@dgall Are you set to the 24.03 branch? If so, see https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

@jeff3820 said in So why is my firewall logs full of mDNS pings that should pass??: Still looking for the sources... You most likely will need to sniff and see the mac address of the sender, then you should be able to at least get a clue to who it is by the maker via the first 3 of the mac, if its wired you can track that down to what port its plugged into. Wireless can block the mac and see who screams or what device stops working. You could do the same on pfsense, once you know the mac you can see what actual IP it has and that can be helpful, maybe it registered a name with dhcp, etc.

@stephenw10 Thanks again! I was able to change the config of lnav, so that it uses sh instead of bash. Now it is working!

I mean when you ran the pcap was it capturing all traffic or was it filtering by just a limited set of MAC addresses or IP addresses for example?

@stephenw10 Yea , set exception in proxy settings for pfsense ip))))

@stephenw10 I just check, created a cert for 10 years.. Put it on my printer and firefox didn't say a word about it being valid for 10 years.. Signed by my CA that it trusts.. [image: 1714513121754-length.jpg] https://source.chromium.org/chromium/chromium/src/+/main:net/docs/certificate_lifetimes.md?q=certificate%20lifetime&ss=chromium&originalUrl=https:%2F%2Fcs.chromium.org%2F Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less. This will only apply to TLS server certificates from CAs that are trusted in a default installation of Google Chrome, commonly known as "publicly trusted CAs", and will not apply to locally-operated CAs that have been manually configured.

@stephenw10 - I think it should only need to be this query - (&(objectClass=posixGroup)(cn=vpn)(memberUid=*)) I just get a red box on the authentication test page in pfSense - The following input errors were detected: Authentication failed. Unfortunately there doesn't seem to be any LDAP logs generated on the QNAP :(

See: https://redmine.pfsense.org/issues/15078 It will always show Plus as an update if your device is eligible because it checks all available update branches. If you really need it I can manually remove the eligibility. Steve

Yes that could work, assuming it's a USB device since there are only 3 ports. Modem support in pfSense is variable though. Be aware.

Thank you Netgate!! [image: 1714494177553-screenshot-2024-04-30-at-09.21.11.png]

Yup, no way to recover those as far as I know. There are scripts named the same available via Google though.

It's fixed now!

@stephenw10 I Managed to figure it out myself thanks. Having successfully installed the software, I forgot to Eject the ISO, I had used to build it. So, when it restarted, It tried to reinstall. I therefore Cancelled the re-installation, and ended up God knows where. I suspect id was in BSD. I was there that I could not log into psfSense! Anyway, having re-read the notes I wrote myself, the first time I installed pfSense. I saw my comments, in red, about ejecting the ISO. Did that - problem solved.

Yup all 1537s return an invalid PCH temp value as far as I know. I don't know if it's the driver or the device itself that's incorrect. However it's not an indication of a fault just an incompatibility with that particular device.

@wtowens207 A client might be asking for that... I am not aware of anything in pfsense that would be looking to download the wpad.dat file.. What packages do you have installed? I believe this has something to do with the proxy, but I'm not running a proxy on my firewall. So you have a proxy internally? It could be trying to download that from your host, and yeah if your host says hey this source IP is bad, block it - then sure all your connections from pfsense would be blocked, ie all clients behind it, etc. Or it could just be some other client behind pfsense trying to download that..

@jimp said in Some Firewall rules not working after upgrade to 24.03 - rules between subnets are not passed through: but it's best to fix them up properly and eliminate the problem. Exactly!!! Completely agree, even if a bit painful for some. I can foresee increase in tickets to TAC..

@cougarmaster The backed up config file contains everything. But don't take my word for it. Get one, open if with a text editor, and look for yourself ^^

@JonathanLee said in Fidium: The IPv6 they said will be dynamic Make sure System / Advanced / Networking Do not allow PD/Address release is selected. If your ISP respects it, you will have a virtually static prefix. I've had my prefix for over 5 years.