Thank you for the great discussion everyone. Lots of good info.

What is in the log?
With UPS not connected I see the same "Failed to retrieve status" on UPS Status page and lots of messages from upsd and upsmon in the log.
What is the part number of the cable you have? Something like 940-XXXX
Do you have the same software (NUT) on your web server where you tested your UPS?

Thanks!

#!/usr/local/bin/php -f # # Script to check the Version and print a Output in the Nagios-Plugin-Syntax # require("globals.inc"); require("config.inc"); require("functions.inc"); require_once("pkg-utils.inc"); $system_version = get_system_pkg_version(true, false); $iCheckExitCode = 3; if (!is_array($system_version) || !isset($system_version['version']) || !isset($system_version['installed_version'])) {         echo "Uknown - Error in version information";         exit( $iCheckExitCode ); }         switch ($system_version['pkg_version_compare']) {         case '<':                 echo "Critical -  Version " . $system_version['version'] . " is available.";                 $iCheckExitCode = 2;                 break;         case '=':                 echo "Ok - The system is on the latest versioni (" . $system_version['installed_version'] . ").";                 $iCheckExitCode = 0;                 break;         case '>':                 echo "Warning - The system is on a later version than official release.";                 $iCheckExitCode = 1;                 break;         default:                 echo "Unknown - Error comparing installed with latest version available";                 $iCheckExitCode = 3;                 break;         } exit( $iCheckExitCode ); ?>

So your using squid?  And blocking say www.facebook.com but they are getting through via https?

To give you the best solution some more context would be helpful.  Why are you wanting to block this, is this a work setting, home, school are you using proxy or squidguard currently, etc.

This is the current/correct code for that section:

// Gateway selector is populated by JavaScript updateGWselect() function $section->addInput(new Form_Select( 'gateway', 'Gateway', '', [] ))->setHelp('Leave as \'default\' to use the system routing table. Or choose a '. 'gateway to utilize policy based routing. %sGateway selection is not valid for "IPV4+IPV6" address family.', array(' ')); $group = new Form_Group('In / Out pipe');

I don't know why your system is not picking up the current version (2.3.6.a.20180223.0519) Try option 13 from the command line interface and see if that helps.

Thanks for doing that JohnPoz.

This is the answer I expected but I wanted to cover all the bases.

The issue is obviously something between what IISCrypto is showing and what the server is actually using.

I know this is an old thread, but I'd really like to see the contents of the "check_cputemp.sh" file for pfsense.

Hey, once more.

So, I have played around a little bit more with configurations and I managed to force that opt1 interface would be used on tun0:
http://prntscr.com/iifq73

I set Manual NAT rules, and forced LAN to go through OPT1 gateway but that did not make the trick.

Maybe you guys would have any trick under the sleeve? As it feels that all configurations are so close.

If you do not have control of the upstream router and its routes, and nat functions and firewall rules then yes you would have to nat at pfsense to use it..

As to getting to stuff behind pfsense from stuff on the wan network you would need to port forward and hit the pfsense wan IP to get forwarded to the stuff behind pfsense.

Why not just replace whatever is at the edge with pfsense?  And let pfsense handle all your networks and the nat to the public, etc.  Then you would not need to nat between your network and could just firewall.

Worse case is just move everything behind pfsense and live with the double nat to the internet, etc.  You would just need a AP to put behind pfsense if you can not just use that sg306 device as AP and need it to be your modem/gateway to the internet.

While your at it get a smart switch so you can do vlans and AP that can do vlans and now you would be cooking with gas! ;)

And you could do all that with a nat as well..

That crash appears to be in ZFS disk i/o.

It could be a filesystem problem or it could be a disk/hardware issue

All that done, it works now, but I may have configured wrong.

Regarding NAT configuration (Firewall > NAT > Outbound), mine was set to "Automatic outbound NAT rule generation (IPsec passthrough included)". This was its default configuration, I had never touched it. All what it did had been generated automatically. It contained three pairs of rules (total 6 rules), related respectively to the 127.0.0.0 /8 source (whatever that may be) and my two VLANS. Then, the instruction was to add a new outbound NAT rule. Specifically: (1) switch to "Manual outbound NAT" ; (2) create the ModemAccess new outbound NAT rule ; (3) save. Now, my Firewall > NAT > Outbound configuration is set to "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)". The screen shot below shows that I have now my original 6 automated rules plus the one that I manually added.

I still do not know the role of the initial 6 automated rules and would be perfectly unable to determine when this set of rules would need to be changed. For that reason, it seems to me I would be better off switching now to "Hybrid Outbound NAT rule generation (Automatic Outbound NAT + rules below)", thus preserving the one manual rule that I created, the former 6 automated rules that were formerly generated automatically, plus any additions (or changes) to my initial 6 automated rules.

To which extent is my thinking wrong ?

Any advice on this would be welcome. TIA.

2018-02-22_OutboundNATrules.png
2018-02-22_OutboundNATrules.png_thumb

https://forum.pfsense.org/index.php?board=60.0

I personally have been using the dns resolver/forwarder blackholeing in combination with a dns NAT rule to force all DNS requests to be resolved locally.

Helo all
I've found the Problem. It wasn't on the pfsense.
It was a DOS-Prevention on a Zyxel Switch.

admins