• pimd

    General pfSense Questions
    6
    0 Votes
    6 Posts
    235 Views
    L

    @dennypage, @maximushugus, @louis2, @jeffscott

    Good news!

    I have the PIMD version I did compile yesterday working !!
    Including the related pfSense gui.

    Not I think I can make it running the way it should in the coming week(??).

    Note that at this moment I still have the following issues:

    The warnings at compile time. Surely NOT OK!
    => I do not have the knowledge to fix this. but it does not be blocking. The man directory issue.
    => I have no idea how to solve that. My actual work around is removing the manual files from package definitions (NOT OK) Pimd does not run using the GUI.
    => At this moment I have to start pimd from the command line in debug mode and restart pimd after each config change. However pimd is running and I can access my media server.
    pimd -n -f /var/etc/pimd/pimd.conf --disable-vifs -l debug=all the firewall rules are not yet as they should be, for the test I just opened too much.

    So I have to sort out things in the coming week/weeks. But I have good hope that I can solve points 3 and 4.

    If someone can solve points 1 and 2, it would be highly appreciated!!

  • 0 Votes
    30 Posts
    4k Views
    dogfight76D

    Update auf 2.8 hat jetzt auch funktioniert, danke

    Gruß

  • 0 Votes
    3 Posts
    91 Views
    bmeeksB

    @JonathanLee said in Seeking Insight on IPV6 Suricata Alerts – "Excessive Retransmissions" and "Wrong Direction First Data":

    SURICATA Applayer Wrong direction first Data

    Here is the link in the Suricata docs for this stream rule alert: https://docs.suricata.io/en/latest/rules/app-layer.html#applayer-wrong-direction-first-data.

    The short version of the story is that even today, after several attempted fixes within Suricata, the coders of client/server software apps seem to still be able via crappy coding to craft network flows that trip up the Suricata parser. This is basically a harmless error.

    As @SteveITS said, the best thing is to disable all the Suricata stream event rules. They are informational anyway and don't necessarily indicate malicious traffic.

  • 0 Votes
    12 Posts
    293 Views
    stephenw10S

    Yup, what I missed here is that whilst it's not hitting the default block rule it's in fact also not hitting your custom rules. It's actually the hidden block all v6 rules that are added when you unset 'allow IPv6'.

  • 0 Votes
    19 Posts
    1k Views
    E

    @dennypage Hasn't been a problem.

    loopstats.jpg

  • PIMD loosing multicast sources

    General pfSense Questions
    34
    1 Votes
    34 Posts
    2k Views
    L

    @maximushugus

    I tried to compile pimd for actual FreeBSD15 current, however I am facing issues which I can, given my limited knowledge of c, git and pimd internals, not solve.

    At least I did not manage that up to now despite significant effort.

    starting a tool like ^script^ and then compiling the source etc, you can see the warnings and some errors in the script generated file. In the file warnings and an error

    related to e.g. not longer supported macro's and and a fatal error related to ^man^ which should be an absolute path
    I tried to fix the ^man^ error using ^ConfigureOptions="--mandir=/usr/local/share/man",

    That does remove the error but not in such a way that there are man8 packages in the stage directory / distribution file or package.

    For that reason I did build a package without man files, and installed that pimd package on actual pfSense plus version.
    It does not work. Main problem it can not find the interfaces see pfsense systemlog

    I would have prefered to test on a fresh pfSense system, however netgate does not make an iso available :( I do not like that, however I do understand netgate!

    Troglobit has a significant newer pimd version ^pimd-dense^ which can perhaps been an pimd alternative.
    I do not know the difference in functionality!

    So ^we have a problem^ !!

    Some options:

    support from someone with higher c and git knowledge able to solve the actual warnings and man issue in the code try to compile pimdd which because more recent probably has less compile issues and perhaps even has a freebsd ports creating a couple of VM's with the media player. One for each VLAN which needs media files
  • crowdsec

    pfSense Packages
    30
    0 Votes
    30 Posts
    1k Views
    dennypageD

    @Zermus said in crowdsec:

    It's a shame Elastic took their stuff in house and ELK stacks are no longer free. Tom Lawrence's (https://www.youtube.com/@LAWRENCESYSTEMS) videos convinced me that I should go over to Graylog Open on my personal stuff when that happened and I'm happy with it.

    I always viewed ELK as overly complicated. Graylog is much more manageable, although the console isn't as nice. Work in progress.

  • KEA DHCP error - Error 9502: Bad DNS packet.

    DHCP and DNS
    7
    0 Votes
    7 Posts
    175 Views
    johnpozJ

    @Gertjan those 3 name server might be just his isp dns.. that first on is fibreop and the others are aliant - which are the same isp - with the fibre one being for their FTTH.

    Yeah if you want to use those - you should have unbound forward to them - but I see little benefit to forwarding for dns, just let unbound resolve is better option imho.

  • Snort VS Suricata

    IPv6
    1
    0 Votes
    1 Posts
    128 Views
    No one has replied
  • Squidproxy + SquidGuard (Configuración)

    Español
    5
    0 Votes
    5 Posts
    425 Views
    JonathanLeeJ

    @semara turn x forward mode off unless this is behind another router or something.
    If you want transparent no certificates turn off ssl intercept

  • IP Blacklisted

    Forum Feedback
    2
    0 Votes
    2 Posts
    190 Views
    johnpozJ

    @microserfs and what IP was that - clearly your current IPv6 address is not block that I show you connected with.. And the only other IPv4 I see you using is not blocked.. You would have to let me know what IP you were coming from that was blocked.. Send it to me via PM if you don't want to make it public.

  • 1 Votes
    10 Posts
    2k Views
    JonathanLeeJ

    @JonathanLee said in UNOFFICIAL GUIDE: Have Package Logs Record to a secondary SSD drive Snort Syslog Squid and or Squid cache system:

    ln -s -F /nvme/LOGS_Optane/snort /var/log/snort

    Also you can do this with suricata.

    /var/log/suricata remove this mkdir /nvme/LOGS_Optane/suricata ln -s -F /nvme/LOGS_Optane/suricata /var/log/suricata
  • Snort and GIF0 for HE tunnel broker

    IDS/IPS
    9
    0 Votes
    9 Posts
    169 Views
    JonathanLeeJ

    @SteveITS It looks like it is detecting ipv6 better

    already is showing alerts

    Screenshot 2025-07-12 at 10.39.56.png

    It sees some ipv6 going to my interface. Again snort also would spot stuff every once a a while. My son got a bad bug on his tablet and it had a Russian email server running I checked it on virus total and it was spot on as malware known abuses so I reported it

  • multiple ISP/WAN interfaces

    HA/CARP/VIPs
    6
    0 Votes
    6 Posts
    149 Views
    N

    @georgelza said in multiple ISP/WAN interfaces:

    I want to make it as simple as possible, without me becoming their IT department....

    Well, you ARE their it department.

    Leave it as it is, if it works why fix it?

  • 0 Votes
    41 Posts
    1k Views
    stephenw10S

    Hmm, interesting. I can't say I've noticed that. But also I wasn't looking for it specifically. 🤔

  • 0 Votes
    4 Posts
    262 Views
    NollipfSenseN

    @zikou Please follow this: https://docs.netgate.com/pfsense/en/latest/recipes/virtualize-proxmox-ve.html

  • 0 Votes
    1 Posts
    47 Views
    No one has replied
  • SG1100 and Snort?

    Official Netgate® Hardware
    7
    0 Votes
    7 Posts
    225 Views
    JonathanLeeJ

    @raspier The 2100-MAX runs Snort really well but it wont do SO objects. It does everything else. See Snort SO rules I have a paid subscription with a code and everything but the SO rules never populate do they show up on your 1100?

    Screenshot 2025-07-11 at 16.34.49.png

    "Your Netgate 2100-MAX uses an ARM64 CPU (Marvell ARMADA).

    ❗ Important Limitation:

    Snort SO rules are precompiled binary modules. Cisco/Sourcefire only provides precompiled SO rules for x86_64, not ARM.

    That means SO rules are not available on the Netgate 2100, 3100, 1100, or any ARM-based device." So how does your show up???

  • Bug 16302

    Plus 25.07 Develoment Snapshots
    8
    0 Votes
    8 Posts
    421 Views
    stephenw10S

    Most commonly new sensors appeared because an update had new drivers that exposed them. The chipset PCH sensor was pulled into base for 23.09 (I think!) for example.

  • How do I force the use of my DNS setting ?

    DHCP and DNS
    9
    0 Votes
    9 Posts
    359 Views
    F

    I’m sorry didn’t fully explain - config file exported to exact same dell server with same intel nics and exact same Cisco 3500 switch and unfi ap both instances are identical
    My only problem that needs a solution is how do force the use of either my vpn dns servers or ones I chose on things connected to my vpn client as the way it runs now is that dns leak testing displays my isp address which is fixed (at least in uk can’t tell if Comcast is fixed)
    I can use dedicated dns on browsers and also on devices buts not very satisfactory.
    Unfortunately I’m not anyway a networking expert just having to find my way around stuff - thou when I built it years ago it did exactly what I needed but something changed either with Pfsense or Nordvpn service (been there to find solutions but no help) anyways thanks for the help!