1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • R

    Squid3 proxy on pfsense question. it about error Invalid URL.

    2
    0 Votes
    2 Posts
    1k Views
    R
    Sorry, the upper diagram is not correct.. I modified it as following; [WAN1]–------------------------------[router]–--------------[switch1]–--------[PC1]                                                         |          LAN1                                                         |                                         LAN2        | [WAN2]–-----[pfsense]–-------------[switch2]–---------[PC2]
  • V

    Help - Web Filtering with SquidGuard

    5
    0 Votes
    5 Posts
    3k Views
    N
    @virtualliquid squid and squidguard installation is a bit tricky and it depends on what pfsense version you are working: pfsense 2.0.x squidguard package contains squid2.7 binaries. So if you want to run squid2.7 package and squidguard package all works with a simple installation. if you want to have squid3 running with squidguard you need to do this: 1.) install squid3 2.) install squidguard (which unfortunately installs squid2 over squid3) 3.) reinstall squid3 package Done. On pfsense 2.1 there is a new squidguard-squid3 package. This is squidguard with squid3 binaries. So you just need: 1.) install squid3 2.) install squidguard-squid3 Done. Hopefully this will help you. PS: As far as I know on squid3 the squidguard process only starts when needed and the service is stopped when not needed.
  • R

    Packages not available

    4
    0 Votes
    4 Posts
    2k Views
    P
    Checking for package installation… Downloading http://files.pfsense.org/packages/amd64/8/All/p7zip-9.20.1.tbz ...  could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/amd64/packages-8.1-release/All/p7zip-9.20.1.tbz. of p7zip-9.20.1 failed! The first link at files.pfsense.org is the one that should work. The second link is a fallback that used to happen for things that were not stored on files.pfsense.org - but nowadays I believe all package files should be in place on files.pfsense.org I can browse to files.pfsense.org and see file and directory listings. If I click on your files.pfsense.org link from my browser it happily downloads the p7zip file, and installing from my pfSense test system works fine. So there is some issue with your system resolving files.pfsense.org
  • D

    System Patches - auto-apply patch does not work…

    6
    0 Votes
    6 Posts
    4k Views
    jimpJ
    I never could reproduce this. It always applied at boot for me post-upgrade. That said, given the problem you hit with another issue, I tried delcaring the variables global before defining them in the patches package include file. Upgrade the package, and then see if it works after the next firmware update.
  • A

    Bsnmp-regex

    5
    0 Votes
    5 Posts
    2k Views
    A
    It looks like the regex module needs some custom bsnmpd.conf lines for it to work. regexConfig regexSocket As you can see above it also needs local file UNIX domain socket created which also means you have to have something sending data to that socket.  This is more complex than I expected.  I assumed you could have bsnmpd run external scripts to get data kind of like net-snmpd.  My main goal was to get critical things like gmirror status. OPTIONS     To activate the bsnmp-regex module you must load the module in     /etc/snmpd.config and configure the location for the UNIX socket and     bsnmp-regex.conf(5) file. See the examples section below.     regexConfig                 The location of the bsnmp-regex.conf(5) file. This option must                 be specified.     regexSocket                 The location of the UNIX socket on which this module will                 listen for logs or text to match. EXAMPLES     For a simple bsnmp-regex configuration add the following to     /etc/snmpd.config:           begemotSnmpdModulePath."regex" = "/usr/local/lib/snmp_regex.so"           %regex           regexConfig = "/usr/local/etc/bsnmp-regex.conf"           regexSocket = "/var/run/bsnmp-regex.sock"
  • A

    LoadBalancer with state failover to backup firewall

    4
    0 Votes
    4 Posts
    2k Views
    jimpJ
    Someone more familiar with the packages like haproxy, varnish, mod_proxy, etc, would need to comment on whether or not it's technically possible with the software (outside of our GUI). If it is, someone could potentially add it. In the meantime, relayd does tend to do a decent job.
  • M

    Squidguard crashed pfsense

    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • C

    Snort 2.9.4.6 pkg v. 2.5.9 starting disabled on interface

    8
    0 Votes
    8 Posts
    3k Views
    C
    Yep - that seems fine now, snort starts up enabled as expected - thanks again. I think those kids will just do an end run around you again. You're probably right. I'll see what can be done. Perhaps your first suggestion might work  :'(
  • T

    Squid & SquidGuard won't start on pfSense 2.0.3

    11
    0 Votes
    11 Posts
    12k Views
    T
    @jimp: It's apparently still missing files. Remove all traces of squid and squidGuard from System > Packages. From the shell: pkg_delete *squid* Then reinstall what you want. It worked :) thank you!
  • M

    After rule update, snort just stopped

    3
    0 Votes
    3 Posts
    2k Views
    M
    @maex: Usually what fixed situations like these for me: uninstall the snort package (keeping settings - a option in pfsense snort interface)) - then reinstall. Wait until it is done! In my experience DONE is not necessarily the same as what the web-gui says.  If you use a lot of rules the web-gui tells you the update or install is done. But if you watch top you will realize that processes snort and package_reload (or so) may run very actively for a couple of minutes longer than that. My best practice: don't touch the web-gui while these processes finish the update. But I also have to say that I ran into these issues mostly when RAM was low. Never had these problems since I have 8GBs of RAM. Snort uses around 2,3 GB running, and 3-4 GBs while loading. If above situation did not work for me - uninstall the snort package but also REMOVE settings - then reinstall and setup your interfaces and rules. Thanks for your reply, Maex  ;D I think mine was another problem, some sort of error in the official VRT-rules. Since after there was another rule update, Snort suddenly worked again.
  • N

    Bandwidthd not seeing P2P traffic

    5
    0 Votes
    5 Posts
    3k Views
    N
    Ok, so I did understand correctly.  Unfortunately, that doesn't really help me :P.  My biggest use for bandwidthd is trying to identify computers running P2P software on the network, and I was hoping bandwidthd would do some deep state inspection or something to identify P2P.  Fortunately, almost all P2P traffic is UDP, so I can pinpoint it that way. Now that I think about it, a combination of nmap, snort, and bandwidthd should give me exactly what I need.
  • R

    Squid3 integration with CISCO WCCP through GRE tunnel - HELP needed!!!

    2
    0 Votes
    2 Posts
    5k Views
    R
    Hi All found this article - http://fakrul.wordpress.com/2008/12/11/transparent-squid-proxy-server-with-wccp-support/#comment-1754 It seems we have to recompile the kernel to implement this…  :o
  • J

    Squid filtering https

    7
    0 Votes
    7 Posts
    2k Views
    J
    is it possible to use this as solution http://linuxlabz.blogspot.com/2012/05/https-traffic-block-in-squid-26.html is there way to forward all inside traffic over port :443 to port :3128?
  • M

    Snort - Host Attributes Table - inlcude pfsense interfaces as hosts?

    7
    0 Votes
    7 Posts
    2k Views
    M
    Thanks!
  • M

    Conceptually: how do these packages 'hang' together?

    2
    0 Votes
    2 Posts
    1k Views
    M
    Very basic(!) overview: pfsense = Firewall … blocks external connections Pfblocker = Blocks countries and IP ranges you don't want to connect Snort = Intrusion Detection System Squidguard = SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid (which is not on your list, but required for squidguard!) They all don't "feed" data into core - they all check traffic in different ways. You need to learn of all them if you want to understand their configuration and fit to your needs. Set them up in the order I specified above. After you box is up and running including snort start to learn about proxies (squid).
  • S

    HAVP Proxy timeout

    5
    0 Votes
    5 Posts
    2k Views
    S
    up
  • S

    Squid Rever proxy block Exchange 2013 ECP

    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • F

    Package to use pfsense as a NAS/Torrent client end repository

    3
    0 Votes
    3 Posts
    23k Views
    F
    Thanks!
  • I

    Openvpn/pfblocker client package (re) install failure

    2
    0 Votes
    2 Posts
    2k Views
    I
    I was able to uninstall the openvpn client package, but when it got to the pfblocker package uninstall I see a similar error leaving me no way to remove pfblocker.  Is there a manual way to remove a package?  I imagine I could remove it from the packages section in config.xml and find all the relevant files but where are they all? error messages: Beginning package installation. Removing package... Removing pfBlocker components... Tabs items... done. Menu items... done. Loading package instructions... … and at the bottom of the page: Warning: Unterminated comment starting line 719 in /usr/local/pkg/pfblocker.inc on line 719 Parse error: syntax error, unexpected $end in /usr/local/pkg/pfblocker.inc on line 719
  • R

    CP+ProxyServer(SSL with remote cache)

    3
    0 Votes
    3 Posts
    2k Views
    R
    Ok. Noted.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.