1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @ha11oga11o said in Please help to configure HAProxy to serve certifficate on internal LAN too: It seems theres no proper/easy way to do what i want to be done then? What? I have gone over exactly how to set this up... You can use whatever fqdn you want on the public side.. That end up on your pfsense wan IP, and haproxy can send that anywhere you want using whatever certs you want for the offloading. Your problem is you are trying to use the same domain name internally and externally - this leads to complications in what resolves to what.. All your problems go away if you would just use a different internal domain name to resolve your internal resources. home.arpa is the approved domain for this use.. Now when you hit publicdomain.tld it hits your haproxy on your wan IP. If you use otherpublicdomain.tld - again also hits your wan IP.. Doesn't matter where you resolve this from - out on the internet or from some phone on your local wifi network. And when you do want to access a local resource with its local IP then use something.home.arpa.. So you can access all your devices via the dhcp registration of their names.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    GertjanG
    @carlinix said in DNSBL blockpage only works with root domain: Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" I presume that "detectportal.firefox.com" is just an example here. But ... be aware that this URL shouldn't be blocked if possible for two reasons : The resource requested returns just a 8 byte 'page' : it says 'success'. This URL is most probably be used by the OS or app on a device (probably Firefox ) to detect the presence of a captive portals on the connected network.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    641 Posts
    L
    For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working. E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN. As soon as I restart the tailscale service in the UI it works immediately after.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • G

    Looping Squid Auth

    3
    0 Votes
    3 Posts
    922 Views
    S
    Anything? Stuck on the same problem… I'll try to use squid3, maybe it works
  • T

    Gui status for dashboard squid3

    1
    0 Votes
    1 Posts
    586 Views
    No one has replied
  • X

    Squid custom fields

    7
    0 Votes
    7 Posts
    2k Views
    X
    I found that just %Hs work and puts in the status code.  I really appreciate your help.  It seems that everything is working now.
  • K

    Squid3 or Squid2 … Your thoughts...

    3
    0 Votes
    3 Posts
    1k Views
    K
    Thank you for your input. I will test with v3 and see. If it has antivirus, maybe I can skip having HAVP installed…
  • R

    Unable to get Squid transparent proxy to accept traffic on its own

    1
    0 Votes
    1 Posts
    980 Views
    No one has replied
  • E

    SNORT sending emails about cron

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @spudy12: Ah okay so it's nothing to worry about? I just assumed as it was sending an alert it was something that was not good (to much of that with my NAS lately) Also my Alert list is being spammed with (http_inspect) UNKNOWN METHOD Is there anyway to limit the number of these logged or turn it off altogether? Cheers! The cron e-mail is a never-mind.  Just spam.  I will see if I can get rid of in an upcoming update. As for the http_inspect alert, those are very common.  So common, in fact, that I wonder why the rule authors even keep them in their packages.  But since they do, my advice is either disable the rule or suppress it.  A suppressed rule still "fires", but Snort eats the alert.  A disabled rule never wastes CPU time being used to inspect against traffic, since disabled rules are not loaded.  Which to use is your call as admin.  I have chosen to disable the rule.  You can do that either on the RULES tab by selecting Preprocessor Rules in the drop-down, or (easier method) find the alert on the ALERTS tab display and click the red X icon to add the rule to the forced disabled list. Bill
  • K

    Package Site Down??

    8
    0 Votes
    8 Posts
    2k Views
    DerelictD
    ESF: Please kill your AAAA records until this is fixed.
  • bmeeksB

    Suricata 2.0.3 pkg v2.0.1 Update – Release Notes

    29
    0 Votes
    29 Posts
    4k Views
    bmeeksB
    The promised bug fix update for Suricata has been posted.  I started a new thread with those Release Notes.  The update to package version 2.0.2 from 2.0.1 addresses the bugs identified in this thread.  All are fixed except one, which is not actually a bug.  The Suricata Dashboard Widget will remember which column it was in when the package is uninstalled and reinstalled, but it will always position itself at the bottom of that column.  This happens because when Suricata is removed, the Dashboard Widget must also be removed or errors will result from missing files.  A package upgrade on pfSense actually performs an uninstall and then reinstall.  So the Dashboard Widget is removed during the uninstall step and then reinstalled when the package is.  However, it is not possible for the widget to position itself back exactly where it was before.  It will go to the bottom of the column where it was previously located. Bill
  • A

    Unable to update package and reinstall package

    4
    0 Votes
    4 Posts
    2k Views
    K
    Adjusted my hosts file and success! Thank you!
  • T

    HAVP on 4G NanoBSD

    5
    0 Votes
    5 Posts
    2k Views
    S
    I know this is an old thread but I though this would be a good topic to bring back from the dead since it is the first result in Google.  Could we use something similar to what is suggested at http://www.zeroshell.org/forum/viewtopic.php?t=1916.  This is the pertinent part: Step 0 - Disable your HAVP proxy using the GUI, in the case it is currently enabled. Step 1 - (Ignore) Step 2 - The following command have to be both executed in the Zeroshell's shell AND added to your pre-boot scripts (through the Zeroshell's GUI):     > mount -omand,noatime,uid=havp,gid=havp,size=50m -ttmpfs none /Database/var/register/system/havp/tmp Step 3 - Re-enable your HAVP proxy using the GUI.
  • S

    Squid not working after ip address change

    8
    0 Votes
    8 Posts
    3k Views
    J
    I had been trying and failing to set up squid and squidguard when my LAN was set up to use 172.31.1.0/24. I reset to factory defaults and left all at 192.168.1.0/24 and the installation went fine.
  • M

    Sqid3-dev squidguard time based filtering stops

    1
    0 Votes
    1 Posts
    674 Views
    No one has replied
  • I

    Postfix - Zombie Blocker persistent whitelist cache

    2
    0 Votes
    2 Posts
    1k Views
    B
    ilvipero, Sorry for the delay in replying.  The package doesn't cache the domain.  It caches the IP address of the sending server. The postscreen cache (where previously seen IPs are stored)  is held in /var/db/postfix/postscreen_cache.db A reboot should not affect that - I've even backed it up and restored it to a fresh install. You can see what IPs are in there with postmap -s btree:/var/db/postfix/postscreen_cache Are you running an embedded install of pfSense?
  • H

    Snort 2.9.6.2 pkg v3.1.2 not logging Alerts

    31
    0 Votes
    31 Posts
    5k Views
    bmeeksB
    @highlandpeak: Bill, Thanks for the hard work. BAM If your configuration is still muddled up and giving you problems, send me a PM and I will work with you offline to get it fixed.  Essentially what was happening to you is the Snort PHP code was getting confused by the duplicate UUIDs for different interfaces and wound up trying to "start" the wrong one (one that is already started).  That's why one of your interfaces was giving a SOFT RESTART notice.  Its UUID matched one of your earlier configured interfaces (most likely the one it was cloned from).  Snort uses that UUID to differentiate interface instances. Bill
  • G

    Snort & Barnyard2 Logging to mySQL - Bug in config file when name contains space

    5
    0 Votes
    5 Posts
    2k Views
    bmeeksB
    @Grandmaster: No problem at all Bill. Thanks for all the work. Normally I'd not use spaces for exactly this sort of reason but for some reason my thumbs took over on this one and typed a space - The thumbs have been duly admonished, put back in their box and I am now using a sensor name without a space and typing with only eight fingers. But as it got me scratching my head I thought I'd report it as a bug in case another person also has rogue thumbs or it crops up in some other manner. Cheers James I just tested and Barnyard2 itself won't honor any spaces in the config file (even when the string containing them is quoted).  So I added validation logic to the SAVE code that checks for spaces in the Sensor Name and throws a validation error if any are found.  I was able to sneak this fix into the current Suricata update that is under review by the pfSense developer team.  I will also add it to the next Snort update. Again, thank you for the report. Bill
  • H

    Stunnel

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Z

    Transparent Proxy issue?

    51
    0 Votes
    51 Posts
    13k Views
    Z
    what about flashing it with this firmware? http://joeyiodice.com/converting-tp-link-tl-wr1043nd-to-dd-wrt/
  • E

    SQUID: Filtering streaming media using regular expressions

    5
    0 Votes
    5 Posts
    3k Views
    F
    Onde add as expressoes regulares
  • R

    Postfix Domain Suffix Blocking issue

    6
    0 Votes
    6 Posts
    2k Views
    B
    Good to hear it worked. For future reference this site was very helpful.
  • N

    Allow Single Website for single IP only

    2
    0 Votes
    2 Posts
    843 Views
    KOMK
    In SquidGuard, create a new ACL for just the one IP address.  Then sequence it right at the top of your rules.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.