And what will happen if I have CARP, so my WAN have a private ip address?
I will have to use host_outbound = mypublicip in the configuration file, but how to edit the file and avoid pfsense gui to overwrite it?

@Supermule:

Didnt that get updated via the GUI??

@DigitalDeviant:

I jusat signed up for VRT rules and cannot get them to install after a reinstall and reconfiguration of snort. I'm currently running 2.0.2-RELEASE (amd64).

Edit: The issue may lie with my Snort account. I was unable to manually pull 2.9.4.1 rules with my Oinkmaster URL; I got an error saying I was not a subscriber, though I can manually download the 2.9.4.1 rules. I was able to pull 2.9.4.0 via Oinkmaster URL.

Edit 2: All problems with my account are cleared and I still cannot automatically download Snort 2.9.4.1 rules.

Edit 3: I had to change {$oinkid} in snort_check_for_rule_updates.php with my actual Oinkid. Then it worked.

I haven't had time to troubleshoot any further. I have confirmed I have the right Oikcode in the GUI. Unless I change it in both spots it wound download the MD5 or rules. I don't have the exact errors from the system logs but it seemed like the download link was wrong so I'm guessing that it's not getting the Oinkcode variable. Troubleshooting time is minimal so any ideas on how to proceed would be appreciated.

Hey Barry!

I got it blocked it using squid and squidguard!

My settings squid on transparent proxy and on squidguard with blacklist "http://www.shallalist.de/Downloads/shallalist.tar.gz",

denied these two "[blk_BL_hobby_games-misc] - [blk_BL_hobby_games-online]" on both tabs Common ACL and Groups ACL!
and it blocked those two websites.!

One more thing about squidguard after making all the changes inside move to the "General settings" tab and scroll to the end and SAVE the settings first and then HIT apply on top of the same page.

Good-Day!

The 127.0.0.1 user entry did the trick!  Before this, I had even created an entry for the specific IP address of the pfsense box, which didn't work.

Thank YOU!

Hi,

can you make sure that the server certificate for the RADIUS server is a "server" certificate and not a client certificate ?
Where did you create the certificate?
Did you select the CA and the server cert in freeradius –> EAP --> CERTIFICATES FOR TLS ?
If you created the certificate/CA on pfsense then you need to empty the "Private Key Password".

Sometimes it works after clicking a second time on the "Save" button on the freeradius --> EAP page.

If your Linux/Android clients does not support PEAP + MSCHAPv2 then you should use some other mechanism than MSCHAPv5. Try with MD5. It's not a security problem because PEAP establishes a TLS tunnel and this is secure and it doesn't matter what is happening within the tunnel unless it is compatbile with your devices.

Thank you for your feedback.

If I remember correct on an some weeks old test environment I installed HAVP and I could see that ClamAV version wasn't the actual version as it is on the clamav homepage. I am not sure if all signatuires and programcodes are still up to date on the HAVP package or if these will update automatically.

Using an "old" version of HAVP proxy isn't the main problem i think because it is just redirecting traffic throu7gh ClamAV but it makes no sense (in my opinion) to redirect traffic through an old/utdates antivirus scanner and lose performance even if the scanner is not on the newest version an cannot find "all" viruses.

I would be interested if ClamAV is independent from HAVP and updates itself? How does this work on other packages like Danguardian?

What a great find!!!

@AhnHEL:

@bmeeks:

FYI.  I now have this functionality working in my latest test build of the Snort GUI.

Wow, that was fast Bill.  Excellent work, cant wait to try out all the new improvements.

Here is a link to my Github repository showing my latest changes:

https://github.com/bmeeks8/pfsense-packages/commits/master

You can look at the Commit History.  Changes after March 22 have NOT yet been submitted to the pfSense team.  I hope to do that in a day or two.

Bill

Search the forum on squid3 of reverse squid3. There are a lot of topics over this. Including instructions.
Beter is just try. I prefer squid3.  It's easy to use and to learn.

@ccb056:

Maybe there is something wrong with running both Snort and ET rules at the same time….

No there shouldn't be a problem, I run both sets in my production system.  I run different sets on different interfaces.  My updates happen without any problems.  If you have not yet, a reboot of that box might help.

I'm still doing quite a bit of testing various scenarios with the newest Snort package in a virtual machine environment.  I have found a few quirks in the PHP code that I am cleaning up and improving.  Hope to have a GUI code update to submit this weekend.  One area where I made some changes is in the rules update code (but nothing that I expect would definitely cause or correct the issue you see – still, it might help).

Bill

thx for your answer !

The thing is, I wanna do Radius or Local authentification on LAN (because the computer are multi-user) and just Mac logging on Wifi (wich is single user device).

So I need the LAN interface not to be transparent and the WiFi to be (espcially because Android's Phone older than 4.0 can't add proxy settings for browsing ).

Not sur i'm really clear …

On IPCOP or smoothwall I can do it juste like that :

So it's possible but I don't know how to do it with Pfsense …

what version of dansguardian are you using?

If you are using latest version, it's better to post it on dansguardian sourceforge bug report.

No worries. Will set one up during easter holidays when wife and kids are out shopping :D

@adiadasman:

You mean just drop down to the FreeBSD prompt and install the package? Not in a jail? I am sorry, I have just started using pfSense, so I am still trying to familiarize myself with it. I would also need to install MySQL as well, correct?

Yes, just use pkg_add -r

for amd64 on freebsd 2.0.x

pkg_add -r http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/security/maia-1.0.2a_3.tbz

Test it on a virtual machine first to see if it breaks or not pfsense gui.

@joako:

My understanding it was already patched but with the same version number, uninstall + reinstall resolved it for me.

Correct.  The Version Number was not incremented for the latest fix for WAN IP blocking.  Just uninstall and reinstall as suggested and the "fix will be in"… :)

Bill

Redirects only function when a page is blocked - it's the replacement for a block message.  Try it with a block message and no redirect and see if the clients you wish to redirect get the block message.  You will also need to add a the redirect site to the Target Categories tab then set that page to Allow on the Allowed Clients rule or Whitelist it on the Common ACL page.  Otherwise it ends up in a loop of trying to visit the redirect page, oops, redirect page is blocked, so redirect, oops, redirect page blocks, so redirect . . .

If it stores the data in /var or /tmp then no it will not survive a reboot.

The RRD backup only works for RRD graphs built into pfSense, not packages.

It works!  ;D
Thank you sooooooooooooooooooo much!
I tried so many different and complicated things that I am so disppointed that it was such a detail !
@ futare
I do not know if it could help but I found today a very good article here : http://fafadiatech.blogspot.fr/2012/05/build-your-own-unified-threat.html
It explains how to calculate cach size and many other things.
Hope you'll find information which will help you.