If you want Packt books, wait until they are on a Humble Bundle, then set it to give all the money to charity. :-)

I saw something very similar on an SG-3100, after upgrading several other devices to 2.4.4 or 2.4.4_1 recently. In my case if I connected to the console it showed a LAN IP but I could not ping it or connect. The boot process showed 2.4.4_1 but it looked to me like something had happened during the update and PHP 7 and/or other components had not upgraded properly. I had to reinstall from the Netgate image.

Edit: I should note that in this case the upgrade process "failed" a couple of times, but I did not see an obvious reason. Eventually it "succeeded" but ended up in this state.

@sherifen said in WebGui Keeps freezing:

I just installed my PfSense, logged into browser to make some rules.. everytime i make 1 adjustment in the browser its freezes and after a while (site cant be reached)

I'd go as far as to say: You sure you aren't connection via the WAN interface or did you by any chance remove the anti lockout rule and so have no firewall rule in place that actually allows you access to the webGUI?

If you have to disable the filter every time you make a change -> that triggers the filter back on of course! -> it's a sure sign, you did sth. wrong with your rules in the first place.

@vallum No, network range may not have changed, but IPs in it have changed around quite a bit. So yes, you can use a big hammer just try and hit everything with it, trying to match the correct IPs for the services. Or you can use a finer tool like a knife and cut out the services you actually want. Proxies are not that "hectic" but a finer tool for limiting access. And if that's what the OP is wanting to do, I'd have a look into it. Of course one can dismiss it as not worth the work and just go with IPs. Didn't say a thing against that. Just know, that blocking internet services today via brute-force IP usage, you'll get false positives, side effects etc. in blocking networks or hosts that are in use for multiple purposes.

huh?

If your webserver is behind pfsense then the ports are already forwarded through pfsense..

So this comcast "modem" is doing NAT? Does pfsense doesn't have a private IP or Public on its wan? Your forwarding the 3 ports through to pfsense WAN IP on your "modem" A modem doesn't do nat.. You mean you have a comcast gateway? What is the make and model of this device for comcast?

You do understand that most things looking for those ports are going to directly look for them - not run through a port scan.. Where did you get the idea that pfsense blocks port scans? You do understand that pfsense blocks all ports that are not forwarded..

So say scanning ports 1, 2, 3, 4 - etc... until get to 80 would be blocked.. Why do you think that pfsense will say oh wait this source IP was checking other ports, I will not let him through to my port forwarded 80?

Are you running IPS package? Snort or Suricata?

Well, after I finally kidnapped my partner's screen and left it plugged to the box. I woke up this morning and found it waiting on the BIOS screen. Disk is dead.

A bit annoying after you run all the tests you can run and still is that bloody thing..I'm glad I don't work on ER. Patient is gone, we are so sorry.

I wonder if it was temperature what screw it, this is one of those fan less boxes.

Thanks for the answers, anyway.

This has been talked about already here.

https://forum.netgate.com/topic/84823/vlans-across-multiple-interfaces

https://forum.netgate.com/topic/83080/same-vlan-on-multiple-interfaces

https://forum.netgate.com/topic/79237/multiple-interfaces-with-the-same-vlan

https://forum.netgate.com/topic/107612/multiple-vlans-across-physical-interfaces/3

The general consensus from those in the know - DON'T DO IT, use a managed switch instead. They're cheap.

Jeff

Sorry to be blunt but I'm at the Xmas do. What you are asking it how to birth before the act ...

Sorry, don't understand what you are trying to achieve here.
"Link pfSense to an OU" how? What do you want to link here? Only thing you can do is authenticate against your AD for logins in UI, VPN etc. but what changes are you referring that would only affect a certain OU?

Cheers

Solved, problem was is APs behind pfSense were the ones i tried to connect to EzMaster controller through VPN and they still had VPN ip. The weird thing is even after hard reset on APs it would still try to talk to EzMaster on VPN ip. I manually put public WAN of EzMaster and everything worked.

Thank you :>). Have a great day!!

GW

According to what I'v been reading, the bandwidth of a PCIe 2.0 lane (~500MB/s) would be barely enough to support 4 gigabit port (125 MB/s each). Since this motherboard PCIe x16 2.0 slot works as "by 2", it should be enough.

I'll be picking up the motherboard this week, but not the ethernet adapter since they're expensive. I'll use a router in the mean time and will update this post whenever I get the adapter.

OpenDNS DNSSEC

We know - it's all around this forum already, and at OpenDNS's place - see link.
Forwarders in general are not (and/or can not be) DNSSEC compatible.

AWS is fun. Glad you got it working.

@tagit446 said in Online Privacy:

And we/you are using pfSense why..?

I use it because its an easy to use full featured firewall/router.. My network is segmented and firewalled.. My IOT devices are on their own segment and are have controlled and logged access. While they can access the internet they do not have access to my other devices.

My wifi is also segmented, I have my network for my devices that use eap-tls to auth.. While iot devices and guest have their own vlans and are again controlled and traffic monitored for odd stuff they might be doing ;)

A firewall between your local networks has little to do with some vpn service..