Of course, the most advisable thing is to put the dynamic DNS domain in the UptimeRobot itself, because if you have a dynamic public IP it will change from time to time, and you can get false positives of loss of connectivity.You will need an older version of AirPort Utility 5.6.1 installed on your Mac to view any of the logs on the AirPort Express and prior generation AirPort Extreme. Thanks to UptimeRobot and a good configuration in pfSense to avoid false positives, you will be able to verify that the Internet connection works correctly and you do not have an incident. Right now, only the source IP addresses defined in the aliases, which correspond to the UptimeRobot IP addresses, would only have access to the SSH server, so as not to leave the SSH server exposed to everyone. Source – Single host or alias: IP_UptimeRobotĪnd we click on “Save” and apply changes.
Address Family: IPv4 and IPv6, to also cover IPv6 addresses.
Now we would have to edit the SSH rule, and define: As you can see, in the Aliases / URLs section these public IP addresses of origin used by UptimeRobot will appear already loaded: Thanks to this, we will be able to incorporate all the IPv4 and IPv6 addresses automatically and without having to go one by one, to greatly facilitate the configuration. We can put the URL with the text file that we have provided previously, and we put it directly in the URL Aliases (IP): If we go to ” Firewall / Aliases ” you can create an alias with all the source IP addresses of UptimeRobot, to greatly facilitate the configuration of the rule. If you want to enable the SSH server only for the UptimeRobot addresses, in order to check if the Internet connection works well, you can limit the SSH connections through the rule in the firewall. Can I limit SSH connections to only UptimeRobot? Now you must check in pfSense that you have received the packet correctly, checking the firewall logs in the WAN section, you can filter the logs by putting the destination port 2222 which is the SSH port, you can also check that the source IP address is inside of the range of IP addresses that we have indicated previously. Once we have finished, we click on «Create Monitor» and we will have UptimeRobot working.
This port will be accessible through the Internet from any source, with the aim of managing the operating system from anywhere. We will only have to enable the SSH server and configure a specific listening TCP port, for example, port 2222 for SSH.
In our case, the verification of whether the Internet connection is up is carried out with some «checks» on the SSH server of the pfSense operating system, which we must enable. However, in this article we have verified that this is not enough if you use pfSense, since it is continuously telling us that the Internet connection is working correctly, and that it has been dropped, the check is oscillating between both states. All the checks carried out by UptimeRobot are carried out from Dallas-United States, however, when a drop is detected, the rest of the nodes around the world will check if the connection has really dropped or not. Configure pfSense so UptimeRobot is not blockedĪlthough UptimeRobot has several servers spread all over the world in order to monitor the different hosts and avoid false positives, in many cases this is not enough, especially if we have our pfSense firewall configured very well.
Once we know everything that UptimeRobot can do for us, let’s see how to correctly configure pfSense to avoid false attack alerts. If you buy the premium version, you can configure one-minute intervals to check if the Internet connection is working well, and you will have more hosts to monitor, all centralized in the same account.
The free version allows us to check up to 50 hosts in 5-minute intervals, enough for a home environment and for small and medium-sized companies, although it is possible that in your company you need to know more quickly if the Internet connection drops. UptimeRobot is a completely free web service that will allow us to monitor the Internet connection remotely, this service has dozens of servers spread all over the world, which will try to connect with our team through TCP, UDP and even ICMP to check that the Internet connection is working properly.