@JRA: Recently we've been getting some password brute-force attempts at the website itself, and I'd like to know the IP address they originate from so I can block it. Ask the 'varnish' admin, or even better : the web server admin. These have extended logs (normally) and they will show you the IP of the offending clients. If you use the "good old web server setup" then blocking becomes easily.

Hi, I just visiting forum today and I wanted to get an answer setting up my pfsense box which I will make few days later. I am looking for how I connect fios internet which now connecting with coax cable. I don't know you saw one of diagram with explanation; https://nguvu.org/pfsense/verizon/pfsense-verizon/ In order to open your web server, you have to know your server ip and should be port forward 80 and 443 that server from the firewall setting. I didn't setting my pfsense box yet and I have to call verizon for asking switch my internet router coax G1100 to pfsense cat 5 that I know. Once connect internet from verizon then you make dhcp service from pfsense and then you got the ip for server and open, it should be Ok. I didn't setting vlan for server and other computers yet but maybe you know better how to separate network for different services. I saw few explanations in the youtube with diagram. Good luck to you.

My collega has found out it should be "pfctl -F sources"

Or see if the file is still in /var/db/aliastables/

How to to view the log of the day? clog don't report! But in quality's graph I've found an incremet of delay. More, I've found in system.log many of this row: Sep 27 11:17:21 pfSense ntopng: 1506503841|1|3|10|Probing or server down: AP13-AulaMagna.localdomain > edge-mqtt-shv-01-mxp1.facebook.com [TCP 192.168.1.196:64182 > 31.13.86.2:443 [proto: 0/Unknown][9/0 pkts][702/0 bytes][SYN]] what it means? I've found this quality's graph in monitoring thanks [image: quality.jpg] [image: quality.jpg_thumb]

Depends on the switch. On pfSense it is in Interfaces > Assignments, LAGGs

So there's no way to know but to try it. As has been said many times, it might or might not work. Want to process dot1q? Use a dot1q switch.

Uhm… https://support.microsoft.com/en-us/help/17472/windows-internet-explorer-11-fix-site-display-problems-compatibility-v

Yes the SSL/Proxy should be completely separate from the pfSense webgui. I would expect you could use letsencrypt for both or either. But they would need to be on different ports. Steve

I started with a fresh install, as suggested by tripplex, restoring the settings and that seems to resolve the issue. I'm still monitoring if it remains online. Once it happens again, I'll wireshark & check the states Steve. Keep you guys updated!

Which OS is your Plex Server running on? Can you use "nslookup" or "dig" for www.google.com from plex console, if so what's the result? Probably not related to your problem but you know that 20.1.1.0/24 is not a designated RFC1918 private address space. It belongs to CSC, Computer Sciences Corporation (CSC and HPE Enterprise Services are now DXC Technology). So whatever services they are hosting from those IPs they won't be accessible to you.

I have toyed a bit with this , and here is a working solution wo. to much "no..no" ********* Works wo sudo hack on linux ************** Only first time (ever) - to make ssh work wo. asking for passwd ssh-keygen ssh-copy-id user@pfsense-fw If sudo is installed on pfsense ---------------------------------- remote:~$ mkfifo /tmp/pcap remote:~$ sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap If sudo is not installed on pfsense ------------------------------------ ssh to pfsense as root/admin , enter 8 for shell remote:~# mkfifo /tmp/pcap remote:~# tcpdump -iigb1 -U -s0 -w - 'not port 22' > /tmp/pcap and send the data by a separate connection: local:~$ mkfifo /tmp/pcap local:~$ ssh user@pfsense-fw "cat /tmp/pcap" > /tmp/pcap and finally start Wireshark local:~$ sudo wireshark -k -i /tmp/pcap ********************* end *************** I do have this one liner working As local root (due to wireshark needs root) local:# ssh user@pfsense-fw sudo tcpdump -iigb1 -U -s0 -w - 'not port 22' | wireshark -k -i - But it requires sudo to be installed on pfsense https://www.cyberciti.biz/faq/how-to-add-delete-grant-sudo-privileges-to-users-on-freebsd-unix-server/ install pkg install security/sudo And some "nasty" visudo things, that would get a "security officer/revision" to get "Red Ears" …. I could prob lock it down to just work with tcpdump , but for now it's allowing my local user to sudo anything wo even asking for a pwd. Provided he's a member of the admin group. Have fun "Sharking" Ps: Most of this nasty stuff would prob not be needed of we could get a way to ssh into pfsense as root , wo. hitting the "menu". Or if we could ssh into pfsense w. a user that was allowed to run tcpdump on an interface. /Bingo

Heper, Thanks for that…..one I had not considered and will probably perform exactly what I need.... In fact as I was typing, on that same system, I just marked the Gateway Offline and put the Gateway Default back to the Primary Link (which has been marked as down) The results were Forwarded Ports to the Secondary WAN link  - responsive Inbound OpenVPN connections working Outbound OpenVPN Connections working Everything else working as it should in a failover situation. Heper, Thanks that appears to do exactly what I need….. Regards Bob

I believe you. Currently working with FreePBX forum to resolve this.

Ha, no need to feel bad, I'm glad you got up and running.  :) Steve

Thank you for replay. I will check and inform.