1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    V
    Ah, I changed the action to deny both and now I also have a wan firewall rule, which I also had on OPNsense. With this wan rule I can see the blocks already coming now! Is it a bad idea to have the action set to deny both instead of inbound only?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    H
    Same issue here, so it's not just you.
Log in to post
Load new posts
  • N

    Snort + squid3 (transparent http/https) - inspect ssl traffic?

    4
    0 Votes
    4 Posts
    2k Views
    N
    Hmm, wanted to click "Thanks" for both posts but just works for one. So thank you for your feedback. Would be a nice feature if it works but it is probably not that easy. Thanky you!
  • F

    Suricata geoIP DB

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @fsansfil: Hello, Is there a way I can force update the Suricata geoIP DB? Yes, you can manually do this from the command line.  Execute this command at a shell prompt – cd /usr/local/pkg/suricata && php suricata_geoipupdate.php @fsansfil: Can I modify a country list…lets say geoip:us,... I would like to add some IPs to it? Well, I guess you might could manually do this if you understand the internal structure of the GeoIP database files.  Any change would be overwritten with the next scheduled update, though.  I don't know the internal structure of those files. Bill
  • F

    Squid3 Crashing ext_ldap_group_acl

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • A

    Which package to use?

    3
    0 Votes
    3 Posts
    824 Views
    A
    OK thank's for suggestion, I will try it for sure.
  • M

    Squid3 not setting transparent mode in 2.2

    17
    0 Votes
    17 Posts
    3k Views
    L
    I just messed around with ad blocking yesterday. But I didn't use squid3 for it, I used an /etc/hosts file addition. make a directory somewhere convenient, I used: mkdir /usr/local/www/adblock_hosts in a ssh on pfSense, install wget: pkg install wget cd /usr/local/www/adblock_hosts wget http://winhelp2002.mvps.org/hosts.txt in pfSense webconfigurator gui -> Services -> DNS Forwarder -> Advanced, add addn-hosts=/usr/local/www/adblock_hosts/hosts.txt Optional: set up a cron job to occasionally (e.g. once a month) update the hosts file However, what I found was quite a few sites stopped working. Lots of sites obviously rely on an ad being served before they progress on to the next stage (e.g. serving me the video I requested). So I scrapped the idea. I then went and created my own my_hosts.txt with just a few entries to try it out, google-analytics stuff and a couple of ad servers, a dozen lines in total for now. And then put that dnsmasq addn-hosts line with my_hosts.txt.
  • I

    Upgrade pfsense 2.2 freeradius2

    2
    0 Votes
    2 Posts
    640 Views
    S
    I got it fixed when I went to "Packages" tab and reinstalled Freeradius2 by pressing on its [pkg] button.
  • A

    Can't start Squid

    9
    0 Votes
    9 Posts
    2k Views
    KOMK
    Sorry I don't understand what you mean? The person Jim was replying to was using Squid2 (" I have now installed just  "squid    Network  2.7.9 pkg v.4.3.6"…..")  Jim told him to use Squid3.
  • T

    Squid3-dev - c-icap - amd64 - ICAP protocol error

    9
    0 Votes
    9 Posts
    4k Views
    marcellocM
    @Antonio_Grande: It is possible to fix it, or it really nonremovable error in 2.1.5 x64 in ICAP? https://forum.pfsense.org/index.php?topic=77264.msg487042#msg487042
  • I

    Squidguard update script error

    3
    0 Votes
    3 Posts
    1k Views
    I
    Fix the library problems, but now I´m stucked with this error ERROR: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory FATAL: MIME Config Table /usr/local/etc/squid/mime.conf: (2) No such file or directory Squid Cache (Version 3.4.10): Terminated abnormally I did  the symlinks ln -s /usr/pbi/squid-i386/local/lib/libmd5.so.0 /usr/lib/libmd5.so.0 ln -s /usr/pbi/squid-i386/local/lib/libecap.so.2 /usr/lib/libecap.so.2 ln -s /usr/pbi/squid-i386/local/etc/squid/squid.conf /usr/local/etc/squid/squid.conf ln -s /usr/pbi/squid-i386/local/etc/squid/mime.conf /usr/local/etc/squid/mime.conf I think the best solution is squidGuard scritp points /usr/pbi/squid-i386/sbin/squid because there is no error with /usr/pbi/squid-i386/sbin/squid -k reconfigure
  • D

    LCDproc not working with CFA (Crystalfontz) 633 USB LCD

    8
    0 Votes
    8 Posts
    3k Views
    T
    Wow Updated to lcdproc-0.5.7_2 pkg v. 0.9.10 and now my LCD broke sitting at server screen but no clients.. I had to fix it last time what happened this time?
  • D

    Squid and pfSense 2.2 page timeouts

    5
    0 Votes
    5 Posts
    1k Views
    D
    Thanks for the info.  In playing around with things I really broke some other things I was trying to setup, so I wiped the server and reinstalled.  One thing I did differently was after installing squid3, I restarted it immediately, and now the problem seems to have gone away. Thank you for the help.
  • O

    Cant see any blocked in Snort 2.9.7.0 pkg v3.2.3

    2
    0 Votes
    2 Posts
    513 Views
    bmeeksB
    @okaenrique: Hi! I use Snort 2.9.7.0 pkg v3.2.3 it is so many Alert Log but i cant see any Blocked Hosts Log ?? help please in my pfsense Alert Settings Block Offenders Checking this option will automatically block hosts that generate a Snort alert. IPS Policy Selection   Snort IPS policies are: Connectivity is any option i have missed ? Compare the IP addresses in the alerts with your local networks.  Remember that by default your local networks are not blocked. Another possibility is the blocks are happening but then clearing out automatically before you see them.  What value is the "Remove Blocked Hosts Interval" set for?  This is on the INTERFACE SETTINGS tab. Bill
  • C

    Snort IP Lists - whitelist configuration

    2
    0 Votes
    2 Posts
    1k Views
    bmeeksB
    @cjbujold: We use the new Snort IP Lists option for whitelisting some key users.  Is it possible in the list to place comments identifying the user.  In the snort suppress list we can place a comment by using the # sign before the comment.  Those this option exist in the IP lists for whitelisting or blacklisting IPs? Thanks cjb Yes, I believe Snort will understand and skip comment lines.  However, the comments will not be parsed and used in any way.  In other words, they won't appear in any logged output. Bill
  • F

    Problem with squid after 2.1.5 fresh install

    16
    0 Votes
    16 Posts
    2k Views
    F
    @marcelloc: @firefox: how do i do that ? Disable HAVP integration and test squid package only. Once you get it working, test havp. I guess I've done it That's the only way I had Internet access Only I did not know The test is done like this thank you both
  • F

    Snort Rule Actions

    9
    0 Votes
    9 Posts
    4k Views
    bmeeksB
    @fsansfil: Working like a charm. Thanks Bill. Alot of fun to see which engine catches what when the other doesnt F. Thanks for the feedback.  Glad to know it works like I intended.  I just had never tested it, though.  Since one day the plan is to implement inline mode that will not require an alias table, I never pushed the pfSense guys about adding a new built-in alias table just for Suricata.  The Snort table was added well before I ever even knew pfSense existed. Bill
  • F

    Open-VM-Tools install fails

    17
    0 Votes
    17 Posts
    8k Views
    F
    No luck with anything, doesn't look like it is a high priority for the devs, there hasn't been any code changes on the git repository for this package  :(
  • V

    SquidGuard on 2.2 not blocking was on 2.1

    12
    0 Votes
    12 Posts
    2k Views
    V
    If I block port 443 that will cause https to fail right?  If I want to make that work, can you point me to the instructions for making that work i.e. block when needed. Thanks! Rob
  • N

    Error : The requested URL could not be retrived - pfsense - squid3

    6
    0 Votes
    6 Posts
    4k Views
    KOMK
    is there anyway to get the antivirus to work? No idea, but then I don't use that stuff.  I played with the Clam package but it was slowing down our link too much, and we already subscribe to a large vendor AV solution on all clients and servers here so the Clam stuff was redundant and less effective.  I know the new 2.2 using HAVP, but I still won't use it.
  • P

    Snort 2.9.7.0 v 3.2.2 shows N/A

    8
    0 Votes
    8 Posts
    2k Views
    bmeeksB
    @PfChris: Hi bmeeks, i had "auto management" on and the Alerts File set to 500KB. Changed it to 50MB and will now check if the "problem" occurs again. Besides the "N/A" - does it work like it should? If the N/A is only a "cosmetic" thing then i don't mind at all - as long as snort is working properly Thank you for your help Most assuredly it works.  The "N/A" is purely cosmetic.  The blocked IP is in the blocking alias table (the <snort2c>table) or else it would not show up on the BLOCKED tab.  As I described above, the "N/A" simply means the alert log got rotated and so the GUI can't find the old alert description to display.  It does not mean the block is invalid or anything.  It just means the GUI code can't find the old rule description to show you (since it got rotated with the older alert log file). Bill</snort2c>
  • L

    Monit "package" for pfSense part 3

    2
    0 Votes
    2 Posts
    840 Views
    C
    i've been using monit I think since 1.2 days… Great little tool! If I ever start to learn to code, this would be probably be my first pfSense package.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.