[pfSense] Add item to Alias from console
I am trying to add an item to my ban Alias list from the ssh console on my PFSense box. How would I add an IP from the console and kill it from the state tables. I am trying to automate this so I can ban IP's that are abusing my primary server. Any pointers or links to how I would do this are appreciated. Thanks Bryant ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] pkg_tester.php throws error
Hi! I'm getting this error, when running pkg_tester.php the first time after cloning the package repositories: Fatal error: Call to a member function kindOf() on a non-object in /var/www/git/pfSense/xmlrpc_client.inc on line 1856 I do know about commenting out line 394 in xmlrpc_server.inc, but the error is still the same. Any help on this? Any recommendation of debugging that error? Webserver tells me: [Mon Mar 24 14:35:58 2014] [error] [client 1.2.3.4] XML error at line 1, check URL Best regards ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs
What's your time worth? -- Jim On Mar 24, 2014, at 9:03, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Am 24.03.2014 14:18, schrieb Chris Bagnall: However, the new tenant found that performance was erratic - certain websites loaded instantly, but others wouldn't load at all. This normally screams classic MTU problems, in my experience, but I normally see these on weird WAN connections, not on the LAN. Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs on ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3 might fix it? This is old hardware with only 128MB RAM, so jumping to 2.x is optimistic. The site in question is a couple of hundred miles away from me, so 'try it and see' isn't really an option in this case. :-) While I do have to admint that I don't have experience with the particular ethernet driver you mention, I know that there are several Unix Operating Systems where not all ethernet drivers are capable of dealing with the added bytes that a VLAN tag brings with it. IIRC, VLAN needs four bytes, so instead of upgrading to 1.3 you could first try to set the MTU to 1496 instead of the usual 1500. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Polycom doens't work behind Pfsense box
Hi Felipe, You would want to turn on Manual Outbound NAT (Firewall: NAT: Outbound) and in your outbound NAT rule, check the Static-port checkbox. Regards, Alan Worstell A1 Networks - Systems Administrator VTSP, VCA-DCV, dCAA, LPIC-1, Linux+, CLA, DCTS (707)570-2021 x204 For support issues please email supp...@a-1networks.com or call 707-703-1050 On 3/21/14, 7:57 PM, Felipe Izaguirre wrote: Hi Giles, here we go. I'm not using ISDN, so I just configured my internal IP in LAN settings with my internal DNS and the public google DNS. Also I have configured the advanced settings with selecting system is behind a nat with my external IP. As a could see searching on the internet, PfSense rewrites non common TCP and UDP ports in a NAT to protect against atacks, but Polycom uses this ports for audio and video. /Felipe Izaguirre e-Core Desenvolvimento de Software Tel: +55 (51) 2103-9147 www.ecore.com.br http://www.ecore.com.br NY Office: e-Core IT Solutions Phone: +1 (914) 682-2009 www.ecoreinternational.com http://www.ecoreinternational.com/ 2014-03-21 11:51 GMT-03:00 Giles Coochey gi...@coochey.net mailto:gi...@coochey.net: On 21/03/2014 14:34, Felipe Izaguirre wrote: Hi guys, have anyone had a problem with Polycom ViewStation behind a PfSense NAT. I have setup a NAT 1:1 to my Polycom ViewStation and no restrictions in any ports. The problem is that, when I make or receive a call, it enters in the room but the screen gets blue and there is no sound. Testing Polycom conected directly in the router without Pfsense, everything works fine. Any idea about this problem? Page 147 http://support.polycom.com/global/documents/support/setup_maintenance/products/video/viewstation_sp_user_guide.pdf What are your settings? -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 tel:%2B44%20%280%29%208444%20780677 +44 (0) 7983 877438 tel:%2B44%20%280%29%207983%20877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net mailto:gi...@coochey.net ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Sending logs to external server
Now that I have the network stable (thank you so much!) I have another task I need/want to accomplish: Does anyone have recommendations or suggestions for off-loading log files at the end of the day to another server? Specifically I’m wanting the system log and the squid logs sent out and rotated afterwards. We’ve already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) but I would like to set up something that crawls through the raw files automatically every night and report back via email. I can write the script to crawl the data - that’s not a problem - it’s just that the ALIX board is not powerful enough to handle the needs I have. Thanks again, Ryan * I still have a few stages to hit on the deployment but that user will eventually be unblocked. We had to rollback the throttling configuration while we were having stability issues. Right now we’re at 60 hours and counting and I plan to re-implement that limiter tomorrow morning. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sending logs to external server
Please guide me how u do this on pfsense firewall . We've already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) Thnx Mohan On Mar 25, 2014 12:14 AM, Ryan Coleman ryanjc...@me.com wrote: Now that I have the network stable (thank you so much!) I have another task I need/want to accomplish: Does anyone have recommendations or suggestions for off-loading log files at the end of the day to another server? Specifically I'm wanting the system log and the squid logs sent out and rotated afterwards. We've already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) but I would like to set up something that crawls through the raw files automatically every night and report back via email. I can write the script to crawl the data - that's not a problem - it's just that the ALIX board is not powerful enough to handle the needs I have. Thanks again, Ryan * I still have a few stages to hit on the deployment but that user will eventually be unblocked. We had to rollback the throttling configuration while we were having stability issues. Right now we're at 60 hours and counting and I plan to re-implement that limiter tomorrow morning. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Android apps block
I need to block whatsapp facebook etc android apps of pfsense users. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sending logs to external server
From the status menu, select System Logs From the system logs page, click on Settings Scroll down to Remote logging Options Enable Remote logging For the remote Syslog Servers, enter the address of your syslog server (any Linux or FreeBSD server running a copy of syslog that will take outside logging). It will send all of the system logs to the syslog host. Note, squid is an application/package and its log files will not be included. Either the squid config will have to be changed, or you could try using rsync to copy the logs. Walter On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao mohanra...@gmail.com wrote: Please guide me how u do this on pfsense firewall . We've already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) Thnx Mohan On Mar 25, 2014 12:14 AM, Ryan Coleman ryanjc...@me.com wrote: Now that I have the network stable (thank you so much!) I have another task I need/want to accomplish: Does anyone have recommendations or suggestions for off-loading log files at the end of the day to another server? Specifically I'm wanting the system log and the squid logs sent out and rotated afterwards. We've already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) but I would like to set up something that crawls through the raw files automatically every night and report back via email. I can write the script to crawl the data - that's not a problem - it's just that the ALIX board is not powerful enough to handle the needs I have. Thanks again, Ryan * I still have a few stages to hit on the deployment but that user will eventually be unblocked. We had to rollback the throttling configuration while we were having stability issues. Right now we're at 60 hours and counting and I plan to re-implement that limiter tomorrow morning. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sending logs to external server
This may also help: https://forum.pfsense.org/index.php?topic=68762.0 Jopoy On Mar 24, 2014, at 8:22 AM, Walter Parker walt...@gmail.com wrote: From the status menu, select System Logs From the system logs page, click on Settings Scroll down to Remote logging Options Enable Remote logging For the remote Syslog Servers, enter the address of your syslog server (any Linux or FreeBSD server running a copy of syslog that will take outside logging). It will send all of the system logs to the syslog host. Note, squid is an application/package and its log files will not be included. Either the squid config will have to be changed, or you could try using rsync to copy the logs. Walter On Mon, Mar 24, 2014 at 12:13 PM, A Mohan Rao mohanra...@gmail.com wrote: Please guide me how u do this on pfsense firewall . We’ve already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) Thnx Mohan On Mar 25, 2014 12:14 AM, Ryan Coleman ryanjc...@me.com wrote: Now that I have the network stable (thank you so much!) I have another task I need/want to accomplish: Does anyone have recommendations or suggestions for off-loading log files at the end of the day to another server? Specifically I’m wanting the system log and the squid logs sent out and rotated afterwards. We’ve already managed to block one user who lives in close proximity for stealing internet (500MB of Youtube videos in less than 3 hours during a very busy time of day*) but I would like to set up something that crawls through the raw files automatically every night and report back via email. I can write the script to crawl the data - that’s not a problem - it’s just that the ALIX board is not powerful enough to handle the needs I have. Thanks again, Ryan * I still have a few stages to hit on the deployment but that user will eventually be unblocked. We had to rollback the throttling configuration while we were having stability issues. Right now we’re at 60 hours and counting and I plan to re-implement that limiter tomorrow morning. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Android apps block
On 24 Mar 2014, at 19:19, A Mohan Rao mohanra...@gmail.com wrote: I need to block whatsapp facebook etc android apps of pfsense users. Given that you seem to want to block everything under the sun (though I still don't understand why), how about doing it the other way round? Why not decide what you *do* want your users to be allowed to do, permit that, then deny everything else? I can understand blocking things to keep bandwidth requirements down when you have a limited amount to go around, as Ryan's trying to do, but I can't see why you'd block something like Whatsapp, which seems to be (admittedly, I don't use it, so I could be mistaken) a text chat tool - its bandwidth usage is going to be negligible. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Android apps block
Mohan, You might be better suited giving certain IP ranges (VLANs) a higher QoS/CoS rating and those other things that are a lower priority a lower rating. — Ryan On Mar 24, 2014, at 3:24 PM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24 Mar 2014, at 19:19, A Mohan Rao mohanra...@gmail.com wrote: I need to block whatsapp facebook etc android apps of pfsense users. Given that you seem to want to block everything under the sun (though I still don't understand why), how about doing it the other way round? Why not decide what you *do* want your users to be allowed to do, permit that, then deny everything else? I can understand blocking things to keep bandwidth requirements down when you have a limited amount to go around, as Ryan's trying to do, but I can't see why you'd block something like Whatsapp, which seems to be (admittedly, I don't use it, so I could be mistaken) a text chat tool - its bandwidth usage is going to be negligible. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Blast from the past: pfSense 1.2 / ALIX / VLANs
Am 24.03.2014 14:18, schrieb Chris Bagnall: Greetings list, I appreciate this is something of a blast from the past, but I'm hoping some of you will still have 1.2 systems in use and might be able to shed some light on this. Recently, one of our clients sublet part of their building to another company, and asked me to split their LAN into separate VLANs so the new tenant didn't have access to their LAN. They had decent HP managed switches already, so that bit was easy. I created VLAN 200 on the pfSense, tagged that port on the switches, and assigned the new tenant's ports to use that PVID (untagged). All well and good. However, the new tenant found that performance was erratic - certain websites loaded instantly, but others wouldn't load at all. This normally screams classic MTU problems, in my experience, but I normally see these on weird WAN connections, not on the LAN. Does anyone know if there are/were 'problems' with 1.2 and VLAN MTUs on ALIX platforms (ethernet driver 'vr'), and whether an update to 1.3 might fix it? This is old hardware with only 128MB RAM, so jumping to 2.x is optimistic. The site in question is a couple of hundred miles away from me, so 'try it and see' isn't really an option in this case. :-) Thanks in advance. Kind regards, Chris I've had to debug a similar setup which was running for 4 years. I don't know why it suddenly stopped working. The problem was that with 1.2.3 the MRU was set to the same value as the MTU which dropped received frames with a size of 1514 (1510 +4 vlan tag). The whole setup should not have worked in the first place. My solution was to upgrade everything to 2.1 but that was on the ALIX board with 256MB ram. Regards Matthias ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Android apps block
For blocking i m using urlblocklist.com. Also i do the same deny chats but still users can able to chat with gtalk whatsapp facebook apps etc. On Mar 25, 2014 1:54 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24 Mar 2014, at 19:19, A Mohan Rao mohanra...@gmail.com wrote: I need to block whatsapp facebook etc android apps of pfsense users. Given that you seem to want to block everything under the sun (though I still don't understand why), how about doing it the other way round? Why not decide what you *do* want your users to be allowed to do, permit that, then deny everything else? I can understand blocking things to keep bandwidth requirements down when you have a limited amount to go around, as Ryan's trying to do, but I can't see why you'd block something like Whatsapp, which seems to be (admittedly, I don't use it, so I could be mistaken) a text chat tool - its bandwidth usage is going to be negligible. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list