Those offloading options should be disabled by default (checked). It rarely improves performance and can cause massive problems so I would not recommend enabling them. You might also disable Hardware Checksum Offloading as that can cause problems on some NICs. I would not normally expect bridging to cause a throughput issue on a system like that but if you were seeing output errors it was clearly hitting some issue. Unless you had a wifi interface in the mix there for example. Steve

Mmm, the DHCP server should supply the interface address as the gateway if you don't specify anything. It's hard to think what could prevent that. If the interface was invalid in some way you would be able to set it in the first place. Do you actually mean 172.16.1.1? 174.16.1.1 is not a private IP. It may be conflicting with something by some unlikely coincidence. Steve

Well depends on what you make of "application blocking" It can be done native if your just talking the ports the application talk on.. But as its listed as optional, and it can be done with optional packages. snort and openappID and proxy for url filtering.

https://www.eclipse.org/forums/ ? https://help.eclipse.org/2019-12/topic/org.eclipse.php.help/html/reference/preferences/php_executables/index.html

You actually have static public IPs on those servers? Or they are just forwarded by the comcast router? To actually use public IPs directly there you would need to have a public subnet routed to you and to route that to pfSense in the Comcast device. It would need to be a different subnet that the Comcast WAN too. If you are just portforwarding you need that setup through both routers. If they are all using the same port then you would need to use some intermediate ports on the pfSense WAN or have 4 WAN IPs. Steve

OK. The issue I see is that to use the NIC with DPDK drivers, as I understand it, you need to unload any other drivers attaching to it. That means you can't use that NIC as an interface in pfSense. And that means that I'm not sure what traffic you can capture on this NIC. The only way I could see this being useful is if you connect it sepeartely to a mirror port. Am I missing something? Steve

Or just enter the url '/system_usermanager.php' directly.

Yep. As soon as you see phrases that use the word [image: 1577775326803-920487c2-e31e-47e5-b350-36b1b3f510ea-image.png] or inode for short, you know the file system isn't 'clean' - they call the state 'dirty' - and it chkdsk, sorry : fsck time.

@naiksawan said in Allowed memory size exhausted.. what cause & how to fix it? please help..: /usr/local/www/guiconfig.inc on line 693 Most probably you were about to look a a log file that was to big to get parsed and formatted by PHP. This can happen when you set [image: 1577694246631-b9b0dabe-f1ea-4c03-99af-4e7e70a9e4ab-image.png] to a huge value ... something like 532 677 601 bytes - or half a Tera Bytes. Try something less daunting, or go out, do some DRAM chopping, change PHP settings so it can actually use it, and retry. Use the console access - option 8 and then the clog command to dump a log file to terminal : example : clog /var/log/system.log

I've yet to see a NIC that couldn't do VLANs in pfSense, assuming it works at all. Maybe I've not been looking hard enough....

Um.... is that a question? Waaay more info required if so.

@stephenw10 Are you asking what you can do to disconnect and reconnect? If you don't do anything, it will reconnect automatically and the time will be about 3 seconds. no. Server 1 is using private IP. ISP │ Pfsense (xxx.xxx.xx4.214) │ L2 Switch ┌ ┐ Server 1 (192.168.1.100) Server 2 (192.168.1.200) External IP Pfsense, Server 1 = xxx.xxx.xx4.214 Server 2 = xxx.xxx.xx4.220 [image: 1577608640571-1.png] [image: 1577608646926-2.png]

The default gateway group does not work with a load balance gateway group. It selects one gateway as the default, which is the active gateway with the highest priority (lowest number - 1 is higher priority than 2) tier. If you have > 100 pass rules on your LAN rule set and you want to point them all to a load balance gateway group, the best thing to do is get to work.

You are right, I restarted the service and the new settings were applied. Makes me wonder thou why lighttpd in combination with pfblockerNG had over 100 sessions opened for one ip address hours after I disconnected the device from the network.

@johnpoz Sorry - should have been more clear (and I'm still learning how/where pfSense falls into place here, in terms of its initial configuration). I was thinking about more 'foundational" features, such as as a DHCP server, DNS, toughening up security with some simple rules, etc, etc. But your last comment clarifies things, I think. It seems I can simply drop pfSense between my modem and ASUS router and use double NAT. The default configuration you describe sounds exactly as I'd want (and allow my existing devices to continue "blissfully unaware"). The only thing I'd need initially is OpenVPN, since I regularly remote into desktops from coffee shops over RDP (and don't plan on forwarding ports), etc. With VPN installed and configured, I'd be pretty much at parity with what I have now and can then start walking down the path of leveraging pfSense to the full, particularly as I implement IOT isolation across a couple of subnets. Thank you again, @johnpoz .

@T-Soprano Rule of thumb, always suspect cables and connectors. I have a simple continuity tester, which I carry in my computer bag, just for testing cables at customer sites. This is just a simple go/no go test, not performance certification.

@statecowboy said in Problems with PIA-VPN Interface: Dec 13 06:10:30 openvpn 23211 ERROR: FreeBSD route delete command failed: external program exited with error status: 1 That log implies the OpenVPN daemon is trying to modify the routing table and failed. You might have some routing conflict there with something OpenVPN is trying to use. Steve

Yes, it could be something else causing the drive write to fail mid-write. Bad SSD. Bad internal power. Bad cable. I have seen bad SATA cables do some truly weird stuff, I would swap that out first if you have not already. Steve

Yes, that 165.x.x.x public IP does not appear in the routing table so you are behind the NAT of that cellular router. You will need a port forward in place for that in the cellular router if you cannot pass the public IP to pfSense directly. You can see on the WAN firewall rules that 0 packets and states have been passed by the UDP 1194 rules. No traffic from the client is reaching pfSense currently. Steve