1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    648 Posts
    C
    @mightykong Yes, my system also requires a restart after reboot, and what has worked for me is: service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up What has worked for updates included a [sysrc tailscaled_enable="YES"] that is supposed to handle tailscale restart after reboot, but it has not worked for me. I am looking into it, and others will be as well. In the meantime, this is my update one-liner command line: service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.90.6.pkg && rm -f tailscale-1.90.6.pkg && service tailscaled start && tailscale up Options: add && tailscale version && tailscale status to automate a first check; and, the "rm -f tailscale-1.90.6.pkg" is not needed, but once I saw the suggestion, I decided to keep it.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • F

    Snort/Suricata Suggestion

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @fsansfil: Hey BBcan, I know, its really well done too… But just wanted a simple way to add more $ operator with aliases ;) F. This idea would require changes within the pfSense code itself, and not just the Snort or Suricata package code. Bill
  • S

    Help with latest Snort + Barnyard2

    6
    0 Votes
    6 Posts
    3k Views
    bmeeksB
    @hescalona: mv /usr/pbi/snort-amd64/bin/barnyard2 /usr/local/bin/barnyard2 Yep, this should fix it by copying the latest barnyard2 binary over top of any older version lurking in /usr/local/bin. Bill
  • W

    Snort on Lan & Wan

    5
    0 Votes
    5 Posts
    3k Views
    bmeeksB
    @wbennett77: Thanks Bill, How would I identify which ET rules that are direct IP drops besides the three you spoke about? The rule text will just be a long list of IP addresses.  It's not terribly critical that they go on just the WAN, though. As another poster mentioned, there is some debate on the merits of where to put IDS rules (WAN, LAN or both).  I find that for most home users with NAT, putting the rules on the LAN side helps you better find any infected hosts without a lot of searching.  On the other hand, most home networks are small enough that even a brute-force search of all the machines would not take very long.  For me I just like the convenience of having the offending host's real IP immediately available in the alert message on the ALERTS tab. Bill
  • P

    Pfsense + freeradius2: wifi simultaneous login not working

    6
    0 Votes
    6 Posts
    3k Views
    N
    I am not familar with actual pfsense version and CaptivePortal. But if I remember correct there is a possibility to give a user some credits so that this user can access the internet without logging in on CP. So you you try to use a high number of credits for each user and low timeout for resetting these credits and enabling Accounting on CP. Not sure at all if this works. When you are searching for "radutmp" file you find some interesting information: http://opensource.apple.com/source/freeradius/freeradius-25/freeradius/raddb/modules/radutmp Accounting information may be lost, so the user MAY #  have logged off of the NAS, but we haven't noticed. #  If so, we can verify this information with the NAS, #  If we want to believe the 'utmp' file, then this #  configuration entry can be set to 'no'. check_with_nas = yes So this part will tell us that accounting is used for simultaneous use checks and it tells us, that if the user logs of or is disconnected and the NAS (Access-Point is your case) will not tell freeradius that this user has disconnected, then freeradius will never know and this user will still exist in radutmp file. So when trying to use DD-WRT you should make sure that it works like it should and that you don't fix one problem and get a new one ;) Perhaps you should enable CaptivePortal and use this accounting feature and authentication. On CP add the Access-Points itself to bypass so that authentication with PEAP works. Users then authenticate against freeradius to get WLAN Access and then - this is not so comfortable but should work - again on CP to get internet access. With the same username and password and then simultaneous checks can be done on freeradius with accounting enabled on CP or better use the CP built-in feature of simultaneous-checks. Good Luck!
  • B

    Snort 2.9.6.2 pkg v3.1.4 - Preprocessors blocks my WAN IP

    16
    0 Votes
    16 Posts
    4k Views
    bmeeksB
    @Hollander: I had the same problem, so I wil do the XML-reinstall as you said, Bill, to see if it fixes anything. (Disabling portscan preprocessors and rebooting did not solve anything). What is weird in my case is: it only happens on WAN1 (VDSL), not on WAN2 (Cable); And, of course, being the noob that I am, I have no clue why my WAN1-IP would be detected as doing a port scan on some remote IP at all. And, something even more weirder: Source: 122.225.97.66 Destination: 81.x.x.x. => my WAN SID: 136:1 ((spp_reputation) packets blacklisted) And then my WAN gets blocked by Snort, and not the 122.225.97.66  ??? The update to 3.1.5 should fix the WAN IP getting blocked.  The bug fixed in that update causes Snort to ignore the new WAN IP change, so that means your new WAN IP does not get put into the default automatic PASS LIST.  As for portscan sensitivity, I have a noticed a few more than I used to get many months ago.  The GUI package code I maintain has nothing to do with that, however.  That is something triggered by the Snort binary that comes from the snort.org folks. Bill
  • ?

    FreeRADIUS + LDAP: Client Storage?

    1
    0 Votes
    1 Posts
    643 Views
    No one has replied
  • S

    SQUID: Proxy monitor

    2
    0 Votes
    2 Posts
    745 Views
    S
    Found it. /usr/local/www/ Edit Squid_monito.php using filemanager or other. Find <form id="paramsForm" name="paramsForm" method="post"> | Max lines: | <select name="maxlines" id="maxlines"><option value="5">5 lines</option> <option value="200" selected="selected">200 lines</option> <option value="15">15 lines</option> <option value="20">20 lines</option> <option value="25">25 lines</option> <option value="100">100 lines</option> <option value="200">200 lines</option></select> | | String filter: | ! to invert the sense of matching, to select non-matching lines.");?> | </form> Edit highlighted section from 10 to any other preferred number and refresh the squid monitor page. Voila!
  • P

    AutoConfigBackup - user-config-readonly priv still does backup

    2
    0 Votes
    2 Posts
    772 Views
    P
    Related bug report: https://redmine.pfsense.org/issues/4034
  • P

    AutoConfigBackup - Do not overwrite previous backups for this hostname

    2
    0 Votes
    2 Posts
    698 Views
    P
    Bug report for "Do not overwrite previous backups for this hostname" checkbox: https://redmine.pfsense.org/issues/4033 Feature request to differentiate automatic and manual backups: https://redmine.pfsense.org/issues/4035
  • A

    PfSense 2.1.5 + Squid3 + Multi-WAN

    2
    0 Votes
    2 Posts
    842 Views
    A
    Hey guys, anyone got an idea? :/ Greets
  • S

    Caching Windows 8.1 Updates

    1
    0 Votes
    1 Posts
    748 Views
    No one has replied
  • W

    Squid3 custom error pages

    1
    0 Votes
    1 Posts
    892 Views
    No one has replied
  • S

    Turn off package filtering, what happens to Squid?

    1
    0 Votes
    1 Posts
    509 Views
    No one has replied
  • P

    Strikeback Is Not Logging

    1
    0 Votes
    1 Posts
    517 Views
    No one has replied
  • P

    Snort does not show trojan traffic

    16
    0 Votes
    16 Posts
    3k Views
    P
    Hey guys! Just wanted to let you know that with the modified rule I was able to get an alert on the interface I supected to be the source of the conficker traffic. I still have to investigate the PC to confirm that it actualy is infected but the whole issue seems pretty plausible now. Thanks again for the great help! Malte
  • D

    Snort Block Offenders kills interface.

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @dola0056: would that be /var/log/system.log? I did check it out and have not seen any errors. The interface seems to come up and down but the red and white x remains. Also when I create a rule it doesn't work for the interface unless I remove the block offenders option and then the rule and the interface run fine. Look under Status…System Logs.  You may need to click the Settings tab once that page is displayed and tick the box to show newest events first (that is, show events in reverse order) and expand the number of entries displayed to like 250 or more. Now go back and try to start Snort with blocking enabled.  You should get an error message of some type in the system log.  My first thought is perhaps your system is missing the <snort2c>table.  That has happened to folks who have used the Traffic Shaper.  It seems to delete the <snort2c>system table that Snort needs for blocking – or at least it was doing that a while back. Bill</snort2c></snort2c>
  • S

    PfBlocker IP List

    20
    0 Votes
    20 Posts
    15k Views
    A
    @new_to_pfsense: Can I use this list: (Brute Force Blocker) http://danger.rulez.sk/projects/bruteforceblocker/blist.php In my pfsense aliases as a URLTABLE even though the URL does not end with .txt? new_to_pfsense - Did you ever try to add the list?  I came across the list as well, and interested in knowing what happens when its added through the gui. Thx Ash,
  • C

    Change block duration for Snort

    3
    0 Votes
    3 Posts
    1k Views
    C
    d'oh.  Thank you.  I looked at that page a dozen times but was always looking for a text field to type a value into so kept looking over that one.
  • C

    Possible to make Snort block IP on specific interface

    2
    0 Votes
    2 Posts
    901 Views
    F
    Snort and IPS/IDS in general is not a turn on once and leave it running kind of solution. You need to asses if the alerts being triggered are false positives or not and add suppress / pass lists based on your needs.
  • C

    Snort error when activating rules

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @cjbujold: Thanks de-activate the rule and everything now works.  The rule # giving the problem is in emerging web-clients rule# 2011695. cjb That rule is disabled by default in both ET-Open and ET-Pro packages, so that's why not too many people run in to the syntax error.  I think it has been reported a number of times, but so far has not been fixed by the authors.  You can fix the error by deleting the backslash in front of the phrase "\object.data" so the pcre expression looks like this instead: "(obj.data|object.data).+file\x3A\x2F\x2F127\x2E[0-9]" Of course the next time your box downloads an updated Emerging Threats rules package your edit would be overwritten.  You could paste the "corrected" rule in as a custom rule and just leave it in the default disabled state in the ET web-client package. Bill
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.