@thestealth:

I assume I was looking for this line:

root  28032  0.0  0.3  3348  1332  ??  Ss    6:39PM  0:00.01 /usr/sbin/cron -s

No more weirdness in my log either.

Thank a lot it is much appreciated.

Yes as you can see their were 6 running before and you are welcome!

Hmm… Let me look into it and I'll get back to you.

Not sure if this is the config you are looking for or not, but any machine on the network could run squid and serve as a proxy. It would only need one NIC to do so… Likewise, you wouldn't need pfSense at all - just squid running on a server that had access to the internet and was accessible from the other network.

I have updated package. Waiting on one of the devs to upload the new php_frontend file.  :-[

https://forum.pfsense.org/index.php/topic,71553.0.html

[quote author=marcusone link=topic=62708.msg390896#msg390896 date=1390242650]
Sorry for waking an old thread… but the same issue is back :(

Beginning package installation for vnstat2 .
Downloading package configuration file… done.
Saving updated package information... done.
Downloading vnstat2 and its dependencies...
Checking for package installation...
Downloading http://files.pfsense.org/packages/8/All/vnstat-1.11_1-i386.pbi ...  (extracting)
Loading package configuration... done.
Configuring package components...
Additional files… vnstat_php_frontend-1.5.1-updated.tar.gz failed.
Backing up libraries…
Removing package...
Starting package deletion for vnstat-1.11_1-i386...done.
Removing vnstat2 components...
Tabs items... done.
Menu items... done.
Loading package instructions...
Deinstall commands... done.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... done.
Failed to install package.

Installation halted.

@newbieuser1234:

If i am having problem with http slowness and inspect blocks is it correct to disable the alerts to make it faster?

newbieuser1234:

The way to solve your issues is by adding these alerts to the Suppress List.  Go to the Alerts tab, and for each HTTP Inspect block you think is bogus, click the plus icon (+) in the SID column.  That will automatically add that alert to the Suppress List and it won't cause further blocks.  Do this for all the HTTP Inspect alerts you don't want to cause blocks, then stop and restart Snort on that interface when you're done.

Alternatively, run Snort in non-blocking mode for several days or weeks to get a feel for the traffic in your environment.  Look at the Alert logs and add Suppress Entries for things you believe are false positives.  Once you have a good Suppress List with few or no false positives showing up in the Alerts, then put Snort back into blocking mode.  You do this on the Interface Edit tab for the interface in Snort.

Bill

The PBI allows for the package to sit in its own directory with its dependencies. Though the package probably needs to be rewritten to make sure that it is not moving things out of the pbi directory etc. As long as they are encapsulated I think that would work but I do not have a working understanding of either package right now.

I noticed I was also getting update errors at some times during the day.

I changed the 'Update Start Time' parameter to a non-standard value and it fixed the problems.

Thanks Bill

OK,

Good to know. I have a spare firewall with the exact same specs which is configured the same way. I will do a complete wipe and fresh install on that one and after that do the same to this one.

Thanks,

Roger

@DasTieRR:

thank for your help, I really appreciate it :)

Your welcome  ;)

Really haven't messed with lightsquid much… sorry.

@periko:

Have u try this with squid3+squidguard?

I have and it works very well.

To those intressted, I managed to archive my goal by setting up an Firewall rule to REJECT the following Network range: 74.125.0.0/16

I can't see the forest for the trees.

Now I configured a Proxy in the VPN-Settings for the Client.
Then I added a Rule on IPSec Interface that blocks all HTTP/HTTPS Traffic not going to the Proxy or the LAN Subnet.

It seems to work fine now.

I have the same issue.

My squid access.log log file size is growing up.  It never rotate since the first day I start running squid.

Looking for the solution too.

Thanks.