Announcement

Collapse
No announcement yet.

PFSense Firewall Group purchase interest

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Originally posted by Pete View Post
    I did on two computers yesterday and had no issues:
    ..
    Well, I was not so lucky with my upgrade on my Beelink (BT3 PRO II, Vendor: Z85_B012, Version: 5.11). It was quite the disaster, which took more than 2 full days to get back to baseline. What started it all was that when upgrading to 2.4.5-RELEASE (amd64), the installation locked up with the error message: "atkbd0 : [GIANT LOCKED]." In the process of trying to fix the problem, I thought that I "bricked" the Beelink. The solution to the problem was found on FreeBSD forum: "unset hint.uart.1.at." With every reboot, I have to do this, now, because there appears to be no text editor as part of the pfSense installation to edit /boot/device.hints. Elliott

    Comment


    • FWIW, this thread is what raised my awareness as to the value of a firewall. Early in the thread I decided to move forward with a Qotom pfsense firewall. It has performed very well. Big thanks to Pete for the help in getting it setup. The pfsense software has a steep learning curve but once you get the hang of it, it is really slick. My network is somewhat complex with 3 separate routers/networks so I got the 4 port version. For a single router network, the 2 port version should be fine.

      Comment


      • Richel

        You can install nano on BSD box (PFSense). Vi is a PITA to use.

        /root: pkg install nano

        Updating pfSense-core repository catalogue...
        pfSense-core repository is up to date.
        Updating pfSense repository catalogue...
        Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
        Fetching packagesite.txz: 100% 141 KiB 144.5kB/s 00:01
        Processing entries: 100%
        pfSense repository update completed. 522 packages processed.
        All repositories are up to date.
        The following 1 package(s) will be affected (of 0 checked):

        New packages to be INSTALLED:
        nano: 4.6 [pfSense]

        Number of packages to be installed: 1

        The process will require 2 MiB more space.
        495 KiB to be downloaded.

        Proceed with this action? [y/N]: y
        [1/1] Fetching nano-4.6.txz: 100% 495 KiB 506.6kB/s 00:01
        Checking integrity... done (0 conflicting)
        [1/1] Installing nano-4.6...
        [1/1] Extracting nano-4.6: 100%

        root: nano -V
        GNU nano, version 4.6
        (C) 1999-2011, 2013-2019 Free Software Foundation, Inc.
        (C) 2014-2019 the contributors to nano
        Email: nano@nano-editor.org Web: https://nano-editor.org/
        Compiled options: --enable-utf8


        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
        HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
        HS4 Lite -

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

        Comment


        • Originally posted by Pete View Post
          Richel

          You can install nano on BSD box (PFSense). Vi is a PITA to use.

          /root: pkg install nano....
          Thanks, Pete. I knew you would have a solution!

          Comment


          • Buy one of the Qotoms and ship it over here and I will configure it for you.
            - Pete

            Auto mator
            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
            HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
            HS4 Lite -

            X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

            Comment


            • FWIW, this thread is what raised my awareness as to the value of a firewall. Early in the thread I decided to move forward with a Qotom pfsense firewall. It has performed very well. Big thanks to Pete for the help in getting it setup. The pfsense software has a steep learning curve but once you get the hang of it, it is really slick.
              I fully concur with this. I set mine up with a 32 GB SSD and finding that it is getting pretty full and would like to clone it to a 60 GB SSD that I have available. Pointers on doing this would be appreciated. I do not want to go through a start from zero setup again as everything is working so well that it would be hard to recreate.

              Comment


              • Yes here have always used a 32 Gb drive.

                Currently looks like:

                7% of 27GiB - ufs

                That said you can do a bit copy with DD in Linux and I have heard that this works.

                Another way maybe is to use the Windows bit copy program Win32 to copy an image over then writing the image and expanding it to 120Gb.

                or

                Back up your configuration. Write a new configuration on your new drive and restore the backup. If all of the hardware is identical then it should work.

                - Pete

                Auto mator
                Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                HS4 Lite -

                X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                Comment


                • The operatives are "I have heard that this works" and "then it should work.". I don't want to muck with it until I am confident my efforts will result in something positive.

                  Every time I look at pfSense I get a crash report notification. I just ignore it since everything is working as I desire. If ain't broke don't fix it.

                  Click image for larger version

Name:	Capture.PNG
Views:	56
Size:	212.6 KB
ID:	1374186
                  I likely have more firewall protection via pfSense so this is driving SSD use up.
                  Attached Files

                  Comment


                  • Yes you have to fix that error first.

                    I have 8 Gb of RAM here and it uses only 5 Gb of RAM. I do write but not save logs to RAM.

                    I am not graphing traffic. Looks also to be an issue with PFBlocker.

                    Or it could be that you have a bad RAM stick? How much RAM do you have in your PFSense box?

                    Here is an identical issue posted on the PFSense forum and related to PFBlocker.

                    hxxps://forum.netgate.com/topic/142702/allowed-memory-size-exhausted/12

                    This syopsis here is that it points to a configuration issue relating to the PFBlocker configuration.

                    The 32Gb to 120Gb update will not fix your issues. It is either in:

                    Start simple:

                    1 - remove PFBlocker and reinstall it. Here using default set up and a couple of pin holes. Also now you need to register with Maxmind and get a key to use PFBlocker.

                    2 - configuration of PFBlocker
                    3 - hardware memory stick issue. - probably not an issue.

                    BTW here keep my old PFSense box intact in case I need to failover to it. It is an old core duo computer with a BCM motherboard.

                    Back up to back up is a firmware updated Linksys SOHO router.


                    PFSense runs on any thing (Intel / AMD).

                    If you want create a test user on your box and let me have SSH access. I can do a reverse proxy via SSH to get to the Web GUI.


                    - Pete

                    Auto mator
                    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                    HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                    HS4 Lite -

                    X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                    Comment


                    • pfSense SNORT service: I have installed SNORT and am wondering how to configure it with respect to the various options. Currently, I am only monitoring the WAN side and wondering about adding the LAN side. Thanks, Elliott

                      Comment


                      • Guessing you have registered with a snort oinkmaster code (follow the links to register).

                        By definition:

                        Snort is an intrusion detection and prevention system. It can be configured to simply log detected network events to both log and block them. Thanks to OpenAppID detectors and rules, Snort package enables application detection and filtering.

                        A video (better than me explaining it).



                        Personally do haven't looked at my settings in years now...that using PFBlocker along with Snort.

                        Ran through settings really fast...

                        So first page...first tab

                        Snort Interfaces - WAN - pattern match AC-BNFA barnyard 2 status disabled

                        Snort global

                        X Enable Snort VRT - get an oinkcode
                        X Click to enable download of Snort GPLv2 Community rules
                        X Enable ET Open
                        Update interval - one day
                        Remove Blocked Hosts Interval - default (1 hour)
                        X - Remove Blocked Hosts After Deinstall
                        X - Keep Snort Settings After Deinstall

                        Updates, Alerts , Blocked , pass lists, supress, IPLists, SID Management, Log MG and Sync


                        Self explanatory.

                        BTW put Snort alerts on your Dashboard to watch.











                        - Pete

                        Auto mator
                        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                        HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                        HS4 Lite -

                        X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                        Comment


                        • Originally posted by Pete View Post
                          Guessing you have registered with a snort oinkmaster code (follow the links to register).

                          ...
                          Thanks, Pete. I'm also looking at Suricata for intrusion detection. Elliott

                          Comment



                          • I just watched a video on tweaking Suricata for nefarious IPs in a corporate environment. Just learning about Suricata. Never knew it existed.

                            Note here have no configured open ports and try to utilize VPN primarily and SSH (with security settings and long passwords) if no VPN is running on the firewall I am accessing.


                            Found an interesting video on You Tube:

                            Security & Intrusion Detection With pfsense, Suricata, pfblocker and blocking what's missed



                            here ==> reading ==> hxxps://resources.infosecinstitute.com/open-source-ids-snort-suricata/#gref

                            One of the main benefits of Suricata is that it was developed much more recently than Snort. This means it has many more features on board that are virtually unmissable these days. One of those features is support for multithreading. The increase in network traffic over the years has been closely followed by the processing demands on IDS devices (measured in packets per second). Fortunately, Suricata supports multithreading out of the box. Snort, however, does not support multithreading. No matter how many cores a CPU contains, only a single core or thread will be used by Snort. There is a rather complicated workaround; running multiple SNORT single thread instances, all feeding into the same log. The added overheads to manage this process (AutoFP) and the high cost of hardware, however, mean this setup is rarely found in production environments. SNORT3 will support multithreading, but it is still in Alpha stage, running as Snort++. Of course, it is not advised to use an Alpha stage product in a production environment. Multithreading is undoubtedly a strong argument to consider Suricata over Snort.

                            Interesting thread from 2014...Snort vs Suricata


                            Just installed it to check it out. Will tinker baby steps and switch off Snort after a few days.
                            - Pete

                            Auto mator
                            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                            HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                            HS4 Lite -

                            X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                            Comment


                            • Originally posted by Pete View Post
                              I just watched a video on tweaking Suricata for nefarious IPs in a corporate environment. Just learning about Suricata. Never knew it existed.......
                              Just installed it to check it out. Will tinker baby steps and switch off Snort after a few days.
                              I saw that note, too, comparing Snort to Suricata. That's why I have been looking into Suricata.

                              However, see also this video on Snort https://www.youtube.com/watch?v=-GgqYq5-EBg
                              The guy doing the tutorial did one on Suricata, which at the time he liked better than Snort. He may have changed his mind.

                              Elliott

                              Comment


                              • OK so watched the video last night and removed the unconfigured Suricata. Noticed that I had configured OpenAppID on Snort but is was configured with the defaults.

                                Then looked at it granularly and noticed it wasn't starting. BUT I am guessing it has not ran for a while.

                                Here is the error I am getting in syslog when starting Snort.
                                Apr 5 09:06:46 php /tmp/snort_em136912_startcmd.php: The command '/usr/local/bin/snort -R 36912 -D -q --suppress-config-log -l /var/log/snort/snort_em136912 --pid-path /var/run --nolock-pidfile -G 36912 -c /usr/local/etc/snort/snort_36912_em1/snort.conf -i em1' returned exit code '1', the output was ''
                                Apr 5 09:06:46 snort 71684 FATAL ERROR: /usr/local/etc/snort/snort_36912_em1/snort.conf(6) !any is not allowed in EXTERNAL_NET.
                                Googling I read that there was / is an issue with using the Cloudfllare DNS IP: 1.1.1.1. and that both PFBlocker and or Snort did not know what to do with that IP as this is the first time anyone has ever used the IP 1.1.1.1

                                So removed it and it still would not start.

                                Did read that I shouldn't have a !any on the external interfaces automagically configured on Snort. So looking at my list only thing I did not understand the IPv6 addresses. The IPv4 ips looked OK.

                                I shut off IPv6 one of the two external WAN interfaces and Snort worked. Dunno. I want to keep IPv6 on so asking on the PFSense forum about the issue.

                                It could be the virtual subnets in the VPN server that I created but I did do the defaults and it is working great and I do not have IPv6 enabled in the VPN server (IPSec).

                                I also have noticed recently here that my speeds are OK but getting to sites is a bit slower than say a month ago. I do still have issues with Cocoontech and using Firefox unless I use Firefox in safe mode. If I use Chrome (Linux) then I have now issues. That and while doing VPN to another PFSense box my DNS appears to be messed up and initally web surfing starts slow then it becomes OK. I did forward some routes on opposite side PFSense box to get it to work. Note that this is all in Linux.

                                Never look these days and it has been years (literally). I have the PFSense box connected to one APC UPS (nothing else) and just noticed that my up time is 10 minutes on the UPS and the battery has not been replaced in over 10 years. I did replace two UPS batteries last fall on my Cyber Power 1500's. Have my Tripp Lite working but with no serial connection. Power never has gone out here for more than a couple of minutes anyhow.
                                - Pete

                                Auto mator
                                Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
                                Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
                                HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
                                HS4 Lite -

                                X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

                                Comment

                                Working...
                                X