1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    648 Posts
    C
    @mightykong Yes, my system also requires a restart after reboot, and what has worked for me is: service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up What has worked for updates included a [sysrc tailscaled_enable="YES"] that is supposed to handle tailscale restart after reboot, but it has not worked for me. I am looking into it, and others will be as well. In the meantime, this is my update one-liner command line: service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.90.6.pkg && rm -f tailscale-1.90.6.pkg && service tailscaled start && tailscale up Options: add && tailscale version && tailscale status to automate a first check; and, the "rm -f tailscale-1.90.6.pkg" is not needed, but once I saw the suggestion, I decided to keep it.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • Y

    Squid IE authentification

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    To use ntlm, you need samba freebsd package installed by hand as it does not have a gui on pfsense.
  • M

    Squid/Lightsquid + Logs

    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    If you don't know how to manage your firewall via console/ssh, just try a package uninstall and reinstall. I've checked  lightsquid code and it does look for squid logs on /var/squid/logs.
  • N

    Snort doesn't generate alerts on 2 interfaces

    15
    0 Votes
    15 Posts
    3k Views
    bmeeksB
    Are these extra WAN interfaces part of a CARP or multi-WAN setup?  Is there perhaps some asymmetrical routing going on? If so, this could trip up Snort as some alerts depend on flowbits set by previous traffic.  If that previous traffic was seen on a "different interface" (as in one of the other WAN pathways), then the alert with that set flowbit dependency would not fire.  Not saying this is your issue, but it is something to be considered. Another possibility, if any asymmetrical routing is happening, is the stream5 preprocessor can fail to correctly reassemble streams if it does not see all of the traffic.  Remember that Snort really runs as totally separate and autonomous processes – one per interface.  So it's basically like having physically separate computers running Snort.  Any weirdness with routing between those multiple WANs could trip up those independent Snort processes. Bill
  • C

    Packages for bandwidth throttling, and inducing packet loss?

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    It's built in, called Limiters. Firewall > Traffic Shaping, Limiters tab. Check the advanced options available there.
  • P

    Snort Pkg 2.6.1 ??

    12
    0 Votes
    12 Posts
    3k Views
    bmeeksB
    I looked into the Shared Memory feature in the Snort binary.  Unfortunately that is only used for Reputation Lists.  These are text files containing blacklist/whitelist IP addresses (one file for each type).  The Shared Memory feature (which it says only works on Linux; don't know specifically about FreeBSD) allows one copy of each Reputation List to be used among a number of Snort instances. So the Shared Memory feature won't work with text rules, and thus would not help with memory overload. Bill
  • J

    Sarg does not automatically generate report

    5
    0 Votes
    5 Posts
    2k Views
    marcellocM
    @jdeloach: Edit: "12h" works so I'll leave it at that.  Don't know why "1d" doesn't work. If cron is set to 00:00 it will create an empty log with 1d(you can check with cron package). IIRC, I've changes schedule time on latest package version.
  • A

    Internet access restricts for kids

    9
    0 Votes
    9 Posts
    14k Views
    R
    @Derf: The solution I use to control kid's surfing time is as following: Create an alias named 'Kids' wich contains all the IP adresses of kid's devices (PCs, game consoles, …) Create a schedule named 'AccessDenied' with the denied timeframes Create some rules on the firewall to block/reject any connection to/from 'Kids' during 'AccessDenied' As rjcrowder said, there is plenty of different solutions to achieve what you want to do: you can for example use squidguard (I think the 'SG' you use should mean 'SquidGuard' but doing it that way would only allow you to control the web traffic (HTTP). Using firewall rules and schedules will allow you to block ALL kids traffic (including xbox/playstation/wii, p2p and so on). I do the same thing as Derf for time based access. If you want to keep you kids "safe" while they are surfing, there are a couple of other things that I HIGHLY recommend. 1.) OpenDNS. Gives you a great set of DNS based blacklists and performs well. I just can't see any reason not to use it. 2.) Dansguardian. For dg, I usually download the Shalla blacklists and also use the weighted phraselists. Blacklists are only as good as they are kept up to date and dg phrase checking does a very good job at catching the rest… Something else you might want to condider is turning on Clamav in dg.  It does a great job of realtime virus scanning. However, you will perceive some lag from it - especially when downloading large files.
  • B

    Multiple cache_dirs in squid.conf

    3
    0 Votes
    3 Posts
    2k Views
    B
    Marvelous. Thanks!
  • M

    Best way to manage pfblocker exceptions?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • jimpJ

    MOVED: cache para youtube

    Locked
    1
    0 Votes
    1 Posts
    819 Views
    No one has replied
  • P

    Mod_security always Stopped - 2.1-RELEASE (amd64)

    1
    0 Votes
    1 Posts
    884 Views
    No one has replied
  • M

    Send all clients to mobile sites

    4
    0 Votes
    4 Posts
    1k Views
    M
    Ah it says squid must be built with –enable-http-violation but i see its not in pfsense. Is there a way to rebuild it on pfsense?
  • K

    I need help - HAVP is running, but not checking

    7
    0 Votes
    7 Posts
    3k Views
    K
    @dversg: well, that makes sense. @rest: I found a solutition: I am sorry, but pfsense had its chance. Maybe it has been my fault, but in the end i spent too much time in this. I was even that far to buy an commercial product. Finally I tried ipfire and I am surprised how easy it was to install and activate the squidproxy. I think pfsense is a very good piece of software, but in my case it did not work.
  • S

    Pfblock logic

    3
    0 Votes
    3 Posts
    1k Views
    S
    @marcelloc: yes. Just select rule action and it will be placed before your allow rules. Thanks marcelloc!
  • perikoP

    SquidGuard for squid3 issue in tab:Groups.

    4
    0 Votes
    4 Posts
    1k Views
    perikoP
    Yes, what I see is that, I only see this message on a fresh installation, list empty. Once I add 1 and add the 2nd the message disappears.
  • S

    Squid is killing me! Please help. Invalid url and i have already tried google!

    8
    0 Votes
    8 Posts
    10k Views
    S
    Yeah im not sure what to do from here. My next step will be to reinstall pfsense start from scratch.
  • D

    Quagga OSPF to Cisco

    8
    0 Votes
    8 Posts
    7k Views
    D
    Just an update here: I went ahead and moved to new gear and separated out each vlan on it's own interface. Upon firing up OSPF again, the same issue prevails. I get the routes from the Cisco 1811 and shows as "FULL". Doing same 'sh ip route' in the Cisco side and it doesn't see any redistributed routes from the pfsense side. Any ideas?
  • M

    After installing squid3 there is no entry in "services -> proxy server"

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    squid3 installs two menus, proxy server and reverse proxy. I have no idea why it's not working on your install. Can you access it directly? the installation ends without errors?
  • S

    Sarg issues

    9
    0 Votes
    9 Posts
    3k Views
    S
    @marcelloc: Do you have more then one report running simultaneously? Maybe one via cron and other via console? I had some issues with sarg but it was a report reading error(special chars or url size) But I think this bug was present on previous versions. Are your squid logs on default format? marcelloc, No. I have not run any of them. It's a default install. Yes default squid logs. I am also running havp in transparent mode.
  • C

    Problem with Barnyard2

    11
    0 Votes
    11 Posts
    5k Views
    C
    thanks for the replies, served much help
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.