1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @ha11oga11o said in Please help to configure HAProxy to serve certifficate on internal LAN too: Just to add again, that blo***dy nextcloud app has to be on same domain name connection and same cert. Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    C
    @Gertjan yes, that was an example, a false positive from a list that is not being blocked anymore.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    641 Posts
    L
    For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working. E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN. As soon as I restart the tailscale service in the UI it works immediately after.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    R
    I was on PfSense version 23.xx (don't recall the xx) and was able to start the Wireguard service. I upgraded to the 25.11 beta version and now the Wireguard service will not even start. I am on Wireguard version 2.1, and I see that there are versions that go up to 2.9. How do I upgrade to a later version? The only version in the pfSense updater is 2.1. Thank you
Log in to post
Load new posts
  • R

    Copy snort config to new interface?

    34
    0 Votes
    34 Posts
    7k Views
    bmeeksB
    @Hollander: So, Bill: is there perhaps a way to apply the settings from LAN to VLANx via a script in the CLI? Bye  :P Yes, this is technically possible, but the developers were not keen on the idea so I did not include it.  All of the settings for an interface are stored as XML data in the /conf/config.xml file on the firewall.  If you study that file and know XML, you can pretty quickly see how things work.  Just find the section for Packages and then Suricata (or Snort).  Each configured Suricata interface has its own sub-section in the file.  Copying one sub-section over to another, and adjusting for interface names and a couple of other interface-unique parameters is all that is required. Bill
  • D

    Rebooting pfsense router removes snort blocked hosts?

    5
    0 Votes
    5 Posts
    1k Views
    bmeeksB
    @dmitripr: … Based on the topic I link in my second message, looks like the blocked hosts are removed when filter is reset -- which would happen at reboot. That's outside of Snort's control. Thanks for the message, though! Correct.  On a reboot all of the pf tables are cleared, including the <snor2c>table utilized by Snort. Bill</snor2c>
  • S

    Can package be uninstalled on its own? …Spooky

    2
    0 Votes
    2 Posts
    658 Views
    BBcan177B
    I don't know of anything that would remove the CRON package after it was installed. Only thing, i could see is if you did a Restore of a Previous Configuration which rolled it back to before CRON was installed.
  • P

    Ssl/https squidguard extensions the video

    2
    0 Votes
    2 Posts
    710 Views
    KOMK
    You can use Squid's Traffic Mgmt tab to throttle particular extensions.  Set Per-host throttling to 2000 (KB), Throttle only specific extensions checked, and your list of extensions in Throttle other extensions
  • C

    Lightsquid stuck on text mode in bar scheme

    1
    0 Votes
    1 Posts
    517 Views
    No one has replied
  • R

    How to install Rsyslog on pfsense

    1
    0 Votes
    1 Posts
    874 Views
    No one has replied
  • N

    Installing RSYSLOGD on pfSense [WIP]

    8
    0 Votes
    8 Posts
    4k Views
    R
    I follow your post to install rsyslog on pfsense . But while I am restarting my machine the /etc/syslog.conf file restored to previous file that is one before installation of rsyslog.
  • M

    Squid Proxy Not Creating Logs? SARG & Lightsquid failing.

    9
    0 Votes
    9 Posts
    9k Views
    KOMK
    I suspect it was your browser cache.  I've seen this exact problem myself more than once, and a ctrl-F5 always fixed it.  You get the error page, hit F5 and see the same error page, hit ctrl-F5 and there it is.  It's weird like that, but you just remember the glitch if you do a lot of installs.
  • C

    Negative_Hit/404, Miss percentage is high than the hits

    10
    0 Votes
    10 Posts
    3k Views
    KOMK
    Run a Lightsquid report and see what your Hit% is after a week or so of normal usage for your cafe.  That will tell you how effective Squid is being about caching content and saving bandwidth.
  • bmeeksB

    Suricata IDS 1.4.6 BETA package update v0.3 released

    41
    0 Votes
    41 Posts
    14k Views
    bmeeksB
    @Cino: Noticed something else this morning, the cron job that removes IPs from snort2c seems to disappears after a reboot. I have to go to into the global tab and save it so the job is recreated. EDIT: Nevermind… Its not because of a reboot... When I make changes to snort, it removes the cron job because I deactivated blocking in snort You can have lots of weird issues if you run both Snort and Suricata in blocking mode because for the moment they share the same pf table (the snort2c table). Bill
  • R

    (New / Fixed) Widescreen Package Update

    102
    0 Votes
    102 Posts
    41k Views
    jimpJ
    @cyber7: To the pfSense Developers.  PLEASE STOP BREAKING THE WIDESCREEN ABILITY! It has never been broken intentionally. We can't hold back the base system because some unofficial and unsupported patch might break, especially when security and similar fixes are required. The original creator of the patch or someone with the skills to update it would have to keep up with the code changes in the base system. If someone wants to maintain the patch and bring it up to a current version, others may appreciate it, but if we wanted the patch in the base system for 2.1.x it would have been officially accepted there long ago. There is a widescreen theme in 2.2, and 2.2 is moving along, almost to BETA. That's the only place that officially contains widescreen support. Anything else only works by luck/chance. If it bothers you that much, put up a bounty to have someone fix the widescreen patch or fix it yourself for others to use.
  • N

    Can't get caching updates working

    2
    0 Votes
    2 Posts
    1k Views
    R
    I had to go here to get the full details: http://wiki.squid-cache.org/SquidFaq/WindowsUpdate not 100% it is actually working as intended with those recommendations as lightsquid logs are not totally clear as to whom is getting a hit on the cache for updates… so ya.  maybe that will help you some.
  • S

    Radius.log - encoding of the username

    1
    0 Votes
    1 Posts
    681 Views
    No one has replied
  • K

    Proxy settings

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    Using Squid and SquidGuard, go to Services - Proxy filter.  Click the Target categories tab and add a new one.  Give it a name and add your allowed domains to the Domain List.  Click Save.  Go to the Common ACL tab and click the green arrow button to expand the Target Rules List.  Make sure your Target category is listed at the top and its access is set to allow.  Underneath that (because the rules are processed in order from top down) make sure that Default access [all] is set to deny.  Set your Proxy Denied Error, Redirect mode, and Redirect info to whatever you need.  Click Save.  Go to the General settings tab.  Click Save, then click Apply.
  • T

    Suricata Packet Log Location

    3
    0 Votes
    3 Posts
    1k Views
    T
    @Cino: @Trel: I turned on packet logging for an interface to test with, but I can't find where to actually access those logs. I kept getting the "Suspicious User Agent" alert so I wanted to look at the packets to see what actually it's flagging. i get a ton of them, mostly false positives for me but look here /var/log/suricata/suricata_'interface id' Based on the port being used and the  machine it's coming from, I'm fairly certain I know what's triggering it and if I'm reading the rule right: http://doc.emergingthreats.net/bin/view/Main/2001891 That's being triggered by "3a" or " agent" being in the user agent?
  • S

    Unbound service start problem

    12
    0 Votes
    12 Posts
    5k Views
    T
    My unbound runs OK. (2.1.x, x64) Have you tried, without the cache restoration option turned on? With cache restoration turned on, my system reboot would take forever, because of unbound hanging/processing a maybe corrupt cache-file.
  • G

    NRPE2 | Icinga/nagios | check_load | Almost there

    2
    0 Votes
    2 Posts
    3k Views
    G
    http://www.smallbusinesstech.net/more-complicated-instructions/nagios/setting-up-nagios-on-a-debian-server-to-remotely-monitor-an-untangle-server define service{         use                            generic-service                host_name                      pfsense         service_description          Current Load         check_command check_nrpe_1arg!check_load }
  • R

    Snort - what does it do?

    2
    0 Votes
    2 Posts
    718 Views
    BBcan177B
    http://en.wikipedia.org/wiki/Snort_(software) https://doc.pfsense.org/index.php/Setup_Snort_Package https://forum.pfsense.org/index.php?topic=61018.0
  • S

    NTOP - Never really gets internal host names correct.

    1
    0 Votes
    1 Posts
    987 Views
    No one has replied
  • P

    Problem with Sarg application

    5
    0 Votes
    5 Posts
    3k Views
    K
    I don't use Dansguardian, so I am not sure if you have to configure SARG for either Dansguardian or Squid. You probably don't want to configure it for both. My guess, is that your configuration is correct now, cause you have an index that shows up and the realtime works. If you look under: Services - Proxy: Log rotate (this setting will conflict with SARG) Status - SARG Reports - Schedule - Schedule Options - Action after sarg From what I read, you should leave Squid to not rotate logs at all and have SARG do it instead. Or you can modify the CRON job for SARG so it runs right before Squid rotates logs. If you leave Squid rotating logs, what happens is that at midnight, it will restart and zero out the acess.log, so when SARG tries to read the access.log it will be empty, producing a blank report. You can test your configuration by going ahead and opening up the SARG schedule and clicking Force update now. Then check Status - System Logs and it should show any errors if SARG is having an issue. If it works, you should see updated reports.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.