Where can the pfsense log files be located and viewed?
I have searched the documentation and it doesn't indicate the log files location for the various components of pfsense.
I had read on a few forums about pfSense that said it was dangerous to virtualize pfSense. The reason that was stated was an attacker could use pfsense as a spring board for an attack on the hypervisor and then use that to gain access to the other virtual machines and eventually take everything offline.
It sounds crazy to me but is there shred of reality in that idea? Is running a router in a virtual server a bad idea?
Background
I have been struggling to get my SIP phones to register behind a brand new router and switch in our brand new office. Our PBX is hosted offsite. I have worked with our provider to attempt several different approaches. We have tried regular NAT to connect to their NAT-aware session border controller. We have tried using siproxd (the pfSense package) to intercept the SIP registration requests and register on the phones behalf. Finally, we have tried configuring the phones manually to register with the siproxd daemon on my local network.
Throughout testing we have seen the phones do all of the following successfully:
- Contact the hosted FTP server by IP address
- Download the configuration from said server
- Perform DNS queries to resolve the IP address of the NTP server
- Query the NTP server to set the time
- Perform DNS queries to resolve the IP address of the SIP server(s)
Symptoms
After the phones have done all of the pre-registration tasks successfully, we never see the registration attempt hit the pfSense box, or the provider's PBX. I have enabled the highest level of debugging in siproxd on my end and have seen nary a TCP connection or UDP packet. However, a simple telnet to port 5060 from a workstation will generate expected log messages. Performing a packet capture on the pfSense box showed absolutely no SIP traffic attempts.
What the heck?
My final troubleshooting step that thoroughly stumped me and brought me to ask this question was as follows. I first mirrored the switch port that a phone was plugged into to my workstation switch port. I performed a packet capture of all traffic on the interface. To my surprise I saw SIP registration packets coming from the phone. Here is an example:
Clearly the phone is trying to register with the PBXs (those are the correct IP addresses as well).
My next step was to mirror the switch port that feeds into the LAN side of the pfSense router. I saw all of the FTP, NTP, and DNS traffic from the 172.200.22.102 phone coming out of the switch, but not a trace of the SIP packets. This is completely baffling to me! What is causing only the SIP traffic to vanish within the switch?
Environment
- Hardware
- Router/Firewall: Netgate m1n1wall 2D2
- Switch: HP 1810G-24
- Phones: Polycom SoundPoint IP 501
- Software: pfSense 2.0-RC3
Switch Configuration
The phone with IP Address 172.22.200.102 is in port 4 of this switch, the router LAN link is in port 22.
I can share any more settings that may be needed.
I have the following setup:
(internet) ---> [ pfSense Box ] /-> [ Apache / PHP server ]
[running HAproxy] --+--> [ Apache / PHP server ]
+--> [ Apache / PHP server ]
\-> [ Apache / PHP server ]
For HTTP requests this works great, requests are distributed to my Apache servers just fine. For SSL requests, I had HAproxy distributing the requests using TCP load balancing, and it worked however since HAproxy didn't act as a proxy, it didn't add the X-Forwarded-For HTTP header, and the Apache / PHP servers didn't know the client's real IP address.
So, I added stunnel in front of HAproxy, reading that stunnel could add the X-Forwarded-For HTTP header. However, the package which I could install into pfSense does not add this header... also, this apparently kills my ability to use KeepAlive requests, which I would really like to keep. But the biggest issue which killed that idea was that stunnel converted the HTTPS requests into plain HTTP requests, so PHP didn't know that SSL was enabled and tried to redirect to the SSL site.
How can I use HAproxy to load balance across a number of SSL servers, allowing those servers to both know the client's IP address and know that SSL is in use? And if possible, how can I do it on my pfSense server?
Or should I drop all this and just use nginx?
How can I connect to more than one Wifi access point simultaneously using a single wireless adapter?
I'm currently using pfSense as my home router and I want it to connect to multiple APs wirelessly. Do you know if it's possible?
Alternatively, how can we do that under Ubuntu? Please shed me some light :)
Interesting notes:
- pfSense, as well as many router distros, supports using a single wireless adapter as multiple APs, but it's not clear (to me) whether they can act as multiple clients
- The "Virtual Wifi Adapter" in Windows 7 can apparently do just that
- For wired network, one can easily create interface alias (e.g. eth0:1) and obtain multiple IPs with ifconfig. Is this of any help?