How can we allow ftp protocol for my users. Or do us all (ISP, hosters, your clients) a favor and switch to SFTP for file transfer. And no, I'm not talking about FTP/S (FTP with TLS/SSL encryption), but SFTP (subset of SSH service). It is SO much less hassle. FTP as a protocol is just a giant PITA. If you have to, check you don't have a far too big passive ftp port range so you don't have to open up some thousands and thousands of ports.

Normally this should be completely transparant and no changes required with the default pfsense rules. The PFsense box is not aware of your VPN, it' just TCP(or UDP) traffic that is forwarded. Nothing more.

@Harvy66: Lagging is a result of bufferbloat. While trying to figure out how figure out what ports common game servers use, enabled Codel Active Queue on your firewall queue. I thank you for your reply, but, honestly, what will 'Codel Active Queue' do with my problem? as for an example, I have an online Game "XYZ", but they don't provide game port(s) as they are paranoid that it will attract/invite DDOS :(. I have pfSense traffic rules configured, lets say people are playing DOTA 2, League of Legends or Heroes of Newerth while doing streaming/browsing on my LAN and the ping rates are 'acceptable' because of the traffic rules I have created and these Games provide either directly or indirectly with the correct port(s) to configure. If Game XYZ port(s) are not determined, it will ultimately goes to the default queue (unless otherwise they use same/similar port(s) of other game servers), of which I have configured with less bandwidth. Once again, I am really sorry as I don't get the whole picture enabling "Codel Active Queue" for this.

So the neighbors keep shutting off the lights in their living room.  Could you help me stop them from doing this, my microwave model is LG 100, it was made in 2014 and has buttons on the front with a table that spins in the middle.

Lots of in/out errors. The issue seems to be with the modem configuration, my ISP always gave instructions to go full duplex. However setting the ports to auto negotiate pfsense will set it to half. And look here. Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Signet (81.xx.xx.xx)... Selecting best server based on latency... Hosted by SIT Internetdiensten B.V. (Voorthuizen) [74.82 km]: 11.25 ms Testing download speed........................................ Download: 44.15 Mbit/s Testing upload speed.................................................. Upload: 47.31 Mbit/s Seems like the ISP either changed their config without informing or has an configuration error. Thanks for the help anyway! Seems that because my laptop was on auto negotiate it did not have this issue and it caused me to think the issue was with the configuration of the pfSense.

That you think you switch is your problem is maybe why your having issues. If this is production use stable version of unifi controller and firmware.  And then lets troublehoot what wifi issues your having if any.

Aye, that's what I assume. As to why I'm stuck, as it doesn't "crash" every time (as if that whole thing wasn't crazy enough already)

Blocked from where to where? Link local is just that: Link local. Link local traffic on the local subnet does not use the firewall at all, nor can it be routed.

@johnpoz: sure that should work. As to trunk depends on how many interfaces you have in pfsense?  If your going to connect a port from switch that is in in each vlan on switch you don't even need to setup vlans on pfsense, only the interfaces.  your switch is doing all the vlan stuff. If you only have 1 interface in pfsense and are going to create the vlans on that physical interface, then yes you need a trunk to that interface from your switch and pfsense will figure out what packets are what based on the tags. i have 3 interfaces wan ( connected to my ONT/modem) lan (switch is connected to this one) opt1( nothing connected just an extra NIC card i had) Sorry im not fully grasping what your saying i plan on having 3 vlans on my switch unless i can connect my AP to my OPT1 and have that be its own VLAN type of thing then i will only have 2 vlans on my switch. what i picked up is if i connect a ethernet cable in each of my vlans to its own interface on pfsense then i dont need to configure VLANS on pfsense but if i plan to only use one cable from my Pfsense to my switch then i do need to trunk the VLANS?

Thanks. Just the info I needed.

The closest you'll see at the moment is how things are now: 2.3.3 is not that far off 2.3.2, but they pull from different package sources. If a package change is pushed to RELENG_2_3, it will be available on 2.3.3 and not 2.3.2, so that is good for development and testing.

We have a 2.3.2_1 release in the works for that. Though we've looked over the list of issues and the only one that appears to be relevant in any significant way is the OCSP issue, and that would only be a potential problem if you have HAproxy or FreeRADIUS configured in a way where they would answer OSCP queries on behalf of clients.

I found the fault on this one. if a domain is added to the bypass list that does not exist, it will stop working, probably a bug.

On Firewall > Rules, Faculty pass traffic to Laboratory. https://doc.pfsense.org/index.php/Firewall_Rule_Basics https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

ntopng has the data i want, but I can not see how to extract it with a command to include the data in the email report, ntopng  cli manpage just looks like configuration options, not extraction options. any ideas?

sorry man, it was about 2am, just before I went to bed.. thanks again for everything.. will let you know when I am ready for the stratum 1 setup.

I bought brand new J1900D2Y ITX server board. Also I have UPS connected via SNMP. I think it's possible to do some scripting on NUT side to select desired modes in PowerD, but I am not sure if this really necessary, may be there is some trick on pfSense/freebsd side?

"Unbound" is a play on "Bind", another DNS server. I guess I'm with you wondering if something is hammering the server when the portal is enabled. Try a packet dump.