General pfSense Questions

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

A

Copyright..bla bla

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

285 Views

A

ok thanks, now it is clear...
R

Howto filter Firewall log using regular expression

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

854 Views

S

Just remove the spaces, so: !(wan|lan) Or (opt1|opt2) if those are the interfaces you want to see hits on. Steve
O

Blocking bittorrent on one client

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

239 Views

J

If you do not have a policy against it, then how do you think its ok to block him or throttle it? Step 1.. Create you use policy!
M

PPPoE link dying after 2.4.4_2 update

Watching Ignoring Scheduled Pinned Locked Moved pppoe
14

0 Votes

14 Posts

2k Views

M

I haven't tried across subnets yet, I'll have a look at that next time it dies. Thanks again for everyones help so far.
T

[SOLVED] What would trigger this info popup?

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

924 Views

S

@superweasel said in [SOLVED] What would trigger this info popup?: Thought I might have been hacked. Me too
E

pfSense randomly freezing

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

2k Views

E

@JKnott I left memtest running a few days after I moved pfSense to APU, it found no problems (and didn't lock up). The old board had ECC RAM, too, and there were no errors logged in IPMI.
T

Intel X553 and Wake On LAN support

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

554 Views

J

Setting it via ifconfig ix3 wol (FreeBSD) would only matter if pfSense was putting the device to sleep or a low-power state, which isn't going to happen. If the device is powered off, that's entirely between the BIOS and the NIC, nothing to do with the OS.
Z

Two or more pfsense boxes

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

690 Views

M

having a prod and a test/dev FW can be good.
P

Another IGMP proxy post

Watching Ignoring Scheduled Pinned Locked Moved
23

0 Votes

23 Posts

3k Views

S

@pr3dict Thanks to meckhert on the unifi forum I've now managed to solve my hdhr problem by installing socat on a raspberry-pi that I already had on my private LAN. On the raspberry-pi I created and enabled a simple systemd service for socat so that it auto starts using the command meckhert listed. 192.168.100.17 is the IP of my hdhr on my IoT network. socathdhr.service: [Unit] Description=socat hdhr After=network.target [Service] Type=simple User=root ExecStart= /usr/bin/socat -d -d -v udp4-recvfrom:65001,broadcast,fork udp4-sendto:192.168.100.17:65001 Restart=on-failure RestartSec=10 [Install] WantedBy=multi-user.target I hope this helps.
E

Pre install Question

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

447 Views

A

@EricHamby said in Pre install Question: @akuma1x You take one of the lan ports, share the connection so it send the signal to the switch. I still don't know what that means - share the connection. In my attached example picture, this pfsense box only has 2 ports - WAN and LAN. You would plug the WAN port into an available port on your modem, and the LAN port goes to your switch.They are 2 separate ports, going to 2 separate devices. Jeff [image: 1555349802491-sg-2220.png]
T

Best practices to configure pfsense?

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

798 Views

A

@johnpoz said in Best practices to configure pfsense?: To be honest for stable working pfsense would be leave it at default, unless you actually need to change something and you understand what your doing... Agree with that! Also, to the OP, something you should NEVER do is open port forwards to the "general internet" for servers or services on your internal network(s). Some hacker/cracker will eventually find it and exploit it, guaranteed. If you have internal stuff you want to access from the outside, use a VPN provider/service and remote into your network that way instead. Also, if you do need/want to create firewall rules to move traffic around your network, it's best to add them 1 at a time and test to make sure stuff works. If it does, you're good. If it doesn't, start looking for answers. Lots of info is on the web and here in the forums. Jeff
C

DUCKDNS Pfsense Using VPN IP Address not ISP IP Address

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

2k Views

S

@choder said in DUCKDNS Pfsense Using VPN IP Address not ISP IP Address: I guess this means I have to many devices... Ha, could be!
P

Packet loss and high ping

Watching Ignoring Scheduled Pinned Locked Moved
10

0 Votes

10 Posts

3k Views

P

@Derelict Thanks so much for the tip, I still have my old edgerouter lying around, I'll set it up as you said and see what happens. @stephenw10 I checked the graphs, and it seems that the pps actually seem to dip before the ping spike, strange. Thanks all for the advice so far! I'll have enough to go on for now and will contact my ISP with my findings next week.
L

Atom issue? Unfortunately we have detected a kernel crash (panic)

Watching Ignoring Scheduled Pinned Locked Moved kernel panic crash atom bug c2000
5

0 Votes

5 Posts

1k Views

S

That looks like a hardware issue but it's still processing. It's something different. Steve
S

SG4860 alert message "Cannot allocate memory"

Watching Ignoring Scheduled Pinned Locked Moved
13

0 Votes

13 Posts

1k Views

D

Yeah if you are loading another 200K rows you might have to increase that value. It is in System > Advanced, Firewall & NAT, Firewall Maximum Table Entries 400K is enough by default. With your extra 200K I'd try 600K
L

Add New Interface for all my IoT devices and DMZ - no Internet access

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

1k Views

S

Unless you have other devices in the actual WAN subnet you need to reach you probably don't want that LANnet to WANnet rule in LAN. If you want to allow access to only the internet from DMZ I would include pass rules for DMZnet to DMZ address for UDP port 53 and 123 to allow clients DNS and NTP access. Then a deny rule for destination 'This Firewall'. That would prevent DMZ clients accessing the pfSense webgui and other services using the WAN IP. Steve
O

Why does Traffic shaping on my pfsense box affect clients differently

Watching Ignoring Scheduled Pinned Locked Moved
7

0 Votes

7 Posts

624 Views

O

@tman222 thanks alot
E

Trying to achieve this with VPN...

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

391 Views

S

Neither OpenVPN or IPSec can do that without any config at the server end. However OpenVPN is far easier. Put all the remote client subnets in one large super-net and set that as the remote subnet in the main server config. Then add client specific overrides for each client site with the actual subnets set. When you add a nee client you will need to setup a new client login at the server and add the CSO for it. Steve
J

Interface Statistics Question

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

160 Views

No one has replied
N

Restore weirdness

Watching Ignoring Scheduled Pinned Locked Moved
12

0 Votes

12 Posts

1k Views

N

@stephenw10 I took your advice and opened a ticket and in less than an hour the config backup from the pc was converted, sent back to me, and restored to the XG-7100 (maybe 30 minutes). So very cool! As a plus I am learning a lot from the converted backup file that Vladimir sent to me. Thanks!

1
2
441
442
443
444
445
1337
1338

443 / 1338