53228  v1  Is+    0:00.01 /usr/libexec/getty Pc ttyv1
                

                pfsense is causing me too many issues and headaches.  I think Im gonna find another firewall project or go back to a simple plain Jane router…

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  @lpallard:

                  pfsense is causing me too many issues and headaches.  I think Im gonna find another firewall project or go back to a simple plain Jane router…

                  Sorry, but installing junk and blaming the OS just makes no sense. HAVP sucks, is broken, is not worth it, is not protecting you in any meaningful way. It uses ClamAV with absolutely pathetic detection rate, yet plagued with loads of false positives, which eats tons of resources, makes downloads suck. Any free AV on a workstation makes couple orders of magnitudes better job here. Installing HAVP, squidguard, snort on the same box? Are you mad?

                  You are causing all this grief to yourself. " simple plain Jane router…" - yeah, that's what you get with vanilla pfS install - before you go on a resource killing spree with all those things mentioned above. They are NOT required. They are NOT needed. They are harmful in most cases. They make you babysit the firewall 24/7.

                  Doctor, it hurts when I do this... Yeah, so don't do that.

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC
                    chpalmer
                    last edited by

                    my tinkering is causing me too many issues and headaches

                    There- fixed that for you!

                    A plain Jane router is just that. No firewall.  SIP doesn't like NAT. It can be made to work if your patient. Try Vonage. It will work fine. That tells me that there are other underlying factors going on with some SIP providers.

                    DO I really need 3 NIC's???

                    No. You don't.

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • K
                      kejianshi
                      last edited by

                      Well - There is routing, which pfsense does very well.

                      Then there is firewalling, which pfsense also does well.

                      Then there are add on packages, which do various other things like clamav and caching squid proxy and those things are neither routing nor are they anthing to do with firewall..

                      And then there are the UTM features of pfsense.  Not know what you are doing WILL break your install.

                      While I don't share the dislike of clamav, I do have a dislike for all AV in general.  They are resource hogs.
                      Better to use OSes that don't require you to run it and just load AV on your play/gaming machines.
                      Probably nobody who doesn't NEED the last 2 sets of features at the router should touch those.

                      Almost no one needs the UTM stuff at home, but if you go there, don't say pfsense is broken.  Some really patient fairly expert people get those features to work just fine.  The key being expert + patient.  Like you really keep an eye on it.

                      These systems are not automatically better the more you add to them.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pftdm007
                        last edited by

                        Geez!  doktornotor calm down !!! ;)

                        While I have shown signs of frustrations, my frustrations really were about the packages not the base platform.  If any of you took 2 seconds to look at my other thread where I EXPLICITELY mentioned that on the base platform I had ZERO problems, but with HAVP, Squid and its crappy guardian, I had issues, you would have understood my POV.

                        I have repeatedly said that I was more than willing to give my time for FREE to help troubleshoot and analyze what the hell is going on with these packages because they're not working well.  Is this not what Opensource projects needs in the end?  Contributors and people helping for FREE?

                        It is not pfsense that frustrates me, it is NOT even the packages so much , its people attitude.

                        You post severe problems you have, you spend the necessary time to document it and write a meaningful thread about it, you explicitly ask developers and other "experts" to at least say a few words, and all you get is:

                        13 Replies
                        1139 Views

                        Which on the 13 replies, 11 are MINE.

                        Thats fine.  I get the point.  pfsense is meant to be alone to work properly, no packages added.  Then I suggest pfsense devs add a big fat warning in the package manager:

                        Warning!  Adding packages may (will) break your pfsense install

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          This is just funny. You need a rather flaky and sensitive VOIP stuff working behind firewall, and instead of setting things up so that it works and calling it a day, you go, overload your box with extremely intrusive, extremely resource intensive and rather horrible to maintain bloat and come back to vent your frustrations about how broken it is. Seriously. Just do not do that! You are causing this whole trouble to yourself!

                          Now - yeah, snort does NOT work out of the box, never has, never will. And quite frankly my point of view is that it is just pure evil for any home/SOHO environment, not to mention the effort constant babysitting required. (This thing has been dropped from multiple firewall distros for a damn good reason, your rants being a prime example. The mailing lists and forums basically flooded with complaints from people thinking that IDS/IPS/UTM is a musthave, point-and-click, plug and play stuff.) Getting similar intrusive and complicated setups working does not take hours nor days… Do not have time and patience for that? Well, see above, just don't install such things. And regardless, take as a fact that it may just as well never work properly with things like some buggy flaky VOIP device, depending on the device itself, the SIP provider, the ISP, etc. etc. etc.

                          Finally, these issues are nothing pfsense specific. Snort is exact same intrusive and disruptive everywhere else, HAVP (and the ClamAV thing behind it) does not magically become any better, nor does squid/squidguard when run on say Debian or Fedora instead of FreeBSD/pfSense.

                          1 Reply Last reply Reply Quote 0
                          • K
                            kejianshi
                            last edited by

                            I understand your frustrations.  Me, being a relative newbie here get your point.
                            However, the reason the devs and others are not jumping through whoops to reply is because your issues have actually already been talked to death on the forums and they are really busy people.  (I'd guess that anyway)

                            If I were you, I'd run pfsense as vanilla as I could and only add what is needed.
                            I'd say the same for all distros.

                            1 Reply Last reply Reply Quote 0
                            • P
                              pftdm007
                              last edited by

                              All right, I get the point.  This is really eye opening and changed the way I see the pfsense project forever.

                              I still dream that some day, there are some REALLY SOLID packages for pfsense.

                              I kept tinkering with this because for a long while, I had success with the pfsense - havp - squid - snort - squidguard combination…  Real success.

                              I still think all of this can be somewhow improved or fixed.

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                As suggested above - these are NOT pfsense-specific issues for the most part. You need to work with upstream to get those sorted out, improved, polished, more usable, less sucky, more shiny, more out-of-the box experience stuff. Those downstream pfSense guys just package the stuff together and ship it (in addition, providing some added value, such at the GUIs.) Unless the issue is one related to the packaging/customized configuration stuff… this won't get solved here.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.