Re: [Efw-user] Are EFW appliances any better than the Community version?
I made the switch to pfSense 2-3 years ago and haven't looked back. Use it to replace EFW, Cisco PIX/ASA, etc. every chance I get. From: "efw-user-requ...@lists.sourceforge.net" To: efw-user@lists.sourceforge.net Sent: Tuesday, July 30, 2013 11:05 AM Subject: Efw-user Digest, Vol 81, Issue 5 Send Efw-user mailing list submissions to efw-user@lists.sourceforge.net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/efw-user or, via email, send a message with subject or body 'help' to efw-user-requ...@lists.sourceforge.net You can reach the person managing the list at efw-user-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than "Re: Contents of Efw-user digest..." Today's Topics: 1. Re: Endian with /32 subnet (Cultrure) 2. Are EFW appliances any better than the Community version? (compdoc) 3. Re: Are EFW appliances any better than the Community version? (Matt Hayes) 4. Re: Are EFW appliances any better than the Community version? (compdoc) -- Message: 1 Date: Wed, 24 Jul 2013 09:00:07 +0300 From: Cultrure Subject: Re: [Efw-user] Endian with /32 subnet To: efw-user@lists.sourceforge.net Message-ID: Content-Type: text/plain; charset="iso-8859-1" Enabling and disabling uplink from the web page did the trick. Thank you! 2013/7/24 Stephan Schenk > On the main page disable, enable red. There was a script, also. Something > like restartnetwork, but I don't know that anymore. > > Stephan > > > > > Cultrure schrieb: >> >> I have found RED-interface config at /var/efw/uplinks/main. Actually >> there is two of those called 'data' and 'settings'. I have now edited both. >> Is there a way to restart uplink(RED) without actually restarting whole >> system? >> >> Timo >> >> >> 2013/7/23 Stephan Schenk >> >>> I also had it a long time ago. >>> You have to change it to /32 in the config file after you gave it a /28 >>> for example and then restart the connection. But then you have to ignore >>> the web interface for red properties! >>> My knowledge is of a about 2 years old version. >>> >>> Kind regards >>> Stephan >>> >>> >>> >>> >>> Cultrure schrieb: I'm just trying to follow OVH-hosting instructions http://help.ovh.ie/BridgeClient http://help.ovh.com/IpAlias 2013/7/23 Jonathan Lessa > one subnet / 32 sees only one host, like you would get in touch with > your gateway?? I think the minimum for your provider is really a pass / 28 > for 2 free hosts, the ID and network broadcast. > > > 2013/7/23 Cultrure > >> Dear all, >> >> I've posted this issue to >> http://www.efwsupport.com/index.php/topic,3745.0.html with no replys >> so I'm someone could help me. >> >> How can I setup /32 subnet(255.255.255.255) to my RED interface. When >> using web-ui I get error "The RED IP address or network mask " >> 188.165.136.196/255.255.255.255" is not correct.". Highest possible >> subnet is /28 that I can setup. I also need this subnet to be set on >> IPAliases also. >> >> I'm not able to find the config file when using SSH-connection. >> >> /32 subnet is *required* by our hosting provider. >> >> Thank you. >> Timo >> >> >> -- >> See everything from the browser to the database with AppDynamics >> Get end-to-end visibility with application monitoring from AppDynamics >> Isolate bottlenecks and diagnose root cause in seconds. >> Start your free trial of AppDynamics Pro today! >> >> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk >> ___ >> Efw-user mailing list >> Efw-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/efw-user >> >> > > > -- > Att.: > Jonathan Lessa > > > -- > See everything from the browser to the database with AppDynamics > Get end-to-end visibility with application monitoring from AppDynamics > Isolate bottlenecks and diagnose root cause in seconds. > Start your free trial of AppDynamics Pro today! > > http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk > ___ > Efw-user mailing list > Efw-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/efw-user > > -- See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppD
[Efw-user] Multiple Interfaces on Green - EFW 2.4.1
Been using EFW on small networks for years and looking into using it to replace a couple of Cisco PIX 515E firewalls that are currently linked via VPN on a larger 100 user network. I'm not overly familiar with Cisco and want something more easily manageable. Using a vmware environment to test if EFW can meet the requirements before investing in hardware. I need to be able to setup 4 different zones with VPN links between some of the zones. I am trying to setup two different subnets on Green using two different NICs. Needless to say it's not working so I'm reducing to a basic config with 3 nics: 2 green (eth0 & eth2) w/ 1 IP & 1 red (eth1) w/ 1 IP. I have an XP VM that can ping the green IP when it is attached to the same virtual switch as eth0 but can not ping the green IP when it attached to the same virtual switch as eth2. If I remove eth0 from the green zone then the VM can ping the green IP from the eth2 switch. As soon as I re-add eth0 to the green zone I'm no longer able to ping the green IP via the eth2 switch but can the eth0 switch. Next step will be to take a computer, a laptop, & a crossover cable for my testing but before I do I wanted to know if anybody else had tried this yet on 2.4.1 and confirmed that it worked right. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Bandwidth usage
Does anybody know of a way I could calculate the actual bandwidth consumption on EFW for each zone? Possibly on a dail/weekly/monthly basis. Thanks. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Port-redirect
Just so I don't screw up my production EFW, could someone tell me what I need to do to redirect an outbound port from my green network to another machine on my green network. Want to redirect the following ports to 192.168.200.200: MSN: iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j REDIRECT --to-ports 16667 ICQ/AIM: iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j REDIRECT --to-ports 16667 Yahoo: iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j REDIRECT --to-ports 16667 IRC: iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j REDIRECT --to-ports 16667 Thanks - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] Dell Server
I'm sure it's a bit overkill but the latest person I'm trying to introduce to EFW is wanting to use a DELL POWEREDGE 1650 DUAL 1.26GHZ 1GB 80GB HDD with an additional 80GB HDD for mirroring. http://cgi.ebay.com/DELL-POWEREDGE-1650-DUAL-1-26GHZ-1GB-80GB-HDD_W0QQitemZ200166999794QQihZ010QQcategoryZ51225QQcmdZViewItem Any possible issues that I should be aware of? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Peter, Which version of the rules are you using? When I put the url for the registered user in a browser I get an error message that says "Oink!! The page you requested doesn't exist.". When I change the url to 2.4.tar.gz I get prompted to save the file. However, if I try to use the 2.3 subscriber rules I get an error message that says "You must have an active subscription to download this file". I get the same message for 2.4 as well. I'm wondering if they have made the registered ruleset unavailable and the symptoms you are describing reflect using the subscriber rules which may still available? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Peter, Which version of the rules are you using? When I put the url for the registered user in a browser I get an error message that says "Oink!! The page you requested doesn't exist.". When I change the url to 2.4.tar.gz I get prompted to save the file. However, if I try to use the 2.3 subscriber rules I get an error message that says "You must have an active subscription to download this file". I get the same message for 2.4 as well. I'm wondering if they have made the registered ruleset unavailable and the symptoms you are describing reflect using the subscriber rules which may still available? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
Ok, so doing this broke snort but starting snort from command line I was able to see that it had issues with some of the rules. I had to edit /etc/snort/snort.conf and comment out the following rulesets to get it to work: include $RULE_PATH/ftp.rules include $RULE_PATH/web-client.rules include $RULE_PATH/netbios.rules Afterwards I was able to get snort to start successfully from the console and from the web interface. I haven't looked into the rulesets yet to see which particular rule was causing snort to croak. You can run snort from the command line with the following: snort -c /etc/snort/snort.conf and it will tell you where the problem might be. Offtopic: Anybody have an idea why my name is showing up as h-h2? I've double checked my e-mail options to make sure my name is set correcly. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Problems updating snort
The problem with the updating of snort rules is that the 2.3 ruleset is no longer available on snort.org. I modified the /home/httpd/cgi-bin/ids.cgi file and replaced 2.3 with 2.4 and didn't get the error when I clicked on "download new ruleset". It showed that updated rules were downloaded but I don't know fully if it is fully working or not yet. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
[Efw-user] crontab
I'm trying to port a Smoothwall mod (http://community.smoothwall.org/forum/viewtopic.php?t=14049) over to efw and just about have it working. The problem I'm having is getting the following to run from /etc/crontab: # perfstats */5 * * * * root /usr/local/sbin/pmgraph.pl /home/httpd/html/perfstats /var/log/snort/snort.stats >/dev/null I can run the command from the shell but can't get it or any other command I add to /etc/crontab to run. Suggestions? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
Re: [Efw-user] Efw-user Digest, Vol 17, Issue 15
I too am having a problem updating Snort on 2.1.2, getting the MD5 checksum error. Haven't looked at it too closely yet to see what it could be. What graph in particular is it that you want to see? >From what I can tell the graphs themselves are stored in the unsecured html/ folder and then included in the protected cgi-bin/ folder. You will probably have to make a custom .html page to view the graphs but I think that as long as it is in the html/ folder it would work. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
