Use ntopng rather than ntop. Its main screen focuses on immediate/current traffic usage.

That should be possible in theory. The FreeBSD ports tree has both available still, sysutils/bacula-client is 7.0.5, sysutils/bacula5-client is 5.2.12

@marcelloc:

You mean client to squid cipher or squid to web server?

I meant both connections. AFAIK sslproxy_cipher is for Squid <-> web server, and https_port is for Squid <-> web client. It doesn't hurt to keep both connections with strong SSL/TLS modes.

Have you restart the firewall.

It should not be blocking your WAN IP unless Snort is not getting restarted when your WAN IP changes.  Remember that Snort only reads the Pass List contents once at startup.  It stores the contents in a memory array and refers to that array when getting ready to block an IP.  If the IP is in the memory list, it is not blocked.  If it's not in the memory list, it is blocked.  But this memory list is only created at startup and is not updated again until Snort restarts.

The BOTH selection should be fine.  You can change it if you wish, but depending on the direction of traffic, it may not help with your blocking problem.  I think that issue is caused by Snort not recognizing your WAN IP updated.

If you WAN IP changes and Snort does not restart, you can get a block.  You should see some system log entries when your WAN IP changes.  Look for a line near the IP change message that says "…restarting packages...".  If you don't see that line, and your IP changed, that's going to be the problem.  You would next need to determine why the packages did not restart.  Have you applied any manual patches to pfSense itself?

Bill

^ These things.

If you have a good editor, it may already have base64 en/decoing built in.

I use UltraEdit. All I have to do is select some text and use Edit > Decode base64.

Notepad++ Has Plugins > MIME Tools > Base64 Decode

There are scripts for Kate, and probably many other editors out there.

I've seen this behaviour before as well.  It's almost as if there are some operations in the package being done out of order, such as copying a library file to a dir that doesn't exist and then later creating that dir.  Fails on first install because the dir wasn't there, but succeeds on second try because the dir got created at the end of the first failed install.

I haven't tried that.  The problem with editing the local file is that any changes will be blown away during an upgrade.  The posts I linked to suggested just including the function in an external file so that you only had to add the include statement to the updated sgerror.php.  I know I should move the KOMerr.php out of /usr/local/www but I wanted to get it working at a basic level first.

Thanks that worked perfectly.

cjb

@tsolrm:

What sort of things would cause snort to throw an alert?

I am trying to test its functionality so I need a few test cases that would prove that it works.

Thank you

Enable the Emerging Threats scan rules category, then scan the firewall (on the interface where Snort is running) from a host running nmap.  That should generate some alerts for MySQL probes, VNC probes and a handful of others.

Bill

@marcelloc:

As you're forwarding it via firewall nat/rules, just create a no nat rule before with your client ips.

Thank you, Marcello!

So, if I understand correctly, I create a rule that instead of forwarding the client's IP outgoing traffic from port 80 to port 8080 on the LAN interface (like I have with DansGuardian), I create a rule to forward port 80 outgoing traffic on the LAN interface to port 3128? so even if the proxy is set to bypass traffic from that IP in transparent mode, it will still force HTTp to be proxied, and HTTPS to be bypassed?

@godtor:

Solved, i was missing the "Choose a suppression or filtering file if desired" option.. my bad sry :)

And after choosing that file and saving the change, remember to restart Snort on that interface.

Bill

Snort puts the interface in promiscuous mode so it's seeing any traffic on the selected interface.

In 2.2, Unbound is part of the base pfSense software. Look in the GUI menu for "DNS Resolver".

try squidguard-dev instead of squidguard3

there is an issue with the libs after reboot but search for my post on how to correct it if you still need squidguard

pbi is the feebsd port part of the package.

You will need all package gui config files to be downloaded and manual edit of config.xml to include menu and execute install script that most packages has.

gui files are under github https://github.com/pfsense/pfsense-packages/tree/master/config

I suggest you creating a local repo instead of manual package install.

Well, I've figured this one out…

I was doing a full reinstall of 2.2 (to cope with my architecture switch problem), with a complete config.xml on an USB drive. An ingenious way to do it an it works like a charm. However with a full install with config.xml on USB, none of the packages are reinstalled. Installing NUT manually afterwards creates the problem with it not starting. Removing and reinstalling the package does not help, NUT still wont start.

However, after the full install I forced an upgrade with the same version, 2.2 Release AMD64, from an update image. This time the packages are reinstalled properly and NUT works perfectly again, with the old settings present in config.xml, without doing anything.

This process triggered a battery calibration on my SmartUPS 1400 over serial that I cannot explain, but that is another issue.
It works now.

good to hear!!