1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • V

    Squid slows certain webpages

    10
    0 Votes
    10 Posts
    2k Views
    marcellocM
    @Escorpiom: A standard hd install is with or without softupdates? Without…
  • N

    Re: 2.2-RELEASE now available!

    2
    0 Votes
    2 Posts
    595 Views
    jimpJ
    Not that I'm aware of
  • S

    Urgent Issue : BANDWIDTHD failed to boot up pfSense

    8
    0 Votes
    8 Posts
    3k Views
    W
    Same here, new install, bandwidthd error. Installed the 2.2 upgrade on another machine and it got hosed, won't reboot…. ugh.
  • W

    Snort fails on 2.2

    5
    0 Votes
    5 Posts
    2k Views
    W
    Yup, I just rebooted and reinstalled and it installed fine.  It also started snort fine too. Thanks!
  • A

    Upgraded to Squid3-dev, now traffic is being blocked

    2
    0 Votes
    2 Posts
    824 Views
    marcellocM
    What you get on access.log and cache.log? Setup looks fine… ... acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 2083 3128 3127 1025-65535 21-65535 acl allowed_subnets src 192.168.1.0/24 http_access allow allowed_subnets http_access allow localnet
  • B

    Squidguard Target Rules List in the Common ACL tab only shows All (allow / deny)

    9
    0 Votes
    9 Posts
    5k Views
    B
    I am going to have to give up and accept that I have to get a more powerful system to do this.  I tried reducing the size of the shallalist.tar.gz to only what I want.  But for some reason, while it appears that the databases are being updated, they apparently are not as the blacklist.files file does not exist as it should per this log entry. klist_update.sh: The command '/bin/cp -f -p /tmp/squidGuard/arcdb/blacklist.files /usr/pbi/squidguard-i386/etc/squidGuard' returned exit code '1', the output was 'cp: /u6/etc/squidGuard/blacklist.files: Read-only file system' I also do not appear to be able to hack the config files to make it work.  You guys did too good of a job at securing this thing down. Thank you for your help.  At least now I know.
  • L

    Updating to snort 3.9.7/3.2.2 breaks snort

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB
    @lshiry: … I found a workaround for this by killing the process "/bin/sh /usr/local/etc/rc.d/snort.sh start", which returns to the install script so it can complete the rest of its tasks.  After that, snort was in the services menu.  It was not started, but at least I can manage it now.  Thanks for the help, got me looking in the right direction.  Perhaps a fix for this would be to implement some sort of keepalive in the install php page, or background the service start step so it can complete. Thanks for the information on how you solved it.  Something got hung up in that sub-process on your box.  You are not the only one to experience the issue, but the number who have is quite low (maybe 3 or 4 that I can recall).  The install process calls a system function to execute that shell script.  I will look into it some more. Thanks, Bill
  • T

    Sarg Stops After 10 Minutes

    7
    0 Votes
    7 Posts
    1k Views
    marcellocM
    what squid version are you using?
  • M

    Snort: log: VLAN message on LAN?

    5
    0 Votes
    5 Posts
    1k Views
    M
    @bmeeks: No, the Promiscuous Mode feature has been in Snort since the beginning.  It is something the underlying binary controls and not the GUI package.  Since you say you have done a complete fresh install from the ground up, are you absolutely positive that all the pfSense settings are exactly the same as before?  Was perhaps your VLAN formerly associated with a different interface? Bill Thank you Bill  ;D No, it is completely 100% the same. I meticulously created screenshots of all settings, and setup everything again, fresh, by hand according to these screenshots :-[
  • V

    SquidGuard 1.9.10 problem

    9
    0 Votes
    9 Posts
    2k Views
    D
    @KOM: Just curious, but why do you need to stop it?  Just disable it. +1 SquidGuard may be only disabled. Otherwise Squid will crash.
  • K

    Bandwidthd problem

    48
    0 Votes
    48 Posts
    51k Views
    T
    Edit: found info on 2.2 problems here: https://forum.pfsense.org/index.php?topic=84642.0
  • B

    [Resolved] pfBlocker logs?

    2
    0 Votes
    2 Posts
    2k Views
    B
    Nevermind, I think I found what I'm looking for. Under status->system logs->firewall I can see all blocked connections. I'm not 100% sure I'm seeing pfBlocker kills here, but I think I am because I'm seeing some blocks on outbound connection attempts to Netherlands (a country I blocked) (no, I don't have kazy, it's a damn Kaspersky IP).
  • M

    Package for daily and montly traffic

    8
    0 Votes
    8 Posts
    1k Views
    KOMK
    Is it better to put the tracking to the VLAN or the WAN Interface? That depend on what it is you're trying to measure.  Total bandwidth in/out would require WAN if you have multiple vLANs.  If you have just the one vLAN and no others then I suspect it doesn't make any difference.  It's just adding up all bytes going in/out of the specified interface.
  • C

    Ha proxy-devel client certificates optional

    2
    0 Votes
    2 Posts
    758 Views
    P
    When creating this i choose to do it like this and allow for using acl's like 'SSL client certificate valid.' to be used for selecting the normal backend, or redirecting to a custom 'error' backend. Ill have to re-check if it actually works like i intended (i don't actually use it myself).. It does seem that i forgot to implement the 'none' option which can be selected for a , which i intended to allow for switching between 'optional' and 'required'. Thanks for your sharing your opinion and experience with haproxy-devel, it will take me a while before i get to this though. Put your item on my list of items to check/improve. Thanks.
  • P

    Squid 3 Reverse Proxy Help

    4
    0 Votes
    4 Posts
    1k Views
    J
    I've had issues with reverse proxy (which typically publishes internal servers over HTTP and HTTPS ports 80 and 443) when the web configurator itself is also listening on one of those ports. Nowadays, I change the port the pfSense web configurator listens to as a rule of thumb - anything really as long as it's not 80 or 443. You could try that and see if it helps? Refer to "TCP port" under System | Advanced menu on where to change it. Remember that you would then need to specify that port number in the URL in your browser to access the pfSense web configurator. Also, have a look at the "DNS Rebind Check" option (also under the System | Advanced menu).
  • P

    TFTP Server

    1
    0 Votes
    1 Posts
    751 Views
    No one has replied
  • M

    How to Block Facebook on HTTPS on Squid proxy server using WPAD autodiscover

    2
    0 Votes
    2 Posts
    2k Views
    KOMK
    I just went through this same exercise a few weeks ago.  Nice job.  The only things I would suggest would be for you to clean up some of the inconsistencies.  For example, it's pfSense, not pfsense or PFsense.  Facebook, not facebook.  HTTPS, not HTTPs.  Squid, not SQUID.  SquidGuard, not SQUID Guard.  WPAD, not Wpad.  Prerequisites ordered list has unbold #2.  Your guide would be more universal if you didn't assume that they had an AD network.  I might instead host the WPAD file on pfSense itself as per their guide: WPAD Autoconfigure for Squid Good job, though.
  • H

    Simple Squidguard question - Google Ads - Can't believe I can't find this

    6
    0 Votes
    6 Posts
    2k Views
    E
    For google I have set these two entries: googlesyndication.com 0.0.0.0 Block Advertising googletagservices.com 0.0.0.0 Block Advertising This also takes care of any subdomain like "pagead.googlesyndication.com" for example. I found in another topic that people advised to use "host" entries, this however was not working for me. Important, you have to set pfsense dns server to 127.0.0.1 and clients have to use pfsense exclusively as a dns server. To achieve this, I've made a firewall rule to block all other dns servers (port 53) and only allow the pfsense box as a dns server for clients. This works wonders, I absolutely hate ads. Cheers.
  • bmeeksB

    Snort 2.9.7.0 pkg v3.2.1 Update Release Notes

    22
    0 Votes
    22 Posts
    6k Views
    C
    Hello, I tried to get OpenAppId working, but it doesn't want to… My snort is working, VRT & OpenAppId rules are downloaded. VRT alerts appear. I followed this tutorial : https://forum.pfsense.org/index.php?topic=84227.0 When I go to reddit, nothing is logged in alerts. Nothing useful in the firewall logs neither. I'm running pfsense 2.1.5 with the latest version of snort. Any idea ? Thanks !
  • K

    Bug on squid reverse proxy

    3
    0 Votes
    3 Posts
    983 Views
    K
    squid3 3.1.20 pkg 2.1.2 which part do u want? its huge… the problem appears when i add a cache_peer, example code in squid.conf is like this: #192.168.84.101 cache_peer 192.168.84.101 parent 80 0 proxy-only no-query no-digest originserver login=PASS round-robin name=rvp_HTTP-101 all the mappings start using that peer, until i assing the peer to a mapping, then it start working as it should…
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.