Re: [pfSense] Configs or hardware?

2018-02-15 Thread Ivo Tonev
Try increasing network buffers via "system tunables".

Em 15 de fev de 2018 12:14, "Michael Munger" 
escreveu:

> TL; DR.
>
> On 1Gbps downloads, our pfSense firewalls are performing poorly with
> speed tests of ~400Mbps. It's either pfSense configs (not likely) or the
> hardware (more likely). I do not want to buy a commercial box. For our
> corporate network, we use HP DL360s, so zero problem there.I need
> something that is the size of a router, but can do 1Gbps with pfSense.
>
> Who's got working configs / hardware combos that do 1Gbps easily?
>
> Background.
>
> I've been using Alix boards (APU1D4 as of late). The problem is: these
> boards seem to top out at 400Mbps download. I have several clients who
> have gigabit fiber connections, and they have been complaining to the
> ISP that their service is slow. When they connect to the modem directly,
> they get 1G download. When they go through the pfSense firewall we put
> together using these Alix boards from PC engines, it drops to ~400Mbps.
>
> There are several competing "router boards" (Microtik and the like), but
> I have zero experience with them, I don't know if they will run pfSense
> or if they will do the speed. The Alix + pfSense combo has been GREAT
> for many years. If I change to something else, I don't want to go
> through growing pains since I figure this is a solved problem, and
> someone on this list knows / has a recommendation.
>
> --
> Michael Munger, dCAP, MCPS, MCNPS, MBSS
> High Powered Help, Inc.
> Microsoft Certified Professional
> Microsoft Certified Small Business Specialist
> Digium Certified Asterisk Professional
> mich...@highpoweredhelp.com 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] quagga/bgp

2017-11-17 Thread Ivo Tonev
I'm using. There is no problems.

Em 17 de nov de 2017 11:30, "Daniel"  escreveu:

> Here this,
>
>
>
> is anyone using quagga with bgpd as a self installed package on pfsense?
>
> I don’t want to use openBGPd and I also don’t want to use FRR because I am
> completely new in FRR.
>
> My idea is to use quagga with bgpd daemon on pfsense.
>
>
>
> Is there any problems?
>
>
>
> Cheers
>
>
>
> Daniel
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] IPv6 nat

2017-11-16 Thread Ivo Tonev
You can use NPT

Em 16 de nov de 2017 5:19 PM, "Daniel"  escreveu:

> Hi there,
>
>
>
> i added a privat ipv6 LAN on my pfsense which has to do NAT like on IPv4.
>
>
>
> But it seems that NAT with ipv6 is not possible. Is there anyway or is it
> not possible to NAT IPv6 Connections?
>
>
>
> root@web1:~# traceroute6 heise.de
>
> traceroute to heise.de (2a02:2e0:3fe:1001:302::), 30 hops max, 80 byte
> packets
>
>  1  fd12:38ce:2472:a35e::3 (fd12:38ce:2472:a35e::3)  0.071 ms  0.098 ms
> 0.087 ms
>
>  2  * * *
>
>  3  * * *
>
>
>
> I am not interested to use public IPv6-Addresses in my LAN
>
>
>
> Cheers
>
>
>
> Daniel
>
>
>
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Strange packetloss

2017-10-20 Thread Ivo Tonev
On each interface you have "Block bogon networks".

Is that option active ?

On Fri, Oct 20, 2017 at 2:00 PM, Daniel  wrote:

> Hi Everyone,
>
>
>
> actually i have an any/any rule applied on all my interfaces. This I did
> actually only for debugging issues.
>
> But I can see that packets still get blocked:
>
>
>
> Oct 20 17:48:34 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64553,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
> Oct 20 17:48:34 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64554,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
> Oct 20 17:48:35 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,55,37998,0,DF,6,tcp,52,109.44.1.50,212.168.
> 31.112,34675,443,0,FA,1545664688,2414488008,40,,nop;nop;TS
>
> Oct 20 17:48:35 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64555,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
> Oct 20 17:48:36 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64556,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
> Oct 20 17:48:38 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64557,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
> Oct 20 17:48:42 gw02 filterlog: 5,,,100103,igb0,match,
> block,in,4,0x0,,56,64558,0,DF,6,tcp,52,93.220.211.99,212.
> 168.31.112,52498,80,0,FA,3467799626,3453635053,347,,nop;nop;TS
>
>
>
> Why? Normaly all traffic can pass the interfaces.
>
>
>
> Main problem is that I have 1% packetloss when it pass the Intenet
> connection to my Upstream. I have a second firewall configured identical
> and here is no packetloss.
>
> I Changed all cables and so… I am absolutely without any glue what can
> cause such a problem.
>
>
>
> Could it be a problem that I have serval different networks applied on one
> Interface without vlans?
>
> I Realy don’t know what I can do. This issue is very hard and all thinks I
> already tested doesn’t not help to fix the issue.
>
>
>
> Kernel Messages and logs also looking OK for me.
>
>
>
> Maybe someone can help me out and give me some ideas
>
>
>
> Cheers
>
>
>
> Daniel
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold




-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] problems with lagg interfaces?

2017-10-17 Thread Ivo Tonev
Even if your vlan dont bright up  you can capture traffic on physical
interfaces with tcpdump.
See what you can capture before any other move.

 Do a bottom-up troubleshoot.

Em 17 de out de 2017 12:34, "Eero Volotinen" 
escreveu:

> So, you mean that it is not working?
>
> Eero
>
> 2017-10-17 17:32 GMT+03:00 :
>
> > Am 2017-10-17 16:28, schrieb Eero Volotinen:
> >
> >> It's netgate pfsense SG-4860 running 2.4 final release
> >>
> >
> >
> > So, these are intel nics?
> >
> > Can you look in freebsd-bugzilla if there are bugs open for this
> interface
> > type and lagg(4)?
> >
> > I've had the same problem with bxe(4) (on FreeBSD).
> >
> > I had to switch to ix(4).
> >
> > Might be worth filing a ticket with netgate...
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-05 Thread Ivo Tonev
run "top -SH" to find the top cpu consuming tasks


On Thu, Oct 5, 2017 at 8:44 AM, Christoph Haas 
wrote:

> Am Mittwoch, den 04.10.2017, 15:05 -0400 schrieb ED Fochler:
> > I have a similar situation and I solved it with limiters.  I'm also a
> fan of limiters to ensure fair sharing of uplink bandwidth by internal
> users.  I haven't tried changing system tunables though, so that solution
> may be better.
>
> So far the situation was better this morning. But the web interface
> became unresponsive and the OpenVPN daemon died. So I'm still scared.
>
> >
> Nothing is sent through the limiter until you create a rule that catches
> the traffic and routes it through the limiter, so you're not going to
> accidentally slow everything down just by creating a rule.
>
> I will try that.
>
> >
> The behavior you're speaking of sounds like your machine is getting maxed
> out by interrupts or some internal bandwidth.  Setting up a limiter sounds
> like a better solution than pushing the hardware to the point of unrefined
> behavior.
>
> Yes, I suspect something like that, too. The system load is going up
> heavily (Load >=5) sometimes. However the web interface claims that the
> load is around 30%. RAM and state tables look fine, too.
>
> On Linux-based systems I regularly use iptables rules and often go near
> wire speed. But the system load rarely goes up noticably. So I wonder
> what part is really causing that load.
>
> I ran "top" this morning and saw that the "filterlog" process was at
> the top of the list. My firewall rules though do not do any logging at
> the moment. Could that still be a problem?
>
> Thanks for your suggestions so far. I'll try them all.
>
> …Christoph
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-04 Thread Ivo Tonev
You can try rise some "System tunables"


net.inet.tcp.recvspace 524288
net.inet.tcp.sendspace 524288
net.raw.recvspace 524288
net.inet.raw.recvspace 524288
net.raw.sendspace 524288
net.inet.raw.maxdgram 524288
net.link.ifqmaxlen 2048
net.inet.tcp.recvbuf_inc 65536
net.inet.udp.recvspace 524288
net.inet.tcp.sendbuf_inc 65536
net.inet.tcp.mssdflt 1460
net.inet.tcp.minmss 536

On Wed, Oct 4, 2017 at 5:08 AM, Christoph Haas 
wrote:

> Dear list,
>
> I have become a huge fan of pfSense and managed to replace our old
> routers at work by two nifty Netgate SG-4860 gateways. They work nearly
> perfectly. I just have a few seperate internal VLANs (e.g. for
> administration, monitoring and backup) that give me a headache. Every
> day at the same time(s) there are spikes in traffic (I can see in the
> dashboard) between two VLANs. Traffic goes up to pretty much 800 Mbps
> for 1-2 minutes.
>
> During that time our monitoring system goes wild. High latencies and
> even ping losses. CPU load of the router is shown at around 50%. Once
> the traffic goes below 800 Mbps all is instantly fine again.
>
> I tried to simplify the firewall rules (e.g. let through all the
> traffic) but that did not help. Is there anything I can do? Any hidden
> switches? Anything to find and fix the situation? Traffic shaping for
> ICMP? Unicorn dust?
>
> Thanks in advance for your hints.
>
> …Christoph
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold




-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Ivo Tonev
Can tou send network diagram? Why 2 switches? How they are connected?

There are any feature like Cisco's arp inspection?

Em 7 de jun de 2017 10:45, "Daniel" <dan...@linux-nerd.de> escreveu:

> Both are Physical.
>
> --
> Grüsse
>
> Daniel
>
> Am 07.06.17, 14:34 schrieb "List im Auftrag von Ivo Tonev" <
> list-boun...@lists.pfsense.org im Auftrag von i...@tonev.pro.br>:
>
> Firewalls are virtual or physical servers?
>
> On Wed, Jun 7, 2017 at 9:12 AM, Daniel <dan...@linux-nerd.de> wrote:
>
> > Hi,
> >
> > Firewall on the Switch is the latest installed.
> > The Switch is just simple installed. No VLANS actually just IGMP
> disabled.
> > Carp has for sure 3 IPs. 2 Dedicated for each Server and one CARP
> (Virtual
> > Failover per Subnet)
> >
> >
> > --
> > Grüsse
> >
> > Daniel
> >
> > Am 06.06.17, 00:04 schrieb "List im Auftrag von Ugo Bellavance" <
> > list-boun...@lists.pfsense.org im Auftrag von u...@lubik.ca>:
> >
> > On 2017-06-02 08:13 AM, Daniel wrote:
> > > Hi there,
> > >
> > > i run 2 pfsense Firewalls. I tried to use CARP but it will
> turn over
> > every 1-2-3 hours.
> > > Sometimes it is so fast the pf1 is master and pf2 has the
> routes. In
> > this case I need to reboot the both Servers.
> > >
> > > After I tried a lot id ont find any solutions. I took a
> different
> > brand (Sophos UTM) and here is the same behave.
> > > So I think this could be a network problem.
> > >
> > > Is there any important thinks which must be enabled or
> disabled in
> > the Switch?
> > > Or need the Switch some special configurations?
> > >
> > > When I use Linux with Bondig it also switch the NICs very
> often.
> > >
> > > We use 2 Switches from Netgear JGS524Ev2
> > >
> > > Mayme someone has some experience with it?
> >
> > Can you give us more information? You do have 3 IP addresses per
> > interface? How is your switch configured? Any tagged vLANs
> involved? Is
> > the switch's firmware up to date?
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
>
>
>
>
> --
> Ivo R. Tonev
> +55 61 98409-2642
> i...@tonev.com.br
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] massive CARP Failover

2017-06-07 Thread Ivo Tonev
Firewalls are virtual or physical servers?

On Wed, Jun 7, 2017 at 9:12 AM, Daniel  wrote:

> Hi,
>
> Firewall on the Switch is the latest installed.
> The Switch is just simple installed. No VLANS actually just IGMP disabled.
> Carp has for sure 3 IPs. 2 Dedicated for each Server and one CARP (Virtual
> Failover per Subnet)
>
>
> --
> Grüsse
>
> Daniel
>
> Am 06.06.17, 00:04 schrieb "List im Auftrag von Ugo Bellavance" <
> list-boun...@lists.pfsense.org im Auftrag von u...@lubik.ca>:
>
> On 2017-06-02 08:13 AM, Daniel wrote:
> > Hi there,
> >
> > i run 2 pfsense Firewalls. I tried to use CARP but it will turn over
> every 1-2-3 hours.
> > Sometimes it is so fast the pf1 is master and pf2 has the routes. In
> this case I need to reboot the both Servers.
> >
> > After I tried a lot id ont find any solutions. I took a different
> brand (Sophos UTM) and here is the same behave.
> > So I think this could be a network problem.
> >
> > Is there any important thinks which must be enabled or disabled in
> the Switch?
> > Or need the Switch some special configurations?
> >
> > When I use Linux with Bondig it also switch the NICs very often.
> >
> > We use 2 Switches from Netgear JGS524Ev2
> >
> > Mayme someone has some experience with it?
>
> Can you give us more information? You do have 3 IP addresses per
> interface? How is your switch configured? Any tagged vLANs involved? Is
> the switch's firmware up to date?
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold




-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] RRD alternatives

2017-02-17 Thread Ivo Tonev
zabbix ( via agent package or snmp )
nagios  ( snmp )
http://nfsen.sourceforge.net/ ( softflowd )

On Fri, Feb 17, 2017 at 7:00 PM, Antonio Cortes Alhambra <
antonio.cor...@incatel.cl> wrote:

> http://www.cacti.net/
>
>
> Saludos Cordiales
>
>
>
>
>
> 
>
> 2017-02-17 17:30 GMT-03:00 Cheyenne Deal :
>
> > Is there an alternative to what were the rrd graphs in 2.2?
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] BandwithD

2017-02-16 Thread Ivo Tonev
It was removed. You can use netflow with netflow colector in another server.

Em 16 de fev de 2017 12:20, "Daniel"  escreveu:

> Hi there,
>
> is it possible that bandwithD is removed from the Packages?
> I wanted to install it and i cant see it anymore.
>
> Is there any other way or any other way to track Traffic per IP?
>
> Cheers
>
> Daniel
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] bind rules

2016-09-22 Thread Ivo Tonev
Action = PASS
Interface = LAN
Address Family = IPv4 + IPv6
Protocol = TCP/UDP
Destination Port Range = DNS

On Thu, Sep 22, 2016 at 7:43 PM, Pol Hallen 
wrote:

> Hi all :-)
>
> I need to create some rules to allow BIND internal server network makes
> recursive queries: I've iptables rules but I've some problem with PF :-(
>
> Can someone "transalte" these rules to pfsense?
>
> for processing DNS queries:
>
> iptables -I INPUT 1 -p tcp -m tcp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
> iptables -I INPUT 2 -p udp -m udp --dport 53 -m state --state
> NEW,ESTABLISHED -j ACCEPT
>
> and for sendind responses back to client
>
> iptables -A OUTPUT -p tcp -m tcp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p udp -m udp --sport 53:65535 --dport 53 -m state
> --state NEW,ESTABLISHED -j ACCEPT
>
> thanks for help!
>
> Pol
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
Ivo R. Tonev
+55 61 98409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] pf rule error

2016-08-09 Thread Ivo Tonev
Check your states table size.

Em 9 de ago de 2016 22:47, "Joseph L. Casale" 
escreveu:

> I recently received an error that the pf table was wedged and had been
> reset
> while making changes. A few days later, a vlan stopped passing dhcp traffic
> and filter reload did not resolve it, I actually had to reboot the unit.
>
> Has anyone seen this, are there configurations known to produce this
> behavior
> or would hardware be the first suspect?
>
> Thanks,
> jlc
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] yesterday update to 2.3.2 has not worked - these machines now can not update any more

2016-07-27 Thread Ivo Tonev
>From the console:

pkg clean
pkg update
pkg upgrade
reboot

Em 27 de jul de 2016 10:54, "WolfSec-Support"  escreveu:

> Hi Jim
>
> Many thanks for your hint.
> Well it is still not working.
>
> See:
>
> >>> Updating repositories metadata...
> Updating pfSense-core repository catalogue...
> pfSense-core repository is up-to-date.
> Updating pfSense repository catalogue...
> Fetching meta.txz: . done
> Fetching packagesite.txz: ... done
> pkg:
> https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/packagesite.txz
> :
> Operation timed out
> Unable to update repository pfSense
>
> May something else was broken in update progress ?
>
> Many thanks for your help in advance
>
> Br
> Stephan
>
> Am 27.07.2016 15:43 schrieb "Jim Pingle" :
>
> > On 07/27/2016 12:48 AM, WolfSec-Support wrote:
> > > Any hint to solve the broken upbated-boxes ?
> >
> > Use ssh or the console and either use option 13, or use option 8 and
> > from the shell, execute "pfSense-upgrade -d"
> >
> > Early in the upgrade process, pkg is updated and from that point, the
> > GUI for updates and packages can't interpret the new pkg data format, so
> > the console update is required.
> >
> > Jim
> >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] Errors when attempting upgrade to 2.3.2 from 2.3.1.5

2016-07-26 Thread Ivo Tonev
Yes.
You can run from console

pkg clean
pkg update
pkg upgrade
reboot

Em 26 de jul de 2016 12:03 PM, "mayak"  escreveu:

> Both on an embedded APU and HP-DL-160 ...
>
> Fetching pfSense-2.3.2.txz: . done
>> pkg:
>> https://pkg.pfsense.org/pfSense_v2_3_2_amd64-pfSense_v2_3_2/All/perl5-5.20.3_13.txz:
>> Authentication error
>> >>> Locking package pfSense-kernel-pfSense... done.
>> Failed
>>
>
> Anyone else experiencing this?
>
> Thanks
>
> M
> --
>
> Markets can remain irrational longer than you can remain solvent.
>
> — John Maynard Keynes
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] OSPF help

2016-07-23 Thread Ivo Tonev
You can setup OpenVPN site-to-site VPN across your sites and run OSPF only
in vpn tunnel.




On Sat, Jul 23, 2016 at 8:55 PM, Francois Roussy 
wrote:

> I will add another thing I tried..
>
> Also, I had tried to create a policy based, using multiple phase 2 with
> all my subnet. It's working, but, some ip's are unreacheable (routers ip of
> my fortigate) and 2 or 3 machines that i can ping, but cant access their
> web sites (all internal)
>
> Any clue?
>
> Thanks
>
>
> -Original Message-
> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Francois
> Roussy
> Sent: July 23, 2016 10:38 AM
> To: list@lists.pfsense.org
> Subject: [pfSense] OSPF help
>
>
> Good day,
>
> I need some help to figure out how to fix my 'issue'..
>
> Actually, I have a multisite VPN, all using Fortigate 50B. I have 9 of
> them connecting to our main site, using a Fortigate 200D.
> Each site are having their own /24 ip space (192.168.2.0/24,
> 192.168.3.0/24)
>
> I use OSPF.
>
> Now.  My 50B service plan are ending gradually, and want to replace them
> with pfSense.  I know there is a flavor of OSPF into pfSense, but I'm not
> use to it.
>
> Can someone guide me please?
>
> Thanks
>
> Frank
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>



-- 
Ivo R. Tonev
+55 61 8409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] HAproxy question

2015-12-12 Thread Ivo Tonev
Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch
port/ip haproxy and openvpn are running. Openvpn don't listen on VIP.
Em 12/12/2015 10:31, "C. R. Oldham"  escreveu:

> Actually I think I characterized this problem the wrong way.
>
> It appears that neither haproxy nor nginx (when used as a proxy) are
> reliable on our pfSense firewall.  They will work for a while, then they
> stop passing traffic for a while, then they work awhile.  Restarting them
> doesn't make them responsive immediately.  I am at a loss to explain this.
> I've confirmed there are no other processes listening on port 443 on any IP
> (virtual or physical).  If anyone has ideas I'd love to hear them.
>
> --cro
>
>
> On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham  wrote:
>
> > Greetings,
> >
> > We've recently replaced both our routers with pfSense.  I am using tinc
> > for site-to-site VPN and OpenVPN for clients to connect.
> >
> > Since some of our support engineers often end up onsite with customers, I
> > want to enable OpenVPN over TCP port 443--we've noticed that many of our
> > customers block outbound UDP, but using the https port works fine.
> >
> > However, we also have haproxy on our firewall proxying for some web
> > applications on port 443. but on a different virtual IP from OpenVPN.
> If I
> > enable OpenVPN on the TCP port, haproxy stops working, even though they
> are
> > listening on different IPs.
> >
> > I have appropriate firewall rules for both virtual IPs in place.
> >
> > Can anyone shed some insight on how I can fix this?
> >
> > Thanks.
> >
> > --cro
> >
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] How to restrict certain websites for certain computers during certain times of the day?

2015-07-31 Thread Ivo Tonev
You can use squid+squidguard to create restrictions and time ranges.

Need to create local users in pfsense box and use authentication
Em 31/07/2015 12:36, Tim Koop t...@timkoop.com escreveu:

 I have installed pfsense and I would like to block certain websites during
 certain times of the day for certain computers.  I've looked around pfsense
 as well as a plugin or two, and this looks very difficult or impossible to
 do.  Anyone have any ideas?

 These are the details:

 It's installed in my home.  My wife and I want full access to the Internet
 all the time.  Using the very nice firewall, I'm currently giving my kids
 access during certain times of the day.  (They connect with DHCP and are
 given IP addresses in a certain range, whereas our computers are given
 static IP addresses based on mac address.)

 The main reason I'm blocking my kids' Internet is so they don't watch
 cartoons and play games all day long.  But I wouldn't mind if they had
 access to, say, Wikipedia, or Ubuntu updates server.  So want I want is
 this:

 - I want to enter a list of domain names to block, myself, not take it
 from someone else's list somewhere else.
 - I want this to only apply to certain computers (my kids), preferably by
 IP address range.
 - I want to be able to apply it only during certain times of the day.

 Does anything like this exist?  Or how close can I get?

 Thanks.

 --
 Tim K
 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold


Re: [pfSense] blocking torrents and web based https proxies

2015-03-27 Thread Ivo Tonev
You can block torrents with suricata. Works 100%. Install the package and
activate all p2p rules.

For web proxies you can use squid+(squidguard with
http://www.urlblacklist.com/ )  and force everyone to use your proxy.

On Thu, Mar 26, 2015 at 11:44 PM, Sean m...@thegeekclub.net wrote:

 Torrent traffic: maybe with a good L7 filter (not tried this myself).
 But HTTPS proxies and SSL VPN's forget about it.
 It's a game of whack-a-mole.  As soon as you squash one, three more will
 pop-up.
 You can't block SSL.  You'd need to get a real web filtering solution and
 by that I mean a service that constantly updates with new content and
 category definitions.
 Barracuda, Iron Port, Websense, to name a few companies.  It's still a
 game of whack-a-mole but you're paying them to do it.  It still won't get
 them all but it will get you hopefully into the 99% range.

 There would likely still be outliers, SSH tunnels and people clever enough
 to setup tunnels on non-standard ports and protocols that wouldn't be
 monitored.

 I'd be happy to be wrong and welcome a correction from someone who knows
 more about it on this list (there are plenty of them).

 On Tue, Mar 24, 2015 at 5:12 AM, Rizwan Saeed rizwan.sa...@nu.edu.pk
 wrote:

 Hi Guys,



 I am managing a 1000+ university network. pfsense is working fine. The
 only problem I have is that the students bypass all the security with web
 vpn’s and free https proxies. So I would like to know that if there is an
 effective way to block https web proxies, web based VPN and encrypted
 torrent traffic?



 Regards,

 Riz

 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold



 ___
 pfSense mailing list
 https://lists.pfsense.org/mailman/listinfo/list
 Support the project with Gold! https://pfsense.org/gold




-- 
Ivo R. Tonev
+55 61 8409-2642
i...@tonev.com.br
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

2014-10-03 Thread Ivo Tonev
[image: Inline image 1]

On Thu, Oct 2, 2014 at 7:01 AM, Stefan Fuhrmann ste...@fuhrmann.homedns.org
 wrote:

 Hello Ivo,

 yes

 2 pfsense nodes as cluster
 2 loadbalancer
 3 webserver

 need more info?

 tia
 Stefan
 --

 *Von: *Ivo Tonev i...@tonev.pro.br
 *An: *pfSense Support and Discussion Mailing List 
 list@lists.pfsense.org
 *Gesendet: *Montag, 29. September 2014 02:52:26
 *Betreff: *Re: [pfSense] recommandation: snort IDS, web http traffic,
 pfsense

 can you send your network layout ?
 how many servers ?

 --
 Ivo Tonev
 i...@tonev.pro.br

  On Sep 28, 2014, at 05:58, Stefan Fuhrmann ste...@fuhrmann.homedns.org
 wrote:
 
  Hello all,
 
  can someone help?
 
  tia
  Stefan
 
  Am Freitag, 26. September 2014, 15:11:04 schrieb Stefan Fuhrmann:
  Hello all,
 
  I need a recommandation for following setup:
 
  pfsense-cluster
 
  loadbalancers
 
  webservers
 
  There are some thousend visits per day and I want to secure with
 pfsense and
  snort. Snort runs on lan-site.
  I want to be aware which are the false positives and how to handle this
  traffic with snort and the snort- gui within pfsense?
  Is it now a good idea to enable step by step the categories and doing
  whitelisting of rules , where Im the meaning this traffic should go and
  block the rest?
  Im unsure if there is alot of traffic getting blocked which should
 pass
  This should dont be happen...
 
  In that firm there is the meaning that we should do blacklisting.
 Blocking
  only categories where we are secure this is not good traffic.
  In the moment there are several thousend alerts per day!
 
  I would say blocking the alerts and then I do whitelisting via gui.
  Problem: at first there is an error state
 
  Someone can give recommandations how to implement?
  Is it a good idea to configure the files directly on pfsense?
 
  tia
  Stefan
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list




-- 
Ivo R. Tonev
+55 61 8409-2642
i...@tonev.com.br
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-30 Thread Ivo Tonev
you need to use the management network to download.


On Tue, Sep 30, 2014 at 3:01 PM, Jeronimo L. Cabral jelocab...@gmail.com
wrote:

 Dear, I can't understand at allplease be patient with me :(

 I'll use pFsense with Snort as a IPS because I see is easier than the
 manually configuration of Snort.

 I have an ISP router with 200.1.1.1, a corporate firewall with 200.1.1.2
 and the condition is that I MUST LET THIS CONFIGURATION AS IT IS NOW.

 So, I have to locate the pFsense server between the router and the
 firewall, in inline mode.

 My pFsense server has 3 network interfaces, let's say: WAN connected to
 router, LAN connected to corporate firewall and OPT1 for management with IP
 192.168.1.1.

 Now I have the question:

 How should I have to configure the WAN and LAN interfaces, with IP,
 IP-less, creating a bridging interface IP-less or with IP  Because if I
 create a bridge with WAN and LAN and I don't assign an IP, the IPS won't
 download the signs from Internet...I'm a bit confused.

 Thanks a lot, regards.

 JeLo



 On Tue, Sep 30, 2014 at 10:55 AM, Ivo Tonev i...@tonev.pro.br wrote:

 Yes. Always use out of band management.



 On Tue, Sep 30, 2014 at 10:35 AM, Roberto Carna robertocarn...@gmail.com
  wrote:

 Ivo, that's a good ideabut please tell me if I'm correct or not:

 WAN, LAN, Bridge interfaces: IP-Less
 OPT1: IP for management in a management network

 Tnaks again,

 2014-09-30 9:27 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
  I recommend you create a management network for OPT1 with private IP.
 
 
  On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna 
 robertocarn...@gmail.com
  wrote:
 
  I think this is good for us:
 
 
  - Router ISP with IP 200.0.0.1
 
  - pFsense with the following interfaces:
 
a) WAN IP-Less
b) LAN IP-Less
c) OPT1 with IP 200.0.0.2 (management)
d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less
 
  - Corporate firewall with IP 200.0.0.3
 
  - Snort runs in Bridge interface
 
  Do you think this is correct ???
 
  Good night !!!
 
  Roberto
 
 
  2014-09-29 22:09 GMT-03:00 Jeronimo L. Cabral jelocab...@gmail.com:
   I can say that I imagine this addresses space:
  
   Router / IP 200.1.1.1 --- WAN IP-Less / pFsense/ LAN IP-Less ---
   Firewall /
   IP 200.1.1.2
  OPT1 / IP
   200.1.1.3
  
  (management)
  
   So, the WAN and LAN interfaces from pFsense are IP-LESS (promiscuos
   mode),
   and the OPT1 interface from pFsense has a public IP as router and
   firewall.
  
   Can I do this in pfsense ???
  
  
   On Mon, Sep 29, 2014 at 9:49 PM, Jeronimo L. Cabral
   jelocab...@gmail.com
   wrote:
  
   OK Ivo, this is very helpful to meSuppose I have:
  
   Router / IP 200.1.1.1 --- WAN/pFsense/LAN --- Firewall / IP
 200.1.1.2
  
   I have to maintan invariable the addressing of this scenario, so
 what
   IP
   addresses do I have to assign to WAN and LAN pFsense interfaces ???
  
   Thanks a lot,
  
   JeLo
  
   On Mon, Sep 29, 2014 at 9:32 PM, Ivo Tonev i...@tonev.pro.br
 wrote:
  
   In production environment you need 3 interfaces - one for WAN,
 one for
   LAN and one for management.
  
  
  
  
 http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg.html
  
  
   On Mon, Sep 29, 2014 at 9:24 PM, compdoc comp...@hotrodpc.com
 wrote:
  
But you say: one interface for WAN, a second for
  
   LAN...and which interface is for managing ???
  
  
  
  
  
   You manage with a browser from LAN, and optional also from the
 WAN
   port.
   And with ssh from the LAN.
  
  
  
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
  
  
  
   --
   Ivo R. Tonev
   +55 61 8409-2642
   i...@tonev.com.br
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
  
  
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
 
 
 
  --
  Ivo R. Tonev
  +55 61 8409-2642
  i...@tonev.com.br
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list




 --
 Ivo R. Tonev
 +55 61 8409-2642
 i...@tonev.com.br

 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
Use suricata
On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com wrote:

 Dear, I need to know if it's possible to setup Pfsense with Snort to
 get an IPS (Intrusion Prevention System), and in this case what is the
 graphical interface used to view events and dropped traffic.

 Thanks a lot,

 Roberto
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
You can use as many interfacez you want.

You can use the web gui or tail -f the file on
/var/log/suricata/(interface)/*
:)
On Sep 29, 2014 3:34 PM, Roberto Carna robertocarn...@gmail.com wrote:

 Dear Ivo and people, just three short questions:

 1) Using Suricata, can I enable the IPS mode as I can using Snort ???

 2) In IPS mode, do I have to have 3 interfaces in my server ???

 3) The only way to view the IPS blocking events is from into Pfsense
 or can I use Snorby ???

 Thanks again,

 Roberto

 Thanks again,

 Roberto



 2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
  Use suricata
 
  On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com
 wrote:
 
  Dear, I need to know if it's possible to setup Pfsense with Snort to
  get an IPS (Intrusion Prevention System), and in this case what is the
  graphical interface used to view events and dropped traffic.
 
  Thanks a lot,
 
  Roberto
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
You can use invalid IP on wan interface. This way is no way to avoid the
firewall.
On Sep 29, 2014 4:37 PM, Roberto Carna robertocarn...@gmail.com wrote:

 Mainly bridge to hide the IPS server from Internet, and also if I
 don't use the bridge mode I have to put a public IP in the WAN
 interface connected to the router and I have not much more available
 public IP's.

 2014-09-29 16:31 GMT-03:00 Espen Johansen pfse...@gmail.com:
  Why bridge? Do you want to hide evrything? Its not that hard to
 fingerprint
  a pfS bridge. If you have practical reasons, sure go ahead.
 
  29. sep. 2014 21:28 skrev Roberto Carna robertocarn...@gmail.com
  følgende:
 
  Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
  in bridge mode with firewall rules enabled ???
 
  Really thanks,
 
  Roberto
 
 
 
  2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com:
   Depends on what you want. A splitt design is normaly better and safer
   then a
   all in one box. If you want suricata +snorby and barnyard its not
   recommended to run it all on pfsense. There are many deps. that will
   cause a
   security nightmare and you will probably run out of hw resources as
   well.
  
   OK, thanks, the last please:
  
   Do you recommend to install an IPS in a Virtual Machine like Vmware
   ??? Because we have VMweare for all our servers.
  
   Regards,
  
   2014-09-29 15:39 GMT-03:00 Anastasios Stefos
   anastasios.ste...@gmail.com:
   Roberto
  
   Here is a good place to start regarding Suricata or Snort.
  
  
  
  
 http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
  
  
  
   ---
   Anastasios Stefos
   ´αίέν άριστεύειν
  
   On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna
   robertocarn...@gmail.com
   wrote:
  
   Dear Ivo and people, just three short questions:
  
   1) Using Suricata, can I enable the IPS mode as I can using Snort
 ???
  
   2) In IPS mode, do I have to have 3 interfaces in my server ???
  
   3) The only way to view the IPS blocking events is from into Pfsense
   or can I use Snorby ???
  
   Thanks again,
  
   Roberto
  
   Thanks again,
  
   Roberto
  
  
  
   2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
Use suricata
   
On Sep 29, 2014 2:27 PM, Roberto Carna 
 robertocarn...@gmail.com
wrote:
   
Dear, I need to know if it's possible to setup Pfsense with Snort
to
get an IPS (Intrusion Prevention System), and in this case what
 is
the
graphical interface used to view events and dropped traffic.
   
Thanks a lot,
   
Roberto
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
   
   
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
  
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
On pfsense is clickgo. No need to install everything. :)
On Sep 29, 2014 4:46 PM, Espen Johansen pfse...@gmail.com wrote:

 If all you want is a IPS then i dont undertand what you need pfS for?
 There are tons of setup guides for a linux flavour of choice to get this
 setup done. You can even build a hogwash like setup if you like.
 29. sep. 2014 21:38 skrev Roberto Carna robertocarn...@gmail.com
 følgende:

 Ivo, I want to locate the IPS between the router and the corporative
 firewall, so I think to use bridge modeis correct???

 2014-09-29 16:34 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
  I recomend to use in router mode.
 
  On Sep 29, 2014 4:29 PM, Roberto Carna robertocarn...@gmail.com
 wrote:
 
  Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
  in bridge mode with firewall rules enabled ???
 
  Really thanks,
 
  Roberto
 
 
 
  2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com:
   Depends on what you want. A splitt design is normaly better and safer
   then a
   all in one box. If you want suricata +snorby and barnyard its not
   recommended to run it all on pfsense. There are many deps. that will
   cause a
   security nightmare and you will probably run out of hw resources as
   well.
  
   OK, thanks, the last please:
  
   Do you recommend to install an IPS in a Virtual Machine like Vmware
   ??? Because we have VMweare for all our servers.
  
   Regards,
  
   2014-09-29 15:39 GMT-03:00 Anastasios Stefos
   anastasios.ste...@gmail.com:
   Roberto
  
   Here is a good place to start regarding Suricata or Snort.
  
  
  
  
 http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
  
  
  
   ---
   Anastasios Stefos
   ´αίέν άριστεύειν
  
   On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna
   robertocarn...@gmail.com
   wrote:
  
   Dear Ivo and people, just three short questions:
  
   1) Using Suricata, can I enable the IPS mode as I can using Snort
 ???
  
   2) In IPS mode, do I have to have 3 interfaces in my server ???
  
   3) The only way to view the IPS blocking events is from into
 Pfsense
   or can I use Snorby ???
  
   Thanks again,
  
   Roberto
  
   Thanks again,
  
   Roberto
  
  
  
   2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
Use suricata
   
On Sep 29, 2014 2:27 PM, Roberto Carna 
 robertocarn...@gmail.com
wrote:
   
Dear, I need to know if it's possible to setup Pfsense with
 Snort
to
get an IPS (Intrusion Prevention System), and in this case what
 is
the
graphical interface used to view events and dropped traffic.
   
Thanks a lot,
   
Roberto
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
   
   
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
  
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  
   ___
   List mailing list
   List@lists.pfsense.org
   https://lists.pfsense.org/mailman/listinfo/list
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 
 
  ___
  List mailing list
  List@lists.pfsense.org
  https://lists.pfsense.org/mailman/listinfo/list
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list


 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
I don't like the bridge approach because if you have many vlans it become
very complicated.

I always use the router approach because I can configure the IDS for one
interface and IPS for another.

If you don't have enough IP addresses, you can use invalid IP on firewall
WAN and create a route on your router to reach your range.
On Sep 29, 2014 7:31 PM, Jeronimo L. Cabral jelocab...@gmail.com wrote:

 Dear, do I have to have 3 network interfaces or 2 interfaces are enough to
 implement the IPS??? Because I think I'll have 1 promiscuos WAN, 1
 promiscuos LAN and 1 management.

 The Pfsense firewall has to be setup as BRIDGE if  want to put it between
 the router and the corporate firewall ???

 Special thanks,

 JeLo

 On Mon, Sep 29, 2014 at 5:35 PM, compdoc comp...@hotrodpc.com wrote:

  Here is a good place to start regarding Suricata or Snort.
 
 
 http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/


 Is the free to use version of Snort going away? I scanned the page
 mentioned above but it seems unclear.



 Suricata sounds like an excellent replacement given the advanced
 features, but I have to say Snort is doing a fine job for us.



 I use the free Registered User rules and the free Emerging Threats rules,
 and Snort is busy blocking port scans and all kinds of activity, while not
 bothering/blocking our user's activity.



 Not that we rely solely on Snort - no unnecessary ports are listening to
 the web. No management ports like 22 are open.



 Anyway, Snort doesn’t use much cpu time for our 30 user office, and
 pfSense makes it (kinda) easy to use. Until Suricata arrives for pfSense, I
 think its fine.



 By the way, if you have a decent speed quad-core server with at least 8GB
 ram, you can easily run pfSense, Suricata, and whatever else side by side
 in virtual machines.





 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list

___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] Snort as IPS in Pfsense

2014-09-29 Thread Ivo Tonev
In production environment you need 3 interfaces - one for WAN, one for LAN
and one for management.

http://www.cisco.com/c/en/us/td/docs/security/asa/quick_start/ips/ips_qsg
.html


On Mon, Sep 29, 2014 at 9:24 PM, compdoc comp...@hotrodpc.com wrote:

  But you say: one interface for WAN, a second for

 LAN...and which interface is for managing ???





 You manage with a browser from LAN, and optional also from the WAN port.
 And with ssh from the LAN.



 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list




-- 
Ivo R. Tonev
+55 61 8409-2642
i...@tonev.com.br
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list

Re: [pfSense] recommandation: snort IDS, web http traffic, pfsense

2014-09-28 Thread Ivo Tonev
can you send your network layout ?
how many servers ?

--
Ivo Tonev
i...@tonev.pro.br

 On Sep 28, 2014, at 05:58, Stefan Fuhrmann ste...@fuhrmann.homedns.org 
 wrote:
 
 Hello all,
 
 can someone help?
 
 tia
 Stefan
 
 Am Freitag, 26. September 2014, 15:11:04 schrieb Stefan Fuhrmann:
 Hello all,
 
 I need a recommandation for following setup:
 
 pfsense-cluster
 
 loadbalancers
 
 webservers
 
 There are some thousend visits per day and I want to secure with pfsense and
 snort. Snort runs on lan-site.
 I want to be aware which are the false positives and how to handle this
 traffic with snort and the snort- gui within pfsense?
 Is it now a good idea to enable step by step the categories and doing
 whitelisting of rules , where Im the meaning this traffic should go and
 block the rest?
 Im unsure if there is alot of traffic getting blocked which should pass
 This should dont be happen...
 
 In that firm there is the meaning that we should do blacklisting. Blocking
 only categories where we are secure this is not good traffic.
 In the moment there are several thousend alerts per day!
 
 I would say blocking the alerts and then I do whitelisting via gui.
 Problem: at first there is an error state
 
 Someone can give recommandations how to implement?
 Is it a good idea to configure the files directly on pfsense?
 
 tia
 Stefan
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
 
 ___
 List mailing list
 List@lists.pfsense.org
 https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list