@pfguy2018 Yes, that appears to come from the first server tried. However, it also seems to have a bad checksum, so it would be discarded.

There is a server side issue at the moment. We're working on getting it restored.

Nice.

@aminbaik To send the ip addres of the client/webbrowser to the server/webserver behind haproxy there are a few options: 1- option forwardfor 2- send-proxy 3- source 0.0.0.0 usesrc clientip Each has its own (dis-)advantages.. https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_pass_clientip_to_webserver

Cannot delete this post. No longer asking this question.

ok.

I am sorry for bump, but still looking for a solution to get curl to work with NAT 1:1.

$ cat /etc/syslog.conf # Automatically generated, do not edit! Do not edit that file. The include line I mentioned tells the system to load custom syslog configuration files from /var/etc/syslog.d/. Try this: $ printf "local1.notice\t\t/var/log/access.log\n" > /var/etc/syslog.d/apache.conf $ service syslogd restart In your apache.conf (not the syslog.d/apache.conf) you should having something like this: CustomLog "|/usr/bin/logger -t httpd -p local1.notice" combined Also, one more time so I feel like I properly warned you. Do not run your own webserver on your firewall. All it takes is you making a mistake in your server code and now someone has compromised your firewall. DO NOT DO THIS.

Hi Guys, It is very good idea! did you find solution to setup this ? thanks

@johnpoz thanks a lot ;)

@stephenw10 Thank You Alot...I just reinstalled pfsense on the device and it worked

Hmm. Yes I believe there are a number of providers who will just use the source IP of an update. The customer option there may also work rather than using one of the built in presets. The pfSense update client will do that anyway if the monitored interface has a private IP but that makes it tricky in your case.... Steve

@chrcoluk said in FreeBSD Bug 188261 - How to apply patch to pfSense: ticket on redmine if you read, this has happened in the past @maverickws " I've added here: https://redmine.pfsense.org/issues/10820 Thanks!"

Hi! Many thanks for the replies. It turns out that there were some errors with my switch. However, I never managed to put the google nodes in bridge mode so I gave up and bought a uniquiti access point and installed. //Andreas

The Mellanox drive line is expected on any system. The dhcp leases line it likely something attempting to restart it twice (still starting from the last previous time). Here's me editing an alias on a test box: Aug 11 12:06:27 check_reload_status Syncing firewall Aug 11 12:06:39 check_reload_status Reloading filter Aug 11 12:06:40 xinetd 23110 Starting reconfiguration Aug 11 12:06:40 xinetd 23110 Swapping defaults Aug 11 12:06:40 xinetd 23110 readjusting service 19000-tcp Aug 11 12:06:40 xinetd 23110 Reconfigured: new=0 old=1 dropped=0 (services) It responds pretty much instantly in the GUI. The first log line is when it hit save. The second log line is when I hit apply. It takes ~1s to reload everything. Now that's a test device without much config on it. As you add more services and more rules, and tables etc it takes longer to reload. Steve

Found that there's also a pfSense hangout video and slides available specifically on the cert manager. Might be useful if you end up in this thread. https://www.slideshare.net/NetgateUSA/certificate-management-on-pfsense-24-pfsense-hangout-september-2017 https://www.youtube.com/watch?v=x2efFe9xXxo

I have always found the installation quite straightforward. Here are the instructions: https://docs.netgate.com/pfsense/en/latest/install/installing-pfsense.html

You could setup your IPsec tunnels better and get the same net effect without a script. For example, if it's a tunnel mode IPsec connection, if you setup P2 entries with remote hosts to ping, that normally will bring them back up automatically. For IPsec VTI mode, if you set the child SA close action to "reconnect" on one side that will make them reconnect when they disconnect. There wouldn't normally be an IKE/P1 issue unless you don't have working DPD on both sides.