1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    BBcan177B
    @Draco try to goto the General Tab, first ensure that the Keep Settings option is checked. Then unchecked Enable pfBlockerNG so that its disabled. Hit save. Force Update. Then reenable pfBlockerNG and Force update.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • N

    Snort does not block

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    RonpfSR
    Same symptom here, Remove and Install instead or Reinstall. http://forum.pfsense.org/index.php/topic,41533.msg222007.html#new
  • C

    Antispam package

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    C
    OK. Thank you! I will wait. Best regards Kostas
  • P

    Squid https - SSL download is slow

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    T
    I'm seeing brutally slow load times on anything behind Squid. Installed the latest everything today. If I turn on Squid, then sites take up to 7 or 10 seconds to load all the elements. They load fast from cache after that, but the initial load, for any cold site, is completely useless.
  • G

    Rate Package 2.0

    Locked
    10
    0 Votes
    10 Posts
    3k Views
    G
    @Cino: unless your using 2.1, my workaround wont work for you since the 2.0 file is my workaround. http://forum.pfsense.org/index.php/topic,42631.msg220911.html#msg220911 have your tried a fresh install of 2.0 and imported your config? Make sure you remove any entries that would install rate package from your config.xml another option would be install 1.2.3 again, import your last 1.2.3 config… remove the rate package and upgrade to 2.0 I'm running current stable so I believe it is 2.0.  If so I'll try your fix and see if that does the trick. Thanks!
  • B

    Can I update the haproxy binary on my own?

    Locked
    12
    0 Votes
    12 Posts
    4k Views
    B
    Sounds good I think I'll try to deploy a FreeBSD VM tomorrow. I do actually need a stable version of HAProxy so I don't want to use the 1.5 Devel version. Thanks again you've been really helpful. I'll let you know how it works out.
  • N

    How can I setup squid as a http proxy?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    M
    if you want only browsing to be used without any restrictions, why not allow ssh login and then use socks proxy
  • L

    Snort - how to create a netlist/whitelist?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    C
    Just make sure you check off the options that you want added to the whitelist or netlist under "Add auto generated ips" From my experience: I use whitelist for friendly IPs and check off every auto generated ip option, then I use netlist to add any subnet that pfSense doesn't know about and check off every auto generated ip option(My cable modem's internal subnet range, vpn subnets that pfsense dont know about because of custom routes i have) hope this helps
  • cyber7C

    Solution: FTP from LAN to WAN over SQUID.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    This solution did not work in my case. I  use SquidGuard. Is there any thing else that I could  try? Regards. Rafael
  • S

    Ignroe audio streaming and video in squid

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    N
    Hi, to cache custom file-extensions I am using this: refresh_pattern -i /.*.(iso|wmv|mov|rm|avi|mp4|mpeg|mpg|divx|xvid|swf|flv|x-flv) 10080 100% 10080 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private; This is working BUT the options are only working if it is http. Your types could be correct ( I don't know for sure) but I think they are only for allowing or denying access to this kind of files. But I do not think that you are now able to cache these files.
  • 1

    Siproxd errors in system logs

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    Quoting from siproxd 0.8.1 README Known interoperability issues with SIP service providers: callcentric.com      (afaik callcentric fails with "500 network failure"                         during REGISTER if more than one Via header is                         present in a SIP packet. Having multiple Via headers                         is completely in compliance with RFC3261. This might                         be related to their "NAT problem avoidance magic".                         There is nothing that can be done within siproxd                         to avoid this issue as callcentric does not comply                         with the SIP specification.
  • ?

    LightSquid Error

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    A
    I've had this problem on a few installs as well. I discovered that when I get the error, if I go wipe out all the reports in that folder it mentions, I can then Refresh Full and the problem goes away. Go to the shell: cd /var/lightsquid/report rm -rf * Refresh full from Status -> Proxy Report, and problem solved.
  • A

    Unbound issues with DHCP, DNS forwarding

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    W
    @wagonza: This stopping might be related to a change which fixed another problem - Im still yet to find a fix for this. I have put a fix in for this, so just update your package.
  • S

    Masq a dns with unbound?

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    S
    wagonza your back!!!! YAY! Yes I did that :) Thanks!
  • K

    Squid causing page not to load.

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    T
    i found the reason is i'm not open proxy port for all VLAN. It simple but I must take a half day to find.
  • F

    Nginx as a reverse proxy for pfsense GUI and other private network servers

    Locked
    1
    0 Votes
    1 Posts
    5k Views
    No one has replied
  • V

    PfSense 2.0 and Squid in transparent mode don't working

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    B
    Hi I have the same problem :-(. its ok when configure the manual proxy in my the navegator My PFSense is 2.0 and the squid is Squid Cache: Version 2.7.STABLE9 configure options:  '–bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/var/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic digest negotiate ntlm' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB LDAP SASL YP' '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' '--enable-ntlm-auth-helpers=SMB' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads' '--enable-storeio=ufs diskd null aufs coss' '--enable-delay-pools' '--enable-snmp' '--enable-ssl' '--with-openssl=/usr' '--enable-htcp' '--enable-forw-via-db' '--enable-cache-digests' '--enable-referer-log' '--enable-arp-acl' '--enable-pf-transparent' '--enable-follow-x-forwarded-for' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=Armenian Azerbaijani Bulgarian Catalan Czech Danish  Dutch English Estonian Finnish French German Greek  Hebrew Hungarian Italian Japanese Korean Lithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish Ukrainian-1251  Ukrainian-koi8-u Ukrainian-utf8' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd8.1' 'build_alias=i386-portbld-freebsd8.1' 'CC=cc' 'CFLAGS=-O2 -pipe -I/usr/local/include -I/usr/local/include  -I/usr/include -DLDAP_DEPRECATED -fno-strict-aliasing' 'LDFLAGS= -L/usr/local/lib -L/usr/local/lib -rpath=/usr/lib:/usr/local/lib -L/usr/lib' 'CPPFLAGS=-I/usr/local/include' 'CPP=cpp'
  • I

    Avahi on pfsense 2.0

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    Anyone else using Apple gear and pfsense 2.0 ?????
  • S

    Snort fails to start, error must enable 'extended_response_inspection'

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S
    Thank you for that, it's working now.
  • R

    Issue with Queues in RRD Mailreport package

    Locked
    9
    0 Votes
    9 Posts
    6k Views
    jimpJ
    Not sure, but it's possible it's a timing issue that only pops up at certain times, where the rrd file is being updated by the system when the report is being run and it can't find the file at the moment it's trying to attach it. Not sure what else it might be…
  • N

    Squid Reverse Proxy advanced configuration

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.