Re: [pfSense Support] SNORT on pfSense w/ Email?
Is there anyway to configure Snort on pfSense to do this without adding any software? We are looking to have these deployed at multiple remote locations and would like to have them just let us know when something bad happens. Next step will be to figure out how to get Nagios to report this for us. Curtis Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: [pfSense Support] SNORT on pfSense w/ Email?
I don't see why not. Use a logfile analysis tool like Simple Event Correlator (SEC) to watch your Snort logfile. Once it finds the event you are interested in, it can spawn an external command, one of which could be to e-mail you. See the SEC website for more details: http://simple-evcorr.sourceforge.net/ _ From: Curtis LaMasters [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 2:01 PM To: support@pfsense.com Subject: [pfSense Support] SNORT on pfSense w/ Email? Is their a way to get the SNORT portion of the software to email me when an even or alert occurs? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
[pfSense Support] SNORT on pfSense w/ Email?
Is their a way to get the SNORT portion of the software to email me when an even or alert occurs? -- Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com
RE: [pfSense Support] Dropped WAN connections
The new satellite link is much better than the old, I have been through enough of them to know Hybrid phone out sat in KU Sat in and out 512 K in and 20 K out KA Sat in and out 1024 K in and 200 K out I have been using pfSense since 1.0 I think and generally it has worked quite well. It was only late summer when this started to become an issue my provide said it was my tree (its bare now so .) but I think it was close to the time I put and update to pfSense on I just don't remember whether it was 1.2 RC1 or RC2 It used to stay up for weeks on end. I have a couple of suggestions to try and a week in Jamaica coming up. Maybe one of those things will help. Thanks. -Original Message- From: Paul M [mailto:[EMAIL PROTECTED] Sent: Friday, January 18, 2008 5:04 AM To: support@pfsense.com Subject: Re: [pfSense Support] Dropped WAN connections Ron Lemon wrote: > I have a satellite internet connection, both in and out, attached to a > pfSense 1.2RC3 box. long ago when I played with a satellite internet link, it was windows only, and required some special software on the windows box which spoofed the 3 way handshake and also ACKs to give the IP stack a false sense of improved latency. As long as the signal was good so packet loss was small, it worked OK. It worked well for FTP and WWW when you didn't care about latency, as once data was streaming it came down pretty fast. Interactive use - ssh for example - was almost impossible, and uplink speed was very poor. my point being that you'll have to mess about a lot with timer settings to make satellite link work properly without timeouts, whether you can find some sort of tun/tap driver which will do the spoofing and improve perceived latency is another matter. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Odd Application Behavior Requirement
On Jan 18, 2008 9:02 AM, Curtis LaMasters <[EMAIL PROTECTED]> wrote: > I'm doing a 1:1 NAT for each of these servers; they are on the same VLAN if > that matters. But it doesn't seem to matter weather or not NAT reflection > is enabled. The 1:1 NAT will do it, I assumed it was a port forward. It's kinda incompatible with NAT reflection (since that passes through userland, we can really only handle a smattering of ports at a time). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] vista_problem
yes the Vista machines sees all the devices on the network
net config on vista is the same i disabled ipv6
pfsense rules are wide open between the source and destination
ms netmon 3.1 prints
4866137.566868 {TCP:75, IPv4:74} x.x.x.x
x.x.x.x TCP TCP: Flags=.S.., SrcPort=53637,
DstPort=9000, Len=0, Seq=3230012014, Ack=0, Win=8192 (scale factor 0) = 8192
4918140.559039 {TCP:75, IPv4:74} x.x.x.x
x.x.x.x TCP TCP: Flags=.S.., SrcPort=53637,
DstPort=9000, Len=0, Seq=3230012014, Ack=0, Win=8192 (scale factor 0) = 8192
4986146.559382 {TCP:75, IPv4:74} x.x.x.x
x.x.x.x TCP TCP: Flags=.S.., SrcPort=53637,
DstPort=9000, Len=0, Seq=3230012014, Ack=0, Win=8192 (scale factor 0) = 8192
4993153.039753 {TCP:75, IPv4:74} x.x.x.x
x.x.x.x TCP TCP: Flags=F...A..., SrcPort=9000,
DstPort=53637, Len=0, Seq=4073603, Ack=3230012015, Win=4096 (scale
factor not found)
tcpdump for windows prints
15:58:19.409978 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
15:58:20.423046 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
15:58:21.437099 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
15:58:22.452214 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
15:58:23.466206 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
15:58:24.480281 IP LOCAL32.9001 > 255.255.255.255.9000: UDP, length 6
with pfsense disabled it is working with VISTA
Luigi
At 03:31 PM 18/01/2008, you wrote:
Is the Vista machine able to see other devices on the network (ie:
inside your LAN)? Is the networking configuration information for
the Vista machine identical to the XP Pro machine? What shows up in
the pfSense firewall logs? Have you used tcpdump to capture the
packet traffic and ensure its actually hitting the
interfaces? Whatever problem you are having, its either specific to
the Vista machine, or your firewall rules.
-Gary
Vino wrote:
Hi,
I have a problem with windows VISTA connecting to an Aten KVM
switch cn6000. behind PFsense 1.2rc4 with client tool or web based
i am running pfsense in filtered bridge mode
with Vista (vista firewall disabled or enabled) and PFsense set
with all ports open , source and destination set properly and
using all or any protocol setting, there is no connection whatsoever.
with windows XP pro from within the same network it works well
of course disabling PFsense altogether makes it work.
any suggestions?
regards,
Luigi
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Odd Application Behavior Requirement
I'm doing a 1:1 NAT for each of these servers; they are on the same VLAN if that matters. But it doesn't seem to matter weather or not NAT reflection is enabled. Unfortunately, the application server is "hands off" for my company, so making host file mod's isn't possible at this point. Curtis
Re: [pfSense Support] Odd Application Behavior Requirement
On Jan 18, 2008 4:06 AM, Paul M <[EMAIL PROTECTED]> wrote: > Curtis LaMasters wrote: > > I have a client that that has an application server being installed very > > soon that will require them to send and email to a server that is on the > > can't you use a different DNS server (or use "views" - > http://www.zytrax.com/books/dns/ch7/view.html ), or hack the hosts file > on the server so that it doesn't get the external interface IP? > > if NAT reflection doesn't work, can you do something with a userspace > listener on pfsense which forwards port 25 (jumpgate sort of thing)? That's exactly how the nat reflection in pfsense works. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Doubt and problem with load balancer
We're a first match system. Make sure your ACL allowing access to the DMZ is in front of the load balancer rule. --Bill On Jan 18, 2008 6:04 AM, David Barbero <[EMAIL PROTECTED]> wrote: > > Hello everyone. > > I have a question regarding the load balancer system, the ip monitor > has to be the router > ip or external ip to our network? > > The problem I have is the following, I am setting up a 1.2-RC3 version > with two WAN, one > LAN and one DMZ, I followed the manual > http://www.netlife.co.za/content/view/34/34/ and I > am setting the load balancer as failover and when I change the gateway > in LAN filter rule > to the name of the balancer, I haven't access to the dmz from lan, I > tried to make rules > that specifically allow access lan from the dmz, but I do not have access. > > It happens that you can be? Or if some manual that I know of a clue, > it is also valid. > > Sorry for my bad English... > > Regards. > > -- > "Linux is for people who hate Windows, BSD is for people who love UNIX" > "Social Engineer -> Because there is no patch for human stupidity" > > > This message was sent using IMP, the Internet Messaging Program. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] vista_problem
remember that Vista tries to use IPv6 as the default protocol instead of IPv4. double check your network connection settings that they are properly configured under vista as it is a little bit more finicky. -Sean -- From: "Gary Buckmaster" <[EMAIL PROTECTED]> Sent: Friday, January 18, 2008 9:31 AM To: Subject: Re: [pfSense Support] vista_problem Is the Vista machine able to see other devices on the network (ie: inside your LAN)? Is the networking configuration information for the Vista machine identical to the XP Pro machine? What shows up in the pfSense firewall logs? Have you used tcpdump to capture the packet traffic and ensure its actually hitting the interfaces? Whatever problem you are having, its either specific to the Vista machine, or your firewall rules. -Gary Vino wrote: Hi, I have a problem with windows VISTA connecting to an Aten KVM switch cn6000. behind PFsense 1.2rc4 with client tool or web based i am running pfsense in filtered bridge mode with Vista (vista firewall disabled or enabled) and PFsense set with all ports open , source and destination set properly and using all or any protocol setting, there is no connection whatsoever. with windows XP pro from within the same network it works well of course disabling PFsense altogether makes it work. any suggestions? regards, Luigi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] vista_problem
Is the Vista machine able to see other devices on the network (ie: inside your LAN)? Is the networking configuration information for the Vista machine identical to the XP Pro machine? What shows up in the pfSense firewall logs? Have you used tcpdump to capture the packet traffic and ensure its actually hitting the interfaces? Whatever problem you are having, its either specific to the Vista machine, or your firewall rules. -Gary Vino wrote: Hi, I have a problem with windows VISTA connecting to an Aten KVM switch cn6000. behind PFsense 1.2rc4 with client tool or web based i am running pfsense in filtered bridge mode with Vista (vista firewall disabled or enabled) and PFsense set with all ports open , source and destination set properly and using all or any protocol setting, there is no connection whatsoever. with windows XP pro from within the same network it works well of course disabling PFsense altogether makes it work. any suggestions? regards, Luigi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] vista_problem
Hi, I have a problem with windows VISTA connecting to an Aten KVM switch cn6000. behind PFsense 1.2rc4 with client tool or web based i am running pfsense in filtered bridge mode with Vista (vista firewall disabled or enabled) and PFsense set with all ports open , source and destination set properly and using all or any protocol setting, there is no connection whatsoever. with windows XP pro from within the same network it works well of course disabling PFsense altogether makes it work. any suggestions? regards, Luigi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Doubt and problem with load balancer
Hello everyone. I have a question regarding the load balancer system, the ip monitor has to be the router ip or external ip to our network? The problem I have is the following, I am setting up a 1.2-RC3 version with two WAN, one LAN and one DMZ, I followed the manual http://www.netlife.co.za/content/view/34/34/ and I am setting the load balancer as failover and when I change the gateway in LAN filter rule to the name of the balancer, I haven't access to the dmz from lan, I tried to make rules that specifically allow access lan from the dmz, but I do not have access. It happens that you can be? Or if some manual that I know of a clue, it is also valid. Sorry for my bad English... Regards. -- "Linux is for people who hate Windows, BSD is for people who love UNIX" "Social Engineer -> Because there is no patch for human stupidity" This message was sent using IMP, the Internet Messaging Program. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Odd Application Behavior Requirement
Curtis LaMasters wrote: > I have a client that that has an application server being installed very > soon that will require them to send and email to a server that is on the can't you use a different DNS server (or use "views" - http://www.zytrax.com/books/dns/ch7/view.html ), or hack the hosts file on the server so that it doesn't get the external interface IP? if NAT reflection doesn't work, can you do something with a userspace listener on pfsense which forwards port 25 (jumpgate sort of thing)? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dropped WAN connections
Ron Lemon wrote: > I have a satellite internet connection, both in and out, attached to a > pfSense 1.2RC3 box. long ago when I played with a satellite internet link, it was windows only, and required some special software on the windows box which spoofed the 3 way handshake and also ACKs to give the IP stack a false sense of improved latency. As long as the signal was good so packet loss was small, it worked OK. It worked well for FTP and WWW when you didn't care about latency, as once data was streaming it came down pretty fast. Interactive use - ssh for example - was almost impossible, and uplink speed was very poor. my point being that you'll have to mess about a lot with timer settings to make satellite link work properly without timeouts, whether you can find some sort of tun/tap driver which will do the spoofing and improve perceived latency is another matter. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] RE: [pfSense-discussion] 1.2-RC4 released!
Scott Ullrich wrote: > hearing of this problem and 1.2-RC4 has been downloaded thousands of > times already. I know that you may have encountered a problem but > please do not spread FUD, thanks. 1.2RC4 upgrade on a regular server worked for us faultlessly; pfSense gets better and better! The community is the icing on the cake! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
