Well am glad u were able to resolve this with easily replaceable NICs and not some embedded soldered on NICs.  There are some system/advance/network parameters that users can turn off to deal with problematic NICs to try things out as alternative.

???? What do you mean pfSense server?  PfSense is a firewall/router, that can also do things like DHCP and DNS servers.  If you have multiple sites connecting to it, what will you use as a firewall on those sites?

@dotdash Thanks for the info. I have search only last night and after a long many hours found my potential solution. I will have to test today. I will also be searching the virtualization forum also for alternatives.

Unlikely it's related to a software reboot. It'll probably come back if/when your phone starts charging again or so.

Yeah this seems to be related to https://redmine.pfsense.org/issues/8360 With that !/

So you have computer on pfsense wan, and you want to get to stuff behind pfsense NAT to lan.. Then you would have to port forward..  If you do not want to port forward, and use pfsense as a downstream router/firewall without nat.. Then unless you do host routing on devices on what becomes a transit network your going to have a bad time with asymmetrical routing. To use pfsense as a downstream firewall/router or just router and not nat then pfsense needs to be connected to the upstream router via a transit network that no hosts are on so that you remove asymmetrical routing.. If you want to do what your doing with pfsense NATing between wan and its lan which is what it does out of the box.. .Then you would setup port forward for what ports you want to hit on 192.168.2.2, and haave your 192.168.1.2 computer hit pfsense wan IP at 192.168.1.100:port to get get forwarded to 192.168.2.2 [image: transitnetwork.png] [image: transitnetwork.png_thumb]

https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

"but I have never encountered a situation where two IPs from the same subnet can ping one way but not the other." You sure its pinging the correct thing.. Could be wrong mac.. And sure have seen this quite often with firewalls on hosts.  Or in a bridge if your filtering on members of the bridge it could be allowed in one direction or not the other.. etc. etc.. There are many reasons why this could happen.  If you were on a actual L2 first thing to do is validate your devices are arping the correct mac, etc.

While I am not an expert on the whole boot process of pfsense.. From a general point of view… The configuration of pfsense is stored in XML... So on boot I would assume pfsense makes sure that "all" settings that are in the config XML are placed into the appropriate files.

What kind of content?  I use Plex for the 5000+ movies I have and it can live behind a dynamic IP and no need for a VPN tunnel from any location.  Plus Plex is available as a native app on every media platform.  Smart TV's Netgear Router now has Plex Media Server Built in., Iphone, Android, Mac, PC etc… FYI Plex Server and client are completely free!!!!!! Install Plex Server at home and then use the Plex client anywhere (No VPN Required) and access your content!

Thanks I'll give that a try.

That is not what you stated ;)  I was making a funny about it… You really need to look into how shaping works and limiting though... TCP does this on its own.. My guess would be this user is doing p2p and has hundreds of sessions running if he is eating up all the bandwidth. The best solution to such users is just block what they are doing or just limit them down to shit..

Figure out why the state is being closed. An established TCP state will not expire for 24 hours of ZERO traffic using the default firewall settings. If the state is no longer there it is because either side has closed it. More info here: https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

Thank you emammadov. I am glad to read that, the solution for adding my own modem works also on a pfSense device the way you describe. I have it set up with an old Thomson Speedtouch modem on my SG-1000 microfirewall. This thread ("How to access my Thomson Speedtouch modem web GUI through my SG-1000 microfirewall" <https://forum.pfsense.org/index.php?topic=144151.msg784762;topicseen#msg784762>) describes more of it. I apologise if my original post was not clear enough. I own three modems and am amazed by the low quality of these devices. Of particular importance for a DSL modem sitting at my home and facing my ISP's understatements, is to be able to evaluate the quality and performance of the upstream DSL line, which my ISP will never tell or admit. 1 - They may not admit that the line is defective: if they do not want to correct it. 2 - They may not admit the line is excellent, to instead keep on deliberately throttling the bandwidth from their end in an attempt to lure the customer into a more expensive contract, with the ISP's supplied modem and stuff. Currently, I am experiencing situation 2 after the installation by my ISP of a device in my village to reduce my DSL line's length from 4700 m down to 700 m. My stats, today, are as follows: Modulation:ADSL2 PLUS Annex Mode:ANNEX_A Downstream Upstream SNR Margin: 17.3 7.8 db Line Attenuation: 14.2 7.9 db Data Rate: 10271 1022 kbps Note the enormous SNR margin of 17.3 decibels. I would gladly bet my modem could synchronise at the SNR margin of 6 db, which is the normal target for SNR Margin at the ADSL2plus modulation. This could result in a stable downstream data rate of around 20000 kbps (almost double the current 10271 rate). But my ISP throttles the bandwidth from its place and denies doing so, possibly for commercial reasons. If I consent to purchase an expensive contract with VoIP and pay-TV, they swear the bandwith will magically be liberated. Legally, this stands for a tie-in contract: plain illegal where I live. With such a line, with a VDSL modulation, which my line is now declared to be capable of, I could reach the 50000 kbps data rate. Worth doing something ! It may even be possible that other ISPs play the same dirty tricks to their customers (tie-in contracts), who knows ? Rather that wasting my time in litigating, my desire is therefore accessing a good modem, ADSL and VDSL capable. Hence my question 1 (is a pfSense appliance a modem or able to become so with a package); Hence my question 2 is there an open source DSL modem project underway, capable of allowing a high level of security and capable of line-state-monitoring. TIA for suggestions, even speculative.  8) 8) 8)

Thank you ! I try to set up this.