Cloudflaire is a resolver and uses .... the Internet root servers. Your ISP resolves ans is using the .... the Internet root servers. Why wouldn't you want to use the Internet root servers ?! There is nothing to try, by default pfSense uses the the Internet's root servers, as it is meant to be. So, good news : change nothing and everything works out of the box. I presume that your ISP won't block access to these root servers,as it would be a major reason to stop all commercial relations with them. Btw, in the past, "ISP boxes" obtained a WAN IP and a couple of DNS servers from your ISP. All the info is available in the DHCP request your box made when it connected to your ISP. You can check this option to obtain the same behaviour : [image: 1610344872845-c4d61816-5b6c-4f70-8996-a301ca4a253e-image.png] but why would you use your ISP's DNS's ? Or the ones from some one else ? If you can get the info from the source.

Ah, nice result.

I make that 1430B. I guess you have mostly full size TCP packets inbound.

Yup, that. The cert used by the DNS-BL server is not signed and even if it was it would not match the requested FQDN so you will always see a cert error there on an https page. Which is almost everything these days. Steve

If you don't have any inbound connections then applying the Limiter outbound on WAN via a floating rule is commonly used. That then catches traffic from all internal interfaces. Steve

That should be fixed by: https://redmine.pfsense.org/issues/11206 Steve

I used the 'Reinstall all packages' button from Diag > Backup & Restore for this on the my edge box. No problems I noted. Steve

I would make sure your default gateway in System > Routing > Gateways is set the WAN_GW. If it's still set to automatic it may switch the VPN gateway. That would affect all traffic that does not have a gateway set including DNS traffic from the firewall itself if you're still using Unbound in resolving mode. Steve

@bon-go said in NTP Sync: @bingo600 As I wrote: there's a difference between pfSense Settings (GMT +8 in pfSense means BEHIND GMT) and sometimes our common understanding about it: hours or timezone. I don't need your explanation link at 24timezones.com ... Look at your pfsense general setting and pfSense time in Dashboard, read it, change it and look again ;) Strange .. Then the pfSense documentations must be in error too https://docs.netgate.com/pfsense/en/latest/troubleshooting/time-zone.html They have made same error as me , stating GMT-5 is America/NewYork [image: 1610224341161-84620fdd-5ab7-4135-93e1-76a921c5b5c2-image.png] Maybe you should open a doc change request at their redmine /Bingo

Run at the command line ifcondig -a to see the MAC in use 'ether' and the MAC on the hardware 'hwaddr'. VLAN interfaces do not have a hardware address obviously. They inherit their MAC from the parent interface. Srteve

@johnpoz: I just responded to @DaddyGo’s religious statement about beauty and mathematics in his signature. It was just a “BTW.”

@cyberchris Nevermind I figured it out. Pfsense created default Nat rules for the additional networks I made. It did not create default firewall rules for the additional networks allowing them to communicate out. It did automatically create a default firewall rule allowing the Lan to communicate out. All I had to do was go into firewall->rules->and click on the new interface and set up a firewall rule allowing that new network assigned to that interface to communicate out.

@androbourne looking forward to solving this problem on my LAN, thanx. Did this allow you to have traffic go out with a source of either your public IP or a spectrum one, or was it your public IP only?

I see other thread, so pls disregard

@stephenw10 said in Connect to remote proxy server with RSA private key: Those scripts appeat to be aimed at setting up a remote access / mobile ipsec style server and pfSense cannot act as a mobile client. You want to be setting up a site-to-site style IPSec server. The only problem is that if you use a policy based tunnel it will have to cover any destination so will be an all or nothing option. If you use route based IPSec you can policy route traffic over it so be a lot more selective. If it were me I would run pfSense in AWS too. That gives you the most options and the easiest setup. Steve thank you steve for pointing to the directions. will do further research.

@kiokoman said in Pfsense localization connecting on console or via SSH: @fog yes but that folder isn't necessary for the keyboard layout afaik, that contain only translation/transformation like yes=sì January=Gennaio and so on LC_COLLATE String sort order LC_CTYPE Character classification LC_MESSAGES Language of messages LC_MONETARY Formatting of currency amounts LC_NUMERIC Formatting of numbers LC_TIME Formatting of dates and times Anyway, If the correct encoding is not correctly and consistently set (in this case UTF-8) you have trouble to type characters outside the ASCII range as, for example, accented characters.

@mr-newbie said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: n I don't enable the proxy settings on my pc Proxy ? A VLAN has nothing to do with a proxy. @mr-newbie said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: After checking the squid You were using squid without mentioning that upfront ..... I was asking : @gertjan said in YAHOO doesn't load the page from VLAN but in LAN it works fine.: Are you using pfSense packages ? You should have said "yes, squid" and the issue would have been solved 30 seconds later.

@uname Hi, It's the most craziest thing ever! I did not fix this on pfsense, but my feeling is that the hardware was the problem. I had an mini pc (router) from aliexpress and I think that was the problem, because I tried literally everything! Now I have from unifi a USG because I was done with the bad performance. Regards, Thomas

@teamits said in 1Gbps from Modem to PC, capped at 30-40Mbps through pfSense?: @girbot-0 said in 1Gbps from Modem to PC, capped at 30-40Mbps through pfSense?: now shows the Speed and Duplex for this card. (it didnt for the other one.). It was set to auto which wasn't working. Setting it to 1000baseT Full made it magically work. I would guess if the driver doesn't support speed changes it doesn't show. I poked around and on an SG-3100 the LAN doesn't have a speed dropdown...it's a switch so that is meaningless there (the WAN does). If the port was supposed to autodetect at 1000/full and changing it to 1000/full improved things, I would be looking at the connection...is the patch cable cat 6, etc. IOW that implies autodetect sets to something the hardware can't handle. Autodetect will detect the fastest speed and if the cable is insufficient there will be lots of errors. Well its weird because it DOES autodetect speed. But internet no work. When I hard set it to what it auto detects it as. It works. There's nothing in between pfSense and the modem to troubleshoot. It's literally a 6 foot cat7 cable between the two. I tried two cables. Same results. I'm using the same cables for all my wired stuff and everything LAN wise is good. If I hook up direct PC to modem I get 900+ download speed. pfSense, still around 500. No packet loss or anything. It's like a hard limit somewhere. I'll check the bios, maybe there's an update that might help... I donno. I'll grab a $35 intel pcie nic off amazon and see if that helps i guess.

@jknott Hi Jkott, I tried it with a mobile phone and it worked fine. For some unknown reason, I saw the new WAN IP assigned by the mifi 7730 to the pfsense, but the internet did not seem to work or extremely slow. Anyway, it is just a back up plan for me when the main line is down. I will use the mobile phone as a back up connection when it is needed. Thank you for your advise. Happy New Year