@stephenw10
A RasPi is too big and you'd had to buy it....

My point was that if refrigerators or light bulbs had something like a better ESP32 SOC (which they don't have), one could hide the PBX there. In case of a broken fridge or bulb, this would also lead to service calls for the service provider's hotline. I wonder if they would figure out, when the customer says, that whenever the light bulb is defect, my telephone doesn't work, too (unless you inform your family members or friends, which you wouldn't do).

The ISP restarts the PPPoE connection every 24 hours, this is why I came up with the Shellcmd script of type after...

This may actually not be necessary, if I control how Asterisk gets restartet. I need to look at the details, but the Asterisk start script in /usr/local/etc/rc.d also seems to get repeatedly called within a short interval, which likely lead to the race conditions I sometimes observerd (lot's of network errors). Since the Shellcmd script at first cleaned up the entire runtime environment of Asterisk, my problem seemed to be solved.

The only thing I probably need to do is making sure that Asterisk does not get started within a too short interval and that at first the old daemon gets properly killed, i.e. basically my Shellcmd script as the start option of the rc.d script. I always wondered why safe_asterisk was so bulky---there's probably something similar inside the script.

No worries. Nice catch!

@hrohibil said in Two separate LAN cards?:

4 GB DDR3

Probably indicates a 64bit CPU.

yeah half-in IPv6 can introduce delays like that.

Disable the DHCP6 server on LAN
Edit LAN and change IPv6 track interface to None.
Edit WAN and set IPv6 to none.

Alternately, and probably preferably, get with the ISP regarding where they are in IPv6 deployment and get it all turned up correctly.

So yeah it was only 1 computer.
A reboot fixed it.... all is (as close to) normal as it can get.
Hectic morning.

Nothing to see here.

Thanks for listening to my craziness.

You may have triggered SSHguard if you tried to login and failed several times. You should still be able to SSH from some other IP if that was the case. SSHing from some other device in the same subnet should work even if it list routing info for example.

Do you have a config backup?

Steve

I would bounce them all. Bounce the cable mode first. After it comes back up, bounce pfSense. Check to see if it picked up an address.

Yeah, both those things^ 😉

Doing this in stages may introduce further issues. If you start out with pfSense behind your existing router and move your IoT devices onto a new subnet behind that you would not be able to reach them from devices on the original LAN for example.
That may not be a problem.

You could do it the way around and start out by putting pfSense in place with your existing router behind it but there will be down time. If you don't have separate wifi access points you might want to do this:
https://docs.netgate.com/pfsense/en/latest/wireless/use-an-existing-wireless-router-with-pfsense.html

What sort of VPN will this be? For accessing resources behind the firewall when you are remote?

Steve

You want to redirect to /dev/null? Or to the system log?

Steve

You should not have to do anything. DHCP will assign your WAN address, subnet, and gateway.

Your firmware version looks ancient compared to mine. I would start there.

https://motorolamentor.zendesk.com/hc/en-us/articles/216091737

@signalz said in Switching to ZFS:

In my experience, ZFS is a little faster to update and upgrade, and RAM usage is a little higher. In your case, I don't think you will see performance problems as all those plugins are not produce much system load. However, I don't think there is much benefit to using ZFS at this time. There isn't anything in the UI to report on or configure it.

Thanks for that... I use ZFS on FreeNAS, so I have no problem logging in via SSH to check on something. My main reason for being interested in ZFS is to be able to roll back if an upgrade goes bad.

I'm eventually hoping to graduate to Snort or Suricata, but haven't had the time to scale the massive learning curve to configure it. I had Snort running but it really wasn't doing much except filling log files at the time.

Anyone using Snort/Suricata with ZFS on a "smallish machine like a J1900?

That's not entirely true. We have back-ported patches previously if they are sufficiently important. It's very inconvenient doing so though, any move away from stock FreeBSD introduces additional technical debt at every pfSense release. That's something we are very much moving away from.

Steve

That would be great story for sure!

So found a new customer to support, yeah they were sending out shit traffic that my firewall blocked.. So I contacted them about it - now I provide their IT support... heheeheheh

That for sure should be posted somewhere... How monitoring your firewall logs can find you new customers ;)

@wesleylc1
There should be nothing to set for basic telephones.

OMG LOL! Now the stupid thing works. I had typed in my password incorrectly a few times yesterday and now im wondering if the site auto ip banned me for 24hrs... I was really at wits end because the connection was being refused by anything behind my pfsense vm but still worked fine from my cell phone. so yeah i guess we can say this is solved now lol sucks because when i posted this it still didnt work and i was out of troubleshooting ideas.