I have the exact same issue. Any ideas?

@biggsy:

Use filezilla.

By the way, pfSense is built on FreeBSD, which is not Linux.

EDIT: Thinks…  why would you want to upload a bunch of files to a firewall?

Thanks, didn't think it was that simple!  Enabled Secure Shell, setup NAT on Pfsense and the load sharing router I have in front of pfsense, access with Filezilla is a breeze!  (Filezilla has been my choice for sometime).

I thought FreeBSD was a flavour of linux (hangs head in shame).

I don't strictly use Pfsense as a firewall, I use it more for the captive portal features to provide WiFi access to a large pub.  My captive portal asks for a name, email and postcode, and these are stored (one user per line) in a file which is rotated each day, with a maximum of 360 files stored.  These logs are available to view on the GUI, and you can click a button to kick the user off the captive portal if you believe the details given are a little suspect.  When they get the captive portal page thrown back at them, there is a red warning asking them to check the details.  Three warnings given bans them for 3 days.  I was considering implementing email validation using a send email with a clickable link, but this just seemed to complicated with having to allow them unresticted access for a period of time to check their emails, and then you also get people who can't access their emails on the move.

As such, I have around 200 log files I would like to shift from one system to another as part of an upgrade.  I would prefer to retain the log files on the system rather than starting again from zero.

I have two sites running Squid (2.7.9 v4.3.3) and Dans Guardian (2.12.0.3 v.0.1.8)
About every 10-15 minutes, the logs show:

DansGuardian: [nnnnn] Error Connecting to Proxy.

I've tried increasing the Proxy Timeout from 30 to 40s and this has not fixed the problem.

Any ideas as to what is causing this error?

@ermal:

Bill
for the reinstall during bootup i fixed it by this https://github.com/pfsense/pfsense-packages/commit/7a9c4f49b8fcb9b0d9eedd17046fc3b030c9bb96

Thanks Ermal!  I had actually put the same fix in my working directory copy of the code, but just had not committed it yet to my fork of the pfsense-packages repository.  I discovered that trick while looking through some of the other pfSense PHP files.

Bill

Thanks for the response. I was able to get it working. It was a combination of conflicting squid versions (dansguardian installs squid 2.7 and I had installed squid 3) and I also had to manually set the ip address and port of squid in the Dansguardian config even though I'm only using the defaults. I think it might be a left-over quirk from the multiple squid configuration files causing problems.

Now, I'm trying to figure out why requests going through Dansguardian/Squid are so slow, but I'll open a new topic for that.

Just to clarify, I wasn't really looking for anyone to test this for me.  I was just looking for some advice/recommendations on where I put different services based on prior experience.

@Mr.:

On another note…
Is it possible to run snort plug-in in inline mode and make it drop packets instead of blocking the source IP?

But maybe that needs a new post ;)

No, it won't run in true inline mode where it drops packets itself.  The blocking action is the best available for now.  If you construct a proper HOME_NET variable using the Whitelist tab and Aliases, then you can set the block mode to BOTH and be guaranteed to kill the bad traffic without killing a friendly IP.  When set to BOTH, the blocking module will test each IP address individually against the whitelist and only block the one NOT in the list.  The idea is communication to/from the "bad host" is blocked, but hosts in your HOME_NET or whitelist can still communicate to the "good hosts".

The current logic for auto-generating the HOME_NET variable and default whitelist is not perfect.  To get it to work as described above in the current version requires a custom whitelist and HOME_NET.  Some changes are being discussed in this thread to make this happen automatically:

http://forum.pfsense.org/index.php/topic,61891.msg334030.html#msg334030

Related to your original post about enabling xff, I have already made it a default for the next package update.

Bill

@Legion:

Try and download the test files from http://www.eicar.org/85-0-Download.html

I'm 99% sure all is ok, but what should I see when I try to download the test eicar file?  Am I supposed to get a warning that Clamd blocked something or should the download process just not do anything?  When I click on the "Download Anti Malware Test File" my browser shows the spinning icon for about 1/2 second then nothing happens.  ???

Thx

UPDATE:  I found the warning… /var/log/clamav/clamd.log has /tmp/tfemgsEy: Eicar-Test-Signature FOUND

@markuhde:

Installed now. When will Squid3 be updated to a more current version than 3.1? Thanks!

3.3 package version is coming…  :)

Bill thanks for your reply :). Sounds as pretty good solution, there is enough CPU and free memory to run multiple instances of snort (different interfaces). I will problably only enable the virus and malware rules of snort on the LAN interface. As that's the reasons why I might need the local IP.

I am able to install squid3.

Thank you.

It's actually downloading stuff this time so I think we can call this resolved.

Fast response as always, thanks jimp.

Just select interfaces you want squid to listen on.

An alternative for virtual hosts is to listen squid on 127.0.0.1(loopback) and create nat rules for interfaces/virtual ips you what to squid be available.

Thanks a lot Jimp , the box is ok , but it will not store "user" and "pass" on specific file .

Found this thread:
http://forum.pfsense.org/index.php/topic,58368.0.html

marcelloc is working on (the same?) feature as you and it seems like he could finish it.

You probably cannot compile things on pfsense because the dependencies are not installed because a firewall do not need to compile packages.

So you should compile this package on a freebsd 8.1 system (pfsense 2.0.x) or freebsd 8.3 (pfsense 2.1) and build there the .tbz.
I read here in the forum that it is possible to create/build .tbz packages on another system and then copy this to pfsense and install it but I do not know the command lines for that.

I know that user marcelloc posted on some other threads how to do that because other users asked for that. Perhaps the forum search will give you some success.

There are 0 changes in the package system between 2.0.2 and 2.0.3, any problems you have with packages on 2.0.3 are the same on 2.0.2.

The Snort update bmeeks made was merged a few days ago, which I believe was the resolution of the issues here.