On modern pfSense installs, there are a number of ways. The uname data as already mentioned, the contents of /etc/platform, the presence of the pfSense pkg, and likely dozens/hundreds of other methods based on the presence of certain files around the filesystem specific to pfSense.

The dashboard shows your CPU and memory usage. Watch your CPU usage when you run a bandwidth test.

You can also go to the shell and run 'top' to see how much CPU is being used.

hello friends,

if you are looking to setup PlayStation VPN then I have a complete guide on it. This is because with a virtual connection, not only are you a free gamer, but you can also stream endlessly. You are free to tap into massive nooks and corners of restricted content all around the world.

As of now, I think was able to achieve this firewall rule/s....what I did was allow the target devices to connect to Amazonaws.com IP Range, firewall alias URL's....so allowing connections to Viber.com, allowing connections to Amazonaws, then blocking everything else. The tricky part is Amazonaws got a couple of ASN.

Thanks a lot for your help Stephen!

I haven't had a lock up in the past few days. I am leaving on vacation for a week. I will report when I get back.

Hit the wrench top right from the firewall log page and it's an option there in 'Manage Firewall Log'.

It's likely nothing to worry about though.

Steve

@zwoop I have a similar issue, the prob is, pfsense boots and asks for the WAN IP before my cable modem has completed its handshake with the ISP, then pfsense just sits there having failed to obtain its WAN IP. There is a post about introducing a delay boot but it doesn't seems to work reliably. It hasn't bothered me enough to spend more time on this issue thanks to my UPS.

Thanks for replying. AFAIK RAM is never maxed out. Runs around 30 to 35% of the installed 12GB. Same for CPU, I rarely see anything above 5 to 10% utilization.

States table has 812000 entries, to which only 2000 or so are used at any given time.

I left my house friday night for the weekend and came back yesterday. When I left, I had disabled fpblockerNG and DNSBL. When I came back home, everything was working fine. I activated pfblockerNG and DNSBL, went to bed, the internet was still working. This morning, the internet was down again.

I am 99% convinced pfblockerNG or DNSBL are to blame. I tried resetting the states table, do a force reload on pfblocker and DNSBL (although they were deactivated I thought that could maybe help) and had to reboot the firewall once again.

Next step is to find the reason for this. Anybody has an idea on how to troubleshoot this?

To me it looks like a DNS resolution issue more than actual connectivity to the web since pfsense still can access the outside world but nothing from the LAN can reach out... I may be wrong. I also thought Unbound was crashing but it appears to be always run fine...

@nogbadthebad said in Simple VLAN for PFSense + Unifi AP-AC-LR:

You may also want to put a block above your pass rule to block the home network access from the guest network , something like :-

0_1530552748613_Untitled.jpeg

g_ip_local is an alias that contains IPv4 & IPv6 local subnets.

Will do

@nogbadthebad said in How can I change my root prompt?:

0;1;31m

The default shell is tcsh that's why i stated tcsh != sh, I didn't spot the bit where you mentioned echo $SHELL

@thehermit Hardware encryption will probably be a requirement for v 2.5

The only thing that is perhaps better about using a VLAN would be not introducing more wifi networks into an already crowded space. Though if your IoT devices require wifi that would only be achievable if your access point(s) support multiple SSIDs with VLANs.

I see no problem with what you've done here.

Steve

Ok, figured out why, and wanted to log it for posterity (in case someone else ends up here on a search):
ZeroTier stores in /var/db/zerotier/*, and the TMP and VAR mounts were set for RAM-disk in the backup I imported...

Now I have a different issue, in that the system won't complete boot (It sits at "trying to mount root UFS blabla <UFS-ID> [rw]"), so I have something else to do (will probably end up rebuilding from scratch!) when I get back from this business trip!

yes, i have to try Reset to factory defaults and login web gui now. i dont know why happen this.

@derelict said in I want to use Snort, Squid & Wireshark on my home network but not sure where to place them, or even if they're really needed, plus other questions. Advice?:

how much time it would take for someone to answer all that.

And then he/she might just delete the whole thread.. if doesn't like the answer or gets what they want.. So sure and the F wouldn't spend more than a few seconds on a response.

Posts that are wall of text don't normally get much responses... While responses can sometimes get long.. You prob have better luck in drawing attention with simple to the point questions you might have.. For example start with just snort, or squid, or wireshark asking how best to leverage vs all of it at once.

@jahonix different box, this is 24/7 low power workstation where I run pfSense along with bunch of other program.

@donnyr said in WAN throughput throttling:

Thanks.
I am running bare-meral so no potential bandwidth issues.
The same NICs achieve eve 980 mbps in windows on my other 1 gbps connection so I presume it is a pfsense issue.
What bewilders me is that the upload still goes to 250 Mbps so it's not a technical limitation to 100 Mbps.
Even USB 2.0 shd achieve more than 90mbs so also probably not driver related.

I don't have other NICs available to test at the moment. Will see if I can borrow some.

It's not remotely the same. When running as a client, like with Windows, the drivers can offload much of the network stack to the NIC. In short, most of the hardware offload features that allow Windows to be fast are not applicable to pfSense.

What you need is a NIC that has advanced interrupt moderation and DMA coalescing, so every network frame doesn't interrupt the CPU.

Depending on the situation, upload can be easier because drivers can buffer some amount of data before sending to the NIC. In the case of receiving data, it's cheaper to not have the NIC buffer because buffers cost money and increase complexity.

Start basic, build up.

The best way to access to insecure resource like that is to use a VPN to connect to the firewall and then access the DVR over that.

Steve