Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - tacfit

Pages: [1] 2 3 4 5 ... 14
Cache/Proxy / Re: Sarg Reports Showing up Blank
« on: August 10, 2015, 08:14:33 am »
No, we aren't using Dansguardian or Squidguard.  Just Squid. Sorry, I'm not sure based on your wording what you mean to say. Does the fix I listed only apply to Dansguardian?

Packages / Re: Failed to install packages (After upgrade Pfsense 2.2.4)
« on: August 06, 2015, 02:28:50 pm »
I had a similar issue getting packages to install after the update but a simple reboot fixed it.

Cache/Proxy / Sarg Reports Showing up Blank
« on: August 06, 2015, 01:39:16 pm »

We are attempting to run sarg reports using squid on pfsense 2.2.4-RELEASE (i386) and get completely blank reports.

The squid package we have installed is 2.7.9 pkg v.4.3.6 and the sarg package is 0.6.4 which we installed using the gui package manager.

The install and configuration went without errors but clicking on the View Report tab initially yielded "Error: Could not find report index file."

Applying this fix
took care of that allowing reports to be generated on schedule. We can now see the list of reports (generated hourly) along with a summary with number of users and data usage for each report on the main page.  The only problem now is that the reports are completely empty. (see screenshots) Clicking on a reports generates a table with headings and absolutely nothing under it.

Real Time data is showing up perfectly.

Squid is setup as a transparent proxy and appears to be working perfectly. Logs are being generated as expected and where specified.

In Sarg:
Proxy server is set to squid
"Report settings" are set to default values
Limit values are all set to unlimited except "Reports days limits" which is set to 14 days
"Exclude" settings are all left blank
"Users" settings are left to default values
A schedule is setup and enabled to run every hour

Is there something obvious I've missed?

Thanks in advance!

Same thing just happened to us. We're on 2.0.3, so maybe we need to update? The output of fstat was saturated with 2 different apps:

root     filterdns  40614  666 /        15544735 -rw-r--r--       0  r

and also

root     ipfw-classifyd 27444 1264 /        18514540 -rw-r--r--      34  r

A reboot got us back.

General Questions / Re: Unable to check for updates or Packages
« on: August 09, 2012, 09:08:59 am »
Thanks. Didn't intend to hijack... I thought it was related.

General Questions / Re: Unable to check for updates or Packages
« on: August 09, 2012, 08:53:25 am »

General Questions / Re: Unable to check for updates
« on: August 09, 2012, 08:52:24 am »
None of these URLs are working for me right now. returns a 404. My system can't check for updates.

Any thoughts, anyone?

NAT / Re: NAT 1:1 of Port forward?
« on: November 14, 2011, 02:02:58 am »
Glad to hear it! Feel free to contribute to the Documentation yourself now that you've figured a few things out :)

Packages / Re: squid https - SSL download is slow
« on: November 11, 2011, 08:38:51 am »
I'm seeing brutally slow load times on anything behind Squid. Installed the latest everything today. If I turn on Squid, then sites take up to 7 or 10 seconds to load all the elements. They load fast from cache after that, but the initial load, for any cold site, is completely useless.

General Questions / Re: Disabled Admin Account -- Locked Out
« on: November 11, 2011, 06:30:58 am »
I JUST figured that out myself (by trial and error) and logged back in here to let everyone know. Thanks for posting this! If I hadn't been desperate enough to try something, you would have saved my life here.

I learned also that to do it easier, you can just type "viconfig", which will load the config, and upon closing it will kill the cached config file, causing PFsense to reload the new config. Means you don't have to reboot.

NAT / Re: NAT 1:1 of Port forward?
« on: November 11, 2011, 05:59:11 am »
It sounds like you'll need a couple of different things, for different purposes. When you're trying to expose a service to the web, such as a web server, then all you typically need is to create a NAT entry. Specify the IP on the WAN interface that will be used, and the internal IP hosting the web server, etc. The NAT rule creation will also create the necessary firewall rule, it's quite handy that way.

Under normal circumstances, all computers behind your pfsense firewall will present themselves to the web-at-large as the IP address of your WAN interface. This can be changed, by going to the Advanced Outbound NAT tab. Here you can set up specific rules, so that specific hosts (or groups of hosts) present themselves using a different IP address (which would need to be bound to your WAN interface. See Virtual IPs, on the Firewall menu).

1:1 NAT is essentially a combination of these 2 methods. It lets you (in 1 action) create a rule that maps an internal host with an external IP, inbound and outbound. When creating a 1:1 NAT rule, you will need to create a firewall rule to allow the desired traffic. 1:1 rules are what you need when you want to set up a Ping test to an internal switch, for example... or often in the case of mail servers, where you've been given a specific IP for your mail server to use.

Give that a try, and let us know if you still need guidance. There's a wealth of documentation on the site.

General Questions / Re: Disabled Admin Account -- Locked Out
« on: November 11, 2011, 05:01:17 am »
I did something very similar. I inadvertently set my non-functional LDAP server as the user authentication method... and now I'm locked out. Really need to get back in! Help!

Any comments on whether this works in Pfsense 2.0? It would be great to be shaping and caching on the same box.

I'm thinking more about this...

  • 1. I've got a pfsense box set up now with 1 WAN and multiple LAN connections. I need to shape (dynamically allocate bandwidth based on priority and load) the inbound bandwidth (download traffic) for the LANs.
  • 2. I could set up an additional pfsense box up the chain from the current one, with a single WAN and single LAN. I can set it to transparent mode, I guess.
  • 3. If I set up Advanced Outbound NAT on the multi-LAN box (to differentiate by interfaces/subnets), I should be able to use that to identify the traffic on the upstream unit and shape accordingly


Pages: [1] 2 3 4 5 ... 14