[pfSense Support] barnyard2 -- spool directory
hi all, been playing more with snort on 1.2.3 using the latest Snort 2.8.5.3 pkg v. 1.19 i am able to get snort running, however, barnyard2 wont start as it says that the spool directory is not specified. in the snort.sh script, barnyard2 does not have the -d option with spool directory specified, so barnyard2 complains anyone know of a fix for this? thanks m - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: TCP Connection Closed on Client But pfsense States Still Established
On 3/30/2010 3:25 PM, Oliver Hansen wrote: I tried posting this specifically before and didn't have any luck ( http://www.mail-archive.com/support@pfsense.com/msg19099.html ) but now that I have contacted Microsoft I have a few more details to ask the questions with. Here is the basic scenario: - On the server, TCP session timeouts have been lowered to 5 minutes (through a reg edit that MS support had me make) - The client application has been shut down and netstat shows no connections open to the server - The server still shows many (up to 30) connections to the client long after the 5 minute timeout window - The pfSense (1.2.3-RC3) GUI Diagnostics - States table shows sessions between the client and server as ESTABLISHED:ESTABLISHED - The client and server are in two different subnets connected by an IPSec VPN Now, is there anything in pfSense that would keep a session open even after the client has closed it and the server's TCP timeout window has passed? The way MS Support was explaining it to me, they said the server would send out a message to see if the client was still around and it would only be keeping the session open if something was responding on the client's behalf. She said to look for any setting on the router such as tcp keep alive or idle keep alive but the only thing I see is under VPN settings for the Keep Alive IP to ping which I thought was only to keep the tunnel up by pinging a host on the remote subnet. Thank for any help! Is there anyone who can give me some advice on what to check? I'd be perfectly happy to show MS that the routers are not causing the problem but I'm not sure how to do that. If a state exists on the router between two computers and the state is not shown on either of the two computers, what should I be looking for in a packet capture? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: TCP Connection Closed on Client But pfsense States Still Established
- Oliver Hansen oliver.han...@gmail.com wrote: On 3/30/2010 3:25 PM, Oliver Hansen wrote: I tried posting this specifically before and didn't have any luck ( http://www.mail-archive.com/support@pfsense.com/msg19099.html ) but now that I have contacted Microsoft I have a few more details to ask the questions with. Here is the basic scenario: - On the server, TCP session timeouts have been lowered to 5 minutes (through a reg edit that MS support had me make) - The client application has been shut down and netstat shows no connections open to the server - The server still shows many (up to 30) connections to the client long after the 5 minute timeout window - The pfSense (1.2.3-RC3) GUI Diagnostics - States table shows sessions between the client and server as ESTABLISHED:ESTABLISHED - The client and server are in two different subnets connected by an IPSec VPN Now, is there anything in pfSense that would keep a session open even after the client has closed it and the server's TCP timeout window has passed? The way MS Support was explaining it to me, they said the server would send out a message to see if the client was still around and it would only be keeping the session open if something was responding on the client's behalf. She said to look for any setting on the router such as tcp keep alive or idle keep alive but the only thing I see is under VPN settings for the Keep Alive IP to ping which I thought was only to keep the tunnel up by pinging a host on the remote subnet. Thank for any help! Is there anyone who can give me some advice on what to check? I'd be perfectly happy to show MS that the routers are not causing the problem but I'm not sure how to do that. If a state exists on the router between two computers and the state is not shown on either of the two computers, what should I be looking for in a packet capture? The state has timed out or has been closed on the endpoints, *NOT* the router/firewall which will keep these states until the state table timeout has been reached. If no data has passed on this state in the allotted time, the state will expire and be removed. If you want this to happen quicker, look at the Firewall Optimization Options under System -- Advanced. I don't have a system running pfSense newer than 1.2.2 currently available to check, but you might even be able to specify the timeout value manually in later versions. HTH. --Tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] TCP Connection Closed on Client But pfsense States Still Established
On Tue, Mar 30, 2010 at 6:25 PM, Oliver Hansen oliver.han...@gmail.com wrote: I tried posting this specifically before and didn't have any luck ( http://www.mail-archive.com/support@pfsense.com/msg19099.html ) but now that I have contacted Microsoft I have a few more details to ask the questions with. Here is the basic scenario: - On the server, TCP session timeouts have been lowered to 5 minutes (through a reg edit that MS support had me make) - The client application has been shut down and netstat shows no connections open to the server - The server still shows many (up to 30) connections to the client long after the 5 minute timeout window - The pfSense (1.2.3-RC3) GUI Diagnostics - States table shows sessions between the client and server as ESTABLISHED:ESTABLISHED - The client and server are in two different subnets connected by an IPSec VPN Now, is there anything in pfSense that would keep a session open even after the client has closed it and the server's TCP timeout window has passed? Any connection in the state table will be open until the firewall's state timeout (which you can specify more granularly on a per-rule basis if desired), or the connection is closed by the client or server. The timeout on the servers have nothing to do with the firewall, unless they actually close the TCP connection, not just drop it, at the end of that timeout. Without a pcap showing the actual traffic, there's no telling what's happening. The only sure thing is neither the client or server is closing the TCP connection if you see it as ESTABLISHED:ESTABLISHED. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] TCP Connection Closed on Client But pfsense States Still Established
On Mon, Apr 5, 2010 at 8:55 AM, Chris Buechler cbuech...@gmail.com wrote: On Tue, Mar 30, 2010 at 6:25 PM, Oliver Hansen oliver.han...@gmail.com wrote: I tried posting this specifically before and didn't have any luck ( http://www.mail-archive.com/support@pfsense.com/msg19099.html ) but now that I have contacted Microsoft I have a few more details to ask the questions with. Here is the basic scenario: - On the server, TCP session timeouts have been lowered to 5 minutes (through a reg edit that MS support had me make) - The client application has been shut down and netstat shows no connections open to the server - The server still shows many (up to 30) connections to the client long after the 5 minute timeout window - The pfSense (1.2.3-RC3) GUI Diagnostics - States table shows sessions between the client and server as ESTABLISHED:ESTABLISHED - The client and server are in two different subnets connected by an IPSec VPN Now, is there anything in pfSense that would keep a session open even after the client has closed it and the server's TCP timeout window has passed? Any connection in the state table will be open until the firewall's state timeout (which you can specify more granularly on a per-rule basis if desired), or the connection is closed by the client or server. The timeout on the servers have nothing to do with the firewall, unless they actually close the TCP connection, not just drop it, at the end of that timeout. Without a pcap showing the actual traffic, there's no telling what's happening. The only sure thing is neither the client or server is closing the TCP connection if you see it as ESTABLISHED:ESTABLISHED. Thank you for the information Tim and Chris. It definitely helps to give me more information to troubleshoot with. Knowing I can alter the state timeout in a firewall rule is something I did not know and is a great help. Is there somewhere I can look to find the default? I tried looking in the pf.conf (I think that was the file) the other day but I wasn't sure what it would be called or if it would be in there if it was just the default. I did see the Optimization rules under System - Advanced but I am wary of changing that for fear of breaking other things and I doubt that is the cause or I probably would have found others with the same problem. I will do some more checking with monitoring the states on the firewall, client and server then get back with MS to try and figure out this issue. Thanks again for the info and help.
[pfSense Support] bandwidth in config.xml
Hello, what meaning do these lines in config.xml have please? bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype I know that for setting up speed and duplex we use media and mediaopt Thanks! Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bandwidth in config.xml
On Mon, Apr 5, 2010 at 3:55 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Hello, what meaning do these lines in config.xml have please? bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype Those were added with the initial shaper over 5 years ago. Then later, config upgrade code unset that when the shaper changed, but it was never removed from the default config. It doesn't do anything anymore, will probably be removed from the default config. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense unresponsive
Hiya Im trying to build a redundant failover firewall solution with pfsense. On the network there are other FreeBSD servers that is using Carp. Im finding that my solution is every now and then becoming unresponsive. Could it be that my setup is clashing or is being affected. Would a firewall rule to listen and accept only on the LAN suffice? I found this .. http://www.mail-archive.com/support@pfsense.com/msg15045.html and its kinda in line with the problems im facing. Kind Regards and thank you if someone can help. Brent Clark - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfsense unresponsive
Hiya Im trying to build a redundant failover firewall solution with pfsense. On the network there are other FreeBSD servers that is using Carp. Im finding that my solution is every now and then becoming unresponsive. Could it be that my setup is clashing or is being affected. Would a firewall rule to listen and accept only on the LAN suffice? I found this .. http://www.mail-archive.com/support@pfsense.com/msg15045.html and its kinda in line with the problems im facing. Kind Regards and thank you if someone can help. Brent Clark - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] pfsense unresponsive
On Mon, Apr 5, 2010 at 4:56 PM, Brent Clark brentgclarkl...@gmail.com wrote: Hiya Im trying to build a redundant failover firewall solution with pfsense. On the network there are other FreeBSD servers that is using Carp. Im finding that my solution is every now and then becoming unresponsive. Could it be that my setup is clashing or is being affected. Would a firewall rule to listen and accept only on the LAN suffice? No. You have to make sure you aren't using conflicting VHIDs as that will result in conflicting MAC addresses, which will result in all kinds of problems. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Avaya + pfsense
Avaya voip + pfsense Any got it to work? Sent via BlackBerry from T-Mobile - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Avaya + pfsense
On Mon, Apr 5, 2010 at 6:31 PM, jgarciaitl...@gmail.com wrote: Avaya voip + pfsense Any got it to work? Yes. If it doesn't out of the box, see: http://doc.pfsense.org/index.php/VoIP_Configuration - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
Bula Tim, any help on how could i connect to the client PC's on my pfsense LAN interface as current i set my LAN interface to DHCP pool address. Joseph. On Sat, Apr 3, 2010 at 6:28 PM, Tortise tort...@paradise.net.nz wrote: - Original Message - From: Tim Dickson To: supp...@pfsense.comsent: Saturday, April 03, 2010 5:36 PM Subject: RE: [pfSense Support] VPN LAN TO LAN Errr.. After all that - forgot to change the TO: . sorry list! Well I for one appreciate your comments and advice cause this is where probably many of us advance our learning so thank you! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Avaya + pfsense
We tried over ipsec to get avaya voip over ipsec And failed. --Original Message-- From: Chris Buechler To: support@pfsense.com ReplyTo: support@pfsense.com Subject: Re: [pfSense Support] Avaya + pfsense Sent: Apr 5, 2010 6:55 PM On Mon, Apr 5, 2010 at 6:31 PM, jgarciaitl...@gmail.com wrote: Avaya voip + pfsense Any got it to work? Yes. If it doesn't out of the box, see: http://doc.pfsense.org/index.php/VoIP_Configuration - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sent via BlackBerry from T-Mobile - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VPN LAN TO LAN
any help on how could i connect to the client PC's on my pfsense LAN interface as current i set my LAN interface to DHCP pool address. Take a look here: http://doc.pfsense.org/index.php/OpenVPN_Bridging I'm assuming that's what you are asking... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Avaya + pfsense
On Mon, Apr 5, 2010 at 8:15 PM, jgarciaitl...@gmail.com wrote: We tried over ipsec to get avaya voip over ipsec And failed. And failed to provide any useful info or packet captures or anything that could help someone tell you why. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Avaya + pfsense
we cannot use siproxd because the rv042( the other ends of the tunnels , has rv 04e and a sonicwall) does not have that option. I do not know what scrubbing is though. In rare circumstances, scrubbing needs to be disabled under System Advanced. We could not get avaya voip phones phone to speak to each other, I assumed dropped packets. Even with one branch having pfsense at the other end. Thanks --Original Message-- From: Chris Buechler To: support@pfsense.com ReplyTo: support@pfsense.com Subject: Re: [pfSense Support] Avaya + pfsense Sent: Apr 5, 2010 8:32 PM On Mon, Apr 5, 2010 at 8:15 PM, jgarciaitl...@gmail.com wrote: We tried over ipsec to get avaya voip over ipsec And failed. And failed to provide any useful info or packet captures or anything that could help someone tell you why. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sent via BlackBerry from T-Mobile
Re: [pfSense Support] Avaya + pfsense
On Mon, Apr 5, 2010 at 11:11 PM, jgarciaitl...@gmail.com wrote: we cannot use siproxd because the rv042( the other ends of the tunnels , has rv 04e and a sonicwall) does not have that option. I do not know what scrubbing is though. In rare circumstances, scrubbing needs to be disabled under System Advanced. We could not get avaya voip phones phone to speak to each other, I assumed dropped packets. Even with one branch having pfsense at the other end. You'll never need siproxd and don't have to worry about static port in an IPsec scenario, those are strictly needed with NAT in some circumstances. On the side where the phones are, go to Diagnostics Packet capture, choose interface LAN, enter the IP of one of the phones, and click Start. Reboot the phone and try to make a call. Click Stop. Download the resulting pcap, upload it somewhere, and paste the link back here. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org