@fireix You could run "top" and see what the CPU usage is. 10 seconds is not that long compared to say a 2100 or 3100 loading a couple dozen entries with, say, all US IPs as an alias.

@jakespeed said in webui becomes inaccessible every few minutes:

i am running some usb nics if they're known to be troublesome

SSH or console, run

tail -f /var/log/system.log

What happens when the GUI (web server) dies ?

@jakespeed said in webui becomes inaccessible every few minutes:

i am running some usb nics if they're known to be troublesome

Hummm. USB networking .... I wouldn't even advise my worse enemy to use that solution 😊

FreeBSD (underlying OS of pfSEnse) a,nd USB NICs don't often play well.
Also, more general, the slights electrical miss contact on the USB NIC contacts will wreck havoc in the networking subsystem - interfaces get taken down, reconnect, etc etc.

@jacobrale Are you drunk ?

@Cylosoft said in Button issue in ACME:

I thought bad browser cached items also

That would be my second suggestion.
I saw it happening just ones, a while back, but the issue was gone before I could take a closer look.

The issue is known, btw, as others mentioned it, still not clear (to me) what the common conditions are.

I put these up on github and they can be applied directly in pfSense using the System->Patches feature.

Just include the URL for the RAW file from github and then SAVE.

https://github.com/HVR88/pfSense-Patches

@planetinse

Comparable to, for example, a Microsoft Windows back (Restore point ?), you can not backup a config on one device - let's call it pfSense1 and then restore it on another device, called pfSense2.

That is, this is possible if you are willing to edit the config file.
Only experts should do this, and everybody else willing to accept the consequences.
Consequences are :
The hardware NIC drivers names, like em0 or igb1 should be identical.
Be aware : the unique pfSense device ID should not the same :

f8432baf-d382-4f68-9c46-d9353acb4699-image.png

and true : the could be identical.

You could try this :
Copy the 'block' with HAProxy package settings from one config to the other.
Be aware (I never used HAProxy) : there could be several section.
Be aware : if, for example, HAProxy uses certificates from the certificate pfSense store, the certificate reference should be checked and probably for the destination pfSense.
Be aware : the will be most probably other things to check.

I guess you get it by now : it's an trail and error process, where you need to start worrying when things "seems to work" as they didn't fail yet ^^

@accidentallyadmin oh yeah I did. There was a bug in pfblocker restoring from backup didn't help in my case because the package was still installed. I was able to get it working :D

@accidentallyadmin Nevermind, I found it 😬

@wgstarks yeah I don't have mac anything, only apple I have is iphone and ipad.. and not having any issues with those devices.

But yeah if you have a CA already and signed cert.. If it was installed the error would be that its expired not that you don't trust it.

@Gertjan hmm, yeah disabling that it stopped binding and it makes sense that to redirect it should also bind port 80.
However, that option is actually very useful. Then the problem is with HAProxy. It is trying to bind to every interface with "0.0.0.0" when WAN IP is not present. This should be the problem. Can someone try to replicate that?

@denitrosubmena said in PLEASE stop enforcing firewall rules on pfsense!!! Let us manage our own firewall rules!!!:

My use-case i have pfsense installed at the edge and i need to access it via the WAN address that is public, like every other hardware router in the damn world that is the one that connects directly to internet

To be fair, there's no router anywhere, sold commercially, that's set up to allow access from the public WAN to its webGUI. At least not any that didn't ship without being misconfigured by accident at the factory. Are you suggesting you wanted pf to forward 80 and 443 by default? This is all rhetorical anyway, as pf definitely allows a local connection to the WAN port during setup, which makes things much easier. When LAN has been set up, it's obviously not needed anymore.

@denitrosubmena said in PLEASE stop enforcing firewall rules on pfsense!!! Let us manage our own firewall rules!!!:

proxmox which was blocking everything

I'm new here, but even I think it would have been a great idea to mention right away that pfSense was being virtualized. And on top of that, behind some POS like Proxmox.

@jstaczek said in Route to gateway www.webgui.nokiawifi.com?:

So, ok. Somewhere DNS believes that www.webgui.nokiawifi.com

I guess, this is, what your DNS resolver gets. It might be requesting your ISP router, or the router does intercepting DNS.

I'll have to look for the cable in the box to learn more about the console access! In the meantime, I deleted some of the auto default boot environments from the GUI and it has really worked wonders. Thanks for this.

alt text

@LucasMoraes said in Error Pages WebGUI:

language other than English, it always worked but after this last update which was automatic it started to present errors

A translation issue is what I suspected.
It shouldn't fail, though.

@ff101 you might want to combine them into one rule, just create an alias that has your web gui port(s) - I don't have mine listen on 80 at all. Disabled the redirection option.

And don't forget ssh (normally port 22) if you have ssh enabled on pfsense..

create a virtual IP in pfsense right? I have read about this with accessing dmarc points modems infront of the firewall on the demilitarized zone. This I think creates a known route to something.