@xxnumbxx said in Home Network Layout, Traffic Shapping & More questions.: Web Filtering I want web filtering on LAN2 so the kids are not getting to porn sites and such. I have used this with untangle and found it to work great, is there something similar for pfSense? I have heard of Squidguard but not sure if this is the best route. I can suggest pfBlockerNG-Dev package. Spend sometime browsing here and post specific questions there: https://forum.netgate.com/category/26/traffic-shaping

We need more specifics to even begin to offer anything helpful. How is your network laid out?

Deleted from within the user manager

If you need to do it transparently you need to set Squid to listen on the OpenVPN interface so it adds the required port forwards. To do that you need to assign the OpenVPN server as an interface: [image: 1588078614099-selection_829.png] Enable the new interface, rename it if you wish. Then you can select it in Squid. Steve

@dennypage Agreed. I think it must be the YouTube mobile app caching the duplicates.

If that doesn't pan out, you can try switching back to sc: kern.vty=sc hint.sc.0.flags="0x180" hint.sc.0.vesa_mode="279"

Zabbix is just pulling the hardware interface name. You're going to have to look at aliasing it on the Zabbix side. How to do that would be a question for a Zabbix forum, not a pfSense one.

Hi @mehdii, have you tried to set the corresponding axis-unit?

@Tactis said in pfSense on OVH Dedicated with ESXi and one NIC: It's not the public IP assigned to your ESXi interface right? Yeah I think it is. That's how I'm connecting to it (the public IP). Well at first I wasn't able to, but I enabled the basic firewall (not the Cisco ATA option) in the OVH control panel on that interface, and let port 443 through, then I was able to. This doesn't make a lot of sense either, I would have thought with the firewall off I could connect just as much as if it were on with one port open. I'm flying blind as to how their infrastructure works. As long as it's not, you should be fine. Add another vSwitch and Port group in ESXi for your VMs, and do NOT assign an uplink NIC to that vSwitch. Connect the pfSense 2nd NIC to this vSwitch and setup the LAN. This way pfSense will act as the firewall between your LAN and WAN, with the public IP being the one you picked up from DHCP. I'll do that as I assume I'll need it anyway when I work through it. If you have a range of IPs available, it's probably still best to setup a static if you want to host any services here. Any additional IPs can be added to pfSense by going to Firewall > Virtual IPs and assigning them here. It is a static public IP, and I'm not sure why ESXi picked it up from DHCP. I'm also not sure how I could connect to ESXi to manage it in the first instance if it didn't pick it up from DHCP, because if I set ESXi as an internal static IP (like 192.168.0.X or whatever) their basic firewall doesn't seem to redirect ports to different IP's, so I'm pretty sure I wouldn't be able to get to the ESXi server. It's a weird and foreign setup to me.

Thank you Steve, against that bug, I have also reduced the firewall maximum entries to 65534. Bogon is also disabled. Might be the case with my ISP, I will ask in the dedicated ISP forums for advice on monitoring. There are a lof of pfsense users with Virgin Media in the UK. Helps to drop the ISP name in this thread as well, in case anyone else is going through the same pain.

@pooperman there is some issue with SSL handshake: [image: 1587921920369-1.jpg]

I would not expect a port forward to be required there as Plex can usually be accessed from anywhere, even externally. UPnP is disabled by default in pfSense and you should leave it that way unless you have a very good reason not to. Plex can open port forwards in the firewall to allow access otherwise. Usually when people device their network like you have it is for security. Consider what would happen if one of your cameras was found to have a vulnerability and was hacked for example. What would that give anyone access to? You probably want firewall rules on the 192.168.2.1 interface in pfSense that allow only the required access outbound. So the cameras may not need any external access or maybe only to a known IP or set of IPs. Wifi IoT style devices may not need any access to to the LAN subnet. Though maybe you want Alexa to be able to control Hive.... What you want to do is allow only the traffic that is needed and segregate devices as much as possible to mitigate any security issues should they occur. Does your access point allow for multiple SSIDs / VLANs? If so I would create more so you can separate general access devices like laptops and tablets from IoT devices like cameras and Alexa. Currently you have separated devices simply by wired or wifi and that might not be the best way. The Hive and Hue hubs are IoT devices. I would want those on a separate subnet to desktop PCs and servers if possible. Steve

@tgdsilva said in Cannot access pfSense LAN subnet from outside: I think I would need it just for the purpose of converting incoming ONT (coaxial) to Ethernet. Exactly... Get an AP put it behind pfsense, then you can do whatever you want for segmentation of networks.. I would suggest you get an AP that supports vlan, and also a switch that does as well.. Then you be cooking with gas ;) For anything you might want to do.

Thank you! I have set it through SSH and finally, after 4 days I have rebooted it (I was afraid it won't work and didn't have the time to setup a monitor and a keyboard to the pfsense machine). It works great!

The HG612 will be plenty fast enough if it works, it doesn't really do anything but pass the traffic to pfSense. I think you will need it unlocked to change to bridge mode. That's quite easy though. I hope it's the 3B version. Some of the earlier ones had known over heating issues. Steve

@Fredouye THANKS!! I had done a search, but obviously my search was not well stated to come up with the right answer. I entered the "0-4,6" in the weekday field. So it should run tonight. Thanks again. Phizix

The XG-1537 or XG-1541 can easy do 10 Gbps. https://store.netgate.com/XG-1537.aspx https://store.netgate.com/pfSense/XG-1541.aspx -Rico