Hi Steve, thanks for the hint regarding tweaks for the Zotac Boxes. I stumbled over the threads regarding the Realtek NICs of these boxes. After reading a bit in this thread https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release/138 I found hints in my logs, that this could be the problem in my case. So I installed the Realtek driver and give it some time... Thanks again and best regards! Meson

@rafthebee , Did your try to create a pass rule to allow LAN3 to talk LAN1? Make sure the protocol set to ANY and the rule is above other rules and don't forget to apply changes.

Thanks

i upgraded to the newest version of that beta thing... now im stuck in a boot loop :( i´ve reinstalled the whole box. i will try all that stuff this weekend. i hope i have time for it xD

and thanks to be accurate on answers

Hmm, well I would retry until you are able to connect to something closer to you. iperf.scottlinux.com works for me (although that's actually no-where near me ) You should run the test in both directions and use multiple streams so: iperf3 -c iperf.scottlinux.com -P 4 and iperf3 -c iperf.scottlinux.com -R -P 4 Steve

@kiokoman said in How take out configuration file from corrupted disk ?: from console if you are able to get there, mount a usb stick and copy the file ? Thank You for help! This is the first tough that come in to my head after I push "Post" button in this forum :)

@kiokoman thanks for the reply! I have it working perfectly from LAN to LAN. When I place the same server directly on a WAN IP address, with UFW disabled on the NFS server, I cannot mount it from my ESXi host which is on the LAN. -J

It should install as an additional tab in VPN > OpenVPN. I assume you found it?

@justice41 said in VLAN subnetting: considering only few hosts would take one network, seems its better just to make subnets. True.. I applaud your wanting to use appropriate sized networks. Then again rfc1918 is HUGE.. For any single location.. So what does it matter ;) Unless for some reason your limited to this 10.10.11/24 for some reason. You can chunk up your /24 anyway you like in whatever sizes you want.. You could break them up into /30s if you so desire.. But you need to chunk them up so that your subnets don't overlap ;)

@negate1 Are you referring to WiFi? This is somewhat a large network, with almost a thousand clients connected to Pfsense. Pf is acting as an edge network loadbalancing 4 WANs. Behind Pfsense is an OSPF network with several subnets. An IP in one of the subnets need to follow a schedule where there are times in a day that we need to block from accessing Internet. It is just a simple block rule with a schedule. After we applied the rule, Pf is disconnecting all clients in all subnets every 15min but reconnects them immediately. This is unnoticeable in most internet activities except games and voip. We disabled the rule and everything is back to normal. Is this something a cron job not doing as intended?

@johnpoz Thank you for the clarification

@stephenw10 said in Can't no access to some websites: Because it's statically routed so it may behave differently to a random IP. ok :)

Now my ATV4 has "Fallen in love with 192.168.1.14 TCP:7000" Well i have had it ... Made a deny rule targeting ATV4 -> 192.168.1.0/24 (I dont have that range) , and disabled logging. /Bingo

@viragomann said in Running pfSense 2.4.4 over a KVM VM in PROXMOX 6.1.5.: You will get the best benefits of the processor features, when using host type. This passes all the features of the processor through to the VM, while KVM64 provides only a small amount of common features. For instance, KVM64 doesn't make use of AES-NI, even if your host CPU supports it. with kvm64 you can set extra cpu flags though, including AES. All via proxmox gui.

You could block Facebook using pfBlicker-NG by creating an alias using the ASN for Facebook. YMMV with other Social networks. Or maybe Snort with the openappid-social_networking.rules enabled. [image: 1604395622043-screenshot-2020-11-03-at-09.24.13.png]

@JKnott I was trying to agree with you... :)

I don't think you should create 5 frontends just to access 1 backend webserver, instead you might point the 'internal' DNS to the same public ip where haproxy is already listening.? Or perhaps just point them all to the same LAN1-IP ? Other option might be to create a 5th subnet with a 'virtual' ip-alias 192.168.40.1/24 on the lo0 loopback interface to listen on? That might make your firewall rules a bit simpler..

Hi, now it is working. the second reset as fixed the issue. Thanks