Unofficial E2guardian package for pfSense
-
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
Were you able to fix this. I have had crashes at least twice daily and pfSense stops all internet even though its connected and has a valid WAN IP. Only fix is to reboot the box.
I shut down e2 and wpad till there is a permanent fix to this.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
-
Snort inspect http/https traffic thats why you will see (http_inspect) some kind of alert in your snort log. And if it get in the log without supressing the rule it blocks access depending of source/destination. This is called tweaking if you read about snort, (http_inspect) has no rules
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
Just do is all a favour, disable snort temporarily. Test if the sites work and you'll have your answer. But I'm telling you now, if it's e2guardian blocking it'll always show up on the log.
-
any kind hearted soul have pfsense 2.4.1 memstick ISO installer?
i haven't found any download for that specific version. can someone share it? :) -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
If it is Snort causing the problem and or blocking the site / url, then I can also checked that on the block tab of Snort and check the IP address where it came from. But the Block Tab also shows nothing in Snort.
-
@ravegen Man, this topic it's getting so longgg. You need to find the problem or you should do what people/experts says. Try these things and after that if it's problem still goes on then maybe problem about dns maybe something else.
- Stop E2guardian, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- Stop Snort, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- If you use Squid ( stop it and try these things)
- Change DNS address of your client (8.8.8.8) try again.
- On firewall give full access with any protocol to the client and try again.
- Try to nslookup on your client to the website. "nslookup website.com" See you can solve website.
After you tried these things, if it's still problem on then we can think something else.
If you stop E2guardian and try to access website. If you still can't access website that means problem not about E2guardian. You should after that open a post about your problem in General Questions tab in forum.
Too many email comes to me about this topic and tired about deleting emails which is about this topic.
Q: How can I unsubscribe from this topic to block emails comes to me when someone reply this topic.
-
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
I think 127.0.0.1 at this moment in time may have bugs with transparent proxy. It's been raised already with E2 Guardian team.
However try adding localhost to bypass or try using the machines IP. Just as a workaround, I haven't run into any issues myself. All my stuff is hosted on servers.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
It’s frustrating now. I tried a clean install but still have the issue with log rotation crash. No internet till I do a full reboot. Any response from @marcelloc ?
-
hey guys, i installed on pfsense 2.4.4 the system patch and created a new patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /I saved it and clicked in TEST and then APPLY but unfortunatley the e2guardian doesn't appeared in Package Manager.
Can someone help me solve this please? thank you!
-
You need to copy the contents of 244_unofficial_packages_list.patch .
Do not use url to package. Click on the link in Github and copy all text in the file and past it into patch contents window. Save it then apply it. -
thank you @kenrutt for your help, but i'm using raw file link, ie it's the same as I use copy/paste code content. I solved the problem, for 2.4.4 version follow the steps:
first of all go to Diagnostics->Command Prompt and put the command: fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf and then click in execute.
then go to packages and install system patch and create a patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /save it and click in TEST and then APPLY.
Go to packages and e2guardian5 will be able to be installed.
thank you
-
@mococanet said in Unofficial E2guardian package for pfSense:
thank you @kenrutt for your help, but i'm using raw file link, ie it's the same as I use copy/paste code content. I solved the problem, for 2.4.4 version follow the steps:
first of all go to Diagnostics->Command Prompt and put the command: fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf and then click in execute.
then go to packages and install system patch and create a patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /save it and click in TEST and then APPLY.
Go to packages and e2guardian5 will be able to be installed.
thank you
You forgot to install the repo first... On upgrades the unofficial repo gets overwritten.
-
yes @pfsensation the problem was solved.
thank you very much