"
https://www.supermicro.com/products/system/Mini-ITX/SYS-E200-9B.cfm
It looks like it would be really good.
It looks like it would be really good.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#106
Hardware and Performance / Would this do a good job running OPNSense?
January 18, 2017, 03:55:32 AM #107
16.7 Legacy Series / Re: Unable to create bootable USB media
January 16, 2017, 01:03:47 PM
I've had no success with anything other than win32diskimager
#108
16.7 Legacy Series / Re: Unable to create bootable USB media
January 16, 2017, 03:44:13 AM
Win32diskimager works great if you have a windows box available.
#109
16.7 Legacy Series / Re: IDPS Issues
January 15, 2017, 07:31:35 PM
That is too bad. I'd love to continue using opnsense but I'll have to wait until I can replace the hardware with Intel NICs.
:(
Thanks. Great job on opnsense by the way. Really solid product.
:(
Thanks. Great job on opnsense by the way. Really solid product.
#110
16.7 Legacy Series / Re: insight : no data availabe
January 15, 2017, 04:26:57 PM
I experienced this on 16.7.13 as well.
#111
16.7 Legacy Series / Re: IDPS Issues
January 14, 2017, 11:22:59 PM
I'm wondering if this is an issue with BSD and Realtek NIC drivers.
The same NIC's seem to work fine with IDS on a Linux based firewall.
The same NIC's seem to work fine with IDS on a Linux based firewall.
#112
16.7 Legacy Series / IDPS Issues
January 14, 2017, 06:20:54 AM
I recently did a fresh installation of the 17.1 beta.
I had a bunch of trouble trying to get ET rulesets to work.
See this thread: https://forum.opnsense.org/index.php?topic=4249.0
So I gave up and installed 16.7.13 instead thinking maybe it was a beta issue.
I seem to be having the same sorts of troubles getting ET rules working in 16.7.13.
I tried turning on IDS and IPS with some ET rules enabled but I never see any alerts triggered.
I tried switching the rule to drop traffic instead of alert and that didn't work either. It never changed the rules to drop action.
At that point i logged into a shell found the suricata rules files and moved them to a dir in /tmp. Then I tried to redownload the rules but it didn't work. Finally I found a suricata rules updater script in /tmp and moved that somewhere else as well. After that I was able to run the ruleset downloads again.
This time I only enabled the rulesets from this example:
https://docs.opnsense.org/manual/how-tos/ips-feodo.html
The rules downloaded and when I changed the action to drop all the rules changed to drop like I would expect.
I have yet to see any of these rules to trigger alerts/drops but they may be working and just haven't been triggered.
I hesitate to enable any of the ET rulesets again because frankly they just seem to be broken or so sensitive that they aren't worth working with. Am I missing something?
The user defined rules that I have created to drop GeoIP (countries) is working great. They show in the alerts log as expected.
Any help getting ET rules working would be much appreciated because I am stumped at this point.
I had a bunch of trouble trying to get ET rulesets to work.
See this thread: https://forum.opnsense.org/index.php?topic=4249.0
So I gave up and installed 16.7.13 instead thinking maybe it was a beta issue.
I seem to be having the same sorts of troubles getting ET rules working in 16.7.13.
I tried turning on IDS and IPS with some ET rules enabled but I never see any alerts triggered.
I tried switching the rule to drop traffic instead of alert and that didn't work either. It never changed the rules to drop action.
At that point i logged into a shell found the suricata rules files and moved them to a dir in /tmp. Then I tried to redownload the rules but it didn't work. Finally I found a suricata rules updater script in /tmp and moved that somewhere else as well. After that I was able to run the ruleset downloads again.
This time I only enabled the rulesets from this example:
https://docs.opnsense.org/manual/how-tos/ips-feodo.html
The rules downloaded and when I changed the action to drop all the rules changed to drop like I would expect.
I have yet to see any of these rules to trigger alerts/drops but they may be working and just haven't been triggered.
I hesitate to enable any of the ET rulesets again because frankly they just seem to be broken or so sensitive that they aren't worth working with. Am I missing something?
The user defined rules that I have created to drop GeoIP (countries) is working great. They show in the alerts log as expected.
Any help getting ET rules working would be much appreciated because I am stumped at this point.
#113
17.1 Legacy Series / Re: IDPS
January 14, 2017, 05:04:30 AM
I got rid of 17.1 beta and installed 16.7 production.
Same results. Fresh install and very basic configuration.
I enabled IDS (not IPS yet), applied, enabled some ET rules, downloaded and updated rulesets...
Again, I get alerts like this:
"SURICATA STREAM excessive retransmissions"
But none from the downloaded ET rules. I don't understand why it isn't working.
Any help would be appreciated.
Same results. Fresh install and very basic configuration.
I enabled IDS (not IPS yet), applied, enabled some ET rules, downloaded and updated rulesets...
Again, I get alerts like this:
"SURICATA STREAM excessive retransmissions"
But none from the downloaded ET rules. I don't understand why it isn't working.
Any help would be appreciated.
#114
17.1 Legacy Series / Re: IDPS
January 13, 2017, 04:39:23 AM
I am seeing alerts again... however they are back to the same alerts I mentioned in the original post and nothing from the ET rules I enabled.
I don't get it.
I recently switched to OPNSense from another firewall that was using ET rules and I would see alerts like every 5 to 10 minutes for the same rules.
I don't get it.
I recently switched to OPNSense from another firewall that was using ET rules and I would see alerts like every 5 to 10 minutes for the same rules.
#115
17.1 Legacy Series / Re: IDPS
January 13, 2017, 04:31:29 AM
So I cleared the logs and tried to turn IDS/IPS off and then back on again.
Now I get no alerts. I tried turning just IPS off too and no luck. I get no alerts now. :(
Now I get no alerts. I tried turning just IPS off too and no luck. I get no alerts now. :(
#116
17.1 Legacy Series / IDPS
January 13, 2017, 03:56:16 AM
I installed the beta tonight and everything seems to be great.
I'm a little confused by the IDPS though.
I enabled IDS and IPS, checked off some ET rule sets and clicked on enable, downloaded and updated rules, then clicked apply.
All I see in the alerts is stuff like this:
"SURICATA STREAM excessive retransmissions"
"SURICATA TLS invalid record/traffic"
"SURICATA TCPv4 invalid checksum"
"SURICATA STREAM Packet with invalid ack"
"SURICATA STREAM ESTABLISHED invalid ack"
None of these appear to be related to the rule sets I enabled.
I then switched all of the rulesets on the main IDS page to input filter drop, clicked on download and update rules and apply again. I still see nothing but hundreds of the above alerts and none from the ET rulesets.
Am I doing something wrong or is this broken?
Thank you.
I'm a little confused by the IDPS though.
I enabled IDS and IPS, checked off some ET rule sets and clicked on enable, downloaded and updated rules, then clicked apply.
All I see in the alerts is stuff like this:
"SURICATA STREAM excessive retransmissions"
"SURICATA TLS invalid record/traffic"
"SURICATA TCPv4 invalid checksum"
"SURICATA STREAM Packet with invalid ack"
"SURICATA STREAM ESTABLISHED invalid ack"
None of these appear to be related to the rule sets I enabled.
I then switched all of the rulesets on the main IDS page to input filter drop, clicked on download and update rules and apply again. I still see nothing but hundreds of the above alerts and none from the ET rulesets.
Am I doing something wrong or is this broken?
Thank you.
#117
17.1 Legacy Series / Upgrading from beta to stable
January 12, 2017, 11:25:26 PM
If I install the beta, will I be able to upgrade to stable when it is released or would a fresh install be required?
#118
Tutorials and FAQs / Re: Xbox One - Open NAT Tutorial
August 18, 2016, 01:31:48 AMQuote from: franco on August 11, 2016, 09:04:32 AM
Thanks, very cool! I was thinking maybe we should make an "How-to" forum and move this over there?
Cheers,
Franco
Franco,
I'd like to see how-to forum as well. Moderation will be important. We don't want it to get filled with junk or irrelevant information.
#119
16.7 Legacy Series / Re: not getting IP via DHCP on WAN
August 17, 2016, 03:13:36 AM
My ISP will only issue an IP to one mac address. In order to change routers/interfaces I need to make sure I release my IP first. If I don't, I won't get an address.
That being said, is it possible that your interfaces are swapped when using OPNsense? Your LAN and WAN interfaces could be reversed and your ISP won't issue the IP to the wrong interface.
Just an idea. Good luck.
That being said, is it possible that your interfaces are swapped when using OPNsense? Your LAN and WAN interfaces could be reversed and your ISP won't issue the IP to the wrong interface.
Just an idea. Good luck.
