Given that there is no "UserParameter=" tags in the installed zabbix_agentd.conf I have to assume there would be no magic template to do this unless the agent has been specifically compiled with added sources to accomplish something above and beyond what the standard FreeBSD agent provides, meaning that there probably isn't anything discoverable beyond the regular "Template OS FreeBSD" that comes with a Zabbix Server install. So then, the other question would be, does the zabbix_agentd.conf file or more importantly, I guess, the entire /usr/local/etc/zabbix22 directory survive a significant version upgrade?

@NOYB: Think you are in luck.  I have done this dual router (pfSense and FiOS provided router) before.  Here are a couple possible methods.  I have successfully used both of them.  It's a bit complex, but it can be done.  Both  methods outlined below require FiOS Ethernet service rather than MoCA (COAX).  By the way is this for Verizon FiOS or Frontier FiOS? Method 1:  The most desirable (IMO) Configure a switch as follows. Port 8: PVID 99, Member VLAN 99, Un-Tagged; Member VLAN 98, Un-Tagged, connect to ISP WAN Ethernet Port 7: PVID 98, Member VLAN 99, Un-Tagged, connect to FiOS router WAN port Port 6: PVID 99, Member VLAN 99, Tagged, connect to pfSense WAN port Ports 1-5: Default (optionally 98 can instead be 99 also) Method 2: How Can I Run Multiple Parallel Routers https://www.dslreports.com/faq/16949 https://www.dslreports.com/forum/r27210694-FiOS-Dual-Router-Separated-Computer-TV-Service-Networks Use pfSense WAN DHCP Advanced configuration options to impersonate the FiOS router's DHCP.  Also clone the MAC address so pfSence has the same MAC address as the FiOS router. Does remote DVR work with both of these methods (granted I know I need to forward the correct ports)? Also, for method 1, do I need a switch that supports VLAN Trunking? I bought a Dell PowerConnect 2716 switch, but I dont think it supports trunking. Can you confirm if this managed switch will work? Thanks!

@kpa: The LAN interface works just like it would without the VLANs. The VLANs are transmitted on the same wire but the ethernet frames have the appropriate VLAN tags in them. I'm not sure what you mean by "trunking" though. Cisco (and a few other vendors) uses the term "trunking" to refer to an interface that carries VLAN tagged frames from multiple VLANs, which I think is were the confusion is coming from.

@Derelict: I don't see how the release of a bunch of email addresses has anything to do with the fact that it was letsencrypt that did it. It's less damaging than, say, adultfriendfinder. Was a rookie mistake though. I do hope they are more careful with their signing keys. This is really all I was attempting to say.  They need to get a lot better at operations (including opsec) before they're to be fully trusted with what they're attempting.

I have a rule in LAN, TCP/UDP with limiters. In traffic shaping -> limiters, i have a limiter with 2mbits and mask in "source addresses", and /32… i attach jpg image with my config. Not found, no apply for per host, apply limiter to all network :( [image: limiter.JPG] [image: limiter.JPG_thumb] [image: rule1.JPG] [image: rule1.JPG_thumb] [image: rule1.1.JPG] [image: rule1.1.JPG_thumb]

Yes it possible. Look for CUPS package thread https://forum.pfsense.org/index.php?topic=44941.msg624923#msg624923 for example.

Hi Kulpreet, iirc , this is related to that a backend is not 'fixed' to the frontend connection when using http. The server side can be closed and another opened while the client remains connected. If you would choose a different httpclose option mode like 'http-tunnel' you likely would see the server, but beware that tunnelmode doesn't process headers after the first request through a connection.. Regards, PiBa-NL

Yeah - install samba and share it.  Attach a printer and a hard drive with a bunch of movies on it and share that too. (I think its a bad idea)

Think I've answered my own question, I think it's multicast and broadcasts. I did try a packet capture on the LAN & OPT1 interfaces but I see everything.

Never mind the right google search has set me free.. lol This works really well.. https://forum.pfsense.org/index.php?topic=33218.0

@w0w: You should try to run without wifi. I will. After several tries, including a partial upgrade to v2.3.1_1 (due to the "pfSense-Status_Monitoring-1.4.1_1.txz: Not Found" error) which has generated a big increase of MBUF Usage, I have decided to reinstall v2.3.1 from scratch and make a complete Backup/Restore. I notice a big increase of the MBUF buffer size (247804 instead of 26584 on a pfSense upgraded from 2.2 to 2.3). I'm now with 12h uptime, and MBUF Usage is still correct (classic 1520->1776). I keep you informed.

@nicholfd: Thanks for your feedback. I thought my question was more "generic" is why I didn't include more details.  The question was meant to ask why, in general, one method might be better than the other (trunking VLAN's to pfSense vs. separate VLAN to pfSense/). Thanks, Frank Then you'll want a hybrid approach as I mentioned. You don't want to try and route very high bandwidth traffic use cases through the pfSense box if the Brocade can help route it. E.g. Servers to networked storage. Let the Brocade do VLAN (L3 routing) and apply ACLs accordingly there. For traffic that needs more isolation/ protection, let pfSense handle the firewalling with a VLAN interface (so called trunked to pfSense). Note that certain networks don't even need to be routed in many cases. Typically, your SAN will ride on iSCSI and those networks don't actually need an internet gateway of any sort. If you do actually need internet access on those networks for any reason (obtaining firmware updates etc), then add a pfSense VLAN interface on that network and apply firewall rules + NAT. I don't recommend this approach though. You should always download and check the updates onto a system that is direct attached to the storage networks and use it to apply the updates to the units.

Can anyone help on this as not able to get any connection to anywhere  via vlan!

.

can you please explain to me? :)

Thank you for reviewing the crash report. All of the schedulers in my traffic shaper are set to CBQ and none of them have the "CoDel active queue" setting enabled. How do I determine if CoDel is being used and how do I disable it if it is?

At the moment I'm using an old ThinkPad laptop with the addition of a USB ethernet NIC which only supports 100Mb, the onboard Intel NIC does 1GB, so there is obviously  a bottle neck. I've been looking for a 1GB USB NIC which FreeBSD supports but have been unable to locate one. I do have both USB and PCMCIA 1Gb NICs but can't find drivers for them… Incidentally, is there any way to measure performance of my pfSense box?