Re: [pfSense] Two factor Authentication
On Thu, Dec 8, 2016 at 2:33 AM, user49bwrote: > Any idea's on how to get two factor authentication to work in console and/or > GUI? Should be pretty simple. Point the system to third-party authentication (say, AD). Configure that third-party option to use 2-factor. Enter your username, password, a separator (usually comma) and your token value. Done. No need for three fields. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On Sun, Jun 5, 2016 at 7:02 PM, Volker Kuhlmann> This is a laughable argument! I'm not here to argue, you are. More specifically, you're here to press your personal point for open switch firmware. Your paranoia, it's showing. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On Thu, May 26, 2016 at 10:42 AM, WebDawgwrote: > I posted this a while ago: > > > http://seclists.org/fulldisclosure/2016/Jan/77 > > http://seclists.org/fulldisclosure/2016/Mar/25 I see, but that has nothing to do with the security of the VLAN implementation, rather of the switch as a whole. That switch is certainly awful, but it's no reason to impugn the viability of using VLANs across the board. > Also, just because a vulnerability has not been reported or discovered, > does not mean it does not exist. Nor does it mean we avoid using an entire technology because there "might" be vulnerabilities in what has otherwise remained a stable and useful paradigm for decades. The question of VLAN jumping remains open, in my mind. An appropriate, well-configured switch fabric should have no problem carrying vastly different security levels in different VLANs, vulnerabilities in its management software notwithstanding. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] USB3 to ethernet adaptor
On Wed, May 25, 2016 at 6:25 PM, Volker Kuhlmann > I disagree. While it'll work, its security is nowhere near the same. It > depends on the VLAN switch's firmware being bugfree (we all know about > how likely that is), it adds complexity, and it mixes physically > separate networks together on one cable. Perhaps it might be acceptable > to merge networks of the same security level, merging LAN and WAN > networks doesn't sound like a good idea to me. Entertain me, it's been literally a decade since I last saw someone imply that switch VLAN implementations were generally of dubious nature. Can you perhaps point me to a recent VLAN-crossing vulnerability, or documented VLAN crosstalk? We all know about the old CAM table overflows, but that's been long fixed. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] blocking torrents and web based https proxies
On Fri, Mar 27, 2015 at 3:36 AM, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 27/3/15 3:56 am, WebDawg wrote: May I ask why you would like to block it all? +1. It looks like the OP is looking for a technical solution to a social/political problem. I can understand it if your users are primary school children, but surely once your users are university age, you really shouldn't need to be filtering them at all... A look at the OP's address might suggest an answer to your question. Whether one agrees with the premise is up to the individual, but turning a simple technical question into a political one isn't very useful in the detached forum of online discussion. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Locked myself out by disabling LAN
On Mon, Mar 23, 2015 at 9:05 PM, Jean-Stéfane Bergeron j...@jsbergeron.ca wrote: I'm on the road for another two weeks - is there anyway I can re-enable my lan or connect to my router remotely to restore access? Or am I pooched until I can get back to my router physically? Without one of shell (console, ssh) or web access, you're pretty stuck. Since you applied the change, a reboot won't help. Usually when I'm on the road I have a red light switch tied to critical equipment that friends/family/petsitters can manage without too much drama. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] OT: Good network switch for 10 machines?
On Tue, Sep 23, 2014 at 11:36 AM, Moshe Katz mo...@ymkatz.net wrote: If you don't need to do any fancy routing or VLAN stuff, just go on Amazon or NewEgg and get the top-rated 16-port unmanaged gigabit switch. I would slightly disagree - note that it's a compute cluster and that the machines have dual NIC ports. If the cluster's application is network-heavy or needs each host to have a highly-available network link, I'd suggest at least a managed switch that can do LACP. I've had decent results with the Linksys/Cisco SMB switches and the ZyXel GS1900 range. If one NIC is okay, any unmanaged 16-port will do. If dual links are required, I'd suggest either a trio of 16s (two access and one core that's dual-linked to the access switches) or a single 24 if redundancy isn't a concern. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Fwd: [Announce] 2.1.5 Release
On Thu, Aug 28, 2014 at 2:59 PM, Ryan Coleman ryanjc...@me.com wrote: FYI. Oh, hey - sweet! I didn't even realize I wasn't subscribed to announce@ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Recommendations for Analyzing Firewall logs
rsyslog + elasticsearch + kibana On Wed, May 14, 2014 at 8:22 AM, Jan Tichý ja...@me.com wrote: This is bugging me too. Jan 14. 5. 2014 v 21:45, Robert Guerra rgue...@privaterra.org: I’m curious what, if any, packages or tools folks on this list might be using to analyze Pfsense firewall logs. My interest is to , if possible, have the firewall logs sent to a Remote Syslog Server running on a raspberry pi on my network and from there have the logs aggregated and presented in a report of some kind. Open to other options, including having the logs sent to a cloud service for visualization. I’m not sure of the options available, and this keen to know how others are doing firewall log analysis. regards Robert ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Recommendations for Analyzing Firewall logs
On Wed, May 14, 2014 at 12:16 PM, Travis Hansen travisghan...@yahoo.com wrote: Do you have some good grok patterns for indexing pfsense data? I started some a while back for this exact setup but gave up. Unfortunately no, I had to move off of pfSense for non-pfSense reasons and haven't been chasing its data recently. I have, however, been using ES + kibana in the IR world to reasonable success. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
On Thu, Jul 26, 2012 at 1:09 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Still no luck. :-( Old IP shows up as red after the nightly IP change. Crud, sorry to hear but unsurprised. You mentioned a cron job for updating; are you hijacking pfSense built-in functions for that or did you roll your own script that needs to be passed login credentials for the DynDNS provider? I've switched to another package (ddclient) running on another internal system for consistency's sake. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
On Wed, Jul 25, 2012 at 9:55 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: */5 * * * * root/usr/bin/nice -n20 /etc/rc.dyndns.update would solve my issues. However, it does not work (any more?). When I log in to the GUI, I see the IP displayed in red, meaning it is not current. I thought there was a maximum allowable frequency (e.g. 10 minutes) for hitting checkip.dyndns.org, but can't currently find documentation of that. Have you tried with 10-20 minutes? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
On Wed, Jul 25, 2012 at 10:19 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: I thought there was a maximum allowable frequency (e.g. 10 minutes) for hitting checkip.dyndns.org, but can't currently find documentation of that. The limit is for hitting the update server, not for hitting checkip.dyndns.org (but feel free to prove me wrong). Here you go: http://dyn.com/support/developers/checkip-tool/ ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] DynDNS troubles, once again
On Wed, Jul 25, 2012 at 10:32 AM, Stefan Baur newsgroups.ma...@stefanbaur.de wrote: Okay, indeed it says so there (and I've updated my crontab accordingly). Thanks for pointing that out. Not a problem, the problem you outline is of interest to me because I even see DDNS update issues having a public IP on my WAN; the trigger doesn't seem to work very well whereas a cron job does tend to. However, repeatedly firing off fetch -q -o - http://checkip.dyndns.org | sed 's/^.*Current IP Address: \(.*\)\/body.*$/\1/' within the same minute doesn't error out, so it doesn't look like a limit that's enforced by dyndns. My only guess is that they're enforcing by trend rather than burst. Regardless, I'll be interested to know your outcome. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Dynamic DNS
On Mon, Jan 9, 2012 at 08:11, newsgroups.ma...@stefanbaur.de newsgroups.ma...@stefanbaur.de wrote: Now, could anyone please tell me how the client built into pfSense 2.0.1 handles this? Will it only trigger on a changed WAN IP, or does it dial home every 5 minutes, no matter what? The behavior I've observed for DynDNS.org with pfSense is that the client caches the WAN IP, either by direct assignment or by bouncing off of checkip.dyndns.org (which clients are allowed to hit every X minutes). If it detects a change from cache or it has been more than the configured maximum days for a change (28?), it updates DynDNS.org. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Dynamic DNS
On Mon, Jan 9, 2012 at 11:55, newsgroups.ma...@stefanbaur.de newsgroups.ma...@stefanbaur.de wrote: And how about no-ip.com? I don't use no-ip.com, so I don't have any experimental data to back it up. That said, it's the same core client on pfSense (just checked the code), so you're going to see the same basic behavior. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Replacing a Linux router with pfSense
On Thu, Sep 22, 2011 at 07:49, David Brown da...@westcontrol.com wrote: I only joined this mailing list a couple of days ago - is it usual for threads to wander so off-topic? (I believe I've got the answers I needed for my original questions, plus a few answers to questions I didn't ask.) Ha, not usually. I was about to attempt to chase everyone off to a separate email etiquette thread, since we've obviously threadjacked yours so thoroughly. Some threads do go on a ways, but we're normally pretty good about keeping threads controlled. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Replacing a Linux router with pfSense
On Wed, Sep 21, 2011 at 09:58, Bart Grefte b...@ravenslair.nl wrote: To give an idea about the interference: http://www.ravenslair.nl/GoT2/wifi.jpg , there are probably more networks by now. Nice! Looks like channels 1-3 are prime territory. Two tricks I've also learned are to disable B clients (if your AP supports that) and disabling lower association speeds, say below 12Mb/s (OFDM rate, fencing out B altogether). That doesn't mean you'll magically get at least 12Mb/s, but can help keep your network from dropping down to a minimal speed to save power or due to interference. YMMV. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Replacing a Linux router with pfSense
On Wed, Sep 21, 2011 at 14:13, Bart Grefte b...@ravenslair.nl wrote: It's called wisdom? Hmm... Just checked the sources for regdb, not seeing a reference to 'wisdom'. :-D ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list