Unofficial E2guardian package for pfSense
-
@ravegen said in Unofficial E2guardian package for pfSense:
Is there a progress on the content scanner fix ?
I've already asked @marcelloc to have a look into it. He believes it could be an ICAP issue, I'm not sure if he's had a chance yet to try implement a fix.
-
@sei-pine said in Unofficial E2guardian package for pfSense:
@pfsensation i leave all lightsquid settings as default (should be fine i guess) but when i try to configure squid and turn off its transparent proxy and mitm (this is interfering with e2guardian so...) lightsquid doesn't log anything.
i dunno, maybe i need to make lightsquid listen to e2guardian ? anyways, i set my e2guardian to keep 20 log files.
You shouldn't have transparent proxy on Squid anyways. Set E2 Guardian log format to Squid and make sure you install the custom Inc file so that light squid listens to E2 Guardian. It's higher up in this thread.
-
@binkec said in Unofficial E2guardian package for pfSense:
@pfsensation
Hi, I was busy past two weeks and I tried to install 2.4.4 again and I can see real time traffic. E2g is working except "weighted phrases". I went trough working configuration(2.4.3) and non working(2.4.4) and I couldn't see any difference.
The only difference is in log,
2.4.4 I have this error:
Nov 25 20:47:12 e2guardian 97044 I seem to be running already!
Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
Nov 25 20:54:23 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 1
Nov 25 20:57:44 e2guardian 75338 listen0_proxy: 1: Error 53 on accept: errorcount 0
Nov 25 21:00:13 e2guardian 15579 I seem to be running already!
Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 1
Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 2
Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 3
Nov 25 21:04:37 e2guardian 20124 listen0_proxy: 1: Error 53 on accept: errorcount 0
Nov 25 21:14:32 e2guardian 62358 I seem to be running already!
Nov 25 21:17:16 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0
Nov 25 21:17:36 e2guardian 3849 listen0_proxy: 1: Error 53 on accept: errorcount 0In working 2.4.3 system there is no error.
RegardsWhich ports are you running E2 Guardian on? Are you using other packages like pfblockerng?
-
@pfsensation
Hi
I am using default port 8080 in direct connect widhout squid, no transparent mode and fresh install, only E2g and sarg on VMWARE. Like I sad I vent trough working config step by step several times and I didn't find any difference, it should be something in E2g.Regards
-
@binkec said in Unofficial E2guardian package for pfSense:
@pfsensation
Hi
I am using default port 8080 in direct connect widhout squid, no transparent mode and fresh install, only E2g and sarg on VMWARE. Like I sad I vent trough working config step by step several times and I didn't find any difference, it should be something in E2g.Regards
Which interfaces are you listening on? Make sure it's set to LAN and localhost. I run my system in VMWare ESXi without any issues.
-
@pfsensation
Hi
I have set to both, are you using "phase list" filtering.
-
@binkec said in Unofficial E2guardian package for pfSense:
@pfsensation
Hi
I have set to both, are you using "phase list" filtering.
Of course, I use black list and phrase list. Phrase based filtering is actually one of the core functions of E2 Guardian and what makes it vastly better than other systems like SquidGuard. I'm on 2.4.4 and haven't had those issues and doesn't look like anyone else has either. So I'd be interested to know why it would happen.
Are you running just vmware work station or ESXi?
Edit: put the HTTP workers up, I have mine at 3072.
-
System working but e2guard access.log not working. I did port 8081, 8082; result same. Why?
-
@plusbil said in Unofficial E2guardian package for pfSense:
System working but e2guard access.log not working. I did port 8081, 8082; result same. Why?
Can you check var/log/e2guardian/access.log and see if it's updating there?
-
Not update. New access.log zero byte. But when I restard pfsense system, e2guard log working.
-
And 3-4 days later again stop.
-
so far so good, the only problem i encounter is each day when sarg stops logging, i need to change time format to American or European then force refresh for sarg to continue logging. its a little hassle but still it works.
btw, till now i still can't figure out how to use the Users tab on E2Guardian or do i need to use LDAP?, need help with this one thanks.
what I've tried so far is to use PFSENSE\(Group name)
(Group Name)\(Account Name)
PFSENSE\(Group Name)\(Account Name)^ Doesn't work
-
@plusbil said in Unofficial E2guardian package for pfSense:
Not update. New access.log zero byte. But when I restard pfsense system, e2guard log working.
Clear the logs file manually, restart E2 Guardian and let me know what you've got your log rotate settings set as. It's been brilliant for me and working without any issues.
-
@sei-pine said in Unofficial E2guardian package for pfSense:
so far so good, the only problem i encounter is each day when sarg stops logging, i need to change time format to American or European then force refresh for sarg to continue logging. its a little hassle but still it works.
btw, till now i still can't figure out how to use the Users tab on E2Guardian or do i need to use LDAP?, need help with this one thanks.
what I've tried so far is to use PFSENSE\(Group name)
(Group Name)\(Account Name)
PFSENSE\(Group Name)\(Account Name)^ Doesn't work
Although I personally haven't used that specific configuration, and I just use groups. You may need to enable a different authentication method to be able to use the users tab. What authentication method have you currently got enabled?
-
@pfsensation ah i see! I was only using local users lmao. I'll try to configure freeradius first, thanks for the info!
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Clear the logs file manually, restart E2 Guardian and let me know what you've got your log rotate settings set as. It's been brilliant for me and working without any issues.
It's been five day. It working for now. I'il try when there's a problem. Thanks...
-
@ravegen said in Unofficial E2guardian package for pfSense:
Is there a progress on the content scanner fix ?
What is our update on this ?
-
@ravegen said in Unofficial E2guardian package for pfSense:
@ravegen said in Unofficial E2guardian package for pfSense:
Is there a progress on the content scanner fix ?
What is our update on this ?
Nothing yet unfortunately. @marcelloc Have you had a chance now to take a look at this problem?
-
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio. -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio.Most of us have known or have come to know how much of a broken mess SquidGuard is. E2 Guardian filtering is much more advanced and granular.
I suggest you report the issues on the E2 Guardian Github page for quicker response/fixes. Thank you for the update, and I'm glad you've got it working with LDAP!
-
@pfsensation hi there!
It seems the issue is related to the pfsense package only (Web GUI -PHP code). There is nothing wrong with the E2guardian binary package at all, so, I could not report it at the e2guardian forum I guess.
Anyway, YES, people should simply forget about squidguard... I am very happy and excited with the results of E2guardian as a Content Filter and etc.
Still investigating the issues with the service/ldap package.Thanks!
Fabricio. -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
@pfsensation hi there!
It seems the issue is related to the pfsense package only (Web GUI -PHP code). There is nothing wrong with the E2guardian binary package at all, so, I could not report it at the e2guardian forum I guess.
Anyway, YES, people should simply forget about squidguard... I am very happy and excited with the results of E2guardian as a Content Filter and etc.
Still investigating the issues with the service/ldap package.Thanks!
Fabricio.Sorry, I meant @marcelloc has his own Github page for E2 Guardian on pfSense issues.
-
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
UPDATE
Hello folks,
I´ve been testing E2Guardian+SQUID with SSO NTLM and it is working REALLY fine.
There are some small/cosmetic issues, but at all, it's working fine.
Issues that I could get so far:
*The LDAP search group/users mechanism has some issues. It seems the script created by the package (see crontab) doesn't have the proper env setting. I tested it assing "sh -c" in front of it, and it resolved the issue.
*The e2guardian service sometimes got stuck.the GUI start/stop/restart icons doesn't work and you have to kill the PID from shell console. It seems it's something related to the "save/apply" process after the LDAP update script runs. I am still investigating.The e2guardian is "really" better than "squidguard" - There is no comparison! Forget about squidguard,
Hope that helps,
Fabricio.Can you share a screenshot of sso ntlm settings?
-
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
-
@pfsensation -
I will contact him for sure. I thought he was writing here to the forum only.
Thanks for the heads up!! -
@fabricioguzzy said in Unofficial E2guardian package for pfSense:
@susamlicubuk
Sure. Here it goes.Keep in mind that I have it like: USER --> E2Guardian --> SQUID --> INTERNET
I have SAMBA in the background (for NTLM)Here E2Guardian Config:
Here SQUID Config:
How are your groups section and your users partition settings?
Please display the screenshot
Can you share the samba settings? -
there you go:
USERS:
SAMBA smb.conf file (replace DOMAIN and DOMAIN.CORP by your actual DOMAIN name)
GROUPS: (in the "masked" LDAP line, you add your Active Directory Server hostname)
-
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
-
@plusbil said in Unofficial E2guardian package for pfSense:
PfSense 2.4.4p2+E2Guardian5 system. Wifi network, whatsapp voice call or video call not working. Realtime log, Tcp_dump/403 https://127.0.0.1
But E5Guardian SSL support disable; smoothly working.
Why?
Age old issue of SSL pinning, apps reject any certs other than the one baked in by the app dev when they built the app. This is to try mitigate the MITM attacks, which is what E2 Guardian does.
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
-
@plusbil said in Unofficial E2guardian package for pfSense:
@pfsensation said in Unofficial E2guardian package for pfSense:
Just make an alias to let Whatsapp bypass E2 Guardian altogether.
Hmmm, thank you.
https://github.com/ukanth/afwall/wiki/HOWTO-blocking-WhatsApp
Is the list up to date?
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
-
@pfsensation said in Unofficial E2guardian package for pfSense:
It's from 2015 so no, just do a packet capture and find the domains it uses. That's what I did to get it working, I tried to post a few of them for you here but it got detected as spam.
I did. Just one address, 54.93.x.x. I opened it for now, it works. I'm gonna have to try, occasionally. :) Thanks...
-
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR - -
If you are using transparent proxy and you want any addresses to completely bypass e2guardian, there are places under the Daemon tab in the transparent section to enter bypass ip's.
-
@user43617 said in Unofficial E2guardian package for pfSense:
I just spun up a new pfSense machine using E2guardian. I was using squid/squidguard in the old firewall. There are quite a few nuances that I don't understand. It was pretty simple to block or allow sites as needed. I think I've figured out how to add new sites to block but am not having success getting them to bypass the filter. I have a camera system that keeps getting blocked with NETERROR as the reason. I've tried adding the source IP to the exceptions in the IP config and the site to ACL/site lists but no change. How does one enter a site to be bypassed?
*edit: It looks like it tries to connect then I see a log entry like this:
192.168.1.x https://127.0.0.1 403 Default NETERROR -As @kenrutt mentioned, add the camera IP to the source bypass box under the daemon tab. Then it'll bypass e2guardian completely. Not quite sure why you're getting a NETERROR though.
-
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
-
@user43617 said in Unofficial E2guardian package for pfSense:
I tried the source bypass and that didn't seem to work. Turning the E2guardian off for a while allowed it to do whatever and worked for that particular problem. There are other sites that are behaving the same (gocomics.com).
I used the instructions at this link to set up E2guardian:
https://lifeoverlinux.com/how-to-block-http-and-https-websites-with-e2guardian/It does not mention using WPAD for setup. I noticed that the instructions on the E2guardian github has a section on using it for ssl filtering. I had WPAd setup for squid/squidguard. Is that the part I'm missing here?
Anyone have a better set of instructions for configuring E2guardian on pfSense that's up to date?
Source bypass will only work if you're using the transparent filtering option. I've personally stopped using WPAD, transparent filtering can force the traffic through E2 Guardian quite seamlessly.
-
So, does grey and exception listing work in transparent mode?
-
@user43617 said in Unofficial E2guardian package for pfSense:
So, does grey and exception listing work in transparent mode?
Yes, no problem at all. I'm running pretty much everything through transparent proxy. This also allows me to completely bypass the proxy for certain things like Windows updates, or WhatsApp to save resources and keep things efficient.
-
Which list are you using. Shallalalist seems to be missing some things. It is unclear if it, or the french one, is still maintained.
Squidblacklist is interesting. Can anyone attest to its efficacy? Or, in other words, is it worth the price of the subscription?