1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    V
    Ah, I changed the action to deny both and now I also have a wan firewall rule, which I also had on OPNsense. With this wan rule I can see the blocks already coming now! Is it a bad idea to have the action set to deny both instead of inbound only?

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    654 Posts
    C
    @luckman212, Thanks for your suggestion. I will check what I have in /usr/local/pkg/tailscale/state, and also the RAM disk settings others have brought up. I could learn more about where Tailscale and pfSense store system files. If I find anything worth sharing, I will let you know.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    H
    Same issue here, so it's not just you.
Log in to post
Load new posts
  • I

    SPAMD in Blacklist Mode Broken?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I should say that unchecking the box STOPS all e-mail from being delivered unless its' on the whitelist. (I'm assuming because the rules aren't re-written it's trying to send it to spamd internally, which isn't on) Changing the rules just gets them re-written on reboot obviously so that's no dice either.. Chris
  • C

    Patch to include SMTP server name to SpamD package

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    I
    @iced98lx: Are you using the developer release? I'm on 1.2.1 rc3 and after installing patch the command gpatch is not found… Nix that- reboot and now i can use gpatch.
  • C

    SpamD: Add DNSWL's legitimate SMTP servers to whitelist

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    Comrax: doing excellent work here!! I'm updating to RC3 just so i can use this and the other patch you released to SPAMD!! Are you running greylisting or just white/black?
  • I

    Changing SPAMD to Listen on an IP Address vs an Adapter

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • K

    Spamd whitelist/blacklist strange behavior

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • P

    BGP problems

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    D
    looks like you are binding bgpd on one subnet. here's a bgpd.conf that works with the latest pfsense version. (note that I set the announce on the group level, you can do this on the neighbor level also, also I like to define things even tho they are the default - just for my own sanity) AS 12345 holdtime 60 listen on 127.0.0.1  #try this to so solve your binding problem router-id 111.111.111.111 network 123.123.123.0/24 group "upstream" {         announce self         announce capabilities yes         set localpref 90         softreconfig in yes         softreconfig out yes         neighbor 63.169.230.189 {                 descr "Sprint Upstream"                 remote-as 1239                 depend on em1                 max-prefix 270000         }         neighbor 204.9.204.29 {                 descr "US Colo Upstream"                 multihop 3                 remote-as 32743                 depend on em2                 max-prefix 270000         } } group "any2_peers" {          announce self          announce capabilities yes          depend on em3          set localpref 110          softreconfig in yes          softreconfig out yes          neighbor 206.223.143.33 {                 descr "WV Fiber"                 remote-as 19151                 max-prefix 4000         }         neighbor 206.223.143.79 {                 descr "Peer 1 Networks"                 remote-as 13768                 max-prefix 2000 }         neighbor 206.223.143.63 {                 descr "Singapore Telecom"                 remote-as 7473                 max-prefix 20000         } } Sample filter section: Filter Section First deny everything from all deny from any deny to any Allow to/from our peers All groups  must be listed here to receive and send updates allow from group upstream allow to group upstream allow from group any2_peers allow to group any2_peers Filter out Default Route, RFC1918 and other IANA reserved IP blocks deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4 +++++++++++++++++++++++++++++++++ hope this helps
  • J

    Multiple subnets with Bandwidthd

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    C
    Same phenomena here… Anyone can shed more light on this? and how to correct the situation? I am running pfSense 1.2.1-RC2.
  • D

    SNORT BLOCKING EVERYTHING

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    NUT and UPS via USB

    Locked
    2
    0 Votes
    2 Posts
    3k Views
    G
    I was also having problems with the nut package in 1.2.1 RC2 and a APC ES-350 using a usb cable. I was able to resolve the issue by running a search and replace on "nut.xml"  and replacing all instances of "newhidups" with "usbhid-ups" Hope that helps GP P.S as always it would be a good idea to make a backup of "nut.xml" before you start!
  • B

    VmWare Package - 1.2 Release but can't see it?!

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    B
    @GruensFroeschli: This is the post for you :) http://blog.pfsense.org/?p=293 I assume from that it's only available as a package in 1.2.1? :-) I tried to go to the doc page mentioned in my first post and create an account in order to edit the doc to make it clear that this is only available for 1.2.1 and upwards. However the only option is to log in, not to create an account! Could some kind soul please edit this page to make it clear which version(s) it applies to?
  • G

    Trouble shooting 1.2.1 RC2 Snort Pkg Rule update

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G
    I have searched the forums several times, thank you. I am using the "ac-bnfa"  mode that was the solution in one post ( I have also tried "lowmem" that has worked other types of installation). It's weird in that my first install it worked fine.  I had to reinstall on new hardware and it stopped working. I have reinstalled half a dozen times with no luck. In another post a delay to allow for the interfaces to come up was sugguested.  I have tried turning automatic updates off to provide that delay with no luck. Can anyone at least provide a manual method of updating as a work around? Well after two days it ran successfully! I have no clue why.  Please ignore post
  • G

    GEO Filtering

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M
    Interesting idea - you might start a bounty and see if anyone else latches onto this.
  • F

    Problem in squid while on failover

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    I
    I believe that Squid does not support a multi-wan environment (load balance/failover). I will check on this and get back to you…
  • C

    Question about BandwidthD

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    LightSquid and 500 - Internal Server Error

    Locked
    21
    0 Votes
    21 Posts
    14k Views
    D
    @ipnet: Hello all, I get the 500 Internal Server Error when I try to get the graphics from Lightsquid. I followed this thread and made it up to the point where the conclisions are that the libperl.so file has to be replaced. Well, the link http://diskatel.narod.ru/libperl.so (mentiones early in this thread) seems not to exist any more. Anybody knows where can I get this file from ???? Best regards Pls restore you lib back and look lastest recomendations http://forum.pfsense.org/index.php/topic,11594.15.html –- Possible close this topic - here not actual information?
  • Z

    Snort2c source code

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    Z
    snort2c it's not part of snort official package. The main site of the project is at http://snort2c.sourceforge.net but I think that the version included in pfsense is a modified one (according to the cvs logs).
  • R

    Restoring with packages

    Locked
    9
    0 Votes
    9 Posts
    3k Views
    D
    @running: Since i have reset config and reinstalled packaged do i still have access to that log? If not i will tire to re create the problem this week and let you know Thank you! LS need squid log's SG must have installed blacklist
  • P

    Why does the Transp. Proxy asks for password?

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    H
    hadi57 i had this problem of the username and password appear whenever somone opens web page, if i use the upstream proxy.
  • B

    Samba on Pfsense

    Locked
    2
    0 Votes
    2 Posts
    5k Views
    GruensFroeschliG
    http://forum.pfsense.org/index.php/topic,10201.0.html
  • S

    Squidguard - manually rebuild databases

    Locked
    8
    0 Votes
    8 Posts
    11k Views
    D
    Think you mean the squidguard_conf.xml in usr/local/etc/squidguard? Information file for debug.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.