1. Home
  2. pfSense Packages

Subcategories

  • Discussions about packages which handle caching and proxy functions such as squid, lightsquid, squidGuard, etc.

    4k Topics
    21k Posts
    tinfoilmattT
    @johnpoz said in Please help to configure HAProxy to serve certifficate on internal LAN too: Yeah - what part do you not understand if you always resolve nextcloud.domain.tld so that it hits your haproxy on your pfsense wan IP are you not getting? You have 2 options - use a different domain internally and always go to nextcloud.publicdomain.tld, or use the same domain internally as external and run into the problem of what IP it resolves to.. Change your local domain to say home.arpa or .internal or atleast something different than the public domain your using to point to pfsense wan IP on the public internet. You are shooting yourself in the foot trying to use the same domain externally as internally. There are ways around it, but they complicate the setup. For example you might be able to use views in unbound as one way to work around the problem. You could use only host entries for all your resources. But then again you run into a problem of using the fqdn for this service, now always pointing to your wan IP.. And that is great when you want to access the service haproxy is doing - but if you want to access that resource on some other service that haproxy doesn't handle - like say simple file sharing.. You are going to have problems. Since you clearly do not understand how any of this works - the simple solution is change the local domain you are using so it is not the same as the public domain you want to use to get to your nextcloud. This tone is outrageous directed at somebody who acknowledged right off the rip that English is not their first language. How many languages do you speak, John? And safely assuming it's only one—English of course—take it from a fellow English native that you'd do well to say more with less words. You otherwise were directing OP in the right direction in my opinion.

  • Discussions about packages whose functions are Intrusion Detection and Intrusion Prevention such as snort, suricata, etc.

    2k Topics
    16k Posts
    tinfoilmattT
    Here. I think. Referenced as "github.com: vendor-provided URL vendor-advisory" in your link.

  • Discussions about packages that handle bandwidth and network traffic monitoring functions such as bandwidtd, ntopng, etc.

    573 Topics
    3k Posts
    dennypageD
    @kabeda If memory serves, that old version of ntopng did not run as user ntopng, but as user nobody. There are lots of problems in that old version. Anyway, check the ownership and permissions of /var/db/ntopng and make sure it matches the user that ntopng runs as. You may need to set ownership of the entire hierarchy. Example: /usr/sbin/chown -R nobody:nobody /var/db/ntopng However, the better choice would be to upgrade to a more recent version.

  • Discussions about the pfBlockerNG package

    3k Topics
    20k Posts
    tinfoilmattT
    @netboy said in is something wrong with pfBlockerNG?: After my post, I "changed" DNSBL -> DNSBL mode from "unbound python mode" to "unbound mode" and so far i have no issues. Terrible idea. Moving backwards in development history there.

  • Discussions about Network UPS Tools and APCUPSD packages for pfSense

    102 Topics
    3k Posts
    dennypageD
    @fjmp24 said in Notification: UPS ups battery is low: If I remove ignorelb directive, my UPS shuts down after 16 seconds This means your UPS is signaling a low battery. Either your battery is bad, or your UPS is bad. Most likely battery, but you never know. I suggest reaching out to Eaton support.

  • Discussions about the ACME / Let’s Encrypt package for pfSense

    503 Topics
    3k Posts
    M
    I am using the DNS-Update method I have to use a DNS-Sleep of 5 minutes to let the letsencrypt txt dns record update propagate. During this 5 minutes the acme-webgui times out. when the acme-webgui times out the Action list is NOT executed. How can I solve this ? Would it maybe be an idea to let the acme.sh script execute the actions in the action list as a post-hook instead of the web-gui? Or maybe add an option to add post-hooks in the webUI ?

  • Discussions about the FRR Dynamic Routing package on pfSense

    296 Topics
    1k Posts
    C
    This one has been tricky still not sure what to try. Any ideas?

  • Discussions about the Tailscale package

    93 Topics
    648 Posts
    C
    @mightykong Yes, my system also requires a restart after reboot, and what has worked for me is: service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up What has worked for updates included a [sysrc tailscaled_enable="YES"] that is supposed to handle tailscale restart after reboot, but it has not worked for me. I am looking into it, and others will be as well. In the meantime, this is my update one-liner command line: service tailscaled stop && tailscale logout || true && fetch https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6.pkg || exit 1 && IGNORE_OSVERSION=yes pkg-static add -f tailscale-1.90.6.pkg && rm -f tailscale-1.90.6.pkg && service tailscaled start && tailscale up Options: add && tailscale version && tailscale status to automate a first check; and, the "rm -f tailscale-1.90.6.pkg" is not needed, but once I saw the suggestion, I decided to keep it.

  • Discussions about WireGuard

    715 Topics
    4k Posts
    A
    Hi everyone, This is a noob question but already tried multiple and I hope some one can help with this. I have a Wireguard Tunnel configured and handshake is successfully performed and I can ping the server from the laptop but can't do it otherwise. Already deactivate the NAT feature and all the rules and no luck. Pfsense and this server is located in a Proxmox Server, laptop is a local. Any ideas? Thank you.
Log in to post
Load new posts
  • L

    This can be BUG?

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • L

    Accelerate! Pfsense squid running in the 1.2-rc3 (Teach you how to run squid)

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    L
    this is my  squid.conf # less /usr/local/etc/squid/squid.conf |more # Do not edit manually! http_port 192.168.1.253:80 http_port 127.0.0.1:80 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/local/etc/squid/errors/English visible_hostname localhost cache_mgr sniperpr@gmail.com access_log /var/squid/log/access.log cache_log /var/squid/log/cache.log cache_store_log none shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src  192.168.1.0/255.255.255.0 uri_whitespace strip cache_dir [color]diskd[/color] /var/squid/cache 150000 16 256 cache_mem 16 MB maximum_object_size 4096 KB minimum_object_size 0 KB [color]cache_replacement_policy heap[/color] [color]LFUDA[/color] [color]memory_replacement_policy[/color] [color]heap GDSF[/color] offline_mode off # No redirector configured # Setup some default acls acl all src 0.0.0.0/0 acl localhost src 127.0.0.1 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 443 1025-65535 acl sslports port 443 563 443 acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? cache deny dynamic http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost request_body_max_size 0 KB reply_body_max_size 0 allow all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow all # Allow local network(s) on interface(s) http_access allow localnet # Custom options [color]cache_swap_low 85[/color] cache_swap_high 99 # Default block all to be sure http_access deny all cache_dir diskd /var/squid/cache 150000 16 256 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_swap_low 85 Please note that the red font. Next to explain why such settings. Squid Cache: Version 2.6.STABLE5 configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm digest' '--enable-basic-auth-helpers=NCSA PAM MSNT SMB LDAP YP' '--enable-digest-auth-helpers=password ldap' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group ldap_group' '--enable-ntlm-auth-helpers=SMB' '--enable-storeio=ufs [color]diskd[/color] null' '--enable-delay-pools' '--enable-ssl' '--with-openssl=/usr' '--enable-wccpv2' '--enable-pf-transparent' '--enable-kqueue' '--enable-err-languages=Azerbaijani Bulgarian Catalan Czech Danish Dutch  English Estonian Finnish French German Greek Hebrew  Hungarian Italian Japanese Korean Lithuanian  Polish Portuguese Romanian Russian-1251 Russian-koi8-r  Serbian Simplify_Chinese Slovak Spanish Swedish  Traditional_Chinese Turkish' '--enable-default-err-language=English' '--prefix=/usr/local' 'i386-portbld-freebsd6.1' 'LDFLAGS= -L/usr/local/lib -rpath=/usr/lib:/usr/local/lib -L/usr/local/lib' 'CFLAGS=-O2 -fno-strict-aliasing -pipe  -I/usr/local/include -I/usr/include' 'CPPFLAGS=' 'host_alias=i386-portbld-freebsd6.1' 'build_alias=i386-portbld-freebsd6.1' 'target_alias=i386-portbld-freebsd6.1' 'CC=cc' The red font, in the squid-rc3 pfsense 1.2 compiler parameter. Why should this parameter? What is the origin? The map to explain why "diskd"    –enable-storeio=ufs diskd nul Thanks Squid: The Definitive Guide By Duane Wessels How to edit / etc / fstab? Mount-u-w / Chmod Ok [image: 1.png] [image: 1.png_thumb] [image: 2.PNG] [image: 2.PNG_thumb]
  • L

    Comparable MRTG! Teach you how to use BanawidthD

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    L
    @sullrich: Can you submit a patch with these package changes? If the choice is the LAN interface, can be monitored submit the. And the WAN can monitor the flow of that port. I would like to test concrete, after all, just on the line BanawidthD day. [image: 12.PNG] [image: 12.PNG_thumb]
  • B

    Lightsquid Install Failed

    Locked
    12
    0 Votes
    12 Posts
    6k Views
    D
    May be Lighttpd settings have changes or different webGUI port (not 80)?
  • L

    Packages squidguard ??

    Locked
    7
    0 Votes
    7 Posts
    4k Views
    D
    Please check update. Modifications: supporting GUI-port changes (only need Apply) background blacklist rebuilding Need check owner /var/db/squidGuard files after installation and after blacklist download
  • L

    DNS server on multi wan

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    S
    Not currently.  It can only bind to one IP address.
  • G

    Should I use Snort?

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    G
    unfortunately I'm not sure how to do that, or which rules I should or should not use, but I'm sure I could figure it out.
  • C

    Can't get LCDproc package to work.

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    C
    I'll try to be patient then.  :)
  • R

    Reverse Proxy

    Locked
    6
    0 Votes
    6 Posts
    6k Views
    S
    @riogrande100: Would it be an idea to modify a exiting xml, to allow this conf to be writtem, or best practise to use another application, without risking lighttp? I would force the webConfigurator's port to be changed to somethig other than 80 and then fire off a new lighty service just for the reverse proxy.
  • M

    Squid/squidguard Group: Howto ??

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    R
    While using 1.2 RC2 I have found that SquidGuard doesn't always seem to proxy users content correctly, maybe it's the way we configured it in our test. But have looked around, and according to the pfsense wiki squid is currently not working right. http://en.wikipedia.org/wiki/PfSense
  • E

    Ntop bug?

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • ?

    Snort Problem

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    AhnHELA
    Take a look at this http://forum.pfsense.org/index.php/topic,7028.0.html
  • M

    Install squidguard

    Locked
    21
    0 Votes
    21 Posts
    16k Views
    D
    Uninstall full and install from normal package list (pfsense.com server).
  • S

    IMSpector on PFSense 1.0.2 BETA

    Locked
    7
    0 Votes
    7 Posts
    11k Views
    R
    @josempinto: Hi,   I have installed the imspector package with PFSense V.1.2 RC3 (and tested also on RC2) and it doesn't seems to work…  by that i meant, i don't see any logging showing and i have done a couple of check/uncheck to restart... help???? Please do not post the same question in multiple threads. If you had read this thread you would have seen how to run imspector in debug mode. Do this and see if the clients are connection and if the messages are being shown.
  • B

    Snort difficulties

    Locked
    13
    0 Votes
    13 Posts
    18k Views
    D
    @Hilozer: Change /usr/local/www/snort_download_rules.php lines 182 and 183. $snort_filename = "snortrules-snapshot-CURRENT{$premium_subscriber}.tar.gz"; $snort_filename_md5 = "snortrules-snapshot-CURRENT.tar.gz.md5"; To $snort_filename = "snortrules-snapshot-2.6{$premium_subscriber}.tar.gz"; $snort_filename_md5 = "snortrules-snapshot-2.6.tar.gz.md5"; The best fix would probably be to update the snort package with the latest version of snort. However, this seems to allow the current version to work properly. It would be shame to fix it for manual updates only to have it replaced on the next auto-update.  Therefore, there is another place to change as well: /usr/local/pkg/snort_check_for_rule_updates.php The change is completely analogous to the quoted change and shouldn't need additional explanation. Dave
  • E

    Help! problem with squid cache

    Locked
    4
    0 Votes
    4 Posts
    3k Views
    E
    I re-installed 1.2-RC3 and squid and it seems to be working now.
  • M

    What happend to netio?

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    E
    The package iperf does pretty much the same thing.
  • C

    Squid NTLM

    Locked
    3
    0 Votes
    3 Posts
    4k Views
    C
    I would really like to see a squid winbind ntlm package. How much is it worth ?
  • H

    Adding updatexlrator to packages

    Locked
    6
    0 Votes
    6 Posts
    4k Views
    D
    @hadi57: hi again i know u did good work on squid, so do you think you will be able to do updatexlrator as an add on to pfsense? No, I'm not. Looking squid package sources.
  • N

    Best setup for downstream Squid ?

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    D
    @nexus010: dvserg I will try it then and see. I will post results. Thanks for your input. Ups… sorry. I anytime not correctly translate text.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.