@stephenw10 I didn't realize that I was able to create an interface for VPN. I did that (and it booted the remote users, lol), and was able to configure the FTP Proxy Client plugin to work with it. Thank you for your help!

@nollipfsense Also of note USB NICs will change the NDI, too. They're not the only thing that goes into the NDI but they're the most likely to cause a change.

@mrpete said in page fault kernel panics after 2.5.2 upgrade: the fact that it is a UFS panic proves fsck is needed? Yes, that. You would not see that panic if ZFS was used. Steve

@anetde said in sshd trying to connect to ports 25/ 465/ 587: the default deny rule on the WAN interface logs lots of blocked connection attempts sourced from the gateways WAN IP to public IPs in the wild on the mentioned dest-ports. That implies blocking outbound connections which would normally be allowed. Can we see these actual firewall logs? I would run ps -auxwwd and look for some script openning ssh sessions. But note this is sshd, the server, logging that. This looks more like someone use ssh as proxy/tunnel and trying to send mail across it. So just look for ssh connections inbound when that happens. Could be an admin connecting from a compromised machine without knowing. Steve

Indeed it's not ready yet. We had a basic patch that worked past the issue for most situations but was still broken for the allow MAC table. However further testing showed other issues with more complex setups. Now that we know the root cause though we should be able to patch the ruleset to allow for it. We are testing patches now. Steve

@gwaitsi Yep. Since my Qotom mini PC has a serial port, I enabled it when I installed pfsense, but normally use a keyboard & monitor.

@gertjan Thanks for that Thanks for your help!

@stephenw10 ok- I will investigate after work. Thanks for the info.

For everyone having the same problem: DO NOT add something custom to the DHCP configuration of WAN via "Custom Override" before connecting once on WAN. It will fuck up your automatic rule generation in NAT and resolve in not getting any ipv4 connection on anything but WAN. If this rule generation has happend...then it is ok to add whatever you want. For my specific situation I only had to add the string of my conf-file into the "Send" options of the advanced DHCP settings (as @stephenw10 mentioned) and it works better than it has ever had! [image: 1646168771888-91084322-bdfb-48a7-a21f-0fc5a3627541-image.png] Thank you netgate community!

For it to happen repeatedly like that and damage the config file everytime you would have to be removing the power during the config write. So maybe pulling the power immediately after clicking save on something each time? Is that possible? Either way you should always halt the system properly before unplugging it if you can. Steve

What throughput vs CPU usage do you get currently? I've personally never seen pfSense running on anything that could pass 25Gbps. Steve

@reberhar said in dpinger stops (crashes?) after update to 2.6.0: @bmeeks My multihead site responded to changing to the Live Rule Swap option as well. The one that I thought was fixed by a reinstall of Suricata failed again so I have turned on Live Rule Swap there as well. Suricata reloads the rules even if you have blocking turned off and the same problem occurs. In order to monitor traffic, Suricata generally must put the interface in promiscuous mode. That happens whether blocking is enabled or not. And even when run in IDS mode (no blocking), Suricata still must update its rules.

@tomrrr said in Web Admin Two Factor Authentication: then I would be unable to monitor performance/throughput/etc remotely Have the data collected by some server, protect the link with firewall rules - and now observe from ..... Dono, pick your place. Go here or here if you need something. Btw : I'm just a pfSense user, like you.

Can't see the timestamps on those so it's hard to say how constantly that is.

Yeah, you don't need to add any routing, pfSense will route between all connected subnets by default. With pf disabled you should be able to reach between the subnets. There will be no NAT, so no WAN connectivity, but you don't need that between internal subnets. It sounds like you have some connections in places you shouldn't. Steve

Yeah, it sure looks like something objecting to whatever the Pi is doing. If it is Comcast it seems like they should know they're doing it. But....

@raulchiarella said in Could not fetch URL when creating ALIAS: https://raw.githubusercontent.com/victorfmaraujo/pfsense-aliases/master/WHATSAPP/whatsapp.as So created an alias using that, seems to pull fine. Then put into a rule to test the table being loaded. Tables are not really populated until the alias is actually put into a rule. But then you can see the table populated [image: 1646063641701-working.jpg] edit: btw that list could you some clean up for sure... lots of duplicated networks. example - these are all listed 185.60.216.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 But that first /22 covers all of those /24s - there are multiple examples of that in that list..

@jimp makes sense and works. Thank you.

@pille99 yes

@stephenw10 I figured it out. Report filed. It looks like someone else had a similar issue, made sure to quote it in my report.