1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    RedDelPaPaR
    @bmeeks Understood. Thank for kindly for your help. I will likely be ordering a new unit soon.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    644 Posts
    C
    @elvisimprsntr Thank you. I would not be surprised if I ended up with a lengthy solution that works but needs significant improvement. I am using a Netgate 6100 with pfSense+, starting with version 24.x. I had updated Tailscale without trouble per this discussion by using pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-x.y.z.pkg. This worked until pfSense+ version 25.0.07 (FreeBSD 15-CURRENT) and Tailscale upgrade 1.88.3. After several attempts and web searches, I was only able to install that upgrade by using: fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.88.3.pkg, and then IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.88.3.pkg. Then, I could not restart Tailscale, no matter what I tried, including the sequence: service tailscaled stop, tailscale logout, service tailscaled start, and then tailscale up.

  • Discussions about WireGuard

    714 Topics
    4k Posts
    L
    @subhan2k said in [Guide] Setup a wireguard tunnel to VPN provider (multiple VPN tunnel setup): I tried following your guide to set up the Surfshark WireGuard server configuration in pfSense as default gateway, but I got stuck at the static routes step. In my case, the endpoint isn’t a numeric IP — it’s listed as us-bna.prod.surfshark.com. How should I add this to the static routes? In my configuration: Endpoint: us-bna.prod.surfshark.com Address: 10.14.0.2/16 So what exactly should I enter in the static routes? after switching the default gateway from WAN_DHCP to the WireGuard VPN my Interent doesn't work so adding static routes is mandotary (Im using inside vmware) nslookup us-bna.prod.surfshark.com Server: 127.0.0.53 Address: 127.0.0.53#53 Non-authoritative answer: Name: us-bna.prod.surfshark.com Address: 82.26.162.48 Name: us-bna.prod.surfshark.com Address: 82.26.162.53 That should do it Just take 1 of the 2. And in general, don't use domain names but only IP. Before you start, choose 1 of the 2 IPs and use it for the whole process
Log in to post
Load new posts
  • perikoP

    SquidGuard and sarg?

    7
    0 Votes
    7 Posts
    2k Views
    marcellocM
    IIRC, squidguard report on sarg stays on another link at main report file. Try squid3 - dev with squidguard log integration. The dev package has the latest stable version of squid with the latest changes/improvements on gui. You will need to enable ipv6 and fetch some depending libs.
  • A

    Need somebody help about NUT and APC ups

    4
    0 Votes
    4 Posts
    3k Views
    R
    @abiatiya: on configuration GUI, I put only local UPS Settings section Local UPS Name: BK500EI Local UPS Model: APC Back-UPS USB Local UPS Port : Auto (USB Only) Local UPS Generic Type: blank Local UPS Cable Type: blank I would try one of the other UPS models from the "Local UPS Model" pull down menu.  See if one of the more specific models will communicate better.  I'm running a BackUPS ES 500 and selected the Back-UPS ES USB and it suddenly worked.  I'm not familiar with the EI 500.  Maybe try the Smart-UPS USB. Rick
  • K

    Can't install freeradius2 on pfsense v2.1

    6
    0 Votes
    6 Posts
    2k Views
    N
    are you running a full install of pfsense or du you use ebedded install or something like this? As far as I know the installation only works without problems on a full install.
  • N

    Squid Porxy

    7
    0 Votes
    7 Posts
    2k Views
    marcellocM
    Enable squid logs and check what is going on.
  • K

    Squidguard HTTPS non-T

    4
    0 Votes
    4 Posts
    1k Views
    marcellocM
    with proxy set on clients ssl sites are blocked/filtered on on domain lists as squid can't analyse url after ssl handshake is done. with squid3-dev you can intercept ssl and filter https the same way you do with http.
  • C

    Zabbix Proxy 2

    2
    0 Votes
    2 Posts
    1k Views
    D
    Hi. For ExternalScripts, how are you thinking? Define a directory that you will put manually your scripts? Or could be a default path ? I am asking because we have to deal with how to create this directory and a routine to check permissions.
  • D

    Block facebook.com by squidguard

    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC
    Is that user's system configured to use the proxy server?
  • perikoP

    Squid 2 subnets 2 ISP?

    2
    0 Votes
    2 Posts
    888 Views
    marcellocM
    you will need some acls and tcp_outgoing_address directive. I do not have a sample config but it may work.
  • P

    How to completely clean out the configuration of an uninstalled package?

    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    Use viconfig to edit xml but be careful while editing to do not corrupt your xml config file.
  • L

    Help: package snort automatically stop random.

    4
    0 Votes
    4 Posts
    1k Views
    bmeeksB
    @leoshen: only "EMERGINGTHREATS.NET" and "SNORT GPLv2 COMMUNITY RULES" Try a remove and re-install of the Snort package.  Click the box down near the bottom of the Global Settings tab so that Snort settings will be retained on a de-install.  Then go to the System…Packages menu and on the Installed Packages tab click the X beside Snort to completely remove it.  Then go to the Available Packages tab and install it fresh. Look in the system log for the time periods when Snort has stopped and see if anything Snort-related appears. Bill
  • P

    Mailreport: how can I send dansguardian logs via mailreport?

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Squid breaks Sky+ OnDemand service

    2
    0 Votes
    2 Posts
    1k Views
    marcellocM
    Include  your Sky+ box transparent proxy source address bypass
  • V

    What's the best technique for blocking HTML5?

    2
    0 Votes
    2 Posts
    1k Views
    V
    I forgot HTML5 has the far simpler doctype of just html without a DTD reference. I guess this will make it easier to identify HTML5 when parsing the page. I have been trying to find out how CDMs will be delivered and so far I can only assume that they will be using local storage or application cache. Could this mean that only something like NoScript will be able to block CDMs?
  • N

    Comments on Sourcefire / Cisco purchase

    6
    0 Votes
    6 Posts
    2k Views
    N
    That's kind of what I thought.  I'm just trying to figure out if I want to offer snort to customers.  It might be a losing proposition long term.
  • T

    Squid Logs out of Control

    1
    0 Votes
    1 Posts
    838 Views
    No one has replied
  • F

    Havp fails testing eicar file

    5
    0 Votes
    5 Posts
    1k Views
    F
    I tried to reinstall The two packages No change
  • K

    PHP Service - All/Any configuration changes to pfsense to syslog server

    1
    0 Votes
    1 Posts
    599 Views
    No one has replied
  • E

    Suggestions For Multi-Interface Bandwidth Monitoring?

    1
    0 Votes
    1 Posts
    853 Views
    No one has replied
  • nesenseN

    SQUID 3 settings do not stick.

    3
    0 Votes
    3 Posts
    1k Views
    nesenseN
    It seems the problem is gone, I'm not sure what fixed it but I had to delete squid files under /usr/local/pkg and reinstall, other thing I did is applying this patch: https://github.com/marcelloc/pfsense/commit/f82cbe49b47b202eb1ccf8ab3dd3d7cf87013ef9 Cheers  :-*
  • V

    Pfblocker/Squid does not show interface names 2.1 release

    5
    0 Votes
    5 Posts
    2k Views
    B
    See this thread: http://forum.pfsense.org/index.php/topic,67458.msg369034.html#msg369034
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.