@scorpoin said in can not allocate memory error latest firmware: arp: writing to routing socket: Cannot allocate memory could this be related https://forum.netgate.com/topic/152998/arp-writing-to-routing-socket-cannot-allocate-memory or here https://forum.netgate.com/post/976491 You see that error though because it cannot allocate memory in the ARP table for an IP in a subnet the firewall doesn't have an interface in. Which is probably because the re NIC has gone AWOL.

@deanfourie Here's a good reference for TCP/IP: TCP/IP Tutorial and Technical Overview

@nollipfsense said in L2TP/IPsec VS OpenVPN on pfSense: My use case is both personal, and business (home office) so I'll emulate yours. Hello, a little bit late but for the records it is also pending on what hardware is in usage and for what you need it. pfSense to pfSense I would prefer IPsec with QAT on (if available on both sides) pfSense to other I would prefer IPSec with AES-NI on|-left aligned paragraph Mobile device to pfSense IPSec is your hero OpenVPN became or is the hidden defacto industrial standard WireGuard the future hope IPSec war proofed and spread out widely

So I am also interested in this as I have a HA firewall and can only do CARP on the LAN networks. My provider, AT&T, gives me the option of PASS-THROUGH providing "real" WAN IP via DHCP and I lock it down to a single MAC on the Router/Gateway (RG). So my primary firewall has a spoofed MAC on the WAN that matches the one the RG has configured to hand out leases. My standby HA firewall has the hardware MAC on the WAN interface. The primary gets the "real" WAN IP, publicly routable, and the secondary firewall gets a 192.168.5.X IP from the RG. If I spoofed the MAC on the secondary WAN and shutdown the primary then released/renewed on the secondary it would get the "real" IP on the secondary. Now I say it is "real" since AT&T does some type of bridge NAT but the NAT table on the RG is still in play. I am interested in what @chansiuming was looking to do based on my ISP quirks. I could write a simple script to check CARP status and when it becomes MASTER do the down of WAN, spoof MAC, bring up WAN and boom it should work.

Do you have general connectivity? Have you tried hitting the refresh button there? That pull the status from ews.netgate.com. That service is functioning normally right now. Steve

@stephenw10 Oh I see. Yep PCAP was on the VM (172.16.0.202). Yep I don't get it. I see what you're saying and all just can't wrap my head around what is going on here.

Those are the changes you made? Can't you just set a static IP to regain access and revert that? Steve

@stephenw10 that worked, thank you so much!

Never used VSCode but it's just xml. What changes do you need to make though? Usually a config move between hardware should only require re-assigning the interfaces (renaming them in the config). I assume this is a more extensive network change? Steve

Hmm, maybe it's failing to rotate the logs at all then. sshguard is enabled for webgui logins whether or not SSH is enabled. Steve

It doesn't look like the error checking includes a 30 character limit there. But even if it did entering a value in the config directly bypasses that. You can open a feature request to include a custom options field: https://redmine.pfsense.org/ Steve

Yes, that would change it from 01.01 to 12.01.

Also see: https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html Steve

@stephenw10 Steve, thanks for the input. I guess I'll have to wait for things to go south and your suggestions.

Both are forms of NAT, translating IP addresses/ports. pfSense just uses the term port forwarding for inbound. Steve

@johnpoz said in Unknown servers on VLAN: @lewis yeah arp scanning is very fast, and most anything is going to answer an arp, even if firewall blocking all protocols and ping, etc. Only problem with that sort of scan is you have to be on the same L2.. But for what your looking for its prob more in line with what your looking to do.. Yes, basically just wanting to make sure I have my own relatively secure LAN (VLAN) network. I'll do it again once everything is up.

@stephenw10 Ahh, I see, good to know, thanks!

@zzkazu said in Helium Miner - Port Forwarding Issue: outlined by "Lawrence Systems" on you tube He says to block the whole planet - normally they put out pretty good info.. I would be disappointed if they said to setup what you had to be honest..

Now it seems back online. thank you Max

@maliaga See if this thread helps.