![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2018-10-02
目錄
- Check pfsense Version
- pfsense default login
- pw file
- Configure File
- php shell
- freebsd version
- Function Limit
Check pfsense Version
cat /etc/version
2.7.1-RELEASE
pfsense default login
web: admin / pfsense
ssh: root, admin
ssh
當啟動了 ssh 後, root 及 admin 都可以 ssh pfsense
pw file
/etc/passwd
/etc/pwd.db
/etc/spwd.db
Configure File
保存好的 config file
/cf/conf/config.xml
# reload the config
# Restarting sshd (keeping actual ssh session) and restarting webgui.
/etc/rc.reload_all start
# Remove the running config and reuse the /cf/config.xml
rm /tmp/config.cache
pfSense php shell system
pfSsh.php
/* to output the interfaces configuration portion of the configuration */ print_r($config['interfaces']); /* to enable SSH */ $config['system']['enablesshd'] = true; /* to disable the firewall filter */ $config['system']['disablefilter'] = true; /* to enable an interface and set a static ip address */ $config['interfaces']['wan']['disabled'] = false; $config['interfaces']['wan']['ipaddr'] = "192.168.100.1"; $config['interfaces']['wan']['subnet'] = "24"; /* to save out the new configuration (config.xml) */ write_config();
pfsense 's freebsd version
2.7.1 14.0
2.2 10.1-RELEASE
2.1.15 8.3-RELEASE-p16
1.2.3 7.2-RELEASE-p5
P.S.
Checking command
- cat /etc/version
- uname -r
Function Limit
pptp
Connecting to a remote PPTP server (outbound) while using the same IP for incoming PPTP connections currently does not work due to NAT limitations in pf. The only currently working choice is to NAT the outbound PPTP connection to an additional WAN IP address.
Reroute traffic for remote PPTP servers out an additional IP
Map outbound GRE and tcp/1723 traffic to another VIP using the protocol option on manual outbound NAT rules. This allows an outbound NAT rule to move outgoing GRE traffic to a VIP instead of the WAN IP address.
ftp-proxy
FTP proxy is in-kernel (pfSense 2.0.x and 2.1.x)
* FTPS, or encrypted FTP, is not affected.
Disabling the FTP Proxy
System > Advanced, "System Tunables" Tab -> debug.pfftpproxy=1 # 1=> Disable
FTP traffic is identified by the use of port 21 ( 用以用 debug.pfftpports 設定 (e.g. 21,2121))
ftp-proxy 原理
FTP control connections should be redirected into the proxy using the pf(4) "rdr" command,
after which the proxy connects to the server on behalf of the client.
The proxy allows data connections to pass, rewriting and redirecting them
so that the right addresses are used.
All onnections from the server to the proxy have their destination address rewritten,
so they are redirected to the client.
Version 2.4
[T1]
There were error(s) loading the rules: /tmp/rules.debug:18: cannot define table bogonsv6: Cannot allocate memory
[S1]
Increase the "Firewall Maximum Table Entries" size to 400000 in System > Advanced, Firewall & NAT
[原因1]
Same happened here, and a search reveals many more users.
It seems the bogons table is getting very close to 100k entries these days:
# wc -l /etc/bogonsv6
95952 /etc/bogonsv6
During filter reload, it temporarily needs twice that, hitting the 200k limit.
Pfsense should really increase the default value. Especially since it'll hang with partially reloaded rules,
which could cause who knows what kind of downtime or security nightmares
