Pfsense WOL and temperature monitoring
-
Hi! I am new to this forum and recently installed pfSense on my "gateway" machine only to discover that pfSense is the best firewall/router distro out there!
I have a few questions for the pfSense community! For those who don't feel to answer all three questions, please consider 1 & 2 to be priorities.
1- I would like to wake-on-lan one of my networked machines on a scheduled basis. Basically, I installed the Cron package in my pfSense machine and created an entry. The command I am trying to run is simply "wol XX:XX:XX:XX:XX:XX"… My problem is that it doesn't work... From the Services menu -> Wake on LAN, I created an entry and it works from there. Waking up the machine from that web page also works. Going through Diagnostics -> Command and entering "wol XX:XX:XX:XX:XX:XX" also fail. Basically it seems that from the WOL menu is the only way to wake up that machine. Trying from other machines on the network will also work. Whats wrong?
2- I read on some documentation web page that sysctl -w hw.acpi.thermal would list the thermal "entries' (?) from the ACPI daemon or what ever it is (you see I am pretty green in that). Is there a way to actually trigger an alarm or send an email if the temperature goes above a certain threshold? Entering sysctl -w hw.acpi.thermal will output:
$ sysctl -w hw.acpi.thermal hw.acpi.thermal.min_runtime: 0 hw.acpi.thermal.polling_rate: 30 hw.acpi.thermal.user_override: 1 hw.acpi.thermal.tz0.temperature: 55.0C hw.acpi.thermal.tz0.active: -1 hw.acpi.thermal.tz0.passive_cooling: 0 hw.acpi.thermal.tz0.thermal_flags: 1 hw.acpi.thermal.tz0._PSV: 30.0C hw.acpi.thermal.tz0._HOT: 70.0C hw.acpi.thermal.tz0._CRT: 90.0C hw.acpi.thermal.tz0._ACx: -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 hw.acpi.thermal.tz0._TC1: -1 hw.acpi.thermal.tz0._TC2: -1 hw.acpi.thermal.tz0._TSP: -13- I would like to block some specific websites (namely my ISP DNS hijack website) and some other sites I dont want other family members to access. I also read somewhere that squidGuard would do it. I installed it and under Services -> Proxy filter -? Blacklist URL, I entered the address of the ISP DNS hijack to test, but it does not works. What would be the proper way to completely block anything that comes from those sites? I guess using the IP wouldnt work because they have some complex network infrastructures….
Thanks in advance for input!
-
For 1), try:
wol -i x.x.x.255 XX:XX:XX:XX:XX:XXWhere x.x.x.255 is the broadcast address for your subnet.
For 2), there isn't a way to generate an alert based on that in the GUI. If you want to maintain something in /etc/devd.conf to catch the ACPI events, that can be done.
For 3), you need both squid and squidguard, and they must all be setup properly. There are howtos and tutorials here on the forum and on the doc wiki.
-
Bump!?!?
Nobody knows??
-
I addressed all three points of your original post. Was there something about my reply that wasn't sufficient?
-
jimp, Sooo sorry for that, for some reasons, yesterday when I looked at this thread, I completelymissed your reply and never got an email informing me of your reply….
Sorry ! I'll try what you suggested and post back the findings!
THanks again!
-
hey jimp,
I tried the #3 (squidguard). Basically, I installed both squid and squidguard, and configured everything. It all seems OK. I added some URL's in the Proxy Server > Access Control tab > Blacklist thinking this would help to get rid of the annoying popups I have while navigating the web with firefox ( I dont care if it opens a popup, but I dont want to get the content and all the animations such as flash , shockwave, etc…) but it doesnt work.
I also added the address of my ISP DNS hijacking webpage but it doesnt seems to work out either. If I mis-spell a web address, I still get the ISP webpage...
Is what I am doing the proper way to PREVENT content from specific addresses or domains from ENTERING my domain?
-
It's easy to get the config of squidguard wrong. There are several tutorials/howtos here on the forum and on the Doc wiki. I'd double check to make sure you have all of the settings right.
As for your ISP's DNS hijack page, you could switch to Google Public DNS (8.8.8.8 / 8.8.4.4) and be rid of that.
-
jimp,
unless I did not perform the proper steps, I am still experiencing problems with Squid & squidguard. They dont block what I would like to block. I followed the instructions on http://doc.pfsense.org/index.php/SquidGuard_package and downloaded a blacklist and configured just like this page says…
basically, to recap with only the relevant options:
my "proxy server" settings:
GENERAL TAB
Proxy interface: WAN
Enable Logging: Checked
Proxy port: 3129
What to do with requests that have whitespace characters in the URI: strip
Custom options: redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3ACCESS CONTROL TAB
Blacklist field: I have a bunch of addresses there (domains I dont want to enter my network)my "proxy filter" settings:
GENERAL SETTINGS TAB
Enable: Checked with SquidGuard service state: STARTED
Blacklist: Checked
Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gz
View GUI log: Checked (and tons of messages there)DEFAULT TAB
Destination rules: I customized the rules by selecting deny to most but not all of them
Not to allow IP addresses in URL: Checked
Redirect mode: int error page
Redirect info: "This page has been blocked by NETSERVER/SquidGuard because of inappropriate content."
Enable log: CheckedAll other options or configurations are either not activated or disabled so I did not include them in this post to reduce the size of it…
One strange thing is that in the "Log" tab of the Proxy filter, If I select "squidGuard log" I get "squidguard_log report disabled" ?? Why's that?
Second problem is associated with the Automated WOL.... Simply I created a Cron entry to awake the server as desired. At first, I simply entered a new cron entry and in the command field, I entered: wol -i 192.168.0.101 00:16:17:72:ae:d7 but it never worked... I tried to wake up the server via pfsense in the "diagnostic -> Command" tab and it worked! proof that the command works.
Then I tried something else. I created a script /usr/local/sbin/wol_lhost2.sh and modified the cron entry to [ 00 15 * * 1-5 root /usr/local/sbin/wol_lhost2.sh ] to wake up the server at 3PM… the script is executable (-rwxrwxrwx 1 root wheel 48 Aug 9 17:09 /usr/local/sbin/wol_lhost2.sh) but it still does not work... whats wrong?? The content of the script wol_lhost2.sh is pretty straight forward:
#!/bin/sh
wol -i 192.168.0.101 00:16:17:72:ae:d7Any clue?
-
@lpallard:
Then I tried something else. I created a script /usr/local/sbin/wol_lhost2.sh and modified the cron entry to [ 00 15 * * 1-5 root /usr/local/sbin/wol_lhost2.sh ] to wake up the server at 3PM… the script is executable (-rwxrwxrwx 1 root wheel 48 Aug 9 17:09 /usr/local/sbin/wol_lhost2.sh) but it still does not work... whats wrong?? The content of the script wol_lhost2.sh is pretty straight forward:
#!/bin/sh
wol -i 192.168.0.101 00:16:17:72:ae:d7Any clue?
In your shell script try specifying a complete path to wol instead of just wol. On my pfSense system the shell command which wol shows the complete path to wol is /usr/local/bin/wol so I'm suggesting you replace wol in the shell script by /usr/local/bin/wol.
-
wallabybob, adding the path of wol was a really good call… I should have got this one but ... hey just human I guess! Thanks!
Do you have an idea about my squid problem?
-
@lpallard:
Do you have an idea about my squid problem?
Sorry, I don't have any squid experience.
-
wallabybob, absolutely no problem about the squid problem… i'll keep searching around and hopefully I'll found it! Have you used ntop before?? I am only searching for a way to modify the beginning date of the monthly bandwidth report.... My ISP contract stipulates that my month starts on the 4th of every month (and ends up on the 3rd...)
ntop says:
Global Traffic Statistics: Sampling Since Sat Aug 7 21:40:25 2010 [11 days 11:56:54]
and under "Traffic": Total 20.1 GBytes [32,849,437 Pkts]4 questions:
1-How do I modify the sampling since date?
2-Is the sampling based on a monthly cycle? In the ntop page where I got the data above, there is no mention of monthly, annually or whatever else…
3-Is the "Total" based on both upload & downloads? In other words, is the total account for al traffic going through the wan interface?
4-Is there a way to generate an alarm or an email if the bandwidth approach or meets a threshold?Thanks!!
-
Strangely, yesterday when I tried what you suggested (adding the absolute path of wol to the command), it worked, and I set the cron job to 4PM (16.00) everyday. Today, at 3.55PM, I was randomly chatting on my laptop and suddenly remembered that normally, my server should wake up at 4PM.. it didnt…. I wonder why!?
I tried to manually launch the script via the pfsense web config (command) but it did not work. I noticed everytime I launch the script, my router's light would flash all at one. I imagine this means that the pfsense machine is effectively broadcasting a wol command to the network. However, on my laptop, I successfully woke up the server using "wol 192.68.0.101"... nothing more.
Is there an incompatibility between freebs and linux (slackware)?
