You should not have to do anything. DHCP will assign your WAN address, subnet, and gateway. Your firmware version looks ancient compared to mine. I would start there. https://motorolamentor.zendesk.com/hc/en-us/articles/216091737

@signalz said in Switching to ZFS: In my experience, ZFS is a little faster to update and upgrade, and RAM usage is a little higher. In your case, I don't think you will see performance problems as all those plugins are not produce much system load. However, I don't think there is much benefit to using ZFS at this time. There isn't anything in the UI to report on or configure it. Thanks for that... I use ZFS on FreeNAS, so I have no problem logging in via SSH to check on something. My main reason for being interested in ZFS is to be able to roll back if an upgrade goes bad. I'm eventually hoping to graduate to Snort or Suricata, but haven't had the time to scale the massive learning curve to configure it. I had Snort running but it really wasn't doing much except filling log files at the time. Anyone using Snort/Suricata with ZFS on a "smallish machine like a J1900?

That's not entirely true. We have back-ported patches previously if they are sufficiently important. It's very inconvenient doing so though, any move away from stock FreeBSD introduces additional technical debt at every pfSense release. That's something we are very much moving away from. Steve

That would be great story for sure! So found a new customer to support, yeah they were sending out shit traffic that my firewall blocked.. So I contacted them about it - now I provide their IT support... heheeheheh That for sure should be posted somewhere... How monitoring your firewall logs can find you new customers ;)

@wesleylc1 There should be nothing to set for basic telephones.

OMG LOL! Now the stupid thing works. I had typed in my password incorrectly a few times yesterday and now im wondering if the site auto ip banned me for 24hrs... I was really at wits end because the connection was being refused by anything behind my pfsense vm but still worked fine from my cell phone. so yeah i guess we can say this is solved now lol sucks because when i posted this it still didnt work and i was out of troubleshooting ideas.

I'm having the same issue, trying to find a way to get it working. Had a look at the link above and it's not really helpful. Just other ways to cast. I did some digging and debugging and I'm guessing it's some port or transmission being blocked somewhere. Nothing comes up in the firewall logs as being blocked though. Did you ever get to a proper resolution for this?

I know, our software uses xml for backup and restore too. I'd probably say the same to our customers. I'm just a little surprised pfsense can't handle a well formed but partial xml for restore. Anyhow, thanks for the insights.

yup... that is all you need to do. edit: for the next guy that finds this thread... I will post up screenshot of the rule [image: 1565981287525-tracerouterule.png]

Thanks for the reply, I'll test the suggested changes now, we'll leave the Nic optimization last I think. I'm using 2 x Intel i210 nics btw, forgot to mention that. I should also add that I tried to add a traffic shaper directly to the WAN and LAN interface with CoDel as the QMA (Instead of using limiters, clicking on "By Interface" In the traffic shaper page), I get nice throughput of 880 Mbit/s with the bandwidth set at 960 Mbit/s (may be bottlenecked a bit then). Unfortunately this way all the traffic going out of the LAN is also limited and queued using CoDel, so if using VLAN this is not a good idea... Really wanted to make this work without doing that. If I apply the CoDel queuing system to the WAN interface only, only the traffic coming from WAN (Downloads) is limited and queued by CoDel. Hopefully this is a clear enough explanation

Note : my last image concerns my own mail server - using port 465 - thus smtp over SSL and cert checking on both side. All this is unknown for MSN/Hotmail/Outlook. Btw Google (gmail) dropped submission (= '587') usage and stepped over to 465 a long time ago.

https://docs.netgate.com/pfsense/en/latest/book/monitoring/system-logs.html https://redmine.pfsense.org/issues/8350

There is manual how to do backups remotely https://docs.netgate.com/pfsense/en/latest/backup/remote-config-backup.html This can be used as first step to do automated login, but all other steps must be scripted by you.

@hrohibil said in Which firewall to pick: -Ubiquiti USG -Ubiquiti Edgerouter 4 -Netgate Pfsense SG-3100 Show down : https://www.youtube.com/watch?v=bK2_ROQrMcM ( just an example - way more videos exist )

Thanks @stephenw10 we'll keep looking and post post back if we find a good method of of doing this in conjunction with pfSense Hass

yes this what i was hoping to be able too do is too have one captive portal at the server end and have all the internet traffic go back to the remote modem. what i have running now is that the captive portal has an ad server on the server end were clients would click on an ad or info and get internet access were the ad would full in the login info in the captive portal would that still work at the remote location as all of the traffic would be coming to the server end? also at the server i've got the captive portal doing a redir to a webpage were the client would have to click on tab to get the captive portal page to come up then they could click on an ad to get internet access. would this work if i set the remote as a stand alone

@KOM I have a Qotom Q355G4 which has 4 x Intel I211-AT- 10/100/1000 Controller. Tried both 2.4.4_3 and 2.5 (which is running now) for PFSense. As for other equipment in the network I have a Unifi 8 port PoE switch and a Unifi AP AC Pro running off of the switch, @stephenw10 said in pfsense dropping LAN clients whenever WAN is saturated or PFSense settings are changed: What does the system log show when you make a change that drops everything? Steve The only thing of interest I can find is it seems DHCP service is completely restarting everytime I modify settings related to ports, interfaces, client leases, or FW. There's nothing in the System tab being logged when this happens. Whenever I saturate my WAN, nothing appears to be logged on the PFSense instance. I should note that if I wait a little bit (have not measured exactly how long) it appears the connection comes back on its own, but this can be accelerated by dropping and rejoining the network. Interal pings to my VLAN gateway take up to 100ms but everything is still reachable under load. Nothing gets logged when connections are dropped due to load. @marvosa said in pfsense dropping LAN clients whenever WAN is saturated or PFSense settings are changed: @holojack said in pfsense dropping LAN clients whenever WAN is saturated or PFSense settings are changed: Oddly this seems to also happen whenever I saturate the download of my WAN (100/100 symmetric fiber). During load like downloading a game, I will see ~20ms pings to my internal GW and ~50ms pings to google with about 10 percent packet loss. After a long enough sustained download I will lose connectivity on all machines on the LAN and have to reset all of them. During both of the above I cannot ping internal or external machines nor reach the WebGUI. I have looked over the logs in the WebGUI and nothing stands out to me. Here is what I have tried to fix this: The issue of your machines getting kicked off line upon simple configuration changes sounds strange. Is it possible you've found a bug, sure, however, I can tell you I've been using PFsense since 2009 and every issue I've ever had with it has been hardware related. We have no details about your network, but having increased pings to an external host with a saturated WAN link is normal. However, the only way you should see increased pings to PFsense while saturating a 100 Mbit WAN is if you're using 100 Mbit NICs and a 100 Mbit switch on your LAN. As far as the issue of not being able to ping internal hosts when you're downloading at max speed, traffic between internal hosts on the same subnet do not traverse the firewall, so your issue lies somewhere else. My suggestion, make no assumptions about anything. Assess both your PFsense hardware and your switch, assess all NICs, assess cabling... those are all in the data path and all points of failure. Unifi controller and PFSense are both reporting 1000/1000 full duplex on all ports. Also I may have misspoke, but I can only noy ping internal hosts when my connections are dropped.

@stephenw10 Don't get me started. I'll just leave instructions to hit everything with a hammer. Let me tell you about My Everex Cube, circa 1992, Full-house, 64MB RAM, 2! 2GB SCSI drives and SCSI CD, 486DX2-66 upgrade!, $10,000 new... Hey, where ya going...? LOL