Do you or have you in the past had any networks/vlans on 192.168.100.0 No Do you or have you in the past had any static routes setup for 192.168.100.0 Maybe I had a firewall rule at one point, but not at the moment. Do you or have you in the past had pfBlockerNG installed. Yes, currently installed

I'm not sure how 192.168.100.0 is relevant because with and without pfsense configured to reject those DHCP leases the WAN issue is the same.

@jaquintero:

Good morning

Welcome to the forum.

ASSP (to send and receive mails).  NO Postfix (for delivery mails to internal Exchange Server with transport protocol).  NO DNS (actually use bind9). Yes, there is a BIND package for pfSense Apache (for SSL certificates of our sites).  NO Reverse proxy (to show our sites allocated in other server). YES, HAproxy and Squid are available

HTH

@johnpoz:

Wouldn't you just normally do GRE over Ipsec if you needed layer 2 connectivity?  This way your traffic is encrypted.

not trying to hijack this thread but since you mention it– got any decent guides or tuts for setting up GRE-over-IPSEC w/ pfSense? I've not really come across any and the topic has always interested me.

What model of modem?
http://badmodems.com/

Puma modems will bog down with lots of UDP traffic and cause issues similar to yours.

I went with creating a user into FreeIPA with Read access.

Hey, could you help me create the binddn account.
dn: uid=panopsy,cn=sysaccounts,cn=etc,dc=open-synergy,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: panopsy
userPassword:: xxxxxx

I created it. But then in pfsense when I set  the Bind credentials to: uid=panopsy,cn=sysaccounts,cn=etc,dc=open-synergy,dc=com
Doesn't work: /diag_authentication.php: ERROR! Could not bind to server xxxxxx

However, cn="Directory Manager" works like a charm but not safe of course…

I don't know what I get wrong here.

Tahnks in advance!

@johnpoz:

So your problem is your sshd has some sort of timeout when it gets hit X times with fail login..  Seen them quite often where possible login gets delayed for X number of seconds after failed attempt.. So sure failed logins can amount to what seems like a dos..

You could change ports would be what I would suggest.  Standard 22 would be best..

On 22, thousands of script-kiddies are knocking. Even more than on some random p2p-port. This is why I changed ports.

I don't see what changing to VPN would buy me. The ricochet packets would arrive at the VPN port instead of the sshd-port.

Or some odd port that is not random high.  You don't normally see p2p traffic on such ports like say 42 or something.

Isn't 42 used by WINS? I'd exepct even more script-kiddies playing with WINS…

As everyone I see lots of hits to 22, but I do not have 22 forwarded or open to the public.  Only vpn ports. 1194 and I run on tcp 443 as well.  This gets some hits sure - but far and few between that are not me logging in..  In the last 2881 hits on the firewall I see 12 hits to tcp 443 that was not me..  And to 1194 I see a whole 1 hit that was not me for udp that was allowed, and 1 that was blocked on tcp.

Really? Nobody trying to break openvpn?

@JRA:

Recently we've been getting some password brute-force attempts at the website itself, and I'd like to know the IP address they originate from so I can block it.

Ask the 'varnish' admin, or even better : the web server admin. These have extended logs (normally) and they will show you the IP of the offending clients.
If you use the "good old web server setup" then blocking becomes easily.

Hi,

I just visiting forum today and I wanted to get an answer setting up my pfsense box which I will make few days later. I am looking for how I connect fios internet which now connecting with coax cable.

I don't know you saw one of diagram with explanation; https://nguvu.org/pfsense/verizon/pfsense-verizon/

In order to open your web server, you have to know your server ip and should be port forward 80 and 443 that server from the firewall setting.

I didn't setting my pfsense box yet and I have to call verizon for asking switch my internet router coax G1100 to pfsense cat 5 that I know. Once connect internet from verizon then you make dhcp service from pfsense and then you got the ip for server and open, it should be Ok.

I didn't setting vlan for server and other computers yet but maybe you know better how to separate network for different services.
I saw few explanations in the youtube with diagram. Good luck to you.

My collega has found out it should be "pfctl -F sources"

Or see if the file is still in /var/db/aliastables/

How to to view the log of the day? clog don't report!
But in quality's graph I've found an incremet of delay.
More, I've found in system.log many of this row:

Sep 27 11:17:21 pfSense ntopng: 1506503841|1|3|10|Probing or server down: AP13-AulaMagna.localdomain > edge-mqtt-shv-01-mxp1.facebook.com [TCP 192.168.1.196:64182 > 31.13.86.2:443 [proto: 0/Unknown][9/0 pkts][702/0 bytes][SYN]]

what it means?
I've found this quality's graph in monitoring
thanks

quality.jpg
quality.jpg_thumb

Depends on the switch.

On pfSense it is in Interfaces > Assignments, LAGGs

So there's no way to know but to try it.

As has been said many times, it might or might not work. Want to process dot1q? Use a dot1q switch.

Uhm… https://support.microsoft.com/en-us/help/17472/windows-internet-explorer-11-fix-site-display-problems-compatibility-v