1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    649 Posts
    luckman212L
    @mightykong @CarlMRoss Looks like you might be experiencing https://github.com/tailscale/tailscale/issues/17793 I also have a 6100 + Tailscale 1.90.6 so I will test mine now. update: I don't seem to be having this problem, which is odd because I'm usually that one guy in a thousand who has the strange bug that nobody else can reproduce. Have you tried deleting the contents of /usr/local/pkg/tailscale/state ?

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • S

    Squid 3.4.9 error

    1
    0 Votes
    1 Posts
    530 Views
    No one has replied
  • S

    Problem with range requests on squid

    2
    0 Votes
    2 Posts
    1k Views
    S
    Anyone? I work in an IT shop so a lot of our traffic are updates, it would be great if the 206 requests were pulled out of the cache rather than across the internet.
  • S

    PfBlocker doesn't update rules automatically

    3
    0 Votes
    3 Posts
    1k Views
    S
    Thank you for the reply but I found what was the problem. In the Interface / Lan menu, I had the IPv4 configuration type set to "Track Interface" for some reasons. I set it to "None" and the rules got automatically added in the Firewall/Rules section after enabling pfBlocker.
  • M

    Bug in apcupsd package

    2
    0 Votes
    2 Posts
    850 Views
    D
    Thanks. This script needs an update. Also, you can modify the path to lockfile on the GUI.  :-[
  • M

    Squid error messages in disabled Auth Portal logs

    1
    0 Votes
    1 Posts
    632 Views
    No one has replied
  • N

    Filter local server mail

    1
    0 Votes
    1 Posts
    505 Views
    No one has replied
  • G

    Squid does not work

    21
    0 Votes
    21 Posts
    8k Views
    T
    Have you tried setting the logging option to either "Encode" or "Allow" ? strip: The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. deny: The request is denied. The user receives an "Invalid Request" message. allow: The request is allowed and the URI is not changed. The whitespace characters remain in the URI. encode: The request is allowed and the whitespace characters are encoded according to RFC1738. chop:The request is allowed and the URI is chopped at the first whitespace. With "squid3-dev" you could try with "forwarded_for transparent" typed into "Custom ACLS (Before_Auth)" field (and with the "Disable X-Forward" not selected off course.)
  • G

    Pfsense/snort crash memory related

    6
    0 Votes
    6 Posts
    1k Views
    bmeeksB
    I don't have a theory to explain what caused the out-of-memory message.  If this was a single event, it may just have been due to the phase of the moon relative to the spontaneous decay of a Higgs boson …  ;). If, on the other hand, it is a repeatable error for you, then some further investigation is called for.  I assume from the info provided in your first post this is a pfSense 2.2-BETA box.  Do you have any other packages running besides Snort? Bill
  • P

    DansGuardian and pfSense 2.1.5: Web uploads denied and package editor disappears

    1
    0 Votes
    1 Posts
    579 Views
    No one has replied
  • ghostshellG

    Odd SNORT Block Entries

    4
    0 Votes
    4 Posts
    1k Views
    ghostshellG
    Thanks Guys!
  • W

    Snort Search Method

    4
    0 Votes
    4 Posts
    4k Views
    bmeeksB
    @wbennett77: I have Snort Alerts added on my Dashboard but it doesn't show the most recent alerts. Is this normal? Cheers! The Dashboard widget should show the most recent alerts, but it shows a composite consisting of all interfaces.  So if you have Snort enabled on LAN and WAN, and the "lines to display" in the widget set for 5, then it will show the 5 most recent alerts without regard to interface.  Stated another way, if the WAN had the most recent 5 alerts, then the widget would only show those. It would not show any of the LAN alerts if they were older than the most 5 recent WAN alerts.  The reverse is also true. Bill
  • B

    Varnish backends down

    3
    0 Votes
    3 Posts
    880 Views
    B
    varnish sucks, after few days of troubleshooting and wildguessing i've installed squid3 and settled everything in 15 minutes. http://serverfault.com/questions/542416/having-two-subdomains-on-one-public-ip-addres-behind-pfsense-router the third answer for squid3 was correct.
  • W

    Barnyard2 stops running

    7
    0 Votes
    7 Posts
    3k Views
    bmeeksB
    I've found Snorby to get the rule text right most of the time.  Glad you found that rules setting.  I forgot to point it out.  If you find out something from your other queries that you think needs changing in the Snort and Suricata packages with respect to Barnyard2, post back here or send me a PM. Bill
  • A

    Could cron to clear ntopng log?

    2
    0 Votes
    2 Posts
    2k Views
    R
    Look here. Does this help?
  • ?

    Pfsense + FreeRadius: Force authentication?

    3
    0 Votes
    3 Posts
    908 Views
    ?
    Hi, Thanks, my switches do support RADIUS, so I will see about switching that on. I was kind of expecting that pfSense would have the same kind of support for enabling RADIUS for any connectivity to it, maybe that was an incorrect assumption. Regards, Rob.
  • F

    Snort ET MALWARE User-Agent (Internet Explorer)

    3
    0 Votes
    3 Posts
    1k Views
    F
    Oh nevermind, maybe they are not realted after all… when i saw IE User-Agent thought it was the CVE-2014-6332... Still... packet capture some of those and we will check if its FP or what it is... F.
  • S

    Squid web proxy + Virtual IP

    3
    0 Votes
    3 Posts
    2k Views
    E
    On page Serivce –> Proxy server. Add custom option include /usr/local/etc/squid/my.conf On my.conf write http_port virtual_ip:port restart squid squid -k reconfigure check open port netstat -an
  • J

    Squid3 transparant SSL

    1
    0 Votes
    1 Posts
    875 Views
    No one has replied
  • bmeeksB

    Snort 2.9.6.2 pkg v3.1.3 Update – Release Notes

    5
    0 Votes
    5 Posts
    3k Views
    bmeeksB
    @Hollander: 1. The thread you posted is clear. Except for the part about 'changeSID'. I have no clue what I am seeing, as in: it doesn't fit in my limited brain; either you have enabled SID's, or you have disabled them. Why the third list? The modifysid option is for actually changing the text of the rule body.  For example, you could change the "alert" keyword to "drop".  This will have more meaning once a true IPS mode is implemented.  Then, "alert" rules will simply print messages in the logs and on the ALERTS tab; but "drop" rules will be the ones that actually drop (or block) the offending traffic.  Today on pfSense any "alert" causes a block, but on a true IPS that is not the case.  Alerts are like notices and "drop" rules are the only ones that should block traffic.  You might for example only want alerts for rules that identify older versions of Java or something, but you would want drops for rules that identify known malware phoning home. As the Snort and Suricata packages exist today, the modifysid function is not really necessary yet. @Hollander: 2. Do you have thoughts on keeping separate SID-lists for Snort and Suricata? Or 'one list fits all'? (Does it? I don't know). This is an admin decision.  Just remember that there are many, many Snort rules that contain keywords or rule options that Suricata does not recognize.  No sense even trying to load those rules on Suricata. @Hollander: 3. Do you have thoughts on the lists having exclusive SID's (-> if a SID is on list 1 it shouldn't be on list two, and vice versa), or are there good reasons to do things differently? If you are using only literal SIDs in the files, then it does not make sense to put the same SID in both files.  However, when you use the more advanced PCRE options; it is conceivable to match the same SID.  In those situations, the setting of the SID STATE ORDER control becomes important. @Hollander: 4. How can one manage the part of new SID's appearing after an update? Is there a 'new SID's added during update' list somewhere? Because these need to be processed into the github-list one way or the other I guess(?) Each time the rules are updated the vendors post an updated Change Log on their web sites. Bill
  • N

    Zebedee is removed?

    2
    0 Votes
    2 Posts
    770 Views
    BBcan177B
    The Devs have removed the package. See the following link: https://github.com/pfsense/pfsense-packages/commit/87019e8afcb46a9be8edc461168287f6a9b92cc4
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.