Last year I finally got around to installing pfSense 1.2 and some packages. Last week I decided to upgrade to the latest release. I chose to use the command line version of the upgrade process and it worked great at updating the base package. The upgrade documentation is a little fuzzy about updating the packages. When I logged into the administrative panel the firewall started to upgrade the packages. That kind of worked but most of the packages I checked were not working after the upgrade. I tried to manually update or uninstall SNORT but it ignored me. So I rebooted the firewall.
As the firewall came up the second time, it upgraded SNORT. After logging into the administrative panel again, I saw that NMAP worked. Okay, that’s a step forward. Next I tried NTOP but the screen would not come up. Thinking it might have forgotten the configuration settings, I configured NTOP. It worked. Next I installed Open-VM-Tools since I run my firewall as virtual machine. Finally I tried SNORT. I could configure it but it still had problems downloading rules. This was the problem I had previously under 1.2 so I uninstalled SNORT. Everything seems to be working so it is probably safe to forget it for a couple more months.
Recently I installed the pfSense firewall and now I have started to check out some of the packages that make pfSense such an interesting firewall platform. Without going into too much detail here is my impressions on several packages.
- NMAP – It kind of worked for me when I accessed it via the web server. It locked up the pfSense web server a couple of times. It worked fine for me via the command line and the Command page.
- NTOP – I had not heard of this package before but I was impressed. It had lots of information about my network. Some of the information was actually useful. I am keeping tabs on my son’s Internet usage. With all of this info I kept expecting the computer utilization of pfSense to go through the roof. It did not. Whew!
- SNORT – I did not get this package to work. It installs but the service does not start and it had problems downloading rules. I am guessing the rules issue might be related to the fact that the package was version 2.7 and the current rules are 2.8. I saw in a forum where several people were having problems running the package on pfSense. I manually uploaded a rule to see if I could start the package. It still did not start. Since I did not see any log messages, I decided it was not worth proceeding. It is hard to debug problems when you have logging turned off.
- EXEC.php – This goes under the name of Command. It gives you the equivalent of a command prompt and it is for those of us who do not want to crank up SSH for every little thing. It is not a “package” and its disclaimer says it is not supported. However, it worked better for me than the supported packages. Go figure! I used it to verify that NMAP was working. It was a helpful tool to work with SNORT, too.
- Internet Explorer – You need a SVG viewer plugin to view the traffic graph. I used Adobe’s version. The drop down navigation menu is quirky with IE. It opens and closes before you select an item. In IE the navigation menu is blocked by the traffic graph. I might try and fix this.