OK, thanks a lot. I will reduce the RAM size.

Mmm, OK reviewing that I guess that even though you have not set static source ports specifically you have set the source port to match and the translated source port to the same value which will effectively make it static. That's the wrong way to do it though. Setting the source IP as any will catch traffic that should not be NAT'd and break things. You should set OBN to hybrid mode and then add one rule only with the source IP as the internal phone and static source set. Steve

@stephenw10 said in Switching providers and pfSense configuration: Draytek has a g.fast modem coming out that will likely be cheaper and better since the MT992 is locked down. No diag info. If they are actually offering FTTH in your area it's a whole different ball game though. Steve I'll have a look at that option. Thank you once again!

Packet captures generally don't lie.

Thank you for the explanation; makes sense. In essence the RAM disk allocation has moved from a "thin" provision to a "thick" provision. And yes, I know the disks are considerably larger than I need, especially since I send everything to a remote syslog, and the local logs are capped. I did it because I have a lot more RAM in the system than I really need, and was still wondering what extra data and/or graphs I could capture. If I ever find a need to run something that needs RAM I will reduce these values as needed.

Then you don't have the proper provisioning to route the subnets to interfaces behind a router. https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html#multiple-ip-subnets It doesn't sound like you are 100% on what it is you have there. I would read that first link in its entirety.

There is no setting for that in the GUI because generally speaking it's a terrible idea. There are a few threads here on the forum discussing it but highhly recommend you don't read them! Automatically updating without reading the release notes etc opens you up to the possibility of the firewall updating and rebooting at some inconvenient point. And at worst failing to reboot because of some required manual step that didn't happen. Now imagine how bad that might be is you're remote from the firewall and using it for VPN etc.... Subscribe or check the blog to get update announcements: https://www.netgate.com/blog/ Steve

@stephenw10 said in pfSense for 2 LANs: Yup, you can't do that in pfSense. Then I would setup pfSense between the switch and CentOS and configure is as routed only, no NAT, do CentOS can see the real source IP of clients. And to avoid double NAT which is bad in general. Steve Yea, that's what @viragomann suggested me. Next week I'll buy a new switch VLAN capable and do this. Thanks for now.

VBox on a desktop works well for a test like this. I used it for years until I got Proxmox setup. Steve

@anis_ferchichi said in barnyard is no longer exist: barnyard Hi, Recommend to your attention (from @bmeeks) : https://forum.netgate.com/topic/154632/attention-barnyard2-users-for-snort-or-suricata-please-read-this-notice?_=1606476384817

Ah, good to hear. Thanks for reporting back.

@jimp Yes would love this feature as wel. Tested it and works really fast en easy to setup. Timeline even for beta release would be great. OpenVpn has so much overhead, and just does not meet the speed requirements with low(er) end hardware.

@stephenw10 For me, just unplugging and reconnecting the WAN cable was enough to cause the change. The last time my prefix changed was almost 2 years ago, when there was a problem with the CMTS at my ISP.

@stephenw10 P.S. in case I did not imply it, Thank you for helping me. If you're ever in Illinois, I'll buy you a $drink

Yes, I understand. The goal of resetting the state table after enabling the rule is to understand whether the rule is not matching the traffic or you are not killing the required states when you kill them individually. It's probably the latter since it's very easy to use a filter expression against the state table that cannot be used the kill states. Steve

Opened a feature request: https://redmine.pfsense.org/issues/11102 Add a comments there if more is needed. Steve

Also just an FYI. I ran a file check 4 times and it came back clean everytime. It appears if I run a file check then reboot. PFSense will reboot just fine and obtain an IP. But if I don't run a file check, more often then not. It will not obtain an IP until I reboot like 4-8 times in a row.

I have seen that before if the firewall is under significant DDoS attack. It logs every blocked connection by default but you can disable that by unchecking Log firewall default blocks in Status > System Logs > Settings. Or by adding your own block rule on WAN without logging enabled. That leaves other blocked traffic still available for troubleshooting. What are you seeing in the logs currently? Steve

It's probably because you're sending all your traffic across the VPN, including the registration from the plex server. You probably want to exclude the plex server from the policy routing so it just uses the WAN directly. Steve

@ramses-sevilla said in Where are log files system / openvpn / firewall saved?: Do you know where are saved all log files? Here : [image: 1606133392678-4adabe7f-662f-4121-a70f-79ea8df481e5-image.png] Or here : /var/log/ ( as any othor unix/linix/freebsd/openbsd/etc OS) Note that : @kiokoman said in Where are log files system / openvpn / firewall saved?: 2.4.5 use a binary circular log format known as clog to maintain a constant log size without the need for rotation is a silent hint that explains the need of a quick Google lookup. Or reading the pfSense manual. As https://docs.netgate.com/pfsense/en/latest/monitoring/logs/manage.html or https://docs.netgate.com/manuals/pfsense/en/latest/the-pfsense-documentation.pdf page 139