1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    johnpozJ
    @ha11oga11o if you resolve nextcloud.mydomain.xx to your external IP, ie the same one public people do then it would be handled by your haproxy. Example I have ssl offloading for external users for the public fqdn something.mydomain.tld - this resolves externally to my public IP that hits pfsense wan, this also resolves to my public IP when on my local network, so again haproxy handles the ssl, etc. But if I wanted or needed to access that directly on my local lan then I use its name.home.arpa:port that the service is on that doesn't do ssl, etc. What is the point of using the same fqdn internally and externally? What do you think that gets you other than issues?

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    C
    Hi folks, Whenever I try to access a DNSBL blocked root domain it shows the block page but the moment it gets into a subfolder or file in the domain it only shows 1x1 px page. Meaning http://detectportal.firefox.com/ redirects to the DNSBL blockpage with the blocked domain info "This website detectportal.firefox.com has been blocked by the Network Administrator!" but if I try http://detectportal.firefox.com/canonical.html http://detectportal.firefox.com/success.txt http://detectportal.firefox.com/justatest it only shows 1x1pixel Is this by design? Is there anything I can do to make the rest of the pages show the alert? Regards

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    92 Topics
    639 Posts
    E
    Updated CE 2.8.1 to 1.90.4. Looks like they are already working on .6 Freshports pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.4.pkg Changelog

  • Discussions about WireGuard

    713 Topics
    4k Posts
    M
    I have my wiregaurd up and running and can ping from firewall to devices on the vlan but cannot get clients to ping each other.
Log in to post
Load new posts
  • A

    Uninstall snort.

    8
    0 Votes
    8 Posts
    6k Views
    A
    Thank you Bill, I will try it over the weekend.
  • U

    to squid

    1
    0 Votes
    1 Posts
    842 Views
    No one has replied
  • M

    Syslog-ng doesn't start properly

    6
    0 Votes
    6 Posts
    5k Views
    C
    I fixed the problem noted here in this package (was brought to my attention by a support customer), so the above manual edit is no longer necessary.
  • R

    Squid/Squidguard feature request

    2
    0 Votes
    2 Posts
    1k Views
    R
    No, I want to bypass Squid entirely for certain trusted sites, ie banking and Microsoft.  Also have to bypass SSL filtering for email and IM so the client will connect properly.  Otherwise you the user/app gets a cert error (since it's MIM SSL). After researching this a bit more I see it's not possible on the Squid/Squidguard side.  Squid is capturing the initial Connect of the SSL session and therefore can't bypass it.  It must be done at the firewall redirect level. Any chance a more robust alias option is in the works?  Something that could pull categories for bypass like Squidguard does to block?  Have no idea what loading 100k entries into a firewall rule does… Thoughts?
  • N

    Ntop taking a lot of disk space

    6
    0 Votes
    6 Posts
    4k Views
    N
    Everything looks fine after the deletion. Will try to re-install ntop and see. Is it OK to choose all the interfaces during the configuration?
  • N

    Run pfsense infront of another router for only the snort capability

    3
    0 Votes
    3 Posts
    1k Views
    N
    So you went away from this.  How did you configure the bridge? Any details?  This is new to me. Thanks.
  • K

    Squid reverse proxy - accessible from lan, not wan

    1
    0 Votes
    1 Posts
    825 Views
    No one has replied
  • R

    Squidguard redirect URL not working

    2
    0 Votes
    2 Posts
    4k Views
    R
    Well it was pretty easy - I had to check "Do not use the DNS Forwarder as a DNS server for the firewall" on the General Setup page.  Restarted Squid and with just the ? at the end of the redirect URL it works fine.
  • belleraB

    Binary file /var/syslog-ng/default.log matches

    2
    0 Votes
    2 Posts
    2k Views
    A
    Hola Bellera , tengo todo igual que en las capturas que me indicas y no me registra en los logs
  • D

    PfBlocker not cleaning up removed lists (tables)

    2
    0 Votes
    2 Posts
    1k Views
    D
    Fixed it myself by adding a new list in pfBlocker like this: Create a new list in pfBlocker with the exact same name as the orphan table (see under Diagnostics -> Table). Filled in an existing url and 1 hour update, deny inbound Waited until the table was full in Diagnostics -> Tables Went back to pfBlocker Selected the newly created list and selected "Disabled" Checked in Diagnostics -> Tables (table has been deleted!) Finally deleted the list in pfBlocker. And now the orphaned table is gone!  ;D
  • S

    Squid LDAP authentication problem!

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • B

    Squid3 + Dansguardian Clarification / help

    3
    0 Votes
    3 Posts
    2k Views
    Z
    In theory, Dansguardian is capable of doing what you suggest. There is an option in the group settings to enable it. From what I could find on the forums, this feature is not working on Dansguardian. Marcelloc would know for sure. It is working with squid3-dev, so you can do basic blocking and caching with that.
  • C

    HAProxy scenario - desperate for advise

    2
    0 Votes
    2 Posts
    2k Views
    P
    With haproxy you should be able to put the lines below in a 'advanced' section: reqrep ^([^\ :]*)\ /(.*)    \1\ /path/\2 reqirep ^Host:\ sub1.domain.ltd  Host:\ 192.168.10.10 I think that will take care of the rewriting.. However i think the rewriting of the host is actually not a nice thing to do, i think its better to configure a virtual directory which checks the proper domain name on the webserver. Also read about this in the manual: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-reqrep
  • N

    Can't stop or restart haproxy 1.4.24 on pfsense 2.1

    2
    0 Votes
    2 Posts
    4k Views
    P
    Hi nublaii, That haproxy doesnt 'respond' to service-stop service-start requests seems to be 'by design'.. This because the restarting of haproxy is not a combination of 'stop' and 'start', but haproxy does a pretty much seamless restart while transferring persistence information and finishing old connections through the old process. However when you apply a new good configuration the process should restart with a new PID. Could try and see if you use the haproxy-devel package you get that same behavior? I've done quite a bit of modifications to that -devel package, also in the startup / config-checking. It can be if you configured something 'wrong' that haproxy doesnt start a new process and keeps the old one running.. If you've got the same problems there maybe i can help getting it diagnosed /fixed. Greets PiBa-NL
  • N

    Snort on nano with cf - how often is it read only?

    7
    0 Votes
    7 Posts
    2k Views
    N
    Thank you Jim and Bill.
  • D

    Snort - limiting log directory size

    13
    0 Votes
    13 Posts
    7k Views
    bmeeksB
    @mallison01: ok sounds good, thanks. if you need some one to test your new code id be interested. Thank for the offer, but I was able to test the fix in my VMware environment.  The fix for auto-log rotation is ready and should be posted in a few days.  I found several issues in that old code.  Thank you for pointing out the problem.  I'm glad I looked… :) Bill
  • C

    Dansguardian with multi-groups

    3
    0 Votes
    3 Posts
    1k Views
    C
    Thanks for reply. I think I found what was the problem. While making lists and groups I was saving lists and groups individually, but did not use "global" Save button. Seems like it's working now. All the best.
  • O

    Package that could poll the num of users via CP

    1
    0 Votes
    1 Posts
    606 Views
    No one has replied
  • K

    Snort still clearing blocked ip's even though it is set to "never"

    3
    0 Votes
    3 Posts
    1k Views
    K
    Well whether the problem I had was real or not. I happened to try out binding to the Lan (instead of wan) for my snort interface. And I had the results I expected with blocked ip's staying blocked. I set it to "both" for direction. That seemed to fix it. Only problem is snort cannot perform a portscan from this side of the network (lan). So I created two with this one on wan as a  rule-less snort interface (with portscan enabled). Which seemed to work. But annoying to see it warn me about no rules on the interface. And I probably have redundant preprocessing now. So not sure why I had the problem originally, but there is a solution in case anybody has had problems. Hopefully one day snort for pfsense will create the block list as a simple "Alias" table. Then snort2C wont be needed. And if Snort could be part of the rules chain order. (instead of first) Then the Whitelist inside of snort won't be needed either. Along with speeding it up since it will not process ip's destined to be blocked by the rule chain ahead of it. including ip's it has previously blocked.
  • A

    [Squid] Bypass Maximum download size for specific IPs

    2
    0 Votes
    2 Posts
    1k Views
    N
    go to -=> Proxy server: General settings - Bypass proxy for these source IPs - insert you ip (192.168.0.x
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.