The problem got resolved by uninstalling version 3 of squid and installing squid 2.

@marcelloc:

I've pushed a fix for this, upadate to latest package version and test again.

thank you… works on both version now as expected ;)

(Problem was the the patch must applied every reboot/"crash" situation and not only once after install).

@Deadringers:

Morning all,

I installed Snort and have it setup to run all the rules on the WAN interface…it looks like it's active but how do I know if it's working?

I have been to the alerts page and the blocked hosts page on the snort part of the firewall interface but I can't see anything that has been blocked and no alerts?

Which leads me to believe either:
1 - It's not working properly and I've done something wrong

or

2 - it has detected nothing which needs to trigger a rule.

I don't believe that it's number 2 for a second as I have tried to load some "dodgy" sites and downloaded some questionable material as a test into a VM of mine.

Thoughts?

Ahh right I have it up and running properly now! :)

a reboot of the firewall sorted things out and now I can see the logs being generated.

@rajbps:

Hi DigitalDeviant,

Just want to be sure the server will be in the main office and the zabbix clients will be installed on the remote locations. All running pfsense.
Linking the site to the main site, there is an openvpn site to site link, so each office comes back to the main site but none of them talk to each other.

So if the vpn link goes down due to the service stopping on the remote site and the link dies, how will that link start again.

is the agent clever and will it restart the link as during that time the server will not be able to contact the agent.

Looking forward for your answer on this one.

Cheers,

raj

I believe, in cases where the agent cannot contact the server, it's possible to run the Zabbix Proxy on the same machine. From there you can set the agent to run a custom command to run the start command as well as report that the link went down. Once the Zabbix server gets the information it can send out an email. You may need to give the Zabbix agent elevated permissions. I've never tried this and I don't have a test server to try it on.

Thanks guys.

I addressed the disconnecting problem, it was my hardware.

I tried 2.0.3 32-bit and 2.1 beta 32-bit on 2 different J&W MINIX™ D2550-HD, same issue.

When I replaced the motherboard with a Supermicro X9SCA-F, it's all working fine. No disconnection in 3 days.

@hcoin:

Talk about belt-and-suspenders.  Makes me wish each package that was a vm guest that was its own iso/appliance.  As hard as the open source world tries to deal with 'dependency hell' it just never seems to work out of the workbench environment.

On 2.1 pbi packages will be much easier…

I'm testing firmware upgrade on one of my 3 inbound smtp servers and I it's stuck on upgrade process.
I found a mtree process that is "indexing" /usr dir with 60bg of dcc log from mailscanner package.
For next 2 boxes upgrade I'll remove these folders before the update and remove all packages as well.

On squid-cache.org you probably find a description for nearly all config options. An example:
http://www.squid-cache.org/Doc/config/negative_ttl/

And you have the possibility to check the different values for the different squid versions.

I can appreciate the difficulty in creating a dynamic whitelist for Snort.
Perhaps in the interim a partial solution could be getting the whitelist to at least populate on startup all the IPs from an alias, including those from FQDNs.

Actually firefox is configured to remember everything.

So far so good. I'll let you know.

Thanks!

OK - I figured out most of my issues.  For anyone experiencing some of the same maybe this is helpful:

Internal redirect issues:
The error page is rendered from the same interface as the UI, I found out.  I have squid and squidguard on a few vlan interfaces so that I could isolate the UI and some other devices from what is basically my "mgmt" network subnet.  Because I have FW rules in place to block all traffic from the vlan'ed interfaces to this mgmt network, the page won't render.

External URL's not working:
While I was changing the settings I was not deleting the browser cache on my iphone between settings changes.  So, I was getting old webpages when hitting the same sites rather than the redirected pages.  So lesson learned is to always delete your cache when testing these different settings!

@rengiared:

sorry for my late response, but i have figured out where my problem was
on the site with the 2 wans i made a gateway-group and set this on the default-lan to everywhere rule as gateway, as soon as i changed it back to the default gateway preference all works

then you can fix it easy

we setup a "private" alias with all internal networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16) and set on each LAN a first "external" route:
allow any any to !private any  over gateway group (with traffic limiter)

@rl2171:

Strange, if I do Deny inbound it shows red, but if I deny both it shows as green.

If you have no rules on wan interface, pfblocker will not create a rule as you already has an deny all traffic rule.

Hi Raj,

I did it the other day:

http://forum.pfsense.org/index.php/topic,61602.0.html

Hope that helps.

For your information, the widget is now included in the HAProxy-devel1.5-dev18 package.
Made a few improvements to it to also:
-Options configurable from the WebGUI.
-Faster server enable/disable responses.
-Dropped socat requirement.

Check it out if you want 8)

Jim,
N/M…  I found an odd character at the end of the widgets field in the xml file.  Deleted it, restored the file and its all well now.  Remnant of Widescreen?

Thanks,
Rick