1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    DARAD
    Hello team, I have a Netgate 8200 running 24.11-RELEASE (amd64) with Suricata 7.0.8_5 package installed. Suricata doesn't seem to start. It loops to red once I press the Play button on the interface. It leaves no logs in the System logs, it leaves no logs in suricata.log at /var/log/suricata/suricata_ovpns933787/suricata.log I tried launching it manually: # /usr/local/bin/suricata -V or # /usr/local/bin/suricata -c /usr/local/etc/suricata/suricata_33787_ovpns9/suricata.yaml -i suricata_ovpns933787 and I get this output ld-elf.so.1: /usr/local/bin/suricata: Undefined symbol "__strlcpy_chk@FBSD_1.8" Thanks in advance, Dara

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    652 Posts
    M
    @elvisimprsntr Great in theory, not in practice. I'm the same, but there are unforseen events. Power outages, crashes, etc. And yes, I'm running a UPS.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    S
    @LaUs3r Yeah, I added those IPs, but after restarting pfSense, the WireGuard status says “handshake failed.” Also, when I do nslookup us-bos.prod.surfshark.com, I get two different sets of IPs. For example: • The first time I get 43.225.189.108 and 43.225.189.118 • The next time I get 149.40.50.216 and 149.40.50.290 So I was wondering can I add both sets of IPs, and put a “0” at the end of each, and use /24 for both IPs? I reached out to Surfshark support, and they sent me their official pfSense WireGuard setup guide see the guide here in the guide they mention 10.14.0.2 for static routes
Log in to post
Load new posts
  • D

    Squid and "Do not cache" option

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    ?
    In squid < 3.0, you want the no_cache directive. Usage  no_cache deny|allow aclname Description A list of ACL elements, which, if matched, cause the reply to be immediately, removed from the cache. In other words, use this to force certain objects to never be cached. Default acl QUERY urlpath_regex cgi-bin ? no_cache deny QUERY The word 'DENY' is to indicate the ACL names, which should NOT be cached Example acl DENYPAGE urlpath_regex Servlet no_cache deny DENYPAGE The DENYPAGE acl assures that the url containing Servlet will NOT be cached.
  • J

    Spamd listening port?

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    J
    And thus my spam increase issue thanks to comcast blocking 25 both ways.  Thanks for the info.
  • J

    Flush/Clear SQUID Cache.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • F

    [p3scan] Target ip error!

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    N
    @NicolaPaone: @ron: firewall, It will be a few days possibly, but I'll put together a new update to the p3scan package shortly that fixes your issue.  I got approval from the original pfSense package maintainer to take over the maintainership, and I've been working on an update to the package.  The issue you are seeing is that the original p3scan-pf port does not correctly account for the packet redirect when using the PF redirection (i.e. the code doesn't look up the original sender IP address correctly in the TCP packet when using it in transparent mode, and it then sees itself as the original packer sender which loops).  The issue has nothing to do with the pfSense package, and is a bug in the base p3scan port to FreeBSD.  I have fixed it and have it working on one of my systems now.  I just need some time to get the patches together. I also have an update to the ClamAV pfSense package coming too that goes with this for AV scanning.  I'll have to get someone in the coreteam to post the updates when they are ready. Regards, Ron Hello everyone, I too found the bugs in question … I even tried to compile the package p3scan, but nothing ... Under linux (debian), no problem ... everything works the first blow. I believe both bugs p3scan for BSD. If I may give you a hand, I'm happy to collaborate with you. Let me know .... @Ron news???
  • C

    IMSpector: Whitelist full access not working for MSN

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • B

    Changing ftp local packages???

    Locked
    15
    0 Votes
    15 Posts
    16k Views
    X
    I don't know what dependancies exist with my pb so which command is dangerous ?
  • C

    Does IMSpector in Pfsense supports to mail out the LOG ?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    You would have to write a shell script. If using file logging the logs would be stored in /var/imspector
  • P

    Snort memory leak ?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    P
    You were right, the first time I increased memory I did not add enough Finally, I add 400M Memory and is working fine now, thanks for your help
  • X

    Can't install WGET package (or other one)

    Locked
    11
    0 Votes
    11 Posts
    15k Views
    X
    In the beginning I want to correct my problem starting, because I can not install any package. (I am not against the use of fetch)
  • B

    LightSquid Configuration / DNS Name Issues

    Locked
    5
    0 Votes
    5 Posts
    6k Views
    D
    Check working with 'Demo  - return AUTHNAME, else DNSNAME, else IP  ' But any changing 'IP resolve method (future)' option take effect for new refreshing.
  • E

    Squid configuration

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    Cry HavokC
    (This belongs in the Packages forum) Yes, there is a GUI - try installing Squid and have a look.
  • F

    Browse with our without proxy settings

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    F
    I think this is the awnser: As you can see, pressing reload in Netscape (and some other browsers) doesn't simply re-fetch the page, it forces the cache not to serve the cached page. Many people doing tests of how the cache increases performance simply press reload, and believe that there has been no change in speed. The cache is, in fact, re-downloading the page from the origin server, so a speed increase is impossible. To test the cache properly you need two machines setup to access the cache, and a page that does not contain do not cache me headers. Pages that use ASP often include headers that force Squid not to cache the page, even if the authors are not aware of it's implications. So, to test the cache, choose a site that is off your local network (for a marked change, choose one in a different country) and access it from the first machine. Once it has download, change to the second machine and re-download the page. Once the page has downloaded there, check that the page is marked as a 'HIT' (in the file called access.log - the basics of which are covered earlier in this book). If the second accesses were marked as misses, it is probably because the origin server is asking Squid not to cache the page. Try a different page and see difference the cache makes to browsing speed. Many people are looking for an increase in performance on problem pages, since this is when people believe that they are getting the short end of the stick. If you choose a site that is too close, you may only be able to see a difference in the speed in the transaction-time field of the access.log.
  • J

    Squid working?

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    F
    I've the same thing. When I go to sites were are pictures to download with a slideshow, and I go back to the same URL, it seems that the pictures are not comming from the proxy but directly from the internet. Can this be a bug?
  • D

    SquidGuard update

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    D
    @Monoecus: I noticed one typo in the explanations above the blacklist sections: 4-all rule('allow' ro 'deny') should be an 'or' right? Besides, I saw that the Shallalist has been updated with new categories. Thanks must be "4-all rule('allow' or 'deny')" About Shallalist - this not my work  ???.
  • S

    New version of snort

    Locked
    12
    0 Votes
    12 Posts
    6k Views
    J
    Did you guys figure this out? I'm getting the same error now. It happens while snort is loading the rules, right after startup.
  • G

    SQUID 2.6.18.1 / cannot browse specific pages ?

    Locked
    11
    0 Votes
    11 Posts
    6k Views
    G
    Coming back to the reply of "Perry" Also i can confirm the problem http://www.squid-cache.org/bugs/show_bug.cgi?id=2342 Collected the data and as fare what i can see it is a http 1.0 / http 1.1 problem (Attach doc's) Is the http 1.0 / http 1.1 problem caused by the server or by SQUID or by PFSense I have to apologize but I am not a network specialist and do use SQUID somehow as "blackbox" regards Günther
  • B

    HOWTO : configure freeradius

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    D
    What are you wanting to do with FreeRADIUS? Are you trying to do something with the pfSense captive portal, or are you wanting to use it for wireless network authentication? There's many ways to configure FreeRADIUS - but only you know what you want to do. I don't use FreeRADIUS on pfSense, but I do maintain the FreeRADIUS packages for FreeBSD (which, amongst other things, underpins FreeRADIUS on pfSense) and I use FreeRADIUS on one of my FreeBSD servers. When I get the time, I will try to set up the pfSense FreeRADIUS package to see what it can do - but I have so many things to be getting on with at present.
  • M

    Manual download of Snort rules

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    M
    Ah well, thanks. :-) I'll try Snort on some better hardware.
  • M

    Transparent bridge mode to DMZ, and NAT to private LAN, and Snort?

    Locked
    2
    0 Votes
    2 Posts
    7k Views
    M
    Well, I've got pfSense bridging the WAN to the DMZ whilst NATting the Private LAN. So far so good. I'm trying to get Snort working now. I must say that pfSense is an excellent firewall; it is remarkably flexible and has a vast range of configuration options. Well done!!
  • J

    Proxy setup tutorial

    Locked
    13
    0 Votes
    13 Posts
    6k Views
    J
    @GruensFroeschli: No. You can. But you dont have to. in some banana countries, yes, you have to :) and, yes it works fine over open dns, and over squid, but cant support multiple WANs  ??? :-\
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.