Imspector Redirecionamento Portas
-
Olá a todos,
Estou migrando o meu firewall CentOS para o pfSense, apesar de ser um BSD e bem parecido com o Linux =)
Consegui configurar o Squid+Antivirus+Squidguard agora vou para o Imspector, eu não estou conseguindo gravar as conversas no Imspector já ativei o serviço e fiz a seguinte configuração no firewall:
Acredito que essa regra no firewall possa estar errada pois esta tudo funcionando corretamente o MSN loga, só que no Log Viwer do Imspector fica tudo vazio!
Meu squid NÃO É TRANSPARENTE e estou com as ultimas versões instaladas:
pfSense 2.0.1
Squid 2.7.9 pkg v.4.3.1
Squidguard1.4_2 pkg v.1.9.1
Imspector 0.9-4Alguma ideia do que possa ser?
Grato!
-
Olha este topico sobre a atualização do pacote para gravar o msn 2011
http://forum.pfsense.org/index.php/topic,43250.0.html
-
Nada descompactei o pacote de 32bits conforme o tópico que você me informou seguindo os passos mas ainda esta no mesmo jeito!
Olhei na pasta /var/imspector/ e também não esta gerando nenhum arquivo!Eu também removi e reinstalei o pacote, pra ver se criava agluma regra no firewall, só que não aparece nada nas regras! Ele cria elas automaticamente? Acho estranho pois deviam ter já que quando eu uso o MSN-Proxy no meu servidor CentOS eu faço redirecionamento de portas.
Mais alguma dica?
GratO!
-
Desculpe a informação confusa, as regras na lan você precisa sim. O que o pacote cria sozinho são as regras de redirecionamento.
Só para ter certeza, você habilitou a opção de log e marcou a interface LAN nas configurações do pacote?
-
Poise no meu caso aki eu reinstalei o pacote porem ele nao criou nada, dai eu deletei as regras que eu criei, removi e instalei o pacote e depois fiz o procedimento do topico que você me passou.
Sim confirmei aki e as opçoes de log e interface LAN estão marcadas e o serviço esta ativo.
Se o problemas são as regras que não estão sendo criadas automaticamente quais dados para eu mesmo criar e testar?
Grato!
-
só as regras eu voce postou no primeiro post.
roda o tcpdump via console e ve se os pacotes da 1813 estao passando
pfctl -sa lista toas as regras
-
Recriei as regas e o comando gerou isso aki:
TRANSLATION RULES: no nat proto carp all nat-anchor "natearly/*" all nat-anchor "natrules/*" all nat on em0 inet from 192.168.200.0/24 port = isakmp to any port = isakmp -> 10.1.1.4 port 500 nat on em0 inet from 127.0.0.0/8 port = isakmp to any port = isakmp -> 10.1.1.4 port 500 nat on em0 inet from 192.168.200.0/24 to any -> 10.1.1.4 port 1024:65535 nat on em0 inet from 127.0.0.0/8 to any -> 10.1.1.4 port 1024:65535 no rdr proto carp all rdr-anchor "relayd/*" all rdr-anchor "tftp-proxy/*" all rdr on em1 inet proto tcp from any to (em1) port = 3125 -> 127.0.0.1 port 3125 rdr-anchor "imspector" all rdr-anchor "miniupnpd" all FILTER RULES: scrub in on em0 all fragment reassemble scrub in on em1 all fragment reassemble anchor "relayd/*" all block drop in log all label "Default deny rule" block drop out log all label "Default deny rule" block drop in quick inet6 all block drop out quick inet6 all block drop quick proto tcp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any port = 0 to any block drop quick proto udp from any to any port = 0 block drop quick from <snort2c>to any label "Block snort2c hosts" block drop quick from any to <snort2c>label "Block snort2c hosts" block drop in log quick proto tcp from <sshlockout>to any port = ssh label "sshlockout" block drop in log quick proto tcp from <webconfiguratorlockout>to any port = http label "webConfiguratorlockout" block drop in quick from <virusprot>to any label "virusprot overload table" block drop in on ! em0 inet from 10.0.0.0/8 to any block drop in inet from 10.1.1.4 to any block drop in on em0 inet6 from fe80::a00:27ff:fe9f:17e3 to any pass in on em0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN" pass out on em0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN" block drop in on ! em1 inet from 192.168.200.0/24 to any block drop in inet from 192.168.200.254 to any block drop in on em1 inet6 from fe80::a00:27ff:fec1:2e46 to any pass in quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" pass in quick on em1 inet proto udp from any port = bootpc to 192.168.200.254 port = bootps keep state label "allow access to DHCP server" pass out quick on em1 inet proto udp from 192.168.200.254 port = bootps to any port = bootpc keep state label "allow access to DHCP server" pass in on lo0 all flags S/SA keep state label "pass loopback" pass out on lo0 all flags S/SA keep state label "pass loopback" pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out route-to (em0 10.1.1.1) inet from 10.1.1.4 to ! 10.0.0.0/8 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass in quick on em1 proto tcp from any to (em1) port = http flags S/SA keep state label "anti-lockout rule" anchor "userrules/*" all pass in log quick on em1 proto tcp from any port = 1863 to any port = 16667 flags S/SA keep state label "USER_RULE: Regras para Imspector" pass in log quick on em1 proto tcp from any port = swat to any port = 16667 flags S/SA keep state label "USER_RULE: Regras para Imspector" pass in log quick on em1 proto tcp from any port 6981:6900 to any port = 16667 flags S/SA keep state label "USER_RULE: Regras para Imspector" pass in quick on em1 inet proto tcp from 192.168.200.0/24 to 192.168.200.254 port = 3128 flags S/SA keep state label "USER_RULE: Regra SQUID passar pela porta" block drop in quick on em1 inet from 192.168.200.0/24 to any label "USER_RULE: Bloqueia tudo que passar fora do SQUID" anchor "tftp-proxy/*" all No queue in use STATES: all icmp 10.1.1.4:33840 -> 10.1.1.1 0:0 all tcp 192.168.200.254:3128 <- 192.168.200.60:1460 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.60:1486 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.60:1487 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.60:1488 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.60:1491 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53338 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:53338 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:62716 -> 65.55.71.89:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:43415 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:43415 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:57074 -> 65.55.71.89:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:54157 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:54157 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:15718 -> 65.55.71.89:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.60:1492 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:63336 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:63336 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:56135 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:56135 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:20607 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:20607 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1493 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:44965 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:44965 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:50124 -> 65.55.71.89:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:33568 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:33568 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:31602 -> 65.55.71.89:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1494 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:24336 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:24336 FIN_WAIT_2:FIN_WAIT_2 all udp 127.0.0.1:49281 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:49281 SINGLE:MULTIPLE all udp 10.1.1.4:9008 -> 10.1.1.1:53 MULTIPLE:SINGLE all tcp 10.1.1.4:16142 -> 65.54.165.137:443 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:24581 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:24581 FIN_WAIT_2:FIN_WAIT_2 all udp 127.0.0.1:32782 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:32782 SINGLE:MULTIPLE all udp 10.1.1.4:52888 -> 10.1.1.1:53 MULTIPLE:SINGLE all tcp 10.1.1.4:17736 -> 65.54.52.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:26623 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:26623 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:50417 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:50417 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:8373 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:57854 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:57854 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:52950 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:52950 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:25601 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:27007 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:27007 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:27919 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:27919 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:24046 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:51746 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:51746 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:42881 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:50973 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:50973 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:17555 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:17555 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:6625 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:59151 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:59151 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:35232 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:35232 FIN_WAIT_2:FIN_WAIT_2 all udp 127.0.0.1:20885 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:20885 SINGLE:MULTIPLE all udp 10.1.1.4:8929 -> 10.1.1.1:53 MULTIPLE:SINGLE all tcp 192.168.200.254:3128 <- 192.168.200.60:1495 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1496 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:6616 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:6616 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:45614 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:45614 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1498 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1497 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1499 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:61635 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:61635 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1500 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:57313 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:57313 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1501 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1502 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1503 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:50627 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:50627 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:43428 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:43428 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:17548 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:17548 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:18999 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:18999 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:26408 -> 65.54.191.44:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:17819 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:17819 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:63144 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:63144 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:59438 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:59438 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:9872 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:9872 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:38454 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:38454 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:28037 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:28037 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:1765 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:1765 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:44863 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:44863 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:13013 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:13013 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:2838 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:2838 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:2721 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:2721 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:38991 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:38991 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1506 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1507 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:16178 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:16178 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:16677 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:16677 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:4587 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:4587 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:33086 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:33086 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:39566 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:39566 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:1074 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:1074 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1508 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1509 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:42850 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:42850 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:18638 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:18638 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:22471 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:22471 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:19429 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:19429 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:52953 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:52953 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:48695 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:48695 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1510 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:47569 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:47569 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1511 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:50159 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:50159 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:8970 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:8970 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:22600 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:22600 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:42952 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:42952 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:26167 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:26167 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1512 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:52951 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:52951 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53092 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:53092 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:53093 -> 192.168.200.254:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:80 <- 192.168.200.254:53093 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:53094 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53095 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53095 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53096 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53096 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53097 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53097 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53098 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53098 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53099 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53099 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53100 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53100 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53101 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:53101 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:53102 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 192.168.200.254:3128 <- 192.168.200.60:1513 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:53103 -> 127.0.0.1:3125 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:3125 <- 127.0.0.1:53103 ESTABLISHED:ESTABLISHED all udp 127.0.0.1:57675 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:57675 SINGLE:MULTIPLE all udp 10.1.1.4:45182 -> 10.1.1.1:53 MULTIPLE:SINGLE all tcp 10.1.1.4:53104 -> 64.4.25.230:443 ESTABLISHED:ESTABLISHED all tcp 192.168.200.254:3128 <- 192.168.200.60:1514 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:53105 -> 127.0.0.1:3125 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:3125 <- 127.0.0.1:53105 ESTABLISHED:ESTABLISHED all udp 127.0.0.1:13418 -> 127.0.0.1:53 MULTIPLE:SINGLE all udp 127.0.0.1:53 <- 127.0.0.1:13418 SINGLE:MULTIPLE all tcp 10.1.1.4:53106 -> 64.4.25.230:443 ESTABLISHED:ESTABLISHED all tcp 127.0.0.1:53107 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:53107 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:53108 -> 65.54.50.209:80 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53109 -> 127.0.0.1:3310 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3310 <- 127.0.0.1:53109 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:53110 -> 127.0.0.1:3125 FIN_WAIT_2:FIN_WAIT_2 all tcp 127.0.0.1:3125 <- 127.0.0.1:53110 FIN_WAIT_2:FIN_WAIT_2 all tcp 10.1.1.4:53111 -> 65.54.50.209:80 CLOSING:FIN_WAIT_2 INFO: Status: Enabled for 0 days 00:41:30 Debug: Urgent Interface Stats for em1 IPv4 IPv6 Bytes In 660193 0 Bytes Out 1830974 76 Packets In Passed 2795 0 Blocked 347 0 Packets Out Passed 3624 0 Blocked 0 1 State Table Total Rate current entries 208 searches 28298 11.4/s inserts 1537 0.6/s removals 1329 0.5/s Counters match 2020 0.8/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s divert 0 0.0/s LABEL COUNTERS: Default deny rule 197 1 229 1 229 0 0 Default deny rule 197 0 0 0 0 0 0 Block snort2c hosts 197 0 0 0 0 0 0 Block snort2c hosts 197 0 0 0 0 0 0 sshlockout 197 0 0 0 0 0 0 webConfiguratorlockout 85 0 0 0 0 0 0 virusprot overload table 108 0 0 0 0 0 0 allow dhcp client out WAN 1 0 0 0 0 0 0 allow dhcp client out WAN 90 0 0 0 0 0 0 allow access to DHCP server 36 0 0 0 0 0 0 allow access to DHCP server 0 0 0 0 0 0 0 allow access to DHCP server 106 0 0 0 0 0 0 pass loopback 197 872 155919 469 68009 403 87910 pass loopback 142 0 0 0 0 0 0 let out anything from firewall host itself 126 880 156958 407 88673 473 68285 let out anything from firewall host itself 89 229 98690 97 55835 132 42855 anti-lockout rule 197 0 0 0 0 0 0 USER_RULE: Regras para Imspector 197 0 0 0 0 0 0 USER_RULE: Regras para Imspector 19 0 0 0 0 0 0 USER_RULE: Regras para Imspector 19 0 0 0 0 0 0 USER_RULE: Regra SQUID passar pela porta 19 303 80483 142 27443 161 53040 USER_RULE: Bloqueia tudo que passar fora do SQUID 17 17 1255 17 1255 0 0 TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 28200 states adaptive.end 56400 states src.track 0s LIMITS: states hard limit 47000 src-nodes hard limit 47000 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 200000 TABLES: snort2c sshlockout virusprot webConfiguratorlockout OS FINGERPRINTS: 696 fingerprints loaded</virusprot></webconfiguratorlockout></sshlockout></snort2c></snort2c>
-
diegogyn,
Na versão x64 do pfsense funcionou de primeira.
Na versão i386 contei com a ajuda das pessoas do forum para testar, alguns tiveram problemas para logar mas a maioria não.
Você tem como testar a configuração do log para o mysql?Você conseguiu fazer o teste do tcpdump que sugeri?
att,
Marcello Coutinho -
Ainda não consegui vou fazer algumas modificações no firewall aqui e depois fazer um teste na versão 64bits só para confirmar.
Outra coisa quando eu usava o MSN-Proxy ele tinha um modo onde ficava passando tudo que ele captava no terminal, por ele eu via se havia algum erro, o imspector não tem nada parecido?
Pois eu tentei com o imspector -d e deu a seguinte mensagem:
Couldn´t read option file /usr/local/etc/imspector/imspector.confAbcs!
-
Couldn´t read option file /usr/local/etc/imspector/imspector.conf
procura a localização do arquivo de configuração gerado e o paramentro de inicialização que define o arquivo de configuração
find / -f imspector.conf
Depois fazer um teste na versão 64bits só para confirmar.
Comigo a versão 64 depois de aplicar o patch funcionou instantâneamente.