1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    bmeeksB
    @NRgia said in Suricata on Pfsense: @bmeeks Thank you for what you did for Snort or Suricata. I'm not sure what you want me to do on Redmine, due to is a bug tracker. My question is for Product Management, which I will ask it here to be public: What is the plan for these 2 packages, Suricata and Snort? Thank you Yes, Redmine is for both bug reports and feature requests. Asking for the Suricata binary to be updated to the latest 7.0.11 version from upstream is a legitimate Redmine request. I would suggest simply asking for the binary version update instead of asking about future Netgate strategy (such as the support plans for the packages). Strategy discussions typically don't get very far because they deal with proprietary information or plans that a company may not want to publicly discuss. Redmine is where the Netgate developer team tracks all the code changes they make for pfSense. They will see Redmine reports much quicker than a forum post.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    fireodoF
    @tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    X
    I also crashed my system yesterday with an ACME update. I can't say whether I had Crowdsec installed or not. But I've tried things like that in the past, so it's quite possible.

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    598 Posts
    E
    Updated CE 2.7.2 to 1.86.4 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.4.pkg Freshports

  • Discussions about WireGuard

    694 Topics
    4k Posts
    H
    I have Wireguard installed on my firewalls. I have about 12 firewalls and most of them connect back to the main firewall which allows the connection to the servers in the main building. I setup a tunnel on each and then added each location as a peer on the Main firewall. This seemed to work except that the gateway. unde3r Monitor IP it only allows one IP address. So the first one works and shows connected fine, but the other 2 are red and do not connect. Everything seems to work until I added a 3rd peer and then the 1st peer showed as if it was offline even though it looked fine and I was able to connect to devices on that network. Am I supposed to add multiple gateways to the Main firewall so that shows as up? Is this the right way for the tunnels between the buildings which need access will work - By adding a tunnel at that location and just adding a peer to the main location?
Log in to post
Load new posts
  • S

    Squid + Squidguard, incredibly slow and seemingly, doesn't function

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    J
    hm, i have opposite problem with 1.2.2 everything worked perfect i get new machine and install 1.2.3. with squid vr. 2.7.8_1 and squidguard vr. 1.3-2 and everything seems to work perfect, except one day i notice that squid is not blocking sites that are blacklisted… under status: services all services are running :) strange isnt it? and then i just have to click apply and save under service: proxy filter and then block sites again, like everything is fine.... im trying to fix this for days now, and nothing, only one thing i didnt try is to wipe everything, format hdd and reinstall complete machine, but i have to say im not sore will this help, because im using pfs with this kind of configuration for years now, and i never had any problems. any ideas ?
  • T

    Denyhosts Service disable

    Locked
    9
    0 Votes
    9 Posts
    8k Views
    L
    Hello, Thanks for this usefull topic. It's work also for me  !  :)
  • J

    Squid Transparent Proxy and 3rd Party Software

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    Along the same lines as Bern suggested, try tinkering with the FTP helper application.  Mine is checked on wan for Disable the userland FTP-Proxy application and unchecked on LAN.  The setting is on the interfaces config page.
  • Z

    Vhosts not working, no info, no errors, service wont start on 1.2.3 or 2.0

    Locked
    5
    0 Votes
    5 Posts
    7k Views
    J
    Looks like dependency errors: 2010-03-20 12:37:26: (mod_fastcgi.c.1087) the fastcgi-backend /usr/local/php5/php-cgi failed to start: 2010-03-20 12:37:26: (mod_fastcgi.c.1091) child exited with status 1 /usr/local/php5/php-cgi 2010-03-20 12:37:26: (mod_fastcgi.c.1094) If you're trying to run your app as a FastCGI backend, make sure you're using the FastCGI-enabled version. If this is PHP on Gentoo, add 'fastcgi' to the USE flags. 2010-03-20 12:37:26: (mod_fastcgi.c.1398) [ERROR]: spawning fcgi failed. 2010-03-20 12:37:26: (server.c.928) Configuration of plugins failed. Going down. /usr/local/php5/php-cgi /libexec/ld-elf.so.1: Shared object "libiconv.so.3" not found, required by "php-cgi" So doing a simple:  pkg_add -r libiconv should fix the issue.
  • S

    DenyHosts broke?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    B
    Rather than mess around with add-on packages, I'd be tempted to just tick "Disable Password login for Secure Shell (KEY only)" and completely disable password-based authentication. The fact that pfSense's standard SSH port is 222 helps A LOT to start with. Rate-limiting connections on port 222 will help if you're feeling really paranoid.
  • N

    SquidGuard Error

    Locked
    9
    0 Votes
    9 Posts
    4k Views
    L
    @dvserg: I am glad that was able to help you. ps Welcome to Black Sea Thanks (don't be surprise I've change my username - and delete old one). I'm still the same guy from Madagascar…  ;) I've this one (lol) in a french Debian forum. It's usefull to have the same...  8)
  • F

    Max 3mbit/s download through squid???

    Locked
    15
    0 Votes
    15 Posts
    7k Views
    F
    First of, no, I'm running it with 2 nics, one internal and one external (and a third DMZ which is purely virtual). Hmm, Hypervisor is a general term for the software that creates the virtual environment, are you thinking about Hyper-V (from M$), then it's definetely not the fastest. They will perform windows virtualization better than other 'non-para-virtualized' hypervisors. You can gain a lot of performance enhancements by doing it para-virtualized, which hyper-v wants to do with Windows (and Linux, but with problems), a much more compatible product is XEN, that will do para-virtualized for a lot more platforms, and do it better. Only problem is that with paravirtualized you have some system drivers that can completely crash all virtual machines, and render them unsalvagable (speaking of experience), which was why we switched all virtual environments to VMWare a year ago at work. But para-virtualized systems requires specially compiled kernels, and special drivers, so going with hyper-v you are really locking yourself down to M$ until all the kernels are available, which for us was an absolute nono.
  • J

    Separate Log View window?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    I'd start a new thread for that. I'm not familiar with HAVP at all, and the package author does frequent the package subforum quite often.
  • T

    Sipproxd and udp timeout

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    HAProxy feature request (listen stats :8080)

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    J
    i found a work around: this can be done by add extra virtual ip, add extra  HAProxy listener add extra server pool (can be to non existing server, but at least one server) then use tis extra virtual ip for the stats, all listners are shown on the same stats page. but it's a waste of a extra public ip tnx, have fun! jst.
  • J

    Haproxy / virtual ip

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    R
    NP - glad to help.
  • J

    Haproxy 0.30 on 1.2.3-release does not work with cookie insertion

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • B

    Ntop very high cpu usage

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    B
    anyone?
  • T

    Snort not starting due to rules errors 24-02-2010

    Locked
    18
    0 Votes
    18 Posts
    13k Views
    G
    I got it working again. 1.) As always backup! Diagnostics>Backup/Restore. Go ahead and backup ALL as well as Package Manager Since a few of the Categories were junk or no longer with the recent rules I went ahead and went System>Packages> (Installed Packages)     Go down to the XML icon put your mouse over it first to make sure is saw "Reinstall the packages GUI" Check Categories and make sure in is empty Run Update Rules again. Check the system log and see if anything failed For me I have to comment out this line by adding the # /usr/local/etc/snort/snort.conf include $RULE_PATH/web-misc.so.rules If you still get rule failures disable the rules that are failing one by one. I only had a few that were failing. After that everything works. Just remember not to let I update until the new package can be released.
  • T

    HAVP antivirus filling hard drive

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    Clam AV database /var/db/clamav
  • provelsP

    Adzap seems to stop working

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Darkstat logs

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • S

    Snort management

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J
    List some commands you would like to see. Should be easy to add. James
  • O

    Squid slow on one site

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    O
    I realized after posting what I'd done.  In fiddling around with various settings, trying to figure out what was going on, I had unchecked the 'Bypass proxy for Private Address Space (RFC 1918) destination' setting.  Ticking that setting and making the above edit to Squid.inc.  Thanks!
  • J

    MOVED: Auto restart with cron.. How to do it?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.