• New setup help

    11
    0 Votes
    11 Posts
    793 Views
    S
    @JKnott I was trying to agree with you... :)
  • HAPROXY with reverse https from LAN to LAN

    3
    0 Votes
    3 Posts
    455 Views
    P
    I don't think you should create 5 frontends just to access 1 backend webserver, instead you might point the 'internal' DNS to the same public ip where haproxy is already listening.? Or perhaps just point them all to the same LAN1-IP ? Other option might be to create a 5th subnet with a 'virtual' ip-alias 192.168.40.1/24 on the lo0 loopback interface to listen on? That might make your firewall rules a bit simpler..
  • Pfsense - Not Showing Any Logs 2.4.5-RELEASE-p1 (amd64)

    4
    0 Votes
    4 Posts
    420 Views
    N
    Hi, now it is working. the second reset as fixed the issue. Thanks
  • mfiutil: mfi_open: No such file or directory

    4
    0 Votes
    4 Posts
    733 Views
    stephenw10S
    It may simply not be compatible with that utilty then.
  • 0 Votes
    12 Posts
    1k Views
    kiokomanK
    yes, now you have an idea of what you need to do, maybe wait for someone with a Draytek that can tell you how to configure it. internet---pppoe ----| ............... modem --- pfsense ---lan
  • Content Filtering and Tracking

    2
    0 Votes
    2 Posts
    375 Views
    AKEGECA
    @leadwolf31 , Assalamu alaikum, Shalom, Namaste. Yes you can. I use Pfsense CE (free) with IBM Qradar CE (free). I can even tracked the apps that intruders used. IBM QRadar [image: qradarce-dashboard.png] [image: pfsense-logactivity.png]
  • Public IP and WAN IP different

    4
    0 Votes
    4 Posts
    1k Views
    johnpozJ
    Normally very difficult to have any unsolicited inbound traffic. Unless your ISP has setup ports to be sent to your 100.64.x.x IP, or allows for you to request them. Its pretty much the same as your IPs behind your nat router not seeing inbound traffic unless you create a port forward on your router. If you have no need for inbound traffic - say you running a plex server, or hosting httpd, or whatever then not you prob won't have any problems. But if your wanting to say host some online games or something... Then yeah it can be a problem. if you would like to say vpn into your home while your on the road with your phone or laptop or something - then yeah problematic for sure. Do you also have IPv6? If you have IPv6 you could leverage that for the services you want to host off your connection. Problem there is not everyone has IPv6, nor all locations.. Say your on some hotspot at a coffee shop or something and want to vpn to your home - the coffee shop might not have ipv6 for you to use. edit: upon looking I do see you connecting a few times with IPv6 to the forum.. So I would assume you have it - but that could of been off your phone (not using wifi) or something? For example t-mobile, atleast in my region has gone full ipv6 on their data connections. Your phone never gets an IPv4 address other than via wifi. When you want to talk to an IPv4 address you use a NAT64 gateway they have setup.
  • Bug: PPP passwords (or what) need to match (I found the cause...)

    6
    0 Votes
    6 Posts
    1k Views
    stephenw10S
    So you're basically saying Chrome is auto-filling hidden password fields creating the input validation error? That should be fixed in 2.4.5p1 by this: https://redmine.pfsense.org/issues/9864 So, yeah, upgrade! Steve
  • Setting up Lan Ports

    2
    0 Votes
    2 Posts
    320 Views
    stephenw10S
    There is a reason that bridging all your interfaces is not a one check-box type setup in pfSense. Doing that is generally a bad idea! Bridging interfaces makes it behave somewhat like a switch but it is not a switch and if what you want there is a switch then you should just use a switch. Most SOHO routers that use that type of setup are in fact using switch internally. Some of our own appliances have an internal switch and can also be used like that. That aside..... if you are going to the dhcp server setup and there is no tab for br0 it's because br0 isn't assigned with a static IPv4 subnet a dhcp server can be added to. I note also that guide does not mention chnaging the sysctls to filter on the bridge interface rather than it's members which most people would want for this sort of setup. See: https://docs.netgate.com/pfsense/en/latest/bridges/firewall.html Steve
  • pfSense using unreasonable amount of bandwidth while idle

    106
    0 Votes
    106 Posts
    23k Views
    stephenw10S
    Mmm, weird. Thanks for following up though. Yeah it would be good to know what it was but that's probably not possible at this point. Steve
  • What is NRDM

    11
    0 Votes
    11 Posts
    1k Views
    AKEGECA
    @user2 , I think you are overly worried, but then again that's your right. Anyway the IP address that you mentioned is related to these IP addresses: IPV4 24.227.211.0/24 64.17.0.0/20 64.20.224.0/19 64.20.224.0/20 66.219.32.0/19 96.47.208.0/20 96.47.209.0/24 192.188.253.0/24 198.252.182.0/24 208.67.240.0/21 208.123.64.0/19 208.123.73.0/24 216.1.112.0/22 IPV6 2610:160::/32
  • understanding the importance of NAT ordering

    2
    0 Votes
    2 Posts
    300 Views
    johnpozJ
    Here this should help https://docs.netgate.com/pfsense/en/latest/nat/process-order.html Outbound nats are evaluated after the firewall rule... I think the confusion comes up when users think nat is evaluated first before firewall rules. -- which is true in the case of port forwards or 1:1 nats, etc. If you have a firewall rule that forces traffic out a gateway.. The nat will be evaluated after that - top down looking for the nat to apply to that traffic.. But the decision for what interface to send it out of has already been made.. So no outbound nat could not change what gateway that traffic would use.
  • How to change Gateway IP address?

    5
    0 Votes
    5 Posts
    1k Views
    AKEGECA
    @gregHANSford , I forgot to mention third step turn off your ISP modem for 10 sec. You will get a new ip gateway. Also you can always changing your server host as Steve mentioned. VPN > Openvpn > Clients > Edit > Server host or Address Change it to different host from your VPN provider, with Nordvpn is a bit easier. Just change the digits ch 167 to ch 134. This way you don't have to change your TLS key. [image: recommended-server@2x.webp] @Steve, it's true but I did notice this trick worked, 6 out of 10 connections will use the same ip as monitoring ip.
  • 502 Bad Gateway on 2.4.5p1

    5
    1 Votes
    5 Posts
    2k Views
    T
    I'd love a solution to this - see it constantly on my lab SG-3100 - have even pruned it back in terms of packages and still does it :( Same scenario - usually I can SSH in and restart PHP-FPM but other times i have to hard reboot the device. Not the result i was hoping for testing an SG3100 for use at clients :/
  • Slow WAN, Fast LAN

    6
    0 Votes
    6 Posts
    593 Views
    V
    So it was traffic shaping after all. What looked like defaults to me must have been the wizard’s work from ages ago when I was trying to do QoS for one specific machine. Thanks for your responses!
  • Check for valid IPV4 Address on WAN and force renewal if not valid

    4
    0 Votes
    4 Posts
    411 Views
    JKnottJ
    @DGCupit One thing I did years ago, when I had an intermittent problem with my ISP is I wrote a script that would periodically ping my ISP's gateway and log failures. You could have it restart DHCP instead. Here's my script: #! /bin/sh while [ 1 ] do ping <address> -4 -c 1 || date >> ~/log;sleep 50 done
  • Multiple GW and ISP

    10
    0 Votes
    10 Posts
    1k Views
    stephenw10S
    Yup, that^. Just use two interfaces in pfSense and that will be the default behaviour. Otherwise reply-to uses the gateway defined on the interface. Steve
  • Trying to upload XML files with Powershell

    3
    0 Votes
    3 Posts
    652 Views
    P
    OK I think I found the way. For all the time I spent trying to figure it out, it's embarrasingly simple, but I took longer because I did not understand that: it needs powershell 7 (or maybe 6+, but I didn't test that) it needs to NOT run in ISE. Running in ISE screws up the type used for the file in the final hash table, even if you try to run PS 7 with enter-pssession. You've been warned! :-) Anyway, this sample code worked for me - hope it helps someone else: $Timeout = 15 $restorearea='aliases' $conffile='c:\path\aliasestest.xml' $CsrfToken = $null; $PW = 'pfsense' $Uri = 'https://192.168.1.1' $LoginPage = Invoke-WebRequest -TimeoutSec $Timeout -Uri $Uri -SessionVariable Session $CsrfToken = $LoginPage.InputFields.FindByName('__csrf_magic').Value $Credential = New-Object System.Management.Automation.PSCredential -ArgumentList 'admin', (ConvertTo-SecureString -AsPlainText -Force ($PW)) $Creds = @{ __csrf_magic=$CsrfToken; usernamefld=$Credential.GetNetworkCredential().UserName; passwordfld=$Credential.GetNetworkCredential().Password; login='Login' } # Login to web portal $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri $uri -Method Post -Body $Creds $CsrfToken = $Result.InputFields.FindByName('__csrf_magic').Value # Get backup pagethat $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri "$uri/diag_backup.php" $CsrfToken = $Result.InputFields.FindByName('__csrf_magic').Value $RestoreArguments = @{ __csrf_magic=$CsrfToken donotbackuprrd='yes' encrypt_password='' conffile=get-item -path $conffile decrypt_password='' restorearea=$RestoreArea backuparea='' restore='Restore Configuration' } $Result = Invoke-WebRequest -TimeoutSec $Timeout -WebSession $Session -Uri "$uri/diag_backup.php" -Method 'POST' -form $RestoreArguments
  • Errors In on Lan

    errors in
    7
    0 Votes
    7 Posts
    716 Views
    R
    @AKEGEC Thanks for the suggestion. I tried a managed switch but still saw the same issues. I think I must of somehow run the poe into the Pfsense box.
  • Route traffic across two internet providers

    5
    0 Votes
    5 Posts
    492 Views
    L
    @Rico Thank you
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.