• allow access internet problems

    4
    0 Votes
    4 Posts
    230 Views
    stephenw10S
    If you have multiple downstream subnets on the LAN you will need to add static routes to the mik2 switch and firewall rules on LAN to pass that. The default firewall rules only pass traffic from clients in the LAN subnet directly. Also make sure you don't have a conflict between WAN and LAN. Make sure pfSense itself can connect out from Diag > Ping.
  • Upgrade path from CE 2.7.2 to pfSense+?

    9
    0 Votes
    9 Posts
    561 Views
    stephenw10S
    Yes you'll still need to configure VLANs 5 and 6 since they're passed tagged to something external. But WAN, LAN and OPT can just be assigned to NICs directly in the other device.
  • No LAN IP

    Moved
    8
    0 Votes
    8 Posts
    315 Views
    O
    @stephenw10 Yep, did that and all is working now. Appreciate you help! Bill
  • one core on six core intel 12th gen cpu

    5
    0 Votes
    5 Posts
    256 Views
    stephenw10S
    It certainly could be a BIOS setting. But try running: sysctl kern.smp
  • Can't connect to 9443 port on a host in the same subnet

    2
    0 Votes
    2 Posts
    388 Views
    johnpozJ
    @allkemyst said in Can't connect to 9443 port on a host in the same subnet: Subnet: 20.0.0.1/24 | DHCP4 on while technically that can work, its a horrible idea to use public IP space internally. Not not just 10.0.1/24 as your lan2 network? I try to test the port on PfSense, i can reach the port 22, but can't reach the other ports, including 9443. that screams firewall on that box or your vm host.. To validate this to yourself sniff on your lan 2 interface while you send a test to these ports.. Do you see the traffic leave pfsense, but not get an answer.. But you can ping and ssh works - that screams host firewall to me. edit: or the config of whatever service this is set to listen on IP 192.168.1.x (whatever your old network was) and not 20.0.0.x Unless the traffic is routed over pfsense, pfsense has nothing to do with the traffic - if it is routed, maybe your doing a policy route and this is sending traffic out your wan gateway. Without seeing the rules we really have no idea, maybe you set the rule to allow tcp, but this is udp?
  • WOL Comand lLine

    7
    0 Votes
    7 Posts
    216 Views
    O
    @stephenw10 I tried it, works! Thanks a lot
  • Under attack, anything I should do?

    68
    0 Votes
    68 Posts
    6k Views
    GertjanG
    @JeGr said in Under attack, anything I should do?: I don' even know how that got so famous in the first place! I guess grc.com, Gibson and affiliates. I remember vaguely some talk shows ...
  • Email Notifications

    3
    0 Votes
    3 Posts
    130 Views
    K
    Ok. thank you that was super helpful
  • Enable Alerts for Gateway Failures

    2
    0 Votes
    2 Posts
    101 Views
    stephenw10S
    There is, unfortunately, no fine grained control for notifications. Yet. If you have a notification type configured you will get alerts.
  • Firewall rebooted unexpectedly

    15
    0 Votes
    15 Posts
    1k Views
    stephenw10S
    Well the first thing is to confirm it really is pflow by disabling it making sure it doesn't happen.
  • Blocked by VPN

    2
    0 Votes
    2 Posts
    156 Views
    stephenw10S
    What VPN type? How are you routing it? Can you change VPN address?
  • WAN repeatedly going down every few days again

    14
    0 Votes
    14 Posts
    773 Views
    JeGrJ
    @pp-ng said in WAN repeatedly going down every few days again: @stephenw10 Also - to get my WAN back to 'online' I went into Interfaces > WAN and just clicked Save and then Activate. I know it runs several scripts or whatever in the background, so not sure which one got me back online, but that did it. Sounds to me more like a configuration problem on your WAN or your ISP/upstream provider. That somehow smells like you have DHCP on WAN and your box looses its connection because the DHCP address expired or your provider doesn't "know" it anymore. Or you get a quasi static IP from your ISP and configured it as static IP but your ISP needs to hand it out via DHCP. We had some of that use cases in support here and most of them had that exact problem. Saving WAN config brought them online and after a few hours or days the connection dropped 'cause packages wouldn't go out/in anymore. Switching the WAN e.g. from static to DHCP or configuring it the way your ISP needs/wants it could solve that. Or check the ISP modem or %device% depending on your internet. That a manual "save & apply" from WAN brings you back seems to indicate that a manual performed DHCP restart seems to work, so I'd have a look at the way you get your IP from your ISP. Cheers :)
  • Googling blocked domains let them through

    3
    0 Votes
    3 Posts
    137 Views
    I
    @Gblenn said in Googling blocked domains let them through: @iSagen So fortnite.com and www.fortnite.com are "different" in this regard. You need to add all variants in order to completely block a site... Try adding www.fortnite.com and it should block also when searching... That did the trick, thank you :)
  • troubleshooting reloading filters

    1
    0 Votes
    1 Posts
    90 Views
    No one has replied
  • Auto apply all "Recommended System Patches"

    6
    0 Votes
    6 Posts
    308 Views
    O
    @bozo-bogd if you have found a solution, plz post it here ;)
  • 4G gateway monitoring options

    18
    0 Votes
    18 Posts
    738 Views
    GertjanG
    @deanfourie You could run a packet capture for a while on your 4G interface and check what goes out and when. Exclude ICMP traffic.
  • Captive Portal enable MAC pass-through for only user login?

    7
    0 Votes
    7 Posts
    320 Views
    N
    @Gertjan Thanks for replying. We have about 100 users/ staffs usually on my location, most use multiple devices, with other staffs that may come and go from another branch (about 500 total if counting all branchs). The portal was intended to use for WIFI and staff only, so we hooked our pfsense with a VPN connection to our AD (which is on another location) and use it as an authentication backend. But now higher-ups want to add voucher option for guests, previously we just made an account to use exclusively for guests instead. We do have VLANS for each departments, separately from the portal WIFI networks. Before using portal, the WIFI was more of a convenient thing (which it still kinda is), with no authentication required.
  • 0 Votes
    6 Posts
    217 Views
    stephenw10S
    Hmm, thats shown as mbps but can I assume it's actually Mbps? Does the traffic graph in pfSense itself also show traffic during that iperf test? If so It sounds like one of those devices on VLAN2 has the wrong subnet mask set and is sending traffic to it's gateway rather than directly.
  • 0 Votes
    14 Posts
    699 Views
    A
    @stephenw10 said in Comcast email doesn't load on iPhones when connected to network - works on PCs with same settings: Ultimately try running a pcap on pfSense for the IP of the phone then try to check the email and see what it's sending. I'll try - I haven't actually used pcap previously so will have to figure it out.
  • Access to att.com email

    16
    0 Votes
    16 Posts
    854 Views
    johnpozJ
    @BobL4002 so you can't go here? https://currently.att.yahoo.com does it resolve from your client? $ dig currently.att.yahoo.com ; <<>> DiG 9.16.50 <<>> currently.att.yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41641 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;currently.att.yahoo.com. IN A ;; ANSWER SECTION: currently.att.yahoo.com. 3532 IN CNAME atsv2-fp-shed.wg1.b.yahoo.com. atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.143.26 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.231.20 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.231.21 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.143.25 ;; Query time: 12 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Tue Sep 03 13:21:59 Central Daylight Time 2024 ;; MSG SIZE rcvd: 159 what about in pfsense dns host lookup? [image: 1725387837737-dns.jpg]
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.