Unofficial E2guardian package for pfSense
-
Hi guys!
Version 0.4.2 is ready for download.
whats new:
-
Included sample logic rotine to html report page, so you can back to original file at any time if you want
-
Improved e2gerror logic and added a denied only log feature to the package
-
Added e2guradian real time tab, processing e2guardian default logs, e2g squid format logs and logs form e2gerror.php page
My real time logs don't show up like this. All the ip's are the same '127.0.0.1' on mine and it doesn't show me the 'detailed denied logs'
-
-
I've managed get the ip's showing by using these settings :
forwardedfor = on usexforwardedfor = on
But how how get it to show the 'Default Denied Log' ?
-
I've started migrating e2guardian package to version 5
according to developer, E2guardian 5 has
-
Direct access mode
-
ICAP mode to work as a 'helper' for squid
-
transparent ssl
It requires a lot of tests and config file changes, so it may take some time.
-
-
I've started migrating e2guardian package to version 5
As v4.1 crashes without squid parent with ssl interception enabled, i decided to remove it from Unofficial 2.4 repo package list
What is working on 0.5.0.5 version
- Direct access mode
I'm using with direct mode access and ssl interception. Until now, no crashes. I'll start including ssl transparent rules code and fix xmlrpc sync.
-
package Version 0.5.0_9
-
Fixed xmlrpc code to sync between master and slave boxes
-
transparent proxy rules
Missing/ Need testing
- ICAP mode to work as a squid helper
I Did a lot of tests with E2guardian as the only proxy installed on pfSense and until now no crashes
A lot of lists and config has changed since v4.1, so testing and feedbacks are always welcome.
-
-
Hi Marcello, i have make tests now with de new version in transparent mode and is working as expected. Only issue is in the log, https is not showing in te real time only http.
Thanks for your work, very nice!
-
Hi Marcello, i have make tests now with de new version in transparent mode and is working as expected. Only issue is in the log, https is not showing in te real time only http.
Thanks for your work, very nice!
https://github.com/e2guardian/e2guardian/issues/359
https://github.com/e2guardian/e2guardian/issues/360These guys work really fast!
Log issues fixed and Unofficial repository updated. 8)
-
Hi Marcello,
you are great! I love V5.
Found a little mistake:
I change logfile format to "squid style". Because I want to you lightsquid to parse logfiles.
In the squid format there is a bug: internal ip of requestor is missing. :-(
Seems this was a bug on V4 who was already fixed, but is in V5 here again.
Another question:
Can someone give me a hint how to send e2guardian access.log to remote server?
I have graylog up and running. The Pfsense Logfiles could be sending to graylog sever, but I have no idea how to send e2guardians log.
Best Regards,
Kai -
Hi Marcello,
you are great! I love V5.
Found a little mistake:
I change logfile format to "squid style". Because I want to you lightsquid to parse logfiles.
In the squid format there is a bug: internal ip of requestor is missing. :-(
Seems this was a bug on V4 who was already fixed, but is in V5 here again.
Addition: Just read about fixed issue in your former post - I´ll give it a try
Another question:
Can someone give me a hint how to send e2guardian access.log to remote server?
I have graylog up and running. The Pfsense Logfiles could be sending to graylog sever, but I have no idea how to send e2guardians log.
Best Regards,
Kai -
try latest pkg version. E2guardian team fixed it today
https://github.com/e2guardian/e2guardian/issues/359
About remote syslog, I did not tried any tool yet.
-
try latest pkg version. E2guardian team fixed it today
https://github.com/e2guardian/e2guardian/issues/359
About remote syslog, I did not tried any tool yet.
I think I made a mistake
some sites do not open
Can you share configuration screenshotsthanks.
-
Other tabs are on default values
-
marcello
congratulations and thanks
I did not test mobile devices but the pc works very well
but realtime logs look empty
why -
I did not test mobile devices but the pc works very well
but realtime logs look empty
whycheck if you box has the e2guardian logs on /var/log/e2guardian.
You can also try to change log type under Report and Logs tab.
-
Amazing performance
-
Marcello
Congratulations on your work
it works fine but it will be my responsibility
Do not have user (ip) site login authorization section? ips only has one group. why?
for example:
192.168.1.10 facebook block
192.168.1.11 facebook pass - youtube block
SquidGuard is very flexible and accomplished in this way
but with SSL proxy problem -
Do not have user (ip) site login authorization section? ips only has one group. why?
for example:
192.168.1.10 facebook block
192.168.1.11 facebook pass - youtube blockJust create another group and change acl combination.
SquidGuard is very flexible and accomplished in this way
Definitely not. You will need more time to understand it's config style but e2guardian config is full featured.
-
Version 5 can really be scaled both horizontally and vertically.
I have a box with 15k working process running really nice.
Amazing work e2guardian team did on it.
-
Version 5 can really be scaled both horizontally and vertically.
I have a box with 15k working process running really nice.
Amazing work e2guardian team did on it.
You're right. I just jumped in today, taking extra precautions. I cloned my pfSense VM twice and then jumped in. So far the transparent proxy is working brilliantly and exactly how I wanted it. I've got my pfSense box entirely virtualised in ESXi and it's running brilliantly so far at home. Hopefully it continues to run stable, I've got it running under Squid for some light caching. In addition to this, when changing the settings around in the GUI, E2Guardian no longer lags or locks up like 4.1, it applies the config nearly instantly and is back up and running.
@Marcelloc could we add some filters to the logs? It would be really useful to go through denied websites based on groups, logs, times and categories. And would help tune E2Guardian better.
-
Here are install instructions for UNOFFICIAL e2guardian package for pfSense(R) software 2.3.x
Install
You can enable Unoffical repo creating or downloading the file below using diagnostics -> command prompt -> Execute Shell Command prompt menu:2.3 AMD64
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.conf
2.3 I386
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficiali386.conf
2.4
fetch -q -o /usr/local/etc/pkg/repos/Unofficial.conf https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/Unofficial.24.conf
After fetching the repo file, you can see these packages under System -> Package Manager
Without enabling Unofficial repo, you can add it using console/ssh with
cd /root fetch https://raw.githubusercontent.com/marcelloc/Unofficial-pfSense-packages/master/pkg-e2guardian/files/install_e2guardian_23.sh sh ./install_e2guardian_23.sh
E2guardian requires a cache/upstream server , so if you do not want to use squid together with e2guardian, point e2guardian proxy configuration to 127.0.0.1 port 8888 to use tinyproxy cache server instead.
http://www.shallalist.de/Downloads/shallalist.tar.gz is one of compatible blacklists for e2guardian. Configure it under blacklist tab.
Once it finishes, all must be in place. If you do not see the menu after it finishes, try to install any pfSense package from GUI, like cron for example.
WARNING
Use it at your own risk.
This script install packages from freebsd and change your config file.
Excellent , i think this is the only i can block based on Page content , am right or wrong ?