1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @qupfer What did I bang my head over this strange 502 issue. Your solution did it! Thank you so much, even 2.5 years later!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    M
    Hi, I had a problem with my home network today, so I checked pfsense and discovered that suricata had blocked the wan ip. After some tests and triggering some suricata alerts, the wan ip was blocked. I restarted pfsense and ran some more tests, but the problem no longer occurred. I then checked the wan interface settings and indeed the ip list does not include the wan ip, both now that it's working and before, when it was blocked. I'm using pfsense 2.8.0 and suricata 7.0.8_2. I use PPPoE to access the Internet.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    571 Topics
    3k Posts
    dennypageD
    @Leon-Straathof Data retention settings are handled inside of ntopng. Documentation here. Pay attention to the RRD note. Also, if you've turned on some of the slice and dice time series information (is off by default), I'd suggest turning them back off. These balloon the storage requirements and are of little actual use.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    fireodoF
    @tinfoilmatt said in Failed or invalid Mime Type: [application/SIMH-tape-data|0]: (ASN data is IPinfo, not Maxmind) Thats correct but "GeoLite2-Country" is from Maxmind ... (that confused me) I'm considering simply adding "application/SIMH-tape-data" to the list to test. Thats what i tought too ... I'll try when I have the time for it ... Edit: I can confirm - adding "application/SIMH-tape-data" to the list at line 257 in /usr/local/pkg/pfblockerng/pfblockerng.inc did the trick - no more error! Edit: OK, problem resolved but I would like to know, whats the cause for that error! (SIMH-tape-data sounds like a "blast from the past" ...) Thanks a lot!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    101 Topics
    2k Posts
    dennypageD
    @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: Interesting. I would have thought the initial reboot, which occurred as part of the upgrade, would have done the trick, but it took a second reboot, just now, to get things working. Glad you have it sorted. There was no difference in the output of usbconfig show_ifdrv at any point -- before or after unplugging/replugging the USB cable, nor after rebooting. ... Question: What would tell me whether or not a driver was loaded? If there were an attached driver, it should have shown up with the show_ifdrv command. If you use the command and look at the other usb devices, I think they will show attached drivers. I don't expect to see a driver attached to the ups, because there is a quirk that tells the OS to ignore that device (and not attach a driver). Look for idVendor and idProduct in the above output. The Vendor ID for your device is 0764, which corresponds to Cyber Power Systems, and the Product ID for your device is 0601, which is registered as "PR1500LCDRT2U UPS" (don't sweat an exact match for the name). You can see the quirk with the following command: [25.07-RC][root@fw]/root: usbconfig dump_device_quirks | grep 0764 VID=0x0764 PID=0x0005 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0501 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE VID=0x0764 PID=0x0601 REVLO=0x0000 REVHI=0xffff QUIRK=UQ_HID_IGNORE [25.07-RC][root@fw]/root: Your device is third on the list. The HID_IGNORE quirk says to ignore the device and not attach a driver. @jhg said in NUT fails to start after 2.7.2 -> 2.8.0 upgrade: You might consider adding this resolution to the release notes for 2.8. LOL... sorry, I don't have input to the release notes (I don't work here). While I wrote and maintain various packages, including NUT, I'm still just a volunteer. Most packages are actually written by volunteers.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    496 Topics
    3k Posts
    M
    And when you are on version 25.07.1 or 25.07 and then click on the reinstall button for the ACME package. It will downgrade. :) [image: 1755753389733-125fc31e-ef4f-4342-b364-48c2b03446c5-image.png]

  • Discussions about the FRR Dynamic Routing package on pfSense

    294 Topics
    1k Posts
    yon 0Y
    said in Please update frr on Pfsense+ to FRR 10.3: https://redmine.pfsense.org/issues/15785 now frr 10.4.1

  • Discussions about the Tailscale package

    90 Topics
    599 Posts
    S
    Upgraded to 25.07 and facing the same issue. Tried the "tailscale up" command as suggested above but restarting the tailscale service kills the login again.[image: 1755715824513-tailscale_logged_out_25_07.jpg]

  • Discussions about WireGuard

    695 Topics
    4k Posts
    GertjanG
    @rosskan In theory, when you tunnel a 'VPN1' over another 'VPN2', VPN2 will see the originating IP as the one belonging to VPN1, not your real WAN IP. So far, ok. That said, when you subscribed to VPN1 and VPN2, you probably used your ISP IPv4 ^^ You installed the VPN1 (or2) application on your crappy laptop ?, if so, 'forget about it' ^^ 'as they know', the app is at an end point, and can see 'everything'. Don't forget that you pay for your VPN subscription, but you give them more then your money. They can see and use your data connection for 'data mining'. And they will make use of that data - by selling it. Why ? Because the share holders want a good financial result. If you need to connect two (your !) networks (or sites) together, use your own VPN solution. Don't use a commercial company. For example, take the ones you got with pfSense. If you really need to use that public network (aka : the Internet) to contact public servers, you are aware that the connection is already encrypted end-to-end ? That's what https is all about. 'http' doesn't really exist anymore / shouldn't be used. Also, you need to take other steps to be safe : you really should start with removing "windows 10" out of the equitation .... @rosskan said in What information can vpn provider see when I use wireguard?: does wireguard share the mac address of the ethernet port of the crappy laptop with vpn provider #2? MAC addresses travel on a local segment. Your laptop's MAC doesn't travel any further then the first hop, this is most probably your first router (gateway) like pfSense. Packet capture your traffic to check this. The Ethernet headers are not encrypted.
Log in to post
Load new posts
  • M

    HAVP 0.91_1 Disable Heuristics.Broken.Executable ??

    Locked
    5
    0 Votes
    5 Posts
    13k Views
    M
    Thanks working well =D
  • J

    AV scanner wont scan FTP, HTTPS, or email?

    Locked
    9
    0 Votes
    9 Posts
    5k Views
    C
    @NightHawk007: Just remember the lag that this antivirus causes is not worth using it .I used another utm software and there was zero lag and scanned everything going through it with no problems . Every gateway AV causes lag, and weirdness with downloads from the internal clients' perspective as the proxy itself downloads it first and scans it, then sends it to the client.
  • K

    Vmware-tools Installed correctly?

    Locked
    10
    0 Votes
    10 Posts
    8k Views
    D
    Well that is odd.  I just config'ed a 32-bit vmware appliance and installed the tools.  Voila, they are running.  Hmmm.  Well, I'm only going to be giving the VM 1GB or so, so 64-bit is not necessary…
  • N

    Freeswitch on 2.0RC1

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • N

    DOUBLE DECODING ATTACK

    Locked
    3
    0 Votes
    3 Posts
    12k Views
    J
    @NightHawk007: Is there a way disable this rule i have problems with most websites  because of  this stupid rule . This Started to have more alerts and blocks after i got my gigabit fibre package ! I dont know if your running a server or not, If your seeing these alerts just surfing the internet just add a fake "http server" in the "snort_define_servers.php" tab. Dont forget to define the ports too. Moreover, you can edit the snort.inc file and add "double_decode alerts off" to the "preprocessor http_inspect_server:" part. Example: TYPE: "ee /usr/local/pkg/snort/snort.inc" Find "preprocessor http_inspect_server:"
  • D

    Snort problem when DPORT = 3277x

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    J
    @Derek Zeanah Suppress disables the rule completely. What do you mean "first page", can you post a pic. A quick fix is to edit the snort.inc and add "no_alert_incomplete" to the "Preprocessor rpc_decode:" area. Example: Preprocessor rpc_decode: 111 32771 no_alert_incomplete
  • V

    Squid/Squidguard error redirect

    Locked
    2
    0 Votes
    2 Posts
    6k Views
    F
    I'm also having this problem. I found that when you set up pfSense in System-> Advanced-> Admin Access check http squidgard works well. But if you check HTTPS or HTTP and defines a port other than 80 it presents problems. In version 1.2.3 I was using http and port 8320 (my default). In pfsense 2.0 rc1 is showing this error because squidgard always configures redirect to redirect http://192.168.1.1:80/sgerror.php?url=403%20&a=%a&n=%n&i=%i&s=%s&t=%t&u=%u Even though you have set your ateriormente that would work with pfSense HTTP:8320 File squidguard_configurator.inc function sg_redirector_base_url($rdr_info, $redirect_mode) {     global $squidguard_config;     $rdr_path = ''; # gui port, ip & proto     $guiip = (!empty($squidguard_config[F_CURRENT_LAN_IP])) ? $squidguard_config[F_CURRENT_LAN_IP] : '127.0.0.1';     $guiport = (!empty($squidguard_config[F_CURRENT_GUI_PORT])) ? $squidguard_config[F_CURRENT_GUI_PORT] : '80'; ////////////////////// the error is here ////////////////     $rdr_path = "http://$guiip:$guiport" . REDIRECT_BASE_URL; The staff should make pfSense squidgard used the same port as defined in System->Advanced->Admin Access check HTTP I changed my code to cause the port to the redirect was equal to the configuration of pfSense HTTP: 8320, is now up, but I think this is a BUG.
  • L

    Simple functionality improvement for vhosts package

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    Looking for something to organize port forwards/rules

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    jimpJ
    By using aliases and such, usually it isn't necessary to have such a long list of rules. Are you sure there isn't any way you could be simplifying your ruleset to be shorter? Any changes like those mentioned in the other thread would be too large for 2.0, so it would be 2.1 at the earliest, if that.
  • C

    Squid/Lightsquid reports May as Maj

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    S
    You use either vi or nano or ee to edit/update the file vi /usr/local/share/lightsquid/lang/eng.lng
  • J

    2.0RC AMD64, CARP HA, and Countryblock causes panic.

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    T
    @jwelter99: I'm running it on just the master for now. I will setup a test environment next week to play and will update this thread as perhaps we can work through it? Fantastic package by the way!!!! Absolutely. It would be pretty cool if I could make the package compliant with your setup. At the very minimum, we could develop a special version just for your setup.
  • M

    Minor bug using Snort plugin 2.8.6.1 pkg v. 1.35 on 2.0 RC1

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • O

    Bandwidthd failing to install

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    O
    going to take a look at it, many thanks for your kind advices!
  • X

    Squid upstream proxy forwarding always disbled after reboot

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • B

    Lightsquid Whitelist are block sometimes contet!

    Locked
    1
    0 Votes
    1 Posts
    988 Views
    No one has replied
  • S

    Package Syncing taking too long whle booting

    Locked
    10
    0 Votes
    10 Posts
    3k Views
    jimpJ
    That's all up to you and your environment. If you have a very large hdd, you could have a very large squid cache :-)
  • iorxI

    Snort and suppress performance hit?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    Snort/Barnyard/MySQL - snort.signature.sig_name

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    T
    I have the same problem, except some of my alerts are working properly, and some are not. Output of the signature table in mysql shows Some are good and some are bad |    105 | Snort Alert [1:408:0]                          |            1 |            3 |      5 |    408 |      1 | |    106 | Snort Alert [1:396:0]                          |            1 |            3 |      7 |    396 |      1 | |    107 | Snort Alert [1:5999:0]                        |            6 |            1 |      4 |    5999 |      1 | |    108 | Snort Alert [1:5693:0]                        |            6 |            1 |      6 |    5693 |      1 | |    109 | Snort Alert [1:16281:0]                        |            6 |            1 |      1 |  16281 |      1 | |    110 | Snort Alert [1:368:0]                          |            1 |            3 |      6 |    368 |      1 | |    111 | Snort Alert [1:381:0]                          |            1 |            3 |      6 |    381 |      1 | |    112 | Snort Alert [1:16627:0]                        |            6 |            1 |      1 |  16627 |      1 | |    113 | ICMP PING Windows                              |            1 |            3 |      7 |    382 |      1 | |    114 | ICMP Echo Reply                                |            1 |            3 |      5 |    408 |      1 | |    115 | ICMP Destination Unreachable Port Unreachable  |            1 |            3 |      8 |    402 |      1 | |    116 | ICMP PING BSDtype                              |            1 |            3 |      6 |    368 |      1 | |    117 | ICMP PING *NIX                                |            1 |            3 |      7 |    366 |      1 |
  • N

    Snort Will not update

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • D

    PfFlowd not sending packets

    Locked
    18
    0 Votes
    18 Posts
    7k Views
    C
    The way some applications bind, they don't function entirely correctly with bridging unless the IP they're using is on the bridge itself (which is only supported in 2.0), I suspect that's what you're seeing here. The only thing I've seen to date that has issues in that scenario is nmap but other applications likely have the same issue.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.