The pfSense Store

Recent Posts

Pages: [1] 2 3 4 5 ... 10
1
Cache/Proxy / Re: SquidGuard and sgerror.php (SOLVED)
« Last post by exa_gon on Today at 11:02:01 am »
I've solved the problem :
1. enter this configuration on lighty-proxy-wpad.conf
Code: [Select]
#
# lighttpd configuration file
#
# configured for WPAD/PAC serving
#

## set static document-root
server.document-root        = "/usr/local/www/wpad/"
server.modules                  = ( "mod_access", "mod_fastcgi", "mod_cgi" )

## where to send error-messages to
server.errorlog =       "/var/log/lighty-proxy-wpad.log"

# mimetype mapping
mimetype.assign             = (
        ".dat"          =>      "application/x-ns-proxy-autoconfig",
        ".da"           =>      "application/x-ns-proxy-autoconfig",
        ".pac"          =>      "application/x-ns-proxy-autoconfig"
 )

## bind to proxy address and port
server.bind  = "10.170.60.40"
server.port  = 80

fastcgi.server                  = ( ".php" => ( "localhost" => ( "socket" => "/var/run/php-fpm.socket", "broken-scriptfilename" => "enable" ) ) )
cgi.assign                      = ( ".cgi" => "" )

## unqiue pid to other lightppd instance
server.pid-file            = "/var/run/lighty-proxy-wpad.pid"

and copy the /usr/local/www/sgerror.php in /usr/local/www/wpad/

Now all working.  ;)
2
Italiano / SURICATA, chi di voi lo usa è perchè
« Last post by Slacker on Today at 11:01:00 am »
Ciao a tutti,
tempo fa installai il pacchetto di SURICATA assieme a SNORT ma trovai numerosi problemi di blocchi di numerevoli siti che mi costrinsero a eliminarlo dal firewall. Ma ora che ho maggiore dimestichezza con PFSENSE, vorrei domandarvi se voi l'avete installato e sopratutto quali esigenze ritenete di colmare con SURICATA che il solo impiego di SNORT non riesce a dare. Grazie per le risposte.



3
General Questions / TOR pfSense 2.3.1
« Last post by stremenx on Today at 10:55:58 am »
How to installing Tor in pfSense 2.3.1. Please...
4
Hardware / SG-4860 port enumeration
« Last post by NogBadTheBad on Today at 10:53:30 am »
Just taken delivery of a nice shiny new SG-4860

My WAN & LAN ports aren't correct out out the box, when I connected the WAN port to my local LAN it didn't pick up an address via DHCP.

When I take the rj45 out of the WAN interface and connect it into the LAN port the WAN interface in the console comes up with a DHCP address.

I'd like the ports in future to enumerate correctly if I do a factory default, rather than having to faff about  with the interfaces.

As of now :-

 WAN (wan)      -> igb1
 LAN (lan)         -> igb0
 OPT1 (opt1)     -> igb2
 OPT2 (opt2)     -> igb3
 OPT3 (opt3)     -> igb4
 OPT4 (opt4)     -> igb5

What I'd like it to be to match the front :-

 WAN (wan)      -> igb0
 LAN (lan)         -> igb1
 OPT1 (opt1)     -> igb2
 OPT2 (opt2)     -> igb3
 OPT3 (opt3)     -> igb4
 OPT4 (opt4)     -> igb5

The output from ifconfig :-

[2.3.1-RELEASE][admin@pfSense.localdomain]/root: ifconfig -a
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:cb
   inet6 fe80::208:a2ff:fe0a:9dcb%igb0 prefixlen 64 scopeid 0x1
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect
   status: no carrier
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:cc
   inet6 fe80::1:1%igb1 prefixlen 64 scopeid 0x2
   inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active
igb2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:c7
   inet6 fe80::208:a2ff:fe0a:9dc7%igb2 prefixlen 64 scopeid 0x3
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect
   status: no carrier
igb3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:c8
   inet6 fe80::208:a2ff:fe0a:9dc8%igb3 prefixlen 64 scopeid 0x4
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect
   status: no carrier
igb4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:c9
   inet6 fe80::208:a2ff:fe0a:9dc9%igb4 prefixlen 64 scopeid 0x5
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect
   status: no carrier
igb5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:08:a2:0a:9d:ca
   inet6 fe80::208:a2ff:fe0a:9dca%igb5 prefixlen 64 scopeid 0x6
   inet 172.16.1.25 netmask 0xffffff00 broadcast 172.16.1.255
   inet6 fdee:87cd:d40:1:208:a2ff:fe0a:9dca prefixlen 64 autoconf
   nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
   media: Ethernet autoselect (100baseTX <full-duplex>)
   status: active
5
Firewalling / Firewall Schedules bug
« Last post by Donny on Today at 10:43:18 am »
I found bug on firewall schedules, after i crated firewall rules used with schedules that I have created.
On the firewall rules when I click on Schedule name. example: MorningWorkHours, AfternoonWorkHours, LunchTime or AfterWorkHours. (Look at the picture below)
It is always appear the same screen page and the same "Schedule Name" . (Look at the picture below)
I have deleted some schedules and try to make its new again and use it with firewall rules but it is not resolve the problem.
Event I reboot pfSense.
6
General Questions / Re: pfSense 2.3 Check_mk working with xinetd
« Last post by joeclifford on Today at 10:31:11 am »
All worked then I came back to work the next week and found the agent is unreachable. I went through the steps againt and found that the filter file changed back to default settings and is missing the line:
fwrite($xinetd_fd, "includedir /opt/etc/xinetd.d");

If I re-add the line again, the agent works again. How do I make that filter file save the changes persistently through a reboot?

Hmm, I haven't yet had the filter.inc file revert on just a reboot, it normally only happens when there is an update that overrides the filter.inc file. Like this bug fix introduced in 2.3.1 . https://redmine.pfsense.org/issues/6307

Are you running the nano version of pfsense? Pre 2.3.1 the filesystem is set to read only by default.

Thankfully, FJerusalem's script will make the changes for you.
7
General Questions / Re: pfSense 2.3 Check_mk working with xinetd
« Last post by joeclifford on Today at 10:26:20 am »
FJerusalem,

Good idea to cron job a script to add in the needed line to the filter.inc. It might be worth modifying your script so it finds the line based on the fclose statement, rather than the comment. It's unlikely, but if and update adds an identical comment to the filter.inc file it could mess it up. I've used the below script.

Code: [Select]
#!/bin/sh

grep includedir /etc/inc/filter.inc
if [ $? -eq 0 ]
then
        exit 0
else
        awk '/fclose\(\$xinetd_fd\)\;/{print "fwrite($xinetd_fd, \"includedir /opt/etc/xinetd.d\");"}1' /etc/inc/filter.inc > /etc/inc/filter.inc.temp
        mv /etc/inc/filter.inc.temp /etc/inc/filter.inc
fi
exit 0

8
NAT / Re: single port NAT works, but creating a group of ports fails
« Last post by mr-ig on Today at 10:23:34 am »
Here is the rest of the info
9
Cache/Proxy / Re: SquidGuard and sgerror.php
« Last post by exa_gon on Today at 10:17:46 am »
I can not find any solution to view the sgerror page.

I've the webconfigurator on HTTPS.
Another lighttpd for the wpad on HTTP ( but don't work with php )
Someone can point me to adjust this configuration of lighttpd so I can copy the sgerror.php in /usr/local/www/wpad and work with port 80.

Code: [Select]
#
# lighttpd configuration file
#
# configured for WPAD/PAC serving
#

## set static document-root
server.document-root        = "/usr/local/www/wpad/"

## where to send error-messages to
server.errorlog =       "/var/log/lighty-proxy-wpad.log"

# mimetype mapping
mimetype.assign             = (
        ".dat"          =>      "application/x-ns-proxy-autoconfig",
        ".da"           =>      "application/x-ns-proxy-autoconfig",
        ".pac"          =>      "application/x-ns-proxy-autoconfig"
 )

## bind to proxy address and port
server.bind  = "10.170.60.40"
server.port  = 80

## unqiue pid to other lightppd instance
server.pid-file            = "/var/run/lighty-proxy-wpad.pid"
10
On an AWS installarion of 2.3 I have the "Obtaining update status " continuously spinning, probably due to restrictive blocking on the NetworkACL or SecurityGroup. Do you know which ports (and possible target IPs) need to be open for Update checks to work ?
Thanks
Pages: [1] 2 3 4 5 ... 10