@jarhead My mistake, confused vlan with lan during setup.

I assume the modem MAC disappears from the ARP table too? If you run a pcap on em0 when it fails do you see any incoming traffic at all?

There's a lot of history here. Some of which might be relevant. That additional interface shows as down in the first screenshot so how is it configured in VBox? If a connected client receives a DHCP lease though it must be connected correctly. In which case it can only really be firewall rules. Steve

There's no easy way to that. There's nothing built in like easyrule for NAT. Anything is possible with code though. Steve

This a known and long-standing issue in VMWare. Adding 4 or more VMXnet NICs re-orders the the way the NICs are presented to the guest. Re-assigning the interfaces to the new order is really all you can do. Unless you want to map then NICs to the PCI bus manually in VMWare. Steve

Yeah, that's exactly what those Range Extenders do; hide all the connected clients behind their own MAC address. The first time I saw that I could hardly believe it was real. It's ugly as hell and best avoided if at all possible! Steve

@jsingh04 said in Static wan IP stops working after a power cycle: it shows a name resolution error Then you have a DNS problem. When you set the WAN as DHCP it probably pulls some external DNS servers that the firewall itself can use if it's own DNS resolver is not working. When you look at you system log you will note that initially the date/time is wrong. The boot log shows there is an RTC present but it seems to be incorrect. Probably the battery needs replacing. When you boot it with a static IP set after a power cycle the clock will be wrong and that leads to a scenario where Unbound fails to start because it's cert is invalid or it see results as invalid because DNSsec is enabled (by default). That means ntpd cannot resolve any external servers and the time cannot be updated. So do one (or more) of: Fix the RTC battery. Add at least one external DNS server when you use a static WAN. Disable DNSSec in Unbound. Add a local NTP server that can be reached by IP address. Steve

@bmeeks rgr that and thank you for the info. I did go ahead with the full reinstall just to be sure, but being able to reset is good option and thank you for the reply.

@bmeeks pfSense is showing me it's using igb (igb0, igb1, igb7). Here is the offloading: [image: 1658444243197-offloading.png] Is there a specific Intel based NIC card that you would recommend that doesn't have any issues with pfSense? Just wondering.

Yeah, since the re-write of many drivers to use the iflib framework the loading appears differently. So 2.6 and higher. That loading level is not necessarily any sort of issue. It depends how much traffic it was passing at that point and when the CPU is. Steve

The webgui listens on all the firewall IPs. How do you have the host override configured? Steve

Ah, no sorry, not for a block!

@sergei_shablovsky I agree with Sergei, I hope we see pfs on freebsd 13 soon. I use frontier fiber and freebsd 13 resolves the issue of the wan interface not being able to grab an ip from dhcp because frontier and all the other telco's tag their transmission with vlan 0.

Just an update on this, I purchased a new intel NIC and the connection has been solid ever since, no dropped packets, no wan down. For anyone else reading, the updated realtek drivers helped a little, but it took a day before the dropouts slowed (no idea why). It also helped when I moved my realtek nic from WAN to LAN. The ultimate fix appears to be as @bmeeks suggested "change out the Realtek NIC for an Intel variety"

[image: 1658399452499-c83e9ff0-9081-4795-bb5b-00682d637599-image.png]

@johnpoz Thanks for helping

@viragomann thanks so much and sorry for missing that previous post.

@creation2 https://search.brave.com/search?q=Freescale+T1042+CPU No. See above - it's the same family.

@droidus said in Snort Inline IPS Speeds: @bmeeks It is the Protectli FW4B - 4 Port Intel J3160. I have 8 GB RAM total. That hardware should easily do much better than the 10/10 you said you are seeing. I can already guess your next question, but sorry, "no, I have no idea why you are not seeing better performance" ... . That slow throughput is certainly not the case with many other users here on similar types of hardware in terms of capability. You will likely never get line-rate Gigabit traffic inspection with Snort unless you have a screaming fast CPU, but you should get better than 200 Mbps with most hardware.