DNS forwarder is not in use (is disabled). pfSense is configured to use two back-end DNS servers, has always worked fine. The primary is listed first, the secondary second. The back-end web server CNAME was recently added to the Primary DNS since traffic needed to be routed via host header, not with a path. The slave immediately updated its zone.

There was a power failure overnight Sunday morning, and when UPS ran out all servers were shut down until power was restored.

Testing from a remote location right now, its serving up the robots.txt file as fast as 102ms. Probably restarting something resolved the issue, though since the whole farm was restarted its impossible to know what specifically did it. Hopefully it stays resolved!

Just remove the "*" and insert .phobos.apple.com on squid whitelist.

Do you use transparent proxy?

FaceTime also generates this alert.

Squid do not implement https transparent proxy but dansguardian does on 2.12. The bad news is that client browsers reject dansguardian "fake" cert on current compilation/package.

Hello

Cookies is not enabled by default in HAproxy.

you can add " cookie XXXX insert indirect nocache " in Advanced pass thru Box in FrontEnds ,

Then configure your server with cookies in server Tab. It work`s great.

check HAproxy Document for more info

http://cbonte.github.com/haproxy-dconv/configuration-1.4.html

I was bewildered with " Advanced pass thru "`s  name actually .

Thanks again marcelloc for your help

OMG. Not cool. Sorry everyone. I was expecting to see "squid" in the services menu .. it's proxy server. wow, just wow, i know better.

Well, didn't really answer the critical part of the question, but I seemed to have figured it out.

The rule should allow all source IP, all sorce port to the public IP the proxy is listening on as the destination IP with a destination port of 80.

I have a problem with Skype blocking.

I don't and I am using pfSense 2.0.1 and Snort 2.9.2.3 pkg v. 2.5.1. Either you enable the rules in pua-p2p, or use the default ET set of rules.

If you dont use FailOver or LoadBalance, you can just add tcp_outgoing_address WAN2_IP on squid custom options.

I'm talking about ntop >summary > traffic.
At "Global TCP/UDP Protocol Distribution" is where i want to list what uses most bandwidth first.

Now FTP is listed first, but ftp haven't used more then 202.5KBytes,
Facebook on the other hand, has used 771.4 MBytes.

We do not want to start with proxy yet, because then we will have to configure about 250 machines to go through the proxy.
And that we do only have time for when it's summer vacation for the students.

Sorry for the delay. We have the same issue and it is causing us major problems.

We have an internal server that scans web sites known as a security risk so we generate alot of Snort alerts. However, our internal LAN servers are getting blocked by Snort on the virtual IP (IP the server has on the Internet).

We have put the virtual IP range in the white list and we have set the "Add Virtual IP Addresses to the list" option on. Yet still our virtual IPs get blocked by snort (they appear in the Snort blocked list).

What can be done to fix this?

Any help would be much appreciated!!

@DQM:

Can you show me how to do it in details, Marcello? I am a Networker not Programer  >:(

If you do not understand php, then it could not be done. It will be easy to break the script and mess up your pfsense.

Hello.

Well, the SDECLCD is doing s.th.
But does only display lcdproc…

Nice, thank you phil.davis for pushing it to github, I have a github acc but didnt know about that repository.

now its just a few more bugs left  ::)
the mail part is very important, I had this package running on a lan-party last week and forgot about it.
when I checked the report I saw my server's mac-address on 3 ip-adresses, it was because i used linux-vserver but if it had been an arp poisoning I would not have notices untill I got ssl-warnings and slow network :P

True that the "free" or "registered user" rules are updated much less frequently than the "paid" or "subcriber" rules are.  The subscription rules are generally updated daily except across weekends.

I can definitely report the behavior with the cron job rules update is consistent if you logout of the GUI and wait for the job to run.  Apparently the various values from the config.xml file are normally stored in an array variable called "$config" within the GUI.  The cron job now uses the same PHP page to perform its rule updates as the GUI manual method does, and the values are supposed to be available within that "$config" array variable (it's a global array, apparently).  Looks to me that once you log out of the GUI and any cached info expires, the cron job is then left with no values in the "$config" array.  One of those missing values is the Oinkmaster Code to use for the rule download.  With that parameter missing, the rules download does not happen.

It seems that if you change the time the cron job is to run, and you hold an active web session open during the scheduled cron run, then everything works fine.  My guess is this happens because the "$config" array is still populated with an active GUI session.

This will probably need Ermal to take a look and see if it can be fixed.

The more I look at this, I think it is the program check_reload_status that is causing Snort to spawn multiple, duplicate instances.  I'm going to kill the service for now and see if Snort stops misbehaving.  If so, I'll turn on auto-update again and see if Snort still behaves.

I'll post results.

UPDATE
Just realized there are six instances of check_reload status running.  Think I just found the problem.  Now, does anyone know what is responsible for spawning this program?  I don't see it in crontab or in rc.d… at least, not directly.

Also, when I try to kill any of these instances of check_reload_status, I get an "Operation not permitted" message.  Yea.

Hi Again…

False positive , yesterday from denmark , the radio was very hard to reach , but today it's just fine...
  Sorry from my incompentence....

/Best Michael