1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @ha11oga11o said in Please help to configure HAProxy to serve certifficate on internal LAN too: Just to add again, that blo***dy nextcloud app has to be on same domain name connection and same cert. Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @carlinix said in DNSBL blockpage only works with root domain: Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" I presume that "detectportal.firefox.com" is just an example here. But ... be aware that this URL shouldn't be blocked if possible for two reasons : The resource requested returns just a 8 byte 'page' : it says 'success'. This URL is most probably be used by the OS or app on a device (probably Firefox ) to detect the presence of a captive portals on the connected network.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    641 Posts
    L
    For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working. E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN. As soon as I restart the tailscale service in the UI it works immediately after.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • G

    How do I prevent Squid from caching SABnzbd?

    2
    0 Votes
    2 Posts
    1k Views
    L
    I may be wrong but I'm pretty sure Squid would only cache traffic that flows through it. I connect to my news reader on port 563 (or whatever it is) so squid would never seem my newsreader traffic as squid only has traffic from port 80 flowing through it!
  • T

    Iperf segmentation fault

    5
    0 Votes
    5 Posts
    7k Views
    T
    Still was unable to get this to work. I ended up just setting up a web based (speedtest.net) mini client on a server behind the firewall works okay but I would prefer iperf if you find a solution.
  • F

    Snort - Snort Interfaces > WAN Rules > Categories are blank

    3
    0 Votes
    3 Posts
    2k Views
    F
    Got it, thank you!
  • S

    Merge Pfblocker and Snort packages?

    7
    0 Votes
    7 Posts
    3k Views
    BBcan177B
    @bmeeks: My suggestion would be to not run the fixed-IP list Emerging Threats rules in Snort if you are using them with pfBlocker. Hi Bill, The .txt Rulesets from ET are based on the Open ruleset. I have asked if there is a PRO .txt ruleset but waiting on an answer. They also indicated that the RBN lists will be discontinued in a few weeks.
  • A

    Free radius2 corrupt data base?

    1
    0 Votes
    1 Posts
    866 Views
    No one has replied
  • R

    Bug in Snort Alerts Display - Calendar

    5
    0 Votes
    5 Posts
    2k Views
    R
    @bmeeks: This has been fixed with an "unannounced" minor update I pushed the day after New Years.  Just reinstall the Snort package GUI and it should be OK.  The change was so minor that I did not bump the Snort package version. To reinstall, go to System…Packages and the Installed Packages tab.  Click the XML icon beside the Snort entry to reinstall the GUI components.  Check and be sure you have clicked "save settings on de-install" on the Global Settings tab first to preserve your configuration. Done and done… thank you  Bill for the quick response, that was it. We know what you meant, but for those following, the (current) actual heading under Global Settings/General Settings is:  Keep Snort Settings after Deinstall Rick
  • J

    IPS Functionality with separate Snort box

    2
    0 Votes
    2 Posts
    972 Views
    ?
    Please use suricata if you are looking for an IPS, snort inline support was dropped in favor of suricata.
  • M

    Snort Deployment

    5
    0 Votes
    5 Posts
    1k Views
    ?
    @MikeX: … I'm looking for advice, nothing too detailed or specific on the technical part of deployment, but more so of... "use this rule set" or "maybe try this obscure setting". … http://forum.pfsense.org/index.php/topic,64674 Make sure you read every single post on that thread. As for the locking yourself out, if you are on a dynamic ip (seen that you mentioned dynamic dns) then you just change your ip you are remoting in from. Or just whitelist it as mentioned above.
  • C

    HAProxy service error

    4
    0 Votes
    4 Posts
    4k Views
    P
    No help section available currently, sorry. Every time the configuration is applied all existing configuration options are overwritten. (as is the case with most config files that are managed through pfSense gui.) -import option, i don't think its easily possible to implement such a feature.. As a workaround you could probably put major parts of the old config file into the Setting page under: "Global Advanced pass thru" including listen/frontend/backend sections. Though that way it wont be 'nicely' visible in the webgui.. the haproxy-devel build uses some default options like a 'unix socket' that might be sufficient for haproxy to startup, instead of the almost 'empty' config you showed. Also when applying haproxy-devel settings if an error is detected in the config file it will show that at the top of the page.
  • A

    Freeswitch on PfSense2.1

    1
    0 Votes
    1 Posts
    758 Views
    No one has replied
  • M

    Bandwidthd loses statistics all the time

    2
    0 Votes
    2 Posts
    2k Views
    P
    As long as you have selected output_cdf and recover_cdf in the settings, then it should be reloading the data each time bandwidthd starts. On full installs, the data is on a real disk and so should survive a reboot. On nanoBSD the data is in the /var memory disk and is lost on reboot. So far there is no option to automatically save it to the CF card.
  • E

    Squid-dev and squidguard acl error

    2
    0 Votes
    2 Posts
    915 Views
    E
    I think there is some error with authentication through captive portal, its working if I put static ip on terminals.
  • bmeeksB

    Dashboard Widget: Snort Alerts package update to 0.3.7

    6
    0 Votes
    6 Posts
    3k Views
    D
    I believe the refresh is the same as the Firewall widget. But then again, it was back in 2012 I last changed the code… If you haved fixed it, I will try see if I have some time this weekend.
  • N

    Why does RRD have to be enabled for Mail Report?

    9
    0 Votes
    9 Posts
    2k Views
    N
    thanks
  • D

    Zabbix maintaners: Any plan for to 2.2?

    12
    0 Votes
    12 Posts
    5k Views
    jimpJ
    I can't reproduce that in a VM. It installs fine and does not complain. Output from ldd shows that the expected libraries are all present. Something else you have installed must be conflicting. Seriously consider moving to 2.1, otherwise you're in for a bunch of manual shell package cleanup if you hope to fix that. The package itself appears to be fine.
  • J

    Sarg reporting

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Change Homenet Snort

    4
    0 Votes
    4 Posts
    7k Views
    bmeeksB
    @gogol: The default in the GUI is to automatically add all locally-attached networks to HOME_NET.  You can defeat this and configure your own HOME_NET, but the process is counterintuitive. If I remember well as an alternative you can define your own HOME_NET also in the "Advanced configuration pass-through" section of the interface settings. The default HOME_NET will be overruled. True, this method will also work. Bill
  • L

    Bandwidthd: Syntax Error on line…

    5
    0 Votes
    5 Posts
    2k Views
    jimpJ
    @phil.davis: e.g. if your postgreSQL password was "0.0" you would have had a problem getting that through to the conf file! If that was your PostgreSQL password you have bigger problems than getting the value into the .conf file  ;) Thanks for fixing that, it's always annoying to find things in PHP that are quirky with 0. Like $t = "0"; empty($t) being true.
  • I

    Installation of freeradius2 on ALIX 2D13 freezes (pfSense 2.1 nanobsd)

    4
    0 Votes
    4 Posts
    2k Views
    P
    If it is 30MB then maybe it runs out of space in /var (a memory disk on nanoBSD). These days you can change the size of /var (and /tmp) from the GUI (with reboots…), so you could increase /var just for the install, then put it back after. Alix 256MB are reasonably short on memory, so leaving /var bigger than the default might mean you run out of memory for real processes.
  • A

    Dansguardian Access issues

    2
    0 Votes
    2 Posts
    1k Views
    R
    @abbey: I am having trouble accessing certain sites, specifically ones containing proxy or proxies phrases. I have already added this sites to exception list, deselected proxy from weighted terms and even turned off Weighted phrase mode But i still keep getting access denied Weight phrase: proxies In checking logs i see dansguardian: Error connecting via IPC socket to log: No such file or directory Not sure on your IPC error. However, if you've properly entered the exceptions,  you definitely should be able to get to the sites. What shows in your access.log? You should see an exception logged for every site you've entered into the exception list.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.