Re: [pfSense-discussion] Online scanning

2009-04-14 Thread Curtis LaMasters
http://www.grc.com has ShieldsUp! I've used it in the past.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



On Tue, Apr 14, 2009 at 8:29 AM, cl...@pfsense
pfse...@mail-fwd.archie.dk wrote:
 Sorry for not being more specific :-/

 Thorough meaning that it does a good job trying to get in and tries to tell 
 me what can be seen from outside in terms og ports, services behind and maybe 
 vulnerabilities... Something like good old SuperScan from foundstone...

 Reason for asking here (I am capable of googling :-)) was to get some good 
 referrals that this community could vouch for is not a hacker nest waiting to 
 me install the next rootkit...

 I want it to scan from remote to tell me how my site looks from the internet 
 and I do not have another public IP I can scan from.

 Thanks
 Claus


 -Original Message-
 From: Adrian Wenzel [mailto:adr...@lostland.net]
 Posted At: Tuesday, April 14, 2009 2:55 PM
 Posted To: pfSense
 Conversation: [pfSense-discussion] Online scanning
 Subject: Re: [pfSense-discussion] Online scanning


 Sorry... googling:

 online port scanner free

 Honestly, I've never looked for a service like this.  Has anyone?

 Regards,
 Adrian


 - Original Message -
 From: Adrian Wenzel adr...@lostland.net
 To: discussion@pfsense.com
 Sent: Tuesday, April 14, 2009 8:53:59 AM GMT -05:00 US/Canada Eastern
 Subject: Re: [pfSense-discussion] Online scanning


 Sounds like they're looking for a service that scans ports remotely, like 
 some of those returned by googling:

 - Original Message -
 From: RB aoz@gmail.com
 To: discussion@pfsense.com
 Sent: Tuesday, April 14, 2009 8:20:11 AM GMT -05:00 US/Canada Eastern
 Subject: Re: [pfSense-discussion] Online scanning

 On Tue, Apr 14, 2009 at 04:10, cl...@pfsense pfse...@mail-fwd.archie.dk 
 wrote:
 To test my new configuration can anyone recommend a secure, thorough online
 port scanner ?

 What qualifies thorough?  Although nmap's aggressive mode pretty well
 covers most there's a port open and this is what it's running
 scenarios, it's not as thorough as some more limited application
 scanners, like Metasploit.  What are you looking for?

 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org


 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] OT: simple SMTP relay daemon?

2009-04-10 Thread Curtis LaMasters
I don't know if it works on FreeBSD but busybox has an SMTP engine.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



On Fri, Apr 10, 2009 at 2:57 AM, Chris Buechler c...@pfsense.org wrote:
 On Fri, Apr 10, 2009 at 1:52 AM, David Rees dree...@gmail.com wrote:
 On Thu, Apr 9, 2009 at 8:07 PM, Chris Buechler c...@pfsense.org wrote:
 I'm looking for something simple to do nothing but accept SMTP mail
 from a defined list of hosts allowed to relay and push it off to
 another SMTP server (using gmail, so must be with auth and TLS). Must
 run on FreeBSD. Any full blown MTA is out of the question, too
 complex. I suspect something out there does just what I'm after, but
 all I'm finding are MTAs or simple apps that don't accept SMTP over
 the network. Browsing the mail ports in FreeBSD didn't help, though I
 could have missed something.

 Anyone have any suggestions?

 Although it is a full blown MTA, Postfix is lightweight, simple
 configure and reliable.


 Lightweight for a full blown MTA, but not lightweight. Postfix is what
 I started trying actually, but too many missing libraries and other
 difficulties into getting it running on a pfSense box without a decent
 amount of effort. I suspect there's a tiny, simple daemon somewhere
 that will do this without a lot of fuss, I just can't find it. I'd
 probably turn it into a pfSense package and slap a simple GUI on it.
 It would essentially be a proxy from SMTP to authenticated SMTP,
 relaying for SMTP clients on the LAN subnet that don't support
 authentication. Or as a single point for sending mail from your LAN if
 you don't have an internal mail server. One of those things I wouldn't
 run on *my* firewall (that's a server's job), but desired by some and
 not entirely unreasonable.

 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org



-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] Is there a way to track a specific users web traffic?

2009-04-09 Thread Curtis LaMasters
Use the lightsquid package.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



On Thu, Apr 9, 2009 at 11:33 AM, Marty Nelson mnel...@transdyn.com wrote:
 I’m currently running 1.2.1 with Squid and squidGuard, but other than
 grabbing the log file and sorting through it to find specific IP’s I don’t
 see a way to track specific users.  Any chance there’s that capability
 somehow?



 Thanks,



 -Marty



-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] Tool to monitor pfSense

2009-04-08 Thread Curtis LaMasters
Second that.  GWOS is basically Nagios and a few other FOSS
applications put together in a package.  I monitor a number of SNMP
attributes as well as simple ping.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com



On Wed, Apr 8, 2009 at 1:56 PM, jason whitt jason.wh...@gmail.com wrote:
 Using Ground Work Community Edition

 On Wed, Apr 8, 2009 at 12:48 PM, Adam Van Ornum greatb...@hotmail.com
 wrote:

 To start off with, I tried searching the forums but didn't find
 anything...I'm probably not using the best search terms though.   :)
 I'm interested in knowing what options are out there for monitoring
 pfSense so I can quickly be alerted if it goes down.  I had a box that was
 running for a couple of weeks just fine and then all of a sudden started
 going down randomly so I just replaced it and now I would like some tool so
 I can be alerted if the machine goes down instead of having people start
 shouting The Internet is down!.   What do you guys use?
 Thanks,
 Adam
 
 Quick access to your favorite MSN content and Windows Live with Internet
 Explorer 8. Download FREE now!


-
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense-discussion] FreeNAS

2009-01-24 Thread Curtis LaMasters
OpenFiler would be a great option.  I'm running 6TB on one server with MS
Exchange and SQL over iSCSI without issue.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


On Sat, Jan 24, 2009 at 11:02 AM, Chris Buechler c...@pfsense.org wrote:

 On Sat, Jan 24, 2009 at 5:13 AM, Eugen Leitl eu...@leitl.org wrote:
 
  IIRC one developer (Chris?) mentioned a number of different pfSense
  possible flavors,

 Yes.

  including a NAS appliance.

 but no to that part.  :)

 That's one thing that probably won't ever be added, at least not by
 any of our existing developers.

 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org




Re: [pfSense-discussion] snort on 1.2.1

2008-12-27 Thread Curtis LaMasters
What rules do you have enabled?  I've found that by enabling all rules,
you're just overloading the box in some way and it kills itself. Try
disabling them one at a time.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


On Sat, Dec 27, 2008 at 2:53 AM, Stefan ste...@fuhrmann.homedns.org wrote:

 Hello all :)
 first, thanks for the great work on 1.2.1!

 I have also snort installed but its killing after some minutes and I dont
 know
 why. I can not find a log which is telling me why its stopped. I started
 snort
 under shell. The last entry is, that snort is encoding on interface...
 thats
 all.

 Can someone help?

 tia
 stefan

 -
 To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
 For additional commands, e-mail: discussion-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org




Re: [pfSense-discussion] centralized management with distributed pfsense installations

2008-12-20 Thread Curtis LaMasters
I believe there is a bounty already started for this on the forums.
M0n0wall has/had something like this but I'm not sure how much of the code
could be used.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] can't filter on transparent bridge

2008-09-13 Thread Curtis LaMasters
Oh, and make sure to disable NAT...but both things I've mentioned are listed
in that how-to docI've been successfull in setting up a filtering bridge
pretty recently with 1.2RELEASE using that same doc.

Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


On Sat, Sep 13, 2008 at 8:51 AM, Curtis LaMasters [EMAIL PROTECTED]
 wrote:

 Make sure you also have the bridge with WAN set on the LAN interface.

 Curtis LaMasters
 http://www.curtis-lamasters.com
 http://www.builtnetworks.com



 On Sat, Sep 13, 2008 at 7:57 AM, Matthias May [EMAIL PROTECTED] wrote:


 Eugen Leitl schrieb:

 On Sat, Sep 13, 2008 at 02:50:36PM +0200, Matthias May wrote:



 Maybe a dumb question, but is the Enable filtering bridge checkbox set
 under advanced?



 Yes, as described in
 http://pfsense.trendchiller.com/transparent_firewall.pdf

 X Enble filtering bridge
 This will cause bridged packets to pass through the packet filter in the
 same way as routed packets do (by default bridged packets are always
 passed). If you enable this option, you'll have to add filter rules to
 selectively permit traffic from bridged interfaces.

 I don't need 3 NICs for transparent/filtering bridge to work, do I?



 You shouldnt need 3 NIC's.
 I'm not sure but you could also try to disable the anti-webgui-lockout
 rule.





Re: [pfSense-discussion] ipsec saying: racoon: INFO: unsupported PF_KEY message REGISTER

2008-04-15 Thread Curtis LaMasters
Looks like Phase1 is not even starting. Are you going pfSense to pfSense or
another vendor?  If Cisco, verifty that you do not have PFS enabled.

-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] SIP Problems

2008-03-19 Thread Curtis LaMasters
I am not familiar with that product, does it do a SIP rewrite for NAT?

-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] NIC detection

2008-03-05 Thread Curtis LaMasters
Might want to check the HCL.
http://www.pfsense.org/index.php?option=com_contenttask=viewid=46Itemid=51

-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] which VPN client?

2008-01-16 Thread Curtis LaMasters
Paul,  for your vista clients, on the client side, you'll need to change the
route method to exe.  If you look at your logs more closely, you'll see that
the route additions most likely are failing.

Curtis

On Jan 16, 2008 7:48 AM, Paul M [EMAIL PROTECTED] wrote:

 Eugen Leitl wrote:
  What are the current recommendations for an easy/cheap/free VPN
  client which plays well with PfSense 1.2RC3? Something that
  works both with Vista and XP? Should I at all bother with
  IPsec, or just go OpenVPN? Should I just give my user a preconfigured

 openvpn has been working pretty well for me, using linux, OSX and
 WindowsXP clients;

 we can't get Vista to work presently - despite all the routes being
 correct the vista box doesn't send any traffic to the remote network via
 the tunnel (despite trying the hacks at
 http://www.ctunion.com/node/226), so if anyone HAS made vista openvpn
 work, do shout!

 Paul




-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] which VPN client?

2008-01-16 Thread Curtis LaMasters
Paul, are you using Vista UAC? Logged in as a super user? Pushed down full
control security permissions on the entire OpenVPN directory for the user
you are logged in as?

Curtis


Re: [pfSense-discussion] which VPN client?

2008-01-16 Thread Curtis LaMasters
Paul,

Sorry to keep nagging on this one, but, are you using the OpenVPN gui or the
normal version?  And what version of the software are you using?

Curtis

On Jan 16, 2008 11:27 AM, Paul M [EMAIL PROTECTED] wrote:

 Curtis LaMasters wrote:
  Paul, are you using Vista UAC? Logged in as a super user? Pushed down
  full control security permissions on the entire OpenVPN directory for
  the user you are logged in as?

 er, yes, UAC was enabled so I did run-as-admin the openvpngui

 when connected, the vpn gui raised no errors. netstat -rn indicated
 the correct routes were created! Yet no traffic flowed.

 Used tcpdump -l -n -i tun0 on the vpn server and I could see the vpn
 client ping the server's end of the tunnel but no other traffic came
 down it!

 Paul




-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] which VPN client?

2008-01-16 Thread Curtis LaMasters
Paul,

I am using the OpenVPN GUI v1.0.3 from the link below and I have also
included a copy of my client side configuration file on the Vista laptop.

##c:/program files/openvpn/config/vpn.domain.com.ovpn
float
client
dev tun
dev-node openvpn
proto tcp-client
remote xx.xx.xx.xx 1194
route-method exe
persist-tun
persist-key
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-client
comp-lzo
ping 10
pull
verb 4

http://www.openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe


Re: [pfSense-discussion] HOW MUCH TRUST ON PFSENSE ?

2007-12-19 Thread Curtis LaMasters
I have a very similar setup with two pfSense 1.2rc3's setup in a failover
state.  They are running on Dell 1U servers with 3 NIC's and have operated
quite well for the last 3 months with about twice the number you have stated
there.  One problem I did run into was during the migration to pfSense we
also migrated ISP'; during that process we use proxy ARP to use the IP
addresses from the other ISP to be used on pfSense.  Let's just say it
didn't go smoothly, but everything is operational and we are happy with the
cost savings.

Curtis


Re: [pfSense-discussion] Question about pfSense PPTP/GRE features

2007-12-04 Thread Curtis LaMasters
One quark of the PPTP package on pfSense is the 16 tunnel limit (that could
actually be PPTP in general - I don't use it).  If PPTP is not a
requirement, I would suggest moving to an OpenVPN architecture.  There are
plenty of resource on the internet to help you with that or I could directly
if need be.

Curtis


Re: [pfSense-discussion] noob question

2007-09-19 Thread Curtis LaMasters
Zied,

To answer your first questions sarcastically, yes, the red X in the upper
right hand corner.  But really, no, I do not believe there is a logout
button from the web interface.

Secondly, when you install pfSense to hard disk / flash disk / etc and are
not running off of the bootable CD w/ floppy storage configuration, you have
an extra menu packages which lets you install squid, bandwidthd, snort and
a few other very nice tools.

Hope that helps.

Curtis

On 9/18/07, Zied Fakhfakh [EMAIL PROTECTED] wrote:

 Hello everybody,

 I'm just starting with pfSense, nd I have a couple of questions

 - is there any logout button from the web interface ?
 - how canI install third party softwares, like squid, on pfSense

 thank you very much.

 --
 Zied Fakhfakh




Re: [pfSense-discussion] full instalation on 4 GB SSD

2007-08-28 Thread Curtis LaMasters
Honestly I don't know the answer to your questions but keep this in mind,
pfSense loads from disk/flash/cd and then run's completely from RAM.

Curtis

On 8/28/07, Eugen Leitl [EMAIL PROTECTED] wrote:


 Anyone running a pfSense full installation on a 4 GByte SSD drive?
 Does it a) work b) well?

 --
 Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
 __
 ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
 8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE




-- 
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com


Re: [pfSense-discussion] drawing network diagrams

2007-07-11 Thread Curtis LaMasters

OpenOffice's Impress.

On 7/11/07, Eugen Leitl [EMAIL PROTECTED] wrote:



I've got my pfSense/VLAN setup on SunFire X2100 M2 (with 2 Broadcom
interfaces)
working (with massive help from a network guru), and will document and
post
it at some point.

I need to document my other network as well -- which (preferrably,
open-source, or at least free) tool I can use to draw diagrams like

http://doc.m0n0.ch/handbook/examples.html#id2603650

?

Thanks,

--
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE





--
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com