1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    D
    @BBcan177 Thank you for the kind reminder; I am so accustomed to ensuring Save Settings is checked that I didn't follow your instructions properly (thanks @tinfoilmatt for uploading and highlighting the screen shot). I've properly followed the instructions and the update did not report and db problems. Thank you again! drac

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    659 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • J

    Snort can't enable

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    You might have set 'block offenders'. This option currently seems to break snort, at least for me. Try to disable the option to automatically block offenders and see if snort starts normally.
  • P

    Mail Report : How to mail other messages

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    B
    Hi, I'm also interested in being able to send email messages from my pfsense. Since the pfsense webconfigurator already has configured a MTA with servername, addresses and authentication etc, I thought that everything needed were there and it was only a matter of knowing the commands and parameters to be able to send messages? I don't mind using any command interpreter if I only know the syntax to use.  (Message subject, Message body and Send it…) regards Tor
  • P

    Further Troubleshooting Dansguardian

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    P
    Ok it seems my problem was that both squid and DG were bound to the lan IP address. I set squid to listen on loopback and then started it manually. My final problem now though is that when I reboot the box, I need to manually start squid from the command line and then all is well not sure why that is. It should start automatically.
  • P

    Dansguardian Install Error

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    P
    Interesting, y'know, I had tried a reinstall last night and I got the same error, but just now, I tried it again and it worked. Not complaining. Thanks.
  • R

    Proxy filter SquidGuard: Groups Access Control List (ACL): Edit USERNAME

    Locked
    3
    0 Votes
    3 Posts
    12k Views
    R
    By radius. any idea? thanks in advance
  • V

    Ntop 4.1.0_3 v2 no longer open

    Locked
    14
    0 Votes
    14 Posts
    4k Views
    J
    Hello jimp, I just pushed ntop v2.3 update today and all runs well now without extra tweaking, defaulted to tcp4 listening.  On the IP prefs, it indicates support for both IP v4 and v6. Thanks and have a nice day.  :)
  • S

    NTop 4.1 on Embedded

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    We had some reports of breakage for ntop on NanoBSD so it was disabled. ntop is pretty heavy in terms of footprint on the media, RAM, etc, so it didn't make a lot of sense to put a lot of effort into fixing it there. If you have a bunch of routers, you are probably better off having them send netflow data to a central collection server so you can view them from a central database, rather than having to login to each router individually.
  • F

    OpenVPN Client Export Utility 0.9.8: install fails and crashes pfsense (SOLVED)

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    jimpJ
    @mwargo: If I happened to catch version 0.9.8, how can I uninstall?  When I try to remove the package I get stuck at "Loading package instructions. . . " Removing package… Starting package deletion for p7zip-9.13...done. Starting package deletion for zip-3.0...done. Removing OpenVPN Client Export Utility components... Tabs items... done. Loading package instructions... I have let this sit for over an hour, but nothing seems to happen. You can rm /usr/local/pkg/openvpnexport*  and then reinstall.
  • N

    SquidGaurd problem

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    N
    thanks; what is solution? also there problem in squid with load balance, can u help me or give me documents? thanks
  • S

    Snort enable hiden rules

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • C

    Snort install :: Stuck @ Executing custom_php_install_command()…

    Locked
    1
    0 Votes
    1 Posts
    3k Views
    No one has replied
  • marcellocM

    Need help on dansguardian SSL filtering compilation feature

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    marcellocM
    @mahoon: Hi Marcello ; Have you achive ssl content filtering with DG 2.12 ? The Dansguardian Mailing list not reponse to me, so I have waiting for ssl filtering from you. I'm still on the same point.  :( I get only invalid certificates time/date error from browsers.
  • E

    Squid reverse proxy or Varnish

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    Varnish supports only http. If you need https then try first squid-reverse. If you need speed and reduce server load on your http servers, use varnish.
  • S

    SquidGuard - time based ACL not working reliably

    Locked
    6
    0 Votes
    6 Posts
    7k Views
    P
    There are no "execve" or other nasty messages in the squid, squidguard or system logs. SquidGuard somehow just seems to "forget" to respond to SIGALRM. I looked in the Squid source ipc.c - ipcCreate function does the creation of helper processes like SquidGuard. It does ordinary fork() and execvp(prog,args) calls to make a child process and switch it to the required program. There's nothing special there that stands out to me that would prevent the child process from having SIGALRM work. But somehow it works interactively but not when a child process of Squid. I am still trying to work out what the difference could be in the process environment.
  • N

    SquidGuard Blacklist Update

    Locked
    7
    0 Votes
    7 Posts
    11k Views
    N
    ;D ;D ;D - it's worked! I didn't know that permissions needed to be granted.. Lesson learned. ::) Thanks marcelloc & pfSense Forum users for all your help!!
  • C

    HAProxy, Pound, Squid-Reverse & Varnish

    Locked
    6
    0 Votes
    6 Posts
    8k Views
    C
    Canefield, Here is how i configured the Reverse settings tab for my setup: Reverse Proxy interface: loopback  (could be your WAN, but I setup a NAT Port-forward rule) external FQDN: FQDN that will resolve the public IP, example your WAN IP Enable HTTP reverse mode: checked reverse HTTP port: 9080  (could be 80 but the NAT Port-forward rule will direct traffic from port 80 to 9080) peer definitions : HOST_SERVER1;192.168.0.150;80;HTTP HOST_SERVER2;192.168.0.100;80;HTTP HOST_SERVER3;192.168.0.50;80;HTTP HOST_SERVER4;192.168.0.10;80;HTTP URI definitions: WEBAPP_SERVER1;;http://host1.domain.net WEBAPP_SERVER1;;http://host2.domain.net WEBAPP_SERVER1;;http://host3.domain.net WEBAPP_SERVER2;;http://host1.domain2.com WEBAPP_SERVER2;;http://box.domain2.net WEBAPP_SERVER2;;http://boxone.domain2.net WEBAPP_SERVER2;;http://domain2.net WEBAPP_SERVER2;;http://..domain2.net    (wildcard for host names) WEBAPP_SERVER3;;http://domain3.net WEBAPP_SERVER4;*;http://domain4.net ACL definitions: HOST_SERVER1;WEBAPP_SERVER1 HOST_SERVER2;WEBAPP_SERVER2 HOST_SERVER3;WEBAPP_SERVER3 HOST_SERVER4;WEBAPP_SERVER4 create a NAT rule: interface WAN Protocol  TCP DEST: WAN Address DEST Port: 80 Redirect IP: 127.0.0.1 Redirect Port: 9080 Filter rule association: Create associated filter rule I haven't tried https, but see if you can get http to work first… Maybe someone else can help with HTTPS... Like I said before, LB options aren't built into the GUI from what I can tell but its probably in the works(I hope anyways) Hope this helps Stephen
  • C

    [Attention] Lightsquid Package Maintainer

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    D
    Now must be fixed.
  • T

    Country Block

    Locked
    691
    0 Votes
    691 Posts
    868k Views
    T
    I'll look into this. At the moment the Country data is static on Country IP Block. Country IP Ranges don't change enough to cause this app to pull dynamic data. There are times when the country data is updated but that's only about every 6 months. In the mean time focus has moved from Country Block to pfBlocker, FYI.
  • gwhynottG

    Squid-reverse version 3.1.19_2 - not setting DSCP/QOS after upgrade.

    Locked
    5
    0 Votes
    5 Posts
    4k Views
    gwhynottG
    Is anyone else using squid to mark DSCP/TOS vaules?  Did things break after an upgrade?  I downgraded my install and tired,  no good,  then re-upgraded..  I am still seeing these errors in the logs and none of my packets leaving the system are having their DSCP values modified any longer..  No amount of searching is turning anything up,  the error is seen in Mac OS X land quite a bit but i've yet to see one freebsd instance reported… thanks, greg 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 237: (22) Invalid argument 2012/04/02 10:49:35| comm_set_tos: setsockopt(IP_TOS) on FD 251: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 351: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 222: (22) Invalid argument 2012/04/02 10:49:36| comm_set_tos: setsockopt(IP_TOS) on FD 433: (22) Invalid argument 2012/04/02 10:49:40| comm_set_tos: setsockopt(IP_TOS) on FD 729: (22) Invalid argument 2012/04/02 10:49:43| comm_set_tos: setsockopt(IP_TOS) on FD 556: (22) Invalid argument 2012/04/02 10:49:44| comm_set_tos: setsockopt(IP_TOS) on FD 231: (22) Invalid argument
  • Z

    SquidGuard

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N
    Hi Zach, I know this is a late reply but thought I'd complete the thread in case someone else is looking for the same info… ;D You can set a Cron job to auto update blacklists. The process is described here: http://forum.pfsense.org/index.php/topic,35479.0.html :)
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.