1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @ha11oga11o Your LAN DNS returns both pfSense and Nextcloud IPs, so clients bypass HAProxy. Add a host override in DNS Resolver for nextcloud.mydomain.xx pointing only to 192.168.1.1. Flush DNS, restart Unbound, and all local traffic will use HAProxy with the correct certificate.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    713 Topics
    4k Posts
    M
    I have my wiregaurd up and running and can ping from firewall to devices on the vlan but cannot get clients to ping each other.
Log in to post
Load new posts
  • M

    DansGuardian 2.12.0.3_2 pkg v.0.1.12

    1
    0 Votes
    1 Posts
    637 Views
    No one has replied
  • C

    Antivirus for all protocols

    7
    0 Votes
    7 Posts
    1k Views
    KOMK
    Ah, sorry. For a moment, I thought you were asking to scan the packet stream.  I agree with P3R in that ClamAV isn't that great.  I gave up on it when it was killing our performance, and we already have client/server protection.  Managing an AV service infrastructure isn't simple or cheap, and I can't imagine any FOSS project being able to keep up with the big boys in that regard.
  • D

    Bandwithd not working after update

    11
    0 Votes
    11 Posts
    3k Views
    D
    @mattlach: @mattlach: @DaveQB: Running: pfSense 2.1 bandwidthd 2.0.1_5 pkg v.0.3 My solution was. [root@pfsense /usr/local/www]# rm bandwidthd [root@pfsense /usr/local/www]# ln -s /usr/local/bandwidthd/htdocs/ bandwidthd The symlink was originally pointing to /usr/pbi/bandwidthd-i386/bandwidthd/htdocs Hmm… This did not help for me. It replaced my "Please start bandwidthd to populate this directory." message with a "404 - Not Found" page :( Any suggestions? Never mind, I was being an idiot. Looks like this was fixed, but I was getting th emessage because I actually DID forget to start bandwidth d.  Then I moved the symlink to the - now - incorrect location. I found the correct one in /usr/pbi/bandwidthd-amd64/bandwidthd/htdocs/, and recreated the symlink and now everything works. :p Ahh I see. Well I hope I put you on the right track with my post.
  • A

    Dansguardian /var/run/clamav/clamd.sock

    2
    0 Votes
    2 Posts
    858 Views
    A
    no one ??  :-\
  • M

    Unable to communicate with http://packages.pfsense.org.

    16
    0 Votes
    16 Posts
    3k Views
    D
    Well, glad you found what breaks it, but in order to fix it, you have to understand how it breaks it - either by changing routing or by blocking via pf… That I can't probably help you - I do not use OpenVPN. However - if that is the only thing being blocked, you can always temporarily stop tunnel to check updates as the last resort :)
  • C

    Squid proxy efficiency

    5
    0 Votes
    5 Posts
    2k Views
    C
    Solved. Similar topic: https://forum.pfsense.org/index.php?topic=67607.msg369910#msg369910
  • D

    Snort 2.9.6.0 is now EOL for rule support

    10
    0 Votes
    10 Posts
    2k Views
    D
    Yes, great thanks, that was quick :) Upgraded as well, seems to be working normally so fr.
  • S

    SqidGuard

    8
    0 Votes
    8 Posts
    2k Views
    S
    Makes since.
  • N

    Cant expand SquidGuard Target Rule List

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    I'm glad its working for you.  Yes, it can be little confusing when the options for a feature are spread over more than one tab.
  • A

    Ntop can't see IP detail information

    20
    0 Votes
    20 Posts
    6k Views
    A
    I have to report to redmine.pfsense.org.It's report for me. there's nothing broken in general with ntop. it needs to be deprecated and replaced with ntopng regardless. So,Is it will be use ntopng?
  • R

    Pfsense + snort vrt subsciption error 505 (solved)

    4
    0 Votes
    4 Posts
    4k Views
    bmeeksB
    @reza.mnp: thanks this problem solved automatically after several hour. Glad it's working.  If you had a brand new just purchased code, it may have taken a little while for it to work its way through the Snort VRT web site systems such that rules download server recognized it.  That's just a guess, though. Bill
  • W

    Squid getting RST ACK from monoprice.com

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    S
    Yep, the header that was causing monoprice to fail was actually "X-Forwarded-For: Unknown".  I wasn't allowing IP leakage, but I was trying to get dansguardian to pass the orig ip to squid.  Squid was setting it to Unknown before making requests. I'm using dansguardian & squid together, so if you want squid to be able to use traffic buckets to limit per IP you have to pass through the information somehow.  Or if you want any other Squid ACL's to work.  http://dansguardian.org/?page=faq#c1
  • W

    Squid3-dev transparent mode

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    LIGHTSQUID NOT UPDATING REPORTS

    1
    0 Votes
    1 Posts
    924 Views
    No one has replied
  • C

    Squid error when enabling AV scanner

    1
    0 Votes
    1 Posts
    763 Views
    No one has replied
  • M

    NTOP 5.0.1 v2.3 not working under pfsense 2.1-RC1

    11
    0 Votes
    11 Posts
    7k Views
    T
    Hi all, I had a similar problem after updating and tried the reinstall approach. What I found was that I had to go back into ntop settings and set a new admin password. After I did this, the service started normally. Cheers, Toby
  • B

    Squid Build Options & Apple Caching

    1
    0 Votes
    1 Posts
    759 Views
    No one has replied
  • N

    PfBlocker Un-Clean Uninstall

    2
    0 Votes
    2 Posts
    760 Views
    K
    I had a question/request. The pfblocker dashboard widget conveniently shows the status of the block list as well as a packet count of hits. This is very valuable for determining what is happening as far as blocks. But it resets quite often automatically which prevents me from seeing over a long period of time what block lists are being hit. Anyway to prevent it from resetting, except when I want to clear it?
  • D

    SquidGuard issue - blocked javascript hangs pages

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • A

    Squid and Dansguardian not working

    23
    0 Votes
    23 Posts
    10k Views
    Q
    Ive managed to work through this thread, with input and learnings from a few others and finally have a working squid / dansguardian setup. Ive found a strange issue in that everything works great for the first ten minutes or so, then web surfing becomes slower before eventually stopping. If I shortcut the localhost chain (NAT 80 -> DG 8080 -> Squid 3128 -> Web) by setting my proxy direct to Squids 3128 port everything resumes as normal. If I restart Dansguardian things return to normal as well so it appears to be some kind of memory leak / cache / buffers filling up type issue. Any ideas? Ive killed squids caching along the route of debugging this matter and that didn't help.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.