Unofficial E2guardian package for pfSense
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url . -
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Some of our government sites. I am accessing them thru browsers and there is no error shown in the log.
Must be a config issue, if it's through a browser it should always work as long as the CA is installed. What about the real time access.log? What does that show?
what do you mean about config issue?
the real time log does not show any block on a particular site or url .So you mean the sites that don't work for you, don't show up on the access log (real time log) at all? If E2 Guardian is blocking it, it will always show up on there. If it's not, your issue is definitely elsewhere.
But if possible provide those URL's so I can test from my side. As far as I'm aware, all sites should work through browser as long as your ACL allows it
Yes, the website doesnt load, doesnt show any e2guardian block error page, doesnt show any error on realtime access log.
But my user says that when she access the website on her house with her own internet connection, she can access the site without problem.
So what I just did was make an alias for it and put that on bypass and that solved the problem.
Although it solves the problem, I still want to know why it is not accessible with pfsense firewall but access from her house. I already checked the firewall rules and no rules particularly blocks such websites.
I have snort running but my snorts purpose is for blocking malwares and the snort block report does not show any ip address related to those sites that failed to load or had error loading.
I ONLY have firewall, e2guardian and snort running on my pfsense. I dont use pfblocker or any other.
I have do use googledns, cloudflaredns and opendns for my firewall dns where my lan and guest use.
-
@ravegen Have you ever tried enter the website that you try to access into the "Bypass for these destination" ips in E2guardian Daemon menu." field. If yes, that means something else blocks (maybe squid if there is). Let me know after you do that.
-
And nothing is showing up in snort?
Snort needs tweaking to work as you get a lot of false/positive alerts. -
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
Were you able to fix this. I have had crashes at least twice daily and pfSense stops all internet even though its connected and has a valid WAN IP. Only fix is to reboot the box.
I shut down e2 and wpad till there is a permanent fix to this.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
-
Snort inspect http/https traffic thats why you will see (http_inspect) some kind of alert in your snort log. And if it get in the log without supressing the rule it blocks access depending of source/destination. This is called tweaking if you read about snort, (http_inspect) has no rules
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
Just do is all a favour, disable snort temporarily. Test if the sites work and you'll have your answer. But I'm telling you now, if it's e2guardian blocking it'll always show up on the log.
-
any kind hearted soul have pfsense 2.4.1 memstick ISO installer?
i haven't found any download for that specific version. can someone share it? :) -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
If it is Snort causing the problem and or blocking the site / url, then I can also checked that on the block tab of Snort and check the IP address where it came from. But the Block Tab also shows nothing in Snort.
-
@ravegen Man, this topic it's getting so longgg. You need to find the problem or you should do what people/experts says. Try these things and after that if it's problem still goes on then maybe problem about dns maybe something else.
- Stop E2guardian, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- Stop Snort, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- If you use Squid ( stop it and try these things)
- Change DNS address of your client (8.8.8.8) try again.
- On firewall give full access with any protocol to the client and try again.
- Try to nslookup on your client to the website. "nslookup website.com" See you can solve website.
After you tried these things, if it's still problem on then we can think something else.
If you stop E2guardian and try to access website. If you still can't access website that means problem not about E2guardian. You should after that open a post about your problem in General Questions tab in forum.
Too many email comes to me about this topic and tired about deleting emails which is about this topic.
Q: How can I unsubscribe from this topic to block emails comes to me when someone reply this topic.
-
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
I think 127.0.0.1 at this moment in time may have bugs with transparent proxy. It's been raised already with E2 Guardian team.
However try adding localhost to bypass or try using the machines IP. Just as a workaround, I haven't run into any issues myself. All my stuff is hosted on servers.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
It’s frustrating now. I tried a clean install but still have the issue with log rotation crash. No internet till I do a full reboot. Any response from @marcelloc ?