Manipulation an pFsense ? bitte um Hilfe

the_true_way

Hallo ich vermute es wird von aussen an meine Config manipuliert. Ich bitte euch mich zu beraten.

Mein Dank im Voraus! :'(

Jun 13 17:08:43 syslogd: kernel boot file is /boot/kernel/kernel
Jun 13 17:08:43 syslogd: exiting on signal 15
Jun 13 17:04:15 dnsmasq[666]: using nameserver 195.186.4.162#53
Jun 13 17:04:15 dnsmasq[666]: using nameserver 195.186.1.162#53
Jun 13 17:04:15 dnsmasq[666]: reading /etc/resolv.conf
Jun 13 17:02:54 check_reload_status: updating dyndns
Jun 13 17:02:51 check_reload_status: reloading filter
Jun 13 17:02:50 php: : Configuring slbd
Jun 13 17:02:50 php: : Creating rrd update script
Jun 13 17:02:50 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 188.61.48.197.
Jun 13 17:02:45 php: : WARNING! /etc/rc.newwanip could not deterimine the previous ip address ( wan ).
Jun 13 17:02:45 php: : rc.newwanip working with (IP address: 188.61.48.197) (interface: wan) (interface real: vr1).
Jun 13 17:02:45 php: : Informational: rc.newwanip is starting vr1.
Jun 13 17:02:40 login: login on console as root
Jun 13 17:02:37 check_reload_status: rc.newwanip starting
Jun 13 17:02:37 check_reload_status: check_reload_status is starting
Jun 13 17:02:37 php: : Resyncing configuration for all packages.
Jun 13 17:02:34 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jun 13 17:02:34 dhcpd: All rights reserved.
Jun 13 17:02:34 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Jun 13 17:02:34 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
Jun 13 17:02:33 php: : Creating rrd update script
Jun 13 17:02:24 dnsmasq[666]: read /etc/hosts - 2 addresses
Jun 13 17:02:24 dnsmasq[666]: using nameserver 195.186.4.162#53
Jun 13 17:02:24 dnsmasq[666]: using nameserver 195.186.1.162#53
Jun 13 17:02:24 dnsmasq[666]: reading /etc/resolv.conf
Jun 13 17:02:24 dnsmasq[666]: compile time options: IPv6 GNU-getopt BSD-bridge ISC-leasefile no-DBus no-I18N TFTP
Jun 13 17:02:24 dnsmasq[666]: started, version 2.45 cachesize 150
Jun 13 17:02:24 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
Jun 13 17:02:24 dhcpd: All rights reserved.
Jun 13 17:02:24 dhcpd: Copyright 2004-2008 Internet Systems Consortium.
Jun 13 17:02:24 dhcpd: Internet Systems Consortium DHCP Server V3.0.7
Jun 13 17:02:21 pftpx[555]: listening on 127.0.0.1 port 8022
Jun 13 17:02:21 pftpx[555]: listening on 127.0.0.1 port 8022
Jun 13 17:02:21 pftpx[531]: listening on 127.0.0.1 port 8021
Jun 13 17:02:21 pftpx[531]: listening on 127.0.0.1 port 8021
Jun 13 17:02:20 kernel: pflog0: promiscuous mode enabled
Jun 13 17:02:20 kernel: glxsb0: <amd geode="" lx="" security="" block="" (aes-128-cbc,="" rng)="">mem 0xefff4000-0xefff7fff irq 9 at device 1.2 on pci0
Jun 13 17:02:20 kernel: Trying to mount root from ufs:/dev/ufs/pfsense0
Jun 13 17:02:20 kernel: WARNING: Expected rawoffset 0, found 3861711
Jun 13 17:02:20 kernel: WARNING: Expected rawoffset 0, found 63
Jun 13 17:02:20 kernel: ad0: 3825MB <sandisk sdcfh-004g="" hdx="" 5.11="">at ata0-master PIO4
Jun 13 17:02:19 kernel: ad0: FAILURE - SET_MULTI status=51 <ready,dsc,error>error=4 <aborted>Jun 13 17:02:19 kernel: IPsec: Initialized Security Association Processing.
Jun 13 17:02:19 kernel: Timecounters tick every 10.000 msec
Jun 13 17:02:19 kernel: Timecounter "TSC" frequency 498053735 Hz quality 800
Jun 13 17:02:19 kernel: sio1: [FILTER]
Jun 13 17:02:19 kernel: sio1: type 16550A
Jun 13 17:02:19 kernel: sio1 at port 0x2f8-0x2ff irq 3 on isa0
Jun 13 17:02:19 kernel: sio0: [FILTER]
Jun 13 17:02:19 kernel: sio0: type 16550A, console
Jun 13 17:02:19 kernel: sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
Jun 13 17:02:19 kernel: ppc0: parallel port not found.
Jun 13 17:02:19 kernel: orm0: <isa option="" rom="">at iomem 0xe0000-0xea7ff pnpid ORM0000 on isa0
Jun 13 17:02:19 kernel: cpu0 on motherboard
Jun 13 17:02:19 kernel: uhub1: 4 ports with 4 removable, self powered
Jun 13 17:02:19 kernel: uhub1: <amd 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr="">on usb1
Jun 13 17:02:19 kernel: usb1: USB revision 2.0
Jun 13 17:02:19 kernel: usb1: <amd cs5536="" (geode)="" usb="" 2.0="" controller="">on ehci0
Jun 13 17:02:19 kernel: usb1: companion controller, 4 ports each: usb0
Jun 13 17:02:19 kernel: usb1: EHCI version 1.0
Jun 13 17:02:19 kernel: ehci0: [ITHREAD]
Jun 13 17:02:19 kernel: ehci0: [GIANT-LOCKED]
Jun 13 17:02:19 kernel: ehci0: <amd cs5536="" (geode)="" usb="" 2.0="" controller="">mem 0xefffd000-0xefffdfff irq 12 at device 15.5 on pci0
Jun 13 17:02:19 kernel: uhub0: 4 ports with 4 removable, self powered
Jun 13 17:02:19 kernel: uhub0: <amd 1="" 9="" ohci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usb0
Jun 13 17:02:19 kernel: usb0: USB revision 1.0
Jun 13 17:02:19 kernel: usb0: <ohci (generic)="" usb="" controller="">on ohci0
Jun 13 17:02:19 kernel: usb0: OHCI version 1.0, legacy support
Jun 13 17:02:19 kernel: ohci0: [ITHREAD]
Jun 13 17:02:19 kernel: ohci0: [GIANT-LOCKED]
Jun 13 17:02:19 kernel: ohci0: <ohci (generic)="" usb="" controller="">mem 0xefffe000-0xefffefff irq 12 at device 15.4 on pci0
Jun 13 17:02:19 kernel: ata1: [ITHREAD]
Jun 13 17:02:19 kernel: ata1: <ata 1="" channel="">on atapci0
Jun 13 17:02:19 kernel: ata0: [ITHREAD]
Jun 13 17:02:19 kernel: ata0: <ata 0="" channel="">on atapci0
Jun 13 17:02:19 kernel: atapci0: <amd cs5536="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xff00-0xff0f at device 15.2 on pci0
Jun 13 17:02:19 kernel: isa0: <isa bus="">on isab0
Jun 13 17:02:19 kernel: isab0: <pci-isa bridge="">port 0x6000-0x6007,0x6100-0x61ff,0x6200-0x623f,0x9d00-0x9d7f,0x9c00-0x9c3f at device 15.0 on pci0
Jun 13 17:02:19 kernel: ath0: mac 10.5 phy 6.1 radio 6.3
Jun 13 17:02:19 kernel: ath0: Ethernet address: 00:80:48:52:4d:2d
Jun 13 17:02:19 kernel: ath0: WARNING: using obsoleted if_watchdog interface
Jun 13 17:02:19 kernel: ath0: [ITHREAD]
Jun 13 17:02:19 kernel: ath0: <atheros 5413="">mem 0xe00c0000-0xe00cffff irq 9 at device 12.0 on pci0
Jun 13 17:02:19 kernel: vr2: [ITHREAD]
Jun 13 17:02:19 kernel: vr2: Ethernet address: 00:0d:b9:14:6b:7a
Jun 13 17:02:19 kernel: ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Jun 13 17:02:19 kernel: ukphy2: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus2
Jun 13 17:02:19 kernel: miibus2: <mii bus="">on vr2
Jun 13 17:02:19 kernel: vr2: Revision: 0x96
Jun 13 17:02:19 kernel: vr2: Quirks: 0x2
Jun 13 17:02:19 kernel: vr2: <via 10="" vt6105m="" rhine="" iii="" 100basetx="">port 0x1800-0x18ff mem 0xe0080000-0xe00800ff irq 15 at device 11.0 on pci0
Jun 13 17:02:19 kernel: vr1: [ITHREAD]
Jun 13 17:02:19 kernel: vr1: Ethernet address: 00:0d:b9:14:6b:79
Jun 13 17:02:19 kernel: ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Jun 13 17:02:19 kernel: ukphy1: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus1
Jun 13 17:02:19 kernel: miibus1: <mii bus="">on vr1
Jun 13 17:02:19 kernel: vr1: Revision: 0x96
Jun 13 17:02:19 kernel: vr1: Quirks: 0x2
Jun 13 17:02:19 kernel: vr1: <via 10="" vt6105m="" rhine="" iii="" 100basetx="">port 0x1400-0x14ff mem 0xe0040000-0xe00400ff irq 11 at device 10.0 on pci0
Jun 13 17:02:19 kernel: vr0: [ITHREAD]
Jun 13 17:02:19 kernel: vr0: Ethernet address: 00:0d:b9:14:6b:78
Jun 13 17:02:19 kernel: ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
Jun 13 17:02:19 kernel: ukphy0: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus0
Jun 13 17:02:19 kernel: miibus0: <mii bus="">on vr0
Jun 13 17:02:19 kernel: vr0: Revision: 0x96
Jun 13 17:02:19 kernel: vr0: Quirks: 0x2
Jun 13 17:02:19 kernel: vr0: <via 10="" vt6105m="" rhine="" iii="" 100basetx="">port 0x1000-0x10ff mem 0xe0000000-0xe00000ff irq 10 at device 9.0 on pci0
Jun 13 17:02:19 kernel: pci0: <encrypt decrypt,="" entertainment="" crypto="">at device 1.2 (no driver attached)
Jun 13 17:02:19 kernel: Geode LX: PC Engines ALIX.2 v0.99h tinyBIOS V1.4a (C)1997-2007
Jun 13 17:02:19 kernel: pci0: <pci bus="">on pcib0
Jun 13 17:02:19 kernel: pcib0: <host to="" pci="" bridge="">pcibus 0 on motherboard
Jun 13 17:02:19 kernel: padlock0: No ACE support.
Jun 13 17:02:19 kernel: cryptosoft0: <software crypto="">on motherboard
Jun 13 17:02:19 kernel: ACPI: Try disabling either ACPI or apic support.
Jun 13 17:02:19 kernel: ACPI: Table initialisation failed: AE_NOT_FOUND
Jun 13 17:02:19 kernel: ACPI Error (tbxfroot-0308): A valid RSDP was not found [20070320]
Jun 13 17:02:19 kernel: K6-family MTRR support enabled (2 registers)
Jun 13 17:02:19 kernel: wlan: mac acl policy registered
Jun 13 17:02:19 kernel: pnpbios: Bad PnP BIOS data checksum</software></host></pci></encrypt></via></mii></generic></via></mii></generic></via></mii></generic></atheros></pci-isa></isa></amd></ata></ata></ohci></ohci></amd></amd></amd></amd></isa></aborted></ready,dsc,error></sandisk></amd>

Nachtfalke

Wie kommst du darauf ?
Man sieht keine logins, weder per ssh noch per webGUI.

Es sei denn, unter "System: Advanced: Admin Access" is der Punkt "Disable logging of webConfigurator successful logins " aktiviert.

the_true_way

Vielen Dank fuer deine Antwort.  Bei mir ist dieser punkt nicht mal im webgui zu sehen…

?  System.  Advanced.  Logging ist nicht mal drin auser 'log' bei secureshell  password. ?

the_true_way

/etc/ hosts.allow

#file for tcp wrapped

ALL : ALL : ALLOW.      ?    ::)

Nachtfalke

Ich nutze pfsense 2.0RC-2
Was nutzt du ? 1.2.3 ? Da kenne ich mich nicht mit aus.

the_true_way

Hallo nachtfalke ja das ist die 1.2.3

horst

Hallo,
wo gibt es denn die RC2 der PFsense? Ich habe nur die RC1 gefunden!

Vielen Dank.

Horst.

Nachtfalke

Die RC-1 ist ein release, deswegen gibt es die zum Download. RC-2 ist ein snapshot wie jeder andere auch, also über die täglichen updates zu bekommen. In naher Zukunft soll RC-3 erscheinen, was dann wohl wieder ein release wird.

horst

Hallo,

vielen Dank für die Info! Über die Updatefunktion habe ich jetzt auch die RC2!

Gruß Horst