@esampathj: Never heard it before. Any idea how to disable it ? Under dhcpv6 on the services tab - see attachement Windows is going to prefer ipv6 out of the box..  If your not using ipv6 on windows, just disable it would be my suggestion.  Security 101 - if your not using the protocol, then the protocol should not be active.  Simple as a elevated prompt in windows reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255 No more ipv6 to worry about.. [image: underdhcpv6.png] [image: underdhcpv6.png_thumb]

Check the firewall logs. Check the state table to see if any connections are being opened. One possibility is that PPPoE introduces some overhead to the packet size, an MTU issue. Steve

@jimp: No, but it should work until you reboot, at least from what I remember Got it. I'll just check the BIOS then and will report back. Thanks.

With Snort, set the Memory setting to: AC-BNFA-NQ. Also make sure that you don't manually click the start/stop interfaces icons while Snort is attempting to start as this can lead to duplicate pids. pgrep snort This command should only show one pid per interface.

Why I asked is because, for some reason pfsense is acting weird. It started blocking send/receive without changing any of the proxy configuration. Further, it blocked the usual http connection on 80 port whereas proxy users are on 3128. The configurations that I have edited aren't even been applied though it is saved. I'm suspecting that may be due to the unexpected shutdown. It didn't even after replacing an old back up of it. What could be the reason

I had the same problem.  I connected via the serial port and backed out of the change. I temporarily made my WAN a static address and used it for configuration, I changed everything over to VLANS on the interface that was once the LAN, now I don't have a "LAN" interface per se, but a physical interface with several VLANs using it as the parent interface. I had to add the VLAN interfaces to the DNS forwarder to have them all work correctly.

You will have to know the IP address of the switch somehow, and I doubt it really comes from the ISP. Anyway, if I understand what you want to do, take a look at this https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall  Works great for me, generally going to cable modems.

@jimp: No, and you really don't want to. So long as you give them each a unique hostname (which you should be doing anyhow), you can filter the logs entries to separate files on the syslog server. Thanks - I already did the filtering. I'll just put some non-logging block rules up for broadcast and multicast traffic to limit the noise. By the way, for users googling this thread: To separate logging on rsyslog (in case you're on linux), do this: :FROMHOST-IP, isequal, "192.168.10.3" /var/log/pfsense/pfsense-01.log & ~ :FROMHOST-IP, isequal, "192.168.10.4" /var/log/pfsense/pfsense-02.log & ~ Lars

sorry… ftp clients are on my LAN where pfsense is installed. This pfsense box has two WAN IP. they connect to an intenet FTP server

Thanks Phil, I was going to go back and check that, appreciate the help!

First, you should upgrade immediately. You're absurdly far behind at this point. @kejianshi: When you have rules you don't need, its too many. Exactly. You'll impact performance at some level, but it's way beyond what most any reasonable system will use, well into the hundreds of thousands of rules to make a minuscule difference. If you're running in a high traffic datacenter scenario, that's potentially different. For most office and all home use scenarios, no consideration.

I've done this before with only access to the WAN. 1st.  You started off right by disabling the firewall pcftl -d then connect via the wan to the Web GUI.  Don't add any firewall rules at command prompt. Go to firewall rules > WAN tab delete the "block private address" wan rule.  Its at the top.  Grey. Now add a pass rule on the wan to allow you to access the web gui via the wan at this point you can pcftl -e Now, very gingerly change your pfsense password to something secure. Now, at this point I'd configure SSH on the WAN and probably OpenVPN also. Then I would delete the HTTP / HTTPS pass rule you created on the wan From this point, if you are doomed to only have access via the WAN, at least you can do it securely. For anyone who may be wondering "why the heck did you ever do this", its because I was using pfsense only as a VPN server and was forwarding ports from a ddwrt router to a VM running in vmware player.  Just to give a friend access to his LAN remotely without him needing to buy any hardware.

Often you will find the cron job pushes the machine to use more ram and cpu than normal, so it exposes perhaps bad areas of ram that are not normally used, marginal chip cooling, or marginal power supplies.

The defaults are fine for Skype. If you have traffic shaping or limiters configured, you might be throttling it. Otherwise, if you're getting appropriate performance in general for your Internet connection, it's not the firewall. Possibly poor connectivity between your ISP and the other person's ISP, among other possibilities.

Sorry for the delay. I'm not familiar with the business hub but it seems very likely that it is causing the open port reports you're seeing. I'm still not clear how you have it configured. Steve

Just to post a follow-up, the dnsmasq from the 8.3 package has been working as expected for over a week now. Thanks again.