@whitetiger-it said in How to find who is generalizing traffic: I know only traffic totals (and only a little); I don't remember if stats is for single PC. I do not know the other tools and therefore I ask you for advice. However, I need to find the PC that is generalizing traffic in INTERNET UPLOAD. The traffic over PC’s ethernet card is also for other reason, for example to NAS, server or printers. Yeah, think your are right about Traffic_Totals - that’s only for combined traffic. BandwidthD or Darkstat is what you are looking for. They will summarize traffic for individual IPs. But if you route traffic to your servers, printers and what not (through pfsense to another interface), that will be included by default to. But there is likely a “internal network” type definition you can setup to have them exlude traffic to other local IP scopes.

@danielr It's a Netgate domain, you can run md5 checks against the files if you wish, but the software itself is not only unsupported now but also may not allow installation of packages properly as the maintainers may not be maintaining those old versions anymore. v2.3.5 was released nearly 5 years ago and many CVEs have been discovered, patched and replaced in the last 1500 days.

@stephenw10 said in Pfsense Admin Portal Protocol: Ok, so you could do something like this: Disable the anti-lockout rule on LAN. Add a floating rule: Pass, IN, all interfaces, TCP, source: <the_IP_to_allow>, destination: This firewall, port 443. Add a floating rule below that: Block, IN, all interfaces, TCP, source: any, destination: This firewall, port 443. Make sure you have console access so you can roll back that change if you get locked out! Steve Dear Steve, Thanks a lot for your explanation.

Yes, you can add those two sets of subnets as P2s in a policy based config and it will work. The BGP session will use the APIPA addresses and the the routed traffic will be carried by the other P2. It will of course fail if BGP passes other routes since they are not carried. To allow traffic to/from those APIPA addresses, which are blocked by default, be sure to enable it: https://docs.netgate.com/pfsense/en/latest/config/advanced-firewall-nat.html#allow-apipa Steve

It could be configured to use the wrong primary console. That's the last messages you see on voth consoles before it switches to primary only. https://docs.netgate.com/pfsense/en/latest/troubleshooting/boot-issues.html?#booting-with-an-alternate-console Steve

@stephenw10 Or more precisely, don't send a frame that exceeds the recipients maximum size. There's nothing in an Ethernet frame that says what the MTU is.

@danielr That's covered in the docs here: https://docs.netgate.com/pfsense/en/latest/backup/restore.html#restoring-from-the-config-history However you cannot restore to an external backup file easily.

pfSense itself can use any configured DNS server including anything that might be passed to it via DHCP. So it may be able to resolve when clients cannot when Unbound is not running. However you should forget about DNS if LAN side clients cannot even get an IP address. Do you have a subnet conflict between WAN and LAN? Steve

I saw the exact same thing. Throttled my 300-350 Mb/s connection down to 40ish. I even reinstalled the thing from scratch and it repeated a couple days later. This morning would not pass traffic at all, but could ping from the gateway. Rebooted but still throttled. Disabling the shaper on the WAN interface completely fixed it immediately. I'll follow up if repeats the phenomena. Will be happy to submit logs if you tell me what and where to send. Other than this, no complaints or issues. Running pfSense+ 22.01 "free" on a HP EliteDesk very small PC.

@f-meunier Thanks! I was hoping that would be the case, but better to know before-hand.

@chpalmer thanks for the reply. I've removed the old card and re-assigned the new card to my LAN. (to prevent confusion I only keep two cards in the server wan and lan) there is only one light on the 530t and none on the insignia USB. Not sure if setting the speed is the problem, even if it was running at 10 MBs, I should be able to connect to the internet from my PC , but the only machine that seem to be able to connect to the internet with two 1000base NICs installed, is the firewall server. Also i do not see where I can change the speed. nothing on the console menu, or on the dashboard ( using a web browser to connect to the firewall ip address) i've even ran an update from the menu after installing the card. is there something that need to be run from the Pfsense dashboard when adding a new Card , something like disabling PfBlockerNG and then enable it. is there a speedtest for the NICs , something that will show the speed the card is running at?

@cidk2 said in Talk Talk Fibre Broadband + pfSense: Default Gateway 62.2XX.XXX.XX, please edit and mask.

@johnpoz said in Cloudflare:443 in fw log...: just personally block all traffic to 1.1.1.1 Floating rule, out WAN, quick, source any/any destination 1.1.1.1/any? Thanks

Yeah, it shows the current link. You can see the available link types the NIC supports in the speed/duplex drop down in the interface config. Or ifconfig -vm igc0 at the command line. Steve

OpenVPN is UDP by default so port tests against it will fail. I upvoted enough of you posts to get your 'rep' above 5. You should avoid the spam filter now. Anyway, glad you're up and running.

That's just the address the management page is using to access it for stats. Squid can listen on any interface IP it's configured for. In transparent mode it uses localhost like that and port forwards redirect traffic to it. You should still be able to access it directly on the interface IPs though. Steve

@stephenw10 thank you I was looking at WPAD right now. i hope everything will be fine

@stephenw10 Thank you for pointing out that my firewall is generating a lot of logs. I have checked firewall logs and found out that my home assistant is causing the problem. Because I have configure DoH blocking in pfblocker, and this is what being triggered. I have disabled the logging for this and that fixed the problem. Again thank you so much for the big help.

Can you just swap the LAN/WAN ports in the Interface assignments (and the cables) and see if the problem follows the swap?