• Putting a traffic shapping on a schedule

    6
    0 Votes
    6 Posts
    550 Views
    stephenw10S

    If you used the wizard the match rules that put traffic in the queues will be on the floating rules tab.
    Create schedule in Firewall > Schedules. Edit the rule you want it to apply to and set the schedule there in the advanced section.

    Steve

  • Pfsense behind a router and need to access nanostation

    9
    0 Votes
    9 Posts
    814 Views
    stephenw10S

    Yes, VPN into pfSense and then access it from there is far more secure.

    If you are going to use port forwards you should definitely be using the secure server port (https).

    Steve

  • Adding Ports with Unmanaged Switch to pfSense Router

    5
    0 Votes
    5 Posts
    741 Views
    M

    @stephenw10
    I got it going. Literally every cable I tried was bad. I feel like an idiot haha. Thanks everyone

  • DNS with iOS

    22
    0 Votes
    22 Posts
    2k Views
    johnpozJ

    well when you manually set it only going to do ipv4?

    Turn off ipv6.. Does that make your issue go away?

    With ipv6 still off, set ipv4 to only 1 dns.. You sure this dns is working ;)

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    3 Views
    No one has replied
  • PFSense Speed Issue

    5
    0 Votes
    5 Posts
    685 Views
    H

    man - I'm embarrassed! I thought I'd disabled the proxy for testing but seems I hadn't.
    I disabled it, tests ran fine, re-enabled it and still worked - must have been a random glitch.

    thank you so much

  • 0 Votes
    6 Posts
    1k Views
    stephenw10S

    Presumably to force you to purchased their VoIP offering.

    It should be relatively easy to do this by either handing the OpenDNS servers top client to use directly or by having clients use pfSense for DNS and have that forward to OpenDNS. In either case be sure to block or redirect DNS connections to other servers directly.

    Steve

  • Need to block PSIPhon app

    8
    0 Votes
    8 Posts
    5k Views
    stephenw10S

    @johnpoz said in Need to block PSIPhon app:

    openappid for psiphon

    I don't believe we have one for that in our detectors ruleset but you might be able to load one fro somewhere else.

    That is likely the only way you will block it and even then it's not guaranteed if that app is specifically designed to prevent detection.

    Steve

  • Allowing all ports opened to certain port/vlan

    9
    0 Votes
    9 Posts
    872 Views
    stephenw10S

    If you just want to test OpenVPN just setup a port forward to it on the edge firewall.

    You can use 1:1 NAT to forward all traffic to the test VM if you really need to. Apart from any other port forwards you might already have that is.

    Steve

  • Pfsense with Active directory

    3
    0 Votes
    3 Posts
    671 Views
    N

    Figured it out after you suggested the ping test, turns out i had not specified the gateway in the Windows dhcp scope.... So rookie mistake.

    Thanks

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    12 Views
    No one has replied
  • Captive portal voucher

    2
    0 Votes
    2 Posts
    415 Views
    stephenw10S

    You mean specify a MAC address the voucher will be valid against in advance or just have the voucher locked to whichever MAC it is first activated against?

    Steve

  • Windows PCs cannot connect to google sites

    9
    0 Votes
    9 Posts
    2k Views
    johnpozJ

    post up your pcap of the dhcp conversation, discover, offer, request and ack.

    If your saying the dhcpd is sending out the correct mask, and others are using it correctly - then you got something wacked on those clients!

    Options shows that there was an option 1 of type Text with a blank value. Option 1 is - tada - subnet mask.

    So yeah that would F it up big time!! But you would of seen that in the offer, or lack of the offer containing mask.

  • Read log file in shell

    6
    0 Votes
    6 Posts
    2k Views
    jimpJ

    Upgrade. Use sudo.

  • Crowdfunding a feature/package

    4
    0 Votes
    4 Posts
    658 Views
    C

    I'd really like to see Zerotier support added to the core product, or a supported package.

    https://forum.netgate.com/topic/91683/zerotier-one-as-a-package-100usd/67

    https://redmine.pfsense.org/issues/9238

    It would be pretty cool if "pledges" could be made towards issues in Redmine.

  • Get certificates from Pfsense Cert Manager using linux commandline

    5
    0 Votes
    5 Posts
    4k Views
    L

    sorry because replying this old post..

    so for the oposite operation to import certificate or maybe overwrite a specific certificate it is possible or exist some solution scripting??
    at today i'm looking for a solution to automate the copy to anothers pfsense and import these certificate previously generated by acme, i will ask for help to a developer on another department to make a search of the encodec certificate and remplace by the new if it has not be changed or expired over php on xml config, based on anothers scripts like this https://forum.netgate.com/topic/95774/automating-certificate-imports-with-letencrypt-script/12

  • Create Internet Only Guest Access on my LAN

    4
    0 Votes
    4 Posts
    481 Views
    A

    When you say "Two other devices that need full LAN and Internet access", are these wifi devices, or are they wired devices with cables plugged into your distant network switch?

    Jeff

  • pfsense disabling firewall for one specific ip

    25
    0 Votes
    25 Posts
    4k Views
    S

    @viragomann said in pfsense disabling firewall for one specific ip:

    If you want to keep it behind pfSense why don't you want to go with NAT?
    If the machine should get a public IP and bypass the firewall, why don't you connect it to WAN?

    Do you have multiple public IPs or a public subnet?

    Thanks

  • HELP! Comcast Ethernet Dedicated Service and setup

    19
    0 Votes
    19 Posts
    4k Views
    stephenw10S

    Seems like it was not a pfSense issue at all. It should have worked in any of the suggested configurations but there was no response from the Comcast gateway.

    Steve

  • 0 Votes
    9 Posts
    2k Views
    johnpozJ

    Well you don't actually have to sniff on the client... Sniffing on lan side and wan side should help you find the problem... You really want to capture a few full stream or conversations.

    So you see the syn and syn,ack of the start all the data moving ack, ack ack, etc.. Then the close with fin,ack from both sides and acks..

    its quite possible the echo send fin,ack - but amazon never sends back ack to that - so it causes a burst of noise like.. I don't log default block rule.. Unless I am troubleshooting something... I have 3 echo devices.. So I could turn on logging to see if notice any such burst of FA and RA being logged.

    Do you have pfsense set to reset states on loss of wan? That could cause lots of bursts of this on little blip on your wan connection..

    system, advanced, misc
    killstates.png

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.