Search found 375 matches

by dnl
October 4th, 2019, 9:42 am
Forum: Development
Topic: unbound - DoT
Replies: 81
Views: 10165

Re: unbound - DoT

Just had a chance to try this today. Thanks again ummeegge it makes setting up DoT with unbound trivial! Some feedback: 1. Consider renaming the installer. 'dot_in-uninstaller.sh' is confusing! The first time I read it I thought it was only the uninstaller. Why not call it 'dot-setup.sh' 2. None of ...
by dnl
August 13th, 2019, 9:28 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 5239

Pi-Hole with IPFire

Curious about net setup up for Pi-Hole. Can I hang the RP/Pi-Hole box off my green net with a fixed address and then assign my IPFire DNS Server Address to be the Pi-Hole? I use the IPFire as my second DNS resolver, which the Pi-Hole uses. I think the Pi-Hole is DNSSEC aware, but haven't checked. A...
by dnl
August 11th, 2019, 10:40 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 5239

Re: Intrusion Prevention System - core 131

Hello, Just did that - temporary because I have one Pi only. I had to google for a bigger, aggregated list of domains but was not hard: I am blocking now an staggering ~600K domains. I can sau Pi-Hole is awesome -> Youtube ads are history by the way.. Thanks, I'll have to go in the attic to find so...
by dnl
July 28th, 2019, 11:15 am
Forum: Development
Topic: Possible Design Flaw - why does IPFire time server listen on RED?
Replies: 2
Views: 268

Re: Possible Design Flaw - why does IPFire time server listen on RED?

Normal it is not a problem if a service is bound to all interfaces because red is in masquerade mode so it is not accessible unless you create a rule that allow the connection. Thanks for the response Arne Yes that is true, but I had expected ntpd to be configured only to listen on internal interfa...
by dnl
July 27th, 2019, 6:42 am
Forum: Development
Topic: Possible Design Flaw - why does IPFire time server listen on RED?
Replies: 2
Views: 268

Possible Design Flaw - why does IPFire time server listen on RED?

I recently reinstalled IPFire from scratch, without using backups. Why does the IPFire time server service listen on the RED interface?
Surely that's a design/security flaw. I expected the service to only listen on internal networks (i.e GREEN BLUE ORANGE)

Thanks!
by dnl
July 15th, 2019, 2:26 am
Forum: IPFire in General
Topic: GREEN + BLUE + BLUE2 network?
Replies: 2
Views: 238

Re: GREEN + BLUE + BLUE2 network?

I'm running green, blue, orange. You should be able to get what you want with a few rules. The default policy is a handy place to start planning. https://wiki.ipfire.org/configuration/firewall/default-policy Thanks Mentalic! That does sound much easier than I had expected. That wiki page has change...
by dnl
July 14th, 2019, 11:05 am
Forum: IPFire in General
Topic: GREEN + BLUE + BLUE2 network?
Replies: 2
Views: 238

GREEN + BLUE + BLUE2 network?

Hello, I have spent some time search these forums but have not found a way to set up an internal network in addition to GREEN, BLUE and ORANGE. I would like to set up a network for IoT devices (my IPFire system has an unused NIC) however I'm already using GREEN and BLUE. I do not want the IoT device...
by dnl
July 13th, 2019, 4:16 am
Forum: IPFire in General
Topic: Intrusion Prevention System - core 131
Replies: 54
Views: 5239

Re: Intrusion Prevention System - core 131

With both Talos and ET rules (all of them) loaded the memory consumption is steady at 780MB for suricata processess - past 50 days usage! Ouch! It is not wise to use an IPS with all the rules enabled. It's only creating spam alerts and wasting your power. How do you know what alerts to act on? Have...
by dnl
July 11th, 2019, 9:37 am
Forum: Addons
Topic: apcupsd on RPi
Replies: 3
Views: 1034

Re: apcupsd on RPi

I was going to suggest that, after you'd fixed the problem, you could try "nut" Network UPS tools instead, but while it has activity on it's github site, the main maintainer seems to have lost interest as the last release was 2016.
by dnl
July 9th, 2019, 11:45 am
Forum: IPFire in General
Topic: Bypass Transparent Proxy for one internel IP?
Replies: 15
Views: 11212

Bypass Transparent Proxy for one internal IP?

For bypassing SQUID for one IP (no matter the destination) add in /etc/sysconfig/firewall.local section start) and another one in section stop) . The one in section start uses "-A", the one in section stop uses "-D" (delete). #!/bin/sh case "$1" in start) #Bypass SQUID rule for 192.168.2.2 iptables...
by dnl
July 5th, 2019, 10:12 am
Forum: IPFire in General
Topic: IPFire status graph not displayed
Replies: 17
Views: 5694

Re: IPFire status graph not displayed

Well I found the problem and the fix. The QoS graps appear to be in the /var/log/rrd/ base directory, not under 'collectd'. Switching from PPPoE to DHCP does not appear to have been catered for in the QoS interface. The configuration files all refer to ppp0 not "red0" and the upload classes are not ...
by dnl
July 5th, 2019, 10:05 am
Forum: IPFire in General
Topic: IPFire status graph not displayed
Replies: 17
Views: 5694

Re: IPFire status graph not displayed

Which of these is related to the QoS graphs? It does not seem to be "interface"... /var/log/rrd/collectd/localhost /var/log/rrd/collectd/localhost/iptables-filter-POLICYIN /var/log/rrd/collectd/localhost/iptables-filter-POLICYOUT /var/log/rrd/collectd/localhost/iptables-filter-POLICYFWD /var/log/rrd...
by dnl
July 5th, 2019, 10:02 am
Forum: IPFire in General
Topic: IPFire status graph not displayed
Replies: 17
Views: 5694

Re: [SOLVED] IPFire status graph not displayed

Problem description: none of the IPFire graphs were displayed after a reboot & changing the RED connection (from PPoE to DHCP). I have had the same problem with my QoS Uplink graph (only) since changing from PPPoE to DHCP. However I have not had any of the symptoms which you had. My internet speed ...
by dnl
July 2nd, 2019, 9:09 pm
Forum: IPFire in General
Topic: IPoE
Replies: 3
Views: 262

Re: IPoE

The VDSL Option is PPPoE over VLAN not IPoE. IPoE (IPoverEthernet) is the normal Protokol also in the LAN's. Most IPoE providers use DHCP to configure the clients. Thank you very much!! When I have a chance, I'll put the term "ipoe" in the appropriate wiki page with a brief explanation so others do...
by dnl
July 2nd, 2019, 10:57 am
Forum: IPFire in General
Topic: IPoE
Replies: 3
Views: 262

Re: IPoE

It sounds like IPFire calls "IPoE" "VDSL". However it talks about using PPPoE when my reading of the detail is that IPoE doesn't have the PPPoE overhead - just authentication on a specific VLAN. (Eg https://networkengineering.stackexchange.com/questions/39567/what-exactly-is-ipoe) Is anyone able to ...