Re: [pfSense] Shutdown Interface?

[pfsense]

Not at All Doug I just do not see the need for Strawberry's either and I hope 
there is a deep frost soon.


Robert


> On Dec 11, 2015, at 3:33 PM, Doug Lytle  wrote:
> 
> It would appear you're just interested in being confrontational.  I have you 
> have a nice day.
> 
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
> 

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

[WebDawg]

On Fri, Dec 11, 2015 at 9:03 AM, Robert Obrinsky  wrote:
> I am sorry to hear of the distributed responsibilities for the network, and
> that only makes your job harder.
>
> Any possibility of using a protocol analyzer (Wireshark) to see what is
> going out and where it is going? If you have managed switches with port
> mirroring capabilities, you can strategically place the protocol analyzer to
> see what kind of traffic (i.e. - services) is leaving your network, and also
> see what kind of traffic is coming in.
>
> I don't think pfSense has live logs (I am still fairly new to this product),
> but I have used other firewall products that do have this feature. The live
> logs have been very useful in determining what IP addresses are being
> contacted, what services are being requested, and who is attempting to do
> reconnaissance (port scanning) on your network from outside. Other than
> that, you will need to analyze the existing logs - not a task I ever look
> forward to. This is also one reason I like protocol analyzers, but for some
> reason, most IT departments won't spend the time to learn them and use them.
>
> At some point, you may need to consider hardware. It is possible that the
> WAN interface is defective and just shuts down under moderate to heavy
> traffic.Have you been able to assess the packets/second hitting your WAN on
> this interface during the attacks? There are many on the forums who maintain
> that Intel and Broadcom NICs are robust and perform best in pfSense, and
> that Realtek NICs are problematic at best. I cannot confirm those opinions
> and just don't have the setup to make a definitive test. I use Realtek NICs
> in my firewalls, but my office is unlikely to see the variety and
> utilization that your networks do.
>
>

pfSense can do tcpdumps on any interface.  I get that ddos attacks are
meant to shut a WAN connection down, my biggest thing about this issue
was that the firewall was freezing.  Is not that one of the parts
about getting the correct hardware and configuring a firewall
correctly?

I would go with the cronjob suggestion that was posted a while back if
you are looking to shutdown the interface overall.  I think it is a
good idea to check what is doing it though (causing the freeze), it is
nothing to get some bandwidth anymore to do these attacks and while
your WAN connection will not work, a firewall should not freeze.

It makes me want to ddos my own boxes.

Wireshark is just the tip of the iceburg anymore, they have entire web
based suites that are dedicated to protocol inspection.  Even live
stuff.

In your firewall rule sets, are you droping or rejecting?  I only
reject when I know systems need that reject back.  Like when some
software waits and waits and waits for a timeout because the automatic
update for specific software cannot connect to home.  Even then, this
is on the LAN side.  This is just basic stuff.

It sounds like you have a nice pipe coming into your pfSense box.

It would help this list if you could say what type of attack it is,
and what traffic they are sending your way.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Shutdown Interface?

[WebDawg]

On Fri, Dec 11, 2015 at 3:33 PM, Doug Lytle  wrote:
> It would appear you're just interested in being confrontational.  I have you 
> have a nice day.
>
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

You guys just need to relax.  I too hate the fact that everyone pushes
google on people now too.  This is a support list for pfSense stuff
and not your ideals though.  Everyone is entitled to post anything
they think would help.

Is not that the reason this list exists?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Lost limiter config after upgrade

[Ugo Bellavance]

Hi,

We upgraded from 2.0.1-RELEASE to 2.2.4-RELEASE and the limiter that 
worked on 2.0.1 stopped working.  This limiter (and sub-limiters) is 
located on an inside interface and its role is to limit the traffic that 
can come in.  This firewall is at a remote site and we replicate backups 
there.  We use this limiter because the bandwidth at the remote site is 
higher than at our main site.  Using this limiter avoids saturating our 
main site's WAN link and cause slowdowns.


Looking at the config diffs, it looks like the  tags have 
changed during the upgrade.  It looked like ?1 and ?2 and now it looks 
like labels.  Also, the  tag seem to include more stuff now.


It was 28 and now it looks like


28
Mb
none




Thanks,

Ugo

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Best automated configuration backup options for 2.1.5?

[Brian Gupta]

It looks like most are for 1.x.

Thanks,
Brian
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] HAproxy question

[C. R. Oldham]

Thanks Chris and Ivo for your responses.

I was unaware that our topology for the network was a little unusual and in
fact there is another service outside the firewall listening on the IP I
wanted to use.  This (unsurprisingly) was making anything trying to use
that IP very unreliable.


--cro


On Sat, Dec 12, 2015 at 5:38 AM, Ivo Tonev  wrote:

> Run "netstat -anl | grep LISTEN | grep 443" ( for tcp ) to verify on whitch
> port/ip haproxy and openvpn are running. Openvpn don't listen on VIP.
> Em 12/12/2015 10:31, "C. R. Oldham"  escreveu:
>
> > Actually I think I characterized this problem the wrong way.
> >
> > It appears that neither haproxy nor nginx (when used as a proxy) are
> > reliable on our pfSense firewall.  They will work for a while, then they
> > stop passing traffic for a while, then they work awhile.  Restarting them
> > doesn't make them responsive immediately.  I am at a loss to explain
> this.
> > I've confirmed there are no other processes listening on port 443 on any
> IP
> > (virtual or physical).  If anyone has ideas I'd love to hear them.
> >
> > --cro
> >
> >
> > On Fri, Dec 11, 2015 at 8:14 AM, C. R. Oldham  wrote:
> >
> > > Greetings,
> > >
> > > We've recently replaced both our routers with pfSense.  I am using tinc
> > > for site-to-site VPN and OpenVPN for clients to connect.
> > >
> > > Since some of our support engineers often end up onsite with
> customers, I
> > > want to enable OpenVPN over TCP port 443--we've noticed that many of
> our
> > > customers block outbound UDP, but using the https port works fine.
> > >
> > > However, we also have haproxy on our firewall proxying for some web
> > > applications on port 443. but on a different virtual IP from OpenVPN.
> > If I
> > > enable OpenVPN on the TCP port, haproxy stops working, even though they
> > are
> > > listening on different IPs.
> > >
> > > I have appropriate firewall rules for both virtual IPs in place.
> > >
> > > Can anyone shed some insight on how I can fix this?
> > >
> > > Thanks.
> > >
> > > --cro
> > >
> > >
> > ___
> > pfSense mailing list
> > https://lists.pfsense.org/mailman/listinfo/list
> > Support the project with Gold! https://pfsense.org/gold
> >
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] HAproxy question

[C. R. Oldham]

On Sat, Dec 12, 2015 at 7:38 AM, Kostas Backas  wrote:

> Do you have Snort in your setup? I've seen IPS causing this behavior.
>
>
Good suggestion.  We don't have it installed however.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] DHCP/Local DNS ping host name

[C. R. Oldham]

On Sat, Dec 12, 2015 at 8:29 AM, Ryan Coleman  wrote:

> I’m totally having a brain far weekend on this… but there’s a way (or so I
> think) to link the DNS and DHCP hostnames… How do I do that?
>
>
Services->DNS Resolver, DHCP Registration and Static DHCP checkboxes.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold