General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  3
  0
  Votes
  3
  Posts
  1228
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9423
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• S

  2.5.0 Release
  • Sessa45  

  2
  0
  Votes
  2
  Posts
  65
  Views

  

  pfsense Release Date News
• R

  PFSense problem on Openstack/KVM
  • roberto.bertucci  

  5
  0
  Votes
  5
  Posts
  43
  Views

  R

  @viragomann said in PFSense problem on Openstack/KVM: @roberto-bertucci said in PFSense problem on Openstack/KVM: I am not able to access to web interface. Why not? This is part of my problems. Simply, web interface is not reponding to connections from LAN or WAN side. nginx.log says nothing and i am stuck on this first problem (it would be great to have any hint on this too :D ) . I don't see any correlation with connections dropping and i was trying to solve this before any other issue to be able to connect via ssh and do an easyer debug instead f working in VM console. BTW, i am going to apply change in config.xmal and will et you know if it worked. Thank you again
• G

  How Can I Mount a Drive when Booting from the Install USB
  • guardian  

  1
  0
  Votes
  1
  Posts
  11
  Views

  No one has replied

• C

  VLSM
  • CiCC  

  2
  0
  Votes
  2
  Posts
  22
  Views

  

  @CiCC Yes, it does support variable length subnet masks. However, you have overlapping subnets. That 192.168.2.0 /22 is in fact 192.168.0.0 /22 because the mask erases the .2 in the 3rd byte of the address. The next network up that supports /22 is 192.168.4.0.
• B

  Multi-WAN acting strange
  • Buck101  

  1
  0
  Votes
  1
  Posts
  8
  Views

  No one has replied

• W

  Pfsense, No internet when it is said "You are connected".
  • weiphyo  

  99
  1
  Votes
  99
  Posts
  4852
  Views

  R

  @Gertjan Thanks for this information. It useful
• J

  pfSense stopped routing after power failure
  • jlw52761  

  12
  0
  Votes
  12
  Posts
  125
  Views

  J

  @bmeeks Got one 500VA UPS coming tomorrow for the fiber modem, pfSense, switch, and the two UniFi AP's. This will be USB cabled to the pfSense and it's an APC so if nut doesn't work then I will use apcupsd. I have a second UPS also coming, in the range of 1800VA for my NAS, switch, and ESXi boxes. As far as the restore, since I have backups and copy them off the appliance, it was stupid simple. I created the USB key, added the FAT32 "Recover" partition and copied the backup xml file and named it config.xml. I had to hook the firewall up to my TV as I have no VGA monitors in my house surprisingly, but it booted, installed, and on reboot applied config.xml and was up and going. Stupid simple DR in my mind and a huge bonus for pfSense in my book! From now on, it's going to be a DR instead of hours of troubleshooting, its just too damned easy to recover. Going to use a SIIG USB over IP device and a FTDI cable to have remote access to the console for any future needs.
• J

  Restoring Backups from Another Firewall or a Previous Installation
  • j.koch  

  2
  0
  Votes
  2
  Posts
  36
  Views

  

  Usually that would indicate that you didn't provide the correct encryption password
• K

  Cron for WOL
  • Khampol  

  10
  0
  Votes
  10
  Posts
  986
  Views

  

  I've discovered a solution for this problem. Here you can find it. It' s a german post. Translated it says: You have to activate the "static ARP" option at the "DHCP Static Mappings for this Interface" of the DHCP Server. Now you can wake your Host up with (direct from shell or via cron): /usr/local/bin/wol -i IP MAC Best regards
• S

  pfsense not using GoDaddy's domain forward, only for internal users
  • scottys  

  19
  0
  Votes
  19
  Posts
  330
  Views

  S

  bump. I have gone through every setting I can think of from outing to NAT to firewall rules to where it might be getting blocked, and I can't find anything. Anyone run into issues like this?
• L

  Automating CRL
  • leacho73  

  1
  0
  Votes
  1
  Posts
  14
  Views

  No one has replied

• T

  No internet access (Gateway offline?)
  • techgeek055  

  12
  0
  Votes
  12
  Posts
  7870
  Views

  S

  @techgeek055 can you tell me how you did it? i face the same problem though i got live ips from the service provider, the ping is working fine. do i need to change the monitor DNS to the google?
• 

  pfSense as inline IPS/IDS VM appliance
  • smyky  

  3
  0
  Votes
  3
  Posts
  69
  Views

  

  Never mind, checking KB below and selecting "Disable hardware checksum offload" option did a trick: https://docs.netgate.com/pfsense/en/latest/interfaces/low-throughput-troubleshooting.html
• D

  Bridging a D-Link DWR-953 's 4G connection to pfSense?
  • dwr953topfsense  

  1
  0
  Votes
  1
  Posts
  16
  Views

  No one has replied

• X

  Firewall looses L2/L3 connection, VLAN tagging - Intel igb driver
  • xciter327  

  19
  0
  Votes
  19
  Posts
  207
  Views

  X

  Have not had time to script tests yet. One of the 2 brand new boxes with same hardware and "WOL" disabled froze a couple of days ago as well. The previous box's console was still interactive when issue happened. This one was a full freeze. Not reacting to any inputs.
• H

  pfsense on Hyper-V and hardware crypto
  • Hammer8  

  11
  0
  Votes
  11
  Posts
  91
  Views

  H

  Thank you!
• C

  Firewall Change log
  • CyClore  

  7
  0
  Votes
  7
  Posts
  2119
  Views

  N

  @jimp Any update now ? I would like to us this feature as Official
• V

  Intermittent lack of internet (Google?) on some devices
  dns google • • velkrosmaak  

  4
  0
  Votes
  4
  Posts
  54
  Views

  V

  Followed the full reset instructions on the linked page, reinstalled squid - back in business. Thanks for the help @stephenw10!
• 

  pfSense 2.5 Release Date News
  • NollipfSense  

  46
  2
  Votes
  46
  Posts
  2651
  Views

  W

  @jimp hope you are having a good one!
• J

  Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?
  • Jpub  

  45
  0
  Votes
  45
  Posts
  187
  Views

  J

  @johnpoz said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?: @Jpub said in Planning to use PFsense with Cisco L3 core router and Unifi for L2... does this look ok? suggestions?: Keep it simple." Which is why you have to make the choice - if you want to easy firewall, then use pfsense to route between your vlans - be it you fire up another another one in the core, or just route at the edge.. Or are you going to take the time to actually do it correctly at your L3... If your not - then you might as well just do a big fat flat network and not have to worry about the routing at all. In pfsense land, one thing I've read as a reason for segmenting, at the least in terms of provisioning IP's along CIDR/subnet lines, is if you're using IDS then you can filter and target logs better. Another is "network ACL's" ... but yeah.... it sounds great, but maintaining this doesn't seem like something a small shop would be doing very well beyond that first day or two they set it up. The IDS logs I think I would actually use a lot, or at least want to narrow things down quickly on alert.
• S

  Changing Network Interface Names
  • scott.ackerman  

  9
  0
  Votes
  9
  Posts
  69
  Views

  S

  Thank you sir :-)
• F

  pfSense logs to Alien Vault OSSIM
  • Fareed Jamali  

  3
  0
  Votes
  3
  Posts
  43
  Views

  F

  Hey steve, So there is a plugin in OSSIM which I enabled thinking that might help me read pfSense logs directly but I realized that is not going to work. Besides that I found about https://github.com/decay/alienvault-pfsense. This seems promising but it says AlienVault USM not OSSIM. Not sure if I should try this or not so I wonder if I could get some help.
• 

  pfsense
  • kidist  

  7
  0
  Votes
  7
  Posts
  93
  Views

  

  @KOM okay then thanks i will try my best
• E

  Query on iperf results
  • edz  

  1
  0
  Votes
  1
  Posts
  24
  Views

  No one has replied

• T

  pfsense, bridge gbic fiber question
  • teddygramps  

  6
  0
  Votes
  6
  Posts
  69
  Views

  T

  @teddygramps And on those dell cards, be careful many are small form factor. These cards won't fit in a regular size atx motherboard setup. There are people who do sell the proper bracket out of china.
• Y

  Block video streaming in YouTube, facebook and WhatsApp web sites !!!
  • yahav02  

  7
  0
  Votes
  7
  Posts
  4498
  Views

  S

  @yahav02 how are you? I want help in blocking YouTube and Torrent sites. Help will be greatly appreciated. Thanking you in advance
• B

  Software which doesn't work with pfSense+Squid
  • Big80  

  5
  0
  Votes
  5
  Posts
  59
  Views

  

  The easiest way around this is to create an alias called ProxyExempt for example, and then add all clients that you want to that alias. Then add a firewall rule just above your tcp80,443 block that allows ProxyExempt out on those same ports. That's how I do it:
• S

  502 bad gateway
  • ShubhamPunnase  

  3
  0
  Votes
  3
  Posts
  51
  Views

  S

  Hello Steve Systems Activity page....... Packages are...... System information.... And bandwidth is 20MBPS unlimited.
• B

  How can I install Midnight Commander on pfSense?
  • Balanga  

  17
  0
  Votes
  17
  Posts
  5158
  Views

  

  I don't see a feature request open for this yet. https://redmine.pfsense.org/ Steve
• W

  How to tag interface SFP+ ix0 on an XG-7100
  • wessel  

  2
  0
  Votes
  2
  Posts
  34
  Views

  

  You have to create the VLANs in Interfaces > Assign > VLANs Add whatever VLAN you need using ix0 as the parent interface. Then assign and enable the new ix0.x VLAN interface in Interfaces > Assign as you would with any other interface. Steve
• M

  Netgate SG-3100 LAN ports cannot go through LAN Gateway.
  • mmajian  

  64
  0
  Votes
  64
  Posts
  269
  Views

  

  In 3.5 years here at Netgate plus a long time before that I have never seen a situation that required Static ARP to fix.
• T

  pfsense source code
  • Tewodros  

  4
  0
  Votes
  4
  Posts
  81
  Views

  

  What pSense version? What browser? What OS? What error are you seeing? More info needed. Steve
• D

  Pfsense in conflict with cyberoam?
  • Danvick  

  4
  0
  Votes
  4
  Posts
  39
  Views

  

  Do you just have a port open on your WAN to allow access the webgui? A port forward? Are you accessing it by IP directly or by FQDN? Is the Cyberoam device known to you? How is it connected if so? Steve
• D

  Crash report begins. Anonymous machine information
  • danieljoseph  

  6
  0
  Votes
  6
  Posts
  46
  Views

  

  Ah, then that's almost certainly the cause! In environments where it's not possible to guaranty the power you can set /var and /tmp as ram drives. That minimises drive writes and hence the chances of filesystem issues. That's a setting in Sys > Adv > Misc. It does require rebooting to set that. Steve
• R

  pkg-static update using 100% cpu. What is broke?
  • RedDelPaPa  

  7
  0
  Votes
  7
  Posts
  63
  Views

  R

  I haven't tried. I will test that when I have some time to be physically near the router.
• D

  Dual WAN Keep 1 User To Specific WAN
  • disputes  

  2
  0
  Votes
  2
  Posts
  21
  Views

  

  Unless you have fiddled with gateways groups and failover, it will not fail over if WAN2 goes down.
• R

  This topic is deleted!
  • robofood  

  1
  0
  Votes
  1
  Posts
  5
  Views

  No one has replied

• N

  themes and/or feature suggestion....
  • nrf  

  3
  0
  Votes
  3
  Posts
  49
  Views

  N

  so I have chosen one that would turn the bars green, will they change color as the situation nears criticality? I don't want to run up my router to find out.