I see them too :-( How can we make them stop? lol I raised a bug report: https://redmine.pfsense.org/issues/4383 I could not see where I could fix this in pfSense PHP code. I concluded that it is somewhere in "pf" in real compiled code from pfSense-tools, so I will let the devs get onto it in due course. I'll resist using the compiler as long as I can find interpreted code bugs to fix  ;)

@tim.clarke: applauds Thanks, Bill. You are welcome.  Here is one more link I found where someone did this eons ago for Windows 2000.  This is the Google cached version:  http://webcache.googleusercontent.com/search?q=cache:LqAyrNNeSmQJ:sourceforge.net/p/snort/mailman/message/7666254/+&cd=10&hl=en&ct=clnk&gl=us. The original link appeared to be dead.  Here is the text in case the link is dead for you – -----Original Message----- From: McCammon, Keith [mailto:Keith.McCammon@...] Sent: Friday, July 26, 2002 11:36 AM To: snort-sigs@... Subject: [Snort-sigs] Signature for W2K Login Failure Hey all, I caught that request a few days back for a netbios login failure and started tooling around with the concept of detecting Windows network login failures.  However, I don't have access to any 95/98/NT systems (which I couldn't be happier about), so I couldn't hammer out much netbios.  But I did manage this: alert udp any 88 -> any any (msg: "W2K Kerberos Login Failure"; content: "|24 30 22|"; content: "krbtgt"; dsize: <300; classtype: unsuccessful-user; rev: 1;) If you're running an AD domain (native mode, which uses Kerberos by default), this should catch failed login attempts.  I've done a good bit of testing on a smaller segment without any false positives or negatives. Hopefully you'll have the same results... Cheers Keith    Bill

@dgcom: The issue with cron emails is a know one. I wrote about it before - this is cron's default functionality to send email if any job produces stderr output. The reason why not too many people are complaining is because default pfSense install does NOT have sendmail executable, so no emails are going out. But the moment you install package like arpwatch - it will add sendmail link to special php script used by pfSense - cron will start spamming you (if there are jobs with output). The best solution for this I found is to add this line to crontab file: MAILTO="" Or you can redirect output of most annoying jobs to /dev/null if you are interested in output of some of them… up to you. I'll try that, hope editing cron with the cron editor package won't bounce it out of the file…

Tried DNSsec again (without forward), Hardne glue and Hardn DNSsec Data enabled, got a lot (at log level 3) of those while the browser becomes unresponsive dnspois1.jpg dnspois2.jpg

Did little more work on it [image: ascreencapture-192-168-1-1-phpsysinfo-3-2-0-index-php.png] [image: ascreencapture-192-168-1-1-phpsysinfo-3-2-0-index-php.png_thumb]

BINGO! After doing this the connection came up. As well I went snooping in the switch and updated FW / adjusted strict settings. All good in strict mode now. Thanks MATE!!!! ++REP

@marcelloc: So, SO and pfsense config are fine. Did you captured traffic while using firefox? Most times, we need to close firefox and reopen to get proxy settings changes applied correctly. To test, I rebooted the whole computer, so Firefox was restarted by design ;) What do you mean by "capture traffic while using firefox" ? How can I do that? For now, on the desktops that are using firefox, I made the input manually for the WPAD file in the settings. But I'd really like to make the auto-detect work. Upon searching on the Google, I found out some old articles stating that Firefox does not support the DHCP way to get the WPAD file, it only supports the DNS way. But following this article: https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid I did add a DNS host override like so: http://cl.ly/image/3k382b461r3N So it "works" but not like I wanted it to be.. that is, only setting needed on any computer is to make it auto-detect proxy settings. I tested with IE, Safari and Chrome : all work. Only Firefox is whimsical

If you suspect it's a cacheing issue you could always turn off the cache in Squid and try again. As I've said, it may be worth checking your Squidguard settings and making sure you haven't got an overzealous block in place.

This would come in handy for managing multiple UTMs, especially if there is a package install/update that can be done to 2 or more by a single click. Also if a package configuration change can be pushed to multiple UTMs.

https://forum.pfsense.org/index.php?topic=81014.msg442131#msg442131

@kanters: Hi, I'm running pfsense 2.2 in a VM on Hyper-V. Connected to 2 virtual switches (WAN & LAN). The problem i'm having is that there is no internet connection from the LAN side to the WAN side. I can however connect from the WAN to a website located on the LAN. The problem is, I think, a routing issue. Since my knowledge of routers/firewalls is very basic I kinda need some help with troubleshooting. Please note that my IP address has a gateway that is outside of the subnet. Let me explain this a bit further. I own a server of soyoustart (part of OVH), they are a large company where you can rent dedicated servers. To fix the problem of pfsense not allowing a gateway outside of the IP subnet you have to run the following commands: Lets assume the IP address on my dedicated server (NOT the failover) is 1.2.3.4. In this section i needed to change the last octet to 254. so it would be 1.2.3.254 So i would type in this… route add -net 1.2.3.254/32 -iface em0 <hit enter="">route add default 1.2.3.254</hit> source: http://forum.ovh.co.uk/showthread.php?6507-ESXi-pfSense-and-failover-IP This always used to work with pfSense 2.1.X. Can anybody help me out? ps. I can ping from the pfSense console to the internet Did you add your Gateway in the web interface for the WAN details? I'm also testing 2.2 on Hyper-V at OVH (I've been running 2.0.3 successfully for over a year) and had the same problem. I found that even though you're running the script to add the route etc it also needs the gateway adding in the interface, even though it doesn't work! My 2.2 has been running at OVH for a couple of days now (testing only) and has no problem passing traffic with this configuration. I do still have the calcru error, but I always had that with 2.0.3 too and it never caused an issue.

Hej! So I have replaced now my CF card with a new one and it still has the same behaviour like mentioned in my first post. It reboots every now and then (like minimum every hour once). So I guess it is a problem with the hardware alix-board. What do you recommend as a replacement … my setup is ... one guest wlan (with captive portal) one private lan/wlan (where NAS, network printer, ...) ... and additionally I want to setup VPN, radius-server (for VPN authentication, wireless network authentication and NAS authentication) and a proxy Thanks, Rodney

I've seen this question pop up on this forum before. The only way to bypass a proxy for a specific domain that I know of is to use a proxy.pac file. The browser you use will have a 'automatic proxy configuration' field in the settings. You put the URL for a proxy.pac file that you post on a web server (possibly directly on the pfSense box) and enter instructions in the .pac file to tell the browser whether to use a proxy for a specific domain or to bypass it. The following link should give you some further information on how to do this: http://www.cyberciti.biz/faq/howto-use-auto-config-proxy-pac-file-for-specific-domain/

@pf2.0nyc: Assuming I want to keep my current rules and filtering between all VLANs, would throwing hardware at the problem solve this? Sure. Depending on why hosts are on different subnets/VLANs but still have to be accessible. With an L3 switch some of the routing might be relocated to hardware.

It's ok now. I've just rebooted the modems :D Thanks

Ah what a div.  :-[ Shoulda checked that. Thanks for the hint, that's exactly what it was. I'm more used to iptables I suppose with it's default policy of accept. I've added a rule now letting my test subnets through and all is workink. Can get on to the internet from the host on 192.168.3.0/24 subnet. :)

Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration: always_direct deny all