@robinsonjas i have a same issue if you find something please let me know. thanks

Or maybe it's something more. I can't finish installing packages. It always stops at "Writing configuration... done." After a reboot I'm able to install the next package. Just very wonky ever since going from 2.4.4 to 2.4.5. The config.xml should be compatible.

For starters I wouldn't allow camera access from the public internet in the first place... If you want to view your camera's while your outside your network - vpn in... And then just hit them via their local name or IP.

Thanks guys, these are quite old patches, that are now included in the build I currently have which is 2.4.5-p1, I will make a backup of the files, then click the delete button, and run a diff afterwards to verify its ok. :) A patch I will still have on has already been accepted and pushed in to 2.5 so that will be one I remove in future as well.

Open a feature request here if there isn't one already: https://redmine.pfsense.org/ There may well be somethinh covering that open though Steve

Yes, the ntpd daemon is not the same as the ntp client. Yes, the server listens on all interfaces by default but that's not a problem unless you are allowing ntp traffic into WAN with a firewall rule. Steve

@stephenw10 Thank Steve for your reply. Switch 2 was connected to igb2 and was not communicating. DHCP works correctly for both vlan1 and vlan67 on Switch 1, which connects to igb1. I had added rules to both LAN (bridge0) and WiredLAN2 (igb2) to log any rejected events but there were nothing when Switch 2 was plugged in/out igb2. Worst still, I started to observe about 0.5% errors out in LAN interface even with igb2 open. Snort was not reporting anything on LAN under the bridge config. These 2 factors are enough for me to pull back from this bridged config. Thanks again for your advice anyway.

@stephenw10 said in Tagged & Untagged traffic on a LAGG interface: There is a while thread on here about a switch that does just that. I have one. That is a well known defective switch. TP-Link had the same problem with an access point as well. I haven't heard of that happening with any other brand. Again though, if you're running VLANs on a LAN, you're still going to need untagged to talk to many devices that do not work with VLANs. BTW, you can do what I did with my TP-Link switch. I configured it as a data tap, where that tagged VLAN problem is not an issue.

Yes, it is official, I am stupid! I use limiters and I had them also acting on my LAN interface! I've now updated the relevant firewall rule to only apply when "destination NOT LAN net." With that change, iperf is now back to normal. Connecting to host 192.168.7.1, port 5201 [ 5] local 192.168.7.2 port 58164 connected to 192.168.7.1 port 5201 [ ID] Interval Transfer Bitrate Retr Cwnd [ 5] 0.00-1.00 sec 74.1 MBytes 622 Mbits/sec 0 840 KBytes [ 5] 1.00-2.00 sec 70.0 MBytes 587 Mbits/sec 0 1.53 MBytes [ 5] 2.00-3.00 sec 70.0 MBytes 587 Mbits/sec 0 1.70 MBytes [ 5] 3.00-4.00 sec 71.2 MBytes 598 Mbits/sec 1 1.24 MBytes [ 5] 4.00-5.00 sec 70.0 MBytes 587 Mbits/sec 0 1.37 MBytes [ 5] 5.00-6.00 sec 70.0 MBytes 587 Mbits/sec 0 1.47 MBytes [ 5] 6.00-7.00 sec 70.0 MBytes 587 Mbits/sec 0 1.55 MBytes [ 5] 7.00-8.00 sec 70.0 MBytes 587 Mbits/sec 0 1.61 MBytes [ 5] 8.00-9.00 sec 70.0 MBytes 587 Mbits/sec 1 1.18 MBytes [ 5] 9.00-10.00 sec 70.0 MBytes 587 Mbits/sec 0 1.26 MBytes - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate Retr [ 5] 0.00-10.00 sec 705 MBytes 592 Mbits/sec 2 sender [ 5] 0.00-10.02 sec 703 MBytes 588 Mbits/sec receiver iperf Done. Thank you @johnpoz @stephenw10 for the hints and setting my mind on the right path.

Then the safest and fastest thing to do is backup your config, install 2.4.5p1 clean and restore the config into it. Steve

@chrcoluk I did try that. Nothing, unfortunately, another ticket that I didn't was a restart to factory defaults.

@nbctcp said in SSH admin password should be the same as web admin right?: Could pfsense using port knocking like linux did? I mean telnet other port 3x then it will open port 22 Way back - like last century, I used such a method to gain access to private resources, while published on public networks. It worked well. These days we have (Open)VPN ;)

Hi @ACNiC - I've got a similar setup as yours with Pi-hole as the first DNS server and pfSense upstream. Avahi works just fine and I've never had any trouble with mDNS even with the IoT devices (such as Google Chromecasts, etc.) located on a different network segment than other devices. Couple questions: What exactly do you mean by "casting is not working"? Is is that you can't see / connect to e.g. Chromecasts from a device in a different network segment? Are your firewall rules setup properly to allow the necessary traffic to flow between device and IoT network so that casting can work? What options do you have checked under "Advanced DNS Settings" in Pi-hole? Hope this helps.

@serbus what command in php shell to reboot webconfigurator because I don't want to reboot system After testing various methods. Only viconfig and php shell work perfectly GOAL: Change Web GUI from http to https OPTION1 open http://ipaddress go to System/Advanced/Admin Access STATUS OK OPTION2 open gui console 8) Shell viconfig change webgui part from http to https /etc/rc.restart_webgui STATUS OK OPTION3 open gui console 12) PHP shell + pfSense tools parse_config(true); $config['system']['webgui']['protocol'] = "https"; write_config(); exec exit open gui console 11) Restart webConfigurator STATUS OK GOAL: Change Web GUI from https to http OPTION1 open http://ipaddress go to System/Advanced/Admin Access go to gui console 11) Restart webConfigurator STATUS GUI appeared, type username/password but can't login Shell shown "php-fpm[341]: /index.php: Successful login for user 'admin' from: 10.0.1.1" OPTION2 open gui console 8) Shell viconfig change webgui part from https to http /etc/rc.restart_webgui STATUS OK OPTION3 open gui console 12) PHP shell + pfSense tools parse_config(true); $config['system']['webgui']['protocol'] = "http"; write_config(); exec exit open gui console 11) Restart webConfigurator STATUS OK

Yes I would just move the required elements to the new install and you still wouldn't have to change the clients. But, yes, you could just forward traffic through the new unit to the old device as a VPN server. It's very easy to end up with an asymmetric route if you do that though. Steve

Doing fsck -y 4 times found more errors each time and after that, it all started up!! Thanks!

Update. I have swapped out the cable modem and this has solved my issue. Old modem was an Arris TG1682G. Upthread I said technicolor, I was wrong. New one is an Arris SB6190. I don't know if it was swapping the hardware or if the provisioning at comcast reset something, but it has been working for the last hour.

We are using Google's DNS servers, nslookups don't fail.