@stephenw10 said in System Log: Mmm, I can't answer that without more research but it logs like that on every firewall I see. So whilst it may be a bit ugly it's nothing to worry about. Steve Thank you - Nolli

@kiokoman thank you so much for this tutorial. I will try this setup. Once again, thank you so much I really appreciate your help. :)

If you WAN bandwidths are that different the first thing you should do is weight the gateways in the load-balance group so you get 5:1 connections using the ISP B gateway. Then a great way to set equal bandwidth per user is to use dynamic limiters based on a /32 mask. Unfortunately the screenshots have been lost from here: https://forum.netgate.com/topic/57476/per-ip-traffic-shaping-share-bandwith-evenly-between-ip-addresses The description is still good though. Steve

The VPC subnet is assigned in AWS. All interfaces are DHCP and receive their settings from AWS. This does make things a little odd for some things. So LAN will receive a gateway and be treated as a WAN by pfSense. You probably want to set outbound NAT to manual or hybrid and prevent it NATing out of LAN. Steve

@jpod2019 said in Can you run DHCP, DNS and NTP on different VIPs?: (I’m assuming everything will be done through the LAN interface and VIPs) I'm assuming you mean WAN there. You can have a single interface and it will be WAN and that's fine. The anti-lockout rule will be applied there instead of LAN in that case. If you add a VIP on the WAN all services will listen on it by default so you can add VIPs for NTP and DNS and it will work. DHCP will only run on the interface address though. By default DHCP wil hand out it's own IP for NTP and DNS so you would need to make sure you set those values in the DHCP setup. Though it would still work fine for anything using DHCP since those services would also be listening on the interface IP. Steve

sshguard also protects access to the GUI, not just SSH.

@JKnott ok

Working Thank you soo much.

@Rico said in How can I make a data usage graph?: https://www.netgate.com/resources/videos/bandwidth-monitoring-on-pfsense.html Traffic Totals package:- [image: 1562330012656-screenshot-2019-07-05-at-13.28.00.png]

Ok guys thanks for no replies anyway got this sorted. I still have no idea what was the problem. I must have tried 20 different configuration options with rules and all. In the end, I have it all working with just ONE rule that I'm 99% sure I tried before.... go figure... sigh After I got things working I started disabling the others one by one to see which would impact. Anyway, here's the rule that has it working now: Firewall > Rules > LAN Immediately below the Anti-Lockout Rule, add a new rule: Action: Pass Interface: LAN Address Family: IPv4 Protocol: Any Source: AppleTV's alias Destination: any Advanced options: Gateway - WAN_DHCP In the meanwhile I had an IPv6 block below but it wasn't creating states so I disabled it, and still all is working. So I'll just keep an eye on it and lyk tomorrow.

Hmm, I've never tried that. I would backup the config re-install, remove the swap during the install. You should edit the fstab to set it to mount root noatime though if it's not already. Steve

Thank you all. I appreciate your comments on DNS Resolver and everything got sorted. Super!

@sheen73 said in WAN Disconnects Multiple Times During Use: Hintron E31N2V1 Hmm, well it's not on the list specifically and 30s of Googling shows positive reviews so maybe not that. https://badmodems.com/Forum/app.php/badmodems https://www.dslreports.com/forum/r32152762- Steve

@mcury thanks let me try

Take a screenshot and drag it into the message window. [image: 1562060746874-screenshot-2019-07-02-at-10.45.27.png] [image: 1562060761436-screenshot-2019-07-02-at-10.45.00.png] [image: 1562060810711-screenshot-2019-07-02-at-10.43.50.png]

New update on my own experience. We had a storm in our area take out a bunch of trees and we had a momentary power outage. Coincidentally (or not) a few hours after this, my monitoring IP on my ISP's network decided to stop responding to pings completely. This is after months of doing so reliably. My traffic was still working since I disabled automatic failover due to issues I'm having with my backup gateway (another story). But long story short, go with @NogBadTheBad setting of using Google DNS (8.8.8.8) for the monitor IP. One way or another Google DNS should respond to ping reliably. In my case, I think my ISP may have routed traffic through a different path, maybe due to the storm taking out the part of it I was trying to ping? I have no idea but it was very coincidental.

@SipriusPT said in How to block IP conflicts automatically: There are devices where NICs needs to be reconfigured manually in production site, and also some computers need to have administrator rights to run certain types of programs. While that certainly used to be the case, many programs that require those rights now ask for them. You then have the needed rights in that app only. In the Linux world, we know better. We normally run as users, not root. While some apps require root privilege, they prompt for the password. It's very rare to actually log into a system as root. In my work, I have often had admin rights, as I needed them to change network settings, but that sort of thing should be limited to only those who understand the risks.

Yup testing to the firewall using iperf3 at those speeds will almost always be bad. pfSense is not tuned at all to be a TCP endpoint and the iperf3 version in pfSense/FreeBSD seems to most give worse results anyway. It's is however still a very useful test at 1Gb or below. If you're seeing 20Mbps downloads at clients behind the firewall you can test from the firewall to the client and from the firewall to some public iperf server and quickly prove where the problem is. At 10G it's useful for proving the connection is good only. You will never see 10Gbps to/from the firewall directly. At least not currently. Steve

If your cable 'modem' has a firewall function it's probably a router and has a dhcp server. Enabling that is probably easiest. Steve

Hi, I have this same problem with Telstra SIP and pfsense. Outgoing calls work but incoming calls don’t work. Packets seem to get to the WAN interface of pfsense, but go no further. I will try another firewall in the next few days to confirm that it is indeed pfsense that is causing the issue. Then I will go back to pfsense. Tried just about everything I can think of. Cheers Chris