General pfSense Questions

• 

  pfSense Hangouts are available on YouTube!
  • ivor  

  3
  0
  Votes
  3
  Posts
  1328
  Views

  A

  Subscription done!!!
• 

  Share your pfSense stories!
  • jdillard  

  18
  0
  Votes
  18
  Posts
  9540
  Views

  P

  I hope this thread is still alive :) I was using m0n0wall for a long time (still have one that's been alive without reboot almost 7 years!) before I came across the first customer needing VLAN, about 12 years ago I think. I got recommended to check out pfsense, and I have since then never looked back. These days I run my own company and importing hardware and building our own routers based on APU2 board and pfsense. We have at least 200+ installations out there, and we're also running pfsense in our small datacenter where we maintain our smallest customers, as well as the two geographical backup sites we keep for customer data. And, at home of course, where I hide my entire network behind an OpenVPN service setup in pfsense. I'm originally a Windows-guy, but after I met pfsense I realised there's a whole world of open source out there so I started learning, and today roughly half of our services are based on open source. Comparing pfsense to Cisco or the likes, I'd say there is no competition when it comes to price / functionality / reliability (as long as you use an appropriate hardware). Only kind words from me! ...and were are also retailers for Netgate in Sweden, not that we have a lot of customers of the size demanding that good hardware.
• M

  How to find spambot? Got network abuse report from my ISP
  • MrGlasspoole  

  39
  0
  Votes
  39
  Posts
  341
  Views

  

  There is a whole bunch of traffic to 25 in that listing... But its showing your wan IP..
• T

  multi domain for lan
  • T.Soprano  

  1
  0
  Votes
  1
  Posts
  10
  Views

  No one has replied

• P

  Port Forwarding Website
  • PC-2011  

  3
  0
  Votes
  3
  Posts
  44
  Views

  

  If you connect to it externally traffic will hit the portforwarder and be redirected before they ever hit the pfSense webgui so it should not matter if that's also running on port 80. If you are connecting from the inside using the external IP, or an FQDN that resolves the external IP, then you do not hit the forwarder and instead see the webgui. If you need to bge able to do that you need to use split DNS or NAT reflection: https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html However it seems more like your server is not responding for some reason since that port forward is correct. Steve
• D

  Can't access Web Sites behind nginx reverse proxy.
  • DonWood  

  6
  0
  Votes
  6
  Posts
  43
  Views

  D

  Hey Steve thanks for the reply but it doesn't make sense. If someone wants to access my web page the request comes to my public ip. Hits my router and needs to get to my reverse proxy to be forwarded to my web servers. How is the destination set to the wan ip going to hit my proxy server to direct traffic to the web servers?
• D

  Can't get to login.microsoft.com
  • dcihon  

  10
  0
  Votes
  10
  Posts
  102
  Views

  D

  C:\WINDOWS\system32>tracert login.microsoft.com Tracing route to san.current.a.prd.aadg.akadns.net [40.126.0.70] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms pfsense.eaglestl.com [192.168.1.1] 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out. 5 * * * Request timed out. 6 * * * Request timed out. 7 * * * Request timed out. 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 * * * Request timed out. 12 * * * Request timed out. 13 * * * Request timed out. 14 * * * Request timed out. 15 * * * Request timed out. 16 * * * Request timed out. 17 * * * Request timed out. 18 * * * Request timed out. 19 * * * Request timed out. 20 * * * Request timed out. 21 * * * Request timed out. 22 * * * Request timed out. 23 * * * Request timed out. 24 * * * Request timed out. 25 * * * Request timed out. 26 * * * Request timed out. 27 * * * Request timed out. 28 * * * Request timed out. 29 * * * Request timed out. 30 * * * Request timed out.
• P

  NAT forwarded ports
  • ppssysadmin  

  5
  0
  Votes
  5
  Posts
  71
  Views

  P

  @stephenw10 Nothing was hard coded but I confirmed the issue with tcpdump. The areas where this impacted me seemed to be only in NAT functions
• A

  Port Forwarding Problems
  • az  

  2
  0
  Votes
  2
  Posts
  27
  Views

  

  What port test are you using? 192.168.1.146 should report success on port 8443. You won't be able to test the forward from pfSense itself. But if you try some external test such as canyouseeme and then check the state table for :25565 you should see the NAT'd state with traffic both ways. Steve
• A

  NTP PPS False Ticker?
  • AWBbox  

  2
  0
  Votes
  2
  Posts
  36
  Views

  

  ntpd can be a fickle beast! When I was last doing this I found that getting the fudge times tuned was all important but you look to have <1ms there. You can set the PPS signal to be rising or falling edge which obviously makes a pretty big difference. Have you tried that? Steve
• 

  pfSense can not retrieve WAN IP address from direct connection to modem anymore
  • kb8wfh  

  13
  0
  Votes
  13
  Posts
  123
  Views

  

  Did you reboot the modem?
• B

  Pfsense in Azure - Cannot reach host on IPsec tunnel
  • bhodges  

  7
  0
  Votes
  7
  Posts
  45
  Views

  

  Is the remote network a public subnet there? You should not need to NAT anywhere. You definitely should not be NATing on all the interfaces like that. And you absolutely should never NAT on the IPSec interface like that. NAT in the P2 config if you need to NAT over IPSec. So I would disable or remove those rules there. Also if you are adding outbound NAT rules you should use some source other than 'any'. For instance with those rules you have it will be NATing it's own IPSec traffic outbound which can only break things. If the tunnel is up you should be able to ping to something on the remote side using the LAN IP as source. If you cannot either the tunnel is not up or it's blocked at the remote end. Show us the IPSec status page. Steve
• A

  How do you restore the original mac address of an interface after spoofing?
  • AlexV  

  2
  0
  Votes
  2
  Posts
  25
  Views

  

  This https://forum.netgate.com/topic/104475/resetting-mac-address-to-nic-real-address ?
• N

  Sending email through SendGrid fails
  email smtp • • ndemarco  

  7
  0
  Votes
  7
  Posts
  77
  Views

  N

  @Gertjan Thanks! That worked a treat. I posted a quick tutorial on my blog here, and someone else did the same here.
• S

  Problems with PIA-VPN Interface
  • statecowboy  

  1
  0
  Votes
  1
  Posts
  24
  Views

  No one has replied

• D

  Why doesn't DHCP work consistently on my PFsense box?
  • Dave R2  

  7
  0
  Votes
  7
  Posts
  85
  Views

  

  @Dave-R2 said in Why doesn't DHCP work consistently on my PFsense box?: Could be, but I still don't get why tcpdump on em0 isn't seeing any DHCP replies from the modem? Do you have a managed switch that you can set up for port mirroring? If so, you can use it to connect a computer running Wireshark, to see what's happening on the wire. Sometimes testing with the problem device doesn't always work well. I experienced this with a problem I had with my ISP last year. I used the managed switch and Wireshark to capture then entire sequence from boot up, which you just can't do with Packet Capture.
• G

  DNS crashing every ~ 36 hours or so and unbound has to be restarted.
  • gawainxx  

  21
  0
  Votes
  21
  Posts
  231
  Views

  G

  That was my thought as well although another had suggested it may be related. Installed packages are as follows Avahi notpng nut Openvpn-client-export service_watchdog (New per this thread) snort
• A

  System Logs Format (rsyslog)
  • arrmo  

  15
  0
  Votes
  15
  Posts
  201
  Views

  

  Finally had time to pivot back to this one. I pushed a fix that seems to do a decent job of parsing dynamically, even when the logs contain a mix of entries in different formats. It should show up in snapshots soon. https://redmine.pfsense.org/issues/9808 https://github.com/pfsense/pfsense/commit/b16c3a12c61c117e9c8140b115efc7f9acea96c5
• J

  Implement pfSense To Protect Distributed Virtual Private Servers
  • jtomelevage  

  11
  0
  Votes
  11
  Posts
  97
  Views

  

  I've never used Vultr so I have no way to know if this fits you usage.... https://www.vultr.com/docs/configuring-private-network I note that: "Private networks are only available on Vultr compute and dedicated compute instances." Steve
• T

  Migrationg from OPNsense to pfSense
  • trinitech  

  7
  0
  Votes
  7
  Posts
  43
  Views

  T

  We set the LTE as bridge mode but not too happy with it. Looking at getting the MikroTik LHG 4G/LTE to replace it
• I

  pfSense Zabbix template
  • ilbicio  

  1
  0
  Votes
  1
  Posts
  15
  Views

  No one has replied

• M

  PfSense as NVA in Azure HELP PLS!!!
  • mbogoev  

  1
  0
  Votes
  1
  Posts
  19
  Views

  No one has replied

• N

  DNS Forwards or Zones? Or how do I setup a backup + forward.
  • nafeasonto  

  3
  0
  Votes
  3
  Posts
  41
  Views

  

  So in this scenario both your DCs are down? Because AD can for sure share their dns info. If both your DCs are down - you have bigger problems then a copy of your dns records running on pfsense ;) But sure running bind on pfsense would allow for zone xfers from your AD dns..
• 

  High WAN Usage
  • manjotsc  

  3
  0
  Votes
  3
  Posts
  31
  Views

  

  @freska99 I'll keep an eye for next time it happens, I am pretty sure it is going happen again, because It had happend to me, couple time. Thanks.
• Z

  Active Directory/LDAP and WebGUI
  • zarje  

  9
  0
  Votes
  9
  Posts
  5146
  Views

  J

  @dreamslacker Bingo, that was the piece I forgot, thanks!
• A

  Configuring static wan IP
  • az  

  4
  0
  Votes
  4
  Posts
  47
  Views

  

  Ha! That happens... disappointingly often.
• H

  PFSense 2.4.4 User Authentication Using Zentyal 6.1
  • Hazmat480  

  1
  0
  Votes
  1
  Posts
  19
  Views

  No one has replied

• R

  Proxy, Whitelist
  • rglenn  

  1
  0
  Votes
  1
  Posts
  10
  Views

  No one has replied

• D

  self-paced PfSense courses?
  • detox  

  1
  0
  Votes
  1
  Posts
  28
  Views

  No one has replied

• M

  apcupsd- Back UPS 650VA
  • mbrossar  

  15
  0
  Votes
  15
  Posts
  77
  Views

  M

  @jimp LOL! I have been thinking this very thing and will probably do it. If I do, I’ll report back.
• P

  LDAP authentication works in Diag:Auth but not for login
  • ppssysadmin  

  1
  0
  Votes
  1
  Posts
  23
  Views

  No one has replied

• B

  how to block bad guys who is sharing internet by laptop
  • begaa  

  18
  0
  Votes
  18
  Posts
  201
  Views

  

  @marvosa said in how to block bad guys who is sharing internet by laptop: We even have a few clinics that are sharing a single T1... A real T1? These days, those are generally emulated over Ethernet. I first did that over 10 years ago. They have also been run over SHDSL for many years. I was working with that stuff back in the early '90s. I suppose there are still some parts of the world that rely on 2 cans and a string.
• A

  Pfsense 2.5.0 pppoe Limit on Radius
  • asim  

  6
  0
  Votes
  6
  Posts
  75
  Views

  

  Possible solution here: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-working/3 Pretty hacky though.... Steve
• R

  [2.4.4p3] Reboots with ctrl-alt-del on console even though hw.syscons.kbd_reboot = 0
  • rgijsen  

  3
  0
  Votes
  3
  Posts
  38
  Views

  R

  @jimp said in [2.4.4p3] Reboots with ctrl-alt-del on console even though hw.syscons.kbd_reboot = 0: kern.vt.kbd_reboot That was a quick fix, that indeed works. I wonder if that could be in the default tunables table, or maybe even a GUI options somewhere, I musn't be the only one who rebooted their box unintentionally by pressing this often-used MS combination... Thanks!
• T

  Is pfSense affected from CVE-2019-19521: Authentication bypass?
  • tm_an  

  2
  0
  Votes
  2
  Posts
  112
  Views

  T

  Just crosslinking the other thread, basically asking the same question. https://forum.netgate.com/topic/148666/cve-2019-19521-and-pfsense To date: no "official" statement there either, but same assumptions about FreeBSD != OpenBSD, plus pfSense not using anything of the mentioned auth mechanisms exept for SSH, which would fail anyways.
• S

  pfsense backup
  • sunacaso  

  2
  0
  Votes
  2
  Posts
  23
  Views

  M

  Diagnostics > Backup & Restore > Download configuration as XML
• E

  Gateway Not Active when connecting to 4g comcast backup gateway
  4g failover gateway comcast • • ercoupeflyer  

  21
  0
  Votes
  21
  Posts
  133
  Views

  

  It looks like you have something configured using 192.168/16 somewhere that is conflicting. It's not in the routing table though. I would open your config file and search it for 192.168 and see what pops out at this point. There will be a lot of entries since you're using that for LAN. Steve
• 

  User account - need permission to run scripts via SSH
  • tkohhh  

  15
  0
  Votes
  15
  Posts
  118
  Views

  

  @tkohhh said in User account - need permission to run scripts via SSH: why is logging on as root considered insecure? Root has absolute power and can do a lot of damage. Mere mortals cannot damage anything out of their own area. If you only have local access and no one else can log in with the root ID, then you're okay. One common practice is to require those with root access to log in with their own ID, then su to root. This creates a log entry to show who assumed root access. Of course, never allow root login via anywhere beyond the local LAN. If I want to connect remotely, then I have to fist connect to my main system and then connect to my firewall from there. You can also enable passwordless connections, which use a public/private key pair, to ensure connections only from that one computer.
• T

  Eventual TFTP failure - "couldn't forward tftp packet: Permission denied"
  • TreyD  

  8
  0
  Votes
  8
  Posts
  60
  Views

  T

  @stephenw10 Good call - I'll start here next time pfsense is in this state and see if those requests are making it out of the firewall. I ended up rebooting pfsense last night and everything came back up fully functional. I have no doubt this situation will happen again, and I usually have a chunk of time to mess around with it. If this indeed only happens during a power outage or loss of provider, I can at least know to reboot the system when the automated alerts tell me things have come back up - that alone is a big win. I can't confirm as I didn't think to check the uptime in the past, but it seems as good a theory as any right now. I'll keep an eye on this post for any new comments, and I truly appreciate everyone's time and assistance in helping me resolve this issue.
• A

  Diagnosing can't ping out
  • axxxxe  

  6
  0
  Votes
  6
  Posts
  47
  Views

  

  What happened? How could I have diagnosed further before resorting to a reboot? Probably packet captures to see what was actually going out WAN. Evaluating the routing table to see what the state of the network was at the time.