Unofficial E2guardian package for pfSense
-
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR - -
If you are using transparent proxy and you want any addresses to completely bypass e2guardian, there are places under the Daemon tab in the transparent section to enter bypass ip's.
-
@user43617 said in Unofficial E2guardian package for pfSense:
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR -As @kenrutt mentioned, add the camera IP to the source bypass box under the daemon tab. Then it'll bypass e2guardian completely. Not quite sure why you're getting a NETERROR though.
-
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
-
@user43617 said in Unofficial E2guardian package for pfSense:
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
Source bypass will only work if you're using the transparent filtering option. I've personally stopped using WPAD, transparent filtering can force the traffic through E2 Guardian quite seamlessly.
-
So, does grey and exception listing work in transparent mode?
-
@user43617 said in Unofficial E2guardian package for pfSense:
So, does grey and exception listing work in transparent mode?
Yes, no problem at all. I'm running pretty much everything through transparent proxy. This also allows me to completely bypass the proxy for certain things like Windows updates, or WhatsApp to save resources and keep things efficient.
-
Which list are you using. Shallalalist seems to be missing some things. It is unclear if it, or the french one, is still maintained.
Squidblacklist is interesting. Can anyone attest to its efficacy? Or, in other words, is it worth the price of the subscription?
-
I'm running pfsense 2.4.4-RELEASE-p2, after running the command on page 1, I am still not able to see E2guardian package as an option for install, even after a reboot, what am i missing?
-
@arch113 said in Unofficial E2guardian package for pfSense:
I'm running pfsense 2.4.4-RELEASE-p2, after running the command on page 1, I am still not able to see E2guardian package as an option for install, even after a reboot, what am i missing?
You're missing the patch that enables packages from unofficial sources to be shown.
-
@user43617 said in Unofficial E2guardian package for pfSense:
Which list are you using. Shallalalist seems to be missing some things. It is unclear if it, or the french one, is still maintained.
Squidblacklist is interesting. Can anyone attest to its efficacy? Or, in other words, is it worth the price of the subscription?
I'm currently using https://dsi.ut-capitole.fr/blacklists/ it's French. However works well for English domains too and I've found it to be much better than Shallalist.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@arch113 said in Unofficial E2guardian package for pfSense:
I'm running pfsense 2.4.4-RELEASE-p2, after running the command on page 1, I am still not able to see E2guardian package as an option for install, even after a reboot, what am i missing?
You're missing the patch that enables packages from unofficial sources to be shown.
How do I do that? I ran "fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf"
-
@arch113 Download the system patches package and copy and paste everything in here: https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch
Then give your system a reboot and the packages will show.
-
can anyone tell me how to edit can save e2guardian config so it can survive a gui change or reboot? i need to find where is the default config template. i want to edit bypass = -1, and reportinglevel =2 , doesnt matter wat i select in gui, the conf keep changing to reportinglevel =3
-
This post is deleted! -
@ivanjong If you SSH into pfsense and goto /usr/local/pkg/ you will find template files there. I use winscp to ssh into pfsense. Makes modifying files easy.
-
Marcello 2 have problem
can you help me
1- antivirus not working
Can you share the screenshot of the correct settings?
2-Squid proxy for access.Log can be kept for Mac Address Registration
for example: dvanced features ("Show Advanced Options") -> Custom Options (Before Auth) ->
logfile_rotate 30
debug_options rotate = 30
logformat squid% {% d /% m /% Y_% H:% M:% S} tl%> eui% 6tr%> a% Ss /% 03> Hs% <st% rm% ru% un% Sh /% <A% mt
access_log /var/squid/logs/access_custom.log
I added to the squidparent file does not work. -
Hi!
When i try to enable e2guardian with SSL Filtering, is there any way to avoid other interfaces to get affected except using wpad?
edit*
nvm i successfully applied wpad for my lan2 only and separate my lan1 for blocking on e2guardian while lan2 is for public wifi without no blocking.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
@arch113 Download the system patches package and copy and paste everything in here: https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch
Then give your system a reboot and the packages will show.
I must be doing something wrong, still not showing up for me.
-
Hi all, anyone faicing issues with the realtime tab after update to 5.3.1_1? only 1 gruop is been displayed on the tab, while using e2g format, if I change to squid format everything shows up, all my groups and traffic reported normally on the real time tab
-
@arch113 said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
@arch113 Download the system patches package and copy and paste everything in here: https://github.com/marcelloc/Unofficial-pfSense-packages/blob/master/244_unofficial_packages_list.patch
Then give your system a reboot and the packages will show.
I must be doing something wrong, still not showing up for me.
Send a screenshot of the system patch screen where you copied and pasted the patch.
-
@la6er said in Unofficial E2guardian package for pfSense:
Hi all, anyone faicing issues with the realtime tab after update to 5.3.1_1? only 1 gruop is been displayed on the tab, while using e2g format, if I change to squid format everything shows up, all my groups and traffic reported normally on the real time tab
I use Squid Format and had issues too. Had to switch to E2guardian format temporarily, uninstall E2 Guardian, install again and then switch back to Squid format and then it started to work.
Give this a go the other way around for E2 Guardian format, it is a weird bug but those are the steps that fixed it for me.
-
@arch113 Follow these steps to enable unofficial repos and get E2Guardian to show up:
- Install "patch" package from package manager.
- System > Patches > click "Add New Patch" button.
Description: e2guardian patch
URL/Commit ID: Leave empty
Patch Contents: Copy/Paste all codes from here
Path Strip Count: 1
Base Directory: /
Ignore Whitespace: Clicked
Auto Apply: Clicked - Save and then click "Apply" button.
That's all for now. Now go to shell and add repo of e2guardian by following command.
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf
Go to Package Manager and try to search e2guardian. If you don't see any package reboot system.
-
Can you get the regular http block page for https sites as well?
Without getting the ‘Unable to connect’ browser error -
@wingman said in Unofficial E2guardian package for pfSense:
Can you get the regular http block page for https sites as well?
Without getting the ‘Unable to connect’ browser errorYes you can, however it will require you to enable MITM and install the CA cert on your client devices. This will also allow the phrase detection filters on https sites and allow the proxy to see the full URL.
-
@pfsensation Thank you. I'll give it a shot.
-
@pfsensation
Thank you, finally have it installed. -
@pfsensation Thanks mate. It worked. I had to select sslmitm and automitm in my group. Thanks again.
-
Hi all, another question... is it possible to send the e2guardian logs to a syslog server?
-
Is there a way to forward some website requests to a upstream proxy server?
Say if a user requests google.com that request will go through a proxy. -
@pfsensation is there a way to use old e2g release?
my pfsense box is still on 2.4.1 i cant upgrade it on the latest pfsense release due to ipsec being broken. -
@kenpachizaraki said in Unofficial E2guardian package for pfSense:
i cant upgrade it on the latest pfsense release due to ipsec being broken
?!
Check https://forum.netgate.com/category/17/ipsec
There is like no one complaining about IPSEC being broken in 2.4.4-p2-Rico
-
@Rico we have IPSEC connecting to AWS VPN. We tried the latest release using clean install.
IPSec cant connect.
We tried 2.4.1 then upgrade to 2.4.4, still can not connect to AWS VPN.
I'll try to boot the backup pfsense and upgrade it to get the logs.
Maybe someone could help if i posted the logs..
Will update the thread. -
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
-
@arch113 said in Unofficial E2guardian package for pfSense:
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
Sounds like you have things misconfigured. E2 Guardian has a lot of blocking methods, it's up to you to modify the configs and adapt to your needs and enable it.
My guess is you have something enabled even when you disable the site list. E2G now has a few main blocking methods, Site URL, Phrase weights, Regex and Pics (although not in use much). If you make sure they're all disabled, your blocked site will work.
-
@pfsensation
They all appear to be off -
@arch113 said in Unofficial E2guardian package for pfSense:
I have a weird to me problem. Got the filtering all setup, blocking adult site works, going to playboydotcom, I get the denied page saying its block by category:adult. But if I remove the Enable checkbox from all ACL's (Site, URL, etc), the site is still blocked. If I remove the adult domains from all ACL's, the site is also still blocked by category:adult. Only way I can get to playboydotcom (for example) is to disable the E2guardian service.
The reason this came about is, I am trying to get Software update to work on ipads on the network, i see in the real time log that a really long url starting with updates-http.cdn-apple.com is be denied. When I to the jsut that site, it works, but when I input the actual long url, I get denied by category:/Regular Expression URLs, and for the life of me, can't seem to get around it/unblock it.
It seems whatever config change I put in the pfsense is .ot making to the actual e2guardian config.
I solved it by putting "updates-http.cdn-apple.com" (without quotes) in the Exception Config box in the URL lists ACL.
-
@User43617
I did that too
Its like the config the GUI is 'changing' is not the same config E2guardian is using, although I can turn the daemon off, that part works.
-
@arch113 said in Unofficial E2guardian package for pfSense:
@User43617
I did that too
Its like the config the GUI is 'changing' is not the same config E2guardian is using, although I can turn the daemon off, that part works.
Try a reinstall, see if that corrects the issue. I've been using it for a long time now and it seems to be working perfectly.
-
Hi anyone facing issues with ip ranges? I have tried to configure 10.16.0.10-10.16.0.15 but it does not take it :(