plus one

@tzlwin:

FATAL: The ssl_crtd helpers are crashing too rapidly, need help!

are you using ssl_crtd  on squid 3.1?  ???

This feature is implemented on squid3-dev, not 3.1.

I concur with sir awsiemieniec, that there is a problem with the script that generates dansguardianf1.conf. I tried running /usr/local/etc/rc.d/dansguardian.sh and the same problem exist. Please verify, Thanks.

I am using pfsemse 2.0.3 (x64)
Dansguardian: 2.12.0.3 pkg v.0.1.8
Squid 2.7.9 pkg v.4.3.3

I'm having the same problems using 2.0.3-RELEASE (i386) and the siproxd package. You are supposed to set the "outbound proxy" of your phones to the siproxd ip. For me, this works fine but only for a few hours/days. After that time, I get the same messages from my SNOM phones:

23/5/2013 00:46:42 [DEBUG1] PHN: SIP: send REGISTER (2: 5e000000a533-vvikzxlifbbb) -> udp:10.2.0.254:5060 23/5/2013 00:46:42 [ERROR ] PHN: SIP: transaction_timeout udp: 1000002 (32000) 23/5/2013 00:46:42 [ERROR ] PHN: SIP: transport error: 1000002 -> udp:10.2.0.254:5060 23/5/2013 00:46:42 [NOTICE] PHN: SIP: Add dirty host: udp:10.2.0.254:5060 (0 sec) 23/5/2013 00:46:42 [NOTICE] PHN: SIP: final transport error: 1000002 -> udp:10.2.0.254:5060 23/5/2013 00:46:42 [ERROR ] PHN: SIP: transport error 1000002: generating fake 599 23/5/2013 00:46:42 [DEBUG1] PHN: SIP: recv 599 REGISTER (2: 5e000000a533-vvikzxlifbbb) <- ::0 23/5/2013 00:46:42 [ERROR ] PHN: SIP: Registrar 7771885676@sip.finotel.com timed out 23/5/2013 00:46:42 [NOTICE] PHN: SIP: Registration Metrics failed 23/5/2013 00:46:43 [DEBUG1] PHN: SIP: send REGISTER (3: 5e000000a533-vvikzxlifbbb) -> udp:10.2.0.254:5060

Thanks PiBa,
I'm currently not using the http close option for the frontends, but the ACL is configured.
I'll make the change tonight and see how it goes.

Thanks again for your help

thanks, it was useful also for me!

@ESWBitto:

Ok here is the issue. We are using the latest packaged version of snort and have both wan and lan interfaces setup. I can see traffic on my wan no problem, but my lan's are not picking up anything. I know they are working because when I do a port scan they alert on it and it shows the information. I'm now trying to set it up to where when an alert fires it shows the internal IP and the outside IP as the culprit or vice versa.

When looking at the snort.config it doesn't show that my ipvar HOME_NET is set to anything. I've been doing some research through the forums and the standard is don't modify the config directly use the gui. So do I follow the instructions of others to setup an alias and use the alias name in the whitelist? I'm not quite sure where to go about getting this setup correctly. I don't want to exclude the internal IP's from being monitored….I know it may create a lot of alerts, but those can be suppressed.

There is a fix for this coming in Snort Package version 2.5.8.  Until then, create an Alias containing the firewall's locally attached networks and then create a Whitelist using that Alias along with the WAN IPs, Gateways and DNS Servers (if applicable).  These are all checkboxes on the Whitelist tab when creating a new list.  On the If Settings tab for the interface in Snort, set the HOME_NET variable to the whitelist you created and save the changes.

Saving the changes on the If Settings tab is very important.  If you skip that step, then the snort.conf file will not get properly created.

Bill

Bill,

I completely forgot I even made this thread….To answer this issue so that you can have full completeness and resolution in your life I will let you know the outcome. :P In short yes it was something that wasn't being selected in the preprocessors. I have since then fixed that....I also have done what you do. I set the Policy to Secure (or whatever the third one is) and then selected all the ET rules. So its going good now....carry on with life :)

On nanoBSD CF-card systems, bandwidthd now stores all its data in /var/bandwidthd on the memory-disk. So the CF card remains read-only. When you reboot the bandwidthd data goes in the bit-bucket.
I was intending to add an option to save that data to the CF card at a user-specified interval (like you can do for RRD dat) and reload it during startup, but I have been busy with other upgrades/installs of non-pfSense stuff, so haven't got around to it. If anyone else wants to work on that, feel free to submit on GitHub ;)

Seems my problem was related to date format. Changed from European and sarg is working again.

It doesn't seam to be.. consider changing to package "haproxy", or "haproxy-devel", which do allow configuring acl's.

Just to the right of your screenshot "13s DOWN" there should be the colum "LastChk". It could tell you something about the reason the backend is not checking out 'OK'.. Normally it would say something like "L7OK/200 in 2ms". What does it say in your case.?

Admin / Developers, Pls help me to receive mails from outlook.

Thanks in advance.

Understand that. Good work in getting it back up in short time.

@markkus69:

Hi!
I need skip from logs in lightsquid an url from determined ip in my network
Example
ip 192.168.1.40 skip in logs just www.example.com and log another's one.
I think is something in  lightsquid.cfg

Hi,

By default it is not possible yet. You are right you should take a look https://bitbucket.org/esl/lightsquid/src/dc850187d487/lightsquid.cfg

SGTR