• Host name resolution

    10
    0 Votes
    10 Posts
    2k Views
    johnpozJ

    Yes I have a Pro and lite and LR AP.. I bought the pro after they came out as update to my old gen 1 pro (square ones - someone on the pfsense forums bought it from me), and got the lite and lr when they first beta tested these - they had picked a few active people on the beta forums to test them.. They sent us FREE units to test ;)  It was way better then their new early access store ;) hehehe

    Yeah I have two echo dots, I used alexa for their names (I am very creative hehehe) added -cpu for the one in my computer room (den/office/lab) whatever you want to call my room ;)  If my wife was more techy she might call it the MDF room hehe..

    The only one I know of around here that works or use to be around here and works for unifi is Chris… Miss him here, but he is great over there - very very active on their forums..

  • Moving contents of a Lan to a Vlan

    1
    0 Votes
    1 Posts
    246 Views
    No one has replied
  • WAN ip keep on and off

    3
    0 Votes
    3 Posts
    644 Views
    JKnottJ

    If you have to manually configure it, there's something wrong somewhere.  Both ends are supposed to auto negotiate and setting one end, but not the other can cause problems.  What happens if you connect another computer?  If it does the same, there's an issue with the modem.  If it stops, the problem is with your firewall computer.

  • Cam status unconditionally re-queue request

    4
    0 Votes
    4 Posts
    589 Views
    NollipfSenseN

    @Gertjan:

    Google :
    @NollipfSense:

    …. "cam status unconditionally re-queue request" ....

    Saw wrong partitioned drives (using ZFS) and mostly dead drives, even new ones.
    also : Take your drive on a long S.MA.R.T. walk.

    Thank you for responding…it turned out that the new cable was bad...I just replaced it with another new SATA 3 cable...all is good.

  • Change default TTL value

    9
    0 Votes
    9 Posts
    2k Views
    JKnottJ

    @johnpoz:

    Yeah 64 is common default.. 128 is a lot of freaking hops ;)  Which is why so curious to why would need to change to 128..

    Maybe he has a really BIG network.  ;)

  • Is pfsense FIPS 140-2 complainant

    4
    0 Votes
    4 Posts
    4k Views
    S

    @Harvy66:

    Doing a quick wiki, FIPS 140-2 is about physical security.

    Security Level 2 improves upon the physical security mechanisms of a Security Level 1 cryptographic module by requiring features that show evidence of tampering, including tamper-evident coatings or seals that must be broken to attain physical access to the plaintext cryptographic keys and critical security parameters (CSPs) within the module, or pick-resistant locks on covers or doors to protect against unauthorized physical access.

    It's logically impossible for software to comply with this.

    FIPS 140 seems to be about cryptographic modules. pfSense/FreeBSD may use some cryptographic modules, but are not themselves cryptographic modules.

    @jridings:  Perhaps a better question would be are "Netgate pfSense Security Gateway Appliances" FIPS 140-2 compliant?  Looking over the wiki it appears that any device could be compliant as long as it had a special certified encryption board.  It that case it is just about the physical hardware being certified and no off-the-shelf components will work.  Maybe if you installed a certified board into your build for it to do the cryptography work that would pass?  But finding one that has BSD drivers and getting it to work with pfSense could be a challenge.  I don't see anything that says the entire device must be certified, only the hardware responsible for encrypting but I'm not really sure on that.

  • Upgrade pfsense 2.4.1 for 2.4.2 - AWS

    1
    0 Votes
    1 Posts
    200 Views
    No one has replied
  • MOVED: Help with 2 NICs netgate XG1541

    Locked
    1
    0 Votes
    1 Posts
    191 Views
    No one has replied
  • Firewall not filtering packets

    9
    0 Votes
    9 Posts
    1k Views
    E

    @Derelict:

    Where are you testing from?

    I setup a laptop with a cable straight to the wan port.

    I'm out for now but, what if I set the ip address to the wan instead of the bridge? do you think this would help. Or it shouldn't be different?

  • PFSense with BT YouView (IPTV)

    5
    0 Votes
    5 Posts
    1k Views
    T

    This bug with IGMP Proxy seems to still exist in 2.4.2.
    I have a different ISP, Movistar Spain, with a different setup (IPTV comes through its own separate VLAN) and I still see the same "The IGMP message was from myself. Ignoring." message and no IGMP is forwarded to the right upstream interface.

  • MOVED: Habilitar Youtube

    Locked
    1
    0 Votes
    1 Posts
    339 Views
    No one has replied
  • Looking to make a warning message at login

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • Error: Bump flowset buckets to 64 (was 0)

    3
    0 Votes
    3 Posts
    380 Views
    johnpozJ

    "Waiting for your comments."

    I have a comment - use something that is current and supported..  2.0.1 released end of 2011, shoot its not even the latest version in that line. 2.0.3 was..  The version of freebsd it was on 8.1 was EOL July 31, 2012..

    The OLDEST pfsense you could be running is 2.2.6, with even the resemblance somewhat close to being in the area of dragging your feet..

  • Nginx = 504 Gateway Time-out / 502 Bad Gateway

    7
    0 Votes
    7 Posts
    2k Views
    P

    Ashima has the fix.  I tried a bunch of stuff to get this fixed AND NONE OF IT WORKED until I patched the boot loader!

    https://wiki.freebsd.org/SystemTuning#SYSCTL_TUNING

    "The kern.ipc.somaxconn sysctl limits the size of the listen queue for accepting new TCP connections. The default value of 128 is typically too low for robust handling of new connections in a heavily loaded web server environment. For such environments, we recommend increasing this value to 1024 or higher. The service daemon may itself limit the listen queue size (e.g. sendmail(8), apache) but will often have a directive in its configuration file to adjust the queue size up. Larger listen queues also do a better job of fending off denial of service attacks."

    Thank you Ashima!  I gave you a thank you bump too…if that matters, 5 gold stars, best in class, grade A <-- whatever nice things you can think of.

    This was driving me friggin crazy!!!  :-)

  • [SOLVED] Certain Websites not working

    7
    0 Votes
    7 Posts
    4k Views
    P

    I seem to have found my solution

    https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites

    Step 9 seems to have done the trick:

    Check Clear invalid DF bits instead of dropping the packets on System > Advanced, Firewall/NAT tab

    Jason

  • Kodi+pf/sqiuud/squidguard

    3
    0 Votes
    3 Posts
    692 Views
    M

    @motific:

    Just start with the basic tests - HTTP/500 is an error in the code of the page you're accessing rather than a communication issue.

    Can you reach the page that generates the http 500 response from a browser?

    Since there's only 1 machine behind squid right now, what happens if you bypass/disable them (first squidguard, then squid)…

    does kodi work then? can you use curl to pull down the zip file? can you get to the URL from a browser?

    Once you have those answers it ill narrow down what you need to look at next and you should be able to follow the path logically to get to the root of the problem.

    Also, why do you believe you need a DMZ for those devices?

    I will try this  and  get back to you.

  • Pfsense firewall only setup w/ seperate linksys router & cable modem

    3
    0 Votes
    3 Posts
    1k Views
    M

    Really the best thing is to set up your hardware like this:-

    Modem - pfSense - Lan & wireless router

    Personally, I agree with JKnott - unless you have a very good reason for keeping DHCP/DNS on the Linksys then you'd be better off keeping pfSense visible and reconfiguring the Linksys as a dumb access point.  Giving the Linksys less work to do helps mitigate some of the many security holes present in SoHo routers.  Once set up, you can also pretty much forget about it apart from changing the wifi key every so often.  Since the main interface for what's going on in your network will be pfSense it doesn't make a great deal of sense to separate the responsibilities.

  • Pfsense/Mailserver issue

    16
    0 Votes
    16 Posts
    1k Views
    GertjanG

    That should be ok.
    Use "machine.mydomain.com" in your mail client and you'll be fine from the 'inside'.

    Your domain registrar should also contain "machine.mydomain.com" and point to your WAN IP, where you forward your mail ports to your "machine".

  • One wireless AP with two VLAN's and pfsense?

    4
    0 Votes
    4 Posts
    430 Views
    JKnottJ

    ^^^^
    That's impossible to answer without knowing the hardware.  I suppose really anemic hardware might have problems.

  • Reverse Binding Attack message when trying to use Synology Reverse Proxy

    12
    0 Votes
    12 Posts
    2k Views
    johnpozJ

    Oh my Gawd dude…  You stated you were going here

    I would just go directly to the host/service on the LAN: https://nas1:port.

    That is not a FQDN so how could you be going to your wan IP…  And you stated your were just directly going to the host..

    Yes if your going to your WAN your going to get reflected back in via your proxy or your nat... Dont DO THAT....  Just setup a host override so s1.nas1.domain.net or whatever fqdn you want to hit resturns the correct rfc1918 address..

    What are you putting in your browser when your on your PC behind pfsense??  What does it return for an an IP...

    In your reverse proxy setup your putting in what??  Some other fqdn or hostname - how is pfsense resolve that, some other dns that you have setup??  If pfsense forwards or resolves a FQDN somewhere and it returns rfc1918 then that is a rebind..

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.