@johnpoz said in Firewall log TCP -S:

curious let see if you get any hits on those ;)

Probably depends on what types of clients are behind the firewall. I'd certainly expect some hits on some of those.

@Antibiotic Ok , finally I think found correct settings with VPN interfaces. Waveform measuring looks like incorrectly upload speed, Ookla speed test show me correct
1GB upload speed and 1GB download. Have A+))) , without Limiters have B or C. Tested grade on all inerfaces with VPN and without VPN only clear WAN. All looks good grade A+ tested also with a proxy squid also A+. This my final settings Limiters as from official docs and floating rule as below:

Screenshot_4-6-2024_151052_192.168.10.1.jpeg

No it shouldn't lock up the system entirely. You might end up blocking all ICMP traffic depending on how the limiter is configured. That could potentially block gateway monitoring etc.

@Greg2100 said in trouble adding LAN2 & LAN3 interfaces (assignments):

Not very intuitive!!!

For people inexperienced with managed switches, then yeah there is a bit of a learning curve.

@stephenw10,

I would need something to force a status change. Maybe unplug the UPS so that NUT complains.
I have Edge and FireFox I can try on it.

Phizix

Indeed TFTP is, deliberately, very simple. It can be dramatically affected by any latency. You could test a tftp transfer directly and see what speeds you get. If it's bad though there's no much you can do other than use a local server instead.

Yes I would try it. First check the boot logs where is shows the output from the driver when it attaches (or fails to).

Hmm, probably not since that workaround exploited a bug that is now fixed: https://redmine.pfsense.org/issues/14756

So the particular issue you see in an HA setup is that the pfSync Interface is directly connected and hence is link cycled. Yet despite both ends being statically configured and most services not listening to that everything is restarted?

That does seem like something that could be excluded. 🤔

@mauro-tridici create an alias with your country or countries you want to allow, and or any other IPs

allow.jpg

This is the alias that is allowed to talk to my plex server. See I allow US Ips, also Morocco because I have a family member currently living there. Then some other IPs that are used to check if my plex server is up and if not warn me.

The reason for the other lists is because some of those IPs are not always from the US.. Many monitoring services use IPs from all over the planet to make sure your service is up.

That one labeled PlexRemoteCheck is list plex puts out for their IPs that validate your server is available remote - and it can be IPs outside the US as well.

@Yet_learningPFSense said in When installing PFSense, I am asked to connect to the internet:

@anthonys Thanks. I will try again according to the URL you gave me.

Or just download good old offline installation image from here.

@stephenw10 I'm away for a couple of days, I'll look into it when I get back. Thanks for your help.

@stephenw10
I assume this will either work or it will fail without doing any harm? Well, yeah right I can reset to default again if it fails.

Thanks

@stephenw10 Ah , ok)))

@JustAnotherUser Also, you would have to allow computer 2 & 4's subnets across the WG0 tunnel.

@stephenw10 The original script is in bash, but is fairly simple so should be easily adaptable to tcsh.

I know lots of other folks with similar configurations don't even bother with a watchdog script for wpa_supplicant. This is fine if it works. I rather have something in there that ensures there's network connectivity and the supplicant is not stalled.

@johnpoz

Thank you all for the pointers. Good reminder about the ISPs TOS.

You can set it to solve only A records also
unbound resolver custom options like this

server: do-ip4: yes prefer-ip4: yes do-ip6: no prefer-ip6: no private-address: ::/0 dns64-ignore-aaaa: *.* do-not-query-address: :: do-not-query-address: ::1 do-not-query-address: ::/0

@stephenw10
superb sir you are awesome it works fine thankyou so much sir

@markdudov said in IP not showing:

several active machines and I can access them, but for some reason when I go to DHCP Leases, I don't see any of the IP addresses of these machines.

What could be the reason for not showing up in DHCP Leases?

Two possible reasons :
These devices don't use DHCP, they have a static setup.
If the devices are using DHCP, there must be a another 'roque' DHCP server on your network. Check with the devices from what DHCP server they got their lease.