1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S
    @shady28 Are you maybe looking at IP block list feeds vs DNSBL feeds?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • T

    Bandwidthd on cf-card? will it destroy my cf-card?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • S

    Asterisk behind pfsense (no sound)

    Locked
    25
    0 Votes
    25 Posts
    17k Views
    S
    @marcelloc: Great news!!!  :) Some dsl routers has a 'sip Alg' option that break out sip comunication. I have no idea why. Maybe you have something like that on you network. Nope not here… I have cable... :) but its all resolved now.
  • Z

    Have you tried this?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    Z
    Informative!I really appreciated it. I dont have any idea 'bout the sessions or caching sessions.I think should go deep on this. At least I know its possible,enough for now. Thanks for the help.
  • A

    Unbound error

    Locked
    16
    0 Votes
    16 Posts
    8k Views
    I
    You might also try looking for an error along the lines of BAD-TRAFFIC TMG Firewall Client long host entry exploit. That message is triggered by a bad traffic rule that looks for odd traffic on port 53, which happens to be DNS. If you have a lot of these in your alerts of blocked log, chances are that some or all DNS replies are being blocked by snort.
  • I

    FreeRadius replication

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    marcellocM
    Varnish, postifix, haproxy. You do not need carp enabled to use it.
  • G

    Squid and AD authentication

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • A

    Snort install errors - pulling my hair out!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    G
    emerging threats rules change all the time so if you enable a rule and later update the rule set there is always the possibility that you are attempting to load a rule that no longer exists in emerging threats. That will give you your error.
  • D

    [Help] Unable to make imspector work on PFSense 2.0-Release

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    D
    Dear all, I figure out that the Y!M version 10.0.27 didn't use the default port 5050. After i update Y!M to another version, it use port 5050 and seem to be OK with imspector. Thread close, thanks all
  • M

    SQUID on DUAL WAN only use DEFAULT

    Locked
    8
    0 Votes
    8 Posts
    8k Views
    N
    Yes, you have to balance the web traffic from the localhost instead of the traffic for you lan clients.
  • R

    Problems with apcupsd and/or nut

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    libwrap.so.6 is not part of a package, its part of FreeBSD. It appears the package you are attempting to use is newer then FreeBSD 7.0-Release, which 1.2.3 is based off of. ls -al /usr/lib/libwrap.* will show you what files you have. You probably have libwrap.so.5 Using ln -s, you may be able to link libwrap.so.6 to libwrap.so.5, and it may work. But it may also not work / melt your box / kill your cat… Otherwise, try installing the package for a 7.x variant (not sure when libwrap.so.6 was introduced)
  • marcellocM

    Jail on pfsense 2.0

    Locked
    4
    0 Votes
    4 Posts
    6k Views
    marcellocM
    thanks for you reply. ezjail is working much better then pfjctrl. If you are doing patches, means that you know what you are doing. backup your vm's, uninstall pfjctrl and install ezjail. ezjail-admin will help you creating new virtual machines with freebsd 8.1. follow ezjail build steps on a freebsd 8.1-p4 and you will have same version on pfsense and jails. As pfsense2 has been release there is no problem on migrating pfjctrl to ezail. I'll try to start it soon.
  • K

    Varnish for multiple CARP IP Interfaces distinct from WAN IP address

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    marcellocM
    Today the package listens on all interfaces at port you specified. To have multiple varnish, you can copy conf file and put a second daemon startup at gui advanced startup option. When using multiple varnish, you will need to name each one with -n arg. sample advanced startup options -n apache #set name on default daemon #startup second daemon /usr/local/sbin/varnishd \     -a :3129 \     -n squid \     -f /var/etc/squid.vcl \     -s malloc,2048MB \     -w 32,1024,300 I will find a way to change setup To let you choose interface and auto name them. Wait for pkg v 0.9. Thanks for your reply.
  • N

    SNORT issues in BRIDGE and VLAN'ed Environment

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • N

    Snort Problems Again !!!

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    T
    Snort is working great here. 2.0 Release 64bit All pre-processors on Lots of rules enabled. Works after reboot. 2gb on a vnware vm. I did have to follow other posts by uninstalling/reinstalling to get it running the first time when we were in the RC stage.  Also if I had known so rules were only 64 bit, I would have installed 32 bit pfsense.
  • K

    OVPN Client Export installer error

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    L
    Apparently this is a recent issue.  There is a fix over here: http://forum.pfsense.org/index.php/topic,41180.0.html For those who dont feel like reading the thread (Please DO though– and COMMENT so that it gets fixed :D ), or for those from google: @gusdvg: Ok so I added an error handler to the openvpn-client-export.inc file such that warnings are not printed to the exe. Tried and it works again! If you want to try this, edit /usr/local/pkg/openvpn-client-export.inc and add these lines after the require_once lines at the beginning of the file: function ignoreError($errno, $errstr) {   //does nothing... } set_error_handler("ignoreError",E_WARNING); I guess the problem still remains if you need to add additional options, but I have little time at the moment and this patch will do for now.
  • R

    Snort on pfSense packet flow

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    R
    @marcelloc: Pfsense rules are set on source interface. The rule with destination To blacklist must be on lan. I set the rules up on the appropriate interfaces based on source and destination IP, but Snort sees (and then blocks) offenders that should be covered by these rules. The rule covering destination to blacklist is on the LAN interface. The rule covering source from blacklist is on the WAN interface. Still, Snort sees and blocks traffic covered by these rules. I still have these questions: Perhaps someone can clarify both the Snort alerting on hosts blocked by a firewall rule (Snort gets the packets first?), and Snort behavior in pfSense when a Blacklist and a Whitelist host are both involved in an alert.
  • K

    Ipblocklist blocking 0 networks-syslog error

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • F

    POP3 Filter

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    marcellocM
    No, only for internal smtp servers. I think pop3 protocol is getting quite old. I'd prefer IMAP. Pop3 wastes bandwidth even using p3scan or other tool, you need to download all messages to then see if you want it or not. You can build a virtual machine an try to install freebsd p3scan package. if it works as you expect install on your firewall.
  • H

    Squid Guard Time Based ACL issues

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    H
    So I updated the firewall this morning from 1.2.3 to 2.0 and now the proxy is working 100%… Not sure what changed or anything but very happy with the new release. Thank you guys. Keep up the awesome work on a fantastic product.
  • S

    Facebook, Twitter Like button error in squidguard

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    marcellocM
    I saw the same thing at varnish report. Every time you apply settings, it will be included. Make report simple and it will never return.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.