Please read the following thread:

https://forum.pfsense.org/index.php?topic=61018.0

Goto Snort:Snort Interface WAN: WAN Settings:

[ Choose the networks Snort should inspect and whitelist ]

Make sure the Pass List is configured.

Also in "Pass Lists", make sure you add a passlist for the WAN and check all of the Checkboxes (This is what needs to be referenced in the first part above.)

I just finally solved this by using a USB cable. The serial cable had worked fine in with my other board and Ubuntu on this board, but for whatever reason, with pfSense on this board I can only get apcupsd to work with the USB cable.

Thanks Bill, you would think that when you close the Whois page, the pfsense diag_dns.php page is still loaded in its own window. Why would it loose the session id for that? It shouldn't have anything to do with the other tab that was called by diag_dns.php?

Also why does it only happen once on the Alert Interface section. If that was the case, you would expect the behavior to repeat for each lookup?

Security is always a good thing!!  :)

Glad you got it working, but for future reference: the base64_encode of the password is used as the salt parameter for crypt().  More details on php crypt are here:
http://us1.php.net/manual/en/function.crypt.php

well.. i've just spent a while trying to understand what could be the issue on this one and am not finding any solution.  finally my logs seem to only show the following message:

ntop[8154]: EPIPE while sending page to web client

and that was it.

so, since there is apparently no way to revert to a previous build, i guess i'll have to just run without ntop.. which stinks as I really liked the tool.

:(

It was NanoBSD.

I finally just did a reinstall, configured the basics, and downloaded a package again to test.

I downloaded Arping and the whole process was done in less than 8 seconds. Before it took almost a minute to download that package. I'm not sure what was going on but this was the 'fix'.

Thanks for your time!

i have only one lan network 172.16.0.0/16 with 800 computers.
i have same issue.

first i say sorry to pfsense and all pfsense lover's if i m worng,
if we correctly configured squid3-dev and squidguard-squid3 wihtout any error.
and all other sites are works fine like if deny blk_socialnetwork then when to go to https facebook or youtube its access dined only when i go for gmail.com its not working given msg which is all aware.

also when i go to banking https sites its working good.
so i think its some problem in pfsense and i proud to say pfsense is very easily solve this problem but i thought pfsense is playing with his lover's (pfsense firewall user's)

so we can only wait for new updates..

in between any expert solve this issue pls let me know
mohanrao83@gmail.com

Thanks

@Cino:

@ESPNSTI:

I've noticed with NTOP; when you reinstall/install, you have to select interfaces and enter the password again. Some reason the settings are not retained.

Hey Thank you so much, appreciated!  :D

I was struggling to understand why i could not connect to Ntop (5.0.1 v2.5) after a reinstalled,  it was until i tried your suggestion of setting the password again and adding back the interface for Ntop again everything seems to be working again….............

((MARK THIS  THREAD AS SOLVED!))  8)

Thank you for your help.

@fearnothing:

Well looking at it logically,

the default in pfSense is to deny all you do not have logging for this default turned on when snort is not present when snort is on, this rule starts logging

My guess is that snort enables logging for this rule as part of its base configuration.

Nope, Snort does not touch the firewall rules at all.  All it does is put the interface in promiscuous mode.  I promise it does not touch any firewall rules or pfSense logging options.

Bill

@Fmstrat:

I have all of them enabled except sensitive data. My hardware setup is an internal NIC for LAN, and a USB NIC for WAN. I tried switching snort over to the LAN and it seems to function fine there, so I'm wondering if the issue is somehow related to the network card itself. Is that even physically possible given snort's architecture?

As I look at the snort blocks', I'm actually curious as to if running on the LAN is better. When I run on WAN, I can't see which internal IP is engaged in the connection that causes the alert, making it very hard to trace sources. However, when it's on the LAN, all the alerts display the internal IP and the blocks show the external IP, which makes it much easier to debug. Is there any downside to running on the LAN end of things? Seems the benefit would be scanning internal traffic for infected machine, but the downside would be missing external attackers that are scanning ports that are already blocked by the firewall (which shouldn't matter, really.) Thoughts?

Ben

P.S. Unfortunately, I probably won't get back to the script we discussed until next week.

I don't think you will get good success with USB NICs on pfSense.

The LAN will show a little more detail. If you want more, you need a full IDS like "Security Onion" installed after pfSense or before it.

Bill does recommend that a smaller list be put on the WAN like Port scans, Cins, Compromised, Drops, etc… and than as many rules on the LAN that it can handle (without the rules you don't require for your network)

If you use pfBlocker (or my script  ;) ), you could also avoid the Cins, Drops, Compromised on the WAN as Snort sees a copy of the packets first before pfBlocker and they will both Log the same packets.

Make sure you check out my Github Gist for recent changes to the script.

Thanks.

with the next release of the squid package, AutoDiscover HTTP is included ;-)
so, no need to send the file anymore ;-)

Really, no replies?

i think problem come from upgrade.

Timelimit in SquidGuard is not working on a pfsense 2.0 upgraded to 2.1.2 but it's working on a fresh installation of 2.1.3 …

Anyway i found a solution, i put "/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf" in cron job every 30min.

"squid -k reconfigure" was not enough, it didn't work...

if you really need ClamAV, use Squid 3-Dev. Works for me using i386 firmware..

I've read the link you sent but still dont get this statement: The "core team" now compile the packages.

try https://lists.pfsense.org/mailman/listinfo/dev if you want to send an email to the pfsense developers or post a bug on redmine.pfsense.org

@jitguy:

Thanks lizdainis, hope things worked out well for you.  I went back and got 2.7 working.

Something about downloading 6 libraries from somewhere seemed like not time for me to be doing squid3-dev yet.

i'm running 3.3.10 pkg 2.2.5 using i386 firmware with no issues.. I'm not running in Transparent mode, but i do have anti-virus enabled (clamd)

The files that are listed are from the developers file repository. I think there has been issues to get the right files merge into the package pbi file

@BBcan177:

Hi Ben,

I already have request on Redmine to add this functionality for VirusTotal and other links.

https://forum.pfsense.org/index.php?topic=73406.msg400956#msg400956

https://redmine.pfsense.org/issues/3508#change-13575

You can manually edit that file for now.

Perfect. And now I also know where the issues log resides. Thanks.

Ben