I would expect that to be fine. X520 is quite common.

Yes, you can mask that if you need to as long as you replace it consistently in the logs so we can still see it being used. Steve

@viragomann Thanks, did forgot it was a log to read :) Find the problem, it did look that DHCP was on but it was not.

I doubt you're actually seeing logs identical to that so please post your logs for review. Steve

@silence said in NO INTERNET TRAFFIC ON LAN: create a firewall rule on wan (to allow traffic please) Um, yeah, don't do that! You don't need rules on WAN to allow traffic to reach Google. What speed are you seeing? What do you expect to see? How are you measuring? Steve

Yes, it will use multiple CPU cores. Especially if you have a bunch of packages installed where loads can be spread more evenly. But, also yes, some things are single threaded. If you need to route at or close to 10G and run things like IPS or ntop then almost nothing would be overkill. Steve

Like I said if you just load all the rules and don't tune anything it will alert and block on most Linux pkg updates. You need to suppress the alerts or disable the rules that are triggering it. https://docs.netgate.com/pfsense/en/latest/packages/snort/suppress-list.html We usually recommend running Snort for a least a week in non-blocking mode whilst monitoring the alerts. Only enable blocking once it's no longer alerting on legitimate traffic. Steve

@waldy327 said in FTTH (AON): Fritz!Box 5530 works, pfSense not: Or is it enough to disable "Hardware TCP Segmentation Offloading" "Hardware Large Receive Offloading" Those should be disabled anyway, they are disabled by default so definitely disabled them if you have set them enabled. Hardware offloading requires the driver and hardware to work correctly together. Something that works on an igb NIC might work on ix. It might not even work on a different NIC that also uses the igb driver. They usually do though because those Intels are the best supported. Intel contributes their own driver code to FreeBSD. To disable that as a test you can run at the command line: ifconfig ix0 -vlanhwfilter -vlanmtu -vlanhwtag -vlanhwcsum I had assumed your igb NICs are not SFP? Steve

Well, I somehow resolved it... Sort of, I downloaded the configuration manually edited the XML file, removing the <ntpd>...</ntpd> section. Did a restore of full configuration, after the reboot it works, checked the NTP configuration, all looks the same. Even Debug output is all the same except now both IPv4 127.0.0.1 and IPv6 ::1 query through ntpq work. Only thing I can figure is that there is a hidden or corrupted character in old ntp configuration section.

Yup could be a bad disk. Can we see the actual output leading up to the reboot? Steve

My post yesterday was intended as tongue-in-cheek. Microsoft ran into this same discussion with Windows 10, after switching from three feature updates a year to two, then changing the labeling from "1909" to "20H2" because people kept expecting releases in March and September, per the numbers. It seems the misunderstanding here was that the ".01" release would definitely be out in January, not "when it's ready." Changing versioning to "21Q1" may not work with internal version numbering. I don't know if "21.1" for the first release of the year then "21.2" and "21.3" would still fit the stated goal of dating the release but might be a compromise. If one is even needed...setting the "when it's ready" expectation a bit better would be another method. I do understand the point of view where people may have been waiting for the new version to ship routers, and sympathize.

@jknott said in Complete newbie - set up guidance please: @tymh said in Complete newbie - set up guidance please: Obviously I need to put pfsense in between the modem and the router, Why would you need both pfsense and another router? Now I know more about this, it would be using the Orbi as an AP rather than a router.

Works fine just turning off the service if you don't reboot on a regular basis. I went from really high to 8/9% memory use since yesterday.

@patch said in Trying to use a new 5G modem with pfSense: you will need to not block local networks on your pfsense Wan The setting that pfSense has for this, Block private networks and loopback addresses, only blocks incoming connections sourced from private IPs. All incoming connections on WAN are blocked by default anyway. Having that enabled does not prevent outgoing connections in a double NAT setup like this. The only time you would need to disable that is if you were trying to connect from a client in the WAN side subnet. So for example if you had a WIFI client connected to the Telstra router and were trying to access the pfSense webgui using it's WAN IP. Steve

@steveits _ Thanks! Let's hope so...it drives me nuts!!

So... working as expected for you now?

What error is given? Is this pfSense related? Steve

So only output drops on the switch interface? Any drops or errors on the NIC in pfSense? Flow control mismatch maybe? I wouldn't really expect to see any issues with a 1G test over 10G infrastructure. Steve