To use ntlm, you need samba freebsd package installed by hand as it does not have a gui on pfsense.

If you don't know how to manage your firewall via console/ssh, just try a package uninstall and reinstall.

I've checked  lightsquid code and it does look for squid logs on /var/squid/logs.

Are these extra WAN interfaces part of a CARP or multi-WAN setup?  Is there perhaps some asymmetrical routing going on?

If so, this could trip up Snort as some alerts depend on flowbits set by previous traffic.  If that previous traffic was seen on a "different interface" (as in one of the other WAN pathways), then the alert with that set flowbit dependency would not fire.  Not saying this is your issue, but it is something to be considered.

Another possibility, if any asymmetrical routing is happening, is the stream5 preprocessor can fail to correctly reassemble streams if it does not see all of the traffic.  Remember that Snort really runs as totally separate and autonomous processes – one per interface.  So it's basically like having physically separate computers running Snort.  Any weirdness with routing between those multiple WANs could trip up those independent Snort processes.

Bill

It's built in, called Limiters.

Firewall > Traffic Shaping, Limiters tab. Check the advanced options available there.

I looked into the Shared Memory feature in the Snort binary.  Unfortunately that is only used for Reputation Lists.  These are text files containing blacklist/whitelist IP addresses (one file for each type).  The Shared Memory feature (which it says only works on Linux; don't know specifically about FreeBSD) allows one copy of each Reputation List to be used among a number of Snort instances.

So the Shared Memory feature won't work with text rules, and thus would not help with memory overload.

Bill

@jdeloach:

Edit: "12h" works so I'll leave it at that.  Don't know why "1d" doesn't work.

If cron is set to 00:00 it will create an empty log with 1d(you can check with cron package).

IIRC, I've changes schedule time on latest package version.

@Derf:

The solution I use to control kid's surfing time is as following:

Create an alias named 'Kids' wich contains all the IP adresses of kid's devices (PCs, game consoles, …) Create a schedule named 'AccessDenied' with the denied timeframes Create some rules on the firewall to block/reject any connection to/from 'Kids' during 'AccessDenied'

As rjcrowder said, there is plenty of different solutions to achieve what you want to do: you can for example use squidguard (I think the 'SG' you use should mean 'SquidGuard' but doing it that way would only allow you to control the web traffic (HTTP).
Using firewall rules and schedules will allow you to block ALL kids traffic (including xbox/playstation/wii, p2p and so on).

I do the same thing as Derf for time based access. If you want to keep you kids "safe" while they are surfing, there are a couple of other things that I HIGHLY recommend.

1.) OpenDNS. Gives you a great set of DNS based blacklists and performs well. I just can't see any reason not to use it.
2.) Dansguardian. For dg, I usually download the Shalla blacklists and also use the weighted phraselists. Blacklists are only as good as they are kept up to date and dg phrase checking does a very good job at catching the rest…

Something else you might want to condider is turning on Clamav in dg.  It does a great job of realtime virus scanning. However, you will perceive some lag from it - especially when downloading large files.

Marvelous. Thanks!

Ah it says squid must be built with

–enable-http-violation

but i see its not in pfsense.

Is there a way to rebuild it on pfsense?

@dversg: well, that makes sense.

@rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.

@marcelloc:

yes.

Just select rule action and it will be placed before your allow rules.

Thanks marcelloc!

Yes, what I see is that, I only see this message on a fresh installation, list empty.
Once I add 1 and add the 2nd the message disappears.

Yeah im not sure what to do from here. My next step will be to reinstall pfsense start from scratch.

Just an update here:

I went ahead and moved to new gear and separated out each vlan on it's own interface.

Upon firing up OSPF again, the same issue prevails. I get the routes from the Cisco 1811 and shows as "FULL". Doing same 'sh ip route' in the Cisco side and it doesn't see any redistributed routes from the pfsense side.

Any ideas?

squid3 installs two menus, proxy server and reverse proxy. I have no idea why it's not working on your install.

Can you access it directly? the installation ends without errors?

@marcelloc:

Do you have more then one report running simultaneously?

Maybe one via cron and other via console?

I had some issues with sarg but it was a report reading error(special chars or url size) But I think this bug was present on previous versions.

Are your squid logs on default format?

marcelloc,

No. I have not run any of them. It's a default install.
Yes default squid logs. I am also running havp in transparent mode.

thanks for the replies, served much help