Re: [pfSense-discussion] Online scanning
http://www.grc.com has ShieldsUp! I've used it in the past. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Apr 14, 2009 at 8:29 AM, cl...@pfsense wrote: > Sorry for not being more specific :-/ > > Thorough meaning that it does a good job trying to get in and tries to tell > me what can be seen from outside in terms og ports, services behind and maybe > vulnerabilities... Something like good old SuperScan from foundstone... > > Reason for asking here (I am capable of googling :-)) was to get some good > referrals that this community could vouch for is not a hacker nest waiting to > me install the next rootkit... > > I want it to scan from remote to tell me how my site looks from the internet > and I do not have another public IP I can scan from. > > Thanks > Claus > > > -Original Message- > From: Adrian Wenzel [mailto:adr...@lostland.net] > Posted At: Tuesday, April 14, 2009 2:55 PM > Posted To: pfSense > Conversation: [pfSense-discussion] Online scanning > Subject: Re: [pfSense-discussion] Online scanning > > > Sorry... googling: > > online port scanner free > > Honestly, I've never looked for a service like this. Has anyone? > > Regards, > Adrian > > > - Original Message - > From: "Adrian Wenzel" > To: discussion@pfsense.com > Sent: Tuesday, April 14, 2009 8:53:59 AM GMT -05:00 US/Canada Eastern > Subject: Re: [pfSense-discussion] Online scanning > > > Sounds like they're looking for a service that scans ports remotely, like > some of those returned by googling: > > - Original Message - > From: "RB" > To: discussion@pfsense.com > Sent: Tuesday, April 14, 2009 8:20:11 AM GMT -05:00 US/Canada Eastern > Subject: Re: [pfSense-discussion] Online scanning > > On Tue, Apr 14, 2009 at 04:10, cl...@pfsense > wrote: >> To test my new configuration can anyone recommend a secure, thorough online >> port scanner ? > > What qualifies thorough? Although nmap's aggressive mode pretty well > covers most "there's a port open and this is what it's running" > scenarios, it's not as thorough as some more limited application > scanners, like Metasploit. What are you looking for? > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] OT: simple SMTP relay daemon?
I don't know if it works on FreeBSD but busybox has an SMTP engine. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Apr 10, 2009 at 2:57 AM, Chris Buechler wrote: > On Fri, Apr 10, 2009 at 1:52 AM, David Rees wrote: >> On Thu, Apr 9, 2009 at 8:07 PM, Chris Buechler wrote: >>> I'm looking for something simple to do nothing but accept SMTP mail >>> from a defined list of hosts allowed to relay and push it off to >>> another SMTP server (using gmail, so must be with auth and TLS). Must >>> run on FreeBSD. Any full blown MTA is out of the question, too >>> complex. I suspect something out there does just what I'm after, but >>> all I'm finding are MTAs or simple apps that don't accept SMTP over >>> the network. Browsing the mail ports in FreeBSD didn't help, though I >>> could have missed something. >>> >>> Anyone have any suggestions? >> >> Although it is a full blown MTA, Postfix is lightweight, simple >> configure and reliable. >> > > Lightweight for a full blown MTA, but not lightweight. Postfix is what > I started trying actually, but too many missing libraries and other > difficulties into getting it running on a pfSense box without a decent > amount of effort. I suspect there's a tiny, simple daemon somewhere > that will do this without a lot of fuss, I just can't find it. I'd > probably turn it into a pfSense package and slap a simple GUI on it. > It would essentially be a proxy from SMTP to authenticated SMTP, > relaying for SMTP clients on the LAN subnet that don't support > authentication. Or as a single point for sending mail from your LAN if > you don't have an internal mail server. One of those things I wouldn't > run on *my* firewall (that's a server's job), but desired by some and > not entirely unreasonable. > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] Is there a way to track a specific users web traffic?
Use the lightsquid package. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Apr 9, 2009 at 11:33 AM, Marty Nelson wrote: > I’m currently running 1.2.1 with Squid and squidGuard, but other than > grabbing the log file and sorting through it to find specific IP’s I don’t > see a way to track specific users. Any chance there’s that capability > somehow? > > > > Thanks, > > > > -Marty > > - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] Tool to monitor pfSense
Second that. GWOS is basically Nagios and a few other FOSS applications put together in a package. I monitor a number of SNMP attributes as well as simple ping. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Apr 8, 2009 at 1:56 PM, jason whitt wrote: > Using Ground Work Community Edition > > On Wed, Apr 8, 2009 at 12:48 PM, Adam Van Ornum > wrote: >> >> To start off with, I tried searching the forums but didn't find >> anything...I'm probably not using the best search terms though. :) >> I'm interested in knowing what options are out there for monitoring >> pfSense so I can quickly be alerted if it goes down. I had a box that was >> running for a couple of weeks just fine and then all of a sudden started >> going down randomly so I just replaced it and now I would like some tool so >> I can be alerted if the machine goes down instead of having people start >> shouting "The Internet is down!". What do you guys use? >> Thanks, >> Adam >> >> Quick access to your favorite MSN content and Windows Live with Internet >> Explorer 8. Download FREE now! > - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] FreeNAS
OpenFiler would be a great option. I'm running 6TB on one server with MS Exchange and SQL over iSCSI without issue. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Jan 24, 2009 at 11:02 AM, Chris Buechler wrote: > On Sat, Jan 24, 2009 at 5:13 AM, Eugen Leitl wrote: > > > > IIRC one developer (Chris?) mentioned a number of different pfSense > > possible flavors, > > Yes. > > > including a NAS appliance. > > but no to that part. :) > > That's one thing that probably won't ever be added, at least not by > any of our existing developers. > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense-discussion] snort on 1.2.1
What rules do you have enabled? I've found that by enabling all rules, you're just overloading the box in some way and it kills itself. Try disabling them one at a time. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Dec 27, 2008 at 2:53 AM, Stefan wrote: > Hello all :) > first, thanks for the great work on 1.2.1! > > I have also snort installed but its killing after some minutes and I dont > know > why. I can not find a log which is telling me why its stopped. I started > snort > under shell. The last entry is, that snort is encoding on interface... > thats > all. > > Can someone help? > > tia > stefan > > - > To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com > For additional commands, e-mail: discussion-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > >
Re: [pfSense-discussion] centralized management with distributed pfsense installations
I believe there is a bounty already started for this on the forums. M0n0wall has/had something like this but I'm not sure how much of the code could be used. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] Nested queues on traffic shaper
I apologize I cannot answer your question but have you put this up on the forums? Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] can't filter on transparent bridge
Oh, and make sure to disable NAT...but both things I've mentioned are listed in that how-to docI've been successfull in setting up a filtering bridge pretty recently with 1.2RELEASE using that same doc. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Sep 13, 2008 at 8:51 AM, Curtis LaMasters <[EMAIL PROTECTED] > wrote: > Make sure you also have the "bridge with WAN" set on the LAN interface. > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com > > > > On Sat, Sep 13, 2008 at 7:57 AM, Matthias May <[EMAIL PROTECTED]> wrote: > >> >> Eugen Leitl schrieb: >> >>> On Sat, Sep 13, 2008 at 02:50:36PM +0200, Matthias May wrote: >>> >>> >>> >>>> Maybe a dumb question, but is the "Enable filtering bridge" checkbox set >>>> under advanced? >>>> >>>> >>> >>> Yes, as described in >>> http://pfsense.trendchiller.com/transparent_firewall.pdf >>> >>> X Enble filtering bridge >>> This will cause bridged packets to pass through the packet filter in the >>> same way as routed packets do (by default bridged packets are always >>> passed). If you enable this option, you'll have to add filter rules to >>> selectively permit traffic from bridged interfaces. >>> >>> I don't need 3 NICs for transparent/filtering bridge to work, do I? >>> >>> >>> >> You shouldnt need 3 NIC's. >> I'm not sure but you could also try to disable the anti-webgui-lockout >> rule. >> > >
Re: [pfSense-discussion] can't filter on transparent bridge
Make sure you also have the "bridge with WAN" set on the LAN interface. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Sep 13, 2008 at 7:57 AM, Matthias May <[EMAIL PROTECTED]> wrote: > > Eugen Leitl schrieb: > >> On Sat, Sep 13, 2008 at 02:50:36PM +0200, Matthias May wrote: >> >> >> >>> Maybe a dumb question, but is the "Enable filtering bridge" checkbox set >>> under advanced? >>> >>> >> >> Yes, as described in >> http://pfsense.trendchiller.com/transparent_firewall.pdf >> >> X Enble filtering bridge >> This will cause bridged packets to pass through the packet filter in the >> same way as routed packets do (by default bridged packets are always >> passed). If you enable this option, you'll have to add filter rules to >> selectively permit traffic from bridged interfaces. >> >> I don't need 3 NICs for transparent/filtering bridge to work, do I? >> >> >> > You shouldnt need 3 NIC's. > I'm not sure but you could also try to disable the anti-webgui-lockout > rule. >
Re: [pfSense-discussion] weird openVPN behaviour
To change the MTU modify /conf/config.xml. Change the line to 1480 and then be sure to save. I'm not sure if a reboot will be needed for this. At a minimum an interface reset would be needed. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] weird openVPN behaviour
I would try adjusting your MTU to something smaller. Though I don't think it'll solve any openVPN issues, it may help with your reliability issues. What types of wireless equipment are you using (p2p, p2mp, etc). Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] ipsec saying: racoon: INFO: unsupported PF_KEY message REGISTER
Looks like Phase1 is not even starting. Are you going pfSense to pfSense or another vendor? If Cisco, verifty that you do not have PFS enabled. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
[pfSense-discussion] SPAM / eMail Filtering
This probably is the right place to be asking this but hopefully someone will still help. Are there any SPAM/eMail filtering devoted projects like pfSense. I'm just trying to find an extremely cheap (hopefully free) alternative to a Barracuda for a small company. Thanks. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] SIP Problems
Yes it will if you use the SIPROXD package. Your original question stated that you would like to disable any SIP rewrite if pfSense did it. You don't need to disable anything unless you have that package installed. Does that answer your question? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] SIP Problems
I am not familiar with that product, does it do a SIP rewrite for NAT? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] SIP Problems
Nope, unless you install siproxd. What server/client are you using behind the firewall. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] how to change wan interface media from autoselect?
You could try editing the config.xml file with the correct parameters, but I don't know what those would be. You might have better luck with verifying the config on the switch or device you are connected to. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] NIC detection
Might want to check the HCL. http://www.pfsense.org/index.php?option=com_content&task=view&id=46&Itemid=51 -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] which VPN client?
Paul, I am using the OpenVPN GUI v1.0.3 from the link below and I have also included a copy of my client side configuration file on the Vista laptop. ##c:/program files/openvpn/config/vpn.domain.com.ovpn float client dev tun dev-node openvpn proto tcp-client remote xx.xx.xx.xx 1194 route-method exe persist-tun persist-key ca ca.crt cert client1.crt key client1.key ns-cert-type server tls-client comp-lzo ping 10 pull verb 4 http://www.openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
Re: [pfSense-discussion] which VPN client?
Paul, Sorry to keep nagging on this one, but, are you using the OpenVPN gui or the normal version? And what version of the software are you using? Curtis On Jan 16, 2008 11:27 AM, Paul M <[EMAIL PROTECTED]> wrote: > Curtis LaMasters wrote: > > Paul, are you using Vista UAC? Logged in as a super user? Pushed down > > full control security permissions on the entire OpenVPN directory for > > the user you are logged in as? > > er, yes, UAC was enabled so I did run-as-admin the openvpngui > > when connected, the vpn gui raised no errors. "netstat -rn" indicated > the correct routes were created! Yet no traffic flowed. > > Used "tcpdump -l -n -i tun0" on the vpn server and I could see the vpn > client ping the server's end of the tunnel but no other traffic came > down it! > > Paul > -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] which VPN client?
Paul, are you using Vista UAC? Logged in as a super user? Pushed down full control security permissions on the entire OpenVPN directory for the user you are logged in as? Curtis
Re: [pfSense-discussion] which VPN client?
Paul, for your vista clients, on the client side, you'll need to change the route method to exe. If you look at your logs more closely, you'll see that the route additions most likely are failing. Curtis On Jan 16, 2008 7:48 AM, Paul M <[EMAIL PROTECTED]> wrote: > Eugen Leitl wrote: > > What are the current recommendations for an easy/cheap/free VPN > > client which plays well with PfSense 1.2RC3? Something that > > works both with Vista and XP? Should I at all bother with > > IPsec, or just go OpenVPN? Should I just give my user a preconfigured > > openvpn has been working pretty well for me, using linux, OSX and > WindowsXP clients; > > we can't get Vista to work presently - despite all the routes being > correct the vista box doesn't send any traffic to the remote network via > the tunnel (despite trying the hacks at > http://www.ctunion.com/node/226), so if anyone HAS made vista openvpn > work, do shout! > > Paul > -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] which VPN client?
Personally, I like OpenVPN with pfSense. With the help of Scott's easyrsa4pfsense scripts available from the forums, you can easily generate and manage at least a small number of SSL certificates. At work we have 25 users all with individual certificates so I can add them to the revocation list if need be. At home I'm using pfSense as well and have a site to site setup with OpenVPN using SSL as well and everything is working just the way I would like it to. I hope that helps. Curtis
Re: [pfSense-discussion] HOW MUCH TRUST ON PFSENSE ?
I have a very similar setup with two pfSense 1.2rc3's setup in a failover state. They are running on Dell 1U servers with 3 NIC's and have operated quite well for the last 3 months with about twice the number you have stated there. One problem I did run into was during the migration to pfSense we also migrated ISP'; during that process we use proxy ARP to use the IP addresses from the other ISP to be used on pfSense. Let's just say it didn't go smoothly, but everything is operational and we are happy with the cost savings. Curtis
Re: [pfSense-discussion] Question about pfSense PPTP/GRE features
One quark of the PPTP package on pfSense is the 16 tunnel limit (that could actually be PPTP in general - I don't use it). If PPTP is not a requirement, I would suggest moving to an OpenVPN architecture. There are plenty of resource on the internet to help you with that or I could directly if need be. Curtis
[pfSense-discussion] Mechanization
In accordance with this subject, I would propose a single page that would allow the bulk additions of firewall and nat entries. Something to the effect of checkboxes, dropdown menu's and blanks that would allow the bulk add of these items. Example. Allow/Deny (checkbox) from (blank) to (drop down menu or blank) eq (TCP/UDP/IP blank) / Make NAT Entry (checkbox) Which, I guess is copying Cisco and others but probably is the best way to do bulk adds. Curtis
Re: [pfSense-discussion] noob question
Zied, To answer your first questions sarcastically, yes, the red X in the upper right hand corner. But really, no, I do not believe there is a logout button from the web interface. Secondly, when you install pfSense to hard disk / flash disk / etc and are not running off of the bootable CD w/ floppy storage configuration, you have an extra menu "packages" which lets you install squid, bandwidthd, snort and a few other very nice tools. Hope that helps. Curtis On 9/18/07, Zied Fakhfakh <[EMAIL PROTECTED]> wrote: > > Hello everybody, > > I'm just starting with pfSense, nd I have a couple of questions > > - is there any logout button from the web interface ? > - how canI install third party softwares, like squid, on pfSense > > thank you very much. > > -- > Zied Fakhfakh > >
Re: [pfSense-discussion] full instalation on 4 GB SSD
Honestly I don't know the answer to your questions but keep this in mind, pfSense loads from disk/flash/cd and then run's completely from RAM. Curtis On 8/28/07, Eugen Leitl <[EMAIL PROTECTED]> wrote: > > > Anyone running a pfSense full installation on a 4 GByte SSD drive? > Does it a) work b) well? > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > __ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] drawing network diagrams
OpenOffice's Impress. On 7/11/07, Eugen Leitl <[EMAIL PROTECTED]> wrote: I've got my pfSense/VLAN setup on SunFire X2100 M2 (with 2 Broadcom interfaces) working (with massive help from a network guru), and will document and post it at some point. I need to document my other network as well -- which (preferrably, open-source, or at least free) tool I can use to draw diagrams like http://doc.m0n0.ch/handbook/examples.html#id2603650 ? Thanks, -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com