Netgate Forum

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

T

IP-Blocklist

pfSense Packages
• • • tommyboy180

496

0
Votes

496
Posts

448.8k
Views

J

I cannot remove ip-blocklist in 1.2.2. Is there a way to remove or uninstall it using terminal? Thanks
M

Dansguardian package for 2.0

pfSense Packages
• • • marcelloc

492

0
Votes

492
Posts

425.7k
Views

C

if you really need ClamAV, use Squid 3-Dev. Works for me using i386 firmware..

I've read the link you sent but still dont get this statement: The "core team" now compile the packages.

try https://lists.pfsense.org/mailman/listinfo/dev if you want to send an email to the pfsense developers or post a bug on redmine.pfsense.org
M

Sarg package for pfsense

pfSense Packages
• • • marcelloc

467

0
Votes

467
Posts

452.2k
Views

Y

@marcelloc

Hello, Marcelo:

Do you know how to install SARG in
Hello, Marcelo:

Do you know how to install SARG in pfsense 2.4.4, FreeBSD 11.2-RELEASE-p3 ?

Thanks,
Yosvany
M

Squid3 - New GUI with sync, normal and reverse proxy

Cache/Proxy
• • • marcelloc

428

0
Votes

428
Posts

435.9k
Views

P

Ok, clear and understood. 8)
N

How to get pfSense WAN to accept VLAN 0

General pfSense Questions
• • • natbart

414

1
Votes

414
Posts

176.7k
Views

N

@stephenw10 had a backup machine I upgraded... tested and then upgraded active system.

Still have a question on if backup config file should be in root of FAT32 partition or in E:\config\ -> I had it in both.

Process I followed was to:
change interface to em0 pre-upgrade and disable the shellcmd script. Take backup and upload to usb key Connect my Bell MTS ONT to pfSense Reboot and install new
This found the config, recognized and got internet DHCP address for WAN on em0 and installed packages as there was an active internet connection.

No other config changes were needed.

This has been quite a journey from when I first started this thread! Glad to see my script is no longer needed.
E

DHCP + PPTP on WAN

Russian
• • • Eugene

402

0
Votes

402
Posts

426.6k
Views

V

@werter said in DHCP + PPTP on WAN:

Добрый.
У Билайна есть особенность - ip-адрес его pptp-сервера может меняться при каждом подключении.
Скрины настроек lan + wan + pptp. Также скрины настроек dns.

Зы. Свяжитесь с ТП Билайна. Возможно что у них есть и др. типы подключения (ipoe, pppoe, dhcp etc).

Рабочий патч для PPTP/L2TP на DHCP WANе есть в https://forum.netgate.com/topic/164614/pfsense-2-4-5-p1-l2tp-server-ip-resolve-from-fqdn-during-boot-issue
R

Firebox LCD Driver for LCDProc

Hardware
• • • ridnhard19

398

0
Votes

398
Posts

381.4k
Views

D

@stephenw10 yea, very strange. It seems to me that the lcdproc service window where you set that information isn't copying and saving that information.
Thanks again
1

Вопросы новичка по pfsense

Russian
• • • 1041107210881089

398

0
Votes

398
Posts

337.8k
Views

L

@pigbrother Для конкретных IP. А для других конкретных IP прибиваем гатвей гвоздями и бай-бай Firewall / NAT / Port Forward
R

OpenVPN PKI: Site-to-Site инструкция для обсуждения

Russian
• • • rubic

376

0
Votes

376
Posts

174.3k
Views

P

@Oleg2017:

Не подскажите как у вас настроено на одном сервере два микротика. У меня при этом пингуется только один (пингуется из сети за pfsense-ом) . Тот чья сеть указана в IPv4 Remote network(s) на сервере.

Так сервер на то и сервер, чтоб обслуживать множество клиентов, не создавать же сервер для каждого.
То, что за клиентом - сеть, значения не имеет.

Сервер
В IPv4 Remote network(s) - обе сети за Микротиками через запятую - a.a.a.a/24, b.b.b.b/24 (хотя я исторически использую вместо Pv4 Remote network(s) директиву route в advanced).

Сlient Specific Overrides
Обязательно для каждого клиента Микротика в IPv4 Remote Network/s - сеть за этим Микротиком в виде a.a.a.a/24, а в Advanced
push route "b.b.b.b 255.255.255.0 x.x.x.1"
где
b.b.b.b 255.255.255.0 - сеть за другим Микротиком
x.x.x.1 - IP "серверного конца" OVPN туннеля. Это - ключевой момент, без него маршрут в сеть за другим Микротиком не будет воспринят.

В IPv4 Local Network/s сети b.b.b.b быть не должно.

Для второго Микротика - по аналогии
B

Traffic shaper changes [90% completed, please send money to complete bounty]

Completed Bounties
• • • billm

375

0
Votes

375
Posts

438.6k
Views

C

This bounty is completed, for support, head to the 2.0 board.
M

Pacote não oficial E2guardian para software pfsense® - Adeus squidguard :D

Portuguese
• • • marcelloc

373

0
Votes

373
Posts

219.6k
Views

S

@gfcf Estou tendo o mesmo problema. Alguma solução?
Z

UPnP support

Expired/Withdrawn Bounties
• • • ZPrime

363

0
Votes

363
Posts

362.9k
Views

B

Thanks, why didn't I see this in the first place ::)
Shame on me.
All looks good now.
D

IPv6 testing

IPv6
• • • databeestje

357

0
Votes

357
Posts

261.7k
Views

D

Lion has a dhcp6 client, that wasn't there before, thus more addresses assigned.
B

TIB5651Tr yazılımı (Static-Dynamic-Elle girilen kayıt dışı IP Raporlama)

Turkish
• • • Bulo

348

1
Votes

348
Posts

233.1k
Views

M

merhaba,
çok uzun süredir herhangi bir hareket olmamış ama buna tekrar ihtiyacım oldu. kurulum dosyalarının olduğu sıkıştırılmış dosyayı nereden temin edebilirim?
M

Tutorial: Configuring pfSense as VPN client to Private Internet Access

OpenVPN
• • • mpboden

348

1
Votes

348
Posts

394.2k
Views

P

great tutorial, thank you!
are these instructions still valid for the current version of pfSense?
J

Snort 2.9.2.3 pkg v. 2.5.0 Issues

pfSense Packages
• • • judex

331

0
Votes

331
Posts

205.3k
Views

S

I see a lot of false positives on my systems. It annoys me like hell tbh.

#(http_inspect) UNKNOWN METHOD
suppress gen_id 119, sig_id 31
#(http_inspect) SIMPLE REQUEST
suppress gen_id 119, sig_id 32
(http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE
suppress gen_id 120, sig_id 3
(http_inspect) INVALID CONTENT-LENGTH OR CHUNK SIZE
suppress gen_id 120, sig_id 8
#PSNG_TCP_PORTSWEEP
suppress gen_id 122, sig_id 3
#ET MALWARE Suspicious FTP 220 Banner on Local Port (spaced)
suppress gen_id 1, sig_id 2011124
#ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
suppress gen_id 1, sig_id 2002994
#PSNG_TCP_PORTSWEEP_FILTERED
suppress gen_id 122, sig_id 7
#ET SCAN Rapid IMAP Connections - Possible Brute Force Attack
suppress gen_id 1, sig_id 2002994
#FILE-IDENTIFY download of executable content
suppress gen_id 1, sig_id 11192
#FILE-IDENTIFY Portable Executable binary file magic detected
suppress gen_id 1, sig_id 15306
#ET POLICY PE EXE or DLL Windows file download
suppress gen_id 1, sig_id 2000419
#ET INFO Packed Executable Download
suppress gen_id 1, sig_id 2014819

#FILE-IDENTIFY Portable Executable binary file magic detected
suppress gen_id 1, sig_id 15306

This is my suppress list, but its not nearly as long as it should be!

(http_inspect) IIS UNICODE CODEPOINT ENCODING - 02/22-03:06:06 is triggered.

FILE-IDENTIFY download of executable content - 02/02-06:01:51
ET INFO Packed Executable Download - 02/02-06:01:51
ET POLICY PE EXE or DLL Windows file download - 02/02-06:01:51
FILE-IDENTIFY Portable Executable binary file magic detected - 02/02-06:01:51

Is triggered on whitelisted SRC IP's. It blocks Windows Update among other things.

So snort is in my view not working as it should and its CORE functionality for a modern FW.
L

Kernel Panic

2.0-RC Snapshot Feedback and Problems - RETIRED
• • • LostInIgnorance

325

0
Votes

325
Posts

226.7k
Views

C

locking this thread because people keep hijacking it, the original issue is resolved, start a new thread if you have an issue.
C

FreeSWITCH package for pfSense 1.2.1 and 2.0 released. PBX or Proxy

pfSense Packages
• • • cybrsrfr

314

0
Votes

314
Posts

274.6k
Views

D

Running PFSense 1.2.3-RELEASE

Having an issue when WAN IP address changes, even with an all LAN config.

php: : pfSense package system has detected an ip change x.x.x.x -> x.x.x.x … Restarting packages.
php: : The FreeSWITCH package is missing required dependencies and must be reinstalled.
php: : Resyncing configuration for all packages.

The service wont restart automatically, I have to go and restart it manually.
M

Mailscanner + spamassassin + clamav package

pfSense Packages
• • • marcelloc

313

0
Votes

313
Posts

255.6k
Views

D

@marcelloc

Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:

MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731

Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.

Runas user on MailScanner.conf and clamd.conf is postfix.

Also mailscanner logs display syntax errors:

Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.

Please Help.
M

Squid 3.3.4 package for pfsense with ssl filtering

Cache/Proxy
• • • marcelloc

305

0
Votes

305
Posts

284.1k
Views

I

Dear , I'm new to this, but fix this problem by simply checking the "Do not verify the remote certificate " located in Man SSL option menu in the filtering.

SSL Man Int the Middle Filtering>Remote cert checks> check "Do not verify remote certificate".