"
hi
i installed 16.7.1
and IDS theme is not loading ...
please put your commnet
tnx
i installed 16.7.1
and IDS theme is not loading ...
please put your commnet
tnx
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
16.7 Legacy Series / Re: Upgrading to 16.7, known issues and workarounds
August 24, 2016, 03:43:03 PM #2
General Discussion / NANO PFSense vs NANO OPNsense
April 03, 2016, 02:38:58 PM
After my survey i saw that NANO PFSense had /cfg partition.
Why we don't have such partition on NANO OPNsense ?
and What we should do to have such structure to reach Fault Tolerance?
Regards,
Hosein
Why we don't have such partition on NANO OPNsense ?
and What we should do to have such structure to reach Fault Tolerance?
Regards,
Hosein
#3
16.1 Legacy Series / Re: IDS on Bridge Mode do not detect private IP attack
March 07, 2016, 02:53:50 PM
This is my test senario:
http://sm.uploads.im/E8OeG.png
I run IDS in firewall and enable all scan rules.
after scanning LAN1 (192.168.1.100) with NMAP, no allert shown in firewall
but after editing HOME_NET like below:
IDS give me the expected alert for scanning.
so
I think that, Suricata only detect attacks with HOME_NET destination.
is this a true?
Regards,
Hosein
http://sm.uploads.im/E8OeG.png
I run IDS in firewall and enable all scan rules.
after scanning LAN1 (192.168.1.100) with NMAP, no allert shown in firewall
but after editing HOME_NET like below:
Code Select
//--Original
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
//--Replace with below line:
HOME_NET: "[192.168.1.0/24,10.0.0.0/8,172.16.0.0/12]"IDS give me the expected alert for scanning.
so
I think that, Suricata only detect attacks with HOME_NET destination.
is this a true?
Regards,
Hosein
#4
16.1 Legacy Series / Re: IDS on Bridge Mode do not detect private IP attack
March 07, 2016, 01:02:12 PM
Hi Franco
Thanks for the reply.
as i tested in routing mode, if i my red network have Private IP Address ( 192.168.0.0/16) , i should change HOME_NET config to detect attacks from red local network.
so
Am i doing any thing wrong ?
looking forward to see this option in web interface :)
Regards,
Hosein
Thanks for the reply.
Quoteso naturally we try to work on routing-based features and that works ok without HOME_NET.
as i tested in routing mode, if i my red network have Private IP Address ( 192.168.0.0/16) , i should change HOME_NET config to detect attacks from red local network.
so
Am i doing any thing wrong ?
QuoteHowever, I think we can add this to an upcoming version as an option, but it'll likely have to be configured manually.
looking forward to see this option in web interface :)
Regards,
Hosein
#5
16.1 Legacy Series / IDS on Bridge Mode do not detect private IP attack
March 05, 2016, 11:06:17 AM
hi
I am using OPNsense in bridge mode.
I want to run IDS/IPS service to protect my trusted network, from private and public ip address attacks.
but as i tested, i need to edit Suricata config file (suricata.yaml) and edit HOME_NET to reach my goal.
after some research i found out that HOME_NET config is an important suricata variable.
So
Why are you not adding HOME_NET config to Web Interface of Intrusion Detection on OPNsense ?
Thanks
Hosein
I am using OPNsense in bridge mode.
I want to run IDS/IPS service to protect my trusted network, from private and public ip address attacks.
but as i tested, i need to edit Suricata config file (suricata.yaml) and edit HOME_NET to reach my goal.
after some research i found out that HOME_NET config is an important suricata variable.
So
Why are you not adding HOME_NET config to Web Interface of Intrusion Detection on OPNsense ?
Thanks
Hosein
#6
15.7 Legacy Series / Re: WAN Gateway Become offline after restarting 4G internet Modem
January 13, 2016, 04:25:13 PM
thanks for reply
i am using static IP for WAN
4G modem starting up really fast, and the internet connection is okey when i directly connect to modem.
internet connection is down behind firewall.
i am using static IP for WAN
4G modem starting up really fast, and the internet connection is okey when i directly connect to modem.
internet connection is down behind firewall.
#7
15.7 Legacy Series / WAN Gateway Become offline after restarting 4G internet Modem
January 13, 2016, 04:13:12 PM
hi
I have OPNsense on device with two ethernet interface
WAN: 192.168.1.1
LAN: 192.168.2.1
and WAN Gateway (4G Modem) IP address is : 192.168.1.2
Each time, after i restart (turn the power off and on) the 4G Modem, the Gateway Status become : Offline
Gateway log file:
Of course in this state, internet is not connected for LAN network.
after that i repeatedly check the Gateway status and Gateway Log.
Nothing happen till the below log is appeared:
as you can see, it takes OPNsense about 10 min to reconnect the internet for LAN network.
and after repeating this situation, every time i get a different period of time:
Any Idea why this change of status take that long ?
I have OPNsense on device with two ethernet interface
WAN: 192.168.1.1
LAN: 192.168.2.1
and WAN Gateway (4G Modem) IP address is : 192.168.1.2
Each time, after i restart (turn the power off and on) the 4G Modem, the Gateway Status become : Offline
Code Select
Offline
Last check:
Wed, 13 Jan 2016 15:01:32 +0100 Gateway log file:
Code Select
Jan 13 15:01:32 apinger: ALARM: WANGW(192.168.1.2) *** down ***Of course in this state, internet is not connected for LAN network.
after that i repeatedly check the Gateway status and Gateway Log.
Nothing happen till the below log is appeared:
Code Select
Jan 13 15:11:07 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***as you can see, it takes OPNsense about 10 min to reconnect the internet for LAN network.
and after repeating this situation, every time i get a different period of time:
Code Select
Jan 13 15:01:03 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 15:00:44 apinger: ALARM: WANGW(192.168.1.2) *** down ***Code Select
Jan 13 14:59:36 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 14:53:05 apinger: ALARM: WANGW(192.168.1.2) *** down ***Code Select
Jan 13 14:27:05 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 14:22:01 apinger: ALARM: WANGW(192.168.1.2) *** down ***Any Idea why this change of status take that long ?
Pages1
