[pfSense] SquidGuard Allow facebook/company url only?
Hi. I'm trying to figure out how to allow our users just access Facebook company site: www.facebook.com/My-Company/ I add in Target Categories the url above, I select the Target as whitelist in our users, but SG is not accepting my url, I have try different inputs like: www, .facebook different settings, but checking squid log I got this: ERROR: URL-rewrite produces invalid request: GET ERR HTTP/1.1 My SG log I had this: facebook.com:443 Request(RH/blk_BL_socialnet/-) equezada CONNECT REDIRECT For some reason my Target Whitelist is not working because SG jump and go to the socialnet block and done, block our users. RH { pass FB whitelist !in-addr !blk_BL_anonvpn !blk_BL_porn !blk_BL_socialnet blk_BL_searchengines all redirect http://192.168.100.2:80/sgerror.php?url=403%20Sitio%20Prohibido%20para%20el%20departamento%20de%20RH=%a=%n=%i=%s=%t=%u log block.log } We don't want them to access social sites just our company-site inside facebook. Is possible? Pfsense 2.3.5, thanks. -- LIving the dream... ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense can get to Internet but LAN cannot
1) we're not using NAT 2) ...which means this is the answer because the router on the WAN side doesn't know to route that subnet back to the pfSense. D'oh! Adding a manual NAT rule lets it work. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer Sent: Thursday, November 30, 2017 4:19 PM To: pfSense support and discussionSubject: Re: [pfSense] pfSense can get to Internet but LAN cannot Hi Steve, Any chance outbound nat got messed up, when setting up carp? Check the settings there and check diag>states if nat works. Holger Am 30.11.2017 10:43 nachm. schrieb "Steve Yates"
: Short version: a PC on the LAN cannot ping the router's gateway, though the router can ping it and get to the Internet. Routing table looks OK, default firewall rule isn't blocking packets (rule to allow LAN to any is in place), and it's not a private IP address. Looking for suggestions? We are replacing two routers using CARP with two 4860s. I edited the saved configuration files to add two LAGGs, and changed the interfaces to match the new hardware. As I said ping/traceroute/nslookup from the pfSense to the Internet works fine. Route table shows the proper gateway IP as the default. We have tried changing off the LAGGs, no difference. A traceroute from the PC shows the pfSense router LAN IP as expected but not the gateway which is the next hop. It's as if the routing isn't sending packets out the WAN? I have rebooted the routers, and disabled CARP and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense can get to Internet but LAN cannot
A couple clarifications...the ping from LAN to the WAN gateway is timing out, not saying "unreachable" or something like that. I can ping the router's WAN IP (and CARP WAN IP) from the LAN, as allowed by firewall rule. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Thursday, November 30, 2017 3:44 PM To: pfSense Support and Discussion Mailing ListSubject: [pfSense] pfSense can get to Internet but LAN cannot Short version: a PC on the LAN cannot ping the router's gateway, though the router can ping it and get to the Internet. Routing table looks OK, default firewall rule isn't blocking packets (rule to allow LAN to any is in place), and it's not a private IP address. Looking for suggestions? We are replacing two routers using CARP with two 4860s. I edited the saved configuration files to add two LAGGs, and changed the interfaces to match the new hardware. As I said ping/traceroute/nslookup from the pfSense to the Internet works fine. Route table shows the proper gateway IP as the default. We have tried changing off the LAGGs, no difference. A traceroute from the PC shows the pfSense router LAN IP as expected but not the gateway which is the next hop. It's as if the routing isn't sending packets out the WAN? I have rebooted the routers, and disabled CARP and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfSense can get to Internet but LAN cannot
Hi Steve, Any chance outbound nat got messed up, when setting up carp? Check the settings there and check diag>states if nat works. Holger Am 30.11.2017 10:43 nachm. schrieb "Steve Yates": Short version: a PC on the LAN cannot ping the router's gateway, though the router can ping it and get to the Internet. Routing table looks OK, default firewall rule isn't blocking packets (rule to allow LAN to any is in place), and it's not a private IP address. Looking for suggestions? We are replacing two routers using CARP with two 4860s. I edited the saved configuration files to add two LAGGs, and changed the interfaces to match the new hardware. As I said ping/traceroute/nslookup from the pfSense to the Internet works fine. Route table shows the proper gateway IP as the default. We have tried changing off the LAGGs, no difference. A traceroute from the PC shows the pfSense router LAN IP as expected but not the gateway which is the next hop. It's as if the routing isn't sending packets out the WAN? I have rebooted the routers, and disabled CARP and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfSense can get to Internet but LAN cannot
Short version: a PC on the LAN cannot ping the router's gateway, though the router can ping it and get to the Internet. Routing table looks OK, default firewall rule isn't blocking packets (rule to allow LAN to any is in place), and it's not a private IP address. Looking for suggestions? We are replacing two routers using CARP with two 4860s. I edited the saved configuration files to add two LAGGs, and changed the interfaces to match the new hardware. As I said ping/traceroute/nslookup from the pfSense to the Internet works fine. Route table shows the proper gateway IP as the default. We have tried changing off the LAGGs, no difference. A traceroute from the PC shows the pfSense router LAN IP as expected but not the gateway which is the next hop. It's as if the routing isn't sending packets out the WAN? I have rebooted the routers, and disabled CARP and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?
It would help if someone updated the pfSense doc page to clarify that, then, since I asked that question on this list in July and got a different answer than yours. https://doc.pfsense.org/index.php/Upgrade_Guide#Packages -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Coleman Sent: Wednesday, November 29, 2017 1:54 PM To: pfSense Support and Discussion Mailing ListSubject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade? Anything that isn’t a maintenance release (2.x.y … the “y” here) should be considered a major release. macOS 10.11 is a major release. 10.11.1 is not. — Ryan > On Nov 29, 2017, at 1:37 PM, Steve Yates
wrote: > > Does it work if you uninstall haproxy first? I know pfSense recommends > uninstalling packages for "major" version upgrades but (per my past thread > here ) I would think point versions are minor upgrades. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen > Sent: Wednesday, November 29, 2017 12:02 PM > To: pfSense Support and Discussion Mailing List > Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade? > > yes. looks like very similar problem :) > > Eero > > 2017-11-29 18:59 GMT+02:00 Tom Müller-Kortkamp
: > >> Did you had any packages installed? >> I filed this bug 2 Days ago: >> https://redmine.pfsense.org/issues/8135 >> >>> Am 29.11.2017 um 00:11 schrieb Steve Yates : >>> >>> https://redmine.pfsense.org/ is the bug tracker. >> https://www.netgate.com/support/contact-support.html for tech support. >>> >>> -- >>> >>> Steve Yates >>> ITS, Inc. >>> >>> -Original Message- >>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >>> Sent: Monday, November 27, 2017 12:37 AM >>> To: pfSense Support and Discussion Mailing List ; >> j...@netgate.com >>> Subject: Re: [pfSense] pfsense 2.3 -> 2.4 upgrade? >>> >>> Hi, >>> >>> Looks like "online" upgrade (2.3.5 -> 2.4.2) trashes sg-8860 unit to >>> "non-working state". (ie. ssl libraries missing and so on) >>> >>> Where I can file critical bug ticket? :D >>> >>> -- >>> Eero >>> >>> 2017-11-26 19:53 GMT+02:00 Daniel
: >>> I Updates 3 Firewalls all without any problems. Am 26.11.17, 13:04 schrieb "List im Auftrag von Eero Volotinen" < list-boun...@lists.pfsense.org im Auftrag von eero.voloti...@iki.fi>: just planning to upgrade my sg-8860 from pfsense 2.3 to 2.4. is there any known issues? it's not so complex setup, but running as our hq main firewall. so, some ipsec and openvpn connections are running against it. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] FRR restart prevention
Hi there, anyone know how to prevent FRR to restart every time when the config has chaned? Problem can be dampeing for example are network unreachability. Just as an Idea, use only somethink like that: vtysh -e "sh ip bgp sum" vtysh -e "clear ip bgp *" And so on. In this case you also can configure the BGP/OSPF deamon without any hard restarts are needed. It’s just a Hint to make it more better. Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] FRR restart prevention
Hi there, is there anyway to prevent the whole restart of FRR when the config has changed? Problem is durin a restart the connectivity gets lost and when you do this a couple of time it could be that you network is flapping and maybe some providers user damping. Cheers Daniel ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold