Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unofficial E2guardian package for pfSense

    Scheduled Pinned Locked Moved Cache/Proxy
    1.2k Posts 70 Posters 1.5m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mr. Jingles
      last edited by

      @Mr.:

      Thank you, pfsensation  :)

      Of course, by now I have no clue which directories  ;D

      Would you know?

      Thank you.

      I see you are online, pfsensation: would you know which directories?

      Thank you :D

      6 and a half billion people know that they are stupid, agressive, lower life forms.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        @Mr.:

        would you know which directories?

        run on console/ssh:

        /usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
        

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          Mr. Jingles
          last edited by

          @marcelloc:

          @Mr.:

          would you know which directories?

          run on console/ssh:

          /usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
          

          Thank you Marcello.

          It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.

          It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?

          e2guardian_005.jpg
          e2guardian_005.jpg_thumb
          e2guardian_006.jpg
          e2guardian_006.jpg_thumb

          6 and a half billion people know that they are stupid, agressive, lower life forms.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Post the results of

            ls -l /usr/local/etc/dansguandian/lists/blacklists
            

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • M
              Mr. Jingles
              last edited by

              @marcelloc:

              Post the results of

              ls -l /usr/local/etc/dansguandian/lists/blacklists
              

              Thank you Marcello.

              I changed it into dansguaRdian, but it comes back with:

              
              ls: /usr/local/etc/dansguardian/lists/blacklist: No such file or directory
              

              6 and a half billion people know that they are stupid, agressive, lower life forms.

              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                Sorry for the typo

                It's```

                ls -l /usr/local/etc/e2guardian/lists/blacklists

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • P
                  pfsensation
                  last edited by

                  @Mr.:

                  @marcelloc:

                  @Mr.:

                  would you know which directories?

                  run on console/ssh:

                  /usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
                  

                  Thank you Marcello.

                  It downloads fine. I then do the same save/reapply/save/apply, and we get the same errors.

                  It perhaps indeed is what pfsensation said, a permission/directories problem. Which directories?

                  My E2Guardian is now fully working fine, without crashes. However -HOST- shows DNS error and setting "log client hostnames" under general tab causes the daemon to crash. So make sure you check chose things first

                  These are the steps I took to properly fix the crashes, probably all of them together made it work:

                  • First uninstalled and reinstalled E2Guardian
                  • Downloaded the blacklist and applied it under the blacklists tab
                  • Opened up FileZilla (FTP Client) navigated over to : /usr/local/etc/e2guardian Then set permissions to 644, recursively into all directories within it too. You can do this via SSH also, but I prefer using an actual FTP client, that way I can see all the files and directories in a GUI.

                  After that, I gave the entire pfSense box a restart, and it seems to be working. I've had it running for a day with MITM.

                  Try the following out, and see if it works for you.

                  @Marcelloc, can you write an update on GitHub regarding the blacklist category issue? I'm not fully aware of what you tried to fix it, but it doesn't seem to be fixed until now, even for you (can see from screenshots) : https://github.com/e2guardian/e2guardian/issues/244

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • M
                    Mr. Jingles
                    last edited by

                    Thank you Marcello, and thank you pfsensation  :)

                    I've attached the output of Marcello's ls command. I will next try what pfsensation suggested.

                    Thank you.

                    e2guardian_007.jpg
                    e2guardian_007.jpg_thumb

                    6 and a half billion people know that they are stupid, agressive, lower life forms.

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles
                      last edited by

                      :-[ :-[ :-[

                      I did:

                      [code]
                      chmod -R 644 /usr/local/etc/e2guardian
                      /usr/local/bin/php /usr/local/www/e2guardian.php fetch_blacklist
                      Then I did reapply blacklist, save, daemon tab - save: still nothing, service still doesn't start:

                      | Jul  1 03:30:56 | php-fpm | 87924 |

                      /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 20480 -> 20480 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/urls: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/urls Error reading: /usr/local/etc/e2guardian/lists/bannedurllist.g_Default Error opening bannedurllist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error in reading filter group files Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian' [/q][/t][/t]

                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        Access your acls under url tab and check what is enabled.  It's looking for a file that doesn't exists on shallalist.

                        Select categories that shows under include select combo box. They are from current applied blacklist.

                        There is no need to change file permission.

                        banned_url.PNG
                        banned_url.PNG_thumb

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • M
                          Mr. Jingles
                          last edited by

                          Thank you for your reply, Marcello  :)

                          I'm trying to understand what you mean with " It's looking for a file that doesn't exists on shallalist".

                          In the top Include box I can select, for example, adv urls, spyware urls, tracker urls. However, in the next Config box, none of these exist. What does this mean? what do I need to do here then?

                          Per your: "Select categories that shows under include select combo box. They are from current applied blacklist"

                          Could you give a concrete example?

                          Thank you very much for your help  :P

                          6 and a half billion people know that they are stupid, agressive, lower life forms.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            Take a look or send a screenshot on the same field I've pushed on my last post.

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • T
                              techbee
                              last edited by

                              hi marcelloc,

                              could you possible update your setup and configuration procedure so that it is up to date and tidy up.

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                @techbee:

                                hi marcelloc,

                                could you possible update your setup and configuration procedure so that it is up to date and tidy up.

                                On a clean install, just save setup on GUI and use.
                                With previous install, check error messages.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • P
                                  pfsensation
                                  last edited by

                                  Just an update,

                                  My E2 Guardian has now been rock solid after the last update. However - HOST- shows dns error, not sure why because in my pfSense DHCP leases it shows the host name.

                                  Also Marcello, I replied to the transparent proxy issue you reported on GitHub. Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).

                                  Thank you for bearing with me, and pushing out the necessary updates.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    jetberrocal
                                    last edited by

                                    @pfsensation:

                                    Just an update,

                                    My E2 Guardian has now been rock solid after the last update. However - HOST- shows dns error, not sure why because in my pfSense DHCP leases it shows the host name.

                                    Also Marcello, I replied to the transparent proxy issue you reported on GitHub. Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).

                                    Thank you for bearing with me, and pushing out the necessary updates.

                                    Did you tried this:
                                    https://www.howtogeek.com/295048/how-to-configure-a-proxy-server-on-android/

                                    You hardcode the proxy values or enter the url of the PAC file.

                                    1 Reply Last reply Reply Quote 0
                                    • marcellocM
                                      marcelloc
                                      last edited by

                                      @pfsensation:

                                      Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).

                                      I'm using this way for transparent proxy with no MITM

                                      https://forum.pfsense.org/index.php?topic=128116.msg730725#msg730725

                                      For MITM clients I'm using WPAD.

                                      Treinamentos de Elite: http://sys-squad.com

                                      Help a community developer! ;D

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        Mr. Jingles
                                        last edited by

                                        @marcelloc:

                                        Take a look or send a screenshot on the same field I've pushed on my last post.

                                        Thank you Marcello.

                                        Ok, I've only selected porn (pic8).

                                        In config, it says this (txt).

                                        There is something else weird: in include there are sections that are available in config. For example, spyware and hacking are available in include, but not in config (see pic9 and *.txt).

                                        e2guardian_008.jpg
                                        e2guardian_008.jpg_thumb
                                        e2guardian_009.jpg
                                        e2guardian_009.jpg_thumb
                                        e2guardian_config.txt

                                        6 and a half billion people know that they are stupid, agressive, lower life forms.

                                        1 Reply Last reply Reply Quote 0
                                        • P
                                          pfsensation
                                          last edited by

                                          @marcelloc:

                                          @pfsensation:

                                          Since Phillip will add the feature in V5 do you know if we can use pfSense to redirect the traffic for now? I've been successful in doing it for port 80 (HTTP) but not port 443 (HTTPS).

                                          I'm using this way for transparent proxy with no MITM

                                          https://forum.pfsense.org/index.php?topic=128116.msg730725#msg730725

                                          For MITM clients I'm using WPAD.

                                          Hmm, without WPAD can you force clients to use E2Guardian proxy for HTTPS using pfSense rules? So for guest devices I don't MITM, but I still want them to go through proxy for URL based filtering + caching via squid. I don't want to solely rely on WPAD, because it only seems to work well on Windows, however on IOS it works hit and miss, and Android doesn't WPAD functionality at all.
                                          It can be done for sure, but I just want to know if we can use pfSense rules as it is, since I'm only having luck with NAT redirecting port 80 traffic.

                                          1 Reply Last reply Reply Quote 0
                                          • marcellocM
                                            marcelloc
                                            last edited by

                                            @Mr.:

                                            Ok, I've only selected porn (pic8).

                                            In config, it says this (txt).

                                            The GUI package does not include any .Include to text fields under ACL tab. All you see are default configuration for a stock e2guardian bsd binaries.

                                            All you select under include combo will reflect on filtergroup file, that does not appears on GUI.

                                            Treinamentos de Elite: http://sys-squad.com

                                            Help a community developer! ;D

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.