@virtualliquid

squid and squidguard installation is a bit tricky and it depends on what pfsense version you are working:

pfsense 2.0.x
squidguard package contains squid2.7 binaries. So if you want to run squid2.7 package and squidguard package all works with a simple installation.

if you want to have squid3 running with squidguard you need to do this:
1.) install squid3
2.) install squidguard (which unfortunately installs squid2 over squid3)
3.) reinstall squid3 package
Done.

On pfsense 2.1 there is a new squidguard-squid3 package. This is squidguard with squid3 binaries.
So you just need:
1.) install squid3
2.) install squidguard-squid3
Done.

Hopefully this will help you.

PS: As far as I know on squid3 the squidguard process only starts when needed and the service is stopped when not needed.

Checking for package installation…
Downloading http://files.pfsense.org/packages/amd64/8/All/p7zip-9.20.1.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/p7zip-9.20.1.tbz.
of p7zip-9.20.1 failed!

The first link at files.pfsense.org is the one that should work. The second link is a fallback that used to happen for things that were not stored on files.pfsense.org - but nowadays I believe all package files should be in place on files.pfsense.org
I can browse to files.pfsense.org and see file and directory listings. If I click on your files.pfsense.org link from my browser it happily downloads the p7zip file, and installing from my pfSense test system works fine. So there is some issue with your system resolving files.pfsense.org

I never could reproduce this. It always applied at boot for me post-upgrade.

That said, given the problem you hit with another issue, I tried delcaring the variables global before defining them in the patches package include file. Upgrade the package, and then see if it works after the next firmware update.

It looks like the regex module needs some custom bsnmpd.conf lines for it to work.
regexConfig
regexSocket

As you can see above it also needs local file UNIX domain socket created which also means you have to have something sending data to that socket.  This is more complex than I expected.  I assumed you could have bsnmpd run external scripts to get data kind of like net-snmpd.  My main goal was to get critical things like gmirror status.

OPTIONS     To activate the bsnmp-regex module you must load the module in     /etc/snmpd.config and configure the location for the UNIX socket and     bsnmp-regex.conf(5) file. See the examples section below.     regexConfig                 The location of the bsnmp-regex.conf(5) file. This option must                 be specified.     regexSocket                 The location of the UNIX socket on which this module will                 listen for logs or text to match. EXAMPLES     For a simple bsnmp-regex configuration add the following to     /etc/snmpd.config:           begemotSnmpdModulePath."regex" = "/usr/local/lib/snmp_regex.so"           %regex           regexConfig = "/usr/local/etc/bsnmp-regex.conf"           regexSocket = "/var/run/bsnmp-regex.sock"

Someone more familiar with the packages like haproxy, varnish, mod_proxy, etc, would need to comment on whether or not it's technically possible with the software (outside of our GUI). If it is, someone could potentially add it.

In the meantime, relayd does tend to do a decent job.

Yep - that seems fine now, snort starts up enabled as expected - thanks again.

I think those kids will just do an end run around you again.

You're probably right. I'll see what can be done.

Perhaps your first suggestion might work  :'(

@jimp:

It's apparently still missing files.

Remove all traces of squid and squidGuard from System > Packages.

From the shell:
pkg_delete *squid*

Then reinstall what you want.

It worked :) thank you!

@maex:

Usually what fixed situations like these for me: uninstall the snort package (keeping settings - a option in pfsense snort interface)) - then reinstall.
Wait until it is done!
In my experience DONE is not necessarily the same as what the web-gui says.  If you use a lot of rules the web-gui tells you the update or install is done. But if you watch top you will realize that processes snort and package_reload (or so) may run very actively for a couple of minutes longer than that. My best practice: don't touch the web-gui while these processes finish the update.

But I also have to say that I ran into these issues mostly when RAM was low. Never had these problems since I have 8GBs of RAM. Snort uses around 2,3 GB running, and 3-4 GBs while loading.

If above situation did not work for me - uninstall the snort package but also REMOVE settings - then reinstall and setup your interfaces and rules.

Thanks for your reply, Maex  ;D

I think mine was another problem, some sort of error in the official VRT-rules. Since after there was another rule update, Snort suddenly worked again.

Ok, so I did understand correctly.  Unfortunately, that doesn't really help me :P.  My biggest use for bandwidthd is trying to identify computers running P2P software on the network, and I was hoping bandwidthd would do some deep state inspection or something to identify P2P.  Fortunately, almost all P2P traffic is UDP, so I can pinpoint it that way.

Now that I think about it, a combination of nmap, snort, and bandwidthd should give me exactly what I need.

Hi All found this article - http://fakrul.wordpress.com/2008/12/11/transparent-squid-proxy-server-with-wccp-support/#comment-1754

It seems we have to recompile the kernel to implement this…  :o

is it possible to use this as solution
http://linuxlabz.blogspot.com/2012/05/https-traffic-block-in-squid-26.html

is there way to forward all inside traffic over port :443 to port :3128?

Thanks!

Very basic(!) overview:

pfsense = Firewall … blocks external connections
Pfblocker = Blocks countries and IP ranges you don't want to connect
Snort = Intrusion Detection System
Squidguard = SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid (which is not on your list, but required for squidguard!)

They all don't "feed" data into core - they all check traffic in different ways. You need to learn of all them if you want to understand their configuration and fit to your needs.

Set them up in the order I specified above. After you box is up and running including snort start to learn about proxies (squid).

up

Thanks!

I was able to uninstall the openvpn client package, but when it got to the pfblocker package uninstall I see a similar error leaving me no way to remove pfblocker.  Is there a manual way to remove a package?  I imagine I could remove it from the packages section in config.xml and find all the relevant files but where are they all?

error messages:

Beginning package installation. Removing package... Removing pfBlocker components... Tabs items... done. Menu items... done. Loading package instructions...

… and at the bottom of the page:

Warning: Unterminated comment starting line 719 in /usr/local/pkg/pfblocker.inc on line 719 Parse error: syntax error, unexpected $end in /usr/local/pkg/pfblocker.inc on line 719

Ok. Noted.

that was the right starting point. thanks for the hint