Re: [pfSense-discussion] Online scanning
http://www.grc.com has ShieldsUp! I've used it in the past. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Tue, Apr 14, 2009 at 8:29 AM, cl...@pfsense pfse...@mail-fwd.archie.dk wrote: Sorry for not being more specific :-/ Thorough meaning that it does a good job trying to get in and tries to tell me what can be seen from outside in terms og ports, services behind and maybe vulnerabilities... Something like good old SuperScan from foundstone... Reason for asking here (I am capable of googling :-)) was to get some good referrals that this community could vouch for is not a hacker nest waiting to me install the next rootkit... I want it to scan from remote to tell me how my site looks from the internet and I do not have another public IP I can scan from. Thanks Claus -Original Message- From: Adrian Wenzel [mailto:adr...@lostland.net] Posted At: Tuesday, April 14, 2009 2:55 PM Posted To: pfSense Conversation: [pfSense-discussion] Online scanning Subject: Re: [pfSense-discussion] Online scanning Sorry... googling: online port scanner free Honestly, I've never looked for a service like this. Has anyone? Regards, Adrian - Original Message - From: Adrian Wenzel adr...@lostland.net To: discussion@pfsense.com Sent: Tuesday, April 14, 2009 8:53:59 AM GMT -05:00 US/Canada Eastern Subject: Re: [pfSense-discussion] Online scanning Sounds like they're looking for a service that scans ports remotely, like some of those returned by googling: - Original Message - From: RB aoz@gmail.com To: discussion@pfsense.com Sent: Tuesday, April 14, 2009 8:20:11 AM GMT -05:00 US/Canada Eastern Subject: Re: [pfSense-discussion] Online scanning On Tue, Apr 14, 2009 at 04:10, cl...@pfsense pfse...@mail-fwd.archie.dk wrote: To test my new configuration can anyone recommend a secure, thorough online port scanner ? What qualifies thorough? Although nmap's aggressive mode pretty well covers most there's a port open and this is what it's running scenarios, it's not as thorough as some more limited application scanners, like Metasploit. What are you looking for? - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] OT: simple SMTP relay daemon?
I don't know if it works on FreeBSD but busybox has an SMTP engine. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Fri, Apr 10, 2009 at 2:57 AM, Chris Buechler c...@pfsense.org wrote: On Fri, Apr 10, 2009 at 1:52 AM, David Rees dree...@gmail.com wrote: On Thu, Apr 9, 2009 at 8:07 PM, Chris Buechler c...@pfsense.org wrote: I'm looking for something simple to do nothing but accept SMTP mail from a defined list of hosts allowed to relay and push it off to another SMTP server (using gmail, so must be with auth and TLS). Must run on FreeBSD. Any full blown MTA is out of the question, too complex. I suspect something out there does just what I'm after, but all I'm finding are MTAs or simple apps that don't accept SMTP over the network. Browsing the mail ports in FreeBSD didn't help, though I could have missed something. Anyone have any suggestions? Although it is a full blown MTA, Postfix is lightweight, simple configure and reliable. Lightweight for a full blown MTA, but not lightweight. Postfix is what I started trying actually, but too many missing libraries and other difficulties into getting it running on a pfSense box without a decent amount of effort. I suspect there's a tiny, simple daemon somewhere that will do this without a lot of fuss, I just can't find it. I'd probably turn it into a pfSense package and slap a simple GUI on it. It would essentially be a proxy from SMTP to authenticated SMTP, relaying for SMTP clients on the LAN subnet that don't support authentication. Or as a single point for sending mail from your LAN if you don't have an internal mail server. One of those things I wouldn't run on *my* firewall (that's a server's job), but desired by some and not entirely unreasonable. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] Is there a way to track a specific users web traffic?
Use the lightsquid package. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Apr 9, 2009 at 11:33 AM, Marty Nelson mnel...@transdyn.com wrote: I’m currently running 1.2.1 with Squid and squidGuard, but other than grabbing the log file and sorting through it to find specific IP’s I don’t see a way to track specific users. Any chance there’s that capability somehow? Thanks, -Marty - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] Tool to monitor pfSense
Second that. GWOS is basically Nagios and a few other FOSS applications put together in a package. I monitor a number of SNMP attributes as well as simple ping. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Wed, Apr 8, 2009 at 1:56 PM, jason whitt jason.wh...@gmail.com wrote: Using Ground Work Community Edition On Wed, Apr 8, 2009 at 12:48 PM, Adam Van Ornum greatb...@hotmail.com wrote: To start off with, I tried searching the forums but didn't find anything...I'm probably not using the best search terms though. :) I'm interested in knowing what options are out there for monitoring pfSense so I can quickly be alerted if it goes down. I had a box that was running for a couple of weeks just fine and then all of a sudden started going down randomly so I just replaced it and now I would like some tool so I can be alerted if the machine goes down instead of having people start shouting The Internet is down!. What do you guys use? Thanks, Adam Quick access to your favorite MSN content and Windows Live with Internet Explorer 8. Download FREE now! - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] FreeNAS
OpenFiler would be a great option. I'm running 6TB on one server with MS Exchange and SQL over iSCSI without issue. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Jan 24, 2009 at 11:02 AM, Chris Buechler c...@pfsense.org wrote: On Sat, Jan 24, 2009 at 5:13 AM, Eugen Leitl eu...@leitl.org wrote: IIRC one developer (Chris?) mentioned a number of different pfSense possible flavors, Yes. including a NAS appliance. but no to that part. :) That's one thing that probably won't ever be added, at least not by any of our existing developers. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] snort on 1.2.1
What rules do you have enabled? I've found that by enabling all rules, you're just overloading the box in some way and it kills itself. Try disabling them one at a time. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Sat, Dec 27, 2008 at 2:53 AM, Stefan ste...@fuhrmann.homedns.org wrote: Hello all :) first, thanks for the great work on 1.2.1! I have also snort installed but its killing after some minutes and I dont know why. I can not find a log which is telling me why its stopped. I started snort under shell. The last entry is, that snort is encoding on interface... thats all. Can someone help? tia stefan - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] centralized management with distributed pfsense installations
I believe there is a bounty already started for this on the forums. M0n0wall has/had something like this but I'm not sure how much of the code could be used. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] ipsec saying: racoon: INFO: unsupported PF_KEY message REGISTER
Looks like Phase1 is not even starting. Are you going pfSense to pfSense or another vendor? If Cisco, verifty that you do not have PFS enabled. -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] SIP Problems
I am not familiar with that product, does it do a SIP rewrite for NAT? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] NIC detection
Might want to check the HCL. http://www.pfsense.org/index.php?option=com_contenttask=viewid=46Itemid=51 -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] which VPN client?
Paul, for your vista clients, on the client side, you'll need to change the route method to exe. If you look at your logs more closely, you'll see that the route additions most likely are failing. Curtis On Jan 16, 2008 7:48 AM, Paul M [EMAIL PROTECTED] wrote: Eugen Leitl wrote: What are the current recommendations for an easy/cheap/free VPN client which plays well with PfSense 1.2RC3? Something that works both with Vista and XP? Should I at all bother with IPsec, or just go OpenVPN? Should I just give my user a preconfigured openvpn has been working pretty well for me, using linux, OSX and WindowsXP clients; we can't get Vista to work presently - despite all the routes being correct the vista box doesn't send any traffic to the remote network via the tunnel (despite trying the hacks at http://www.ctunion.com/node/226), so if anyone HAS made vista openvpn work, do shout! Paul -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] which VPN client?
Paul, are you using Vista UAC? Logged in as a super user? Pushed down full control security permissions on the entire OpenVPN directory for the user you are logged in as? Curtis
Re: [pfSense-discussion] which VPN client?
Paul, Sorry to keep nagging on this one, but, are you using the OpenVPN gui or the normal version? And what version of the software are you using? Curtis On Jan 16, 2008 11:27 AM, Paul M [EMAIL PROTECTED] wrote: Curtis LaMasters wrote: Paul, are you using Vista UAC? Logged in as a super user? Pushed down full control security permissions on the entire OpenVPN directory for the user you are logged in as? er, yes, UAC was enabled so I did run-as-admin the openvpngui when connected, the vpn gui raised no errors. netstat -rn indicated the correct routes were created! Yet no traffic flowed. Used tcpdump -l -n -i tun0 on the vpn server and I could see the vpn client ping the server's end of the tunnel but no other traffic came down it! Paul -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] Question about pfSense PPTP/GRE features
One quark of the PPTP package on pfSense is the 16 tunnel limit (that could actually be PPTP in general - I don't use it). If PPTP is not a requirement, I would suggest moving to an OpenVPN architecture. There are plenty of resource on the internet to help you with that or I could directly if need be. Curtis
Re: [pfSense-discussion] noob question
Zied, To answer your first questions sarcastically, yes, the red X in the upper right hand corner. But really, no, I do not believe there is a logout button from the web interface. Secondly, when you install pfSense to hard disk / flash disk / etc and are not running off of the bootable CD w/ floppy storage configuration, you have an extra menu packages which lets you install squid, bandwidthd, snort and a few other very nice tools. Hope that helps. Curtis On 9/18/07, Zied Fakhfakh [EMAIL PROTECTED] wrote: Hello everybody, I'm just starting with pfSense, nd I have a couple of questions - is there any logout button from the web interface ? - how canI install third party softwares, like squid, on pfSense thank you very much. -- Zied Fakhfakh
Re: [pfSense-discussion] full instalation on 4 GB SSD
Honestly I don't know the answer to your questions but keep this in mind, pfSense loads from disk/flash/cd and then run's completely from RAM. Curtis On 8/28/07, Eugen Leitl [EMAIL PROTECTED] wrote: Anyone running a pfSense full installation on a 4 GByte SSD drive? Does it a) work b) well? -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
Re: [pfSense-discussion] drawing network diagrams
OpenOffice's Impress. On 7/11/07, Eugen Leitl [EMAIL PROTECTED] wrote: I've got my pfSense/VLAN setup on SunFire X2100 M2 (with 2 Broadcom interfaces) working (with massive help from a network guru), and will document and post it at some point. I need to document my other network as well -- which (preferrably, open-source, or at least free) tool I can use to draw diagrams like http://doc.m0n0.ch/handbook/examples.html#id2603650 ? Thanks, -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com