Monday 24 December 2012

Proxy Servers


Proxy  Server & Proxy Filter Configuration:
Now we discuss here about the configuration of Proxy Server and Proxy Filter (Squid and Squid Guard). First of we discuss here what is “Squid”.


Squid:
This is a high performance web cache proxy server.
Now we come to the Configuration.
Go to the services tab and select Proxy Server.

Access Control:                192.168.0.0/24
Note: In access control section we can add two or more different networks. In this case proxy server allow internet access of both networks and both communicate to each other. Like as
                                                    192.168.0.0/24
                                                    192.168.1.0/24
                                                    192.168.2.0/24







Squid Guard:
This is a high performance web cache proxy server
Note: Squid installation is most important before the installation of SquidGuard. Now we go to next step Configuration.



If we need more feature like as “IP Blocking” “MAC Blocking” “Domain Filtering” “Timing schedule” “2 Different Network Communication” etc. Configuration
 add one Timing Schedule by hitting on + plus sign.
Name:                             Weekly Timing Schedule
Description:                  Weekly Timing Schedule Listed here
                                        Save Settings




Next go to the Target Categories Tab in Proxy Filter. Add one Target Categore by hitting on + plus sign.
Name:                            Domain_List
Domain List:                 facebook.com youtube.com twitter.com
Note: Every domain separated by a single space.
Save Settings




Next go to the ACL_Group tab in Proxy Filter. Add one ACL _Group by hitting on + plus sign.
Name:                           ACL_Group
Client (Source):          192.168.0.3-192.168.0.254
Timing:                        Weekly Timing Schedule




Target Rule:                Hit on play sign      stay on Target categories     Select timing rule and Deny
Save Settings


Next go to the Common ACL Tab in Proxy Filter. Add one Common ACL by hitting on + plus sign.
Target Rule:                           Access denied

Save Settings



Next go to the General Setting Tab in Proxy Filter. Add one General Setting  by hitting on + plus sign.
Enable:                           Add check sign
Apply Settings




Thursday 13 December 2012

ARP Table & Block Internet Access


ARP Table:

How find Mac IDs, Machine Name or Host Name, IP address and machine interface.
GO to Diagnostic tab and select ARP table option .ARP Table print screen given below.
ARP table helpful  for IP reservation, Mac blocking, IP blocking and many more.






How block IP address:

PFsense is a free BSD and Firewall router .Through this firewall router we block IP addresses that listed in dhcp list or network list.
There are two methods in which we restrict the internet access of clients or users.

First Method:
Go to Firewall tab and select Rule option. Add rule on lan interface .Select action as a “Block” Condition On interface Select “LAN” and then on protocol portion add “any” or “TCP/UDP” then go to Source section and select type as “Single host or Alias” and type on down line that IP address on which you want to block internet access .print screen given below.

Note*** First mach role will work so when we need to block any user we need to put rule at the top of the default rule in firewall section.
 
Action:                            Block
Interface:                       LAN
Protocol:                        Any
Type:                              ingle host or Alias
                                       192.168.0.10

  


Second Method:
In second method it is important that proxy server already installed. Like Squid and squid guard.
Go to the services tab and point out to the Proxy server. In a proxy server we use Access control tab. In access tab we have an option with the name of “Band Host addresses” where we add that IP addresses we need to restrict internet access and then save.

Note: Each IP address written to the next line by pressing the Space button. Like as
Band Host Address:                                    192.168.0.10
                                                                      192.168.0.11
                                                                      192.168.0.12
                                                                                             
 


Monday 10 December 2012

417 Error in Squid

417 Error in Squid:


How to fix 417 error in squid.
History:
Changes in 3.1 ignore_expect_100
Ported from 2.7. Requires --enable-http-violations Prevents 417 errors being sent to broken HTTP/1.1 non-compliant clients.
Changes in 2.7 ignore_expect_100
Experimental HTTP/1.1 support knobs
Configuration Details:
Option Name:
Replaces:
Requires:
--enable-http-violations
Default Value:
ignore_expect_100 off
                                                 
                                                        ignore_expect_100 on
Add this highlighted text into proxy server. Go to “services” tab and select proxy server and then select General tab. Add selected text into custom option and then save. Print screen given below.

Select LAN interface as proxy interface.Add check sign on "Allow users on interface" and "Transparent proxy".You can see below Custom option. In custom option exception added.now uploading traffic bypass the proxy server. Then save setting.If you face more that  type of problem add exceptions in custom options.



Saturday 1 December 2012

PFSense Packages List


PFSense Packages :
Offers may be set up using the Program Administrator, located beneath System selection. The Program Administrator will show all the available packages along with brief information of their function. To set up a deal, click the "Add" symbol on the far right of the site. A set up conversation will then start and show success. Upon effective realization a deal set up, the new package will show up under the "Installed Packages" tab of the pfSense Program Administrator.
Removing a pfSense package is in the same way easy. From the Installed Offers view, choose the "Remove" symbol from the far right of the site. This will release the package set up schedule, which will show the success of the package elimination.
Packages list given below
Asterisk      Asterisk is an open source framework for building communications applications.
Asterisk turns an ordinary computer into a communications server.
anyterm:     Ajax Interactive Shell - Have you ever wanted SSH or telnet access to your system from an internet desert - from behind a strict firewall, from an internet cafe, or even from a mobile phone? Anyterm is a combination of a web page and a process that runs on your web server that provides this access. WARNING! We suggest using Stunnel in combination with this package!
Apache with mod_security-dev     ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.
Avahi    Avahi is a system which facilitates service discovery on a local network. This means that you can plug your laptop or computer into a network and instantly be able to view other people who you can chat with, find printers to print to or find files being shared. This kind of technology is already found in Apple MacOS X (branded Rendezvous, Bonjour and sometimes Zeroconf) and is very convenient. Avahi is mainly based on Lennart Poettering's flexmdns mDNS implementation for Linux which has been discontinued in favour of Avahi.
AutoConfigBackup    Automatically backs up your pfSense configuration. All contents are encrypted on the server. Requires pfSense Premium Support Portal Subscription from https://portal.pfsense.org
arping   Broadcasts a who-has ARP packet on the network and prints answers.
arpwatch    Arpwatch monitors ethernet/ip address pairings. It also logs certain changes to syslog.
Backup        Tool to Backup and Restore files and directories.
bandwidthd     BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded.
blinkled         Allows you to use LEDs for network activity on supported platforms (ALIX, WRAP, Soekris, etc)
bacula-client             Bacula is a set of Open Source, computer programs that permit you (or the system administrator) to manage backup, recovery, and verification of computer data across a network of computers of different kinds.
Country Block            Block countries - This has been replaced by pfblocker. This is a legacy app
Cron         The cron utility is used to manage commands on a schedule.
Dansguardian    DansGuardian is an award winning Open Source web content filter.
It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.
It does not purely filter based on a banned list of sites like lesser totally commercial filters.
For all non-commercial it's free, without cost.
For all commercial use visit dansguardian website to get a licence.
dns-server   pfSense version of TinyDNS which features failover host support
diag_new_states    Paul Taylors version of Diagnostics States which utilizes pftop.
darkstat          darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP.
Dashboard Widget: Snort    Dashboard widget for Snort.
Dashboard Widget: HAVP     Dashboard widget for HAVP alerts.
Dashboard Widget: Antivirus Status        Dashboard widget for HAVP status.
Filer         Allows you to create and overwrite files from the GUI.
File Manager        PHP File Manager
FreeSWITCH        FreeSWITCH is an open source telephony platform designed to facilitate the creation of voice and chat driven products scaling from a soft-phone up to a soft-switch. It can be used as a simple switching engine, a PBX, a media gateway or a media server to host IVR applications using simple scripts or XML to control the callflow.
FreeSWITCH Dev     FreeSWITCH package development version.
freeradius        A free implementation of the RADIUS protocol.
freeradius2               A free implementation of the RADIUS protocol.
Support: MySQL, PostgreSQL, LDAP, Kerberos
FreeRADIUS and FreeRADIUS2 settings are not compatible so don't use them together or try to update
On pfSense docs there is a how-to which could help you on porting users.
gwled    Allows you to use LEDs for gateway status on supported platforms (ALIX, WRAP, Soekris, etc)
haproxy       The Reliable, High Performance HTTP Load Balancer
This package implements HTTP balance features from Haproxy.
haproxy-full            The Reliable, High Performance TCP/HTTP Load Balancer
This package implements both TCP and HTTP balance features from Haproxy.
HAVP antivirus          Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.
IP-Blocklist         IP-Blocklist is PeerGuardian2 but on pfsense. This package has been replaced by pfblocker. 
Ipguard-dev       Ipguard listens network for ARP packets. All permitted MAC-IP pairs listed in config files.
If it recieves one with MAC-IP pair, which is not listed in 'ethers' file, it will send ARP reply with configured fake address.
This will prevent not permitted host to work properly in local ethernet segment.
imspector     IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.
imspector-dev         IMSpector is an Instant Messenger transparent proxy with logging capabilities. Currently it supports MSN, AIM, ICQ, Yahoo and IRC to different degrees.
iperf             Iperf is a tool for testing network throughput, loss, and jitter.
jail_template     Basic template for jails, probably requires pfJailctl to be useful. Includes 'base' and 'manpages' dists.
Lightsquid      High perfomance web proxy report (LightSquid). Proxy realtime stat (SQStat). Requires squid HTTP proxy.
LCDproc     LCD display driver
LCDproc-dev     LCD display driver - Development version
mailscanner-dev      MailScanner is an e-mail security and anti-spam package for e-mail gateway systems.
This is a level3 mail scanning tool with high CPU load.
mtr-nox11      Enhanced traceroute replacement
mailreport      Allows you to setup periodic e-mail reports containing RRD graphs.
Notes           Track things you want to note for this system.
nmap        NMap is a utility for network exploration or security auditing. It supports ping scanning (determine which hosts are up), many port scanning techniques (determine what services the hosts are offering), version detection (determine what application/service is runing on a port), and TCP/IP fingerprinting (remote host OS or device identification). It also offers flexible target and port specification, decoy/stealth scanning, SunRPC scanning, and more. Most Unix and Windows platforms are supported in both GUI and command line modes. Several popular handheld devices are also supported, including the Sharp Zaurus and the iPAQ.
nut     Network UPS Tools
netio      This is a network benchmark for DOS, OS/2 2.x, Windows NT/2000 and Unix. It measures the net throughput of a network via NetBIOS and/or TCP/IP protocols (Unix and DOS only support TCP/IP) using various different packet sizes.
NRPE v2     NRPE is an addon for Nagios that allows you to execute plugins on remote Linux/Unix hosts. This is useful if you need to monitor local resources/attributes like disk usage, CPU load, memory usage, etc. on a remote host.
OpenBGPD     OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol.
OpenOSPFD       This package is now considered deprecated. Please use the Quagga OSPF instead. -- WARNING! Installs files to the same place as Quagga OSPF. Installing both will result in a broken state, remove this package before installing Quagga OSPF.
Open-VM-Tools     VMware Tools
Open-VM-Tools-8.8.1     VMware Tools
OpenVPN Client Export Utility       Allows a pre-configured OpenVPN Windows Client or or Mac OSX's Viscosity configuration bundle to be exported directly from pfSense.
OpenVPN tap Bridging Fix     Patch to fix OpenVPN tap bridging on 2.0.x. WARNING! Cannot be uninstalled.
pfBlocker        Introduce Enhanced Aliastable Feature to pfsense.
Assign many IP urls lists from sites like I-blocklist to a single alias and then choose rule action to take.
This package also Block countries and IP ranges.
pfBlocker replaces Countryblock and IPblocklist.
Proxy Server with mod_security     ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. In addition this package allows URL forwarding which can be convenient for hosting multiple websites behind pfSense using 1 IP address.
PHPService        PHP run as a service it can do anything PHP can do including but not limited to monitoring files, CPU, RAM, and send alerts to the syslog.
Postfix Forwarder           Postfix mail forwarder acts as a relay server for your domain.
It can do first and second line antispam combat before sending incoming mail to local mail servers.
Postfix can also detect zombies, check RBLS, SPF, seach ldap for valid recipients and use third part antispam engines like policyd and mailscanner for better antispam solution.
phpSysInfo    PHPSysInfo is a customizable PHP Script that parses /proc, and formats information nicely. It will display information about system facts like Uptime, CPU, Memory, PCI devices, SCSI devices, IDE devices, Network adapters, Disk usage, and more.
pfflowd           pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of one's choice. Utilising the OpenBSD stateful packet filter infrastructure means that flow tracking is very fast and accurate.
pfJailctl       pfSense wrapper for jailctl - a jail management tool. Allows you to run jails on pfSense.

Quagga OSPF     OSPF routing protocol using Quagga -- WARNING! Installs files to the same place as OpenOSPFD. Installing both will break things.
RRD Summary    RRD Summary Page, which will give a total amount of traffic passed In/Out during this and the previous month.
Strikeback    Detect port scans with iplog and strikeback
snort       Snort is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection.
snort-dev    Snort-dev is a development branch.
spamd        Tarpits like spamd are fake SMTP servers, which accept connections but don't deliver mail. Instead, they keep the connections open and reply very slowly. If the peer is patient enough to actually complete the SMTP dialogue (which will take ten minutes or more), the tarpit returns a 'temporary error' code (4xx), which indicates that the mail could not be delivered successfully and that the sender should keep the mail in their queue and retry again later.
siproxd   Proxy for handling NAT of multiple SIP devices to a single public IP.
Sarg           Sarg - Squid Analysis Report Generator is a tool that allow you to view "where" your users are going to on the Internet.
Sarg provides many informations about Proxy(squid,squidguard or dansguardian) users activities: times, bytes, sites, etc...
stunnel            An SSL encryption wrapper between remote client and local or remote servers.
squid3       High performance web proxy cache.
It combines squid as a proxy server with it's capabilities of acting as a HTTP / HTTPS reverse proxy.
It includes an Exchange-Web-Access (OWA) Assistant.
Shellcmd    The shellcmd utility is used to manage commands on system startup.
SSHDCond     Allows to define SSH overrides for users,groups,hosts and addresses using Match in a convenient way.
This package acts as an access list frontend for ssh connections
System Patches       A package to apply and maintain custom system patches.
TFTP     Trivial File Transport Protocol is a very simple file transfer protocol. Often used with routers, voip phones and more.
Unbound            Unbound is a validating, recursive, and caching DNS resolver. This package is a drop in replacement for Services: DNS Forwarder and also supports DNSSEC extensions. Once installed please configure the Unbound service by visiting Services: Unbound DNS.
vHosts       It is a web server package that can host HTML, Javascript, CSS, and PHP. It uses the lighttpd web server that is already installed. It uses PHP5 in FastCGI mode and has access to PHP Data Ojbects and PDO SQLite.
Varnish      Varnish is a state-of-the-art, high-performance HTTP accelerator.
It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.
Varnish3        Varnish is a state-of-the-art, high-performance HTTP accelerator.
It uses the advanced features in FreeBSD 6/7/8 to achieve its high performance.
Version 3.0.2 includes streaming support
vnstat2           Vnstat is a console-based network traffic monitor
The vnstat PHP frontend and vnstati adds a more user friendly way of displaying traffic usage.
widentd     RFC1413 auth/identd daemon with fixed fake reply
widescreen       The package makes pfSense adapt to browser's current width. It is particularly convenient for Status->Dashboard page that allocates columns for widgets according to browser's current width. ATTENTION: the package heavily modifies pfsense_ng theme and affects other's themes appearance. Please REFRESH your browser's window after installing/uninstalling this package.
Zabbix Agent       Monitoring agent.
Zabbix Proxy       Monitoring agent proxy.
zebedee              Zebedee is a simple program to establish an encrypted, compressed "tunnel" for TCP/IP or UDP data transfer between two systems.
This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.

PFSense Solutions