Picks and Pans for pfSense packages

Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages.

  • NMAP – It kind of worked for me when I accessed it via the web server. It locked up the pfSense web server a couple of times. It worked fine for me via the command line and the Command page.
  • NTOP – I had not heard of this package before but I was impressed. It had lots of information about my network. Some of the information was actually useful. I am keeping tabs on my son’s Internet usage. With all of this info I kept expecting the computer utilization of pfSense to go through the roof. It did not. Whew!
  • SNORT – I did not get this package to work. It installs but the service does not start and it had problems downloading rules. I am guessing the rules issue might be related to the fact that the package was version 2.7 and the current rules are 2.8. I saw in a forum where several people were having problems running the package on pfSense. I manually uploaded a rule to see if I could start the package. It still did not start. Since I did not see any log messages, I decided it was not worth proceeding. It is hard to debug problems when you have logging turned off.
  • EXEC.php – This goes under the name of Command. It gives you the equivalent of a command prompt and it is for those of us who do not want to crank up SSH for every little thing. It is not a “package” and its disclaimer says it is not supported. However, it worked better for me than the supported packages. Go figure! I used it to verify that NMAP was working. It was a helpful tool to work with SNORT, too.
  • Internet Explorer – You need a SVG viewer plugin to view the traffic graph. I used Adobe’s version. The drop down navigation menu is quirky with IE. It opens and closes before you select an item. In IE the navigation menu is blocked by the traffic graph. I might try and fix this.

Getting a L2TP VPN connection to work through the Comodo firewall

I have been using the Comodo™ Firewall for over a year now. My experience with it leads me to believe that it is more secure than others on the market. I really liked its flexibility and monitoring capability. When the beta for version 3 came out I enthusiastically installed it. I was surprised and disappointed that I was no longer able to use my VPN network connections. So I went back to version 2.4. Since I switched back to the old version I struggled to get back to configuration that worked before I undertook the leap of faith with the beta. The PPTP VPN connection worked but the L2TP VPN connection did not work for me locally.

Let me digress for a bit and describe my local network and the VPN connections I have set up. When I am out of the office and accessing my server via the Internet, I use a VPN connection that uses the DNS name in its configuration. The DNS name points to the static IP address of my hardware firewall. The hardware firewall forwards the VPN traffic to my SBS server where the software firewall, ISA, completes the VPN connection. When I am at my office my laptop connects to the same network that connects the SBS server to the firewall and the VPN connection I use to access the server remotely does not work. To get around this minor problem I use a different VPN connection with the local IP address of the server in the configuration. This connection goes directly to the server and does not go through the firewall. Yesterday I figured why the L2TP connection was not working.

The ports they say you need to open up on your hardware firewall to allow L2TP access from the Internet are 500, 1701, and 4500. When I look at the ISA log I can see the laptop using ports 500 and 1701. When I looked at the Comodo activity log I found that it blocked an outbound access to protocol 50. This sounded vaguely familiar. It was hard to find but Microsoft talks about protocol 50 and 51 in this article, Interoperation with Other Services. Why was Comodo blocking outbound access? I was befuddled but I decided to go ahead and add a IP IN/OUT allow for protocol 50 rule to my local server IP. My L2TP VPN is now working. It is interesting that you will not find protocol 50 showing up in the ISA log but according to the Comodo log it is talking to the server with this protocol.

Comodo™ Free Firewall Software Download

Comodo™ Free Firewall Software Download

I have been using the latest  version is 3.0 for several weeks now but have decided to go back to the previous version. Although the latest version has several new features that increase security, it does not allow me to make a VPN connection. I found the problem when I was trying the beta version but it still does not work in the released version. The released 3.0 version is too buggy for me. Today I got fed up with the crashes and installed the old version.

Free Firewall Software – Comodo™ Firewall

Comodo Free FirewallVersion 2.4

It’s Free. Forever. No Catch. No Kidding

Comodo Firewall Pro

The Award-Winning Comodo Firewall Pro
  • PC Magazine Online’s Editor’s Choice
  • Secures against internal and external attacks
  • Blocks internet access to malicious Trojan programs
  • Safeguards your Personal data against theft
  • Delivers total end-point security for Personal Computers and Networks

Install now for out-of-the-box protection against identity theft hackers, Trojans, scripts and other unknown threats

Free Firewall Software – Comodo™ Firewall

Yesterday I decided to upgrade my Trend Micro SMB software to version 3.6. While I was at it I decided to give their firewall another tryout. I was using Microsoft’s firewall so there must be something better. Within a few minutes I remembered why I was not using Trend’s firewall. Microsoft’s firewall is much easier to configure. If you have a bunch of exceptions to the rule, Trend Micro’s firewall is best forgotten.

Since I knew that there had to be a better firewall out there, I started looking around. Zonealarm is the traditional favorite. Comodo has a nice firewall that received some nice reviews recently and it is free, so I decided to give it a try. Since the online threats have morphed over the years I wanted a firewall that was easy and flexible to configure, have some built-in monitoring, and incorporate some application level filtering. The old port blocking firewalls are not very adept at catching the new online threats which take advantage of ports that are normally open(e.g. http-port80). It takes some application level filtering to catch the new threats. Comodo’s application level functionality reminded me of Microsoft’s ISA firewall. Microsoft’s ISA is a more robust product but Comodo’s application filtering looks pretty good.

Downloading and installing the program was easy. Configuring the program took me a lot longer since my laptop has an Apache web server, a FTP server, a MYSQL server, a Subversion server, and a VMware server on it and I wanted to restrict the access to these servers. The firewall will prompt you to add rules for specific programs. You can use the rules that the firewall creates but they were too general for me. So I changed them to be more specific. I restricted the ports and destinations available in each rule. My servers are for testing and development so there is no need to expose them to the world. Along the way I found out that I have a lot of chatty programs I have been ignoring and Google Desktop is the biggest culprit. It is amazing how many programs have to call home.

So far I have been impressed with the firewall. Its got great flexibility and monitoring capability. This is a nice addition to a layered approach to security.