Thanks for your help guys

Anyone ?

The first packet indeed looks weird.
Can you send me off-list:

packet captures from downstream and upstream for the same time frame. what you see in System->Logs for the same time frame.
Regarding 2.0 - several people reported that igmpproxy worked for 2.0 though I've never tested it.

To what end?  What do you want to do with them?

Oh, and you'd install them by following the instructions that came with them.

I don't know, I'm not sure I've heard of anyone trying. If it works on FreeBSD, the chances are good that it would work on pfSense, so long as you don't need GUI integration.

Hi vinhk20119
the short answer, YES…

The long answer:
Install SQUID/SQUIDGUARD and do it though this.

Kind regards
Aubrey Kloppers

sorry, this actually started again - if anyone has any ideas on what it could be please post up

Thanks

1. Install & configure pfSense.
2. Install configure & Squid, setup you debian proxy as parent for Squid.
3. Install configure & squidGuard

All examples exists in the forum and FAQ.

This pretty much outlines your options:

http://doc.pfsense.org/index.php/Remote_Config_Backup

well, after a while i give up as time was precious. i then spotted the apache server with mod security package (reverse proxy etc) and decided to have a go at this.
out went squid and in came apache (this is on an alix 2d3 with cf)
i had this horrible feeling that it was too much for the poor old alix and this was confirmed by the amount of packages etc that it installed with it.
the alix started to creak and i couldn't access the web config. it became so unresponsive, i couldn't hardly do anything with it.
so, from the shell….. lots of pkg_delete -f -a with lots of /etc/rc.conf_mount_rw
after about 7 runs, i finally clear everything out so no packages. i even delete the remaining traces of them.
i'm on the net but no web configurator. a check of the logs reveals missing dependancies. no prob's, i have another pfsense and i copy the missing shared files over.
but still, no web configurator. it's starting to beat me now. i have a config backup etc so i keep ploding away.
everything is working fine but the web configurator. ummm, check the config and i can't see any port under webgui so i add a <port>443 in front of</port> thinking that's why i couldn't get onto it.
crash.... now i'm really stuffed, no web either now. i'm off the net with a few choice words. i now remember, i tried an upgrade to v2 and had that on the other slice (silly me, why didn't i duplicate it back to 1.2.3 before all of this? lesson learnt! won't happen again!)
maybe time to upgrade to v2 as i have this other slice....... no, i get the usual probs with it not remembering vlans etc.
no prob's, i will configure it with minimal lan and from there, install backup config. no, it's beat me again with "a scalar value error" and just won't let any lan be configured under v2.
shock horror..... i don't want to remove the cf card and reinstall etc. i'm not on the internet at this time and i haven't got a copy of pfsense with me.
so, now i'm back into the config and removing the <port>443 and pfsense is back up but still no web config.
and then it hit me.......
try an upgrade with v1.2.3 on the v2 slice that doesn't work. so i upgrade this slice to 1.2.3 and voila...... pfsense is backup and running with web config. phew!

moral of the story?
1. have a working opposite slice & config backup before adding any packages
2. don't go against your better judgement (me by loading apache etc on an alix) unless you have time to spare
3. don't panic. sit back and think it out and you can get there in the end. you learn a bit too!

now.... how can i waste my next sunday?</port>

Is nobody else seeing this, I notice another post relating to this but for pfSense V1.2.3, the common factor is the Snort package version.

I had to manually install the rules but this isn't my first choice of ways to pass the time.

I'd appreciate it if anyone running V1.35 could try to update and post the result (PS although my version says 1.35 on the package page the package reports v1.34 - and yes I have re-installed three times).

have you also tried using opendns as your forwarders? then just set a firewall rule that only opendns can be used.
i find opendns quite effective and it's another layer for them to try and overcome.

@brcisna:

clutch68,
I don't like having this teachers workstation "outside" of the firewall for sure as we have so may possibilities of viruses in a school setting. Kids are just 'trying' to kill every system on the lan, it goes without saying.
At least the connexion client is usable with this cludge,,,:).

Hi Barry, glad to be of help. I could certainly be wrong here, but simply bypassing the proxy should not further expose the client PC. Although a local firewall is prudent, your staff client should also still be "behind" the firewall protection of the pfsense box, just as it was before the proxy bypass. In other words, a squid bypass doesn't necessarily = firewall bypass. The client is simply not routing outbound web traffic through squid.

This post is begging for correction if anyone has further thoughts on this.

I found that disabling the 'snort_web-client.rules' #15306 (WEB-CLIENT Portable Executable binary file transfer) worked for me.  Cleared out the blocked and all seems to be working again.

Suspect there's another little gremlin in there as well.  Hell of an 'all-inclusive' rule to break Windows Updates  ::)

If you read the forum and doc wiki you will find complete howtos that go over everything necessary. It's been asked and answered dozens if not hundreds of times.