I did a Services / Snort / Update Rules - Force Update and that seems to have fixed it.

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Here's my comments: 1. You are going to be doing double NAT. Once through pfsense, and again through your DSL router. While this work for many applications, it will break some. You'd be far better off to put your DSL router into bridge mode, if possible, so that it is basically operating at layer 2. 2. Using your DC for DHCP and DNS is not a problem. Just configure DNS on your DC to forward unresolved DNS requests to some DNS server that has access to public DNS. You could point it to your pfsense box, or straight to something like google DNS (8.8.8.8) 3. You can access your DSL router's admin page at 192.168.1.254 (provided you haven't put it in bridge mode) by going into pfsense and disabling the WAN check for bogus networks since pfsense, by default, would block access to a private 192.168 IP address on its WAN side. 4. No DHCP relay needed.

Well is your switch config. If your going to put a vlan on your lan interface (eth1) then what is the ID of this vlan?  You configured that switch port to carry that vlan tagged.. What is the native or untagged vlan on the port for your normal "lan" network? So does your dmz also connect into this switch? But sure lets call your lan network using vlan 1, which is common default vlan for managment/data etc..  Then you create a vlan 100.. So switch port connected to eth1 would have untagged or native vlan 1, with tagged vlan 100.  Then if you wanted some device on your network to be in this vlan 100 that switch port would be configured for untagged or native vlan 100 and that is it.

I made a patch for 2.3.2  pfSense version for a CPU temperature graph for the above mentioned old thread. I used a lot of it but changed some things. I am not a programmer so things could be better. ;) This patch is for a quad core N3700 CPU. --- /etc/inc/rrd.inc 2016-08-21 23:05:29.707358000 +0200 +++ /etc/inc/rrd.inc.modified 2016-08-21 23:44:15.376961000 +0200 @@ -242,6 +242,7 @@ $spamd = "-spamd.rrd"; $proc = "-processor.rrd"; $mem = "-memory.rrd"; + $cputemp = "-temperature.rrd"; $mbuf = "-mbuf.rrd"; $cellular = "-cellular.rrd"; $vpnusers = "-vpnusers.rrd"; @@ -274,6 +275,7 @@ $rrdlbpoolinterval = 60; $rrdprocinterval = 60; $rrdmeminterval = 60; + $rrdcputempinterval = 60; $rrdmbufinterval = 60; $rrdcellularinterval = 60; $rrdvpninterval = 60; @@ -291,6 +293,7 @@ $lbpoolvalid = $rrdlbpoolinterval * 2; $procvalid = $rrdlbpoolinterval * 2; $memvalid = $rrdmeminterval * 2; + $cputempvalid = $rrdcputempinterval * 2; $mbufvalid = $rrdmbufinterval * 2; $cellularvalid = $rrdcellularinterval * 2; $vpnvalid = $rrdvpninterval * 2; @@ -733,6 +736,49 @@ /* End Memory statistics */ + /* CPU Temperature */ + /* the CPU Temperature gathering function */ + /* This is for a Pentium N3700 and coretemp which reports 4 cores */ + /* CPU Temp, create the CPU Temperature database */ + if (!file_exists("$rrddbpath$ifname$cputemp")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$cputemp --step $rrdcputempinterval "; + $rrdcreate .= "DS:cpu0temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu1temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu2temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu3temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; + $rrdcreate .= "RRA:MIN:0.5:1:1200 "; + $rrdcreate .= "RRA:MIN:0.5:5:720 "; + $rrdcreate .= "RRA:MIN:0.5:60:1860 "; + $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; + $rrdcreate .= "RRA:MAX:0.5:1:1200 "; + $rrdcreate .= "RRA:MAX:0.5:5:720 "; + $rrdcreate .= "RRA:MAX:0.5:60:1860 "; + $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; + $rrdcreate .= "RRA:LAST:0.5:1:1200 "; + $rrdcreate .= "RRA:LAST:0.5:5:720 "; + $rrdcreate .= "RRA:LAST:0.5:60:1860 "; + $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; + + create_new_rrd($rrdcreate); + unset($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if (platform_booting()) { + mwexec("$rrdtool update $rrddbpath$ifname$cputemp N:U:U:U:U"); + } + + /* the CPU Temperature gathering function */ + $rrdupdatesh .= "CPUTEMP=`$sysctl -n dev.cpu.0.temperature dev.cpu.1.temperature dev.cpu.2.temperature dev.cpu.3.temperature | "; + $rrdupdatesh .= "cut -c-2 | tr '\n' ':' | sed 's/.$//'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$cputemp N:\${CPUTEMP}\n"; + + /* end CPU Temperature gathering */ + /* mbuf, create mbuf statistics database */ if (!file_exists("$rrddbpath$ifname$mbuf")) { $rrdcreate = "$rrdtool create $rrddbpath$ifname$mbuf --step $rrdmbufinterval "; For easy implementation use the "patches" package. [image: CPUtemp.png] [image: CPUtemp.png_thumb]

My 3.1ghz Haswell i5 with an Intel i350-T2 NIC is getting 2Gb/s(1Gb bidirectional) with NAT and traffic shaping out of the box PFSense, while hovering about 10% CPU. If I disable traffic shaping, it's about 5% CPU. When it comes to a firewall, the NIC is the most important part. You must get a high quality one that has good driver support.

This seems to be signal monitoring and statistics collection process. Do not have PPP configured right now, so cannot compare CPU usage.

well yeah your automatic rules would of been natting that source network for you.  You might have been able to just use hybrid since I believe the hybrid rules are evaluated first.

Understood!  Thank you for your in-site and your time!

Probably in the Traffic Shaping forum, where people post questions about the traffic shaper and quality of service.

There's FreeBSD port for sshguard-pf 1.6.4 You could install the pkg from the FreeBSD repo. Not sure how hard it would be to get it working with pfSense.

Status->DHCP leases

Which Networkcard should I use in KVM for the pfSense VM? Intel E1000 VirtIO (Paravirtualized) Realtek RTL8139 VMWare vmxnet3 Thank you!

I'm pretty sure mermen's issue is a defect with the pfSense package for ntopng. The core issue is that the current package does not support use of HTTPS. If you are using HTTPS for the webgui you cannot access ntopng by hostname because of HSTS. Only HTTP by IP address will work. This is discussed here: https://forum.pfsense.org/index.php?topic=110026.msg643065#msg643065 There is an outstanding PR for the pfSense package for ntopng to address this. [edited for politeness and clarity]

The links below should help you figure out what ports you will need to forward and how to setup port forwarding in pfSense. https://community.netgear.com/t5/ReadyCLOUD/RN104-Router-Ports-to-open/td-p/948497 https://community.netgear.com/t5/ReadyCLOUD/ReadyNAS-102-ReadyCloud-Cannot-Discover-Device/td-p/922769 https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense https://forum.pfsense.org/index.php?topic=55676.0 Not sure how you are going to use ReadyCloud but if I were you I would setup a VPN on pfSense then use a VPN client to connect to your LAN to get to whatever files you want.