Re: [pfSense] Monitoring

[Chris Bagnall]

On 3/6/14 7:21 pm, Brian Caouette wrote:

I just installed the NRPE package to pfSense. How its it used? Is there
a docs page to make this work with pf?


The first thing you'll need is a working install of Nagios somewhere - 
do you already have that in hand?


As an aside, another option to consider is just using SNMP alerts into 
your monitoring system of choice (I use Cacti, but you could use any of 
the usual suspects: OpenNMS, Zabbix, Nagios and no doubt countless others).


Kind regards,

Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Monitoring

[Brian Caouette]

I just installed the NRPE package to pfSense. How its it used? Is there 
a docs page to make this work with pf?


On 6/3/2014 2:04 PM, Bruno Martins wrote:


NRPE is a package. Nagios is an external monitoring system that you 
can use to monitor everything.


On Jun 3, 2014 6:59 PM, "Brian Caouette" > wrote:


These are pfSense packages?

On 6/3/2014 1:54 PM, Bruno Martins wrote:


Best approach is to use Nagios and NRPE.

On Jun 3, 2014 4:02 PM, "Brian Caouette" mailto:bri...@dlois.com>> wrote:

Is there a package for pfsense that will watch server
availability. Something like servers alive? or even
pingdom.com 
___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org  
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Monitoring

[Bruno Martins]

NRPE is a package. Nagios is an external monitoring system that you can use
to monitor everything.
On Jun 3, 2014 6:59 PM, "Brian Caouette"  wrote:

>  These are pfSense packages?
>
> On 6/3/2014 1:54 PM, Bruno Martins wrote:
>
> Best approach is to use Nagios and NRPE.
> On Jun 3, 2014 4:02 PM, "Brian Caouette"  wrote:
>
>> Is there a package for pfsense that will watch server availability.
>> Something like servers alive? or even pingdom.com
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>>
>
>
> ___
> List mailing 
> listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list
>
>
>
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Monitoring

[Brian Caouette]

These are pfSense packages?

On 6/3/2014 1:54 PM, Bruno Martins wrote:


Best approach is to use Nagios and NRPE.

On Jun 3, 2014 4:02 PM, "Brian Caouette" > wrote:


Is there a package for pfsense that will watch server
availability. Something like servers alive? or even pingdom.com

___
List mailing list
List@lists.pfsense.org 
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Monitoring

[Bruno Martins]

Best approach is to use Nagios and NRPE.
On Jun 3, 2014 4:02 PM, "Brian Caouette"  wrote:

> Is there a package for pfsense that will watch server availability.
> Something like servers alive? or even pingdom.com
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
>
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Problems with gateways on IPv6 Tunnels?

[Jim Pingle]

On 6/3/2014 12:37 PM, Seth Mos wrote:
> I just upgraded to 2.1.3 at home and tried to switch my IPv6 default gateway 
> around.
> 
> Unfortunately, when I try to set my HE.net tunnel gateway as the default it 
> throws an error that the gateway address is not in the interface subnet. 
> 
> I’ve set the prefix length in both the GIF interface settings and the OPT4 
> Interface settings to /120. Unfortunately it still throws that error. 
> Strangely enough the gateway status widget and status page tell me the 
> gateway is reachable fine and with proper response time.
> 
> This makes no sense. Anybody else seeing this?

IIRC, between 2.1 and 2.1.3 Ermal changed things so that GIF interfaces
get automatic gateways, so they should be "dynamic" these days. I'm not
sure if all the docs got caught up to that change.
(https://redmine.pfsense.org/issues/3484,
ddb30ebfc686165e00f0155e00df16edc17c31c5)

Mine is still set the old way but so long as I don't touch it, it works.
I haven't re-worked everything for the "new" method yet.

Jim
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Problems with gateways on IPv6 Tunnels?

[Seth Mos]

Hi,

I just upgraded to 2.1.3 at home and tried to switch my IPv6 default gateway 
around.

Unfortunately, when I try to set my HE.net tunnel gateway as the default it 
throws an error that the gateway address is not in the interface subnet. 

I’ve set the prefix length in both the GIF interface settings and the OPT4 
Interface settings to /120. Unfortunately it still throws that error. Strangely 
enough the gateway status widget and status page tell me the gateway is 
reachable fine and with proper response time.

This makes no sense. Anybody else seeing this?

Kind regards,
Seth
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Monitoring

[Brian Caouette]

Is there a package for pfsense that will watch server availability. 
Something like servers alive? or even pingdom.com

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Report Errors

[Brian Caouette]

Didn't see anything related to squidguard in there. As expected a few 
minutes after I sent that email the websites were blocked again as they 
should be. Something very intermittent. Really appreciate the reply! Not 
sure if its related but squid in general has a very low to non existent 
hit ratio. I've been googling and searching forums to no avail. Every 
thing appears correct. I can sit there watching the real time monitor 
and watching it happen. Everything comes back as a miss even those sites 
I've been to just moments prior.


I don't know if this will help much but: http://www.dlois.com/status.html

Brian



On 6/3/2014 9:10 AM, Ryan Coleman wrote:

What do your logs say?
On Jun 3, 2014, at 6:56, Brian Caouette  wrote:


That is true. It just seems like I get something working then it stops work a 
few hours later. I've seen packages not start up at on. This morning I can surf 
to porn sites despite them being blocked last night. With making any changes 
squidguard just stopped blocking. I've left all settings in place so it should 
still be blocking. Just getting frustrated is all.

Sent from my iPad


On Jun 2, 2014, at 8:57 PM, Jim Thompson  wrote:



On Jun 2, 2014, at 13:18, Brian Caouette  wrote:

As much as I like pfSense it
and packages are really prone to glitches and over all bugs.

PfSense has bugs, and packages have bugs, but it is a mistake to conflate the 
two.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list


___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] Shun (Block Command)

[Bryant Zimmerman]

I need to have a CLI command that emulates the "shun" command on cisco.
 I know about the easyrule script.   I need to be able to update an IP list 
in an alias table rather than push in a rule.
I am not a big script guru how hard is this likely to be?   I have 
two 
pfSense routers in a CARP fail over. If I add to an alias true a script on 
one box will it auto detect and mirror it to the other or do I have to 
manually update both?   If I need to expire the IP added to the alias after 
a set amount of time. How would be the best way to do that? Another script? 

  
 Thanks

Bryant Zimmerman (ZK Tech Inc.)
616-855-1030 Ext. 2003

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Report Errors

[Ryan Coleman]

What do your logs say?
On Jun 3, 2014, at 6:56, Brian Caouette  wrote:

> That is true. It just seems like I get something working then it stops work a 
> few hours later. I've seen packages not start up at on. This morning I can 
> surf to porn sites despite them being blocked last night. With making any 
> changes squidguard just stopped blocking. I've left all settings in place so 
> it should still be blocking. Just getting frustrated is all.
> 
> Sent from my iPad
> 
>> On Jun 2, 2014, at 8:57 PM, Jim Thompson  wrote:
>> 
>> 
>>> On Jun 2, 2014, at 13:18, Brian Caouette  wrote:
>>> 
>>> As much as I like pfSense it
>>> and packages are really prone to glitches and over all bugs.
>> 
>> PfSense has bugs, and packages have bugs, but it is a mistake to conflate 
>> the two. 
>> ___
>> List mailing list
>> List@lists.pfsense.org
>> https://lists.pfsense.org/mailman/listinfo/list
>> 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Report Errors

[Brian Caouette]

That is true. It just seems like I get something working then it stops work a 
few hours later. I've seen packages not start up at on. This morning I can surf 
to porn sites despite them being blocked last night. With making any changes 
squidguard just stopped blocking. I've left all settings in place so it should 
still be blocking. Just getting frustrated is all.

Sent from my iPad

> On Jun 2, 2014, at 8:57 PM, Jim Thompson  wrote:
> 
> 
>> On Jun 2, 2014, at 13:18, Brian Caouette  wrote:
>> 
>> As much as I like pfSense it
>> and packages are really prone to glitches and over all bugs.
> 
> PfSense has bugs, and packages have bugs, but it is a mistake to conflate the 
> two. 
> ___
> List mailing list
> List@lists.pfsense.org
> https://lists.pfsense.org/mailman/listinfo/list
> 
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] CARP Vmware

[Raúl Sampedro]

Hi Simon,


I did all of this steps

•  Enable promiscuous mode on the vSwitch
•  Enable "MAC Address changes"
•  Enable "Forged transmits"

But nothing Works

Bye


De: List [mailto:list-boun...@lists.pfsense.org] En nombre de Simon Dick
Enviado el: martes, 03 de junio de 2014 11:38
Para: pfSense Support and Discussion Mailing List
Asunto: Re: [pfSense] CARP Vmware

On 3 June 2014 10:24, Raúl Sampedro 
mailto:raul.sampe...@grupocarreras.com>> wrote:
Hi all;

I have just configured two Pfsense in vmware and all works fine, except CARP. 
Two pfsense´s VM changes CARP IP and works fine, but I cannot ping to the CARP 
IP.

I configured promiscuous mode in port group also, but nothing, does not work. I 
tried a lot of configurations but nothing works.

Have you any clue?

It will be worth going through this:
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#VMware_ESX.2FESXi_Users
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] CARP Vmware

[Simon Dick]

On 3 June 2014 10:24, Raúl Sampedro  wrote:

>  Hi all;
>
>
>
> I have just configured two Pfsense in vmware and all works fine, except
> CARP. Two pfsense´s VM changes CARP IP and works fine, but I cannot ping to
> the CARP IP.
>
>
>
> I configured promiscuous mode in port group also, but nothing, does not
> work. I tried a lot of configurations but nothing works.
>
>
>
> Have you any clue?
>

It will be worth going through this:
https://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting#VMware_ESX.2FESXi_Users
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] CARP Vmware

[Raúl Sampedro]

Hello,


I´m also using ESXi .Carp IP for me is Virtual IP. I can ping from the same VM 
but not from the others.

I put disabled the firewall to check if is a vmware problem.

bye

De: List [mailto:list-boun...@lists.pfsense.org] En nombre de David QuayCendre
Enviado el: martes, 03 de junio de 2014 11:33
Para: pfSense Support and Discussion Mailing List
Asunto: Re: [pfSense] CARP Vmware

Hello !
I'm using ESXi (VMWare hypervisor), and I can ping my CARP IP. Have you check 
the firewall ? Lot of tutorial say to allowed all communications in the CARP 
interface.
Carp IP for you, is the IP on the Carp interface ? not Virtual IP ?

Bye
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] CARP Vmware

[David QuayCendre]

Hello !

I'm using ESXi (VMWare hypervisor), and I can ping my CARP IP. Have you
check the firewall ? Lot of tutorial say to allowed all communications in
the CARP interface.

Carp IP for you, is the IP on the Carp interface ? not Virtual IP ?


Bye
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

[pfSense] CARP Vmware

[Raúl Sampedro]

Hi all;

I have just configured two Pfsense in vmware and all works fine, except CARP. 
Two pfsense´s VM changes CARP IP and works fine, but I cannot ping to the CARP 
IP.

I configured promiscuous mode in port group also, but nothing, does not work. I 
tried a lot of configurations but nothing works.

Have you any clue?

Thanks in advance.

Raúl Sampedro
Departamento IT
Tel. 976011126
C/Taormina 5 (PLAZA), 50197, Zaragoza
[cid:image001.jpg@01CF39FB.CC5598D0]



___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list