Like https://forum.netgate.com/topic/133626/can-i-monitor-external-ips-activities-on-my-web-server-through-pfsense ? Remember : squid is a Cache/Proxy. Also : squid will be close to useless when user access your web server using default settings (== https:// ...)

you should never be hard setting gig.. If you need to down it to 100 or 10 on a gig interface ok. But gig should be auto.. If it doesn't come up gig than you have sort of issue that needs to be corrected. You don't try and hard code it to gig.

"Several times" means : check the logs (all the logs, pfSense captive portal, FreeRadius (enable logs !)) why. It could be anything, except a random issue. This : @gertjan said in Same captive portal zones: To circumvent problems, what about make the names unique ? will blast away your question. Btw : captive portal questions are here https://forum.netgate.com/category/3/captive-portal

Hi, The one that knows all about the 'usage' of your web server, is ... your web server ! pages, size, speed, where from, who, all of it. Tools like awstats and munin and many more, can create statistics without limits. pfSense has a traffic shaper which is excellent for limiting

Thank you, yes it turned out to be the ESX load balancing algorithm, once we changed it the gateways came online.

I'd have to guess bad RAM. db:0:kdb.enter.default> bt Tracing pid 4632 tid 100255 td 0xfffff800a70655c0 pmap_remove_pages() at pmap_remove_pages+0x5f0/frame 0xfffffe0118268580 exec_new_vmspace() at exec_new_vmspace+0x19c/frame 0xfffffe01182685f0 exec_elf64_imgact() at exec_elf64_imgact+0x8d8/frame 0xfffffe01182686e0 kern_execve() at kern_execve+0x77c/frame 0xfffffe0118268a40 sys_execve() at sys_execve+0x4a/frame 0xfffffe0118268ac0 amd64_syscall() at amd64_syscall+0xa4c/frame 0xfffffe0118268bf0 fast_syscall_common() at fast_syscall_common+0x106/frame 0x7fffffffe380 db:0:kdb.enter.default> ps Do you have any further crashes? Do they look identical or more random? Bad RAM usually results in relatively random crash logs. That can also start happening spontaneously. Possibly a bad drive. Steve

You can use dynamic Limiters to share the available bandwidth equally among the connecting IPs. You would have to set a total available value though and that may throttle traffic on the DSL connection. The Limiters would need to be on the LAN side to see the different client IPs. Steve

Then can you not just ping them from each interface in a script? Just use the bind switch to select the source IP. Steve

So FTP servers behind the firewall that cannot be configured to pass an external IP or use a custom data port range? Apart from the already mentioned issues can you not persuade customers to at least use a half decent FTP server? Steve

Thank John!

@jakemendonza When a modem is in bridge mode, it doesn't have a public ID, though the ISP may have an internal address used for management. You would likely be seeing the address assigned to the firewall/router.

hmm What about haproxy with combination of standalone HTTP server method? This is how I do it for all my hosts. Acme starts http server on localhost and on haproxy I have backend on that same ip and port 80. Then again on haproxy there is ACL path starts with /.well-known/acme-challenge and it gets redirected to backend which is actually acme standalone server :)

First thing I would do is setup your vip.. And then validate your seeing traffic to the vip before doing anything with any rules or 1:1 nat.. Since its not possible for pfsense to do anything with said traffic until it actually gets to pfsense wan. Maybe you have something between where your trying and pfsense wan that blocks 22 (ssh). Once you have traffic getting to pfsense on the port you want, then you can forward it to what you need be it with normal port forward or 1:1

You can recover the automatic backup from right before you made those changes if available. Take a look at Diagnostics > Backup & Restore, Config History

Doubtful that was actually necessary. But if that's what you have done, that's where you are now.