Hello,

I got it working. It seems it's not possible to do reverse proxy on 443 and 80. I had to remove port 80 to get it working.

On proxy server settings is set port to bind to 443.
I removed  the port 80 site proxy (with a config for port 80 and 443 it didn't work).

You have to enter the file name only for certificate files (with full path it will search for /usr/local/apache22/etc/usr/local/apache22/etc/cert_file according to the log)
So i think there is a typo in the path they given under the option. You have to put your certificate files in /usr/local/etc/apache22/ instead of /usr/local/apache22/etc/

When you add full path name apache will not run and there is no proxy at all.

You must not add a port forward in the NAT

Greetings.

Thanks Michele,

I installed the beta LCDproc pkg, and my service started!  ;),  these are the settings I have now,

which is great but I still see no activity on the lcd itself

when the service started it created this .conf file :

[server]
DriverPath=/usr/local/lib/lcdproc/
Driver=CFontz
Bind=127.0.0.1
Port=13666
ReportLevel=3
ReportToSyslog=yes
User=nobody
Foreground=no
ServerScreen=no
GoodBye="Thanks for using"
GoodBye="    pfSense     "
WaitTime=2
ToggleRotateKey=Enter
PrevScreenKey=Left
NextScreenKey=Right
ScrollUpKey=Up
ScrollDownKey=Down
[menu]
MenuKey=Escape
EnterKey=Enter
UpKey=Up
DownKey=Down
[CFontz]
Device=/dev/cuau1
Size=16x2
Contrast=350
Brightness=1000
OffBrightness=50
NewFirmware=no
Reboot=no
"

here is what my logs say about the LCD:

I've tried changing port speeds, content, but no luck…any clues ?

Thanks

I've included this dns_v4_first option on squid3 pkg v 2.0.5_4 general tab.

squid3_dns_v4_first.png
squid3_dns_v4_first.png_thumb

@CIPB:

It's always worth discussing in order to see what can be worked out.

Possibilities:
Allowing pfBlocker devs occasional access to freshen up the lists in pfBlocker.

Allowing individual pfBlocker users to register w/ CIPB and receive some sort of list access in return.

Allowing pfBlocker to regain it's former access to CIPB lists, in trade for publishing a CIPB logo/badge on the pfBlocker tab/page in pfSense.
(Probably needs approval by marcello/tommyboy and/or others)

That's what I have off the top of my head.

Hi,

I have the same (similar) problem.
When I enter
[2.0.1-RELEASE][admin@fire.box]/root(2): /usr/local/etc/rc.d/snort.sh start

I get the following error message

pgrep: Pidfile `/var/run/snort_pppoe03086.pid' is empty

Any clue?

Matthias

Thanks a lot for the hint regarding the conf/config.xml . I did not know pfsense can be configured with the help of only this file :O and that it is versioned automatically (now i have also found the corresponding backup/restore option in the web interface).
Had a whole bunch of old config files and after reseting to factory defaults i could again connect to the web-interface and from there (what i really liked) load one of the old configs from which i knew they worked.

Great!

Actually don't worry, I setup a IPSec vpn instead

@SeventhSon:

Looks cool, might be handy in some situations :)

If you hacked it into pfSense, can you give us an idea what you needed to do to get it running?

sure but its standard stuff..

1. log into via ssh,  drop to the cli
2. type:  setenv PACKAGESITE http://ftp-archive.freebsd.org/pub/FreeBSD-Archive/old-releases/i386/8.1-RELEASE/packages/Latest/
3. type: pkg_add -r xymon-client

then you can configure it.

-g

Thanks for the document , I have noticed it.. and it works fine now ../ sorry for asking such trivial question

(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE

suppress gen_id 120, sig_id 3

(http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED

suppress gen_id 120, sig_id 6

(http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE

suppress gen_id 120, sig_id 8

(smtp) Base64 Decoding failed.

suppress gen_id 124, sig_id 10

(smtp) Quoted-Printable Decoding failed

suppress gen_id 124, sig_id 11

(smtp) 7bit/8bit/binary/text Extraction failed.

suppress gen_id 124, sig_id 12

Thank You
I also received those http_inspect alerts.
Pfsense 2.0.1 X64 + Snort 2.9.2.3 pkg v. 2.5.1

I also had to add these as well:
#(http_inspect) UNKNOWN METHOD - 0
suppress gen_id 119, sig_id 31
#(http_inspect) SIMPLE REQUEST
suppress gen_id 119, sig_id 32

The Opera browser supports adding a proxy in (See opera:config) but it doesn't seem to support autoconfigure. Firefox has options for it in about:config

@jimp:

Try this:

uninstall, then from the shell:

pkg_delete -f snort* pcre*

Then try to reinstall.

I checked the version of PCRE on the package server, and the one required by snort is built for amd64 so I'm not sure how you'd have pulled in the wrong one.

THANK YOU VERY MUCH!
your instructions helped me to get Snort Running again  :D
I'm running Pfsense 2.0.1 X64 with Snort 2.9.2.3 Pkg 2.5.1
Link to my post: http://forum.pfsense.org/index.php/topic,52854.0.html

Thanks again

The minimum pfSense version required for Squid is now 2.0.n
I guess that the 1.2.3 package installer code doesn't have the code to check that, so it let you install it.
The code in squid.inc is checking for version "2.0" to use pkg install dir names, it assumes that if you are not on 2.0.n that you are on a later version e.g. 2.1-BETA0 which uses pbi installer. So you are getting those messages about it trying to find dirs with "pbi" in the name.
I would advise installing pfSense 2.0.1 and then install packages…

Bumping this thread.

I updated to 2.1-dev from 2.0.1 a couple of days ago. Using AMD64 build with the latest packages. Snort won't start with the configuration I had setup from before. Error message is the FATAL ERROR: Failed to initialize dynamic preprocessor: SF_DNS (IPV6) version 1.1.4 (-2) which definitely means it's having an issue with the IPv6 part of "Enable DNS Detection" preprocessor. Only catch is that if you disable the preprocessor, it's not actually disabling it.

Steps to reproduce:

Create a new snort interface (Defaults are fine)
enable snort. Everything works fine.
Disable snort.
Edit the interface, go to the preprocessors tab, check the box for "Enable DNS Detection" and save the changes
Try enabling snort again, and it crashes with the error message.
Edit the interface, go to the preprocessors tab, uncheck the box for "Enable DNS Detection" and save the changes
Try to start snort again, and the error message still appears.

You can keep creating new rules and they will keep working as long as you don't enable that preprocessor. I was able to enable the HTTP inspect one, need to test the others yet.

Thanks marcelloc, I've looked at the ipguard xml in addition to squid and spamd.

In the ipguard xml, the only difference appears to be the format (I've seen both formats out there so I assume both are valid).

<configpath>['installedpackages']['syslogngobjects']['config']</configpath>

VS.

<configpath>installedpackages->package->ipguard</configpath>

Is my understanding correct, that I can provide a custom configpath (one that differs from the name of the syslogng_advanced.xml file) and expect pfSense to put the config in the respective area of the config.xml file?