Re: [pfSense] Proxy filter
May be this will be of any help - http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/ From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao Sent: Thursday, March 20, 2014 8:37 PM To: pfSense Support and Discussion Mailing List Subject: Re: [pfSense] Proxy filter Ok, Actually i have 600 internet users and i have 22 Mbps leased line. I m not gave any users to full permission but some users are go to out of the way with lots of free proxy sites download videos or movies thats why i need to watch that user https and ftp traffic. Regards Mohan On Mar 21, 2014 12:59 AM, Chris Bagnall pfse...@lists.minotaur.ccmailto:pfse...@lists.minotaur.cc wrote: On 20/3/14 7:19 pm, A Mohan Rao wrote: Ok thanks but if i need how i maintain ftp traffic logs. Not really relevant to the question, I appreciate, but I can't think of a good reason why you'd want to do that, unless of course you're running the FTP server, in which case your FTP server should have that ability in its settings. You might be able to do something using a span port on a switch and some clever logging rules, but that's outside my scope. Perhaps there's another pfSense package that'll do what you want? Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.orgmailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Proxy filter
On 20/3/14 8:42 pm, Rafael Akchurin wrote: May be this will be of any help - http://sichent.wordpress.com/2014/02/22/filtering-https-traffic-with-squid-on-pfsense-2-1/ That approach does require that your users 'trust' the proxy and allow the necessary certificates. It's all well and good if you're in a corporate or domestic setting where you have control over the clients in question, but it's not really an option if you're providing services to the general public. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Fwd: lighttpd errors
On Wed, Mar 19, 2014 at 6:58 AM, Brian Caouette bri...@dlois.com wrote: Original Message Subject: lighttpd errors Date: Thu, 13 Mar 2014 12:34:37 -0400 From: Brian Caouette bri...@dlois.combri...@dlois.com To: pfSense support and discussion list@lists.pfsense.orglist@lists.pfsense.org Any idea why I would have this? Mar 13 09:43:13 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:12 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 09:43:10 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.30 turned away. Too many connections. Mar 13 07:27:01 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:59 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:59 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:59 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:59 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:58 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:46 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:46 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. Mar 13 07:26:46 lighttpd[58752]: (mod_evasive.c.183) 192.168.1.40 turned away. Too many connections. The device on that IP is behind captive portal and is issuing more requests than you're allowing. Generally because there isn't a human at the machine, something in the background is issuing requests. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Polycom doens't work behind Pfsense box
On 21/03/2014 14:34, Felipe Izaguirre wrote: Hi guys, have anyone had a problem with Polycom ViewStation behind a PfSense NAT. I have setup a NAT 1:1 to my Polycom ViewStation and no restrictions in any ports. The problem is that, when I make or receive a call, it enters in the room but the screen gets blue and there is no sound. Testing Polycom conected directly in the router without Pfsense, everything works fine. Any idea about this problem? Page 147 http://support.polycom.com/global/documents/support/setup_maintenance/products/video/viewstation_sp_user_guide.pdf What are your settings? -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE
On 20/03/2014 18:24, Ryan Coleman wrote: I put the device that was working from home last night on the network with the configuration unchanged and it’s working again. Is this a situation I need to consider using CARP for? I'd say definitely not. CARP is for handling total hardware failures (link stops responding). If the software misbehaves, then it will just misbehave. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Proxy filter
On 20/03/2014 19:37, A Mohan Rao wrote: Ok, Actually i have 600 internet users and i have 22 Mbps leased line. I m not gave any users to full permission but some users are go to out of the way with lots of free proxy sites download videos or movies thats why i need to watch that user https and ftp traffic. Consider what are the problems you are trying to solve: * Some people are using excessive amounts of limited resources (bandwidth) * Some people are using the network for purposes not related to their work or studies * Some people are using the network for undesirable or maybe even illegal activities What you need is called an AUP - Acceptable Use Policy. In that you define: * What users are allowed and are not allowed to do * That they consent to their use being monitored and logged * What the consequences of failing to comply are For example if this is a university environment, you can say that their access may be suspended or withdrawn, and that they may also be subject to the university disciplinary procedure, up to and including explusion. All users need to read (and preferably sign) this document. They can do this as part of getting access, e.g. at enrollment time. Then you monitor your users. There are a bunch of different tools for this: my favourite is Netflow, which together with collection tools (e.g. nfdump and nfsen) can quickly identify, say, the top 10 bandwidth hogs on your network over a chosen time range, and then lets you drill down into the detail of exactly what they were doing, in terms of the network addresses and ports they were communicating with. Another is Snort, which can identify suspicious activity like virus-infected machines and bittorrent. (There are legitimate uses for bittorrent of course - but your Netflow data will tell you much they were uploading or downloading, and you can investigate further) If this is an open computer lab, then maybe a bit of shoulder surfing will do the trick. Finally, you need to be able to associate traffic on an IP address with an individual. If you can get users to login to the network before they use it, e.g. using a captive portal, or WPA Enterprise on wireless, that's ideal. Or if they are logging into an Active Directory domain that may give you the information you need. Using ARP and bridge forwarding tables, you can identify an IP address down to which physical port they are plugged into. Ultimately this is an issue of behaviour and discipline, not technology. A firewall can't decide what's acceptable or not. And as you've found yourself, any technology blocks you put in place will be circumvented by those clever enough, whilst inconveniencing the rest of your users. Regards, Brian. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Proxy filter
Other than SSL bump there is no known way to filter *contents* of HTTPS traffic. You can block the CONNECT domain name:443 *only* by domain name. Raf That approach does require that your users 'trust' the proxy and allow the necessary certificates. It's all well and good if you're in a corporate or domestic setting where you have control over the clients in question, but it's not really an option if you're providing services to the general public. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE
On Fri, Mar 21, 2014 at 9:37 PM, Ryan Coleman ryanjc...@me.com wrote: Can you explain what would be the symptoms needing this? I honestly thing it was the time-schedule and throttling/shaping on the two VLANs for guests and regular customers... The most common symptom is certain things will just hang, like some web pages will only partially load or sometimes not at all, but others, especially ones with minimal data (the front page of www.google.com usually a good example) will work no problem. The degree of hit or miss can vary depending on why it's happening, but the fix is the same regardless. It mostly happens on DSL because of the PPPoE overhead, but I've seen some weird scenarios at least a couple times before where cable modems that should be 1500 end to end have 1500 byte packets just disappear. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Odd symptoms from embedded 2.1-RELEASE
So exactly what I was going though. Interesting. On Mar 21, 2014, at 8:46 PM, Chris Buechler c...@pfsense.com wrote: On Fri, Mar 21, 2014 at 9:37 PM, Ryan Coleman ryanjc...@me.com wrote: Can you explain what would be the symptoms needing this? I honestly thing it was the time-schedule and throttling/shaping on the two VLANs for guests and regular customers... The most common symptom is certain things will just hang, like some web pages will only partially load or sometimes not at all, but others, especially ones with minimal data (the front page of www.google.com usually a good example) will work no problem. The degree of hit or miss can vary depending on why it's happening, but the fix is the same regardless. It mostly happens on DSL because of the PPPoE overhead, but I've seen some weird scenarios at least a couple times before where cable modems that should be 1500 end to end have 1500 byte packets just disappear. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] WRAP 1D Cases
http://www.pcengines.ch/wrapacc.htm On 2014-03-21 23:13, Cheyenne Deal wrote: I recently acquired a functional WRAP 1D from cleaning out some closets from a business I work for and was given the ok to take it from the boss. It is that it's only the bare board I have. I'm not sure where to buy a metal case for the 1D, Any suggestions? Thanks, Cheyenne ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Richard Lussier *inter-node.com* réseaux numériques évolutifs cuivre – sans-fil – fibre optique t. 514.316.1623 c. 514.574.5111 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list