1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    JonathanLeeJ
    Squid can be configured externally, I would love a how to guide on how to do this correctly.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    S
    @shady28 Are you maybe looking at IP block list feeds vs DNSBL feeds?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    C
    @dennypage Nicely done sir!

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    GPz1100G
    @agitelzon I have no issue connecting to LE servers from pf shell. The issue is cloudflare security setting is configured as a whitelist for api zone record changes. The whitelist includes my ipv4 address only, as a /32. As I mentioned, I could add the ipv6 prefix as a /64. Given that pf is configured to prefer ipv4, I thought that would carry over to acme as well.

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    657 Posts
    C
    @lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.

  • Discussions about WireGuard

    716 Topics
    4k Posts
    chpalmerC
    @tinfoilmatt Thanks! I have done that and it worked when forcing just her TV out the Centurylink.. My problem is my local box here. Im missing something because I can not get it to pass traffic from the WAN to the Wireguard tunnel. Ive got some time today so will chip away on my lab setup to see if I can finally accomplish it here first.
Log in to post
Load new posts
  • Y

    LCDProc package installation don't work

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    K
    so anyone out there able to get this to work on 2.0? is there something else that would work better? I would like to be able to use lcdproc to see sys info for the firewall.
  • C

    Squid in sub menu

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • J

    Tcp_outgoing_address (Squid package)

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    M
    pfSense does not block it.  IIRC, There is a technical limitation in the FreeBSD implementation of pf, ipctl, or Squid.  I can't recall as this was brought up some time ago.  The devs worked to find a solution, but it was not possible.  I think that pfSense 2.0 beta supports this, as whatever the limiting factor was has been upgraded (FreeBSD to v.8, pf, ipctl, etc.)
  • P

    Snort on WAN with Dynamic IP (PPPoE)

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • D

    Need Help about Block Video/Audio Streaming

    Locked
    1
    0 Votes
    1 Posts
    6k Views
    No one has replied
  • G

    FreeSwitch UserGuide or clear example requested

    Locked
    6
    0 Votes
    6 Posts
    5k Views
    G
    Ok, I have solved this… binding on LAN is ok (was due to siproxd beeing started at the same time as FreeSwitch). I can not load my "internal" profile… I keep on having this error : 2010-09-20 16:28:37.991317 [ERR] sofia.c:862 Error Creating SIP UA for profile: internal I also don't why FreeSwitch is binding on my external IP instead of my internal one… Las but not least if I remove my install and reinstall the port, I keep on having the same old config files that I have modified… What do I have to do to have a fresh install ?? Finaly the fault was all mine. After investigating why the port 5060 was taken, I remembered that I had the "siproxd" package installed and started. This is the reason why local trafic could not be started.
  • T

    Squid + Havp antivirus cnfiguration

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    T
    Thanks i do get blocked on eicar test but still i don't get any alerts
  • R

    Smtp relay

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    ?
    yes, although its not recommended.
  • V

    Squidguard 1.3-2 is blocking FTP access.

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    ?
    Squid is meant to proxy HTTP traffic, why are you passing FTP sessions to squid as well?
  • S

    How to require everyone to use Squid proxy?

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    ?
    Setting the proxy port to tcp 80 would not solve your issue as the users would still need to have proxy settings in their machines.  Keep the proxy on the default port, block access from your LAN clients outbound to TCP 80, TCP 443 and force them to put proxy settings in place to get out.  This can be done more easily using a GPO if you're an AD site, or using WPAD.  As was pointed out, this will only work for HTTP traffic.
  • L

    Snort - rules that stop mulitple password attempts?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    G
    If you are running a linux server the fail2ban package does this
  • P

    SNORT - sfportscan - sense_level

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    J
    @podilarius: Hello, I am getting far to many false positives on my WAN interface as I have a very active FW. According to a few sites I have found, you can set sense_level to low for sfportscan. The option does not appear in pfSense. I would love to see a drop down box in the preprocessors screen to set this value. Is there another way to set this in the mean time? Thank you so much for you work on getting this into pfSense. Pod. Added to the todo list. James
  • P

    Remove duplicate service entries on /status_services.php

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P
    @jimp: At the moment the only way to clean those up is to edit them out of your config.xml, and the easiest way to do that is to download a backup, edit them out, and then restore the backup. Thank you.
  • V

    Firewall - squid

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    The best way to find out is to try it. As dvserg mentioned, the rules for the redirect used by the transparent proxy are part of the firewall (ipfw?), so it is doubtful that transparent proxy will work.
  • M

    Need a Proxy for Domain Users and DHCP Users (mixed environment)

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    M
    @dvserg: Please do not use 'HELP', 'ATTENTION' and etc in Subject. So your post easier to read. Ok. Sorry! Thanks a lot.
  • A

    Using spare storage

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    A
    I know this is not designed as a file server - but our primary use is as a content filter, main firewall is seperate hardware. Thanks for the links - I suspect some experimentation is in order. Andrew
  • M

    Siproxd and inbound rules

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • R

    Siproxd can not start

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    In the WebGUI, make sure you fill in ALL the fields (save for the outbound proxy fields if not used). Although the GUI does mention the default values, they aren't populated into the config file automatically.
  • N

    Squid Package fails to install after a reinstall

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    N
    Thanks for the advice, I only have 2 packages installed bandwidthd   System   No info, check the forum   2.0.1.2 rate Network Management No info, check the forum 0.9 when I install squid (it seems to crash when installing perl) I checked the pkg_ino I see -bandwithdd -db41_4-41.25 the berkly db package rev 4.1 -gd-20.35.1 - a graphics library for fast creation of images -jpeg-6b-4-1JG - jpeg compression library -libiconv - a character set conversion library I did delete 2 packages that were related to squid but it still crashes not those packages no longer show but the above is what is left.  I don't' want to mess up the system so I'm being cautious should I erase any of the above? right after squid is extracted i get this message Downloading package configuration file… done. Saving updated package information... done. Downloading squid and its dependencies... done. Checking for successful package installation... failed! Installation aborted.
  • V

    Squid proxy

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    With transparent proxy it listens on localhost (127.0.0.1) and traffic coming in on the LAN side gets redirected there. Be sure you have also selected "allow users on interface" or add an ACL to make sure systems on the LAN side are allowed to hit the proxy. Otherwise we'll need more information, more than "nothing works" - specific information like error messages, system log contents, etc.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.