Not that I'm aware of

Same here, new install, bandwidthd error.

Installed the 2.2 upgrade on another machine and it got hosed, won't reboot….

ugh.

Yup, I just rebooted and reinstalled and it installed fine.  It also started snort fine too.

Thanks!

What you get on access.log and cache.log?

Setup looks fine…

... acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 2083 3128 3127 1025-65535 21-65535 acl allowed_subnets src 192.168.1.0/24 http_access allow allowed_subnets http_access allow localnet

I am going to have to give up and accept that I have to get a more powerful system to do this.  I tried reducing the size of the shallalist.tar.gz to only what I want.  But for some reason, while it appears that the databases are being updated, they apparently are not as the blacklist.files file does not exist as it should per this log entry.

klist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/pbi/squidguard-i386/etc/squidGuard' returned exit code '1', the output was 'cp: /u6/etc/squidGuard/blacklist.files: Read-only file system'

I also do not appear to be able to hack the config files to make it work.  You guys did too good of a job at securing this thing down.

Thank you for your help.  At least now I know.

@lshiry:

… I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks.  After that, snort was in the services menu.  It was not started, but at least I can manage it now.  Thanks for the help, got me looking in the right direction.  Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete.

Thanks for the information on how you solved it.  Something got hung up in that sub-process on your box.  You are not the only one to experience the issue, but the number who have is quite low (maybe 3 or 4 that I can recall).  The install process calls a system function to execute that shell script.  I will look into it some more.

Thanks,
Bill

what squid version are you using?

@bmeeks:

No, the Promiscuous Mode feature has been in Snort since the beginning.  It is something the underlying binary controls and not the GUI package.  Since you say you have done a complete fresh install from the ground up, are you absolutely positive that all the pfSense settings are exactly the same as before?  Was perhaps your VLAN formerly associated with a different interface?

Bill

Thank you Bill  ;D

No, it is completely 100% the same. I meticulously created screenshots of all settings, and setup everything again, fresh, by hand according to these screenshots :-[

@KOM:

Just curious, but why do you need to stop it?  Just disable it.

+1
SquidGuard may be only disabled. Otherwise Squid will crash.

Edit: found info on 2.2 problems here: https://forum.pfsense.org/index.php?topic=84642.0

Nevermind, I think I found what I'm looking for. Under status->system logs->firewall I can see all blocked connections. I'm not 100% sure I'm seeing pfBlocker kills here, but I think I am because I'm seeing some blocks on outbound connection attempts to Netherlands (a country I blocked) (no, I don't have kazy, it's a damn Kaspersky IP).

Is it better to put the tracking to the VLAN or the WAN Interface?

That depend on what it is you're trying to measure.  Total bandwidth in/out would require WAN if you have multiple vLANs.  If you have just the one vLAN and no others then I suspect it doesn't make any difference.  It's just adding up all bytes going in/out of the specified interface.

When creating this i choose to do it like this and allow for using acl's like 'SSL client certificate valid.' to be used for selecting the normal backend, or redirecting to a custom 'error' backend. Ill have to re-check if it actually works like i intended (i don't actually use it myself)..
It does seem that i forgot to implement the 'none' option which can be selected for a , which i intended to allow for switching between 'optional' and 'required'.

Thanks for your sharing your opinion and experience with haproxy-devel, it will take me a while before i get to this though. Put your item on my list of items to check/improve. Thanks.

I've had issues with reverse proxy (which typically publishes internal servers over HTTP and HTTPS ports 80 and 443) when the web configurator itself is also listening on one of those ports. Nowadays, I change the port the pfSense web configurator listens to as a rule of thumb - anything really as long as it's not 80 or 443. You could try that and see if it helps?

Refer to "TCP port" under System | Advanced menu on where to change it.
Remember that you would then need to specify that port number in the URL in your browser to access the pfSense web configurator.

Also, have a look at the "DNS Rebind Check" option (also under the System | Advanced menu).

I just went through this same exercise a few weeks ago.  Nice job.  The only things I would suggest would be for you to clean up some of the inconsistencies.  For example, it's pfSense, not pfsense or PFsense.  Facebook, not facebook.  HTTPS, not HTTPs.  Squid, not SQUID.  SquidGuard, not SQUID Guard.  WPAD, not Wpad.  Prerequisites ordered list has unbold #2.  Your guide would be more universal if you didn't assume that they had an AD network.  I might instead host the WPAD file on pfSense itself as per their guide:

WPAD Autoconfigure for Squid

Good job, though.

For google I have set these two entries:

googlesyndication.com 0.0.0.0 Block Advertising
googletagservices.com 0.0.0.0 Block Advertising

This also takes care of any subdomain like "pagead.googlesyndication.com" for example.
I found in another topic that people advised to use "host" entries, this however was not working for me.

Important, you have to set pfsense dns server to 127.0.0.1 and clients have to use pfsense exclusively as a dns server.
To achieve this, I've made a firewall rule to block all other dns servers (port 53) and only allow the pfsense box as a dns server for clients.
This works wonders, I absolutely hate ads.

Cheers.

Hello,

I tried to get OpenAppId working, but it doesn't want to…

My snort is working, VRT & OpenAppId rules are downloaded. VRT alerts appear.
I followed this tutorial : https://forum.pfsense.org/index.php?topic=84227.0
When I go to reddit, nothing is logged in alerts. Nothing useful in the firewall logs neither.

I'm running pfsense 2.1.5 with the latest version of snort.

Any idea ?

Thanks !

squid3 3.1.20 pkg 2.1.2

which part do u want? its huge… the problem appears when i add a cache_peer, example code in squid.conf is like this:

#192.168.84.101 cache_peer 192.168.84.101 parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_HTTP-101

all the mappings start using that peer, until i assing the peer to a mapping, then it start working as it should…

It works.