Unofficial E2guardian package for pfSense
-
Snort inspect http/https traffic thats why you will see (http_inspect) some kind of alert in your snort log. And if it get in the log without supressing the rule it blocks access depending of source/destination. This is called tweaking if you read about snort, (http_inspect) has no rules
-
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
I have short knowledge of snort however I have configured it against malware and vpn and proxies pretty well but I am not sure what config do I need to tweak or config to check that made those problem i encountered.
Just do is all a favour, disable snort temporarily. Test if the sites work and you'll have your answer. But I'm telling you now, if it's e2guardian blocking it'll always show up on the log.
-
any kind hearted soul have pfsense 2.4.1 memstick ISO installer?
i haven't found any download for that specific version. can someone share it? :) -
@pfsensation said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Now that you've mentioned Snort, that could be it. It's known for over blocking until you tweak it.
When you bypass those URLs snort now sees them from coming from the LAN rather than loopback interface.
Either way, it's unlikely that it's E2 Guardian blocking the site if the user gets no block page, and nothing shows up on the access log.
What do you mean tweak? What to tweak?
Snort. Its unlikely that E2 Guardian is blocking anything here as you get nothing appearing on the log.
If it is Snort causing the problem and or blocking the site / url, then I can also checked that on the block tab of Snort and check the IP address where it came from. But the Block Tab also shows nothing in Snort.
-
@ravegen Man, this topic it's getting so longgg. You need to find the problem or you should do what people/experts says. Try these things and after that if it's problem still goes on then maybe problem about dns maybe something else.
- Stop E2guardian, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- Stop Snort, clear browser cache, kill states of client (pfctl -k 1.1.1.1) and try to access website.
- If you use Squid ( stop it and try these things)
- Change DNS address of your client (8.8.8.8) try again.
- On firewall give full access with any protocol to the client and try again.
- Try to nslookup on your client to the website. "nslookup website.com" See you can solve website.
After you tried these things, if it's still problem on then we can think something else.
If you stop E2guardian and try to access website. If you still can't access website that means problem not about E2guardian. You should after that open a post about your problem in General Questions tab in forum.
Too many email comes to me about this topic and tired about deleting emails which is about this topic.
Q: How can I unsubscribe from this topic to block emails comes to me when someone reply this topic.
-
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation
https://127.0.0.1 403 - Default NETERROR The site requested is not responding
e2g displays the error when someone access local webserver on development computer.
is there any settings were in it will bypass to scan the localhost/127.0.0.1i tried the bypass settings in Daemon tab but its not working.
I think 127.0.0.1 at this moment in time may have bugs with transparent proxy. It's been raised already with E2 Guardian team.
However try adding localhost to bypass or try using the machines IP. Just as a workaround, I haven't run into any issues myself. All my stuff is hosted on servers.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
It’s frustrating now. I tried a clean install but still have the issue with log rotation crash. No internet till I do a full reboot. Any response from @marcelloc ?
-
hey guys, i installed on pfsense 2.4.4 the system patch and created a new patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /I saved it and clicked in TEST and then APPLY but unfortunatley the e2guardian doesn't appeared in Package Manager.
Can someone help me solve this please? thank you!
-
You need to copy the contents of 244_unofficial_packages_list.patch .
Do not use url to package. Click on the link in Github and copy all text in the file and past it into patch contents window. Save it then apply it. -
thank you @kenrutt for your help, but i'm using raw file link, ie it's the same as I use copy/paste code content. I solved the problem, for 2.4.4 version follow the steps:
first of all go to Diagnostics->Command Prompt and put the command: fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf and then click in execute.
then go to packages and install system patch and create a patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /save it and click in TEST and then APPLY.
Go to packages and e2guardian5 will be able to be installed.
thank you
-
@mococanet said in Unofficial E2guardian package for pfSense:
thank you @kenrutt for your help, but i'm using raw file link, ie it's the same as I use copy/paste code content. I solved the problem, for 2.4.4 version follow the steps:
first of all go to Diagnostics->Command Prompt and put the command: fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf and then click in execute.
then go to packages and install system patch and create a patch as:
-description: marcelloc patch
-patch contents: *I pasted this patch: https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/244_unofficial_packages_list.patch
-Patch Strip Count: 1
-Base Directory: /save it and click in TEST and then APPLY.
Go to packages and e2guardian5 will be able to be installed.
thank you
You forgot to install the repo first... On upgrades the unofficial repo gets overwritten.
-
yes @pfsensation the problem was solved.
thank you very much -
@asterix said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@marcelloc I had a look, it looks like e2guardian isn't defined in /etc/inc/service-utils.inc. I attempted to manually define it but wasn't too sure of the parameters. Can you shed some light?
@pfsensation is this resolve already? I will be deploying e2g tomorrow i dont want to have issue on pfsense crashing
On your production system, don't upgrade to 2.4.4 yet. I still haven't been able to resolve that log rotation issue. For me it just crashes E2 Guardian once a day and it restarts itself. Barely even notice it but nevertheless its still an issue.
Going to have to wait for @marcelloc to have a look at this. I tried some fixes but my knowledge of the inner workings of pfsense packages isn't great.
It’s frustrating now. I tried a clean install but still have the issue with log rotation crash. No internet till I do a full reboot. Any response from @marcelloc ?
For me sure E2 Guardian crashes for a second, but it's never so bad that my entire Internet dies until I reboot. Must be something config related, my block page is hosted separately on another nginx instance using the WPAD package. Maybe that's it?
I've already let Marcello know about the issue, and I'm sure he knows as well from his own systems. For the time being, I am log rotating using Cron, yeah it's a bit of a pain. But at the end of the day, we have to realise that all the people who contribute to E2 Guardian, including myself do it in our spare time. Sometimes life gets in the way, sometimes work gets in the way. But things will be back to normal again, we just need to be patient.
EDIT: Here's the simple command I'm using to literally wipe the access.log roughly every 8 hours (obviously scale this to meet your needs):
echo -n "" > /var/log/e2guardian/access.log -
anybody had success on e2g with mutli wan setup with vlan?
currently im using e2g with multi-wan setup + vlan. i had observed that when it is enabled, bandwidth would be maxed out.
some vlan gateways are routed to specific ISP_1 but strangely it affects the bandwidth of ISP_2. -
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
anybody had success on e2g with mutli wan setup with vlan?
currently im using e2g with multi-wan setup + vlan. i had observed that when it is enabled, bandwidth would be maxed out.
some vlan gateways are routed to specific ISP_1 but strangely it affects the bandwidth of ISP_2.That sounds odd, E2 Guardian doesn't support multi WAN yet. Are you using VLANs on WAN side of your pfSense?
I've got it working on the LAN side but I've not tested the WAN side yet.
-
@pfsensation using vlan on the LAN side.
hhmmm maybe that's the issue...e2g does not support multi-wan - multi ISP setup. -
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation using vlan on the LAN side.
hhmmm maybe that's the issue...e2g does not support multi-wan - multi ISP setup.Ahhh that makes sense, your previous message wasn't too clear. If you're using E2 Guardian, and have transparent mode enabled it'll try to route the traffic through it. If you then have other rules outside E2 Guardian they maybe clashing with each other and hence why you're seeing traffic on both WAN lines.
-
@pfsensation ill try to setup vlan with no rules in it and ill check the usage on both ISP.
-
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
@pfsensation ill try to setup vlan with no rules in it and ill check the usage on both ISP.
That'll probably eliminate the issues with activity seen on the second WAN link but the issues persists. E2guardian doesn't support multi WAN yet.