@gyahoo said in DNS domain forwarder stopped working: I am at a loss as to how to proceed. Get on a current version of pfsense - the 2.3 line is DEAD, has been for over a year, shoot Oct will be 2 years... There were like 2 years of warning that 2.3 was going to be DEAD! Once you get on current.. Come back if your having issues. So 2.3.4 is from 2017... You honestly thought it was up to date, with zero updates in like 3 years - on security software? its not a notepad app you downloaded from some guy that wrote something he needed and shared it. How did you not check on that? Simple 2 minute visit to the website would of told you if your current or not, etc.

according to https://docs.netgate.com/pfsense/en/latest/monitoring/raw-filter-log-format.html#bnf-grammar the purpose of the tracker id is <tracker> ::= <integer> -- Unique ID per rule, tracker ID is stored with the rule in config.xml for user added rules, or check /tmp/rules.debug I've written this script to fix my rules and make the tracker id numbers unique import xml.etree.ElementTree as ET ONE_SECOND = 1 def main(): start_epoch = 1585650686 root_element = ET.fromstring(XML_DATA) rule_elements = root_element.findall('rule') for rule_index, rule_element in enumerate(rule_elements): rule_id = str(start_epoch + (rule_index * ONE_SECOND)) tracker_element = rule_element.find('tracker') tracker_element.text = rule_id created_time_element = rule_element.find('created').find('time') created_time_element.text = rule_id updated_time_element = rule_element.find('updated').find('time') updated_time_element.text = rule_id fixed_xml = ET.tostring(root_element, encoding='unicode') with open('fixed-firewall-rules.xml', 'w+') as f: f.write(fixed_xml) XML_DATA = ''' <filter> <rule> ... // copy and paste the exported rules here </filter> ''' if __name__ == '__main__': main()

You will continue to have problems as long as you're on 2.3. That was only current for about 1 month waaay back in April 2016: https://docs.netgate.com/pfsense/en/latest/releases/versions-of-pfsense-and-freebsd.html#id7 You could try creating the file /boot/loader.conf.local (if it doesn't already exist) and adding to it the line: kern.smp.disabled=1 Then rebooting. Otherwise you might have to disable all but one CPU core manually which we did as a workaround at the time for a few systems. It was fixed for 2.3.1. Steve

So I wasn't able to figure out exactly what the problem is because I reinstalled pfsense completely and it did the same thing but I tried using a different old pc and switched my intel network card over and now it's working again, i guess it has something to do with the other pc, no idea what though.

Use policy routing https://docs.netgate.com/pfsense/en/latest/routing/directing-traffic-with-policy-routing.html https://docs.netgate.com/pfsense/en/latest/book/multiwan/policy-routing-configuration.html

Hi, I have upgraded to 2.4.5. please find screenshots requested below. still does not authenticate. [image: 1589561497823-24c8657b-7bef-4d5e-9656-dddeb6686050-image.png] [image: 1589561530662-58141b71-156b-465b-97d7-71340053b0ec-image.png]

There isn't any way for the firewall to tell two MACs apart. You'll need something more. If it's that bad, you need L2 auth (802.1x) in your APs, not firewall controls.

@markgca said in SNORT Enable Performance stats not working: When i check the "enable performance stats' feature on Preproc page of services/snort/interface, the interface restarts but never quite gets there. Turn that feature off, and it works again i have several snort instances running on different vlans and they continue to work. Is this indicative that i need to allocate more space or change some option? i have 24gb of ram, and only about half of that is used. thanks for any thoughts Have you looked in the pfSense system log to see what, if anything, is being logged by Snort when attempting to start it? Are you running the performance stats on those other instances successfully? You will generally have better responses to IDS/IPS package questions when you post your inquiry in the IDS/IPS sub-forum under the PACKAGES section here on the board.

Hi all, Looks like the GPON gateway had locked on to the previous devices hardware address. After power-cycling it the latest version connected without issue. (Piece of junk unnamed cheap manufacturer). May be good to get some output added as to why the process is terminated, to assist others - if there is anything useful that can be logged - just an idea. Very happy now PPPoE is running as it should! :) Please mark as solved and close thanks.

Hello! Maybe some variation of : awk '{print "0.0.0.0|0" > FILENAME}' /cf/conf/dyndns* ...in a cron task? John

@jasonsansone I just acquired a sg-3100 and currently struggling to identify how to implement the hardware. Preferably I would rather replace the Pace hardware from AT&T with the 3100. Note: Currently, I have the Pace in use with a netgear router in bridge mode.

Traffic is neither passed nor blocked. It is matched. You can do things like assign a queue or a tag or log it but it does not change the pass or drop status of the traffic. quick has no bearing on match rules. They always flow though and rule processing continues.

have you checked the wan drivers ? Idk, I have never experienced anything like that. I am playing a lot of CS GO and everything is fine. I am sure that there is a software problem, maybe you should reinstall the drivers. By the way, when you will solve that problem, we could play together a couple of games. If you have a very low rank it's not a problem, you can always use a rank boosting service like eloboss.net. If you are interested, leave me a message! It's going to be really cool! I am waiting for your message, dude!

The driver built in to FreeBSD for Realtek chips will crash under load. You can use the latest official Realtek driver to achieve stability, but if you already got Intel cards you're better off anyway.

A device with a Celeron CPU and 8 GB of ram wouldn't be my first choice to install a hypervisor on. Not to mention, the Realtek NIC's aren't doing you any favors either. The first thing I would do is install PFsense on bare metal and blow Proxmox away. Also, if that ZBOX is modular, grab some Intel NICs.

@iberiaerik did you reboot the firewall since enabling the proxy? I believe this is required.

@beria-pl said in Issues after upgrade 2.4.4p3 to 2.4.5: @bmeeks Thanks - works like a charm, after setting up 1 vCPU on both. At least it working now for 30 minutes without any issues. Is there any timeframe to expect this fix? Or in longer-term it may be better to wait for 2.5.0p1 ;) and now survive with 2.4.5 or downgrade to 2.4.4p3 ? I am not privy to the release dates as I am not affiliated with Netgate. As with pretty much every software company out there, Netgate is usually tight-lipped about release schedules (at least ones with very specific target dates). I suspect companies do this to minimize flak in the event they miss the release date due to unforeseen issues that may crop up. I personally don't expect a long delay in the 2.4.5-p1 fix for this issue, but whether that is later this week or several months from now, I have no idea. If one virtual CPU appears to be working for you, then I would suggest staying on the 2.4.5-RELEASE and not moving to 2.5.0-DEVEL as that branch understandably may have issues crop up -- especially if you keep up with the snapshot updates. The upstream FreeBSD guys merged the fix into FreeBSD-11.3-STABLE on May 11th, and so far as I can tell from the Github updates, the pfSense team is keeping up. So maybe the fix release won't be too far away.

Restarted the Virgin Superhub 3 last night and it's great again, we monitor again, but it will start to degrade later today or tomorrow as others have mentioned. If I set back to just use their Superhub as an all in one again all is fine, it has to be something to do with the hub in modem mode and the way it talks to pfSense.