@cool_corona Try installing the bandwidthd package. "BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each IP address's utilization can be logged out in CDF format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded."

@artooro It seems that you are correct...learned something new today...thank you for sharing. "Yes, a domain can have multiple A records. This is known as "round-robin DNS" and it allows multiple IP addresses to be associated with a single domain name. When a client requests the IP address for the domain name, the DNS server will rotate through the list of IP addresses in the A records and return a different IP address each time. This can be used to distribute traffic across multiple servers or to provide failover in the event that one server becomes unavailable."

@stephenw10 Heh at least I am not only one that think it is odd. Yes, clarifying when I do the VPS -> VM transfer I port forward port 8080 on my firewall to the open internet then use netcat to raw transfer the bytes from the VPS to the VM via the port forward. I appreciate the new angles of attack, when I am at work tomorrow I will try these and report back.

@stephenw10 @johnpoz ah ok well reason i also have multiple cards too for Cameras and IOT devices is i have like 100 IOT Devices.. i plan to get 30 cameras for my property i at 5.. my unraid server is my File Server, VM Servers, Plex Server, webserver, all on my gigbit onboard network connection so i figured also having multiple cards will also not bog things down later.. but i not expert i just guessing and like i orginalyl thought if i had a ip on HA 3 different network interfaces and pfsense had all the ips it would work... would it have worked different if i used a 4 card port in Pfsense and ran them all into the network switch and skip Vlans does that work better and let the switch create the vlans? i guess the big companies figure all that multihome asymmetrical stuff you been dealing with for years.. they probably run different software that deals with all that stuff i bet so i guess ill try removing my 192.168.0.12 lan port for HA and go with 192.168.20.12 as it will have 100 IOTs now i did find for some reason i can ping 192.168.10.1 but i cant ping 192.168.10.2 or 12 or any of the cameras from the lan side.. but ill play with it... probably some check mark or so lol i appreciate the help so far... so far i learned its not plug and play like if it was on the LAN side lol

No I don't. As far as I know it doesn't stop services before taking the snaps. It's a boot environment not an instance snapshot like you might do for VM. When you roll back it reboots into it complete with all the usual boot scripts that start the services etc.

The desktop app exists to hide all communication so that's what it does. pfSense and pfBlocker cannot see it inside the tunnel. But, yes, you can easily just policy route single clients over the VPN rather than the full subnet. Steve

@jknott that i don't know. I arrived at 1472 by plugging my win10 laptop directly into the modem and pinging with the flag set at whatever it was and working my way down until it stopped fragmenting. i didn't realize that the 28bits for the header were to be added onto the mtu size once the fragmentation limit was found. it's all fine, works great without any issue. just thought you'd all like to know about my experience.

It seems to be working. Thanks

@sfigueroa If you're setting up a client, such as a notebook computer, you just have to use the client export. If you're setting up pfSense on a remote LAN, then you use the client settings.

@fbgluck A network that connects 2 routers would be a transit network. So what IP range to be used would be up to who manages the overall network. if the downstream network is managed by someone else, and there is no overall person that has access to the complete network, then the owners/admins of the upstream network/router should provide you with the transit IPs to be used. This could be something as small as a /30 or if there might be other routers on the same transit maybe a /29 or /28 even.. But I am kind of with @Jarhead here, maybe it came off the wrong way.. But this does seem like a basic networking 101 sort off question.. As to 1&2) this would be something that does not overlap with the network(s) on the other side of the edge router in your drawing or on the lan side of pfsense. So something other than 10.9/16 or 192.168.0/24, common to use say 172.16/12 rfc1918 block if you are using 10 and 192.168 networks. So an example of this transit network might be 172.16.0.0/30 the upstream is normally the lower IP in the range.. So the edge router would be say .1 and the pfsense wan would be .2 That the upstream be the lower IP is not a written in stone sort of rule, it could be the last IP in the range. But normally its the first IP in the range used for the transit. Also use of small networks for transit is not a rule or anything either, it could be a /24 for example.. You would just want to make sure that the transit networks you use in your network do not overlap with other networks that are routed. this is pretty clear, on your drawing you show 192.168.0.252, this would be the gateway of devices on the 192.168.0/24 network then. edit: To your last comment, yeah pfsense doesn't have to nat for sure. Nat would only have to be done upstream in the network where the rfc1918 space might need to get to a public range, etc. Even if you natted at pfsense, you would still need an upstream nat if these devices on your classroom network have need to get off the school network and go to say the internet, etc

@stephenw10 Thank you for your help. Then I realized that the whitelist had not been configured.

@nollipfsense I was kinda coming to that idea. Thanks....

@starsandbars There is a long thread here if you hadn’t found it yet: https://forum.netgate.com/topic/161424/dhcp-lease-screen-not-loading/

@stephenw10 hmm something like that in a way For example here Essentially, i think the feature/logic needs to be built into OpenVPN and not a pfsense thing specifically.

@johnpoz said in not of my client can resolve it's own hostname: local.lan for longest time, in the middle of moving over to home.arpa - just waiting for my certs to expire and do it natur Thanks for the suggestion. I plan on moving in several months and I'll take the opportunity to update.

@rcalhoun If your store has any devices that use Bluetooth, they might record the Bluetooth MAC addresses of the burglars' phones, if they had them (likely) and had Bluetooth enabled (almost certainly).

@stephenw10 Did that. Issues: https://forum.netgate.com/topic/177753/new-6100-high-tem-on-dev-cordbuc-0-temperature https://forum.netgate.com/topic/177755/6100-slow-in-comparison-to-protectli-fw6e/2

@michmoor said in Assign a second IP to a LAN: Why keep the old IP as an Alias unless theres that one client that cant be moved to the new IP range for some reason. Agree - the only reason for the old IP address as a vip, is if there is going to be something on the network that you can not get to for a bit, and you need to run in a mode where the new and the old IP ranges have to run at same time.. But if you have a change window, and can move all the servers to the new IP range - there would be no need for a vip.. Unless you were trying to make the changes remote and needed to be able to get to devices from another network to change them. If your local or on the same network then no reason..

@adrien-1 Each modification of what? Do you have a large rule set? There is this patch available in the System Patches package: Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)

@stephenw10 Oh i understand now, ill take a look and let you know how it goes! thank you so much!