@radicalentity This is not enough, those devices need to be in their own VLAN, taking advantage of the default block-to-all rule.

@annycat1 said in pfsense no da internet: hola tengo un problema estoy aprendiendo esto, al momento de instalar pfsense todo bien junto con la configuración inicial pero no me da internet mi servidor, pero si me arroja ambas ips tanto wan como lan pero no recibo señal en mi maquina cliente y el error que me arroja win 7 es que el servidor DNS no responde que puedo hacer? From Google translate: hello I have a problem I am learning this, when installing pfsense everything is fine together with the initial configuration but my server does not give me internet, but if it throws both ips both wan and lan but I do not receive a signal on my client machine and the error that it throws me win 7 is that the DNS server does not respond, what can I do? First off, make sure you have a working connection. Ping an address such as 8.8.8.8 to see if you get a reply. If that works, check your DNS server address. You can try a public server such as 8.8.8.8. En primer lugar, asegúrese de tener una conexión que funcione. Haga ping a una dirección como 8.8.8.8 para ver si recibe una respuesta. Si eso funciona, verifique la dirección de su servidor DNS. Puede probar un servidor público como 8.8.8.8.

@kom I thought so. Perhaps it could help alleviate the burden on the backup server if users could enter the minutes at which the cronjob occurs? As of now, users can enter hours but not minutes. [image: 1625505544452-dfe0d2ab-836e-49e5-a27f-df5b9ed2f01e-image.png]

@areckethennu Nope. I think this might be log noise, but at least I know I'm not the only one seeing this. I borked my previous installation and when I started fresh, I thought my hardware was messed up some how when seeing that. Like something was wrong with my hardware clock, but it's just fine apparently. It's set correctly to UTC.

Stupid me ! I didn't notice that the CIDR popup near the WABN address was by default /32. Setting it to /24 fixed the problem Sorry Xavier

My PPPOE connection has static IP, forgot to mention.

@sanderblom I left the system running over nigh and when I woke up everything now works like normal. Thread can now be closed

@stephenw10 said in Auto configuration backup shows no backups: Yeah it's in 2.5.2 with a random number of minutes by default: Just wanted to drop by and say that all the backups have worked since I changed it away from the on the hour, thanks @stephenw10

Finally had some time to test this. VPN Server via Asus - FTP download speed around 3Mib NO VPN Server - Port forwarding Ftp around 5 Mib Now we also tried it with a higher spec router (instead of the AC-56U we used a ASUS AC-86U) and the speed were only a bit better. VPN Server via Asus - Ftp download speed +- 4 MiB No VPN Server - Port forwarding FTP speed +- 7Mib Now I just recently received my package from the US with the SG-1100 and going to set it up at my friends house and put the Netgate in the DMZ of his ISP Router (Non Bridged) and see what that brings us. (speed wise)

@sydgarrett said in 21.05 blocking TiVo connections for unknown reasons: @jimp Yeah, I shut down access outside my network a long time ago. Digging through things to see what might be setting up those rules. Found it. Even though I had shut down access, there was still an option in there to configure the router using UPnP that had NOT been disabled. Don't remember that option being there in the past but it has been a LONG time since I set up the server. Thanks SO much for your help on this. I consider this resolved (at least until the next update of something on the network :) ) Thanks!

@bthoven said in Incorrect login/password on Windows browser, but okay on Android phone: Any suggestions what has happened Whatever it is, it's something we couldn't have seen. You are our last hope. @bthoven said in Incorrect login/password on Windows browser, but okay on Android phone: and how to solve it. The phone works, so make it useful : look at the log while you try to login from your PC. When I logged in with a browser, I saw : 2021-07-02 16:56:23.047556+02:00 php-fpm 57272 /index.php: Successful login for user 'admin' from: 2001:470:1f13:5c0:2::88 (Local Database) Using another browser, from the same PC, using a wrong password : 2021-07-02 16:56:48.427027+02:00 php-fpm 49571 /index.php: webConfigurator authentication error for user 'admin' from: 2001:470:1f13:5c0:2::88 and a : 2021-07-02 16:56:48.484064+02:00 sshguard 62299 Attack from "2001:470:1f13:5c0:2::88" on service unknown service with danger 10. a second one : 2021-07-02 16:57:06.938048+02:00 php-fpm 49571 /index.php: webConfigurator authentication error for user 'admin' from: 2001:470:1f13:5c0:2::88 Now comes : 2021-07-02 16:57:06.938303+02:00 sshguard 62299 Attack from "2001:470:1f13:5c0:2::88" on service unknown service with danger 10. and a 2021-07-02 16:57:06.938386+02:00 sshguard 62299 Blocking "2001:470:1f13:5c0:2::88/128" for 110 secs (2 attacks in 18 secs, after 1 abuses over 18 secs.) Now both browsers are 'locked out' as they use the same IP. The web server couldn't even update the page any more : 2021-07-02 16:57:06.000000+02:00 nginx - 2021/07/02 16:57:06 [crit] 36881#100306: *273 SSL_write() failed (13: Permission denied) while processing HTTP/2 connection, client: 2001:470:1f13:5c0:2::88, server: [::]:443 After a couple of seconds, my browser gets smart, and uses it's IPv4 : 2021-07-02 16:58:12.118235+02:00 php-fpm 49571 /index.php: Successful login for user 'admin' from: 192.168.1.2 (Local Database) edit : this is just one possible scenario. Many other are possible. and that works.

@stephenw10 Just booted Trunenas on a Dell R220 Xeon 1220-V3 16GB ram and linked directly to Dell workstation with OM3, running windows and Xeon 1230V5 16GB ram. 546+ SFP+ mellanox cards Results [ 1] local 192.168.2.1 port 57829 connected with 192.168.2.2 port 5001 [ 2] local 192.168.2.1 port 57830 connected with 192.168.2.2 port 5001 [ ID] Interval Transfer Bandwidth [ 2] 0.00-10.03 sec 5.57 GBytes 4.77 Gbits/sec [ 1] 0.00-10.03 sec 5.44 GBytes 4.66 Gbits/sec [SUM] 0.00-10.01 sec 11.0 GBytes 9.45 Gbits/sec Happy with that. This is interesting - I now did the same iperf transfer but this time removing the OM3 fibre and using DAC 2M copper and here are the results - [ 2] local 192.168.2.1 port 62289 connected with 192.168.2.2 port 5001 [ 1] local 192.168.2.1 port 62288 connected with 192.168.2.2 port 5001 [ ID] Interval Transfer Bandwidth [ 2] 0.00-10.01 sec 6.33 GBytes 5.43 Gbits/sec [ 1] 0.00-10.03 sec 4.61 GBytes 3.95 Gbits/sec [SUM] 0.00-10.01 sec 10.9 GBytes 9.39 Gbits/sec I ran both tests a few times and DAC is consistently slower transfer rate.

@viragomann thanks brother, that worked.

@wlp94611 You don't need a WAN address, as link local addresses are often used for routing. So, run that way for a while and see what happens later.

The problem was on ISP side. All is good now

Dear @nogbadthebad , Asolutelly I have to upgrade to DEVEL than. :) Regards, Mucip:)

@maria-1 Your firewall rules are all wrong. Normally on LAN you do not want it to be too restrictive or else your users complain that things they need don't work. With that in mind, you would usually block what you want blocked and then allow everything else. You are trying to do the opposite where you try to allow some things and block everything else. Firewall rules are processed top-down, first match wins and no other processing is done. Start by putting an Allow All to Any rule at the bottom. Then start stacking your restrictions above it. I will go by your rules one by one: This won't be necessary since the Allow All rule at the bottom will handle everything. This rule is ok but could be better. Create a Port Alias called Admin_Ports and fill it with 22,80,443 and then use that alias in place of port 22 in your rule. That will allow only .21 to access pfSense via ssh or http/s. We will add a block rule later. Destination should be This Firewall if pfSense is your DNS server. There is a way to redirect all external DNS queries to pfSense if you want to capture all DNS. Add a new rule here that blocks LAN net to This Firewall This rule allows anyone to reach port 80 on pfSense. Inter-LAN traffic does not go to pfSense at all, so this rule only takes effect when someone tries to hit pfSense via tcp/80. It's not necessary and you can delete it. This rule is useless. What you want here is to create a Port Alias called Web_Ports and fill it with 80,443. You then create a block rule that blocks everyone from accessing anything via Web_Ports. Useless rule that should be deleted. Before, you were not blocking tcp/443 which is https and the way 99.999% of websites are served now. With tcp/80,443 blocked, nobobdy will be able to access any websites except through the proxy. You can create an IP alias to hold IP addresses of people allowed to bypass the proxy such as admins or management, and then create a rule directly above your tcp80,443 block rule to allow that alias to access anything.