"Several times" means : check the logs (all the logs, pfSense captive portal, FreeRadius (enable logs !)) why. It could be anything, except a random issue. This : @gertjan said in Same captive portal zones: To circumvent problems, what about make the names unique ? will blast away your question. Btw : captive portal questions are here https://forum.netgate.com/category/3/captive-portal

Hi, The one that knows all about the 'usage' of your web server, is ... your web server ! pages, size, speed, where from, who, all of it. Tools like awstats and munin and many more, can create statistics without limits. pfSense has a traffic shaper which is excellent for limiting

Thank you, yes it turned out to be the ESX load balancing algorithm, once we changed it the gateways came online.

I'd have to guess bad RAM. db:0:kdb.enter.default> bt Tracing pid 4632 tid 100255 td 0xfffff800a70655c0 pmap_remove_pages() at pmap_remove_pages+0x5f0/frame 0xfffffe0118268580 exec_new_vmspace() at exec_new_vmspace+0x19c/frame 0xfffffe01182685f0 exec_elf64_imgact() at exec_elf64_imgact+0x8d8/frame 0xfffffe01182686e0 kern_execve() at kern_execve+0x77c/frame 0xfffffe0118268a40 sys_execve() at sys_execve+0x4a/frame 0xfffffe0118268ac0 amd64_syscall() at amd64_syscall+0xa4c/frame 0xfffffe0118268bf0 fast_syscall_common() at fast_syscall_common+0x106/frame 0x7fffffffe380 db:0:kdb.enter.default> ps Do you have any further crashes? Do they look identical or more random? Bad RAM usually results in relatively random crash logs. That can also start happening spontaneously. Possibly a bad drive. Steve

You can use dynamic Limiters to share the available bandwidth equally among the connecting IPs. You would have to set a total available value though and that may throttle traffic on the DSL connection. The Limiters would need to be on the LAN side to see the different client IPs. Steve

Then can you not just ping them from each interface in a script? Just use the bind switch to select the source IP. Steve

So FTP servers behind the firewall that cannot be configured to pass an external IP or use a custom data port range? Apart from the already mentioned issues can you not persuade customers to at least use a half decent FTP server? Steve

Thank John!

@jakemendonza When a modem is in bridge mode, it doesn't have a public ID, though the ISP may have an internal address used for management. You would likely be seeing the address assigned to the firewall/router.

hmm What about haproxy with combination of standalone HTTP server method? This is how I do it for all my hosts. Acme starts http server on localhost and on haproxy I have backend on that same ip and port 80. Then again on haproxy there is ACL path starts with /.well-known/acme-challenge and it gets redirected to backend which is actually acme standalone server :)

First thing I would do is setup your vip.. And then validate your seeing traffic to the vip before doing anything with any rules or 1:1 nat.. Since its not possible for pfsense to do anything with said traffic until it actually gets to pfsense wan. Maybe you have something between where your trying and pfsense wan that blocks 22 (ssh). Once you have traffic getting to pfsense on the port you want, then you can forward it to what you need be it with normal port forward or 1:1

You can recover the automatic backup from right before you made those changes if available. Take a look at Diagnostics > Backup & Restore, Config History

Doubtful that was actually necessary. But if that's what you have done, that's where you are now.

Hello johnpoz, thanks for your quick reply. You re right, i made a few additional adjustments after i followed the guide mentioned above to fit the setup i need. To do this i indeed set up the two Google DNS servers (under System -> General setup) which i associated with my regular DHCP_WAN as a gateway. Additionally i created two further DNS entries (the DNS servers of NordVPN) and selected the DHCP_VPN (client) Interface as the gateway this time. After this i switched to the firewall rules and adjusted every ruleset thats related to "non local" traffic so that LAN and WIFI traffic have the VPN interface set as its gateway and my rules for VLAN100 have the WAN interface as the gateway. Outbound NAT is still going over WAN for my VLAN100 subnet as well of course. I am aware that big streamers like netflix and amazon are trying to make it difficult for you to use VPNs and such but what leads me to believe that this might not be the problem here is that if i put my traffic VLAN100 traffic through the VPN i can access amazon and netflix without any trouble. If i use my WAN as the gateway for my VLAN100 rules several "thatsmyip" websites indicate that there everything is working just as if i wouldnt sue any vpn at all, yet i cant figure out why i run into those problems.

i got it sorted it out... the cable i was using was not good even thought it was a cat6, so now it works. PS: router can be a modem when it has built in modem capabilities, like spectrums cheers and thanks