@ajaypatel26 said in Cannot access NAS, SMB and Printer web page: do [anybody] guys follow RTFM rule (LOL) Noop. Probably not. I typed "pfsense bridge LAN interfaces" use Google (you could try another one) and the first link was ... the manual. Normal. Pfsense talks a lot about ... pfSense. Like : no need to consult ... BMW if you have a question about ...a Ford ;)

@BlankSpace said in WAN fails to keep DHCP address on cable modem reboot: only have igb0 through igb3, that's all I need? As @stephenw10 says too "prtsc" shows in my example one I350-T4 and one I350-F4 are configured so it shows 0 to 7.

Check this recent post : https://forum.netgate.com/topic/156110/dns-resolver-fails-but-forwarding-resolves/2?_=1600669615330 www.nic.in took me some 45 seconds to show a page. Looks like the web server is under heavy load ... go figure why ;)

Mmm, yup sounds like a hardware issue then. Always suspect RAM first. Try removing or disabling whatever you can. Steve

@stephenw10 said in IP Aliases questions!: Steve Thank you for your response. https://redmine.pfsense.org/issues/10918

You have to block whichever DHCP server is handing you that private lease. It only blocks dhcp it won't stop you accessing the modem. Steve

Thank you all, problem solved. Was onboard network card. Now i moved my wan to 4xnic and all is perfect. I did also a fresh install because i was not able to delete the pppoe witch had link with my onboard nic.

@MacUsers said in How to pass VLNAs from two seperate interfaces to main Switch?: in my case but will be able to explain why it's a bad idea in general Performance for one - there is no way your going to be able to bridge in software as fast as you can with doing it on in hardware on a switch. 2nd just complexity of configuration. Users can barely understand firewall rules on an interface, let alone on a bridge.. Are you doing the rules on the interface, or the bridge, etc. 3nd would be misuse of a router port.. A discrete interface is way more valuable as actual interface to do routing with, than to try and use it a sub optimal switch port. When switch ports are cheap!!! There are cases when bridge on your firewall makes sense - but to be honest it is almost always would be the last choice if can do it cheaper, simpler and easier config.

@stephenw10 Thank you! :-) I haven't tried the step just yet... family time. I'll get to it over the next couple of days.

First of all, and I should know this already, since I'm a 35+ old IT guy .... Never try to solve issues TIRED ... Second, it always good to have another perspective about your problem. I was so focused on the issue beeing in the proxy level, don't know why. but I was, that I forgot to deep analyse the others, snort and pfblockNG. Althoug I have tried to disable the before mentioned services I forgot to remove the block !!! from the snort, and I forgot to compare the KES cluster IP agains them ... It was only when @stephenw10 mentioned it that I tried all the three: Disable proxy; Disable snort; Disable pfblockerNG; Deleted the blocked IPs on snort; Disabled the proxy setting on server; Tried to access the page, SUCCESS !! Enabled one-by-one until it fails, Snort did it, blocking the port due to a (http_inspec) rule being triggered. [image: 1600534523049-screenshot-2020-09-19-at-17.54.48-resized.png] Again, thank you Stephen for your help. Cheers and stay sage all. JG

When you visit purinaforprofessionals.com it redirects to www.purinaforprofessionals.com which is cname xfbbc.x.incapdns.net. However both IPs should respond to ping so if you are not seeing that it's not an MTU issue. But 576 is ridiculous, you should set that back to the default. Run a pcap for those IPs on WAN while you try to ping them from a client. Do you see the requests leaving? If you don't then check for Snort or pfBlocker etc blocking that on the firewall. If you do and there are no responses then you have an upstream routing issue perhaps or those sites are blocking your IP somewhere. Steve

excellent, I shall make a cup of coffee and knuckle down with some reading.! Thanks again

@above-below_6 We use DHCP... Can’t get through to Comcast... we are trying other things at this point .. Thank you very much for replying, glad you got it figured out... it’s beyond frustrating... I’ll post once we have a solution

There were probably states open already carrying the traffic. Adding the new rule would not have removed those but they would have eventually timed out and been replaced by states with static ports when re-opened. Be aware that static source ports can occasionally be a problem if set for everything like that. If you have two clients behind the firewall trying to connect to the same external IP with the same source and destination ports one will fail. Steve

Have you tried powering off the Comcast router? We've seen more than one case where, when changing routers, the Comcast doesn't update its routing properly, especially if the WAN IP being used didn't change. (e.g. when replacing the client's router) edit: also re: pinging, if the Comcast gateway IP isn't pingable then the gateway monitoring will see it as down.

Hello! Options for notifications, like the Email Reports package for gateway events and script support, have been discussed here : https://forum.netgate.com/topic/155063/notification-on-events?_=1600390142279 My understanding is that pfsense is not an mta, and while is has its own form of "queueing", it will not send notifications if it cannot reach your smtp relay. My preference is to setup a pi along side pfsense as a support server to run things like an mta (postfix, exim, ...), local monitoring (nagios, icinga, ...), and other things that I dont want to burden pfsense with even though it might be able to handle them (squid, nmap, ...). YMMV. John

We've created a feature request/PR against the sudo package that should hopefully mean that there's no more hacking of the actual sudoers file on disk, should it get merged in: https://github.com/pfsense/FreeBSD-ports/pull/936

@M_SCHOFIELD said in OneDrive Upload causing failure: two more CPU cores as well. This is a very good idea, especially if you have a reserve

@leplik said in RRD ho: 2.4.4-RELEASE-p3 (amd64) ....... Proxmox pfctl consumes 100% of one core We know. There was an issue with - mostly - virtual versions of pfSense. It was a FreeBSD 11.2 problem. See old forum posts for what to do. FreeBSD 11.3 solved the issue. Use the latest version of pfSense and you'll be fine.