@upper-deck If you're finding traffic isn't getting into the queues as expected (Status/Queues) I suggest finding the state for the IP (Diagnostics/States). For example, downloads from a web server are generally an incoming connection to the web server and the download is merely the response.

Thanks everyone for the help. The issue was the email server provider. I configure with gmail app password and can send to more receipients succesfully.

Sorry, I haven't found out what the problem is, I only have to transfer this function to a device that is not a pfsense gateway.

@jonathanlee I got it to work only with Virtualbox only, Security Onion was accessible. I set up port forwarding. However I could not access it outside of of the guest machine. Many SSL errors. I have major issues now with Windows 10 running Hyper-V without it being enabled. I also had the blue screen of death. This was the reason for using virtualbox. Security Onion would not work correctly with Hyper-V for me. I also used a NIC mac to clone for data marshalling to test if it would clone my laptops IP and that worked. This leaves me with questions like is there any container protected NICs security equipped network cards for high security systems like firewalls. My reason for the question is the data marshalling with a clone MAC, and how containers have no visibility with the antivirus on the physical machines. I have also been told during my cyber security classes that scanning for VM and containers are a current issue in the cyber security world. I stated to wonder if software could control a security chip built onto the NIC and take control of all NIC features with the physical host machine's software, and control approved container and virtual software access right on the card. Enough daydreaming for me. . . If you want to check out more info on this adventure to try to get this to work in a virtual environment here is my aftermath issues, that really point out some current security issues with today's hardware. More on Containers and Network Card Security Issues: https://answers.microsoft.com/en-us/protect/forum/all/hyper-v-running-even-after-being-disabled/8d048265-d0d9-465d-b647-9e121ea059bf VirtualBox Install of Security Onion: https://docs.securityonion.net/en/2.3/virtualbox.html#:~:text=Click%20the%20icon%2C%20then%20select,%E2%80%9CAdvanced%E2%80%9D%20options%2C%20set%20%E2%80%9C Port Forward with VirtualBox: https://www.golinuxcloud.com/configure-nat-port-forwarding-virtualbox-cli/

Hmm, how much older was the previous installation? It might have been installed, and therefore booting, legacy and now the clean install is UEFI and failing. You could try reinstalling as legacy BIOS. Steve

Manually forcing reinstall of pfSense-kernel-pfSense-2.6.0.pkg should get you onto the correct kernel after a reboot. But the kernel file you have already looks correct. Once you do that can you ever be 100% confident of the install? If reinstalling is very inconvenient then it's probably worth trying first but reinstalling and restoring a config is usually quick and easy. https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html Steve

That could cause it to 'hang' of it exhausts all memory. It wouldn't cause it to run hot though, pcscd doesn't use any significant CPU. @muralidharanks said in pfsense 2.6.0 over heating after upgrade: now I've changed to intel What temperatures is it reporting? Steve

@ccnewb said in Can't ping client to client - Gateway issue?: when I set "default gateway IPV4" to Combined_WAN in System > Routing Gateway, and then disable the Firewall LAN rule below, internet stops working. Why do you disable it. You need a pass rule to allow internet access. But you should set the gateway to 'none' in the rule.

stephenw10 Thanks for your guide. I followed your steps, by installing the recommended system patch and also applying the custom patch. Whatsapp calls now works fine on my Pfsense 2.6.0

Thanks for help In fact I have a error when trying to connect LAM (Ldap Acount Manager) with ldaps:// I thought it was due to thi CA x509_strict error. but it was not the problem I can fom another vm connect in ldaps:// to my ldap... The strange thing is when creating CA + cert with openssl then testing the CA and cert with x509_strict I get the same answer... => so it is not a pfsense issue ;-)

@stephenw10 said in Use of bridge and span interface for traffic analysis: You might be better off spanning the ports in Proxmox though. I've never tried that. You wouldn't see the traffic inside PPPoE of course. I can see it on the PVE host with tcpdump -i vmbr1 -U -s0 -w - pppoes. But whether it's straightforward to see it with an attached network analysis guest, I have not tried yet.

Cool. Maybe note it in the other ticket for other to read if it's fixed. Steve

@ssmsti said in pfSense kicking off LAN device for trying to download from usenet.: I can't get a ip address assigned to the server after that and the server says that the network cable is unplugged. Any chance you have a loop on the bridge and stp is disconnecting it? If that port is in a bridge how is the bridge configured? The bridge interface is assigned as LAN? Check the output at the command line of ifconfig -vma. Does pfSense also show the link as down? If so that will be logged and may include a reason for it. Steve

If you add logging to the pass rule(s) on the VLAN then you can see the states opened in the firewall logs by filtering on that interface. Steve

@bigsy Thanks; I completely missed that! thank you.

@pkeogan said in PFSense Behind BW320 with Static IPs: I would like to use my PFSense server to handout the public IPs, @pkeogan May I suggest that you take a look at the HaProxy package...

Not really if you don't have any traffic shaping. 200Mbps is above what you would see if there was a link speed/duplex mismatch. You should check Status > Interfaces for errors though. Steve

Run top -HaSP on it during the test and see what's actually happening. I'm betting one core will be pegged at 100%.

@stephenw10 Hi stephenw10 and johnpoz, I changed the NAT mapping protocol to "any", and now I can access the Wifi router from LAN net. Yay, it's working. Thanks so much!

@michmoor I have not had time to test lately - but if unbound uses a shared cache you can not do this. Now it might be possible with views to do something like this - but last I checked you could not specific do view forwarders, and I don't think it creates a different cache per view. Now pretty sure bind can do this, as it creates different caches if not mistaken per view. If you want to to do something like this your local dns has to create separate caches, or you run into a problem with unfiltered looking up host.xyz.com and it getting locally cached, and then filtered client asking for host.xyz.com and get returned the cached value vs it looking up via some filtering forwarded dns that would return blocked. And the reverse happening where blocked gets cached, and then someone that is suppose to be unfiltered getting back the blocked cache. The most reliable way to do this would be to use 2 different dns, that both have same local data.. Where ns1 you run is unfiltered and ns2 you run is filtered. And you point your clients to the specific ns depending if you want them filtered or not filtered. Now you might be able to do something new in unbound there has been some changes of late and they did add rpz policies, etc. . I just do not have any need or desire to do this currently.. And of the mindset if worth filtering - worth filtering for all. So haven't played with if this is now possible in an easy to do way. edit: Looks like steve mentioned using unbound and dnsmasq on pfsense - yeah that could work for sure.