@zedutchman: Looks like it was pfblocker. Not sure why. Didn't look at the logs before I did a fresh install. I've setup my essentials (OpenVPN, Squid) for now till I have a stable setup and I know I have no issues from before. That was my fix. I was running with top 20 ipv4 blocked. Followed a guide online and it did not work out. Probably didn't help that as a newb I ran Snort with PFblocker and had everything getting blocked. Hi, I had same issue 2 days ago. I am running squid-snort and pfblocker with dnsbl enabled. I think its your firewall. You need to allow port TCP/UDP on 8081 and 8443, Also, i found this in the forum. Please make sure that you have dns-resolver turned on and inside there dns-forwarder is unchecked. Also, to check if things are working go to 10.10.10.1 and you got to see 1x1 gif square of white color. Hope it helps Firewall > NAT > Port Forward> Edit Interface LAN Protocal TCP/UDP Click Invert match select LAN Address Destination port range From Port DNS and to Port DNS Redirect target IP 127.0.0.1 Redirect target port DNS NAT reflection Use system default Filter rule association Create new associated filter rule Create rule that allows TCP/UDP from LAN net to  LAN address on port 53 Create rule that allows TCP/UDP from This Firewall to Any on port 53

You might have a crashreport available in the GUI. Paste it on pastebin & link it here.

This was setup many years ago and i never questioned why…. guess i have some detective work to do... im sure I just need to forward some ports and it'll work fine...

and how is  the 2.3.2 release ?? I have the same problem =\

Yes, there are some additional steps which are required to 'normalize' the operator branded modem. I've added a brief description to my earlier post. Those changes are modem specific and not directly related to pfSense. I don't think it's really necessary to buy a new modem, but I would prefer to use a stick rather than router like 5372.

You are correct, it relates well to Op question.  My created-topic with a similar problem however remains empty :)

It will be in 2.3.2_1.

How can we allow ftp protocol for my users. Or do us all (ISP, hosters, your clients) a favor and switch to SFTP for file transfer. And no, I'm not talking about FTP/S (FTP with TLS/SSL encryption), but SFTP (subset of SSH service). It is SO much less hassle. FTP as a protocol is just a giant PITA. If you have to, check you don't have a far too big passive ftp port range so you don't have to open up some thousands and thousands of ports.

Normally this should be completely transparant and no changes required with the default pfsense rules. The PFsense box is not aware of your VPN, it' just TCP(or UDP) traffic that is forwarded. Nothing more.

@Harvy66: Lagging is a result of bufferbloat. While trying to figure out how figure out what ports common game servers use, enabled Codel Active Queue on your firewall queue. I thank you for your reply, but, honestly, what will 'Codel Active Queue' do with my problem? as for an example, I have an online Game "XYZ", but they don't provide game port(s) as they are paranoid that it will attract/invite DDOS :(. I have pfSense traffic rules configured, lets say people are playing DOTA 2, League of Legends or Heroes of Newerth while doing streaming/browsing on my LAN and the ping rates are 'acceptable' because of the traffic rules I have created and these Games provide either directly or indirectly with the correct port(s) to configure. If Game XYZ port(s) are not determined, it will ultimately goes to the default queue (unless otherwise they use same/similar port(s) of other game servers), of which I have configured with less bandwidth. Once again, I am really sorry as I don't get the whole picture enabling "Codel Active Queue" for this.

So the neighbors keep shutting off the lights in their living room.  Could you help me stop them from doing this, my microwave model is LG 100, it was made in 2014 and has buttons on the front with a table that spins in the middle.

Lots of in/out errors. The issue seems to be with the modem configuration, my ISP always gave instructions to go full duplex. However setting the ports to auto negotiate pfsense will set it to half. And look here. Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Signet (81.xx.xx.xx)... Selecting best server based on latency... Hosted by SIT Internetdiensten B.V. (Voorthuizen) [74.82 km]: 11.25 ms Testing download speed........................................ Download: 44.15 Mbit/s Testing upload speed.................................................. Upload: 47.31 Mbit/s Seems like the ISP either changed their config without informing or has an configuration error. Thanks for the help anyway! Seems that because my laptop was on auto negotiate it did not have this issue and it caused me to think the issue was with the configuration of the pfSense.

That you think you switch is your problem is maybe why your having issues. If this is production use stable version of unifi controller and firmware.  And then lets troublehoot what wifi issues your having if any.

Aye, that's what I assume. As to why I'm stuck, as it doesn't "crash" every time (as if that whole thing wasn't crazy enough already)

Blocked from where to where? Link local is just that: Link local. Link local traffic on the local subnet does not use the firewall at all, nor can it be routed.

@johnpoz: sure that should work. As to trunk depends on how many interfaces you have in pfsense?  If your going to connect a port from switch that is in in each vlan on switch you don't even need to setup vlans on pfsense, only the interfaces.  your switch is doing all the vlan stuff. If you only have 1 interface in pfsense and are going to create the vlans on that physical interface, then yes you need a trunk to that interface from your switch and pfsense will figure out what packets are what based on the tags. i have 3 interfaces wan ( connected to my ONT/modem) lan (switch is connected to this one) opt1( nothing connected just an extra NIC card i had) Sorry im not fully grasping what your saying i plan on having 3 vlans on my switch unless i can connect my AP to my OPT1 and have that be its own VLAN type of thing then i will only have 2 vlans on my switch. what i picked up is if i connect a ethernet cable in each of my vlans to its own interface on pfsense then i dont need to configure VLANS on pfsense but if i plan to only use one cable from my Pfsense to my switch then i do need to trunk the VLANS?

Thanks. Just the info I needed.

The closest you'll see at the moment is how things are now: 2.3.3 is not that far off 2.3.2, but they pull from different package sources. If a package change is pushed to RELENG_2_3, it will be available on 2.3.3 and not 2.3.2, so that is good for development and testing.

We have a 2.3.2_1 release in the works for that. Though we've looked over the list of issues and the only one that appears to be relevant in any significant way is the OCSP issue, and that would only be a potential problem if you have HAproxy or FreeRADIUS configured in a way where they would answer OSCP queries on behalf of clients.