dns can be anywhere but you want that dns server to use the host file downloaded and to redirect ads to pfsense ip. basically i didn't do anything special but decide to compile the pixelserv program for freebsd

changing ports to compile 1.4.19, it return erros

In file included from src/proto_http.c:22: /usr/include/netinet/tcp.h:40: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'tcp_seq' /usr/include/netinet/tcp.h:50: error: expected specifier-qualifier-list before 'u_short' /usr/include/netinet/tcp.h:175: error: expected specifier-qualifier-list before 'u_int8_t' gmake: *** [src/proto_http.o] Error 1 *** Error code 1 Stop in /usr/ports/net/haproxy. *** Error code 1 Stop in /usr/ports/net/haproxy.

Maybe we will need to way ports update to be able to create haproxy 1.4.19 package

check backend status on varnish widget.

You must disable nat for port 80, varnish will do the job.

Until you get this working, publish varnish on port 81 for example, create a wan rule to permit port 81 communication and do tests.

Thanks for the updated info.  I mis-used the "suppress" part.  I thought it was just to not show those events being triggered in the webConfiguration log.

Thanks!

AWS

Thank You!

@marcelloc:

squid works very well on 2.x platform.

but congratulations on your successful setup.

Its a surprise for me again, my server was working fine till Saturday and Today on Monday is has started giving same error. I had not upgraded my PFsense it is still 1.2version, then how come it had it started behaving like my previous issue.
Please letme know how my ACL's can we make and how many computers we can allow for internet. I had made 23 Group ACL's and around 400 IP address is been allowed for internet.
Below is my configs for Cache Management
Hard disk cache size : 4096 MB
Hard disk cache system : ufs (please explain what this means)
Memory cache size : 512 MB
Minimum object size : 0
Maximum object size : 1024
Maximum object size in RAM : 10240
Level 1 subdirectories : 16
Memory replacement policy : Heap GDSF (please explain what this means)
Cache replacement policy : Heap LFUDA (please explain what this means)
For Traffic Management
Maximum download size : 10240
Maximum upload size : 10240
Overall bandwidth throttling : 0
Per-host throttling : 0
Finish transfer if less than x KB remaining : 0
Abort transfer if more than x KB remaining : 0
Finish transfer if more than x % finished : 0

Please Guide on above config are the required any corrections

Nevermind, got it working. Logging in as root helps. Thanks for the info, everything is great now. BTW, didn't need to change to port 80, I just specified the same port my GUI uses in the squidguard blacklist config. I don't know why, but I feel using a port other than 80 adds some additional layer of protection. I know that the port number change up is miniscule, but it fools passing probes on the internet. Thanks for the pointer again, I had no clue it was that simple…

@gommox:

I also don't understand one thing: how HAProxy knows to which server to route the request if there is no any map between the hostname and the IP? when the request comes from Internet "www.server_1.com" how HAProxy knows to which serverto route the request? I thought that it checks on DNS Forward configuration in PFSense box (all domains are configured there, domains existing in my DMZ). It is correct or I'm wrong?

That's the point, haproxy balance based on ip addresses not based on host names.

If you need hostname balance, then you need to use varnish or apache2+mod_security

take a look on package description to choose between both.

I prefer varnish  ;)

I can't work out whether this last sentence is saying soft_bounce should always be off (for both postfix and postscreen) in a non-test environment.   Do you have any further information/advice on this?

The soft bouce field has this info taken from postfix documentation
Safety net to keep mail queued that would otherwise be returned to the sender.
This parameter disables locally-generated bounces, and prevents the Postfix SMTP server from rejecting mail permanently, by changing 5xx reply codes into 4xx.
However, soft_bounce is no cure for address rewriting mistakes or mail routing mistakes.

I have this enabled and working for many weeks, so i think using default option 'enabled only in postscreen' will be enough.

I also have problems installing Squid on PFSense 2.1 DEV (i386).
When installing the package, on the re configuring filter part, I briefly get the following warning:
Warning: unlink(/etc/squid/squid.conf): No such file or directory in /etc/inc/pkg-utils.inc on line 794 Warning: symlink(): No such file or directory in /etc/inc/pkg-utils.inc on line 795

Then, the package seems to have installed successfully, but when I access the "Proxy Server" from the Services menu, I get this error:
Warning: dir(/usr/local/etc/squid/errors/): failed to open dir: No such file or directory in /etc/inc/pfsense-utils.inc on line 432 Fatal error: Call to a member function read() on a non-object in /etc/inc/pfsense-utils.inc on line 433

Anyone can give me an idea what to do and how can I troubleshoot this ?

Thanks a lot.

Revised instructions for dhcpd3:

setenv PACKAGESITE "ftp://ftp-archive.freebsd.org/pub/FreeBSD-Archive/ports/amd64/packages-8.1-release/Latest/"

pkg_add -r p5-Net-IP make++ p5-YAML p5-Net-Netmask

ln -s /usr/local/bin/makepp /usr/local/bin/make

/usr/bin/perl -MCPAN -e shell

install HTTP::Date

printf '[dhcpd3]\nuser root\nenv.configfile /var/dhcpd/etc/dhcpd.conf\nenv.leasefile /var/dhcpd/var/db/dhcpd.leases' > /usr/local/etc/munin/plugin-conf.d/dhcpd3.conf

ln -s /usr/local/share/munin/plugins/dhcpd3 /usr/local/etc/munin/plugins/dhcpd3

/usr/local/etc/rc.d/munin-node.sh restart

patch –ignore-whitespace /usr/local/share/munin/plugins/dhcpd3 <<end<br>--- dhcpd3.orig 2012-01-06 19:05:37.000000000 -0600
+++ dhcpd3      2012-01-06 19:07:14.000000000 -0600
@@ -219,6 +219,12 @@
            print "# DEBUG: in $1\n" if $DEBUG;
            $ip = $1;
        }
+        if($ip && /binding\s+state\s+([^;]+);/) {
+            if(($1 eq "free") || ($1 eq "backup")) {
+                print "# DEBUG: binding state $1\n" if $DEBUG;
+                $abandon = 1;
+            }
+        }
        if($ip && /ends\s+\d+\s+([^;]+);/) {
            # 2037/12/31 23:59:59 is max date on perl <= 5.6
            print "# DEBUG: end $1\n" if $DEBUG;
END</end<br>

Updated it a lot, now auto-updating data by default in background, remembering last read logs and last selected item in tree, showing unread logs as red icons, several UI tweaks and optimizations, better  MySQL queries. Also remembers it's window position. Exceptions are handled nicely and shown in nice looking toolbar if something happens, also all other types of issues etc.

Source code (VS2010, .NET 4.0 Client):
http://www.datafilehost.com/download-656d8917.html

Compiled application:
http://www.datafilehost.com/download-5b81570b.html

I saw that there is a forum on MailEnable site. You can try to find out how to extract valid recipients there.

@marcelloc:

You did right.  :)

I'll include this fix on next release.

thanks,  have a good weekend.

-g

Look for cative portal forum threads, there are posts for captive portal then transparent proxy

@chpalmer:

Take a look here and see if an alternative install to pfSense might work for you…

http://wiki.fusionpbx.com/index.php?title=PfSense_Install

Im not sure how well if at all the freeswitch packages have been kept up...

Hi Chpalmer, I am running the latest version 2.0.1 of pfsense. Are you suggesting that freeswitch may not work well with this release and I install an older one?

See what perl version are available on files.pfsense.org. Could be just a minor version Fix on squid install.

this one here's working…
perhaps you can have a look...

INTWEB_SSL;192.168.10.20;443;HTTPS
INTWEB;192.168.10.20;80;HTTP

WEBAPP_SSL;faq;https://ext.host.net
WEBAPP_SSL;gallery;https://ext.host.net
WEBAPP_SSL;kplaylist;https://ext.host.net
WEBAPP_SSL;filez;https://ext.host.net
WEBAPP_SSL;piwik;https://ext.host.net
WEBAPP;faq;http://ext.host.net
WEBAPP;gallery;http://ext.host.net
WEBAPP;kplaylist;http://ext.host.net
WEBAPP;piwik;http://ext.host.net

INTWEB_SSL;WEBAPP_SSL
INTWEB;WEBAPP