As Derelict has been trying to tell you for this whole thread. Now create your firewall rule with dest of your IP of your nat, ie 192.168.x.x

Put that above your rule that allows it.. And that IP would be blocked.

@akuma1x
Thanks for the help
Bypass squid for the client is not an option. It's also my workstation not dedicated steam box.😕
I used the do not cache option and it worked for me. Only trick was to enter ".steamcontent.com" instead of "steamcontent.com", the little dot catches all subdomains.
I also had to manually edit the squidav conf to bypass antivirus for steam, otherwise it will still use quite a bit memory and lots of CPU.

abort \.steamcontent\.com

As you can see if squid can be bypassed totally for certain domains then things can be a little easier. Or if the squidav GUI is more versatile...

Ahh i was able to make a "new" sorting by deleting the VPN interface ;)

Ok that was easy.

Thx to give some hints.

@jkmuk said in Routed /29 subnet from ISP and exposing services to internet:

how a /29 subnet is normally setup in pfsense for exposing internal services to the internet?

By actually just routing it - ie you this /29 on a interface connected on your lan side of pfsense and just firewall rules to allow inbound and outbound traffic.

Is how you would normally do it. Since your question really has nothing to do with that and your natting to private IPs - your questions should be in the load balancing section. Since that is what your question is about.

Which type of scsi controller do you use in your VM ? What do you see in VM console after ''dummy state''?

I can't interact with the VM at the command line either

Make sure to hit Scroll Lock next time - sometimes console ''freezes'' and don't show last messages/current screen.

pan_2...thanks for the response. I currently have a Intel E1G44HT I340-T4 4 port PCIe Ethernet Server Adapter (Intel 82580 controller) in my pfSense computer and use it for my LAN and WLAN interfaces and have had no issues with this NIC. However, in the FreeBSD hardware notes, I can't find an 82580 controller listed in any driver section; there is a listing for an Intel Single, Dual and Quad Gigabit Ethernet Controller (82580) in the igb(4) driver section but I don't know if that 82580 listing is meant for the controller or not. The igb(4) driver supports Gigabit Ethernet adapters based on the Intel 82575 and 82576 controller chips.

Indeed, a means to return/refund is at the top of the list. I'm just looking for a PCIe, <= 4x, quad port gigabit NIC that will work with Suricata in Inline Mode. I've not had any issues with Intel NIC cards in the past which is why I was looking in the FreeBSD hardware notes in the em(4) driver section. Trying to find one that is either not discontinued or fiber seems a little more difficult than I expected.

Check out the 'OpenVPN as a WAN' hangout by Jim Pingle /Netgate: https://www.youtube.com/watch?v=lp3mtR4j3Lw

-Rico

I was actually trying to delete the post. I ended up finding the text on the forum after all. My apologies.

YOU need to specify to use pfSense as your DNS with the nslookup command otherwise it uses the client's default DNS config:

server 192.168.4.1

THEN try to lookup vcenter.smart.az:

nslookup
server 192.168.4.1
vcenter.smart.az

What does it come back with?

What is the contents of your Linux client's /etc/resolv.conf file?

Acutally, it doesn't matter if you enter fqdn or ip address in nslookup, it should resolve both.

You are trying to resolve hostnames to IP addresses. That was your stated problem. Doing a reverse lookup doesn't help you with that.

https://www.virten.net/vmware/vmware-vsphere-esx-and-vcenter-configuration-maximums/

http://sdebbeche.com/wp-content/uploads/2016/11/vsphere-65-configuration-maximums.pdf

Thanks

Removed freeradius, restarted pfsense and then reinstall freeradius, it began to work. Thank you very much,

My KVM hasn't been doing anything out of the ordinary at all. Works just as good as the day I purchased it. I'll try a restart first, and if that doesn't work, I'll do some further troubleshooting. Thanks.

Perfect...thanks for the clarification!

Current SSDs are fine. Much faster, and reliable. It's really up to you.

Sorry for the delay, I finally fell asleep. I did, on one link only. I think it was indeed Squid though. IT started [everything] deteriorating fast just a tiny bit later. Downloads were and SSH connections to local hosts would return "broken pipes". I has seen this behavior before this time I almost went insane trying to fix it, even got an SNMP tool, in itself a major undertaking because downloads kept freezing the whole network and failing to complete--finally set it up and the big red indicator that I couldn't clear was something about a DHCP ram disk, which is supposed to be full--the conclusion I kept drawing, still, I stopped DHCP and deploy another box just for DHCP.

In the end, I gave up and decided to make the best out of a bad situation and decided to start over installing very carefully the whole network, I had already wiped a couple of times pfSense, BTW, but I was restoring from backup and that last time when I didn't I discovered the backups were snowballing the bad from before. Everything was super fast again, like unbelievably so. I kept the DHCP though, and, I added to that another 4 additional pfSense boxes, RADIUS, 2x DNS and proxied DNS (it dials VPN) these were thin clients with some weird architecture that's 64-bit "but not really", something called i586/i686, I think it's from the '90s. The 32-bit pfSense got them working again. This whole thing pushed me to get creative. :) I'm just happy to help, if I can.

I'll keep an eye on that, already wrote it down on the file I write the history of changes I make, my memory sucks. I assume the first one is the same that's downloadable as backup--I'll find out. Anyway, thanks; I doubt it happens again but in a weird way I'm kinda hoping it does out of sheer curiosity.

@stephenw10 Yeah I figured. Just thought since it's not exactly the standard I may as well test it. ZFS also has higher CPU and RAM overhead unless I'm mistaken.

So you moved the AP to a different network and now good?

If so my GUESS would be your other network is flooded with broadcast/multcast traffic and or traffic just between wireless and local.. Eating up your wireless bandwidth.

Since you say it went away when you isolated to own network - this would SUGGEST large amounts of broadcast or Multicast traffic that does not hurt your overall gig speed.. But can kill wireless.

How many clients on your network? Do a simple sniff from one of them do you see large amounts of broadcast traffic? Move it back - is there something going on between wireless clients and devices local.. Say local dropbox or something trying to sync, etc.

Just sniff on one of your wireless clients on the network where your slow - do you see lots of broadcast/multicast traffic? But you have seem to have found on your own one of the many reasons you isolate wireless to their own broadcast domain ;) and don't just connect them to your 200 host flat network.. With chatty kathy windows boxes are the worse!!!

Does tplink have any sort of broadcast/multicast filtering? Unifi has option to block it from the lan side to the wireless side - this could break some stuff depending on what your doing..

0_1539853308488_blockBroadcast.png

I don't need to block it because my wireless networks are not connected to large lan networks with lots of broadcast traffic. I see 300+ mbps on any of my clients that support such speeds.. And even the clients I have I tend to tweak them to lower noise output. I sniff my networks now and then and if I see any sort of weird noisy traffic I investigate and disable.. Not a big deal if you have a handful of clients but if your have hundreds then sure it could kill wifi networks that are not filtered from having to send that traffic over the wifi. And block multicast at the switch port the AP is connected to anyway.

Don't use NTFS maybe?

Not at all clear on what you're doing here though.

Steve