Bookmarked. Much obliged!
1 Like
Token
March 23, 2017, 8:27pm
3
Necro reply, all links broken now.
Zumps
March 23, 2017, 9:09pm
4
You just substitute teksyndicate with level1techs.
sed -i 's/teksyndicate/level1techs/g' text_file_with_the_links
Hey guys,
I wanted to get everyone's opinion on my PFsense/Snort setup. Its my first rodeo for an IPS so be gentle.
My primary goal is to have others ok this setup for best practices/best configurations, I have used snort guides on the net but some are outdated at this point and several heads are better than one right?
The blotted images are private IP addresses on the logs page. My main concern is that there are large amounts of alert events but not all IP addresses get blocked, which worries me that whatever probing they are preforming is getting through or not being stopped by Snort.
So here goes:
WAN setup
[image] [image] [image] [image]
LAN Setup
[image] [image] [image] [image]
I have a pfsense router with 1 gigabit nic (for the LAN) and one 100mbps NIC for the WAN. I want to use VLANs on my LAN, using both VLAN tagging AND mapping to ports on a switch. I have a Linksys LGS308 8 port gigabit smart switch. While trying to map a VLAN to a port on the switch, it makes me "create" the VLAN in the switch. This made me wonder, if I create a VLAN in pfsense, does that mean ONLY pfsense can manage it, and the switch can't do anything with it? Or does the switch manage all the VLANs? I'm confused as to what does what here, all I need to do is know how to map certain VLANs to certain ports, and allow tagged traffic to pass through the non-mapped ports. Please help, I can explain in greater detail if I need to. Thanks
I just recently got pfsense up and running, and when copying an ISO over the network to another PC, my entire network will grind to a halt, using ALL the bandwidth for that ISO transfer. Once the transfer finishes, everything returns to normal, but its very annoying when I'm doing other things and the video I'm watching stops loading. I did some tests and I can't even ping other hosts while the transfer happens. The pfsense web interface won't open either. What should I do? I'm assuming I need to place a limiter of some sort, but I don't know how to go about doing that...
Hi Tek Syndicate. I have more questions about pfsense since thel last time I wrote to inbox.exe So here's what's on my mind. Firstly when in the "turn your old pc into an epic router" video i saw a tab on the pfSense interface that there was a 'VPN' tab, what is that all about? Does it mean that I can have my own VPN that will (in my case living in New Zealand) give me a MUCH lower ping and much higher speeds as the server will be local? As apposed to the closest one being in Australia? If so, would this mean that my internet would only go as fast as my upload speed due to my packets double hopping by going to my isp and then back to me before then going to the website or other ip address? Secondly, I also noticed that in your video you used the old pc as just a access point if i am correct, but I was wondering about modems.. Can you use pfSense as a modem? I managed to find an old RJ11 pci board which i'm assuming has something to do with modems. Another way to ask this question would be; can I use my epic pfSense router and that's it, no other modems or routers or anything like that if I can use the pfSense router as a modem? And thirdly as a sum up question; is there anything pfSense can't do? haha. As in do I HAVE to buy anything, like a branded modem or anything like that? Cheers!
So I've been messing around for a while trying to use a VPN through pfSense (as a client) and didn't have a lot of success. Setting up the VPN is fairly straight forward but I could never get a stable connection. But I finally figured out what the problem is and thought I'd share it with everyone in case someone else was having similar problems. This isn't going to be a guide on setting up a VPN client of pfsense (although if anyone wants I can probably write one up) Most VPN services have a guide for setting it up. This will just explain the problem I was having and how I solved it. The problem I was having with my VPN was that the connection would drop all the time, especially when it was under load. This made it pretty much unusable. But I couldn't figure out what the problem was. I messed around with the keepalive option for openvpn aswell as the ping-restart but neither of these seemed to have any effect. I thought it might have been a problem with packet fragmenting so I messed around with the MTU and MSS settings but this also had no effect. The problem turned out to be caused by pfsense's gateway monitoring daemon. You have probably seen the gateway quality info on the main page of the pfSense webUI. Well the program which gives you that info, apinger, isn't just for displaying info. It is used in multi-WAN setups to switch traffic to a different gateway when the quality drops. In a single WAN configuration it will restart the connection which will cause openVPN to restart aswell. It does this when the latency or packet loss reaches a preset limit, this is when the status changes from a green 'online' to a yellow 'latency', i think the default is around 400ms. There are three ways to fix this, although I've only tried two. The first and simplest is to disable gateway monitoring. This will stop the gateway quality info aswell though. To do it go to system>routing and edit both the WAN and VPN gateway and check the 'disable gateway monitoring' box. The next op…
1 Like