Re: [pfSense] Help
--- On Thu, 5/16/13, Joy pj.netfil...@gmail.com wrote: From: Joy pj.netfil...@gmail.com Subject: [pfSense] Help To: pfSense support and discussion list@lists.pfsense.org Date: Thursday, May 16, 2013, 5:55 AM Hi Team, Is it possible to use cloud based web filtering with pfsense like open dns based filtering. in case yes what software does that like websense etc ? -Inline Attachment Follows- ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list The Squid Guard package provides a means of filtering URLs. The project site (http://www.squidguard.org/) provides links to blacklists and/or malicious URLs (http://www.squidguard.org/blacklists.html). The following site provides a quick description regarding how to setup SquidGuard: http://skear.hubpages.com/hub/URL-Filtering-How-To-Configure-SquidGuard-in-pfSense Also, there is pfBlocker. Instructions for enabling pfBlocker are available at: http://doc.pfsense.org/index.php/Pfblocker 1. Install the pfBlocker package 2. Goto Firewall pfBlocker General to specify the inbound and outbound interfaces. Also check the checkboxes to enable pfBlocker and enable logging if desired. 3. Goto the Firewall pfBlocker Lists tab to configure blocklists (such as http://www.spamhaus.org/drop/drop.txt, http://www.spamhaus.org/drop/edrop.txt, and http://feeds.dshield.org/top10-2.txt). pfBlocker will automatically add firewall rules using the configured list alias. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Multi-WAN Setup with HA PPPoE v2.0.3
Hello, found nothing useable till now. setup in place / clear for me: - 2 boxes in HA setup / CARP IP only in LAN - all connections to both boxes via vlans in a failover LAGG on 2 nics per box - 2 cheap internet links via 2 different providers (cable and pppoe) - vlan 100 for cable modem (internet A via DHCP) - vlan 200 for connection to DSL modem internet B - both boxes see all vlans (LAN and Internet 2x + sync interface) - all traffic goes trough box master - box slave only if box master fails completely wished functionality / setup: - internet A for all other traffic (surfing / email / vpn) / traffic X - internet B for a subnet (official IP's of voip provider) only / traffic Y - so to have no dynamic balancing - slavebox will be only used if master box fails completely - masterbox sends all traffic (X and Y) via internet A if internet B fails / vice versa via Internet B if internet A fails known: - internal CARP IP / external not, so: - sure, internet is NOT stateful in this setup in a case of failover - VPN will go down and up in case of failover - so also not stateful version a) - internet A on both boxes via DHCP (official IP's) - internet B on master box via PPPoE ( 1 official IP) - slave box is NOT using PPPoE connection, untill box master fails - if box master comes back, box slave will disconnect PPPoE, after box master is up AND running AND back the active CARP MASTER member - so LAN CARP BACKUP can trigger PPPoE down version b) same as a) exception: if PPPoE failover is NOT possible, - to put in front of PPPoE a cheap DSL-NAT-router - same setup but internet B is now also via DHCP (different 192.168.x.y/24 net) - so both boxes have permanent access via internet A and B via DHCP (sure, in different subnets) any hints are welcome thanks in advance stephan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Running pfsense in virtualbox
To test some pfsense function I installed 2.0.3 in virtualbox. In VB, em0 is configured bridged and used as WAN, em1 is host-only. Traffic through both interfaces and the VB-host is working fine. On the VB host (pfsense LAN): vboxnet0 Link encap:Ethernet HWaddr 0A:00:27:00:00:00 inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0 In pfsense, WAN is configured as dhcp and picks up a suitable IP address. The webconfig is accessible through the host's vboxnet0. In pfsense, dnsmasq doesn't work - nothing is resolved. /etc/resolv.conf contains 127.0.0.1, and the 2 servers I configured. Traffic is OK - telnet 203.97.30.185 80 works as expected. dig @localhost google.com doesn't resolve anything. I conclude that dnsmasq is not functional inside virtualbox, making pfsense config testing impossible. Is it possible to beat dnsmasq into shape to work inside VB? find / | grep dnsm doesn't find any config files. The only VB postings on the forum is from 2009 and deals with issues VB has with itself. Thanks, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] OpenVPN package failure
It seems OpenVPN was listed as a package with a newer version available (like 2.0.3 instead of 2.0.1?), but I can't verify because pfsense doesn't run under virtualbox for me. When re-installing that package, package installation failed (extra files re client export I think). Now the package is not installed (so can't be uninstalled), nor is it available (so can't be installed). The OpenVPN client-export package is now uninstalled, although it was installed before. Fresh install of 2.0.3. Is this epxected behaviour? I gather openvpn isn't usually a pfsense package, but the package update mechanism was used to upgrade it from the version from the ISO image. Thanks, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Running pfsense in virtualbox
On 5/17/2013 9:14 PM, Volker Kuhlmann wrote: To test some pfsense function I installed 2.0.3 in virtualbox. In VB, em0 is configured bridged and used as WAN, em1 is host-only. Traffic through both interfaces and the VB-host is working fine. Why host only? That may not let it go out. I conclude that dnsmasq is not functional inside virtualbox, making pfsense config testing impossible. Not true, I do almost all of my testing locally here with pfSense in VirtualBox and it has zero issues. Any issues you're seeing are likely with the network config or NIC config, VM resources, etc, but not VirtualBox in general or pfSense. I use bridged NICs for WANs and then Internal Network setups for the LAN side. There are so few postings about VirtualBox because in general there aren't many/any issues with it. It works fine. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Running pfsense in virtualbox
On Sat 18 May 2013 13:24:52 NZST +1200, Jim Pingle wrote: Why host only? That may not let it go out. It doesn't need to on LAN. DNS queries are resolved from WAN, and that is bridged in VB, and DNS servers on the Internet can be queried by dig on pfsense correctly. The VB interface used for pfsense-LAN is host-only, and it works fine for the webconfigurator. I had removed the RFC-private and bogon blocks from WAN too. I conclude that dnsmasq is not functional inside virtualbox, making pfsense config testing impossible. Not true, I do almost all of my testing locally here with pfSense in VirtualBox and it has zero issues. That's what I was expecting, but fact is dig @localhost on pfsense does nothing, but web servers on the Internet can be reached (by their IP), and dig@8.8.8.8 google.com works. Any issues you're seeing are likely with the network config or NIC config, VM resources, etc, but not VirtualBox in general or pfSense. Hmm, where do I look? 512MB RAM, default pfsense config, no packages ought to be enough. I use bridged NICs for WANs and then Internal Network setups for the LAN side. My VB config is the same except I have host-only for LAN. As the webconfig traffic goes in and out OK I see no problems here. How/where is dnsmasq configured to pick its servers from? There are so few postings about VirtualBox because in general there aren't many/any issues with it. It works fine. Well damn it, after the windows-solution (aka reboot) it works fine now. Hmmm. There isn't anything I can think of that I changed, I changed very little from the default. Looks like dnsmasq need a restart for some reason. Never mind. Thanks muchly Jim, Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.dnsalias.net/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Blocking HTTPS Attachments only
Hi, On 16 May 2013 00:16, Mr. Parkis scottpar...@yahoo.com wrote: pfsense newbie here - Is there a way to block users from sending attachments via webmail (HTTPS) - I do not want to block access to personal mail accounts. Just the ability for users to send attachments via. so all users can access their gmail, yahoo, aol, hotmail... or whatever personal site they have (bluehost provided webmail account) they can send email but I would like to block attachments. Any way I can do this I can tell you the way to block attachments for google mail. Rest you can figure out by looking at access logs. Gmail uses separate domain for attachments e.g. mail-attachment.googleusercontent.com etc. You can get a full list by looking at the logs, while you download/upload an attachment. Block those domains and it should work. My guess is other providers also use something like that, but not too sure. Try this and let us know how far you succeed. Regards, Nishant ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list