Вопросы новичка по pfsense
-
Подскажите что это за правило?
The rule that triggered this action is:
@107(1000010015) pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"Создаю правило на влане запретить всё, а пакеты проходят и в логе это правило светится. :(
Что за вилан? Топологию сети расскажите и конф интерфейсов пфскнса.
Могу предположить что правило запрета в списке ниже чем разрешающее правило. Первым применяется то, которое выше в списке. -
@Bansardo:
Что за вилан? Топологию сети расскажите и конф интерфейсов пфскнса.
Могу предположить что правило запрета в списке ниже чем разрешающее правило. Первым применяется то, которое выше в списке.Самые обычные вланы, созданные через Interfaces -> VLANs.
Пока писал ответ выяснилось что если хоть на одном из интерфейсов есть правило разрешить всё и всюду, то никакие запрещающие правила на втором интерфейсе не помогут. Странно конечно, но получается так. -
Странно конечно, но получается так.
Доброе.
Это логично. Т.е. если это касается LAN, то и работать оно будет только для того, что имеет _src=_LAN net, _dst=_что-то-вовне\др. интерфейс. Аналогично и по др. интерфейсам.
Поймете это правило - все сразу оформится в единую картину. -
Добрый день прошу присутствующих гуру просветить , есть сеть 10.100.100.0/24 с внешним ип
111.111.111.111 , есть вторая подсеть 10.10.10.10/24 с внешним ип 222.222.222.222 между сетями поднят шифрованный впн туннель ikev2 site to site . Задача состоит в том чтобы допустим хост 10.100.100.101 взаимодействовал с внешней сетью с внешним ип 222.222.222.222. Тоесть выход во внешнюю сеть осуществляется через туннель и внешний ип подсети 10.10.10.0/24 . весь исходящий и входящий трафик для сети 10.100.100.0/24 идет через туннель . Сейчас это реализовано с помощью asa 5515 (10.100.100.0/24) и 5505 (10.10.10.0/24). Возможно ли заменить 5505 на pfsense и реализовать текущий функционал???
Заранее извиняюсь если такая тема рассматривалась но форуме но более менее четкого гайда по настройке связки s ty s ikev 2 между asa и pfsense на форуме так и не нашёл . Также готов к сотрудничеству если кто то возьмётся реализовать данный функционал на демо стенде -
2 workitnik
Доброе.
Схему нарисуйте. Так нагляднее будет.P.s. Демостенд готов ?
-
За основу можно взять общую инструкцию для site to site с выходом в интернет через IP другой стороны туннеля:
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnelВ интернет через туннель должен ходить только 10.100.100.101 или вся сеть 10.100.100.0/24?
-
2 workitnik
Доброе.
Схему нарисуйте. Так нагляднее будет.P.s. Демостенд готов ?
Схему сейчас изображу
Демо стенд готов доступы в личку после обсуждения условий и контакта , -
За основу можно взять общую инструкцию для site to site с выходом в интернет через IP другой стороны туннеля:
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnelВ интернет через туннель должен ходить только 10.100.100.101 или вся сеть 10.100.100.0/24?
Планируется что структура имеет большое количество ветвей и оконичников
По этому доступ для определённого хоста в свой туннель и оконечный внешний ип
-
За основу можно взять общую инструкцию для site to site с выходом в интернет через IP другой стороны туннеля:
https://doc.pfsense.org/index.php/Routing_internet_traffic_through_a_site-to-site_IPsec_tunnelВ интернет через туннель должен ходить только 10.100.100.101 или вся сеть 10.100.100.0/24?
И да данная схема в полнее приемлема но с условием что доступ идет не для подсети а для конкретного ип и со стороны ип должна быть ASA
-
Подскажите, с чем связано и на что обратить внимание, логи забиты:
Apr 4 14:51:15 kernel (ada0:ata3:0:1:0): Retrying command
Apr 4 14:51:17 kernel (ada0:ata3:0:1:0): READ_DMA48. ACB: 25 00 1f 81 b6 40 22 00 00 00 08 00
Apr 4 14:51:17 kernel (ada0:ata3:0:1:0): CAM status: ATA Status Error
Apr 4 14:51:17 kernel (ada0:ata3:0:1:0): ATA status: 51 (DRDY SERV ERR), error: 40 (UNC )
Apr 4 14:51:17 kernel (ada0:ata3:0:1:0): RES: 51 40 21 81 b6 22 22 00 00 06 00
Apr 4 14:51:17 kernel (ada0:ata3:0:1:0): Retrying command -
Диск\кабель\контроллер
(ada0:ata3:0:1:0): READ_DMA48. ACB: 25 00 1f 81 b6 40 22 00 00 00 08 00 - судя по всему ошибка чтения сектора. -
SATA. 280Гб., точнее не скажу, не рядом.
попробую поменять винт…@oleg1969:
Какой у Вас HDD ??
=========================
Было у меня что-то подобное давно – помогла смена HDD (древний он был)
у меня вроде как наоборот, поставил древнюю 20ку Samsung, посмотрим…
10.04 ред. Ошибки пропали, помогла замена HDD.
Спасибо! -
добрый день! в логах вот такая картина несколько раз в день(2-3 раза), падает сетка на секунд 3-5 и потом сама поднимается. pfsense 2.3.3 Что подскажите?
Apr 12 18:34:10 xinetd 23128 readjusting service 19063-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19064-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19064-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19065-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19065-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19169-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19170-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19170-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19171-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19171-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19172-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19172-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19173-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19173-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19174-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19174-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19175-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19175-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19176-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19176-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19177-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19177-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19178-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19178-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19179-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19179-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19180-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19180-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19181-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19181-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19182-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19182-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19183-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19183-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19184-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19184-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19185-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19185-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19186-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19186-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19187-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19187-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19188-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19188-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19189-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19189-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19190-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19190-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19191-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19191-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19192-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19192-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19193-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19193-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19194-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19194-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19195-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19195-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19196-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19196-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19197-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19197-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19198-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19198-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19199-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19199-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19209-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19209-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19210-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19210-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19211-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19211-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19212-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19212-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19213-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19213-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19214-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19214-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19215-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19215-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19216-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19216-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19217-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19217-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19218-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19218-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19219-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19219-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19220-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19220-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19221-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19221-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19222-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19222-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19223-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19223-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19224-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19224-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19225-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19225-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19226-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19226-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19227-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19227-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19228-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19228-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19229-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19229-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19230-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19230-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19231-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19231-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19232-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19232-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19233-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19233-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19234-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19234-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19235-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19235-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19236-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19236-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19237-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19237-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19238-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19238-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19239-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19239-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19240-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19240-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19241-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19241-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19242-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19242-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19243-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19243-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19244-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19244-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19245-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19245-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19246-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19246-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19247-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19247-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19248-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19248-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19249-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19249-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19250-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19250-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19251-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19251-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19252-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19252-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19253-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19253-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19254-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19254-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19255-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19255-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19256-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19256-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19257-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19257-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19258-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19258-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19259-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19259-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19260-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19260-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19261-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19261-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19262-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19262-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19263-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19263-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19264-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19264-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19265-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19265-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19266-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19266-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19267-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19267-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19268-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19268-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19269-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19269-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19270-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19270-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19271-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19271-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19272-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19272-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19273-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19273-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19274-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19274-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19275-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19275-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19276-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19276-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19277-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19277-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19278-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19278-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19279-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19279-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19280-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19280-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19281-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19281-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19282-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19282-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19283-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19283-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19284-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19284-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19285-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19285-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19286-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19286-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19287-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19287-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19288-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19288-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19289-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19289-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19290-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19290-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19291-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19291-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19292-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19292-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19293-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19293-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19294-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19294-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19295-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19295-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19296-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19296-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19297-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19297-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19298-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19298-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19299-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19299-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19300-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19300-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19301-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19301-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19302-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19302-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19303-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19303-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19304-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19304-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19305-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19305-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19306-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19306-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19307-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19307-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19308-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19308-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19309-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19309-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19310-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19310-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19311-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19311-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19312-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19312-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19313-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19313-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19314-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19314-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19315-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19315-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19316-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19316-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19317-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19317-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19318-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19318-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19319-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19319-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19320-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19320-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19321-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19321-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19322-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19322-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19323-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19323-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19324-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19324-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19325-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19325-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19326-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19326-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19327-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19327-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19328-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19328-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19329-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19329-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19330-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19330-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19331-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19331-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19332-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19332-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19333-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19333-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19334-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19334-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19335-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19335-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19336-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19336-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19337-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19337-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19338-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19338-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19339-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19339-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19340-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19340-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19341-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19341-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19342-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19342-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19343-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19343-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19344-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19344-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19345-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19345-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19346-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19346-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19347-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19347-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19348-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19348-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19349-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19349-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19350-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19350-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19351-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19351-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19352-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19352-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19353-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19353-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19354-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19354-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19355-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19355-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19356-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19356-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19357-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19357-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19358-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19358-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19359-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19359-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19360-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19360-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19361-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19361-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19362-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19362-udp Apr 12 18:34:10 xinetd 23128 readjusting service 19363-tcp Apr 12 18:34:10 xinetd 23128 readjusting service 19363-udp Apr 12 18:34:10 xinetd 23128 Reconfigured: new=0 old=728 dropped=0 (services) Apr 12 18:52:50 kernel arp: 192.168.*.* moved from 5c:0a:5b:30:10:65 to 64:bc:0c:15:16:df on re0_vlan110 Apr 12 18:53:14 kernel arp: 192.168.*.* moved from 64:bc:0c:15:16:df to 5c:0a:5b:30:10:65 on re0_vlan110 Apr 13 00:05:02 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Snort VRT rules posted. Downloading snortrules-snapshot-2983.tar.gz... Apr 13 00:07:22 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort VRT rules file update downloaded successfully Apr 13 00:07:24 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Snort GPLv2 Community Rules are up to date... Apr 13 00:07:24 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz... Apr 13 00:07:28 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] Emerging Threats Open rules file update downloaded successfully Apr 13 00:07:35 php /usr/local/pkg/snort/snort_check_for_rule_updates.php: [Snort] The Rules update has finished. Apr 13 00:07:35 check_reload_status Syncing firewall Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:08 pfsense_k1.localdomain nginx: 2017/04/13 07:07:08 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:09 pfsense_k1.localdomain nginx: 2017/04/13 07:07:09 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:09 pfsense_k1.localdomain nginx: 2017/04/13 07:07:09 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:09 pfsense_k1.localdomain nginx: 2017/04/13 07:07:09 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:09 pfsense_k1.localdomain nginx: 2017/04/13 07:07:09 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:09 pfsense_k1.localdomain nginx: 2017/04/13 07:07:09 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:10 pfsense_k1.localdomain nginx: 2017/04/13 07:07:10 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:10 pfsense_k1.localdomain nginx: 2017/04/13 07:07:10 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:10 pfsense_k1.localdomain nginx: 2017/04/13 07:07:10 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:10 pfsense_k1.localdomain nginx: 2017/04/13 07:07:10 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:10 pfsense_k1.localdomain nginx: 2017/04/13 07:07:10 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:11 pfsense_k1.localdomain nginx: 2017/04/13 07:07:11 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:12 pfsense_k1.localdomain nginx: 2017/04/13 07:07:12 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:13 pfsense_k1.localdomain nginx: 2017/04/13 07:07:13 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:14 pfsense_k1.localdomain nginx: 2017/04/13 07:07:14 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:14 pfsense_k1.localdomain nginx: 2017/04/13 07:07:14 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 07:07:14 pfsense_k1.localdomain nginx: 2017/04/13 07:07:14 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:15 pfsense_k1.localdomain nginx: 2017/04/13 08:41:15 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:16 pfsense_k1.localdomain nginx: 2017/04/13 08:41:16 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:17 pfsense_k1.localdomain nginx: 2017/04/13 08:41:17 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:18 pfsense_k1.localdomain nginx: 2017/04/13 08:41:18 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:19 pfsense_k1.localdomain nginx: 2017/04/13 08:41:19 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:19 pfsense_k1.localdomain nginx: 2017/04/13 08:41:19 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:20 pfsense_k1.localdomain nginx: 2017/04/13 08:41:20 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:20 pfsense_k1.localdomain nginx: 2017/04/13 08:41:20 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:21 pfsense_k1.localdomain nginx: 2017/04/13 08:41:21 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:21 pfsense_k1.localdomain nginx: 2017/04/13 08:41:21 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:23 pfsense_k1.localdomain nginx: 2017/04/13 08:41:23 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:29 pfsense_k1.localdomain nginx: 2017/04/13 08:41:29 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:41:29 pfsense_k1.localdomain nginx: 2017/04/13 08:41:29 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:03 pfsense_k1.localdomain nginx: 2017/04/13 08:42:03 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:03 pfsense_k1.localdomain nginx: 2017/04/13 08:42:03 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:04 pfsense_k1.localdomain nginx: 2017/04/13 08:42:04 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:05 pfsense_k1.localdomain nginx: 2017/04/13 08:42:05 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:06 pfsense_k1.localdomain nginx: 2017/04/13 08:42:06 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:06 pfsense_k1.localdomain nginx: 2017/04/13 08:42:06 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:08 pfsense_k1.localdomain nginx: 2017/04/13 08:42:08 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:09 pfsense_k1.localdomain nginx: 2017/04/13 08:42:09 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:10 pfsense_k1.localdomain nginx: 2017/04/13 08:42:10 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:10 pfsense_k1.localdomain nginx: 2017/04/13 08:42:10 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:10 pfsense_k1.localdomain nginx: 2017/04/13 08:42:10 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:18 pfsense_k1.localdomain nginx: 2017/04/13 08:42:18 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:19 pfsense_k1.localdomain nginx: 2017/04/13 08:42:19 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:21 pfsense_k1.localdomain nginx: 2017/04/13 08:42:21 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:22 pfsense_k1.localdomain nginx: 2017/04/13 08:42:22 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:22 pfsense_k1.localdomain nginx: 2017/04/13 08:42:22 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:22 pfsense_k1.localdomain nginx: 2017/04/13 08:42:22 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:22 pfsense_k1.localdomain nginx: 2017/04/13 08:42:22 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:22 pfsense_k1.localdomain nginx: 2017/04/13 08:42:22 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:23 pfsense_k1.localdomain nginx: 2017/04/13 08:42:23 [alert] 57926#100119: send() failed (40: Message too long) Apr 13 08:42:24 pfsense_k1.localdomain nginx: 2017/04/13 08:42:24 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:25 pfsense_k1.localdomain nginx: 2017/04/13 08:42:25 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:26 pfsense_k1.localdomain nginx: 2017/04/13 08:42:26 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:27 pfsense_k1.localdomain nginx: 2017/04/13 08:42:27 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:27 pfsense_k1.localdomain nginx: 2017/04/13 08:42:27 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:28 pfsense_k1.localdomain nginx: 2017/04/13 08:42:28 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:29 pfsense_k1.localdomain nginx: 2017/04/13 08:42:29 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:47 pfsense_k1.localdomain nginx: 2017/04/13 08:42:47 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:47 pfsense_k1.localdomain nginx: 2017/04/13 08:42:47 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:47 pfsense_k1.localdomain nginx: 2017/04/13 08:42:47 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:47 php-fpm 52985 /index.php: Session timed out for user 'admin' from: 192.168.*.* Apr 13 08:42:47 pfsense_k1.localdomain nginx: 2017/04/13 08:42:47 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:48 pfsense_k1.localdomain nginx: 2017/04/13 08:42:48 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:49 pfsense_k1.localdomain nginx: 2017/04/13 08:42:49 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:50 pfsense_k1.localdomain nginx: 2017/04/13 08:42:50 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:50 pfsense_k1.localdomain nginx: 2017/04/13 08:42:50 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:50 pfsense_k1.localdomain nginx: 2017/04/13 08:42:50 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:50 pfsense_k1.localdomain nginx: 2017/04/13 08:42:50 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:51 pfsense_k1.localdomain nginx: 2017/04/13 08:42:51 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:51 pfsense_k1.localdomain nginx: 2017/04/13 08:42:51 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:51 pfsense_k1.localdomain nginx: 2017/04/13 08:42:51 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:51 php-fpm 52985 /index.php: Successful login for user 'admin' from: 192.168.*.* Apr 13 08:42:51 pfsense_k1.localdomain nginx: 2017/04/13 08:42:51 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:52 pfsense_k1.localdomain nginx: 2017/04/13 08:42:52 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:53 pfsense_k1.localdomain nginx: 2017/04/13 08:42:53 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:53 pfsense_k1.localdomain nginx: 2017/04/13 08:42:53 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:53 pfsense_k1.localdomain nginx: 2017/04/13 08:42:53 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:53 pfsense_k1.localdomain nginx: 2017/04/13 08:42:53 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:53 pfsense_k1.localdomain nginx: 2017/04/13 08:42:53 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:57 pfsense_k1.localdomain nginx: 2017/04/13 08:42:57 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:57 pfsense_k1.localdomain nginx: 2017/04/13 08:42:57 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:57 pfsense_k1.localdomain nginx: 2017/04/13 08:42:57 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:57 pfsense_k1.localdomain nginx: 2017/04/13 08:42:57 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:58 pfsense_k1.localdomain nginx: 2017/04/13 08:42:58 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:42:59 pfsense_k1.localdomain nginx: 2017/04/13 08:42:59 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:43:00 pfsense_k1.localdomain nginx: 2017/04/13 08:43:00 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:43:00 pfsense_k1.localdomain nginx: 2017/04/13 08:43:00 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:43:00 pfsense_k1.localdomain nginx: 2017/04/13 08:43:00 [alert] 56982#100142: send() failed (40: Message too long) Apr 13 08:43:00 pfsense_k1.localdomain nginx: 2017/04/13 08:43:00 [alert] 57385#100141: send() failed (40: Message too long) Apr 13 08:43:00 pfsense_k1.localdomain nginx: 2017/04/13 08:43:00 [alert] 57385#100141: send() failed (40: Message too long)в логах шлюза такая картина
Apr 12 14:52:00 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:01 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:01 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:01 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:01 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:01 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:01 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:02 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:02 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:02 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:02 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:02 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:02 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:03 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:03 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:03 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:03 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:03 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:03 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:04 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:04 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:04 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:04 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:04 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:04 dpinger GW_static 88.204.*.*: sendto error: 64 Apr 12 14:52:05 dpinger K3 195.160.1.2: sendto error: 64 Apr 12 14:52:05 dpinger Route_DMZ 192.168.10.249: sendto error: 64 Apr 12 14:52:05 dpinger GW_static 88.204.*.*: sendto error: 64 -
Строки вида
Apr 12 18:34:10 xinetd 23128 readjusting service 19063-udp
не опасны, тоже имею подобное.
В логах подозрительно это:
Apr 12 18:52:50 kernel arp: 192.168.. moved from 5c:0a:5b:30:10:65 to 64:bc:0c:15:16:df on re0_vlan110
Apr 12 18:53:14 kernel arp: 192.168.. moved from 64:bc:0c:15:16:df to 5c:0a:5b:30:10:65 on re0_vlan110Со шлюзами тоже не ОК, подобного не встречал.
-
Добрый день,
Подскажите - в OpenVpn 2.4 была добавлена опция tls-crypt которая должна помочь в "увеличении защиты конфиденциальных данных о соединении пользователя". И если я правильно понял https://redmine.pfsense.org/issues/7071 то это уже реализовано, но как это настроить в связке клиент-сервер. Буду благодарен за помощь. -
OpenVPN 2.4 ожидается в pfsense 2.4.0.
Если вы уже пользуетесь бетой pfsense 2.4.0 то по идее TLS Encryption должно либо быть доступно через GUI, либо добавлением директивы tls-crypt в Advanced сервера и клиента. -
pigbrother, спасибо. :)
Не заметил что это к версии pf 2.4 -
В принципе - pf 2.4 вполне работоспособна, я жду реализации в ней только Open VPN 2.4, в котором полноценная(?) поддержка AES-NI при выборе кодеков aes-gcm.
Что касается tls-crypt - ее основное назначение скрыть от внешних глаз определение самого факта установления соединения OpenVPN.
На собственно криптоустойчивость Open VPN она повлияет мало\почти никак. -
pigbrother,
Как раз то что надо - сокрытие факта VPN подключения. Надеюсь в совокупности с 443 и TCP, DPI системам будет гораздо труднее отследить присутствие трафика данного типа.
Может подскажете ещё рекомендации для конфигурации, которые помогут избежать детектирования DPI.
Спасибо. -
"Настоящую" систему DPI так просто не обманешь.
Для OVPN можно пробовать самое очевидное - переезд со стандартного порта 1194. На тот же 443, можно - TCP, который вы упомянули.
Включение в OVPN всех опций, включая TLS authentication.Как вариант промежуточного решения - отказ от OVPN вообще, с переходом на малопопулярные реализации VPN - tinc (есть пакет для pf) или
SoftEther VPN, который, как утверждается:
имеет свой собственный протокол «SSL-VPN», который неотличим от обычного HTTPS-трафика (чего не скажешь про OpenVPN handshake, например), может работать не только через TCP/UDP, но и через ICMP (подобно pingtunnel, hanstunnel) и DNS (подобно iodine)
https://habrahabr.ru/post/208782/
Пакета для pf - нет. Формальная поддержка freeBSD - есть:
https://www.softether.org/4-docs/1-manual/7._Installing_SoftEther_VPN_Server/7.5_Install_on_Other_Unix_Systems
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.