L3, ie layer 3... Vs L2 - layer 2... That seems to be only a layer 2 switch, so no routing..

I've reset the SG. Connection kills are gone. No longer nginx reports in system log.
Is there another log that might help dig deeper? because just that error in system log didn't helped identifying the problem.

@mitch_sullo Sounds correct :-)

@mattlach I think you are misunderstanding my setup
I am not using pfsense as an Access Point. I have eero behind my LAN port for that.
AirVPN is my VPN provider. The reason for two LANs is one subnet routes directly to ISP and other subnet through VPN for privacy.

Example my Xbox and XB6 STBs will go through ISP via LAN and my wifi traffic , Torrents etc will go through VPN for privacy.

My switch is located behind the pfsense firewall

It began to work now.

@mattlach I've seen a lot of people talk about Nas but I have no idea what it is or how it works or how to set it up. But I see it all the time in the Plex forums. Would you mind explaining it beyond "network attached storage" I mean I guess that's what I'm trying to do is setup media storage servers and network them. Btw it transcodes because there's no direct connection to the Plex server. If I could get a direct connection I could use h256 and I'm running tomato over the Netgear because ddwrt doesn't support open VPN for this model of router but tomato does. Which finally got tomato and ddwrt somewhat recently many years after I bought the stupid thing.

@johnpoz said in IPv6 traceroute not showing first hop (pfSense):

So your getting the results I get, where it just works out of the box @bimmerdriver

FWIW, I have rule to pass ipv4 and ipv6 echoreq. Nothing else. I get 20/20 on ipv6-test.com (when it works) and 10/10 on test-ipv6.com.

No. If your updates are being blocked, check squid's access.log to see what's going on.

IMO transparent mode is a major pain in the ass with https. Run it in explicit mode and then configure WPAD to allow your devices to autodiscover the proxy on their own. In explicit mode, you would normally block access to tcp80,443 on LAN to force proxy use.

I apologize, I didn't luky with my search criteria

many thanks
Bull

https://forum.netgate.com/topic/139900/package-update-reinstall-issues-after-update-to-2-2-4_2

-Rico

@derelict thank you. Things I didn't understand in class before are making sense to me now suddenly. I appreciate everyone's patience.

@kom Thank you. Actually that's exactly what we had. But we have to separate the firewalls with DMZs being setup on External Firewalls and Internal Firewalls would have only the internal Networks.
Just wanted to see if this setup would create any other issue (besides that you mentioned double NAT).

Thanks,

You need to re-install to switch filesystem types, no way around that.

ZFS is a much more durable filesystem, it means fsck is no longer needed. And in fact fsck does not work on ZFS (or didn't last time I forgot and tried it!).

Just for clarity the problem in UFS is usually not the fsck cannot repair it, It's that fsck returns the filesystem is clean when it isn't. That's why it can often be repaired by running it repeatedly from single user mode. It's certainly possible to damage the filesystem beyond what UFS can repair no matter how many times it's run though.

https://www.freebsd.org/doc/handbook/zfs.html

Steve

It works great, thanks.

@johnpoz said in private.dnsstuff.com:

But guess it would be possible to just show the command output of whois running on pfsense?

I think that would be nice! IMHO

:-)

Ok, so you're leaning on client anti-virus.

Anyway it seems the following engines can be used with squid, via havp...
arcavir, avast, avg, clamav, dr.web, fprot, kaspersky, nod32, sophos, trend micro

Thanks again for your input.