1. Home
  2. pfSense® Software
  3. General pfSense Questions
Log in to post
Load new posts
  • S

    Broken unit won't fully boot

    2
    0 Votes
    2 Posts
    155 Views
    stephenw10S
    @Stewart said in Broken unit won't fully boot: pkg-static: Warning: Major OS version upgrade detected That implies it is either running 2.3.X and has pulled in 2.4.X packages or is set the dev channel and is trying to pull in 2.5.X packages. You can probably recover it by doing this: https://docs.netgate.com/pfsense/en/latest/install/upgrade-troubleshooting.html#upgrade-not-offered-library-errors But it will be quicker, and cleaner, to just reinstall at this point. The Suricata package had a bug in it at one point that meant log rotation was not working correctly. You had to go to the log management tab and save the default settings there to activate it. I imagine that's what you hit there. Steve
  • A

    Add dhcp, pppoe and DNS

    6
    0 Votes
    6 Posts
    1k Views
    stephenw10S
    You haven't added the address range or server address to the PPPoE server config. I'm not sure I've ever tried running it on a numbered interface, certainly not WAN. You might need firewall rules to allow the traffic in. Though I don't see any required on my test box here to allow the PPPoE traffic you will need them on the PPPoE server interface to allow traffic inside the connections. Steve
  • A

    Hyper-V LAB setup with pFSense as internet gateway

    2
    0 Votes
    2 Posts
    284 Views
    M
    Alright. We can do this :) On for example Forefront TMG you would have created a rule saying that anything going to external is allowed and drop the rest. PFSense however doesn't have an external object so instead we will need two rules per network instead instead First we need a Block rule that stops the unwanted traffic. Second we need an allow any rule that allows anything we haven't already blocked. In your case you need a block rule as rule nr2 on LAN: Source Any Destination 192.0.0.129/25 You will need a Block rule on OPT1 to (before the allow any-any rule) Source Any Destination 192.0.0.1/25
  • V

    Port 443 suddendly stopped by the firewall

    2
    0 Votes
    2 Posts
    133 Views
    V
    Okay I ran out of ideas so I grabbed a backup of the config file from before I installed HAProxy and ACME and restored it. Access is again granted to port 443. I will have to assume it was HAProxy but I only had set it up for port 80 and it was working. I was starting to work on 443 but everything for those backends and frontend was disabled. Also I completely disabled HAProxy and no difference. Oh well. I will just start again with ACME and HAProxy and see what happens
  • R

    DHCP Timouts

    5
    0 Votes
    5 Posts
    539 Views
    A
    Can you add some network addresses and ranges to your diagram? For example - 192.168.0.1/24 or something similar? Jeff
  • P

    HAProxy SSL Offload and LAN users [SOLVED]

    3
    0 Votes
    3 Posts
    385 Views
    P
    Hi @PiBa After a good night sleep, and some coffee, I discovered a domain override for https://www.yourdomain.tld/ in my DNS resolver. False alarm. Thank you for your time.
  • B

    [SOLVED] First time install. Need help!

    10
    0 Votes
    10 Posts
    1k Views
    B
    @KOM In accordance to Aristotle - the first sign of real knowledge is ability to explain shortly the matter and teaching this matter. I wish you big money in your free time ... The information that I've got from @stephenw10 - all that I've been asking. For now all is working.
  • O

    pfSense Crash

    3
    0 Votes
    3 Posts
    425 Views
    GertjanG
    @Ozzmosis said in pfSense Crash: can not find the problem. Cut the problem in pieces. Like : remove the VM from the equitation.
  • S

    apply changes with pfSsh

    2
    0 Votes
    2 Posts
    370 Views
    GertjanG
    @skullnobrains said in apply changes with pfSsh: how can i apply my changes without relying on rc.reload_all ? By "reading", rc.reload_all, see what it does, under what conditions, and do it yourself what rc.reload_all does. There is no documentation that states what a file or functions does.
  • A

    Copyright..bla bla

    3
    0 Votes
    3 Posts
    285 Views
    A
    ok thanks, now it is clear...
  • R

    Howto filter Firewall log using regular expression

    2
    0 Votes
    2 Posts
    853 Views
    stephenw10S
    Just remove the spaces, so: !(wan|lan) Or (opt1|opt2) if those are the interfaces you want to see hits on. Steve
  • O

    Blocking bittorrent on one client

    2
    0 Votes
    2 Posts
    239 Views
    johnpozJ
    If you do not have a policy against it, then how do you think its ok to block him or throttle it? Step 1.. Create you use policy!
  • M

    PPPoE link dying after 2.4.4_2 update

    pppoe
    14
    0 Votes
    14 Posts
    2k Views
    M
    I haven't tried across subnets yet, I'll have a look at that next time it dies. Thanks again for everyones help so far.
  • T

    [SOLVED] What would trigger this info popup?

    8
    0 Votes
    8 Posts
    924 Views
    S
    @superweasel said in [SOLVED] What would trigger this info popup?: Thought I might have been hacked. Me too
  • ender_E

    pfSense randomly freezing

    6
    0 Votes
    6 Posts
    2k Views
    ender_E
    @JKnott I left memtest running a few days after I moved pfSense to APU, it found no problems (and didn't lock up). The old board had ECC RAM, too, and there were no errors logged in IPMI.
  • T

    Intel X553 and Wake On LAN support

    5
    0 Votes
    5 Posts
    554 Views
    jimpJ
    Setting it via ifconfig ix3 wol (FreeBSD) would only matter if pfSense was putting the device to sleep or a low-power state, which isn't going to happen. If the device is powered off, that's entirely between the BIOS and the NIC, nothing to do with the OS.
  • Z

    Two or more pfsense boxes

    8
    0 Votes
    8 Posts
    689 Views
    M
    having a prod and a test/dev FW can be good.
  • P

    Another IGMP proxy post

    23
    0 Votes
    23 Posts
    3k Views
    S
    @pr3dict Thanks to meckhert on the unifi forum I've now managed to solve my hdhr problem by installing socat on a raspberry-pi that I already had on my private LAN. On the raspberry-pi I created and enabled a simple systemd service for socat so that it auto starts using the command meckhert listed. 192.168.100.17 is the IP of my hdhr on my IoT network. socathdhr.service: [Unit] Description=socat hdhr After=network.target [Service] Type=simple User=root ExecStart= /usr/bin/socat -d -d -v udp4-recvfrom:65001,broadcast,fork udp4-sendto:192.168.100.17:65001 Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target I hope this helps.
  • E

    Pre install Question

    4
    0 Votes
    4 Posts
    446 Views
    A
    @EricHamby said in Pre install Question: @akuma1x You take one of the lan ports, share the connection so it send the signal to the switch. I still don't know what that means - share the connection. In my attached example picture, this pfsense box only has 2 ports - WAN and LAN. You would plug the WAN port into an available port on your modem, and the LAN port goes to your switch.They are 2 separate ports, going to 2 separate devices. Jeff [image: 1555349802491-sg-2220.png]
  • T

    Best practices to configure pfsense?

    Locked
    6
    0 Votes
    6 Posts
    798 Views
    A
    @johnpoz said in Best practices to configure pfsense?: To be honest for stable working pfsense would be leave it at default, unless you actually need to change something and you understand what your doing... Agree with that! Also, to the OP, something you should NEVER do is open port forwards to the "general internet" for servers or services on your internal network(s). Some hacker/cracker will eventually find it and exploit it, guaranteed. If you have internal stuff you want to access from the outside, use a VPN provider/service and remote into your network that way instead. Also, if you do need/want to create firewall rules to move traffic around your network, it's best to add them 1 at a time and test to make sure stuff works. If it does, you're good. If it doesn't, start looking for answers. Lots of info is on the web and here in the forums. Jeff
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.