Yes, use a VPN: https://docs.netgate.com/pfsense/en/latest/recipes/remote-firewall-administration.html#use-a-vpn

@stephenw10 Yes, the VLANS were using differents NICS I have sorted the issue!! The quad nic from my hp t620 plus did not play well in the hp t730 Once i purchased a new nic for the t730, issue has dissapeared! All is working again!!

@stephenw10 thank you

@Fabiano1 I have had similar behavior. However, CARP was still involved, which was also the reason for the problem. But from the description it sounds very similar. Therefore here is the link to the issue: https://redmine.pfsense.org/issues/14171

@Patch said in Anti lockout Setting: @phayze said in Anti lockout Setting: Hi, i just change the 2nd interface which is <lan> to <wan2>. The rest of the interface is default to <optx>. I didnt know that <lan> is important until yesterday. I had rename back to <lan> already. Assuming you have a Primary WAN Secondary WAN Local area network connection And would like you internal names to be WAN - Primary WAN LAN - Your local area network connection OPT1 - Your secondary WAN, GUI name "WAN2" I suspect you could do that by Back up your configuration so you can recover is this fails Unplug your secondary WAN Add a explicit GUI firewall rule to your current secondary Wan and Lan interface Reassign / swap the interfaces for Lan & secondary Wan (pfsense -> interfaces -> assignment) Rename the GUI names for LAN and Wan2 Correct / move firewall rules etc Save your pfsense backup again Hi, i had done it and the problem is solved. Thank you.

@SteveITS thanks Steve, I appreciate! Will remove them and perform the upgrade sometime this week. Thanks again for your time! Best Regards, Yanick

@stephenw10 The solution was a complete reinstall. although I think it could possibly also be solved by defining the variable in the file itself because that was present. If the file was not present, the error "could not include file ("....") That solution would have been less time consuming. I must admit that the response time for the tac support was very fast. If it is good, it can also be said. Case closed

Hmm, yup. Checking....

Yes you can clear the package cache using: pkg-static clean -ay

You can open a bug report for it if it's repeatable: https://redmine.pfsense.org/ Steve

I doubt it's a hardware issue causing memory use like that.

Yes almost certainly port forwards. Since this is a routed subnet you don't actually need VIPs at all, just outbound NAT rules. However it's logically easier to see what's happening if you add them and it allows for forwards later if required.

@markchen Awesome, glad that solved it!

@gregeeh said in Can't update to 2.7: [2.6.0-RELEASE][admin@pfSense.localdomain]/root: pkg info -x pfsense ld-elf.so.1: /lib/libc.so.7: version FBSD_1.7 required by /usr/local/sbin/pkg not found This is an expected error after 2.7 was release. It should not cause any problem for normal operation in pfSense where all functions use pkg-static to allow for it. Steve

@johnpoz Oh, I believe you. All I can say is it stopped working for me. I thought Comcast had blacklisted me because sometimes when I'm futzing around I create a flood of alerts, sending one to Comcast, one to Outlook.com and one to ATT.net. IIRC, there were instructions on the notifications page previously saying to use commas and no spacing between addresses. No problema.

Sorry for not being clear, not only do I not have 2 minutes these days but don't want to change anything on the router while dealing with urgent medical phone calls that go through the pfsense router. When it blows over I plan to test turning the auto rules off, and possible test an inverse rule I mentioned above. Just now is not a good time to do anything. Thanks again to all who posted options, just wanted let you know I read and appreciate the posts.

I'd consider the UPS an "older" model, but not ancient. I'm using a 240v "Double Conversion Online" SmartUPS RT SURTD5000VA, so in theory there is near zero fluctuation or spikes when transferring. It has an additional external battery pack, and I then use an APC SURT003 isolation and step-down transformer for 120v devices, which leads to a couple PDUs, and then feeds devices off of that. There are other PDUs off of the main unit that feed 240v devices. Not much to configure on this device other than upper and lower bypass ranges, but those only apply when bypass mode is utilized, which I never do. Output always hovers around +-1 at 240v, same with 60hz. Nothing else connected to the 3100, just power, wan, and lan1.

@gniting Like running two DNS server process on the same address same port. Or web servers. IMHO : that's pretty broken. @gniting said in Run two services on the same port?: SO_REUSEADDR and SO_REUSEPORT IFAIK both process should also support port sharing .... maybe. Not sure if Avahi does this. Guess not.

As follow up, the changes proposed in the topic about proxmox seems to work. The firewall has been up for 60 days without an issue. Tyvm!

So I am having a very similar issue trying to change my 6100 MAX to become a transparent firewall between my AT&T Fiber Gateway and my UDM-SE. This forum post is very close to what I’m trying to do, but it doesn’t seem to work for me nor did the OP respond if he/she ever got it working. I’ve also watched Tom Lawrence’s YouTube videos on this, but in his example he’s not including his WAN interface - only two LAN interfaces. Note that I have been using my 6100 MAX in front of my UDM-SE in a dual-NAT scenario primarily for much better control over DNS filtering (pfBlocker) and Snort (IPS: WAN, IDS: LAN). This has worked flawlessly for almost a year with no issues (although doing port forwards can be kind of tricky), and no problems up to this point. For the sake of masking my real public IPs, please just assume that 99.99.99.99/29 is my public IP block (AT&T actually provides a /32 and a /29 for a total of 6 usable public IPs). ————————————————————————— Current Deployment and Configuration [Internet] ----- [AT&T Gateway] ----- [pfSense] ----- [UDM-SE] AT&T Gateway (99.99.99.99/29) WAN "IP passover" mode to pfSense (essentially just a modem and gateway) AT&T Gateway (192.168.0.1/24) - LAN pfSense (99.99.99.99/29) - WAN (via DHCP for primary /32 WAN IP plus additional /29 block configured as virtual IPs) pfSense (10.0.0.1/24) - LAN UDM-SE (10.0.0.2) - WAN IP via DHCP from pfSense UDM-SE (10.0.1.1) - MGMT IP Again, no problems whatsoever up to this point. I can get to all 3 management interfaces (AT&T/pfSense/UDM-SE) from my UniFi LAN without issue. ————————————————————————— What I want to do is change my 6100 MAX to become a transparent firewall instead so I can get rid of dual-NAT scenario and manage my 6 public IPs on the UDM-SE instead. Within pfSense, I have tried disabling NAT, creating a new bridge with both LAN/WAN (this also includes changing both System Tunables to member=0 and bridge=1 and setting the LAN and WAN interfaces to no IP address) and assigned it a management IP on the AT&T Gateway LAN. No dice getting to pfSense or AT&T gateway's web interfaces. No Internet connectivity at all. If I set both System Tunables to 0, everything works (minus any filtering of course). Once I turn the bridge tunable back to 1, I keep seeing default denies in the firewall log. I don't understand why because I temporarily have all interfaces firewall rules wide open for IPv4. 
 Proposed Deployment and Configuration: [Internet] ----- [AT&T Gateway] ----- [pfSense] ----- [UDM-SE] AT&T Gateway (99.99.99.99/29) WAN "IP passover" mode to UDM-SE (essentially just a modem and gateway) AT&T Gateway (192.168.0.1/24) - LAN pfSense with LAN/WAN configured as a bridge interface UDM-SE WAN: (static /32 plus 99.99.99.99/29 as additional IPs) UDM-SE LAN (10.0.1.1) - MGMT IP I have scoured through so many forum posts and other websites for about 2 days trying to get this to work, but I keep having to revert back to my current setup (thank goodness for pfSense Plus boot environments). I should not have to configure any static routes since a transparent firewall should work without changing anything on the AT&T Gateway or UDM-SE. The proposed scenario obviously works perfectly fine without the pfSense in the mix. So what is the proper way to do this? No matter what I try, I can’t seem to get this to work. Thanks.