well I manage to get major hosts of iDevices ! and to make none mistake alias``` 17.130.137.73 17.130.137.75 17.130.137.79 17.134.62.129 17.142.164.50 17.154.66.11 17.154.66.54 17.154.66.67 17.154.66.69 17.154.66.74 17.154.66.108 17.154.66.109 17.154.66.110 17.154.66.124 17.154.66.125 17.154.239.50 17.154.239.54 17.158.28.8 17.158.28.14 17.158.28.17 17.158.28.21 17.158.28.25 17.158.28.36 17.158.28.37 17.158.28.48 17.158.28.49 17.158.28.50 17.164.0.36 17.167.136.28 17.167.137.30 17.167.140.64 17.167.146.36 17.167.146.37 17.167.150.74 17.167.193.60 17.167.193.61 17.167.193.64 17.167.194.234 17.167.195.58 17.167.195.66 17.171.71.105 17.171.75.198 17.172.208.47 17.173.66.82 17.173.66.84 17.173.66.133 17.173.66.134 17.173.66.135 17.173.66.136 17.173.66.144 17.173.255.107 17.252.27.248 23.44.244.118 23.44.246.52 66.235.135.144 82.166.201.169 88.221.154.217 88.221.155.205 92.122.12.93 92.122.15.163 92.122.214.57 184.29.70.224 217.12.15.152

You are missing a local group with assigned privs on pfSense box. https://forum.pfsense.org/index.php?topic=44689.0 Also, if you want to query a particular LDAP group only, fix your extended query: https://doc.pfsense.org/index.php/LDAP_Troubleshooting#Extended_Query

The challenge with trying iperf is that I have to reconfigure some things to test it. I am currently router-behind-router with a twist. The Motorola NVG589 in front of my pfSense system has a hybrid NAT as well as public IP, because I am paying for multiple IP addresses. So I have 5 IPs on the public subnet and then a private 192.x.x.x subnet. PFSense sits on one of the public IPs and I can use VIPs for the additional and NAT them in to a given host. The issue is putting iperf out on one of those 192.x.x.x IP addresses, between pfSense and the AT&T router (actually sitting next to pfSense, but "outside" my firewall). iperf can generate only 10's to 100Kbit/s in that situation, from inside my LAN to that immediate WAN before the AT&T router. I can get better iperf performance to a system I have at a colocation than a system sitting on my Motorola router just outside pfSense! So to test my pfSense router I'd have to reconfigure it entirely, do the test, and then put it back so my family can get their internet back :)

Hmm, looks like it's correctly finding and reading the tjmax value from the CPU then.  :-\ Those license warnings are nothing to worry about. You can add the ack values to loader.conf.local to make them go away if you want. Steve

You are right, 2.1.5, I did accidentally hit the 8. I haven't updated to 2.2 yet because when I did I was having issues with packages not working or installing so I thought I'd skip for a little while and wait for things to catch up. Internet is 25Mb and it get's 100% saturation though I'm not exactly sure why while my LAN is only pulling 3 to 10Mbps. Last night when I was looking at what was saturating the connection it seemed squid was pulling from wxdata.weather.com and www.google-analytics.com while at the same time I was trying to get some iso's downloaded though I was only getting about 200 to 300KB/s (2 to 3Mbps) but my internet connection was 100% saturated. I'm not caching to RAM. I'm actually caching to the drives in the server. I figured I might be able to increase hit rate by keeping the cache around longer. I am also aware of the cache exclusions under the "Local Cache" and have been adding to it slowly. I'm just wondering why it seems like squid is trying to download the whole entire site. I had this exact same thing happen at a client's place. One of the accountants ran an update for QuickBooks and squid saturated one of the internet connections and was downloading from the QuickBooks update server. It seemed like it was trying to download ALL the updates, not just the one.

@Kartoff: Hello again, I have little question i cant find an appropriate answer in search… I have pfsense with NAT and port forward active and i bought a domain... When i type "x.x.x.x:port" i end up where is supposed to go behind a NAT and it also work with "something.net:port" But i want "x.x.x.x:port" to be resolved as "something.domain.net" so when i type "something.domain.net" to reach target machine behind NAT... Can this be done ? Thank you :) So for example, you might have a webserver or other similar site you are trying to host but your ISP blocks port 80… so you set up pfSense with a NAT to forward port 8888 (for example) to your internal web server's port 80... and now you want www.mydomain.com to resolve to your WAN xxx.xxx.xxx.xxx:8888?? When you type www.mydomain.com:8888 the website resolves however when you type www.mydomain.com[without a port number] it does not resolve? This is because without specifying a port basic http protocol uses port 80 and it seems that you or your ISP do not allow access to port 80. I think that's going to be at your external DNS provider. I know that freeDNS does not offer that service however some paid services do. I believe that this is something outside of pfSense. OR You could get a business class connection with static IP that has no ports blocked to you. Call your ISP. I would bet they tell you that the port you are trying to use is blocked to retail customers.

https://forum.pfsense.org/index.php?topic=87700.msg482549#msg482549

you'll have to change the pfsense webgui to different ports if you wish to portforward 80/443

High end switches support multi-pathing for the layer 2 and can fail an interface when errors start to happen. The original question asked how to fail over "like the WAN". The issue is easier on the WAN because you just say "This route is bad, fail over to another route". The problem with the LAN side is you have only one route. Clients have only one gateway, that is one route. That is a layer 3 issue. LAN failures is a layer 2 issue. It's best to handle it at the Layer 2, which is the switch. I'm wondering why an interface would have loss and why failing over would fix the issue. There is a "raid 1" for Ethernet. I forget the protocol name, but packets are duplicated on all interfaces in a group.

on most firewalls this is called vpn passthrough. any ideas? Thank you!

Thank you so much for your kind and helpful response. No CD or DVD in the drive so I shall ignore the warnings as you suggest. Btw, I just love pfSense.  :)

We don't have that capability in pfSense, but if you send the syslog messages to a remote server, there are likely other dedicated monitoring packages that do support such notifications.

You could use rsync to copy the file(s) from firewall to firewall, assuming you have the right ports open across the back of all the systems: https://www.freebsd.org/doc/en/articles/hubs/index.html

@cmb: The routes are handled by each side on its own with shared key, fill in the "remote network" on each end accordingly. With SSL/TLS, the server side can push route(s) to the client but they're still required on the server side. Ah, I see. All working now. Thanks!

Thanks so much for your reply heper.  I am going to try that out and let you know if it works. Much appreciated.

have you set your interface rules for the wifi network?

Are you using proxy?  Are you using portal?  Do you have snort installed?  is your wireless part of pfsene or a stand alone AP connected to pfsense on its own segment or same segment as your lan? I can tell you have 2 iphones, 5c and 5s and ipad none of which have any problems grabbing new apps from the store, or updating existing apps, etc..