Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense WOL and temperature monitoring

    General pfSense Questions
    3
    13
    8760
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007 last edited by

      Hi!  I am new to this forum and recently installed pfSense on my "gateway" machine only to discover that pfSense is the best firewall/router distro out there!

      I have a few questions for the pfSense community!  For those who don't feel to answer all three questions, please consider 1 & 2 to be priorities.

      1- I would like to wake-on-lan one of my networked machines on a scheduled basis.  Basically, I installed the Cron package in my pfSense machine and created an entry.  The command I am trying to run is simply "wol XX:XX:XX:XX:XX:XX"…  My problem is that it doesn't work...  From the Services menu -> Wake on LAN, I created an entry and it works from there.  Waking up the machine from that web page also works.  Going through Diagnostics -> Command and entering "wol XX:XX:XX:XX:XX:XX" also fail.  Basically it seems that from the WOL menu is the only way to wake up that machine.  Trying from other machines on the network will also work.  Whats wrong?

      2- I read on some documentation web page that sysctl -w hw.acpi.thermal would list the thermal "entries' (?) from the ACPI daemon or what ever it is (you see I am pretty green in that).  Is there a way to actually trigger an alarm or send an email if the temperature goes above a certain threshold?  Entering  sysctl -w hw.acpi.thermal  will output:

      $ sysctl -w hw.acpi.thermal
      hw.acpi.thermal.min_runtime: 0
      hw.acpi.thermal.polling_rate: 30
      hw.acpi.thermal.user_override: 1
      hw.acpi.thermal.tz0.temperature: 55.0C
      hw.acpi.thermal.tz0.active: -1
      hw.acpi.thermal.tz0.passive_cooling: 0
      hw.acpi.thermal.tz0.thermal_flags: 1
      hw.acpi.thermal.tz0._PSV: 30.0C
      hw.acpi.thermal.tz0._HOT: 70.0C
      hw.acpi.thermal.tz0._CRT: 90.0C
      hw.acpi.thermal.tz0._ACx: -1 -1 -1 -1 -1 -1 -1 -1 -1 -1
      hw.acpi.thermal.tz0._TC1: -1
      hw.acpi.thermal.tz0._TC2: -1
      hw.acpi.thermal.tz0._TSP: -1
      

      3- I would like to block some specific websites (namely my ISP DNS hijack website) and some other sites I dont want other family members to access.  I also read somewhere that squidGuard would do it.  I installed it and under Services ->  Proxy filter -? Blacklist URL, I entered the address of the ISP DNS hijack to test, but it does not works.  What would be the proper way to completely block anything that comes from those sites?  I guess using the IP wouldnt work because they have some complex network infrastructures….

      Thanks in advance for input!

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        For 1), try:

        wol -i x.x.x.255 XX:XX:XX:XX:XX:XX
        

        Where x.x.x.255 is the broadcast address for your subnet.

        For 2), there isn't a way to generate an alert based on that in the GUI. If you want to maintain something in /etc/devd.conf to catch the ACPI events, that can be done.

        See here:
        http://www.freebsd.org/cgi/man.cgi?query=acpi_thermal&apropos=0&sektion=0&manpath=FreeBSD+7.2-RELEASE&format=html#end

        For 3), you need both squid and squidguard, and they must all be setup properly. There are howtos and tutorials here on the forum and on the doc wiki.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          pftdm007 last edited by

          Bump!?!?

          Nobody knows??

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I addressed all three points of your original post. Was there something about my reply that wasn't sufficient?

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              pftdm007 last edited by

              jimp,  Sooo sorry for that, for some reasons, yesterday when I looked at this thread, I completelymissed your reply and never got an email informing me of your reply….

              Sorry !  I'll try what you suggested and post back the findings!

              THanks again!

              1 Reply Last reply Reply Quote 0
              • P
                pftdm007 last edited by

                hey jimp,

                I tried the #3 (squidguard).  Basically, I installed both squid and squidguard, and configured everything.  It all seems OK.  I added some URL's in the Proxy Server > Access Control tab > Blacklist  thinking this would help to get rid of the annoying popups I have while navigating the web with firefox  ( I dont care if it opens a popup, but I dont want to get the content and all the animations such as flash , shockwave, etc…)  but it doesnt work.

                I also added the address of my ISP DNS hijacking webpage but it doesnt seems to work out either.  If I mis-spell a web address, I still get the ISP webpage...

                Is what I am doing  the proper way to PREVENT content from specific addresses or domains from ENTERING my domain?

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  It's easy to get the config of squidguard wrong. There are several tutorials/howtos here on the forum and on the Doc wiki. I'd double check to make sure you have all of the settings right.

                  As for your ISP's DNS hijack page, you could switch to Google Public DNS (8.8.8.8 / 8.8.4.4) and be rid of that.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • P
                    pftdm007 last edited by

                    jimp,

                    unless I did not perform the proper steps, I am still experiencing problems with Squid & squidguard.  They dont block what I would like to block. I followed the instructions on http://doc.pfsense.org/index.php/SquidGuard_package and downloaded a blacklist and configured just like this page says…

                    basically, to recap with only the relevant options:

                    my "proxy server" settings:
                    GENERAL TAB
                    Proxy interface: WAN
                    Enable Logging: Checked
                    Proxy port: 3129
                    What to do with requests that have whitespace characters in the URI: strip
                    Custom options: redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf;redirector_bypass on;redirect_children 3

                    ACCESS CONTROL TAB
                    Blacklist field: I have a bunch of addresses there (domains I dont want to enter my network)

                    my "proxy filter" settings:
                    GENERAL SETTINGS TAB
                    Enable: Checked with SquidGuard service state: STARTED
                    Blacklist: Checked
                    Blacklist URL: http://www.shallalist.de/Downloads/shallalist.tar.gz
                    View GUI log: Checked (and tons of messages there)

                    DEFAULT TAB
                    Destination rules: I customized the rules by selecting deny to most but not all of them
                    Not to allow IP addresses in URL: Checked
                    Redirect mode: int error page
                    Redirect info: "This page has been blocked by NETSERVER/SquidGuard because of inappropriate content."
                    Enable log: Checked

                    All other options or configurations are either not activated or disabled so I did not include them in this post to reduce the size of it…

                    One strange thing is that in the "Log" tab of the Proxy filter, If I select "squidGuard log" I get "squidguard_log report disabled"  ?? Why's that?

                    Second problem is associated with the Automated WOL.... Simply I created a Cron entry to awake the server as desired.  At first, I simply entered a new cron entry and in the command field, I entered: wol -i 192.168.0.101 00:16:17:72:ae:d7 but it never worked...  I tried to wake up the server via pfsense in the "diagnostic -> Command" tab and it worked! proof that the command works.

                    Then I tried something else.  I created a script /usr/local/sbin/wol_lhost2.sh and modified the cron entry to [ 00  15   *    *   1-5  root  /usr/local/sbin/wol_lhost2.sh  ] to wake up the server at 3PM…  the script is executable (-rwxrwxrwx  1 root  wheel  48 Aug  9 17:09 /usr/local/sbin/wol_lhost2.sh) but it still does not work... whats wrong??  The content of the script wol_lhost2.sh is pretty straight forward:

                    #!/bin/sh
                    wol -i 192.168.0.101 00:16:17:72:ae:d7

                    Any clue?

                    1 Reply Last reply Reply Quote 0
                    • W
                      wallabybob last edited by

                      @lpallard:

                      Then I tried something else.  I created a script /usr/local/sbin/wol_lhost2.sh and modified the cron entry to [ 00  15  *    *  1-5  root  /usr/local/sbin/wol_lhost2.sh  ] to wake up the server at 3PM…  the script is executable (-rwxrwxrwx  1 root  wheel  48 Aug  9 17:09 /usr/local/sbin/wol_lhost2.sh) but it still does not work... whats wrong??  The content of the script wol_lhost2.sh is pretty straight forward:

                      #!/bin/sh
                      wol -i 192.168.0.101 00:16:17:72:ae:d7

                      Any clue?

                      In your shell script try specifying a complete path to wol instead of just wol. On my pfSense system the shell command which wol shows the complete path to wol is /usr/local/bin/wol so I'm suggesting you replace wol in the shell script by /usr/local/bin/wol.

                      1 Reply Last reply Reply Quote 0
                      • P
                        pftdm007 last edited by

                        wallabybob,  adding the path of wol was a really good call… I should have got this one but ... hey just human I guess!  Thanks!

                        Do you have an idea about my squid problem?

                        1 Reply Last reply Reply Quote 0
                        • W
                          wallabybob last edited by

                          @lpallard:

                          Do you have an idea about my squid problem?

                          Sorry, I don't have any squid experience.

                          1 Reply Last reply Reply Quote 0
                          • P
                            pftdm007 last edited by

                            wallabybob,  absolutely no problem about the squid problem… i'll keep searching around and hopefully I'll found it!  Have you used ntop before??  I am only searching for a way to modify the beginning date of the monthly bandwidth report....  My ISP contract stipulates that my month starts on the 4th of every month (and ends up on the 3rd...)

                            ntop says:

                            Global Traffic Statistics: Sampling Since Sat Aug 7 21:40:25 2010 [11 days 11:56:54]
                            and under "Traffic": Total 20.1 GBytes [32,849,437 Pkts]

                            4 questions:
                            1-How do I modify the sampling since date?
                            2-Is the sampling based on a monthly cycle?  In the ntop page where I got the data above, there is no mention of monthly, annually or whatever else…
                            3-Is the "Total" based on both upload & downloads?  In other words, is the total account for al traffic going through the wan interface?
                            4-Is there a way to generate an alarm or an email if the bandwidth approach or meets a threshold?

                            Thanks!!

                            1 Reply Last reply Reply Quote 0
                            • P
                              pftdm007 last edited by

                              Strangely, yesterday when I tried what you suggested (adding the absolute path of wol to the command), it worked, and I set the cron job to 4PM (16.00) everyday.  Today, at 3.55PM, I was randomly chatting on my laptop and suddenly remembered that normally, my server should wake up at 4PM.. it didnt….  I wonder why!?

                              I tried to manually launch the script via the pfsense web config (command) but it did not work.  I noticed everytime I launch the script, my router's light would flash all at one.  I imagine this means that the pfsense machine is effectively broadcasting a wol command to the network.  However, on my laptop, I successfully woke up the server using "wol 192.68.0.101"... nothing more.

                              Is there an incompatibility between freebs and linux (slackware)?

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post