@hrohibil said in Two separate LAN cards?: 4 GB DDR3 Probably indicates a 64bit CPU.

yeah half-in IPv6 can introduce delays like that. Disable the DHCP6 server on LAN Edit LAN and change IPv6 track interface to None. Edit WAN and set IPv6 to none. Alternately, and probably preferably, get with the ISP regarding where they are in IPv6 deployment and get it all turned up correctly.

So yeah it was only 1 computer. A reboot fixed it.... all is (as close to) normal as it can get. Hectic morning. Nothing to see here. Thanks for listening to my craziness.

You may have triggered SSHguard if you tried to login and failed several times. You should still be able to SSH from some other IP if that was the case. SSHing from some other device in the same subnet should work even if it list routing info for example. Do you have a config backup? Steve

I would bounce them all. Bounce the cable mode first. After it comes back up, bounce pfSense. Check to see if it picked up an address.

Yeah, both those things^ Doing this in stages may introduce further issues. If you start out with pfSense behind your existing router and move your IoT devices onto a new subnet behind that you would not be able to reach them from devices on the original LAN for example. That may not be a problem. You could do it the way around and start out by putting pfSense in place with your existing router behind it but there will be down time. If you don't have separate wifi access points you might want to do this: https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.html What sort of VPN will this be? For accessing resources behind the firewall when you are remote? Steve

You want to redirect to /dev/null? Or to the system log? Steve

You should not have to do anything. DHCP will assign your WAN address, subnet, and gateway. Your firmware version looks ancient compared to mine. I would start there. https://motorolamentor.zendesk.com/hc/en-us/articles/216091737

@signalz said in Switching to ZFS: In my experience, ZFS is a little faster to update and upgrade, and RAM usage is a little higher. In your case, I don't think you will see performance problems as all those plugins are not produce much system load. However, I don't think there is much benefit to using ZFS at this time. There isn't anything in the UI to report on or configure it. Thanks for that... I use ZFS on FreeNAS, so I have no problem logging in via SSH to check on something. My main reason for being interested in ZFS is to be able to roll back if an upgrade goes bad. I'm eventually hoping to graduate to Snort or Suricata, but haven't had the time to scale the massive learning curve to configure it. I had Snort running but it really wasn't doing much except filling log files at the time. Anyone using Snort/Suricata with ZFS on a "smallish machine like a J1900?

That's not entirely true. We have back-ported patches previously if they are sufficiently important. It's very inconvenient doing so though, any move away from stock FreeBSD introduces additional technical debt at every pfSense release. That's something we are very much moving away from. Steve

That would be great story for sure! So found a new customer to support, yeah they were sending out shit traffic that my firewall blocked.. So I contacted them about it - now I provide their IT support... heheeheheh That for sure should be posted somewhere... How monitoring your firewall logs can find you new customers ;)

@wesleylc1 There should be nothing to set for basic telephones.

OMG LOL! Now the stupid thing works. I had typed in my password incorrectly a few times yesterday and now im wondering if the site auto ip banned me for 24hrs... I was really at wits end because the connection was being refused by anything behind my pfsense vm but still worked fine from my cell phone. so yeah i guess we can say this is solved now lol sucks because when i posted this it still didnt work and i was out of troubleshooting ideas.

I'm having the same issue, trying to find a way to get it working. Had a look at the link above and it's not really helpful. Just other ways to cast. I did some digging and debugging and I'm guessing it's some port or transmission being blocked somewhere. Nothing comes up in the firewall logs as being blocked though. Did you ever get to a proper resolution for this?

I know, our software uses xml for backup and restore too. I'd probably say the same to our customers. I'm just a little surprised pfsense can't handle a well formed but partial xml for restore. Anyhow, thanks for the insights.

yup... that is all you need to do. edit: for the next guy that finds this thread... I will post up screenshot of the rule [image: 1565981287525-tracerouterule.png]

Thanks for the reply, I'll test the suggested changes now, we'll leave the Nic optimization last I think. I'm using 2 x Intel i210 nics btw, forgot to mention that. I should also add that I tried to add a traffic shaper directly to the WAN and LAN interface with CoDel as the QMA (Instead of using limiters, clicking on "By Interface" In the traffic shaper page), I get nice throughput of 880 Mbit/s with the bandwidth set at 960 Mbit/s (may be bottlenecked a bit then). Unfortunately this way all the traffic going out of the LAN is also limited and queued using CoDel, so if using VLAN this is not a good idea... Really wanted to make this work without doing that. If I apply the CoDel queuing system to the WAN interface only, only the traffic coming from WAN (Downloads) is limited and queued by CoDel. Hopefully this is a clear enough explanation

Note : my last image concerns my own mail server - using port 465 - thus smtp over SSL and cert checking on both side. All this is unknown for MSN/Hotmail/Outlook. Btw Google (gmail) dropped submission (= '587') usage and stepped over to 465 a long time ago.