So something is preventing traffic from localhost on that install specifically. Does it give that same error even after boot? Steve

@stephenw10 Thanks Stephen, I'll be okay from here... really appreciate the help!

@jonathanlee https://getlabsdone.com/how-to-setup-pfsense-pppoe-wan/ Great example of bridging the modem

@stephenw10 That served the purpose. Thanks Ted

@michmoor have a play with the following:- awk, sed and echo I run the following at midnight to get yesterdays entries from the snort logs:- grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert | awk -F, '{a[$5]++;} END {for(i in a) print a[i]" "i}' | sed 's/"//g' | sort -r ; echo grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert ; echo So I get a summary like this:- Command output: Snort WAN Alerts (grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert | awk -F, '{a[$5]++;} END {for(i in a) print a[i]" "i}' | sed 's/"//g' | sort -r ; echo) 3 ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108 3 ET TOR Known Tor Exit Node TCP Traffic group 107 3 (spp_sip) Content length mismatch 1 ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 Command output: Snort WAN Alerts Details (grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert ; echo) 04/10/22-07:46:07.832658 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,60048,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-07:46:07.832658 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,60048,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-16:23:11.254875 ,140,18,2,"(spp_sip) Content length mismatch",UDP,192.241.212.220,55707,xx.xx.xx.xx,5060,54321,Potentially Bad Traffic,2,alert,Allow 04/10/22-18:08:00.070426 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,47241,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-18:08:00.070426 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,47241,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-20:42:03.730836 ,140,18,2,"(spp_sip) Content length mismatch",UDP,128.199.3.204,58177,xx.xx.xx.xx,5060,40209,Potentially Bad Traffic,2,alert,Allow 04/10/22-21:11:10.595437 ,140,18,2,"(spp_sip) Content length mismatch",UDP,165.232.128.219,58181,xx.xx.xx.xx,5060,47623,Potentially Bad Traffic,2,alert,Allow 04/10/22-22:53:32.283173 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,50650,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-22:53:32.283173 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,50650,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-23:34:44.609324 ,1,2017919,2,"ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03",UDP,14.1.112.177,38376,xx.xx.xx.xx,123,54321,Attempted Denial of Service,2,alert,Allow NB the snort logs date format differs.

What hardware are you running on? What does top -aSH show for per core usage when testing throughput?

Ah, yes that would do it. The static values override whatever is in the main config. So leaving it empty there would not override 'none' set in the main config. Steve

@danlad2030 Here https://docs.netgate.com/pfsense/en/latest/packages/cache-proxy/squidguard.html

@anonymnuss said in random lockout single connection: If I switch the LAN adress of the proxy, its also blocked Hmm, that sounds like something blocking at layer2. In pfSense that could only be the Captive Portal. Try running a packet capture in pfSense whilst you ping from the proxy. Do the pings make it that far? I assume you don't see the traffic blocked in the firewall log? Steve

Are you using the captive portal also? There is a known issue with running both: [https://redmine.pfsense.org/issues/12954](link url) Steve

@stephenw10 thank you for your help :)

@stephenw10 Ahhh I see. Yeah it definitely shows the two speeds coming from the NAS. Nothing in between. So yeah it must be cached at the NAS, but I've never seen anything like this. Will have to keep hunting it. Thanks for the help!

@stephenw10 said in Strange behaviour after power failure: How were/are the interfaces configured? All static? Any errors in the boot or system logs? Steve WAN is set as dhcp (isp requirement) LAN/DMZ are static. OS Boot log doesn't make me any wiser anymore, as it seems to be allready overwritten with a normal boot. Like @Gertjan replied, a bad system shutdown could do some strange things. Replacement batteries are allready arrived so I hope this was a one-off experience ....

@stephenw10 I did at the time. It didn't make any difference. From what I understand it's not a true bridge and Comcast will have to bridge. I guess I will need to call them. I just wanted to make sure I had all the info I needed before I did.

@stephenw10 Alright, thanks for the info!

@abiny said in Computer system Requirement for pfsense: Hello, I am planning to setup pfsense for our school. I am planning to get a computer with 1TBHDD, 8GB of RAM, Corei7 processor and extra gigabit NIC. Will this spec be enough for a school with 1000 - 2000 users. Or do I need to buy one of the Pfsense appliances. Thanks You wouldn't need one TB hard drive, a 128GB SSD, and used the saving to up the RAM to 16GB. Seriously, take a look at the Netgate XG-7100 as earlier suggested...

Ok, please show us exactly what shows as down and how that interface is configured. Also if we can see the OpenVPN status page we might be able to see an issue.

@stephenw10 Gotcha. Ok thanks Stephen for answering my questions and providing guidence.

Ah, OK. Well in that case you could potentially create a failover gateway group with the two WANs. But I could imagine it would get stuck on the L2TP WAN. You would need to configure the L2TP WAN to be dial-on-demand and disable monitoring etc so it closed the link. But That would take far too long. Also I could imagine the PPPoE monitoring might fail until the L2TP disconnects. It seems like you could script it though. Probably take a bit of testing to find the right rc calls to work with those. Steve

@bmf7777 said in DHCP error message question: been working great for a couple of years ... then boom lots of DHCP issues everywhere What changed? Firmware updates?