Hmm ok sounds good! Thanks for the information, I've done the upgrade on my machine but I think it borked the box since most of my services or stopped and it still says "packages are being installed do not make any changes to the GUI". I might just have to do a fresh install which doesn't matter really since I backed up my config but it's strange that the upgrade didn't work. Thanks again!

Thank you all, now I understand the functioning. and a double thanks to dennypage for dpinger  :) Fabio

@cmb: Seeing it blocked in the firewall log? Go to Diag>Tables and pick that alias from the drop down, does its contents look correct? Looking the log, the firewall it is not blocking… The tables it is correct. Rede_monitorada Table IP Address 192.168.5.1 192.168.5.2 192.168.5.12 192.168.5.251 192.168.5.252 192.168.5.254 I just made another test changing the IP of the monitor alias to 192.168.52.6 and 192.168.0.11 and it was like I have done anything, I still can ping and connect to other machines, except the .2 [image: rules.png] [image: rules.png_thumb]

In normal you set up the pfSense and then behind the pfSense firewall you set up a syslog server that is collecting from all switches, WiFi APs and other devices including your pfSense firewall the syslog files. A common way is then to create a VLAN with the Syslog server inside and nothing else as a member and only able to connect from the admin console (your PC or Laptop or Mac) or the admin PC. And then the syslogs will be stored there encrypted that no one is able to short them or delete lines that are revealing his illegal presence perhaps as an example. So you can be sure if you see something inside of that files it is real and existing. If more then one device will be sending such log files to a logfile server you should know that they should be on the same time, so a internally NTP server that is giving all your switches routers and firewall the exactly same time is really useful. Otherwise and if something occurs you must doing a lot of math to be able to read and understand them. And at last it would be nice to set up a small firewall as a syslog server so the first safety line is the separate VLAN (sniffing) and the second one is then then firewall with rules and perhaps snort inside! Easy to deploy and use! A good job for older pfSense hardware to spend them a really second life for many years. And a descend HDD/SSD is cheap to get. But sending encrypted logfiles is not so common and with what it should be decrypted when the firewall is or was compromised or failing?

I use different methods for the auth. and also for different groups of users. wired privat LAN clients over a OpenLDAP server (NAS) wireless private clients over a Radius server with certificates with out client isolation wireless guests clients over the Captive Portal with vouchers & with client isolation Each in his own VLAN.

(Work PC, Printer) VLAN10 2. iMac 7. Airport Time Capsule VLAN20 3. AppleTV 1 4. AppleTv 2 5. AppleTv 3 6. DirectTV Xbox One DMZ or VLAN 30 or each in his own VLAN 8. pfSense Box As it is. Netgear GS716T-300NAS Pending on the configuration and set up and for sure all can be different and changed against each (devices) other it would be better in my eyes to go with 2 other switches but much more according to that set up with a DMZ. Otherwise it can be really useful to go with one bigger switch that is capable of VLANs, QoS and real strong in performance such as a D-Link DGS1510-20 or Cisco SG300-20 and without a DMZ but each in his own VLAN and the siwtch is routing then the entire LAN workload. More cost for sure bit nearly wire speed for each device and routing is done by the switch and not the pfSense firewall to free it for other packets. [image: cf_murph.jpg] [image: cf_murph.jpg_thumb]

That's what happens when you have an auto-update URL hard coded to the wrong place (usually restoring a config from 32 bit system where it was hard coded to a 64 bit system later). If it's left at defaults, it'll never change architecture. System>Firmware, Updater Settings tab, uncheck "Use an unofficial server for firmware upgrades". Going forward, it's not possible to switch architectures once you're on 2.3.

This issue was resolved by making the changes in /etc/inc/interfaces.inc posted by stephenw10 here https://github.com/stephenw10/pfsense/commit/c821a915b1228ed734a6439d816d4ab04590e8cb After a reboot, traffic is now passing correctly across the QinQ VLAN.

Hi Thank you for the reply, After yesterday trouble shooting over and over i first verified with syswatcher to see if im getting the logs which i was so as soon as i saw that i knew it was ELK the issue. As i thought instead of looking over it i just formatted ELK but instead of 5140 i changed logstash to 5144 and its working flawless Thank you again

Not amused! Ok i am a old network administrator who uses mrtg/rrd since 20 Years or more.  Many Eyecandy monitoring comes and goes in this time. But i am trained to see some problems or irregulate stuff out of a bunch of graphs. Yes the new graphical interface is nice. But i prefer the old overview.

Thanks everyone!! These are all great suggestions. As of right now I have pfsense doing everything and the internet is up and running which makes the wife and kids happy. I think I will try having the 3750g do dhcp in the future along with my 3 vlans but for now I will let it function as is. The first thing on the agenda is to get my media server working again. Have any of you used finch? Thinking about trying to get Pfsense and Plex on the same box. Or building a new pfsense micro router and using the existing hardware for my plex. Any suggestions?

I was seeing the exact same issue on a newly upgraded 2.3 box. It appears the script must now run as root vs. just running as an admin user. I already had the 'sudo' package installed on the box so once I added 'sudo' to the beginning of my previous check command, it works perfectly.

Using interface_bring_down() followed by interface_configure() on the interface will change the IP addresses of the interface, but there's so much mopping up to do afterwards that a reboot is really your only option. pfSense was not designed to be reconfigured from a command line interface. If you're curious, look at the if ($_POST['apply']) { } block of /usr/local/www/interfaces.php (line 441 onwards in 2.3).

Can any of the current pfsense boxes hand 1Gbps throughput? The SG-4860 is able to do so and 500+ MBit/s of IPSec throughput too! It's not a pps thing. No we are talking about real MBit/s. I'm going to be using good old ftp to transfer stuff. You should swap over to S/FTP or FTP/S soon as possible, the FTP protocol is one of the unsecured ones you would be able to use and FileZilla is free of charge as server and client software and vsftp too. It's only 3 hops away on a 10Gbps link. I will be running snort. I do run OpenVPN at times. That will be no problem. Just trying to get a gauge of what sort of hardware I need.  Be it the stuff pfsense sells or white box stuff. Both will be able to serve your needs for that. The budget will be mostly let it more then often fail or make it worth to discuss more about.

Nobody have an answer for me here? Not some hints? Something to try? Names to call me? Sheldon

@randyruiz: To add a further data point. I have a centos 7 vm spun up on the same host using virtio drivers going out of the same MACVTAP interface. This centos vm is giving me 970Mb as measured by IPERF in throughput. So this points further to freebsd and pfsense as where the problem lies. you might try changing rx offloading off as well (so rx off) and see if that gets the rest back, although usually only tx off is required. But yeah Freebsd is one of the outliers right now that drops these unchecksummed packets, most other OS'ses handle them without issue Of course make sure you're doing the tx/rx off for both the pfsense wan and lan virtio adapters not just one. If that's still not doing it I'd monitor cpu usage inside and outside of the VM and see if you're not hitting a bottleneck elsewhere Sorry I can't be of more help as I've never used KVM before. You might get more KVM specific help if you ask in the virtualization subforum

The rate output is, and always has been, a little odd in that regard. It doesn't necessarily show everything depending, and doesn't show IPv6 at all. It's good for seeing when a specific IP is sending a lot of data. Beyond that, it's never been useful for much. The actual graph data is correct and includes IPv4 and IPv6, that pulls from the NIC's counters.

Install a browser extension like RefControl that lets you disable the HTTP_REFERER header on the browser, then login by IP address as usual.