Yes exactly if you are trying to connect to a sercice on the Ubuntu server you would use localhost there, or some IP on the Ubuntu box listening on that port. Not the pfSense IP. Steve

Yes, 2.0.3 is totally obsolete at this point. There is no good reason to be running that. https://docs.netgate.com/pfsense/en/latest/releases/versions.html Steve

I agree with you. Many thanks for taking your time and helping me in a very professional way!!!

You can download the complete config from Diag > Backup & Restore then extract the config from that (with redactions). Or post screenshots. Steve

Cloudflaire is a resolver and uses .... the Internet root servers. Your ISP resolves ans is using the .... the Internet root servers. Why wouldn't you want to use the Internet root servers ?! There is nothing to try, by default pfSense uses the the Internet's root servers, as it is meant to be. So, good news : change nothing and everything works out of the box. I presume that your ISP won't block access to these root servers,as it would be a major reason to stop all commercial relations with them. Btw, in the past, "ISP boxes" obtained a WAN IP and a couple of DNS servers from your ISP. All the info is available in the DHCP request your box made when it connected to your ISP. You can check this option to obtain the same behaviour : [image: 1610344872845-c4d61816-5b6c-4f70-8996-a301ca4a253e-image.png] but why would you use your ISP's DNS's ? Or the ones from some one else ? If you can get the info from the source.

Ah, nice result.

I make that 1430B. I guess you have mostly full size TCP packets inbound.

Yup, that. The cert used by the DNS-BL server is not signed and even if it was it would not match the requested FQDN so you will always see a cert error there on an https page. Which is almost everything these days. Steve

If you don't have any inbound connections then applying the Limiter outbound on WAN via a floating rule is commonly used. That then catches traffic from all internal interfaces. Steve

That should be fixed by: https://redmine.pfsense.org/issues/11206 Steve

I used the 'Reinstall all packages' button from Diag > Backup & Restore for this on the my edge box. No problems I noted. Steve

I would make sure your default gateway in System > Routing > Gateways is set the WAN_GW. If it's still set to automatic it may switch the VPN gateway. That would affect all traffic that does not have a gateway set including DNS traffic from the firewall itself if you're still using Unbound in resolving mode. Steve

@bon-go said in NTP Sync: @bingo600 As I wrote: there's a difference between pfSense Settings (GMT +8 in pfSense means BEHIND GMT) and sometimes our common understanding about it: hours or timezone. I don't need your explanation link at 24timezones.com ... Look at your pfsense general setting and pfSense time in Dashboard, read it, change it and look again ;) Strange .. Then the pfSense documentations must be in error too https://docs.netgate.com/pfsense/en/latest/troubleshooting/time-zone.html They have made same error as me , stating GMT-5 is America/NewYork [image: 1610224341161-84620fdd-5ab7-4135-93e1-76a921c5b5c2-image.png] Maybe you should open a doc change request at their redmine /Bingo

Run at the command line ifcondig -a to see the MAC in use 'ether' and the MAC on the hardware 'hwaddr'. VLAN interfaces do not have a hardware address obviously. They inherit their MAC from the parent interface. Srteve

@johnpoz: I just responded to @DaddyGo’s religious statement about beauty and mathematics in his signature. It was just a “BTW.”

@cyberchris Nevermind I figured it out. Pfsense created default Nat rules for the additional networks I made. It did not create default firewall rules for the additional networks allowing them to communicate out. It did automatically create a default firewall rule allowing the Lan to communicate out. All I had to do was go into firewall->rules->and click on the new interface and set up a firewall rule allowing that new network assigned to that interface to communicate out.

@androbourne looking forward to solving this problem on my LAN, thanx. Did this allow you to have traffic go out with a source of either your public IP or a spectrum one, or was it your public IP only?

I see other thread, so pls disregard

@stephenw10 said in Connect to remote proxy server with RSA private key: Those scripts appeat to be aimed at setting up a remote access / mobile ipsec style server and pfSense cannot act as a mobile client. You want to be setting up a site-to-site style IPSec server. The only problem is that if you use a policy based tunnel it will have to cover any destination so will be an all or nothing option. If you use route based IPSec you can policy route traffic over it so be a lot more selective. If it were me I would run pfSense in AWS too. That gives you the most options and the easiest setup. Steve thank you steve for pointing to the directions. will do further research.

@kiokoman said in Pfsense localization connecting on console or via SSH: @fog yes but that folder isn't necessary for the keyboard layout afaik, that contain only translation/transformation like yes=sì January=Gennaio and so on LC_COLLATE String sort order LC_CTYPE Character classification LC_MESSAGES Language of messages LC_MONETARY Formatting of currency amounts LC_NUMERIC Formatting of numbers LC_TIME Formatting of dates and times Anyway, If the correct encoding is not correctly and consistently set (in this case UTF-8) you have trouble to type characters outside the ASCII range as, for example, accented characters.