[pfSense] not all snort rules shown after update pfsense to 2.1.5
Hello all, we did an update to pfsense 2.1.5. After that the snort package is no longer working. Getting: FATAL ERROR: /usr/pbi/snort-i386/etc/snort/snort_20181_em1/snort.conf(169) = Did not find specified IIS Unicode codemap in the specified IIS Unicode Map file. And categories are less than before. and snort stops. This is on 3 pfsense boxes. With one I played around: reinstalling snort gives same error as above. uncheck Settings will not be removed during package deinstallation. and reinstall snort and rules update. After that I was able to configure snort but noticed that there are less categories. I checked via shell ls /usr/pbi/snort-i386/etc/snort/rules/ here are more rules than shown in gui. Now I have a running snort with less categories and 2pfsense-boxes not running snort with the IIS-error and less categories. IPS policy selection is also on that 3pfsense not working. Nothing changed using a selcetion How Can I get the categories back in gui and how to solve the IIS-error? Can someone help? tia Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] upgrade from 1.2.3
Thanks for the input everyone, you confirmed my thoughts. I'll build a 2.x system on replacment hardware, manually copy the config (unless I can restore from the original ?) and swop them over Nick Upson, Telensa Ltd, Senior Operations Network Engineer direct +44 (0) 1799 533252, support hotline +44 (0) 1799 399200 On 7 October 2014 20:29, Chris Buechler c...@pfsense.com wrote: On Tue, Oct 7, 2014 at 9:54 AM, Nenhum_de_Nos math...@eternamente.info wrote: I have 2.0.3 amd64, is it safe to upgrade to 2.1.5 ? In the case above, should him first upgrade to 2.0.x, then to a newer version ? You're better off going straight from 1.x to 2.1.5 than stopping at any point in between if you're going to upgrade in place. On Tue, Oct 7, 2014 at 9:25 AM, Jim Thompson j...@netgate.com wrote: We've seen a lot of instances where the hw has run for years, but has developed silent, undiagnosed issues (bad blocks, mostly). The upgrade doesn't cause a failure, but it gets blamed. Yeah that's old enough it's likely to run into that type of upgrade issue, where a reboot would have done the same. Given the age of the hardware, it'd be prudent to restore the 1.2.3 config to a new system with 2.1.5, and swap the hardware to upgrade. Don't power off the old system until you're confident in the new, just unplug its NICs, which should make it as safe as possible to switch back. While it might work, I'm absolutely certain we've never tested upgrading from 1.2.3 to 2.1.5. It's definitely not well tested. I've done at least a handful of 1.2.3 to 2.1x upgrades, though none to 2.1.5 it should be the same in that regard. If it's not a complex system, which anything still running 1.x at this point almost certainly isn't, it should work. For risk reduction, I probably wouldn't upgrade anything 5+ years old in place, for hardware reliability reasons. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] upgrade from 1.2.3
On Wed, Oct 8, 2014 at 9:23 AM, Nick Upson n...@telensa.com wrote: Thanks for the input everyone, you confirmed my thoughts. I'll build a 2.x system on replacment hardware, manually copy the config (unless I can restore from the original ?) and swop them over You should be able to restore the config without issue. The only manual bits you may need to configure is re-assigning the interfaces. I've recently went through a similar upgrade, and didn't have any issues. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] a notification is not sent when a gateway is down [https://redmine.pfsense.org/issues/3306]
I think I am being hit by the same issue. Here is what I tried: Version: 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:25 EST 2012 FreeBSD 8.1-RELEASE-p13 Test email is recived when hitting save on the notifications page. One gateway. Monitor IP is set [64.221.77.118]. From pfSense shell ping 64.221.77.118: snip/ 64 bytes from 64.221.77.118: icmp_seq=68 ttl=255 time=0.861 ms 64 bytes from 64.221.77.118: icmp_seq=69 ttl=255 time=0.844 ms 64 bytes from 64.221.77.118: icmp_seq=70 ttl=255 time=0.820 ms ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host 64 bytes from 64.221.77.118: icmp_seq=71 ttl=255 time=13581.729 ms 64 bytes from 64.221.77.118: icmp_seq=72 ttl=255 time=12573.693 ms 64 bytes from 64.221.77.118: icmp_seq=73 ttl=255 time=11565.238 ms 64 bytes from 64.221.77.118: icmp_seq=85 ttl=255 time=0.764 ms 64 bytes from 64.221.77.118: icmp_seq=86 ttl=255 time=0.874 ms 64 bytes from 64.221.77.118: icmp_seq=87 ttl=255 time=0.841 ms snip/ --- 64.221.77.118 ping statistics --- 145 packets transmitted, 134 packets received, 7.6% packet loss round-trip min/avg/max/stddev = 0.755/282.375/13581.729/1864.098 ms Weight: 1 Latency thresholds: 1 to 2 Packet Loss thresholds: 0.001 to 0.001 Frequency Probe: 1 Down: 1 As shown above, I pulled the uplink for about 10 seconds. No email. Email, DNS, etc are LAN side resources. Any suggestions? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Adding Ethernetports
System completely locked up and denied me the ability to log back in when I did bridge mode. I have to format and reinstall and configure everything. That was a tedious nightmare. I did try using the port as a standalone. I assigned it an ip. Was able to ping it. Plugged in a netgear set to dhcp and it did not receive an ip. pfSense did have dhcp active on this card and it had a range of ip's. I also notice that the range I assigned to this card was being used on my other subnet even though it wasn't configured that way. I'm confused as to whats happening and why i'm having such a hard time getting another lan card to work. On 10/3/2014 1:10 PM, Espen Johansen wrote: Pfsense ?interfaces ?add bridge and add lan and your new interfaces to it. You will then have multiple lan interfaces acting the same as your lan. Or same as as router with multiple lan ports would. 3. okt. 2014 18:42 skrev Brian Caouette bri...@dlois.com mailto:bri...@dlois.com følgende: Where do I find that? Which of my issues does it solve? On 10/3/2014 12:08 PM, Espen Johansen wrote: Bridge to LAN. 3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com mailto:bri...@dlois.com følgende: Just wanted to thank those of you who replied. Finally got the card noticed in pFsense. Had to use the add hardware feature on the VM. Now the problem is getting it to route traffic. I am able to ping the two ports from the pfsense diag menu but am not able to ping outside the network. I did create a rule to pass all traffic but still nothing. Is there something special I need to do to get the two new ports to work? Also is there a way to have the dhcp range the same as the lan so that it works like a consumer of the shelf router? Basically additional ports in the same net range. On 9/19/2014 1:37 PM, Adam Thompson wrote: There's also the unofficial VMware ESXi white-box HCL, but it hasn't really been updated since v4.x. Agreed that if this is anything more than a test system, stick with the HCL and a support contract. Been there, done that, have the scars to prove it ... -Adam On September 19, 2014 12:18:31 PM CDT, Paul Beriswill paul.berisw...@pdfcomplete.com mailto:paul.berisw...@pdfcomplete.com wrote: I have had mixed results trying to find support for hardware that is not on the vmWare HCL and often spend way too much time hunting for solutions. You are *much* better off sticking with officially supported hardware. That being said, This link *may* have the drivers that you are looking for ... https://my.vmware.com/web/vmware/details?downloadGroup=DT-ESXI55-INTEL-IGB-42168productId=353 Should probably take this to one of the vmware support groups. Paul On 09/19/2014 11:28 AM, Brian Caouette wrote: Yes VM. I do not see the card listed there either. I do not understand VM and all the plugs and drivers. Can you point me in the right direction? On 9/19/2014 11:17 AM, Paul Beriswill wrote: Your pfSense is running on a VM ... correct? Does vmware recognize the nic? I know some versions of esx need custom drivers for even some intel NIC's. Paul On 09/19/2014 09:31 AM, Brian Caouette wrote: I added a dual port nic to my pfsense box and it doesn't show the additional ports. The new nic doesn't show anywhere. I am using a PowerEdge 2850 and an Intel Card. I am also using vmware on the machine. Any ideas what may be going on? ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- *Paul Beriswill* PDF Complete Inc | www.pdfcomplete.com http://www.pdfcomplete.com/ 550 Club Drive, Ste. 477 | Montgomery, TX 77316 512.263.0868 x 707 tel:512.263.0868%20x%20707 direct | paul.berisw...@pdfcomplete.com mailto:paul.berisw...@pdfcomplete.com PDF Complete http://www.pdfcomplete.com/ ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- *Paul Beriswill* PDF Complete Inc | www.pdfcomplete.com http://www.pdfcomplete.com/ 550 Club Drive, Ste. 477 | Montgomery, TX 77316 512.263.0868 x 707 tel:512.263.0868%20x%20707
Re: [pfSense] a notification is not sent when a gateway is down [https://redmine.pfsense.org/issues/3306]
On 10/8/2014 11:39 AM, Jason Pyeron wrote: I think I am being hit by the same issue. Here is what I tried: Version: 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:25 EST 2012 FreeBSD 8.1-RELEASE-p13 Test email is recived when hitting save on the notifications page. One gateway. Monitor IP is set [64.221.77.118]. From pfSense shell ping 64.221.77.118: snip/ 64 bytes from 64.221.77.118: icmp_seq=68 ttl=255 time=0.861 ms 64 bytes from 64.221.77.118: icmp_seq=69 ttl=255 time=0.844 ms 64 bytes from 64.221.77.118: icmp_seq=70 ttl=255 time=0.820 ms ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host ping: sendto: No route to host 64 bytes from 64.221.77.118: icmp_seq=71 ttl=255 time=13581.729 ms 64 bytes from 64.221.77.118: icmp_seq=72 ttl=255 time=12573.693 ms 64 bytes from 64.221.77.118: icmp_seq=73 ttl=255 time=11565.238 ms 64 bytes from 64.221.77.118: icmp_seq=85 ttl=255 time=0.764 ms 64 bytes from 64.221.77.118: icmp_seq=86 ttl=255 time=0.874 ms 64 bytes from 64.221.77.118: icmp_seq=87 ttl=255 time=0.841 ms snip/ --- 64.221.77.118 ping statistics --- 145 packets transmitted, 134 packets received, 7.6% packet loss round-trip min/avg/max/stddev = 0.755/282.375/13581.729/1864.098 ms Weight: 1 Latency thresholds: 1 to 2 Packet Loss thresholds: 0.001 to 0.001 Frequency Probe: 1 Down: 1 As shown above, I pulled the uplink for about 10 seconds. No email. Email, DNS, etc are LAN side resources. Any suggestions? -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list If i'm understanding your message this is expected behavior. You pull the uplink and the pings will fail. Thats the whole point. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] a notification is not sent when a gateway is down[https://redmine.pfsense.org/issues/3306]
-Original Message- From: Brian Caouette Sent: Wednesday, October 08, 2014 11:59 On 10/8/2014 11:39 AM, Jason Pyeron wrote: I think I am being hit by the same issue. Here is what I tried: Version: 2.0.2-RELEASE (i386) built on Fri Dec 7 16:30:25 EST 2012 FreeBSD 8.1-RELEASE-p13 Test email is recived when hitting save on the notifications page. snip/ As shown above, I pulled the uplink for about 10 seconds. No email. Email, DNS, etc are LAN side resources. Any suggestions? snip/ If i'm understanding your message this is expected behavior. You pull the uplink and the pings will fail. Thats the whole point. And then an email should be sent, which it is not being sent. -Jason -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense
Stefan Fuhrmann, here's my settings. They work well for me, but there may be some fine-tuning you should do... First, I choose the rules on the Global Settings tab. I applied for a free Oinkmaster Code, which I use on a few firewalls. Then I set the Removed Blocked Hosts Interval to 15 minutes, just in case I do something remotely that Snort doesn't like and locks me out. I think everything else is default: http://imgur.com/dLIsp7v Then I force a download of the rules on the Update tab... http://imgur.com/bV7Pqoa Next, create the Snort Interface. On the Wan Settings tab, I use defaults except I check Block Offenders and I use a Pass List and Suppression List which need to be selected here. On the WAN Categories tab, I select an IPS Policy which disables selection of some rules. This is normal. However, do select the other rules that are available: http://imgur.com/PwVqjU2 And then the last thing I change is on the WAN Preprocs tab. Everything is default, except that I check Auto Rule Disable, I disable HTTP Inspect, and enable Portscan Detection. HTTP Inspect will block many legitimate websites like Amazon, and will require that you add all the blocked sites to the pass or rule suppress lists. I feel this is too much work. After Snort is up and running, there will be times when you need to suppress some rules to suit your users. For instance, one user's iPhone was triggering a POP3 rule whenever he tried to connect, and was being blocked. When this happens go to the Blocked tab and unblock the address, then go to the Alerts tab, find the address, and add the rule to the Suppress list by clicking the appropriate button. Good luck! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] a notification is not sent when a gateway is down[https://redmine.pfsense.org/issues/3306]
And then an email should be sent, which it is not being sent. -Jason On a firewall with two wan connections, one connection is faster than the other so I use one for incoming connections and one for outgoing. User's outgoing traffic is routed to the gateway that's working using gateway groups. (fallover) I've noticed that if the outgoing connection goes down briefly, no emails are sent. Possibly because that's the route the emails would normally take? But if the incoming connection goes down for a moment, I get several emails. (too many) Maybe pfSense isn't caching the emails to send when switching connections, or for when the link comes back up? Fortunately, the links don't go down that often so I can't say for certain... ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] a notification is not sent when a gatewayis down[https://redmine.pfsense.org/issues/3306]
-Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of compdoc Sent: Wednesday, October 08, 2014 12:46 To: 'pfSense Support and Discussion Mailing List' Subject: Re: [pfSense] a notification is not sent when a gatewayis down[https://redmine.pfsense.org/issues/3306] And then an email should be sent, which it is not being sent. -Jason On a firewall with two wan connections, one connection is faster than the other so I use one for incoming connections and one for outgoing. User's outgoing traffic is routed to the gateway that's working using gateway groups. (fallover) In this case, it has been down for a while. Verizon techs on the pole. There is only one WAN on this firewall (one FW per WAN). The DNS, SMTP, NTP, etc are on the LAN side of the FW. Ex: [2.0.2-RELEASE][r...@xxx.zzz]/root(3): ping mail PING mail.ZZZ (aa.bb.cc.dd): 56 data bytes 64 bytes from aa.bb.cc.dd: icmp_seq=0 ttl=64 time=0.406 ms 64 bytes from aa.bb.cc.dd: icmp_seq=1 ttl=64 time=0.330 ms 64 bytes from aa.bb.cc.dd: icmp_seq=2 ttl=64 time=0.285 ms ^C --- mail.ZZZ ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.285/0.340/0.406/0.050 ms [2.0.2-RELEASE][r...@xxx.zzz]/root(2): ping google.com PING google.com (74.125.226.164): 56 data bytes ^C --- google.com ping statistics --- 10 packets transmitted, 0 packets received, 100.0% packet loss [2.0.2-RELEASE][r...@xxx.zzz]/root(3): I've noticed that if the outgoing connection goes down briefly, no emails are sent. Possibly because that's the route the emails would normally take? But if the incoming connection goes down for a moment, I get several emails. (too many) Maybe pfSense isn't caching the emails to send when switching connections, or for when the link comes back up? Fortunately, the links don't go down that often so I can't say for certain... No emails EVER, except the test emails... status_gateways.php shows: Status: Gateways NameGateway Monitor RTT LossStatus Description WAN XXX 64.221.77.118 0.000ms 100.0% Offline -Jason ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] LAN: IPv6 static configuration
Good afternoon- This is in regards to pfsense-2.1.4-RELEASE. This morning my ISP (finally) turned on IPv6 on our circuit. They assigned a /126 P2P link for the WAN and are routing a /48 to us. I have the WAN interface configured without issue, and am able to ping6 from the router itself to external addresses. The problem arose when I added the static IPv6 configuration to my LAN interface. I chose an arbitrary /64 subnet for the LAN and assigned an IP to the interface. When I applied this configuration, *all* traffic to and through the router (both v4 and v6) stopped. I couldn't ping the v4 address of the router, etc. I ended up having to attach to the serial console and restore a previous config file in order to restore connectivity. My questions are: 1) How was adding v6 addressing information to the LAN interface able to affect v4 traffic? 2) How can I add static v6 configuration to the LAN interface sucessfully? This all seemed like it should be a very simple task, but apparently I'm missing something. Thank you! -Erik ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list