Re: [pfSense] bacula-client 7.0.5 on pfsense 2.2
i'd use "find" and there is also a pseudo config file in a bin directory which points to the actual fd executable that t find. You can edit the top section of that to reflect your install. I'll take a look on my system and get back to you. Yudhvir ਯੁਧੱਵੀਰ408 915 9709 -- Original message--From: J. EchterDate: Sun, Feb 8, 2015 10:17 AMTo: list@lists.pfsense.org;Subject:Re: [pfSense] bacula-client 7.0.5 on pfsense 2.2 Yes it was working on the old pfsense, i checked the config and it still shows the same contents. How do i check for a double install? i already removed and reinstalled the package. thanks Am 08.02.2015 um 18:39 schrieb mehmasa...@gmail.com: You don't mention if you had fd working on the earlier version of pf. You must have checked the config file for password and dir settings. The upgrade might have changed it because this might be a fresh install of fd. You say it is not listening, that sounds like there is an attempt at a new install. Check for multiple installs. Yudhvir ਯੁਧੱਵੀਰ408915 9709 -- Original message--From: J. Echter Date: Sun, Feb 8, 2015 4:56 AMTo: pfSense support and discussion;Subject:[pfSense] bacula-client 7.0.5 on pfsense 2.2Hi,i'm fiddling with bacula-client on upgraded pfsense 2.2.i don't see any error in the logs, i don't see any error with bacula-fd-f (run in foreground) -d 10 (debug level 10)i even don't see it spitting out errors as the config file isn't existant[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ls/usr/local/etc/bacula/bacula-fd.confls: /usr/local/etc/bacula/bacula-fd.conf: No such file or directory[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ps aux | grep bacularoot59559 0.0 0.2 56420 7364 - Ss1:50PM 0:00.00/usr/local/sbin/bacula-fd -u root -g wheel -v -c/usr/local/etc/bacula/bacula-fd.confroot99408 0.0 0.1 18884 2384 0 S+1:50PM 0:00.00 grepbaculanetstat doesn't show it listening too:Active Internet connectionsProto Recv-Q Send-Q Local Address Foreign Address (state)tcp4 0 0 pfsense.https 10.0.1.14.38261 TIME_WAITtcp4 0 0 pfsense.38791 10.0.1.14.40513 ESTABLISHEDtcp6 0 0 localhost.3493 localhost.56539 ESTABLISHEDtcp6 0 0 localhost.56539localhost.3493 ESTABLISHEDudp4 0 0 192.168.100.1.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *. * udp4 0 0 192.168.4.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.1.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.3.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 pfsense.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp6 0 0 localhost.ntp *.* udp4 0 0 localhost.ntp *.* udp6 0 0 fe80::d227:88ff:.ntp *.* udp4 0 0 192.168.2.1.ntp *.* udp4 0 0 host-62-245-238-.1194 *.* udp4 0 0 localhost.tftp *.* udp4 0 0 localhost.tftp-proxy *.* icm4 0 0 host-62-245-238-.* *.*any hints to solve this?thanks!!___pfSense mailing listhttps://lists.pfsense.org/mailman/listinfo/listSupport the project with Gold! https://pfsense.org/gold ___pfSense mailing listhttps://lists.pfsense.org/mailman/listinfo/listSupport the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] bacula-client 7.0.5 on pfsense 2.2
You don't mention if you had fd working on the earlier version of pf. You must have checked the config file for password and dir settings. The upgrade might have changed it because this might be a fresh install of fd. You say it is not listening, that sounds like there is an attempt at a new install. Check for multiple installs. Yudhvir ਯੁਧੱਵੀਰ408 915 9709 -- Original message--From: J. EchterDate: Sun, Feb 8, 2015 4:56 AMTo: pfSense support and discussion;Subject:[pfSense] bacula-client 7.0.5 on pfsense 2.2Hi,i'm fiddling with bacula-client on upgraded pfsense 2.2.i don't see any error in the logs, i don't see any error with bacula-fd-f (run in foreground) -d 10 (debug level 10)i even don't see it spitting out errors as the config file isn't existant[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ls/usr/local/etc/bacula/bacula-fd.confls: /usr/local/etc/bacula/bacula-fd.conf: No such file or directory[2.2-RELEASE][root@pfsense.workgroup.local]/conf: ps aux | grep bacularoot59559 0.0 0.2 56420 7364 - Ss1:50PM 0:00.00/usr/local/sbin/bacula-fd -u root -g wheel -v -c/usr/local/etc/bacula/bacula-fd.confroot99408 0.0 0.1 18884 2384 0 S+1:50PM 0:00.00 grepbaculanetstat doesn't show it listening too:Active Internet connectionsProto Recv-Q Send-Q Local Address Foreign Address (state)tcp4 0 0 pfsense.https 10.0.1.14.38261 TIME_WAITtcp4 0 0 pfsense.38791 10.0.1.14.40513 ESTABLISHEDtcp6 0 0 localhost.3493 localhost.56539 ESTABLISHEDtcp6 0 0 localhost.56539localhost.3493 ESTABLISHEDudp4 0 0 192.168.100.1.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.4.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.1.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 192.168.3.1.ntp*.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp4 0 0 pfsense.ntp *.* udp6 0 0 fe80::21b:21ff:f.ntp *.* udp6 0 0 localhost.ntp *.* udp4 0 0 localhost.ntp *.* udp6 0 0 fe80::d227:88ff:.ntp *.* udp4 0 0 192.168.2.1.ntp*.* udp4 0 0 host-62-245-238-.1194 *.* udp4 0 0 localhost.tftp *.* udp4 0 0 localhost.tftp-proxy *.* icm4 0 0 host-62-245-238-.* *.*any hints to solve this?thanks!!___pfSense mailing listhttps://lists.pfsense.org/mailman/listinfo/listSupport the project with Gold! https://pfsense.org/gold___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Snort as IPS in Pfsense
Kickstarter had/has a campaign by iguardian to create a snort appliance. It looks like something you are trying to do. Instead of pf, it is based on openwrt. Check it out. Yudhvir > On Sep 29, 2014, at 4:22 PM, Ivo Tonev wrote: > > I don't like the bridge approach because if you have many vlans it become > very complicated. > > I always use the router approach because I can configure the IDS for one > interface and IPS for another. > > If you don't have enough IP addresses, you can use invalid IP on firewall WAN > and create a route on your router to reach your range. > >> On Sep 29, 2014 7:31 PM, "Jeronimo L. Cabral" wrote: >> Dear, do I have to have 3 network interfaces or 2 interfaces are enough to >> implement the IPS??? Because I think I'll have 1 promiscuos WAN, 1 >> promiscuos LAN and 1 management. >> >> The Pfsense firewall has to be setup as BRIDGE if want to put it between >> the router and the corporate firewall ??? >> >> Special thanks, >> >> JeLo >> >>> On Mon, Sep 29, 2014 at 5:35 PM, compdoc wrote: >>> > Here is a good place to start regarding Suricata or Snort. >>> > >>> >http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/ >>> >>> >>> >>> Is the free to use version of Snort going away? I scanned the page >>> mentioned above but it seems unclear. >>> >>> >>> >>> Suricata sounds like an excellent replacement given the advanced features, >>> but I have to say Snort is doing a fine job for us. >>> >>> >>> >>> I use the free Registered User rules and the free Emerging Threats rules, >>> and Snort is busy blocking port scans and all kinds of activity, while not >>> bothering/blocking our user's activity. >>> >>> >>> >>> Not that we rely solely on Snort - no unnecessary ports are listening to >>> the web. No management ports like 22 are open. >>> >>> >>> >>> Anyway, Snort doesn’t use much cpu time for our 30 user office, and pfSense >>> makes it (kinda) easy to use. Until Suricata arrives for pfSense, I think >>> its fine. >>> >>> >>> >>> By the way, if you have a decent speed quad-core server with at least 8GB >>> ram, you can easily run pfSense, Suricata, and whatever else side by side >>> in virtual machines. >>> >>> >>> >>> >>> >>> >>> ___ >>> List mailing list >>> List@lists.pfsense.org >>> https://lists.pfsense.org/mailman/listinfo/list >> >> >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] New guy to Pfsense needs advice
Senior year in what program? Yudhvir > On Sep 8, 2014, at 5:09 PM, Hamdan Khalifah wrote: > > Hello everyone, > > I am a senior year I have project about Pfsense, and I am not sure which > should I focus on Routing, Firewall, VPN, or other stuff. > > May you advise me which field of Pfsense is great for a senior project? > > Note: Im not good at programming. > > Thank you all. > > Dan > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disable antispoofing on an interface
Sorry fat fingered the reply. Is there something on the other end of the Ping to answer? Yudhvir > On Jul 17, 2014, at 7:11 PM, Mehmasarja Darks wrote: > > That block is on a TCP packet, not UDP. Also, is there something on the > othersid > Yudhvir > >> On Jul 17, 2014, at 4:26 PM, Adam Thompson wrote: >> >>> On 14-07-17 12:32 PM, NetSys Pro wrote: >>> Here's the output: >>> >>> Jul 17 21:27:50 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 0, length 64 >>> Jul 17 21:27:52 fw2 pf: 00:00:01.885014 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 1, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:52 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 2, length 64 >>> Jul 17 21:27:52 fw2 pf: 00:00:00.358395 rule 5/0(match): block in on re2: >>> (tos 0x0, ttl 128, id 1110, offset 0, flags [DF], proto TCP (6), length 40) >>> Jul 17 21:27:52 fw2 pf: 192.168.6.106.54118 > 23.214.64.109.443: Flags >>> [R.], cksum 0x4fe4 (correct), seq 1951833685, ack 1897326514, win 0, length >>> 0 >>> Jul 17 21:27:53 fw2 pf: 00:00:00.628387 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 2, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:53 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 3, length 64 >>> Jul 17 21:27:54 fw2 pf: 00:00:01.148349 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 3, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:54 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 4, length 64 >>> Jul 17 21:27:55 fw2 pf: 00:00:00.874917 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 4, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:55 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 5, length 64 >>> Jul 17 21:27:56 fw2 pf: 00:00:01.011050 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 5, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:56 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 6, length 64 >>> Jul 17 21:27:57 fw2 pf: 00:00:00.989951 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 6, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:57 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 7, length 64 >>> Jul 17 21:27:58 fw2 pf: 00:00:00.995826 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 7, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:58 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 8, length 64 >>> Jul 17 21:27:59 fw2 pf: 00:00:01.031938 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 8, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:27:59 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 9, length 64 >>> Jul 17 21:28:00 fw2 pf: 00:00:00.971443 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 9, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:28:00 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 10, length 64 >>> Jul 17 21:28:01 fw2 pf: 00:00:01.040452 rule 159/0(match): pass in on re0: >>> (tos 0x0, ttl 62, id 10, offset 0, flags [none], proto ICMP (1), length 84) >>> Jul 17 21:28:01 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >>> 43547, seq 11, length 64 >>> >>> What do you think? >> >> Since there's only one "block" in that list, I'm going to speculate that it >> represents your missing packet. Also, it refers to "re2" which is likely >> your OPT1 interface if you did things conventionally. >> I don't know what rule 5 is, although anything with that low a # is likely >> to be a system-generated rule. >> On my system, it's the "Default deny rule IPv6", although that doesn't sound >> likely in your case. >> You'll want to run "pfctl -vv -s rules | more" and tell us what rule 5 is. >> It's almost certainly going to be a Default-Deny rule, which means you're >> missing a firewall rule somewhere. >> Do you have a rule allowing all protocols from OPT1 to LAN? >> -- >> -Adam Thompson >> athom...@athompso.net >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disable antispoofing on an interface
That block is on a TCP packet, not UDP. Also, is there something on the othersid Yudhvir > On Jul 17, 2014, at 4:26 PM, Adam Thompson wrote: > >> On 14-07-17 12:32 PM, NetSys Pro wrote: >> Here's the output: >> >> Jul 17 21:27:50 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 0, length 64 >> Jul 17 21:27:52 fw2 pf: 00:00:01.885014 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 1, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:52 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 2, length 64 >> Jul 17 21:27:52 fw2 pf: 00:00:00.358395 rule 5/0(match): block in on re2: >> (tos 0x0, ttl 128, id 1110, offset 0, flags [DF], proto TCP (6), length 40) >> Jul 17 21:27:52 fw2 pf: 192.168.6.106.54118 > 23.214.64.109.443: Flags [R.], >> cksum 0x4fe4 (correct), seq 1951833685, ack 1897326514, win 0, length 0 >> Jul 17 21:27:53 fw2 pf: 00:00:00.628387 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 2, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:53 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 3, length 64 >> Jul 17 21:27:54 fw2 pf: 00:00:01.148349 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 3, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:54 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 4, length 64 >> Jul 17 21:27:55 fw2 pf: 00:00:00.874917 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 4, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:55 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 5, length 64 >> Jul 17 21:27:56 fw2 pf: 00:00:01.011050 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 5, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:56 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 6, length 64 >> Jul 17 21:27:57 fw2 pf: 00:00:00.989951 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 6, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:57 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 7, length 64 >> Jul 17 21:27:58 fw2 pf: 00:00:00.995826 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 7, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:58 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 8, length 64 >> Jul 17 21:27:59 fw2 pf: 00:00:01.031938 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 8, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:27:59 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 9, length 64 >> Jul 17 21:28:00 fw2 pf: 00:00:00.971443 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 9, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:28:00 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 10, length 64 >> Jul 17 21:28:01 fw2 pf: 00:00:01.040452 rule 159/0(match): pass in on re0: >> (tos 0x0, ttl 62, id 10, offset 0, flags [none], proto ICMP (1), length 84) >> Jul 17 21:28:01 fw2 pf: 10.6.2.10 > 192.168.6.106: ICMP echo request, id >> 43547, seq 11, length 64 >> >> What do you think? > > Since there's only one "block" in that list, I'm going to speculate that it > represents your missing packet. Also, it refers to "re2" which is likely > your OPT1 interface if you did things conventionally. > I don't know what rule 5 is, although anything with that low a # is likely to > be a system-generated rule. > On my system, it's the "Default deny rule IPv6", although that doesn't sound > likely in your case. > You'll want to run "pfctl -vv -s rules | more" and tell us what rule 5 is. > It's almost certainly going to be a Default-Deny rule, which means you're > missing a firewall rule somewhere. > Do you have a rule allowing all protocols from OPT1 to LAN? > -- > -Adam Thompson > athom...@athompso.net > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] naive suggestion: conform to US laws
I second nixing the thread. pfSense does not benefit from this. Mehma On Oct 11, 2013, at 3:40 PM, Jim Thompson wrote: > >> On Oct 11, 2013, at 12:39, Thinker Rix wrote: >> >> Again: The real threat by my comprehension is not some "guy in the internet" >> trying to place malicious code into the code base, but simply and plainly >> some NSA officers knock the door an force the project leaders to do it. > > Please cite the law they might use to so this. > > Hint: it doesn't exist. > > Hint 2: if you think Lavabit applies, you're part of the problem. > > Otherwise: get off my lawn. > > I'm willing to listen to: > > "I've dreamed up this possible attack that could inject bad code into > pfSense." > > And especially, "I think I've found a problem." > > I'm not willing to endure this uninformed Alex Jonesian crapfest. > > Now that I'm back on US soil, I promise that if the later continues, I will > kill the thread. People who hijack threads will be dealt with. > > I simply don't have time for it, and the people who actually work on pfSense > don't gave time for it. > > Nor will I endure the besmirching of pfSense's good name and trademark. > > If you have real issues, or even theories supported by minimal evidence, > bring them forward. > > Otherwise: STFU. > > Jim > > > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Odd circumstances
This has nothing to do with pfSense misbehaving I'm sure. However, it makes good reading. And who knows, maybe there is a sympathetic soul out there who has shed sweat over this ahead of me. A couple of package installs rendered pf 2.0 on an embedded Alix unusable. Removing the packages in guy not work and resorting to the command line and deleting stuff made the situation better. Was able to boot the machine and ping out from the lan and wan interfaces. However, no LAN machine could access the Internet. Checked and rechecked DNS entires and decided to stick a fresh cf card and fresh install. Did a manual configure and wizard configure and came up with the same behavior. Hmmm... Tried restoring an earlier working backup configuration and nothing changes. Cannot call the ISP cuz the Internet works and my LAN machines access the net fine with just a wifi router. Maddeningly, there is nothing in the logs, nothing that pftop or packet capture show which is out of the ordinary. There is traffic on the LAN side and nothing on the wan side. And I swear I can ping yahoo.com from both LAN and wan interfaces. That same ping does not work from a LAN computer. Finally, I notice the pfSense appliance responds very slowly and suspect there may be a hardware issue. I'll check it's dmesg. Mehma ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list