1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    H
    Hello all, please dont shoot me on sight, im one of those who kinda set up things by following tutorials and actually see things how they look like on screen. And English is not my native language either. I setted up HAProxy with pfSense package for Nextcloud which works as VM at ip 192.168.1.214. It has self signed cert. I created ACME with Porkbun as wildcard and all that works totally fine. BUT i have big issue which i dont know how to solve. When im acessing by nextcloud.mydomain.xx in LOCAL LAN it serves page fine, but it uses self signed cert. Will someone, please, by example show me how to create working rule which will force pfSense to serve 192.168.1.214 and all its translation or whatever exclusively outside? Bare in mind that 214 has to be able to lurk in 192.168.1.0/24 also, since data storage is served by NFS on TrueNas. 192.168.1.1 (pfSense IP), 192.168.1.214 (Nextcloud IP) All works fine from outside, but from local LAN it bypase HAProxy, and serve nextcloud internal cert with correct domain name nextcloud.mydomain.xx . Well it seems that only bypas cert part since domain works. Somehow it resolve. This is what dig command does from local lan: ;; ANSWER SECTION: nextcloud.domain.xx. 3600 IN A 192.168.1.1 nextcloud.domain.xx. 3600 IN A 192.168.1.214 ;; Query time: 0 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP) ;; WHEN: Thu Oct 30 08:48:37 CET 2025 ;; MSG SIZE rcvd: 83 Main problem here is that Nextcloud app go stuck when we are on local network. It does not work since it gets different cert. It does not even ask do we want to accept it or not. Even if does it will be bit weird to do that every time we come home. Many thnx in advance!

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    B
    @Greyhat I think it's useful to work with what we've got and figure something out for the (i hope) edge cases later. So for the JSON I figured you can actually use an existing suricata integration by co-opting their pipelines.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @dma_pf Debt collector, or debt relief service?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @netboy said in Docker container for nut server?: I am NOT installing docker in pfsense - offcourse this is a big security risk - I agree !!! My apologies. I interpreted your earlier question I think i need to explain what i am asking for. I am fully aware if your netgate router is attached to an UPS you can configure netgate. Let us say you 5 UPS's in your home and you want nut server to read all the UPS's and show me a dasboard about the status of all the UPS's ? - Is there a ready made docker container for client server nut with dashboard functionality? as a request to have something running on pfSense, which is why I responded I believe most people would say that the type of thing you are asking for isn't something you want to run on your firewall. I recommend using a general purpose operating system behind the firewall instead. Mutual misunderstanding I guess. If you want to explore general NUT monitoring, and not something particular to pfSense, I would recommend the NUT Users list as a better place to seek information.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    638 Posts
    L
    @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet)

  • Discussions about WireGuard

    711 Topics
    4k Posts
    D
    Hello, I’m wondering if it’s possible to have a private vpn wireguard server on pfsense and to also have a personal wireguard server such that friends can link to your pfsense network but also be under the private vpn, nordvpn for example. Is that possible to with routing?
Log in to post
Load new posts
  • panzP

    Snort stupid question: whitelists and Suppress lists.

    29
    0 Votes
    29 Posts
    29k Views
    panzP
    OK!  :)
  • 2

    /etc/squid/squid.conf

    1
    0 Votes
    1 Posts
    682 Views
    No one has replied
  • M

    Offline package repository

    4
    0 Votes
    4 Posts
    1k Views
    B
    @Moosecall: I followed the steps listed in the wiki, it breaks at step 3 running the second php test script.  I am only following the steps for 2.0 setup as the firewalls that will be using it are 2.1.  I did try having a firewall pull from it but as expected no joy. The server is a fresh install of Ubuntu 12.04 lts server, that is doing nothing else.  I installed apache, git and php. You sure the git clones were successful?
  • D

    Squid3 looping issue

    1
    0 Votes
    1 Posts
    789 Views
    No one has replied
  • M

    Squidguard - multiple users/groups

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    They must be independent. It's more work but that is what is required. Each ACL must define the exact list of actions for each category.
  • L

    Proxy on Alix ??

    6
    0 Votes
    6 Posts
    4k Views
    jimpJ
    It does work on ALIX, not for caching but for access control only (with squidGuard). Memory is the biggest drawback on those
  • S

    PfBlocker different on 2 installs

    3
    0 Votes
    3 Posts
    921 Views
    P
    In pfSense an interface without any rules is already blocking everything by default. pfBlocker is smart enough to understand this. If an interface (e.g. WAN) has no rules, then pfBlocker does not bother to add block rules. Maybe that is the difference between your WANs?
  • D

    Squid3-dev 3.3.10 pkg 2.2.1 & transparent ssl

    8
    0 Votes
    8 Posts
    2k Views
    belleraB
    I looked at squid.conf and it's using only error_default_language directive. I found only another squid directive for error pages: http://www.squid-cache.org/Doc/config/error_directory/ But it doesn't help to solve the problem that you told us. I think the only solution is to modify the files at /usr/local/etc/squid/errors/en/ (en, if you use English) and put a redirect code to an alternative URL. Example: This will show http://www.yourdomain.tld/access_denied.html to the user.
  • S

    Squid is acting Strange

    4
    0 Votes
    4 Posts
    2k Views
    S
    So Lightsquid is saying the file i am downloading is cached. But when i redownload the file i get no speed boost, and the file is coming from the internet. But lightsquid is saying the file is 98% Cached. Headscracther for me! ty
  • perikoP

    Squid3 cachemgr vs squid -k parse differ.

    1
    0 Votes
    1 Posts
    799 Views
    No one has replied
  • M

    Using Squid/Squidguard as a whitelist proxy

    2
    0 Votes
    2 Posts
    905 Views
    jimpJ
    Yes, you can do that. If you're a Gold Subscriber we did a video presentation on Squid, Squidguard, and Lightsquid last Friday and it was mentioned how to set that up. It should be up for download soon. SquidGuard can be set to "deny" by default, add in your own whitelist on top of that and it does what you're wanting. Though it'll be more work than you might initially suspect.
  • S

    OpenVPN Client Export Utility

    8
    0 Votes
    8 Posts
    2k Views
    A
    I think Snort was causing this for some reason.  When I removed the package I was able to install the Export Client utility without trouble.
  • E

    LightSquid Removing Traffic From Previous Days

    3
    0 Votes
    3 Posts
    1k Views
    E
    Looks like the issue was with Squid. Setting my log rotation to blank instead of 28, LightSquid and Sarg are showing more than one day's worth of traffic.
  • belleraB

    Squid3-devel + squidGuard-squid3 - double https redirection

    5
    0 Votes
    5 Posts
    3k Views
    belleraB
    @dvserg: But http://squid-web-proxy-cache.1019090.n4.nabble.com/Squidguard-redirect-and-https-td4662707.html The problem is not Squid nor HTTPS. The problem is that the HTTP protocol has a standard that allows redirection and the HTTPS protocol does not. The HTTPS protocol was designed to be secure and does not allow any type of interference. The link refers to squid2, without SSL interception possibility. I'm using squid3-devel package with SSL interception (SSL Bump, man-in-the middle based). It's intercepting SSL without any troubles. http://translate.google.com/translate?hl=en&sl=es&tl=en&u=http%3A%2F%2Fforum.pfsense.org%2Findex.php%3Ftopic%3D73007.msg402349%23msg402349 Google https pages with https links are also intercepted. But when I click the link the redirect page is not opened. However, opening the page in a new tab or window browser the redirect page appears. Curious! It's FireFox 27.0.1 fault? I just tried with Chromium 32.0.1700.107 and I've got the redirect page!
  • BBcan177B

    Add External Lookups to Diagnostics: DNS Lookup

    5
    0 Votes
    5 Posts
    2k Views
    BBcan177B
    The following Lookups would benefit anyone with a Local Mail Server. Mail Server DNSRBL Lookups SenderScore Spamhaus Blocklist SPAMcop Blocklist multirbl RBL Lookup MXToolbox                 [](https://senderscore.org/lookup.php?lookup=<?php echo $ipaddr; ?>&ipLookup=Go)                 [](http://www.spamhaus.org/query/bl?ip=<?php echo $ipaddr; ?>)                 [](http://www.spamcop.net/w3m?action=checkblock&ip=<?php echo $ipaddr; ?>)                 [](http://multirbl.valli.org/lookup/<?php echo $ipaddr; ?>.html)                 [](http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a<?php echo $ipaddr; ?>&run=toolpage)
  • P

    Snort 2.9.5.6 v3.0.4 Block skype help?

    2
    0 Votes
    2 Posts
    1k Views
    BBcan177B
    The Emerging Threats Rules have P2P rules. Snort doesn't have anything in that Category.
  • bmeeksB

    Snort users – how would you like "templates" to work in the Snort package?

    12
    0 Votes
    12 Posts
    2k Views
    S
    If you use a file then it could be replicated across locations and you will always have a config file with you. Why not opt for both? Do as the core team wants and put an extra option in the GUI for creating a snort conf file.
  • belleraB

    SquidGuard bug ordering categories

    10
    0 Votes
    10 Posts
    3k Views
    belleraB
    [SOLVED] 1. Commented lines:   402         #file_put_contents($conf_file, $conf);   403         #file_put_contents(SQUID_LOCALBASE . '/etc/squid' . SQUIDGUARD_CONFIGFILE, $conf); # << squidGuard want config '/usr/local/etc/squid' by default https://github.com/pfsense/pfsense-packages/blob/master/config/squidGuard/squidguard_configurator.inc 2. Modified pass line at: /usr/pbi/squid-i386/etc/squid/squidGuard.conf /usr/pbi/squidguard-squid3-i386/etc/squidGuard/squidGuard.conf 3. [Apply] button to reconfigure squidGuard without writing a new squidGuard.conf In general I only need to modify my lists. So, the trick will work without troubles for me.
  • S

    Exclude IP from HAPV

    2
    0 Votes
    2 Posts
    856 Views
    P
    Try doing the following: Go to Services > Proxy Server > Access Control Then, in the Unrestricted IPs, type in the Roku's IP Address and test this out to see if it works. As for HAVP, under the HTTP Proxy tab, go to the whitelist and enter in *.netflix.com to exclude the site from scanning the site for viruses.
  • T

    HAVP for pfSense 2.1

    6
    0 Votes
    6 Posts
    2k Views
    S
    I too had a problem with pfS2.1-x64 with clamAV not starting and havp crashing.  After reading other posts I tried using the command "freshclam" from the console and got a gid/uid error for the /var/db/clamav directory.  I issued the command "chmod -R 0777 /var/db/calmav" and tried freshclam again with success.  I then issued the command "service calmd start" with success.  It has now been running for 4 hours. . . After posting this message I got to looking at the /var/db directory and noticed that most directories listed have a root:wheel ownership as opposed to clamav which has a havp:havp ownership.  I hope this info might be of some help.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.