It's not an nmap package problem, but a general problem that affects several packages the way they display output from certain utilities: https://redmine.pfsense.org/issues/8502

It's been a while but the Business Hub was BTs device they gave you if you ordered a subnet of static IPv4s as well as some other "business" features. But I think it used a numberless PPP connection or something similar to give you the entire subnet on the LAN which pfSense cannot replicate.
That may have changed, it was a few years ago I hit that.

Steve

I know I had some trouble with my DHCP address that if I made changes on the physical or hypervisor side, pfsense would not pick up the changes without a restart. Though I have since rebuilt the pfsense VM and am not having this issue on this install. I made the DHCP address as WAN1 instead of WAN2, not sure that it made a difference or not.

If you are using putty in Windows (or Linux) you can just enable logging there to get a file directly. Most terminal clients will have enough scroll back anyway to just copy and paste it out.
You would need to just leave it connected and wait for it to reboot unless you are able to predict when it will happen.

Steve

Here is a rule I setup (but it's currently disabled as you can see from the screenshot) to keep 1 single device from accessing anything off it's own subnet, thru the firewall. In my example, the host at 10.0.1.116 is blocked to any destination.

Screen Shot 2019-10-30 at 2.17.13 PM.png

Like @johnpoz says, you have to have this rule above the default allow any to any rule.

Jeff

Maybe if it's sending enough queries to be limited.

@johnpoz said in Please drag your screenshots into the message if you want help:

emailing a bunch of bots or spammers

When signing up - spammer or real person, a mail validation is used.
I wasn't proposing a new mail .... just an extra line in the already existing mail with "see here for some help about how to ask questions ...."

@johnpoz Noted sir, Thank you. I will post another topic regarding failover, again that one is with VLAN problem :)
Thank you for early christmas gift. new Knowledge ehehe

I can't say I can ever remember seeing a 'bug' that resulted in a loss of interface configuration like you describe.

Maybe the filesystem was so trashed that the configuration was lost, but in that case you'd have to do a lot more than just reassign interfaces.

So I suspect that maybe it's not quite exactly as you describe. But since you don't have a monitor hooked up when it fails, you can't really tell what happened for sure. When it does fail, you need to look back in the boot log and see what it's really complaining about. (Press scroll lock on the hardware console keyboard and then use the page up key to go back in the buffer, then scroll lock again to get out)

It wouldn't surprise me if it's related to that hardware, given its track record/reputation, but it's entirely possible it's a red herring and you're chasing the wrong end of the problem.

You can get it done in a short maintenance window without bothering with the insecure old version.

Get the new hardware up on 2.4.4-p3 without any extra configuration Restore your current config to this box -- it will be your new primary Swap in the new box in place of the old

If it all works, then you take the old hardware, install 2.4.4-p3 on it and now that's your new secondary. If it didn't work, then you still have your current 2.4.4-p2 box and can swap it back in place and then investigate why it failed. If you want an extra dose of safety, then swap out the disk in the current system so you have the running copy of 2.4.2-p1 preserved.

If you can't get enough of a maintenance window to do it properly, it's a management issue, not a technical one. Trying to force you to work with zero downtime is insane and shouldn't be encouraged.

https://github.com/opoplawski/ansible-pfsense now has a basic pfsense_user module. Feedback welcome.

Yes.

Found it, thx.
I have a similar problem still. When I go to a website, the site itself might fetch scripts etc from other domains which would need to be whitelisted, too. Doing that manually is a hassle in particular when the external resources are fetched through muh.cloudfront.net while the other day it is meh.cloudfront.net. Can squid whitelist a whole website?

Even if your hardware is 32bit, just means its time you refresh the hardware.. Clearly any 32bit hardware in this day and age is well past its use by date ;)

Try enabling powerd in System > Advanced > Misc to get CPU speed scaling etc.

Steve

Docker running on pfSense rather than pfSense in Docker?
Yeah, definitely not going to work. Also a bad idea to run anything like that on your firewall.

Steve

But the admin user should be given the same password as that new user. That is done as Azure won't allow using the admin user directly.

Steve

@JKnott
yes, i misread Rico's instruction and put in an invalid ip. i'm a newby to network stuff. tnx for the ed.

@Derelict I ordered one. Guess we'll see what that does.