Actually it will do that by default if you only have one interface assigned and it has a gateway on it. Try it and see. Steve

/bin/bash doesn't exist in pfSense, use /bin/sh. What error do you see when it tries to run? Steve

While I cannot speak for the developers, I believe they are indicating that they are going to be adding features that will work with their own branded hardware, such as dedicated cryptography chips, but will also work regardless of the platform. Embedded cryptography silicon is becoming more common, and it provides a lot of additional capabilities to developers and hardware manufacturers. If your platform has these additional capabilities, then the software will be able to take advantage of them, just like pfSense does now. I do not think they are going to lock down the software to their own hardware or add any restrictions on the hardware most folks are currently using (hey, there's even improved RealTek support from the community). That's never been the case, and they would alienate the massive user base they currently serve.

So you can access pfsense after a IP change.. [image: 1542900714520-disableupdatecheck-resized.png]

@johnpoz thanks a lot for your helping, i will contact the support,

@ashima said in Giving remote control access to few machines: They were just lucky enough not to get any attack That you are aware of - your whole network could be compromised currently if someone guessed your top secret user account and password to rdp in.. Since it was for vendor support it was prob something stupid simple ;) Restricting inbound connections from trusted ip. This is a good idea for sure..

@stephenw10 said in Syslog Webgui Log View Option: There is now a package update available with that change in it. You should see it in package manager. Let me know if you see any problems. Steve Thanks Steve, I'll update you soon.

heheheeh - yeah running limiters going to kind of "limit" your speed ;) heheheeh ROFL!!! Well atleast you found the problem..

To make matters worse, the debug version I created and compiled, works. Apparently there is a difference between the igmpproxy-0.2.1 in the freebsd repository (I didn't build that) and the same version when built with freebsd ports. So I was able to build an instance of 0.2.1 that works, but I'll never know what is wrong with those others.

@stephenw10 Ahh all good!! Really appreciate all your help.

@evilside said in Encrypted browser-Squid connection: but I don't care, almost nobody use that browser.

@tim-mcmanus Ahh, Thanks :D, I might go for the spf since I can future proof it, or booth. Thanks again :)

I think the main point here is that the best practice is to store only the minimal amount of data required in the DMZ and limit access to anything on the LAN to only what is required. However you have to make some assessment of the risk. Is the git server going to be open to the world or only restricted source IPs? The term DMZ used here implies it is exposed and needs to be walled off from other subnets but that might not be the case. Or at least not in the traditional sense. Steve

It is. Yep, just use one of the methods shown there if you need to do it. Or just use Auto Config Backup: https://www.netgate.com/docs/pfsense/backup/autoconfigbackup.html Steve

@stephenw10 After three hours of constant download at 100mb/s there was no loss of connection, I hope it continues like this. At the next restart I will check. Thanks again for the help. EDIT: I confirm that I have solved the problem by replacing the realtek drivers included in pfsense.

More likely something upstream is configured to expect your mail server to have 88:xx:129.147 as it's public IP and you have not added an outbound NAT rule to use that for traffic coming from the mail server. A 1:1 NAT rule would handle that both ways. Steve

Have to say I agree company about security isn't using dnssec for their dns.. Which is really low hanging fruit to pick too.. dnssec is not that hard ;) It really is a shame that all domains are not doing it - the hardest part is registrar that actually supports it... Even though my understanding is its a requirement to be an actual accredited registrar.. I know when I fired up a domain to play with dnssec back in 2015, they had .xyz on sale and said they supported dnssec - yet took some emails to their support to actually get their implementation on their website to work.. And I looked around at the time namecheap didn't even support... From what I recall.. While its only a domain I use for my personal stuff, and use it for mostly testing - its not that hard to add stuff or maintain sign off on your records... I have a cron job that runs, and script I run when I add new records or edit them, etc.

Exactly, you cannot. In general pfSense will not allow any connections inbound from some external web server. Only responses from servers for which outbound connections have been opened are allowed. Steve

@tim-mcmanus Thanks a lot Tim... i am going to read it carefully and will post results... Pedreter.

But actually this is not a change, because the Alias URL remains the same, could change the IPs in the list (for sure not every night, at least in my case), but a backup it's not needed because anyway when you will reuse it it will download again the updated list. If you consider the IP list a (potential) change, then a backup should be taken also when a DNS Alias it's resolved with another IP address, it's exactly the same thing.