@colonnesel said in Need to allow access to specific corporate network IP from guest network: Rookie mistake Not sure I would say that - it does come up quite a bit around here to be honest.. Quite often users policy routing and wondering why they can not get to some other vlan, etc. I honestly have no idea why I would've thought that to be honest because it makes no sense. Huh - if you understand how the rules are evaluated, and how policy routing works then its quite clear that if you forced traffic out a gateway that can not get to where you want to go.. you wouldn't be able to get there.. To be honest I would be disappointed if I had a rule that said use this gateway, and this was first in my rules, and it didn't send traffic down that gateway even if there was another route.. If that is how it "should" work per what @stephenw10 has mentioned. That really should be CLEARLY stated that it will work that way.. Which in 10 some years using pfsense, do not recall it ever doing that with any sort of negate rules, etc. That is what can happen if the gateway your forcing traffic out is DOWN, and you have setting to not use that rule if gateway goes down, etc. But if the gateway is UP, and rule is before another rule - then it should force the traffic out the gateway. [image: 1637352599404-skiprules.jpg]

Sorry, OutBound Nat. Gets tedious typing it every time!

It would be nicer to detect that sort of case but it's highly unusual for anything to have serials like that, since to revoke a cert in the GUI the CA has to be internal to pfSense, and it's rare for anything but pfSense to have created certificates for such a CA. So it's something we could maybe add eventually, but it's not something I'd consider a priority.

@lewis said in Single device vlan: I still need to find a reason to use VLAN to learn about it but my setup is much nicer now thanks to the input in this post. If you put your wifi on a different network than your lan - your already doing vlans ;)

Locking completely with no crash report and unresponsive console starts to look like a hardware problem. Comparing old crash reports, and finding them all different, would confirm it if you could. Steve

Cool. Yeah looks like an issue in VBox then somehow.

Testing either to or from the firewall itself is not a good test as uses significant CPU cycles just to run iperf. To see the real throughput of your hardware you need to test between two hosts on separate internal interfaces. The LACP LAGG is unlikely to make a significant difference. Steve

@johnpoz said in iperf3 server on wan, and client on lan : but how?: @cabledude possible you had enabled shaping/limiting of some sort? Nope, I did look for something like that, but no traffic shaping in pfSense and none in UniFi, at least not for the VLAN my laptop is in. Will investigate some more. Thanks, Pete

See for example: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_NAT_Instance.html#EIP_Disable_SrcDestCheck Steve

@stephenw10 said in New to pfsense. Hardware and setup: There are a lot of variables so I couldn't tell you the exact speed you'll see. Steve Ya that's a given. I know once I get it together it will be time to test, reconfigure, rinse and repeat.

@stephenw10 yes so when it's continuously beeping I hit the reset button on my console and it resets/reboots or whatever and then boots up normally with the boot up jingle.

You should only usually have that checked on an external interface. You should never see traffic coming from a private IP on an interface that has a public IP. The only exception that is if you are double NATed and need to access the pfSense device from a box in the WAN subnet and that is public. Steve

@bugman said in Very basic interface question: When I try to assign a VLAN to a specific port in Interface Assignment I get the error: This Switch port is already in used by another interface. That setting in the main interface config does not configure the switch. Instead that is used to have the VLAN interface status reflect the port status. So for example if you have a VLAN assign as OPT1 and the switch is configured to have port 4 as an access port for that VLAN, you can set port 4 there so that OPT shows as DOWN when port 4 is disconnected. What you need to do to trunk a VLAN to a port is set that in the switch config. Like: [image: 1637192181011-screenshot-from-2021-11-17-23-36-11.png] That will make a VLAN created in LAN, mvneta1.100, available tagged on port 4. You need to be sure to set in the internal port, 5, also tagged as shown there for all VLANs you need. Steve

@stephenw10 I was using GNU/Linux for 15 years. Last year i finally switched to FreeBSD as my daily driver and i never looked back. Linux kernel has become a bloated mess. And unlike modular GNU/Linux nightmare, FreeBSD is a complete operating system in every sense of the word. And i really love their strict RTFM community. And the fact that pfSense is based on FreeBSD makes me very happy.

@bmeeks Appreciate the info, I've already go things going and pretty much completed.

@stephenw10 Thanks for your help here. I actually had created a second P2 but had created it backwards. Fixed that up and now all works. Thanks again, James

@ppal Troll...

Running at the command line pciconf -lv will show you what NICs you have and which drivers they are using. If they are any Intel NIC though I'd expect to see at least close to 1G with that CPU. Check the top output while testing. Steve

I don't use it, so not an expert on traffic shaping. But what you want to do should be possible. There is a dedicated Traffic Shaping Sub-Forum here: https://forum.netgate.com/category/26/traffic-shaping. You might get better answers to your question in there as those folks are generally active users of that feature.

Hello, Just to update about the crashs: they didn't happen again. Also, I've being using Suricata 6.0.3 release since than, and no netmap issues So, I changed my RAM, and tested the old ones: 24H of MemTest86+ and at least 5hrs of GoldMemory (not the best tests, but still), resulted in not a single red flag for them (tested individually), AND I'm using them on other Win machines withouth BSOD or anything in the logs. I already saw RAM tests failing to detect problems, so based on what you explained, I'm assuming that both 1 - the issue with Suricata's Multithreading ring access, and 2 - darkstat, were hitting some intermittent problem, that I could not with tests and other OS. Anyway, thank you for helping me out solving this. Really appreciate @stephenw10 and @bmeeks !