Let's just say that if anyone is imagining: #Switch to layer 7 filtering - firewall_layer=3 + firewall_layer=7 ...then unfortunately they are very very wrong! Steve

Yes, absolutely. Thank you for pointing that out. From the reference: https://www.netgate.com/docs/pfsense/monitoring/filter-log-format-for-pfsense-2-2.html In a remote log, the fifth field is: <tracker> ::= <integer> -- Unique ID per rule, tracker ID is stored with the rule in config.xml for user added rules, or check /tmp/rules.debug I need to figure out how to use that number from my syslog server, to lookup the rule description. So far, I'm closer, now using splunk to run a script: | script pfsenselookup 1000000105 where pfsenselookup.py is import sys import os matchstring=str(' '.join(sys.argv[1:])) os.system("ssh user@192.168.1.1 pfctl -vvsr | grep '^@' | grep '{matchstring}'".format(matchstring=matchstring)) For example, results : @11(1000000105) block drop in log inet6 all label "Default deny rule IPv6"

oh ok cool.. ill give that a shot too well ill tell her or ill practice it when she gives me her faulty hard drive... I did the conf folder and copied my older pfsense setup so hard drive is ready for her just to slide in the hot swap... but ill defently try that step too... I really appreciate the help great stuff (:

@konstanti said in Pass specific IP through to LAN, port forwarding, firewall rules: @akjim 64.4.23.126 !!!!!!! - port forwarding rule 64.4.231.126 - block !!!!! I am an idiot!!! I see that now, and after making the address correction it is working properly. THANK YOU so much for your guidance and assistance!!!

USB Ethernet devices are renamed ue0, ue1 etc, yes. It's not desirable to stop checking for them though. That is a physical interface. If it is assigned in the config and not present on the system the firewall should stop and ask the user how to proceed. Not doing so ends up in an unknown situation or potentially something worse like if you had multiple ue interfaces and one is unplugged you could start sending private traffic out of the remaining one if that became a different interface. The other interfaces in that list are those that built on top of a different physical NIC and may not have been created yet at the time of the check like ppp or vpns. There is no good way to handle this unfortunately. If the modem is in Ethernet mode you have to do something like this to avoid boot failure. If it's in PPP mode pfSense has no problem with the interface or device disappearing but the speed is limited to 3.5G (ish). It would be great to be able to use one of the other methods like MBIM but there is no driver in FreeBSD, yet. https://man.openbsd.org/umb.4 Steve

Um... yeah that would not have helped at all in this case. Traffic to any ftp server was already allowed and passing. Steve

Because the proxy allows traffic on those ports? You can always block it on the firewall. Steve

@jashaw30 that's all you've ever needed since that changed that you no longer need to use their kit. dhcp-client-identifier "woteveryouwanr@skydsl|woteveryouwant"

For connecting new devices I have separated two ports on my switch into a single dedicated VLAN. So I connect the new devices to one of these ports and patch the Ethernet connection of one PC to the other port, this way they are in their own L2 and can't impact the network. Another solution is to use a Laptop and connect a new device there first for setup purposes. Just don't connect a device with unknown/conflicting settings to your production network.

@gertjan said in Need to enable Rules to allow UniFi based Captive Portal Page?: If you pass some time with the acme package you could learn it to obtain a free of cost (that is money, not your time) wild card cert. Hey thank you for this info will look at the package for sure.

It's possible to workarounbd this using outbound NAT on the internal interface but it's ugly: https://www.netgate.com/docs/pfsense/book/loadbalancing/troubleshooting-server-load-balancing.html#unable-to-reach-a-virtual-server-from-a-client-in-the-same-subnet-as-the-pool-server Steve

No, I can let you know we have assisted several ISP's at the support desk.

@johnpoz said in Dynamic dns for local (not exterior) ip?: @jknott said in Dynamic dns for local (not exterior) ip?: I think this forum needs an emoticon for "WTF?". Hehehe I agree - what do you think this would look like exactly? [image: 1549052899360-wtf.png] Yep, that's exactly what we need.

+1 on blaming Realtek NICs. I built a machine in the past two years that had Realtek NICs (horrible oversight on my part). Put pfSense on the box and it locked up randomly requiring a reboot to resolve the issue. No log entries or anything else. I also put VMware ESXi onto the same box and had it purple screen a few times (even with injecting an in-line patch to support the NICs). IMHO, newer Realtek NICs can hang your box w/o logging issues in the OS. Avoid at ALL costs.

No problem - great that you mention such an issue for sure. Now back to our original programming ;) Can you put in some details of how your doing the speed testing - and maybe now you should retest since its not impossible that the virus/whatever was eating up some cycles/bandwidth edit: Seems I confused you with the OP hehehe... Thanks for the PM to mention that.. So we are still waiting for the details of the OP and how they did their testing. @Raffi_ so what are you running pfsense on and are you seeing your full bandwidth.. Is it gig? ;)

It's a default table that is usually populated with local networks that need to bypass policy routing (e.g. LAN to LAN2/DMZ type traffic). It could be empty if you only have one local interface, or if you don't use policy routing.

@penguin-nut said in pfsense WAN on private network: Disable hardware checksum offload FYI, documented at https://www.netgate.com/docs/pfsense/book/config/advanced-networking.html?highlight=xen#hardware-checksum-offloading

@jknott I'm not going to jump the gun but I think I found it. I'm using Home Assistant for my home automation and inside it I have setup trackers for devices. I ping the devices and if they do not respond I send a message to my phone telling which device is down. In my code I was still pinging those old IP's. Lets hope that was it. Thank you so much for your help.