Thank you, I just set to a shorter period.

OK found my problem, permission.

The permission of  /usr/local/etc/rc.d/monit.sh should be 0755

All starting fine now :-)

Cheers

Morning Everybody

In France we say "La nuit porte conseil" that looks like "sleep on it"…

Here is what I did :

Installed pfSense on an VmWare Esxi to be able to use many servers with a single internet address.

THANKS to http://blog.romant.net/technology/configuring-nat-on-esx-and-esxi/

Installed and configured squid3 package in pfSense as I can access 3 differents Centos servers in my virtual network by their URLs

Transfered a Windows trusted certificate in pfSense to avoid users to get "Exception message" in their browsers ;

THANKS to http://knowledge.zomers.eu/pfsense/Pages/How-to-use-a-Windows-PFX-certificate-with-pfSense.aspx
THANKS to http://digfound.blogspot.fr/2012/06/reverse-proxy-ssl-with-pfsense-inc-owa.html

And of course THANKS to pfSense Team that gives us this awesome product.

Regards
Nicolas

Based on my research, the options that work well in this case are 1) Disable UDP tracking in Stream5 2) or define a BPF filter file using a 'config' option called 'bpf_file'. Since disabling UDP tracking altogether may not be desired, I am sticking with BPF. I hope this information helps someone in the future.

Even with that error, the option appeared in the menu.
When trying to use returned an error in the file / usr / local / pkg / apache_mod_security.inc
line 169.
Typo:

Before: $ setting = sarray ();

Fix for: $ settings = array ();

It's working.

On the one hand, 9 / 10 on the hack-o-meter.  On the other hand, never argue with success.  Thanks!

It would be good to add "check script …" to the possible monitors.

It would be good to warn of the aforementioned should the 'forward to' and the 'monitor address' be on the same subnet.

It would be good to warn if the virtual address isn't among the addresses this system arps for.  I'm assuming that if the address is a carp vip in backup mode the system won't advertise via the load balancer facility that it owns the virtual ip.

@dbpinggoy:

@marcelloc:

I've pushed an update for it with no version change, reinstall package imspector-dev in about 15 minutes and check if it's fixed.

I got same problem even thhough im running imspector-dev. The log is still empty . All is allowed on access lists..
Is their any solution for this? Thanks a lot

I've found the solution for this, when I tried to uncheck the enable on imspector access list. But we got another problem in which our IM (Yahoo messenger) keep on logging out..

We are using pfsense 2.0..

Wow, thanks!

@doktornotor:

As for the OP:

http://i41.tinypic.com/2ynmbf6.jpg

Perry the Platypus frowns upon such blasphemy.

Hi Tikimotel, I have followed your instructions and I could create the patch to squidGuard redirectors and another patch to squid configuration to bypass proxy for some sites.

But I have a question, my patch was correctly applied but I can't put the tab identation in the line. Do you know what character is the tab character to put in the begining of the line?

Thanks!

On your pfSense page, click on System, then Packages and then Available packages. Scroll until the one you want and then click the Plus Sign to install it.

Indeed, there are no "tbz" install files for squid-3.3.8 on:
http://files.pfsense.org/packages/amd64/8/All/ or
http://files.pfsense.org/packages/8/All/
squid-3.3.8 pbi files are there, so the install should work from a 2.1-RC0 system, which uses "pbi". But it won't work from 2.0.3 which needs the "tbz" format install files.
The previous squid-3.3.5.tbz files are there in both folders.
Hopefully a squid maintaining person will notice this soon and put the files in place!

A transparent squid proxy would only catch HTTP traffic, nothing else. It could be using HTTPS, or a port that isn't HTTP at all inside the client.

Isolate a machine running spotify and check the state table and/or packet captures of that system's traffic, see what it is and where it's going.

@slagr:

Is there any reason why alias with URL type could not be used in snort  whitelists ?

Well, at the moment the Snort code is only expecting hosts or networks.  I can look at including URLs in the update I'm working on.

Bill

Hi,

if you modify anything on .conf files it will be overwritten.
You need to change this in the following two files:

Further I had some problems in the past to get the sgerror.php page displayed correctly if I have the pfsense webGUI running on https.
So probably best would be to first change the .inc file and /or then try without pfsense webGUI on HTTPS but5 revert - for testing - back to http.

@Fumbles:

Does anyone have a newbie friendly, step by step guide on what I need to do to get this working and to test it properly?

I remember that I installed it once and that it worked out of the box. There is not much to configure. I don't have it installed anymore.

Sorry, the upper diagram is not correct.. I modified it as following;

[WAN1]–------------------------------[router]–--------------[switch1]–--------[PC1]
                                                        |          LAN1
                                                        |
                                        LAN2        |
[WAN2]–-----[pfsense]–-------------[switch2]–---------[PC2]