@stephenw10 @dennypage OK! I did as you said. It worked well. After re-enabling the interface I managed to eliminate the "cancellare" alias that was in a rule of this interface, thanks

Hi, thank you very much. I tried and accessed via SSH. And yes the CPU load there is about 5%. I did not expect that the GUI consumes that much but good to know - Thank you very much for the information Have a good day S

@4eanlss Okay, so, after looking at the boot log I've found that there are a number of core-dumps on pkg-static. Looks like install from fresh image is in order.

Yeah you need to policy route traffic over the GRE tunnel otherwise it will jst use the default gateway which is probably the WAN. If ICMP and UDP work but TCP fails you probably have an asymmetric route in there somewhere. You only need 1:1 NAT at the remote end. You don't need the port forwards. The outbound NAT rules you have there are wrong and not doing anything anyway. But you don't need those either. You didn't show it but I assume you have a static route at the remote side for the local NEW_LAN subvnet via the GRE tunnel.

Yup more info needed. What hardware is that? How are those WAN NICs connected?

@stephenw10 Oki))

@stephenw10 Oki)))

Yup, that^. Restoring a config is easy compared with trying to create a mirror after install.

@stephenw10 Thanks much!!

@stephenw10 That's neat! Thanks for the information

Hello Steve, Thank you for replying. In fact, we were listening to IPv4+IPv6 in bind. I just changed that parameter to listen only on IPv4. Waiting to see if this happens again. Thanks a lot. Birama

Hi, I was looking for the same thing and found that there is a "/etc/pfSense-rc.shutdown" script. At the bottom it runs all executable scripts in "/usr/local/etc/rc.d/shutdown.*.sh". So I'm guessing that creating such a script will achieve what we are both looking for. The catch now would be to guarantee that the creation of such a script will survive an update. I would guess yes. What it won't survive is a reinstall. The filer package addon can be used to create this script and also sync it in a ha cluster.

Mmm, latency like that can really only be traffic shaping in pfSense, if it was something in pfSense. Some cable modems are known to behave like that though.

That doesn't appear to be a specific exploit/vulnerability so it's difficult to assess. The usual precautions apply though; don't open services on your firewall to the internet.

@NickJH said in Why does losing internet make me lose my LAN?: May 16 11:54:44 pfSense php-fpm[75615]: /rc.start_packages: Restarting/Starting all packages. May 16 11:54:44 pfSense anmuscle[85684]: Starting anmuscle May 16 11:54:44 pfSense anmuscle[4545]: Stopping anmuscle May 16 11:54:46 pfSense anmuscle[11836]: Successfully stopped anmuscle May 16 11:54:46 pfSense anmuscle[13056]: Finished configuring DTTS pf rules May 16 11:54:47 pfSense anmuscle[14274]: Successfully started anmuscle on 13443 Something looks like it's out of sequence here. When packages are restarted they are all first "stopped". Then started. Here, for "anmuscle" : the stop starts with a start (now two instances are running ?), then a stop .... and then a start again. Strange. I also upvote unbound here.

Thanks, that fixed it! Not sure why I was too afraid to try that.

@stephenw10 Yes, on aws EC2s

hi @Gertjan thanks for the replies

Alrighty! Thank you so much for the explanations... and for writing it in a way I can understand. That message makes sense now. I really appreciate everyone's help!