1. Home
  2. pfSense® Software
  3. General pfSense Questions
Log in to post
Load new posts
  • D

    IP alias or CARP

    2
    0 Votes
    2 Posts
    787 Views
    A
    I assume you mean VirtualIP as IP alias means something different in pfSense. Only thing I can think of is check your NAT/Firewall rules as I cannot think of any good reason why a VirtualIP would perform any different to the main IP.  Its just another IP address assigned to the same interface, nothing special about it.
  • B

    Checking Squidguard's Adblocking

    4
    0 Votes
    4 Posts
    1k Views
    J
    I find using PFblockerNG DNSBL does a better job of blocking ads. I know this is not what you asked but it might be another option for you to consider :-) Cheers Jamie
  • B

    Rules on physical interface or on each VLAN

    5
    0 Votes
    5 Posts
    1k Views
    jahonixJ
    Your physical WAN and LAN interfaces are only the parents to your VLANs, right? Then you have to filter on the vWAN1/2/3 and vLAN1/2/3.
  • M

    [Resolve] Wrong wan ip with pfsense

    6
    0 Votes
    6 Posts
    2k Views
    chpalmerC
    Glad you got it working!  :)
  • B

    Setting hostnames for Android devices

    2
    0 Votes
    2 Posts
    780 Views
    B
    https://forum.pfsense.org/index.php?topic=91074.0
  • B

    WAN with STATIC IP not working, fine with DHCP?

    6
    0 Votes
    6 Posts
    3k Views
    B
    An ISP tech came out here but he of course had no idea what the problem was… verified the WAN worked with a TPlink router set to the static IP. I'm going crazy trying to figure out what is wrong. I reinstalled pfsense, my last attempt the WAN connection worked for about a minute after turning off the modem, setting the IP to static on pfsense, then plugging the modem in. Currently spoofing the MAC of a Cisco router. On a machine on the LAN I had a continuous ping of 8.8.8.8 running. I ran a packet capture on the pfSense WAN interface during this whole process until I lost connectivity. I saw TCP application data, DNS response, ping replies, NTP exchanges, ARP broadcasts and replies, etc. Everything working fine. 40s into the capture it stops behaving and it shows nothing but DNS queries, ARP broadcasts from the ISP Router, ping requests, some TCP retransmissions... Right before I stopped getting ping responses for the gateway it ARPed for the static ip 5 times, once every ~30ms. pfsense responded immediately to each arp with the spoofed MAC as it did earlier in the capture. For the next 2 seconds I got 2 ping replies and then nothing.  :'( :'(
  • U

    WAN auto-negotiate incorrectly

    9
    0 Votes
    9 Posts
    4k Views
    U
    I put a Netgear GS110TP infront of my pfsense box as described above. I couldn't get an IP, everything negotiated properly, but no IP. I don't adding a switch will work, maybe a hub but I don't have access to one at the moments. Last night I installed sophos overtop of my pfsense on the same hardware and what do you know it negotiated properly and gave me an IP when plugged directly into the ONT. So I'm kind of sad that that worked so I popped in a different drive installed the latest pfsense again from scratch and it still came back with 10mbps :-/ This is mind boggling… NICs I've tried: HP NC364T PCI Express Quad-Port Gigabit Server Adapter Supermicro AOC-SG-I4 Supermicro X8DTU-F Onboard NICs I guess I'll use Sophos for now until pfsense releases v2.3? My family can't take anymore router downtime. Thanks for the suggestions!
  • B

    DNS_PROBE_FINISHED_NXDOMAIN the first time i open any link.

    Locked
    6
    0 Votes
    6 Posts
    8k Views
    B
    @virgiliomi: The first thing to check, like mer said, is that your computers/clients are using pfSense for DNS (if they're using DHCP, they should be, but check to make sure). However beyond that, I offer a different possibility for the cause of your issues… I think that your problem is likely caused by pfSense's DNS Resolver taking too long to look up the IP address for a site, causing your client to time out the first time you try to access the site. The second time is successful because by that time, the result for the first request has been resolved, so pfSense knows that IP address now and can provide it to your computer. If you have 800ms latency on your connection, then recursive DNS (the default configuration for pfSense) is NOT what you want to be doing. RDNS has your server start at the root for a domain - i.e. .com, .org, etc. - then recurse through the name requesting info from each DNS server along the way. With the latency you have, you're looking at a response time of at least 1.6 seconds just for a standard domain (i.e. google.com). The progression of recursive DNS goes like this: .com -> google.com -> www.google.com = x.x.x.x The faster way would be for your pfSense box to forward a DNS request to another DNS server that can do all of the heavy work faster, and just sends you back the IP address you need. So when you look up www.google.com, your request goes to just one DNS server, not two or three different ones spread around the internet. My recommendation would be to find two DNS servers that are quick to respond for you, put those servers in System > General, then turn on forwarding and see if that improves your situation. You can either go to the DNS Resolver settings and check the box to enable forwarding mode, or you can disable DNS Resolver and enable DNS Forwarder (make sure you follow that order). Sorry i missed your post i had given up on this. Im pretty sure your rite about the cause but unfortunately the fix you suggested did not work. Although now it says "ERR_NAME_NOT_RESOLVED" before loading a few seconds later. And It may be my imagination but it dose seem to be a little faster now. I wasn't able to get the DNS Resolver working with forwarding so im using the DNS Forwarder.
  • A

    Manual l2tp service restart

    2
    0 Votes
    2 Posts
    615 Views
    A
    plz it's important …
  • D

    Alix board - perl exited on signal 4

    3
    0 Votes
    3 Posts
    828 Views
    C
    That's the nature of PBIs, which are gone in 2.3.
  • RangoR

    Can't ping any internet ip from pfsense box. Gatway

    2
    0 Votes
    2 Posts
    744 Views
    M
    Given the wealth of information you've supplied, it could be almost anything. Before you start changing anything more on your firewall have you consulted with Comcast to see if there might be anything wrong with your line out?
  • P

    After power outage cannot connect

    6
    0 Votes
    6 Posts
    2k Views
    P
    @cmb: Ok that rules out the IP conflict theory. What type of WAN do you have, DHCP, PPPoE, ? My next guess is something to do with the WAN not connecting (because the modem hasn't synced up/connected yet) is hanging up PHP, which prevents the web interface from working. I have Cable DHCP I'm thinking maybe your explanation is the only logical one. But I shut the power off and then back on. and left everything for 30 minutes, and I still could not log into the PfSense box, could ping it but not log in and no access to internet.
  • T

    How to access clients that belong to different networks?

    5
    0 Votes
    5 Posts
    2k Views
    T
    thanks for the response, and sorry for having not thanked you guys promptly. Been busy at work, not having much time to play. I understand the AP is easiest and simplest set up. The reason I am using this setup is because I like second router's simple parental control and DNS filtering presets. With AP setup, I have to use pfsense proxy. It is not inyuitive, and I am not sure it is reliable. By the way, the second router is a Netgear R7000 running Asus firmware, merlin variant. This is only for the kids. I have another Access point for the rest of the family. I will review all the responses and play a bit more.
  • E

    Virgin Media L2TP for Static IP's

    3
    0 Votes
    3 Posts
    1k Views
    E
    Hi Chris Really sorry mate, I've not cracked the L2TP with VM's 5 static IP service in modem mode. I pissed and moaned with my best pseudo-litigious vitriol but the best they have done is put me on the trial for the new firmware that supposedly fixes the issue. In fact, for all I know it's probably fixed by now - new firmware appears to be pushed to the box without end user interaction. I'm currently using virtual IP's and 1:1 NAT and that works fine. If your VM box is locking out the lan ports and needing a reboot every couple of days or less, call VM and ask when they're getting the new firmware rolled out. Calling this a business grade internet connection is a joke, the whole point of us paying for static IP's is so we can host stuff from them! It's piss poor that the hardware we have been locked into using is broken. This year I'm going to consolidate all of my isp's/hosting/telephone lines and buying a 100mb leased line it's 400 quid a month but I spend nearly that already and when one or all of these things breaks we, as a company are left bare arsed…
  • G

    APCUPSD on Alix2d13

    1
    0 Votes
    1 Posts
    783 Views
    No one has replied
  • P

    Dynamic vlan

    10
    0 Votes
    10 Posts
    3k Views
    johnpozJ
    You have 3 different networks running over the same Layer 2 sounds like to me if your bridged the 4 nics in pfsense..  That is BROKE setup!!! plain and simple. You can still use the 4 nics each on their own network/vlan or you can lagg them together and connect 4x1g to your switch and then run your vlans on this lagg connection. Since you running different Layer 3 over the same layer 2 you have no real idea if the client are talking to pfsense and then hairpinning to talk to client, or if the traffic is just sent to them directly because they find out the the mac is and just put the traffic on the wire.. Sounds like you have a complete MESS on your hands if you ask me..  If you want to run multiple networks, then these networks need to be different layer 2..  Be it on their own hardware or using a switch that does vlans.  If you want users to be on different networks/vlans based upon their username and password, etc. etc..  Then need to have a switch that can do dynamic vlans, and AP that support this as well.  Not all AP support dynamic vlans based upon auth. Heading out the door - but be happy to post a typical drawing for you to look at.
  • R

    How to configure WAN with DHCP and static IP gateway for multiple ip addresses

    4
    0 Votes
    4 Posts
    2k Views
    ?
    The provider (google fiber) requires the following - You'll need to obtain your IP address via DHCP in order for your service to work. Did you get rid of this problem? They then assigned 6 IP addresses with the first being the gateway address.  xxx.xxx.xxx.9-14 I yould try out the following; at the WAN port using static IP address and set up xxx.xxx.xxx.9/29 and the other 4 IP addresses with 1:1 NAT to the servers inside in the DMZ With the wan set to DHCP where do I enter the gateway static IP address? Someone told me that you only must use DHCP and the first assigned IP address is then the gateway IP address and the other 5 IP address would be able to set up to the servers in the DMZ over 1:1 NAT. My other two units had wan static ip addresses which was a simple setup. Likes me too, but I am interested to this question too.
  • A

    Server @malaysia but cannot connect here @ph with Pfsense

    3
    0 Votes
    3 Posts
    717 Views
    A
    @asistio04: I'm Kinda noob here and company server is located @malaysia so the problem is when we are pinging here ph to malaysia it is ok, but when malaysia to ph, the tracert cannot be completed it always display "Request time out" will vpn will solve this to redirect all connection in our static i.p?
  • C

    [HELP] pfSense VLAN over ADSL - Advanced Setup.

    8
    0 Votes
    8 Posts
    2k Views
    C
    @johnpoz: So it has dual ports built in right?  So you have 1 for wan and 1 for lan.  So you really only need a dual port card to add to its 1 slot that available.  That would give you your 3 wan you need an 1 lan. So I see this off the ebay.my site http://www.ebay.com.my/sch/i.html?_from=R40&_trksid=m570.l1313&_nkw=Broadcom+Dual+Port+1GbE+NIC&_sacat=0 84RM is only $20 USD… I would think that has to be a decent price...  That top one has free postage even, the 2nd one is 30RM postage... Even with the postage these prices would seem reasonable to spend. Those 5709 nics seems to be on the list of compatible cards http://www.dell.com/us/business/p/poweredge-r210/pd Dear johnpoz, Thank you sir for your respond and the link that you suggested. I did my research on the compatible cards and i found a good list of candidates and it should be no problem for me to order and purchase it. 84RM is a good deal considering that it's a dual port, most of the dual ports here costs at least 250RM and above. Anyway thank you again sir.
  • A

    Help with Command Line - Generate Internal CA

    2
    0 Votes
    2 Posts
    623 Views
    jimpJ
    At the moment we don't have a way to generate user certs from the command line. It may not be terribly hard to script for a one-off thing like you're doing, but making a more generally useful script that could be included in the firewall is much more difficult. Even so that only gets you part way there as you'd still have to export them from the GUI, which is much more difficult to automate.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.