• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Can some explain this to me?

Scheduled Pinned Locked Moved General pfSense Questions
8 Posts 3 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    Guest
    last edited by Mar 31, 2016, 2:39 AM Mar 30, 2016, 9:17 PM

    I posted about this last week in the NAT forums but still waiting a response. I'm sorry for being a noob but I'm encountering a huge chocking off of internet traffic and I am hoping someone can explain why. Essentially, I get the box setup up with DNS, DHCP, NTP and snort and let it run a little bit to settle; a past poster told me once to start small so this constitutes my starting base line. My goal for the unit is to add OpenAPP Preproc, WAN IP Rep to snort and either PfBlockerNG or Squid. Without these additions, pfsense runs flawlessly but as soon as I add any one of the packages and configure them, the internet chokes out over a period of a few hours but I don't see anything abnormal going with the box itself. Memory and CPU usage seem normal, Logs don't appear excessive in size so I give it a reboot and as soon as pfsense comes back online, the internet is fine for about 2 minutes until choking out again. Is it possible that something is conflicting or not configured properly when add any of the packages? At first I thought is was a combination of all the addon packages I wanted to install but due to trial and error, if I add any single one of them and configure, I get the slow down.

    Anyhow, I'm happy to go through all my settings if anyone can assist me.

    Thanks in advance.

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Mar 30, 2016, 10:06 PM

      most packages don't act up when they are in their default state (=not configured).
      snort & pfblocker have somewhat of a learning curve and can possibly cause disruption of your interwebs.

      personally i would start with a clean system. see if that works reliably. add one package at a time & keep track of what you do/want to do. then ask why setting x or y doesn't get the intended result.

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by Mar 31, 2016, 2:10 AM

        What hardware you are using? (CPU, RAM, storage, NICs, MoBo,…)
        What pfSense version do you using?
        Are you using the NanoBSD version on an USB pen drive?
        What is your storage? (SSD, mSATA, HDD, USB Stick,eMMC, SDCard, CFCard,...)
        Squid and Snort are not really packets called "set it up and forget it" they can be really hard fine tuned
        and more or less pending on this configuration your pfSense box will be slow down more or less too.
        And also the pfSense it self will be able to be fine tuned matching the hardware.

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by Mar 31, 2016, 2:37 AM

          Here is a few screens from my current system. I was thrown together over a year ago from used parts. The Hard drive is a 1TB 7200 barracuda. I'm building a new one tomorrow when the motherboard comes in. It will consist of a Intel DQ77KB motherboard, Intel Celeron G1610 CPU, 8GB Kingston SODIMM, 120 Samsung 840 EVO Pro SSD, Dynatron t459 CPU cooler, iStarUSA 1U D-118V2-ITX server chassis. I'm considering adding a Dell iDRAC 5 card for remote management but not sure it will work.

          For my current system you can see the components in the attached screens.

          Picture1.png
          Picture1.png_thumb
          Picture2.png
          Picture2.png_thumb

          1 Reply Last reply Reply Quote 0
          • ?
            Guest
            last edited by Mar 31, 2016, 2:40 AM

            By the way, I revised my first paragraph. I typed it originally using my phone and it read terrible. Please take a read over the revisions.

            1 Reply Last reply Reply Quote 0
            • B
              BBcan177 Moderator
              last edited by Mar 31, 2016, 3:42 AM

              For pfBlockerNG and Snort, anything that gets blocked will be reported in the 'Alerts' Tab. You need to review these Alerts tabs to remove any false positives.

              Snort, should be initially setup in 'non-blocking' mode. This way it will still report its activity to the Alert tab, but it will not block anything. This can be defined in the 'Global Settings' Tab. Once you run snort for a few weeks, you can tune the Rules so that they are appropriate for your network. Then you can enable 'Blocking Mode'.

              As said above, start with the base system debugging, then add one package at a time or you can chase your tail, unless your more comfortable with debugging the issues….

              You can see the following threads for some additional details:

              https://forum.pfsense.org/index.php?topic=102470.0
              https://forum.pfsense.org/index.php?topic=86212.0
              https://forum.pfsense.org/index.php?topic=78062.0

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by Apr 2, 2016, 12:49 AM

                Got my new build up and running. Just posted a few photos as well. I used my baseline backup to install and get this new system up. I'm gonna tear into your suggestions tomorrow evening.

                1 Reply Last reply Reply Quote 0
                • ?
                  Guest
                  last edited by Apr 2, 2016, 11:31 PM

                  @BBcan177:

                  For pfBlockerNG and Snort, anything that gets blocked will be reported in the 'Alerts' Tab. You need to review these Alerts tabs to remove any false positives.

                  Snort, should be initially setup in 'non-blocking' mode. This way it will still report its activity to the Alert tab, but it will not block anything. This can be defined in the 'Global Settings' Tab. Once you run snort for a few weeks, you can tune the Rules so that they are appropriate for your network. Then you can enable 'Blocking Mode'.

                  As said above, start with the base system debugging, then add one package at a time or you can chase your tail, unless your more comfortable with debugging the issues….

                  You can see the following threads for some additional details:

                  https://forum.pfsense.org/index.php?topic=102470.0
                  https://forum.pfsense.org/index.php?topic=86212.0
                  https://forum.pfsense.org/index.php?topic=78062.0

                  By chance do you have a good advanced guide for setting up DNS, DHCP as well as overall system tuning?

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received