• SG4860 alert message "Cannot allocate memory"

    13
    0 Votes
    13 Posts
    1k Views
    DerelictD

    Yeah if you are loading another 200K rows you might have to increase that value.

    It is in System > Advanced, Firewall & NAT, Firewall Maximum Table Entries

    400K is enough by default. With your extra 200K I'd try 600K

  • Add New Interface for all my IoT devices and DMZ - no Internet access

    8
    0 Votes
    8 Posts
    1k Views
    stephenw10S

    Unless you have other devices in the actual WAN subnet you need to reach you probably don't want that LANnet to WANnet rule in LAN.

    If you want to allow access to only the internet from DMZ I would include pass rules for DMZnet to DMZ address for UDP port 53 and 123 to allow clients DNS and NTP access. Then a deny rule for destination 'This Firewall'.

    That would prevent DMZ clients accessing the pfSense webgui and other services using the WAN IP.

    Steve

  • Why does Traffic shaping on my pfsense box affect clients differently

    7
    0 Votes
    7 Posts
    616 Views
    O

    @tman222 thanks alot

  • Trying to achieve this with VPN...

    2
    0 Votes
    2 Posts
    389 Views
    stephenw10S

    Neither OpenVPN or IPSec can do that without any config at the server end. However OpenVPN is far easier. Put all the remote client subnets in one large super-net and set that as the remote subnet in the main server config. Then add client specific overrides for each client site with the actual subnets set.

    When you add a nee client you will need to setup a new client login at the server and add the CSO for it.

    Steve

  • Interface Statistics Question

    2
    0 Votes
    2 Posts
    157 Views
    No one has replied
  • Restore weirdness

    12
    0 Votes
    12 Posts
    1k Views
    N

    @stephenw10 I took your advice and opened a ticket and in less than an hour the config backup from the pc was converted, sent back to me, and restored to the XG-7100 (maybe 30 minutes). So very cool! As a plus I am learning a lot from the converted backup file that Vladimir sent to me. Thanks!

  • Guide on how to setup Dual Wan on pfsnse 2.4.4?

    20
    0 Votes
    20 Posts
    2k Views
    stephenw10S

    You can try that but I don't think it will help. It behaves like some low level mismatch or limitation.

    Like for example the TTL limitation I mentioned. If that router only allows a limited number of clients one way they can enforce that is to prevent you using another router behind it.

    Steve

  • pfSense is new for me

    9
    0 Votes
    9 Posts
    922 Views
    stephenw10S

    Port 22, so scp/ssh? Nothing special should be required.

    If you are still seeing that same error and the passive ports are open then the server is probably misconfigured and handing out it's internal IP to connect to. And the client is not clever enough to see that and ignore it. The Filezilla client will do that for you.

    Steve

  • Pfsense squid + squidguard in transparent mode blocking by aliases

    9
    0 Votes
    9 Posts
    1k Views
    A

    @KOM thanks, I'll check !

  • (Solved) Unblock Specific Website

    3
    0 Votes
    3 Posts
    610 Views
    ?

    @Gertjan Thanks for pointing me in the right direction! It was a DNS blocker.

  • Adding a Ubiquity UniFi Access Point

    15
    0 Votes
    15 Posts
    2k Views
    J

    If you just have ONE Access Point and are not interested in all the charts, logs and graphs that is generated with the controller software, just use the Apple IOS app to install and setup the access point. Since the app is FREE, it's a lot cheaper than the Cloud Key and easier than configuring the controller software.

    That's what I did and it works great. You can change IP addresses, update the firmware, etc all from the IOS app.

  • View squidguard (sgerror.php) error page on SSL sites.

    5
    0 Votes
    5 Posts
    1k Views
    stephenw10S

    Yes, if you are using one of the other modes Squid can be in.

    See: https://www.youtube.com/watch?v=xm_wEezrWf4&feature=youtu.be&t=935

    Steve

  • Is there anyway I can improve PPPoE speed

    14
    0 Votes
    14 Posts
    2k Views
    G

    I prob has fix it self. I find out my phone wire is shorting out my isp fix replace the cable

  • Pfsense Failover drops connections/ interuppted on Restart of Primary

    13
    0 Votes
    13 Posts
    1k Views
    stephenw10S

    Mmm, hard to see what we can do here without patching something quite low level.

    Ideally we would want it to remain in CARP maintenance until the states have syncd. That would probably need to be selectable though as some people will not be syncing states.

    We could probably force the Primary to boot into maintenance mode at every boot requiring manual intervention to failback. It would still failback automatically if the secondary went off-line entirely. Would that be in any way practical for you?

    Steve

  • Backup Script Says 403: Forbidden

    8
    0 Votes
    8 Posts
    1k Views
    KOMK

    Glad to hear you got it working.

  • 0 Votes
    15 Posts
    1k Views
    S

    The health feature would be a good idea. Although it's been over a month now and Snort has been stable with-out Service Watchdog, the problems we had with Snort in the earlier versions of pfSense no longer appear to be present.

    At this stage I suspect the crash may have been the result of a conflict between Snort and Service Watchdog possibly while Snort was updating.

  • Use of hostname inside LAN

    12
    0 Votes
    12 Posts
    903 Views
    J

    @stephenw10 said in Use of hostname inside LAN:

    Yes, like that. You don't need static ARP just static DHCP mappings.

    Steve

    Got it. Thanks!

  • Open WEb GUI on existing production pfsense firewall

    15
    0 Votes
    15 Posts
    1k Views
    jimpJ

    There may not be a GUI on that.

    pfSense its its own operating system that happens to be based on FreeBSD.

    You appear to have a FreeBSD system that someone manually configured to be a firewall.

    pfSense can't help you get any information from that. You might try posting on a FreeBSD forum for help in tracking down the information you need from that system.

  • Memory report GUI vs Console?

    3
    0 Votes
    3 Posts
    481 Views
    perikoP

    Hi @stephenw10

    Them is better to trust what 'top' show us insted of the GUI, right?

    Thanks.

  • [SOLVED] Weird DNS Problem

    34
    0 Votes
    34 Posts
    11k Views
    V

    Thanks Steve. I have opened a new topic here: link text

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.