Is there no way to automatically (with cron?) switch between different squid configs (black- / whitelists) or in some other way achieve automatic control over squid during the day..?

This would be really useful.  If you do my make a sync script, please share it! ;)

I had the same issue.  In the end, I decided I didn't need Snort running on my LAN interface. But I had a lot of weirdness getting the right rules in the right places, e.g. I had the same problem on my WAN interface too, on one of my pfSense 2.0 boxes, but not it's mirror copy. For the WAN interface I found the rules were in a subdir of the rules directory also called rules.  So I just copied everything in /usr/local/etc/snort/snort_XXXXX_XXX/rules/rules to /usr/local/etc/snort/snort_XXXXX_XXX/rules/ and then removed the subdirectory.  Seemed to work for me.  YMMV.  Sounds like a bug that can happen under some circumstances…

P.S. Another solution to this or another problem (I forget how I solved each problem as there have been several) was to remove the md5 file for e.g. emerging.rules.tar.gz.md5 or snortrules-snapshot-2905.tar.gz.md5 and then run an update.  Then it will fetch a new copy of the rules and extract it.  Again, YMMV.

Let me know if either of these work for you.

Bump: I was under the impression that gateways were going to be addressable via Squid under pfSense 2.0.  Can anyone else speak to this?  Does a bounty need to be created to get this going?

@ugur:

change browser.

LOL, did you not see in the opening post he tried like 6 different ones? Mabye you should suggest a different browser for him since he's already tried 6. Not just "change browser".

+1 If you have an extra machine. Do a vmware install of a 2.0. Take your config backup from your current machine & try to load it onto the "virtual" install & see if everything is setup as it is before. That will be the best solution. I could somehow see, that even if another user tells you it does work, things have a way of happening different for different people.

One case, & point. Many snort users (me included) are having problems getting it to work. Everyone is throwing different error codes. I'm having an error code which was solved months ago, but the fix posted is not fixing mine & it's back for some reason. So just because someone says "it will transfer settings correctly" doesn't mean on your particular setup it will. To be safe try to do a virtual install & run your backup file from your 1.2.3 box to see if everything is brought up correctly. That will tell you for 100%.

Edit:A little more insight is to actually see if you could get snort running on that virtual 2.0 install. It may not even work as of this time. My snort was operating flawlessly until a power outage last night. Short story, pfSense died & had to issue a backup config. Therefore snort was reinstalled from the package list. My guess is developer was working on it, & it auto-updates & now it has bad code that needs to be fixed. My previous install was from about 3 weeks ago. It did not generate the error i'm getting now. For my problem there is no known fix. Guess i'm out of luck until it's fixed. I can't run snort in "alert" or "block offender" mode. Both modes are completely fudged.

And yes, you are right the whitelist feature does work in 2.0. It does add a drop down box to type the IP into. I did verify this.

I think it will only work with proxy filters that analyse page content like dansguardian. Squidguard does only checks urls.

Do you think this is also the case in 2.0 release? I am having the same problem and have been ever since 2.0-RC1

I just started another thread on this at: http://forum.pfsense.org/index.php/topic,42222.0.html

Maybe they can be combined?

jimp,

Thanks for the commit!

Ok, now it's clear to me.

You may need to edit squid.inc file and add manualy redirect rule to openvpn interface.
At /tmp/rules.debug you can see squid rdr rule.

Hi,
i find a solution:

Cause i shouldn't use lightsquid by a ALIX-System, cause it haven't enought write-cycles.

So i copy the access.log and format it with the tool sarg.

With this i get usefull reports.

For a simple configured version of squid you have to do the following if it isn't the default setting:

check "Transparent proxy"
check "Allow users on interface"
select the interfaces you would like squid to listen to. In general this is/are your LAN interface/s.

I think this is the minimal configuration you have to do.

on "Cache Management" you can change the settiungs for RAM and harddisk cache so it suits your hardware. But this isn't necessary for the minimum configuration.

I will try to write such a script.
call package startup routine/function : do you mean to use the status_services.php for that?
I am looking at the file and apparently it uses killbypid in order to stop services and start_service(servicename) for startup (for generic services anyway and snort is not one of the special cases there).

Thanks for feedback.

@marcelloc:

In hapv options choose squid parent mode.

do i need to set client browser to use the 8080 ?
i using netstat , i see the traffic going through port 80. when browsing. i use mozila

many thanks

Is there anyone who can permanently fix this in the package?

Wupsje

Not applicable. There are functional problems associated with the this.

Sorry, I meant "Target Category" and I figured out the wildcard

I made a Time rule for the business hours and a target category with an expression like so: [abcdefghijklmnopqrstuvwxyz] Then I created a Group ACL using this target category. It did in fact work, in that it did block all websites, but I still ran into the same problem where I couldn't use multiple Group ACL's for a single subnet. I think thats what im NOT understanding. I cant do multiple filters for a single subnet which I think is what you may have been trying to tell me long ago.

I finally gave up and just created one Group ACL that allows acceptable web content during "ontime" and denys everything on the off time. I will just have to deal with the single error message (ie users wont know if their request was denied because it was after hours, or because it was inappropriate)

I GIVE UP PFSENSE…  :P

Well, as workaround i'm using the /etc/rc.packages script to reload config files.

Best regards.