1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @vicking said in No blocks on IP: Is it a bad idea to have the action set to deny both instead of inbound only? Question is squarely for admin. Per the infoblock which explains, in part, the "Deny Inbound", "Deny Outbound", and "Deny Both" actions: 'Deny' Rules: 'Deny' rules create high priority 'block' or 'reject' rules on the stated interfaces. They don't change the 'pass' rules on other interfaces. Typical uses of 'Deny' rules are: Deny Both - blocks all traffic in both directions, if the source or destination IP is in the block list Deny Inbound/Deny Outbound - blocks all traffic in one direction unless it is part of a session started by traffic sent in the other direction. Does not affect traffic in the other direction. One way 'Deny' rules can be used to selectively block unsolicited incoming (new session) packets in one direction, while still allowing deliberate outgoing sessions to be created in the other direction. In other words: When set to "Deny Inbound", incoming connection requests from WAN hosts are blocked and therefore no state will be created. However a LAN host can still establish state to an otherwise listed IP. If set to "Deny Outbound", outgoing connection requests from LAN hosts are blocked and therefore no state will be created. However an incoming connection request from an otherwise listed IP to an 'open' WAN port can still establish state. If set to "Deny Both", both incoming connection requests and outbound connections requests are blocked and therefore no state will be created regardless of connection direction.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    656 Posts
    C
    @elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    Im trying to set up Fubo TV for my mother using AT&T Wireless.. problem is they keep showing her California news channels... She wants local. Even though the website asks for her zip code they seem to default to the IP location. I have tried several times to sit down with this but can never get the thing to even ping from the other side. Connected with Wireguard here successfully for helping troubleshoot things for her otherwise.. Fubo is a PITA and keeps reverting back so I am finished trying to deal with them. Anyone got any tips? or a good tutorial??
Log in to post
Load new posts
  • K

    [Solved] How to bypass squid completely for a domain(s)?

    Locked
    8
    0 Votes
    8 Posts
    34k Views
    K
    @mhab12: Edit the squid.inc file as follows…just add the destination IPs that should not get redirected to squid in the list...yours will probably only have the local IPs listed, I've added a few as an example.  @devs - any chance of this being added to the GUI?  I know quite a few people are asking about this lately. $rules .= "\n# Setup Squid proxy redirect\n"; if ($squid_conf['private_subnet_proxy_off'] == 'on') { foreach ($ifaces as $iface) { $rules .= "no rdr on $iface proto tcp from any to { 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 166.73.20.226/32, 166.73.20.167/32, 166.73.20.43/32, 66.238.16.200/32 } port 80\n"; That sounds like exactly what im after, ill give it a try later. EDIT: Seems to be working. If anyone is interested nano /usr/local/pkg/squid.inc
  • B

    How can I upgrade to python 2.6 or 3.1??

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    pkg_delete -f the version you have and then pull them from a better URL. If you are on pfSense 1.2.3-RELEASE, then it will probably be pulling packages from a URL like this: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/ You probably want that to be: ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/ You can visit that URL in a browser to find the exact URL for the python version you want, as there are several: lrwxr-xr-x  1 1006  1006  23 Dec  3 16:10 python.tbz -> ../All/python-2.6,2.tbz lrwxr-xr-x  1 1006  1006  27 Dec  3 11:25 python24.tbz -> ../All/python24-2.4.5_5.tbz lrwxr-xr-x  1 1006  1006  27 Dec  3 11:25 python25.tbz -> ../All/python25-2.5.4_3.tbz lrwxr-xr-x  1 1006  1006  25 Dec  3 12:17 python26.tbz -> ../All/python26-2.6.4.tbz lrwxr-xr-x  1 1006  1006  27 Dec  4 00:51 python31.tbz -> ../All/python31-3.1.1_1.tbz
  • F

    Note: lightsquid on pfsense 1.2.3-RELEASE

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    B
    All I did was what it told me to do. Please run lightparser.pl (and check 'report' folder content) Its /usr/local/eee/lightsquid/lightparser.pl… I think. It worked.
  • A

    Squid rdr rule missing after reboot.

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    A
    Cron,  WAN - Static IP,  running on a Light Systems CV860A board. Thanks.
  • T

    PfSense as a Print Server

    Locked
    5
    0 Votes
    5 Posts
    5k Views
    T
    Actually I just fixed up my configuration. and now: 403 Forbidden EDIT: Default authentication type, when authentication is required… DefaultAuthType Basic Restrict access to the server... <location>Order allow,deny   Allow localhost   Allow @LOCAL</location> Restrict access to the admin pages... <location admin="">Order allow,deny   Allow @LOCAL</location> Restrict access to configuration files... <location admin="" conf="">AuthType Default   Require user @SYSTEM   Order allow,deny   Allow @LOCAL</location> Its running!
  • S

    Mod_security instructions

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • J

    Is Premium rules working for Snort-dev ?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    S
    James, how are you on working on last alpha v snort?
  • T

    Run ventrilo on pfsense box?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC
    Yes - search the forum for "pkg_add" for a few dozens of posts on adding packages on pfSense.  Just back up first in case you break anything ;)
  • S

    Help squid/squidGuard on embedded device

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    jimpJ
    Squid on embedded is not meant for caching, it's meant for access control. Set the cache size to 0 (or very low) and you'll be good. If you want to use an external device, you can, but it's not (yet?) supported in the GUI and you'd have to take steps to ensure the settings carried over after a firmware update.
  • B

    IMSpector makes alot of "groupchat"

    Locked
    15
    0 Votes
    15 Posts
    7k Views
    T
    Post a bounty
  • D

    UPS support?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    W
    If you're using an APC, you can install apcupsd (pkg_add -r apcupsd).
  • M

    Denyhosts fails to install - embedded 1.2.3-RELEASE

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    R
    Just try them and see as I believe the issues are related.
  • R

    Denyhosts stopped. Seems broken.

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    R
    Hi all… I found the solution to my problem by trying different command-line inputs found within this thread: http://forum.pfsense.org/index.php/topic,18948.0.html Incidentally, I changed the SSH listening port from 22 to another in the 8xxx range as an experiment. Oddly enough, I'm still seeing 50 blocked SSH login attempts an hour via denyhosts. How can that be? Anyway...here's an excellent article from 2006 about the security issues associated with using SSH. I suggest everyone go through it and use the information contained within to re-evaluate whether their SSH is buttoned down tightly. http://www.securityfocus.com/infocus/1876
  • D

    Squid proxy

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    SQUID - Slow photo upload

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    search this forum for slow squid - there are literally hundreds of posts on the topic
  • R

    FreeBSD version of "inittab"

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    R
    Thanks for the info.  I guess the next best thing is to run a cron job (some sort of script) to see if monit is still running. BTW - I have been very successful getting monit installed and running.  In fact, I can scan /var/log/system.log for CARP messages and alert me if a failover happens.  I have been able to hook monit with the "M/Monit" package so I can get a centralized view of all pfSense firewalls (stats, etc).  I know a few people were looking for that functionality in 1.2.3…
  • G

    Squid and dns redirect

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    G
    thanks, I'll try with google
  • S

    Squid can't resolve domain names

    Locked
    8
    0 Votes
    8 Posts
    28k Views
    S
    @dondos: Then the problem seems to be caused by squid. Does it read the configuration file correctly? Open cache.log from /var/squid/log/ and look for: Adding nameserver 127.0.0.1 from squid.conf. If not restart the squid service (or the whole system). I set again the alternate DNS as 127.0.0.1, but I found many entries in the log file, similar to the one you said, at different times 2010/01/13 09:49:15| Adding domain grupposinergest.local from /etc/resolv.conf 2010/01/13 09:49:15| Adding nameserver 192.168.x.x from /etc/resolv.conf 2010/01/13 09:49:15| Adding nameserver 88.x.x.x from /etc/resolv.conf 2010/01/13 09:49:15| Adding nameserver 88.x.x.x from /etc/resolv.conf ... 2010/01/13 09:49:16| DNS Socket created at 0.0.0.0, port 20715, FD 7 2010/01/13 09:49:16| Adding nameserver 127.0.0.1 from squid.conf ... 2010/01/13 09:49:29| DNS Socket created at 0.0.0.0, port 43916, FD 12 2010/01/13 09:49:29| Adding nameserver 127.0.0.1 from squid.conf ... 2010/01/13 09:50:09| DNS Socket created at 0.0.0.0, port 31716, FD 6 2010/01/13 09:50:09| Adding nameserver 127.0.0.1 from squid.conf ... The service is running properly, except for the problem we're struggling with. @mhab12: Can you try browsing FROM the DNS server?  Perhaps it is not allowed on the Squid ACL and is therefore causing problems… I'm afraid I can't understand what you are saying. Do you mean I should let the DNS server bypass the proxy? How can it interfere with the DNS resolution of Squid?
  • D

    Cent see blocked IP in snort

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    D
    Ok I have un cheeked the option "Associate events on Blocked tab" in the Settings And the blocked tad opens and I can see the IP List
  • X

    Alternate DNS for squid doesn't work

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    X
    I want only proxy users to use this third-party DNS provider as it is not very fast but offers extended DNS management capabilities. Also, I did not edit squid.conf or squid.inc. Just wonder why the settings don't work through GUI…
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.