Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid, Snort, pfBlocker issue?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MarkVLK
      last edited by

      Hi all,

      I've been running Squid and Snort on my pfSense box since I got it up and running a few weeks ago, no issues. I just installed pfBlocker last week and it's been working fine, but today I noticed some weird things in the system logs.

      Jul 24 12:05:00 router php: snort_check_for_rule_updates.php: [Snort] Server returned error code 422…
      Jul 24 12:05:00 router php: snort_check_for_rule_updates.php: [Snort] Snort VRT rules md5 download failed…
      Jul 24 12:03:05 router php: /index.php: Successful login for user 'admin' from: xxx.xxx.xxx.xxx
      Jul 24 12:03:05 router php: /index.php: Successful login for user 'admin' from: xxx.xxx.xxx.xxx
      Jul 24 12:02:25 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:25 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:25 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:25 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:23 router kernel: re0: promiscuous mode enabled
      Jul 24 12:02:21 router SnortStartup: Snort START for WAN...
      Jul 24 12:02:17 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:17 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:17 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:17 router php: rc.start_packages: No pfBlocker action during boot process.
      Jul 24 12:02:16 router kernel: re0: promiscuous mode disabled
      Jul 24 12:02:16 router snort: *** Caught Term-Signal
      Jul 24 12:02:15 router SnortStartup: Snort STOP for WAN...
      Jul 24 12:02:15 router kernel: re0: promiscuous mode enabled
      Jul 24 12:02:13 router SnortStartup: Snort START for WAN...
      Jul 24 12:02:10 router squid: Squid Parent: child process started
      Jul 24 12:02:08 router php: rc.start_packages: The command '/usr/local/etc/rc.d/squid.sh stop' returned exit code '1', the output was ''
      Jul 24 12:02:08 router kernel: re0: promiscuous mode disabled
      Jul 24 12:02:08 router snort: *** Caught Term-Signal
      Jul 24 12:02:08 router php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "filter" rules.
      Jul 24 12:02:07 router php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "pfearly" rules.
      Jul 24 12:02:07 router php: rc.filter_configure_sync: SQUID is installed but not started. Not installing "nat" rules.
      Jul 24 12:02:07 router squid: Squid Parent: child process exited with status 0
      Jul 24 12:02:07 router SnortStartup: Snort STOP for WAN...
      Jul 24 12:02:03 router php: rc.start_packages: Reloading Squid for configuration sync
      Jul 24 12:02:03 router php: rc.start_packages: Reloading Squid for configuration sync

      I don't know if the issue here is with Squid, Snort, pfBlocker, or something else entirely, but I haven't changed anything in the configuration recently. As far as I'm aware, all that has changed is that we had a few guests over and they were trying to troubleshoot some Mario Kart Wii U online issues last night... I am the only one with access to the pfSense login though.

      I saw this Squid & Snort stop/starting and the Snort rules update fail and "no pfBlocker action during boot..." in the logs so I rebooted the pfSense router but just saw the same things in the log again. Anyone seen this kind of behavior in the logs before, and if so any tips on what might be going wrong or what I need to do to remedy the problem?

      1 Reply Last reply Reply Quote 0
      • C
        Cmellons
        last edited by

        " [Snort] Server returned error code 422…"

        Nothing to worry about.

        They are just updating on their end. It should be back to normal when they are finished.

        1 Reply Last reply Reply Quote 0
        • M
          MarkVLK
          last edited by

          @Cmellons:

          " [Snort] Server returned error code 422…"

          Nothing to worry about.

          They are just updating on their end. It should be back to normal when they are finished.

          What about Squid and Snort rapidly stopping and starting and pfBlocker reporting "no… action during boot process"? I haven't seen these logs before and it seems unrelated to the Snort update process.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.