Check the wpad web server logs. Beware that IE caches the wpad config and might not request a changed wpad.dat file again for some time. Check the proxy logs, eg, SSL sites are appearing with CONNECT:www.site.kom:443 Firefox has an addon called 'Foxy Proxy', it has an option to auto detect and tells you whether the config was downloaded & parsed correctly.

Any help on this?  Can anyone give any instruction on whether im on the right track with those files?

Looks to be all good once I added those mime types to the DG –> Extension Lists --> Exception files (within the UI)

Updated one of my 2.0.3 x86 machines to Unbound 1.4.20_4 today and Unbound isn't shutting down any more.

I can make changes to Services -> DNS Forwarder and logs show Unbound restarting correctly.

As usual, you guys are THE BEST.

edit: orig put ver 1.4.20_3 by mistake

@Honeybadger:

Ya, I understand that.

Can't add ram so I am pruning rules.

If you are using the Snort VRT rules with an Oinkcode, then try enabling just the IPS Policy - Connect in the drop down on the Rules tab.  That is a good basic set of rules.  Do not add any others (that is, leave all the Emerging Threats and the Snort GPLv2 rules unchecked).  See if Snort will start then.

Bill

Ah, Ok.

I think I had the command wrong.  It works if i use this:  /usr/local/bin/php /usr/local/pkg/kickallusers.php 0

I was originally just calling /usr/local/pkg/kickallusers.php (similar to what squid does in one it's cron jobs).

This now works fine.

For interest, kickallusers.php contains this:

All the echoed HTML could be lost, as there is no need.  I wanted to do this to force all clients to disconnect at the same time, and not after xx amount of hours.

echo "Opening Captive Portal Database...................."; require("/etc/inc/captiveportal.inc"); if (file_exists("/var/db/captiveportal.db")) {  $captiveportallck = lock('captiveportaldb');  $cpcontents = file("/var/db/captiveportal.db", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);  unlock($captiveportallck); } echo "DONE."; echo " "; $cnt = 0; foreach ($cpcontents as $cpcontent) {  $cpent = explode(",", $cpcontent);  $oursid = $cpent[5];  echo "";  captiveportal_disconnect_client($oursid);  echo "";  $cnt++; } $fh = fopen("/usr/local/pkg/kickallusers.log", 'w'); if(flock($fh, LOCK_EX)){  fwrite ($fh, date('l jS \of F Y h:i:s A'));  flock($fh, LOCK_UN);  } fclose($fh); if($cnt != 0){  echo " | Disconnecting [ MAC: $cpent[3] ]   |   [ IP: $cpent[2] ]   |   [ ID: $cpent[5] ]..................... | DONE. | Completed successfully, $cnt clients disconnected."; }else{  echo " There where no clients to disconnect!"; } exit; ?> I know the echo's will all buffer out together in this script, they were more just to see the finished output, not a 'rolling report'. My Captive Portal page has some PHP in it which does a time check, preventing the client from passing through the captive portal between midnight and 7am, the captive portal page that appears says the "Internet Access is currently turned off'.  Outside these times, the normal captive portal page appears. The reason for this kicking script is to kick all clients just after midnight, forcing them to re-visit the captive portal page, which would then show the "Internet Access is currently turned off" page.

Ok, so it turns out that /var was out of space!

I tried running:

/etc/rc.conf_mount_rw pkg_add http://files.pfsense.org/packages/8/All/perl-5.14.2_2.tbz

… and it gives me:

Fetching http://files.pfsense.org/packages/8/All/perl-5.14.2_2.tbz... /var: write failed, filesystem is full lib/perl5/5.14.2/unicore/lib/NChar/N.pl: Write failed lib/perl5/5.14.2/unicore/lib/NChar/Y.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFCQC/Y.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFDQC/N.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFDQC/Y.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFKCQC/M.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFKCQC/N.pl: Seek failed lib/perl5/5.14.2/unicore/lib/NFKCQC/Y.pl: Seek failed ... lib/perl5/5.14.2/warnings.pm: Seek failed lib/perl5/5.14.2/warnings/register.pm: Seek failed tar: (Empty error message) tar: Error exit delayed from previous errors. Done. pkg_add: package 'perl-5.14.2_2' or its older version already installed

var doesn't "seem" to be full, but pkg_add must be needing to write something larger than the available capacity…  ???

df -h Filesystem          Size    Used  Avail Capacity  Mounted on /dev/ufs/pfsense0    443M    232M    175M    57%    / devfs                1.0K    1.0K      0B  100%    /dev /dev/md0              38M    274K    35M    1%    /tmp /dev/md1              58M    14M    40M    26%    /var /dev/ufs/cf          49M    166K    45M    0%    /cf devfs                1.0K    1.0K      0B  100%    /var/dhcpd/dev

I then found this other thread, where someone was having the same problem (var being full) when installing Python:
http://forum.pfsense.org/index.php/topic,44953.msg234429.html

So I tried their solution:

[2.0.3-RELEASE][root@bonfire.localdomain]/var/log(17): setenv PKG_TMPDIR /root/ [2.0.3-RELEASE][root@bonfire.localdomain]/var/log(18): pkg_add http://files.pfsense.org/packages/8/All/perl-5.14.2_2.tbz Fetching http://files.pfsense.org/packages/8/All/perl-5.14.2_2.tbz... Done. pkg_add: package 'perl-5.14.2_2' or its older version already installed

Perl is already installed, eh?  ???
Let's try Squid…

[2.0.3-RELEASE][root@bonfire.localdomain]/var/log(25): pkg_add http://files.pfsense.org/packages/8/All/squid-2.7.9_3.tbz Fetching http://files.pfsense.org/packages/8/All/squid-2.7.9_3.tbz... Done. pkg_add: package 'squid-2.7.9_3' or its older version already installed

Hmm!  Both already installed!

So then I went back to the web interface, and selected "reinstall GUI components" (or something to that effect) for Squid…

Removing squid components... Tabs items... done. Menu items... done. Services... done. Loading package instructions... Include file squid.inc could not be found for inclusion. Deinstall commands... Not executing custom deinstall hook because an include is missing. Removing package instructions...done. Auxiliary files... done. Package XML... done. Configuration... done. Beginning package installation for squid... Downloading package configuration file... done. Saving updated package information... done. Downloading squid and its dependencies... Checking for package installation... Downloading http://files.pfsense.org/packages/8/All/libwww-5.4.0_4.tbz ...  (extracting) Loading package configuration... done. Configuring package components... Additional files... done. Loading package instructions... Custom commands... Executing custom_php_install_command()...done. Executing custom_php_resync_config_command()...done. Custom commands... Executing custom_php_install_command()...done. Executing custom_php_resync_config_command()...done. Menu items... done. Integrated Tab items... done. Services... done. Writing configuration... done. Package reinstalled.

… and the next time I refreshed the web interface, it now shows "Proxy Server" under services!!!  Hooray!  :D

The system log seems to confirm this too:

Apr 27 22:45:24 php: /pkg_mgr_install.php: Beginning package installation for squid. Apr 27 22:47:43 check_reload_status: Syncing firewall Apr 27 22:47:43 php: /pkg_mgr_install.php: Stopping any running proxy monitors Apr 27 22:47:45 php: /pkg_mgr_install.php: Starting Squid Apr 27 22:47:45 php: /pkg_mgr_install.php: Starting a proxy monitor script Apr 27 22:47:45 squid[54449]: Bungled (null) line 182: http_reply_access allow all Apr 27 22:47:45 check_reload_status: Reloading filter Apr 27 22:47:47 php: /pkg_mgr_install.php: Starting Squid Apr 27 22:47:47 squid[57532]: Squid Parent: child process 57856 started Apr 27 22:47:48 php: /pkg_mgr_install.php: Reloading Squid for configuration sync

I'm still not sure where this leaves things in terms of the problem.  I even tried 2.0.3 in a VirtualBox VM and got the same problem - I just couldn't install Squid on the nanobsd version of pfSense.    It seems to be related to the size of /var…  is this something that is "fixable", or should the potential problem (or the resulting failure) be detectable by the package installer?  Should I file a bug report for it?

Thanks again to everyone for the help!  8)

@feikel:

ls,

Pleas advise!

Installed snort and want it to get working on LAN port, as inside the LAn there are some infected pc;s (at a camping/resortt with 75 villas)

Getting error when trying to add LAN interface to be snorted and save:

Fatal error: Call to undefined function: get_interface_ip() in /usr/local/pkg/snort/snort.inc on line 178

Get it from page : https://93.154.3.105/snort/snort_interfaces_edit.php?id=0

Versions
pfsense 1.2.3
snort 2.8.6.1 pkg v. 1.35

gr
feike

You have two issues working against you.  First, your pfSense version is out of date.  The current release is 2.0.3.  Second, your Snort version is way behind and probably won't have any rules to download.  The current Snort binary version is 2.9.4.1 (you have 2.8.6.1) and the Snort Package version is 2.5.7 (and you have 1.35)

Here is what I suggest:

1.  First, make sure Snort is configured to save settings on de-install (this is a checkbox near the bottom of the Global Settings tab).

2.  Go to the Installed Packages tab and delete the Snort package.

3.  Now go to the System menu and do the firmware update to pfSense version 2.0.3.

4.  When that finishes, and you are sure the firewall is running OK, then go to the Available Packages tab and reinstall Snort.

These steps should get you an up-to-date system with a functional Snort package.  Here is a post I made a while back showing how to do a basic setup of Snort.  These instructions assume you have the latest Snort package.

http://forum.pfsense.org/index.php/topic,61018.msg328717.html#msg328717

Bill

Yup thanks for all your hard work jimp and your friendly, polite answers to questions on here :D you are much appreciated!

Thanks bmeeks  ;D

@QRBSAdmin:

Also now I'm getting all these logs in the firewall, is this normal?
pf: 00:00:00.034222 rule 1/0(match): block in on vr0: (tos 0x0, ttl 52, id 2411, offset 0, flags [none], proto UDP (17), length 58)

Yes if you select log option on pfblocker

OK that would make sense because it's running fine on systems with more memory and disk space..  It used to work on the Alix a while back but it seems that it doesn't any more.  The only other package that I have loaded in blinkled.

Also a great update. Worked without problems for me (pfSense 2.0.3 i386)  ;D
Only had to add the widget again.

I haven't experienced this either..

Bill update went fine and everything restarted and is running like it should. :-D Moving over to the new thread now to follow.

@marcelloc:

Are you sure this denied site is not also included on squid blacklist?

OMG yes it is included in the squid blacklist and not in dansguardian blacklist! Ok need to figure out how to configure dansguardian than :S. Thanks

Have you tried a different browser or client pc?  This seems like a software issue on the client side to me.

what parameters!? It's just export tool!
If you're talking about the openVPN configurations, it'll be there!

To be on the safer side, why don't you take openVPN backup from the dropdown under Diagnostics->Backup/Restore!

Can u post some screenshots!
Btw what interface did you chose on the proxy interface on your squid settings!?

well, my /var/log/dansguardian directory is owned by clamav and in group nobody same for the access.log file..

Check dansguardian is running as clamav I guess.

–BUMP--

Does anyone know how to fix this?