net>:
> They may be hard coded to look at only their own CA to prevent MiM attacks,
> or use their own certificate store (for a similar behaviour).
>
> Alex.
>
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Roberto
>>
People, I've setup a transparent Squid proxy for WiFi clients. I'm
using SSL interception so I had to generate a CA private certificate
(generated from pfSense certificate manager tab).
But when I add this CA private certificate to several Android an
Iphone devices in order to proxify and filter
Dear, I have pfSEnse + Squid in transparent mode.
I have to filter web sites and content in HTTPS with Squidguard, so
I've created a CA self-signed certificate and a server certificate
(signed by the CA) in pfSense. After that I defined the CA certificate
in the Squid configuration tab from
nse.org>
>> Subject: Re: [pfSense] Transparent proxy for WiFi users
>>
>>
>>
>>> Am 02.01.2018 um 14:46 schrieb Roberto Carna <robertocarn...@gmail.com>:
>>>
>>> Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
&
ot defined in pfSEnse firewall rules ??? Because the SIP response
packet from PBX to the remote peer is not a new traffic, is an
established traffic
Thanks a lot again, regards!!!
2018-01-09 12:17 GMT-03:00 Giles Coochey <gi...@coochey.net>:
> On 09/01/2018 14:34, Roberto Carna wrote:
Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote
peer out of the pfSense. I connect PBX and Peer in order to establish
a SIP trunk.
In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all.
So we have generated two firewall rules:
PBX --> SIP Peer with ANY
SIP
OK, thank you very much !!!
2018-01-08 13:59 GMT-03:00 Chris L <c...@viptalk.net>:
>
>
>> On Jan 8, 2018, at 8:39 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote:
>>
>> try removing squid package from package manager and then reinstalling.
>>
>
Fix:https://forum.pfsense.org/index.php?topic=110155.0
>
> remove squid+config file & reinstall squid..
>
> 3.1.2018 17.55 "Roberto Carna" <robertocarn...@gmail.com> kirjoitti:
>
>> Dear, I have updated Squid on pfSense to 0.4.42_1 version on pfSense
>> 2.4.2-R
Dear, I've moved from pfSEnse 2.4.0 with Squid 0.4.42 to pfSEnse
2.4.42 with Squid 0.4.42_1. After the update, the Squid service
crashes and stops.
If I run Squid 0.4.42_1 in debug mode, this is the log before the crash:
# squid -d 10
[2.4.2-RELEASE][ad...@fw-pfsense-guest.g-bapro.net]/var/log:
Dear, I have updated Squid on pfSense to 0.4.42_1 version on pfSense
2.4.2-RELEASE-p1 (amd64). But after start the service togeteher with
squidGuard, Squid crashes.
I try running from CLI in debug mode:
# squid -d 10
[2.4.2-RELEASE][ad...@fw-pfsense-guest.g-bapro.net]/var/log:
2018/01/03
Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
in order to filter HTTP and HTTPS web content for different types of
WiFi clients on my company:
- Android (different versions)
- Notebooks Windows 7/10
- Iphone
- Etc.
In some cases, depending on the device Operating System,
e LAN interface if you want.
>
> On Nov 15, 2017 7:20 AM, "Roberto Carna" <robertocarn...@gmail.com> wrote:
>
> People, I'm new at pfSense and I'm seeing that there are implicit
> default pass rules.
>
> For example, without editing a new user rule in the firewall,
People, I'm new at pfSense and I'm seeing that there are implicit
default pass rules.
For example, without editing a new user rule in the firewall, I can
send mails from my WAN interface to Internet. I was wrong because I
thought the default behaviour was to deny all the traffic unless I
permit
OK thank you so much!!!
2017-11-02 11:57 GMT-03:00 Roberto Carna <robertocarn...@gmail.com>:
> People, I have pfSEnse 2.4 with Squid and Squidguard.
>
> I enable HTTP transparent proxy and SSL filtering with Splice All.
>
> From our Android cell phones, if we use Firefox T
attempting to break the
> contract that SSL/TLS is designed to provide - end to end encryption
> with no tampering and guaranteed privacy.
>
> Cheers
> Jon
>
>
>
>
> On Thu, 2017-11-02 at 12:00 -0300, Roberto Carna wrote:
>> People, I have pfSEnse 2.4 with Squid and Squ
People, I have pfSEnse 2.4 with Squid and Squidguard.
I enable HTTP transparent proxy and SSL filtering with Splice All.
>From our Android cell phones, if we use Firefox TO NAVIGATE everything
is OK, but if we use Chrome we can't go to Google and some other HTTPS
sites.
We reviewed firewall
People, I have pfSEnse 2.4 with Squid and Squidguard.
I enable HTTP transparent proxy and SSL filtering with Splice All.
>From our Android cell phones, if we use Firefox TO NAVIGATE everything
is OK, but if we use Chrome we can't go to Google and some other HTTPS
sites.
We reviewed firewall
Dear, I'm using pfSense 2.4 with Squid in transparent mode, SSL
enabled / Slice All, and Squidguard as HTTP/HTTPS filter.
Everything is OK, except when I want web clients to be redirected to
an external Apache web server with an error page...they don't get any
error defined in the Apache server.
.
On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna robertocarn...@gmail.com
wrote:
I think this is good for us:
- Router ISP with IP 200.0.0.1
- pFsense with the following interfaces:
a) WAN IP-Less
b) LAN IP-Less
c) OPT1 with IP 200.0.0.2 (management)
d) Bridge with WAN and LAN
Why Suricata in place of Snort?
Please can you tell me shortly the advantages of Suricata over Snort
Really thanks
Roberto
2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
Use suricata
On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I need to know
,
Roberto
Thanks again,
Roberto
2014-09-29 14:37 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
Use suricata
On Sep 29, 2014 2:27 PM, Roberto Carna robertocarn...@gmail.com wrote:
Dear, I need to know if it's possible to setup Pfsense with Snort to
get an IPS (Intrusion Prevention System
or Snort.
http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
---
Anastasios Stefos
´αίέν άριστεύειν
On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna robertocarn...@gmail.com
wrote:
Dear Ivo and people, just three short questions:
1) Using Suricata, can I
/
---
Anastasios Stefos
´αίέν άριστεύειν
On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna robertocarn...@gmail.com
wrote:
Dear Ivo and people, just three short questions:
1) Using Suricata, can I enable the IPS mode as I can using Snort ???
2) In IPS mode, do I have to have 3 interfaces
to hide evrything? Its not that hard to fingerprint
a pfS bridge. If you have practical reasons, sure go ahead.
29. sep. 2014 21:28 skrev Roberto Carna robertocarn...@gmail.com
følgende:
Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
in bridge mode with firewall rules
Ivo, I want to locate the IPS between the router and the corporative
firewall, so I think to use bridge modeis correct???
2014-09-29 16:34 GMT-03:00 Ivo Tonev i...@tonev.pro.br:
I recomend to use in router mode.
On Sep 29, 2014 4:29 PM, Roberto Carna robertocarn...@gmail.com wrote:
Ok
for a linux flavour of choice to get this
setup done. You can even build a hogwash like setup if you like.
29. sep. 2014 21:38 skrev Roberto Carna robertocarn...@gmail.com
følgende:
Ivo, I want to locate the IPS between the router and the corporative
firewall, so I think to use bridge mode
I think this is good for us:
- Router ISP with IP 200.0.0.1
- pFsense with the following interfaces:
a) WAN IP-Less
b) LAN IP-Less
c) OPT1 with IP 200.0.0.2 (management)
d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less
- Corporate firewall with IP 200.0.0.3
- Snort
27 matches
Mail list logo