Messages

1

16.7 Legacy Series / Re: Upgrading to 16.7, known issues and workarounds

« on: August 24, 2016, 03:43:03 pm »

hi

i installed 16.7.1
and IDS theme is not loading ...

please put your commnet

tnx

2

General Discussion / NANO PFSense vs NANO OPNsense

« on: April 03, 2016, 02:38:58 pm »

After my survey i saw that NANO PFSense had /cfg partition.

Why we don't have such partition on NANO OPNsense ?

and What we should do to have such structure to reach Fault Tolerance?

Regards,
Hosein

3

16.1 Legacy Series / Re: IDS on Bridge Mode do not detect private IP attack

« on: March 07, 2016, 02:53:50 pm »

This is my test senario:


http://sm.uploads.im/E8OeG.png

I run IDS in firewall and enable all scan rules.

after scanning  LAN1 (192.168.1.100) with NMAP, no allert shown in firewall

but after editing HOME_NET like below:

Code: [Select]

//--Original
HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
 
//--Replace with below line:
HOME_NET: "[192.168.1.0/24,10.0.0.0/8,172.16.0.0/12]"

IDS give me the expected alert for scanning.

so

I think that, Suricata only detect attacks with HOME_NET destination.

is this a true?


Regards,
Hosein

4

16.1 Legacy Series / Re: IDS on Bridge Mode do not detect private IP attack

« on: March 07, 2016, 01:02:12 pm »

Hi Franco

Thanks for the reply.

so naturally we try to work on routing-based features and that works ok without HOME_NET.

as i tested in routing mode, if i my red network have Private IP Address ( 192.168.0.0/16) , i should change HOME_NET config to detect attacks from red local network.

so
Am i doing any thing wrong ?

However, I think we can add this to an upcoming version as an option, but it'll likely have to be configured manually.

looking forward to see this option in web interface

Regards,
Hosein

5

16.1 Legacy Series / IDS on Bridge Mode do not detect private IP attack

« on: March 05, 2016, 11:06:17 am »

hi

I am using OPNsense in bridge mode.
I want to run IDS/IPS service to protect my trusted network, from private and public ip address attacks.
but as i tested, i need to edit Suricata config file (suricata.yaml) and edit HOME_NET to reach my goal.

after some research i found out that HOME_NET config is an important suricata variable.

So
Why are you not adding HOME_NET config to Web Interface of Intrusion Detection on OPNsense ?


Thanks
Hosein

6

15.7 Legacy Series / Re: WAN Gateway Become offline after restarting 4G internet Modem

« on: January 13, 2016, 04:25:13 pm »

thanks for reply

i am using static IP for WAN

4G modem starting up really fast, and the internet connection is okey when i directly connect to modem.

internet connection is down behind firewall.

7

15.7 Legacy Series / WAN Gateway Become offline after restarting 4G internet Modem

« on: January 13, 2016, 04:13:12 pm »

hi

I have OPNsense on device with two ethernet interface
WAN: 192.168.1.1
LAN: 192.168.2.1

and WAN Gateway (4G Modem) IP address is : 192.168.1.2

Each time, after i restart (turn the power off and on) the 4G Modem, the Gateway Status become : Offline

Code: [Select]

Offline
Last check:
Wed, 13 Jan 2016 15:01:32 +0100
Gateway log file:

Code: [Select]

Jan 13 15:01:32 apinger: ALARM: WANGW(192.168.1.2) *** down ***
Of course in this state, internet is not connected for LAN network.
after that i repeatedly check the Gateway status and Gateway Log.
Nothing happen till the below log is appeared:

Code: [Select]

Jan 13 15:11:07 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
as you can see, it takes OPNsense about 10 min to reconnect the internet for LAN network.

and after repeating this situation, every time i get a different period of time:

Code: [Select]

Jan 13 15:01:03 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 15:00:44 apinger: ALARM: WANGW(192.168.1.2) *** down ***

Code: [Select]

Jan 13 14:59:36 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 14:53:05 apinger: ALARM: WANGW(192.168.1.2) *** down ***

Code: [Select]

Jan 13 14:27:05 apinger: alarm canceled: WANGW(192.168.1.2) *** down ***
Jan 13 14:22:01 apinger: ALARM: WANGW(192.168.1.2) *** down ***

Any Idea why this change of status take that long ?