1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    J
    @ha11oga11o Your LAN DNS returns both pfSense and Nextcloud IPs, so clients bypass HAProxy. Add a host override in DNS Resolver for nextcloud.mydomain.xx pointing only to 192.168.1.1. Flush DNS, restart Unbound, and all local traffic will use HAProxy with the correct certificate.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @Gertjan Thanks a lot for your help. This really helped me: I'm not using "pfSense pfBlocker Web server logging" (DNSBL Webserver/VIP ) as the "you are blocked web page" only shows up when the end browser user visits http sites, something that doesn't exist anymore on the Internet. All sites are https these days, and https sites can be redirected to "another https web server" like the "pfSense pfBlocker Web server". With that hint I was able to resolve my issue by: Unchecking the Python Group Policy Enable checkbox for the DNSBL Webserver Configuration on the DNSBL tab in pfblockerng. Checking the Permit Firewall Rules Enable checkbox and selecting the appropriate interfaces for the DNSBL Configuration on the DNSBL tab in pfblockerng. Forced Update | All. It now appears that all the blocked domains are appearing on the Alerts tab in pfblockerng. I couldn't find that host name in the "/var/db/pfblockerng/dnsbl/Max_MS.txt" file - where does your "/var/db/pfblockerng/dnsbl/Crazy_Max_Extra.txt:" come from ? I get that DNSBL, and 2 others, from the original maintainer (https://github.com/crazy-max/WindowsSpyBlocker): https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/extra.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/update.txt. I really appreciate your help!

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    713 Topics
    4k Posts
    M
    I have my wiregaurd up and running and can ping from firewall to devices on the vlan but cannot get clients to ping each other.
Log in to post
Load new posts
  • J

    Unable to Use Dansguard

    2
    0 Votes
    2 Posts
    1k Views
    R
    Test this in a logical, step-by-step fashion so that you can tell what is broken before adding the redirect rule… 1.) Validate that Squid and Dans are both running... If so... 2.) Try connecting the browser (via explicit proxy settings) to squid and make sure you can get out... If so... 3.) Try connecting the browser (via explicit proxy settings) to dans and make sure you can get out... If so... 4.) Add the redirect rule and delete your browser proxy settings.
  • C

    Possible Squid Issue with Streaming

    4
    0 Votes
    4 Posts
    1k Views
    C
    So, I disabled HAVP and everything works perfectly. I had to reboot the pfSense system after I did because I was getting bandwidth errors. Is there a way that I can just install a virus scanner on the box? I'm using Squid 2.7.9 pkg v.4.3.3
  • G

    Unbound and android 4.1

    18
    0 Votes
    18 Posts
    4k Views
    B
    @doktornotor: @bryan.paradis: https://redmine.pfsense.org/projects/pfsense/repository/revisions/9399370b367df7b73b84d605f4f44599c93b0bbe/diff https://redmine.pfsense.org/issues/3015 That fix clearly did not work (presumably due to the fact is is failing to check anything but the first and second DNS entries in System - General Setup.) It is related to the same problem but it is a fix for DNS zones. I have updated your bug report with the related information.
  • D

    Unbound package - enable forwarding still no-op

    18
    0 Votes
    18 Posts
    3k Views
    D
    Thanks a lot for quick fix!
  • N

    Squid User's speed is very low!!!!

    1
    0 Votes
    1 Posts
    645 Views
    No one has replied
  • M

    How to make sites exempt from HAVP?

    1
    0 Votes
    1 Posts
    701 Views
    No one has replied
  • D

    PfBlocker whitelist?

    4
    0 Votes
    4 Posts
    6k Views
    BBcan177B
    @digdug3: This works, but then you also have to open all the ports you have configured to this whitelist. If the IP was not blocked at all it would behave "normally" to the next rules. Hi digdug3, The order of the rules in the Firewall tab are important. Block first and than Pass next. If you are having a specific issue, post the issue and maybe someone might be able to help.
  • N

    Squid Pfsense 2.1 and multi wan

    2
    0 Votes
    2 Posts
    1k Views
    B
    Just a friendly reply. I do not have the same configuration. I have one WAN and two OPTs hoping to get a reverse proxy working. It's not working, but there may be an additional contributing factor that I don't know what I'm doing and the instructions are severely lacking.
  • LucaTNTL

    Unable to install vnstat2

    26
    0 Votes
    26 Posts
    6k Views
    N
    very well thank you!!! :)
  • A

    Can't Access NTOP

    4
    0 Votes
    4 Posts
    2k Views
    R
    You are welcome :)
  • K

    Pfsense, alias and subdomains needed

    6
    0 Votes
    6 Posts
    7k Views
    P
    according to the proxy config, you can use a man-in-the-middle approach. It requires that you setup a WPAD/PAC in DNS or DHCP. This is new to me, but reading up on it looks promising. I am using my proxy only as a way to control site my girls should not be seeing. They can get to https sites though. This might be a way to circumvent that limitation. Please post if you have any success, if you use it.
  • Z

    Squid+squidGuard: web pages are timing out, they load after refreshing

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • ?

    Dansguardian installation problem - amd64

    3
    0 Votes
    3 Posts
    894 Views
    J
    Hi Guys i had the same problem installing dansGuardian yesterday too…. there was a typo in the dansguardian.inc file when first installing at line 1201  ----->    @unlink($script)) should read               @unlink($script); it has been fixed today.....
  • J

    Snort whitelist by command line

    12
    0 Votes
    12 Posts
    4k Views
    bmeeksB
    @jandohrmann: Hi Bill, Brilliant solution - thank you! Best Regard Jan By the way, I plan to add this new IP Reputation Preprocessor option to the next Snort update (should be in the 2.9.6.0 package when it comes out in about a month). Bill
  • bmeeksB

    Snort 2.9.5.5 pkg v3.0.1 Update – Minor bug fixes

    65
    0 Votes
    65 Posts
    21k Views
    bmeeksB
    @fragged: @BBcan17: @fragged: Bills pull request has still not been accepted. The change you saw was this: https://github.com/pfsense/pfsense-packages/commit/048bb82a0e2c814da90816657ecedf59fedf8dbd Thanks for the update fragged. I thought that security issue on the Web GUI was fixed in the previous release? It still shows as 3.0.2 after this update. I'm not an expert with html/php, but it seems like this is a better fix for the same issue that was already fixed by Ermal before. Yes, this latest fix is an improvement over the first one.  Some more changes similar to this will be coming in the next Snort update to further harden the GUI code a bit.  It contains a lot of quite old HTML/PHP stuff that I had just left alone since it worked.  However, in today's more security conscious environment, some hardening is needed. Bill
  • V

    Squid 3.3.10 with SSL Filtering some web page are broken

    1
    0 Votes
    1 Posts
    691 Views
    No one has replied
  • BBcan177B

    Possible BUG in Snort custom.rules

    4
    0 Votes
    4 Posts
    1k Views
    BBcan177B
    @bmeeks: I submitted the fix for this problem in the current Snort 2.9.5.6 pkg v3.0.4 Pull Request that is posted on GitHub now.  So as soon as the Core Team guys review and approve the request, this fix will be posted.  Here is the link to the request:  https://github.com/pfsense/pfsense-packages/pull/582 Bill Thanks Bill. I guess there is the changelog. Unfortunately after this upgrade, I dont see any of these changes. There are no new icons in the Alerts Tab, Clicking on a remove Block still brings it to the Lan interface. The Rules tab is not updated. Maybe this is still the previous release? Let me know if you want me to test anything. Thanks.
  • C

    SNORT - Unusual ping detected

    3
    0 Votes
    3 Posts
    3k Views
    C
    Thanks a lot Bill..!
  • keyserK

    Squid 3 package status

    1
    0 Votes
    1 Posts
    832 Views
    No one has replied
  • M

    Haproxy 1.4 content isn't secure

    3
    0 Votes
    3 Posts
    1k Views
    P
    Indeed like Jason writes its likely the page contains contents that it tries to read contents from http://something..  you might also want to give haproxy-devel a try as it natively supports ssl. And also as a possible workaround if the webserver url generation cannot be changed can have the backend connection created over ssl to the webservers.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.