to look at only their own CA to prevent MiM attacks,
> or use their own certificate store (for a similar behaviour).
>
> Alex.
>
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Roberto
>> Carna
>> Sent: 06 Februar
People, I've setup a transparent Squid proxy for WiFi clients. I'm
using SSL interception so I had to generate a CA private certificate
(generated from pfSense certificate manager tab).
But when I add this CA private certificate to several Android an
Iphone devices in order to proxify and filter S
Dear, I have pfSEnse + Squid in transparent mode.
I have to filter web sites and content in HTTPS with Squidguard, so
I've created a CA self-signed certificate and a server certificate
(signed by the CA) in pfSense. After that I defined the CA certificate
in the Squid configuration tab from pfSens
>>
>> -Original Message-
>> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Rainer
>> Duffner
>> Sent: Tuesday, January 02, 2018 10:01 AM
>> To: pfSense Support and Discussion Mailing List
>> Subject: Re: [pfSense] Transparent prox
defined in pfSEnse firewall rules ??? Because the SIP response
packet from PBX to the remote peer is not a new traffic, is an
established traffic
Thanks a lot again, regards!!!
2018-01-09 12:17 GMT-03:00 Giles Coochey :
> On 09/01/2018 14:34, Roberto Carna wrote:
>>
>> Dear, I have
Dear, I have an Asterisk PBX in a DMZ behind a pfSense and a remote
peer out of the pfSense. I connect PBX and Peer in order to establish
a SIP trunk.
In the path "PBX -- pfSense -- SIP trunk peer" there is no NAT at all.
So we have generated two firewall rules:
PBX --> SIP Peer with ANY
SIP Pee
OK, thank you very much !!!
2018-01-08 13:59 GMT-03:00 Chris L :
>
>
>> On Jan 8, 2018, at 8:39 AM, Eero Volotinen wrote:
>>
>> try removing squid package from package manager and then reinstalling.
>>
>> 8.1.2018 18.24 "Roberto Carna" kirjoit
pic=110155.0
>
> remove squid+config file & reinstall squid..
>
> 3.1.2018 17.55 "Roberto Carna" kirjoitti:
>
>> Dear, I have updated Squid on pfSense to 0.4.42_1 version on pfSense
>> 2.4.2-RELEASE-p1 (amd64). But after start the service togeteher wi
Dear, I've moved from pfSEnse 2.4.0 with Squid 0.4.42 to pfSEnse
2.4.42 with Squid 0.4.42_1. After the update, the Squid service
crashes and stops.
If I run Squid 0.4.42_1 in debug mode, this is the log before the crash:
# squid -d 10
[2.4.2-RELEASE][ad...@fw-pfsense-guest.g-bapro.net]/var/log:
2
Dear, I have updated Squid on pfSense to 0.4.42_1 version on pfSense
2.4.2-RELEASE-p1 (amd64). But after start the service togeteher with
squidGuard, Squid crashes.
I try running from CLI in debug mode:
# squid -d 10
[2.4.2-RELEASE][ad...@fw-pfsense-guest.g-bapro.net]/var/log:
2018/01/03 12:46:44
Dear, I've setup a Squid transparent proxy + Squidgard on pfSEnse 2.4
in order to filter HTTP and HTTPS web content for different types of
WiFi clients on my company:
- Android (different versions)
- Notebooks Windows 7/10
- Iphone
- Etc.
In some cases, depending on the device Operating System, s
Steve, I had to add some FLOATING RULES to block outgoing traffic from
pfSense itself to Internetin this way, traffic was blocked.
Regards!!!
2017-11-15 13:01 GMT-03:00 Roberto Carna :
> OK Lorenz, now I understand!!!
>
> Thanks a lot,
>
> ROBERT
>
> 2017-11-15 1
OK Lorenz, now I understand!!!
Thanks a lot,
ROBERT
2017-11-15 12:49 GMT-03:00 Lorenz Schori :
> Hi,
>
> On Wed, 15 Nov 2017 12:44:51 -0300
> Roberto Carna wrote:
>
>> Oliver, I ask about the opposite that you explain to me:
>>
>> Everthing going ou
>
> On Nov 15, 2017 7:20 AM, "Roberto Carna" wrote:
>
> People, I'm new at pfSense and I'm seeing that there are implicit
> default pass rules.
>
> For example, without editing a new user rule in the firewall, I can
> send mails from my WAN interfac
People, I'm new at pfSense and I'm seeing that there are implicit
default pass rules.
For example, without editing a new user rule in the firewall, I can
send mails from my WAN interface to Internet. I was wrong because I
thought the default behaviour was to deny all the traffic unless I
permit wh
OK thank you so much!!!
2017-11-02 11:57 GMT-03:00 Roberto Carna :
> People, I have pfSEnse 2.4 with Squid and Squidguard.
>
> I enable HTTP transparent proxy and SSL filtering with Splice All.
>
> From our Android cell phones, if we use Firefox TO NAVIGATE everything
> is
contract that SSL/TLS is designed to provide - end to end encryption
> with no tampering and guaranteed privacy.
>
> Cheers
> Jon
>
>
>
>
> On Thu, 2017-11-02 at 12:00 -0300, Roberto Carna wrote:
>> People, I have pfSEnse 2.4 with Squid and Squidguard.
>>
>> I e
People, I have pfSEnse 2.4 with Squid and Squidguard.
I enable HTTP transparent proxy and SSL filtering with Splice All.
>From our Android cell phones, if we use Firefox TO NAVIGATE everything
is OK, but if we use Chrome we can't go to Google and some other HTTPS
sites.
We reviewed firewall rule
People, I have pfSEnse 2.4 with Squid and Squidguard.
I enable HTTP transparent proxy and SSL filtering with Splice All.
>From our Android cell phones, if we use Firefox TO NAVIGATE everything
is OK, but if we use Chrome we can't go to Google and some other HTTPS
sites.
We reviewed firewall rule
Dear, I'm using pfSense 2.4 with Squid in transparent mode, SSL
enabled / Slice All, and Squidguard as HTTP/HTTPS filter.
Everything is OK, except when I want web clients to be redirected to
an external Apache web server with an error page...they don't get any
error defined in the Apache server.
>
> On Tue, Sep 30, 2014 at 12:13 AM, Roberto Carna
> wrote:
>>
>> I think this is good for us:
>>
>>
>> - Router ISP with IP 200.0.0.1
>>
>> - pFsense with the following interfaces:
>>
>> a) WAN IP-Less
>> b) LAN IP-Less
&
I think this is good for us:
- Router ISP with IP 200.0.0.1
- pFsense with the following interfaces:
a) WAN IP-Less
b) LAN IP-Less
c) OPT1 with IP 200.0.0.2 (management)
d) Bridge with WAN and LAN interfaces, and Bridge interface IP-Less
- Corporate firewall with IP 200.0.0.3
- Snort
ns of setup guides for a linux flavour of choice to get this
>> setup done. You can even build a hogwash like setup if you like.
>>
>> 29. sep. 2014 21:38 skrev "Roberto Carna"
>> følgende:
>>>
>>> Ivo, I want to locate the IPS between the router
Ivo, I want to locate the IPS between the router and the corporative
firewall, so I think to use bridge modeis correct???
2014-09-29 16:34 GMT-03:00 Ivo Tonev :
> I recomend to use in "router mode".
>
> On Sep 29, 2014 4:29 PM, "Roberto Carna" wrote:
>>
&
want to hide evrything? Its not that hard to fingerprint
> a pfS bridge. If you have practical reasons, sure go ahead.
>
> 29. sep. 2014 21:28 skrev "Roberto Carna"
> følgende:
>
>> Ok, and do you recommend to setup the Pfsense WAN and LAN interfaces
>> in bridge mode w
www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
>>
>>
>>
>> ---
>> Anastasios Stefos
>> ´αίέν άριστεύειν
>>
>> On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna
>> wrote:
>>>
>>> Dear Ivo and people, just three short qu
>
> http://www.linux.org/threads/suricata-the-snort-replacer-part-1-intro-install.4346/
>
>
>
> ---
> Anastasios Stefos
> ´αίέν άριστεύειν
>
> On Mon, Sep 29, 2014 at 2:34 PM, Roberto Carna
> wrote:
>>
>> Dear Ivo and people, just three short questions:
>>
&g
,
Roberto
Thanks again,
Roberto
2014-09-29 14:37 GMT-03:00 Ivo Tonev :
> Use suricata
>
> On Sep 29, 2014 2:27 PM, "Roberto Carna" wrote:
>>
>> Dear, I need to know if it's possible to setup Pfsense with Snort to
>> get an IPS (Intrusion Prevention System),
Why Suricata in place of Snort?
Please can you tell me shortly the advantages of Suricata over Snort
Really thanks
Roberto
2014-09-29 14:37 GMT-03:00 Ivo Tonev :
> Use suricata
>
> On Sep 29, 2014 2:27 PM, "Roberto Carna" wrote:
>>
>> Dear, I need to know if
Dear, I need to know if it's possible to setup Pfsense with Snort to
get an IPS (Intrusion Prevention System), and in this case what is the
graphical interface used to view events and dropped traffic.
Thanks a lot,
Roberto
___
List mailing list
List@lis
30 matches
Mail list logo