• Managed switch: Unifi Conroller & pfSense GUI & Switch GUI only interface?

    10
    0 Votes
    10 Posts
    2k Views
    V

    I am totally open to feedback from the community if this is setup correctly but here is what I did:

    I did manage to get my set up to work….my DLink switch configuration is as Follows:

    Ethernet 1 -> Trunk to pfSense/LAN Later Edit:  (eth 1 & 5 untagged and eth 2 & 3 tagged)

    Ethernet 2 -> Unifi AP
    VLAN10  (eth 1 & 2 tagged) - Nothing untagged
    VLAN20  (eth 1 & 2 tagged) - Nothing untagged
    VLAN30  (eth 1 & 2 tagged) - Nothing untagged

    Ethernet 3 -
    VLAN40/AppleTV(not Vlan capable) (eth1 tagged and eth 3 untagged)

    Ethernet 5 -> Management Computer
    VLAN 4093 (eth 2 untagged and 5 tagged Later edit: eth 1, 2, 4 &5 untagged, 3 not a member ) - I thought this would connect to a VLAN 4093 on my pfSense box I created but it doesn't, it gets an IP for the LAN interface on my pfSense box.

    I think this is OK as it allows me to be on the same L2 as my Unifi AP. I was able to have the Unifi AP adopt my computer with this setup.

    Does this look right?

    (Modesty…I'll comment on your post and do what I can to help!)

  • Fatal trap 12: page fault while in kernel mode

    4
    0 Votes
    4 Posts
    1k Views
    K

    I've come across this on my box as well (same hardware).
    It has happened about seven times in 2 months now, I've submitted the crash-reports, the times I've been able to, a couple of times it has just rebooted without any report, it just says a crash has happened when I login after the reboot.

  • Upstream unreachable but no ISP connection loss?

    5
    0 Votes
    5 Posts
    476 Views
    A

    @Harvy66:

    Just making sure I'm reading this correctly. You said

    However, looking at the pfSense monitoring (Status > Monitoring), there are no Quality issues reported.

    then immediately after have a quality graph showing what looks like 100% packetloss around the time of the error log.

    How is 100% loss not a quality issue?

    Argh, the monitor shows local time at the bottom, but the times on the graph are UTC! I was confused on the times there. Here's the correct graph, and yes it seems the local link to the ISP went down. Narrowing the possibilities…

  • Pfsense as a router. Please help!

    Locked
    26
    0 Votes
    26 Posts
    2k Views
    DerelictD

    Locking. OP if you have a question about pfSense software, please start a new thread.

  • Inter Site Communication Between two VPN Clients Site

    3
    0 Votes
    3 Posts
    458 Views
    A

    Thank you  @viragomann

    " In the client config on A enter the head office and the site B LAN subnets  at "IPv4 Remote network(s)" "

    This is what made it work. I was trying to do so since morning.

    Regards,
    Ashima

  • Packet loss at certain time every night

    7
    0 Votes
    7 Posts
    820 Views
    GertjanG

    Humm. Interesting.

    Stop the ntpd daemon in the GUI, goto shell access, and launch :

    date

    Note the time. Is it ok ?
    Change the time with date. An hours or so.
    The question is : the issue happens again, at what time ?
    If the source of the issue comes from pfSense, the time will change. If the source is from somewhere else, like your PC that start a packet hail storm at 01h08, then it will still happen at the real 01h08.

    Install the Cron package if you didn't do so already.

    What does

    ps ax

    shows ?

    And another shell access in parallel :

    top -t -ocpu
  • Track CARP peer and execute script on up/down status

    1
    0 Votes
    1 Posts
    350 Views
    No one has replied
  • A filtering DNS forwarder – proof of concept

    7
    0 Votes
    7 Posts
    10k Views
    M

    Yesterday I performed the setup and I have to say nxfilter is running pretty well on my PFSense box. The instructions above are outdated. This is how the installation is performed (on latest PFSense version)

    General > Advanced

    Disable HSTS Disable WebConfig redirect TCP port Disable DNS Resolver Change PFSense Port

    #FreeBSD 11 repos is found on

    http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/

    #install packages
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/wget-1.19.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/alsa-lib-1.1.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/freetype2-2.8_1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/fontconfig-2.12.1,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/xproto-7.0.31.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libfontenc-1.1.3_1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/mkfontscale-1.1.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/mkfontdir-1.0.7.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/dejavu-2.37.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/giflib-5.1.4.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/java-zoneinfo-2017.c.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/javavmwrapper-2.6.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libX11-1.6.5,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/kbproto-1.0.7.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXau-1.0.8_3.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXdmcp-1.1.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libxcb-1.12_2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libpthread-stubs-0.4.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/xextproto-7.3.0.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXext-1.3.3_1,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/fixesproto-5.0.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXfixes-5.0.3.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/inputproto-2.3.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXi-1.7.9,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/renderproto-0.11.1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXrender-0.9.10.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libICE-1.0.9_1,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libSM-1.2.2_3,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXt-1.1.5,1.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/recordproto-1.14.2.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/libXtst-1.2.3.txz
    pkg add http://pkg.freebsd.org/freebsd:11:x86:64/latest/All/openjdk8-8.152.16_3.txz

    #get nxfilter

    /usr/local/bin/wget http://www.mediafire.com/file/waa0sgqzabur2pb/nxfilter-4.2.1-p1.zip

    #unzip

    tar xzvf nxfilter-4.2.1-p1.zip

    #change permissions

    cd /bin
    chmod +x *.sh

    configuration -

    /nxfilter/conf/cfg.default

    listen_ip = xxx.xxx.xxx.xxx
    http_port = 80
    https_port = 4443
    start_tomcat = 1
    cluster_mode = 0
    master_ip =
    slave_ip =
    blacklist_type = 5

    Then you can fire up your config with startup.sh -d or use the script in this post.

  • Alerted of crash upon logging is, drop down menus don't work

    4
    0 Votes
    4 Posts
    311 Views
    BBcan177B

    @new-to-netgate:

    Hi,
    I'm running 2.4.2p1 on my own hardware.  It's been running fine for a year or so.  A few days ago I found an error message at login alerting me that there was a crash, and giving me a choice to report it to developers (did that).

    The problem is now drop down menus don't work.  Here's what's in the crash :

    amd64
    11.1-RELEASE-p6
    FreeBSD 11.1-RELEASE-p6 #8 r313908+a5b33c9d1c4(RELENG_2_4): Tue Dec 12 13:51:24 CST 2017    root@buildbot2.netgate.com:/builder/ce-242/tmp/obj/builder/ce-242/tmp/FreeBSD-src/sys/pfSense

    Crash report details:

    PHP Errors:
    [22-Jan-2018 21:29:46 America/Vancouver] PHP Parse error:  syntax error, unexpected 'if' (T_IF) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 1771

    No FreeBSD crash data found.

    Suggestions welcome :)

    That line in the code on Line #1771 is for the download of Feeds. I don't see any issues with the code and can only assume that that you had a hard drive failure or a file corruption issue… I would just suggest a reinstall of the package.

  • Change Source port range

    2
    0 Votes
    2 Posts
    467 Views
    GrimsonG

    For NAT: Create your own outbound NAT rules and switch to manual mode.

  • What is pfsense limitation for handling clients ?

    5
    0 Votes
    5 Posts
    2k Views
    johnpozJ

    Your limitations are going to be how big your internet pipe is, how you configure the lan side, etc.  I personally would not put 1000 devices on the same segment - because that ends up being a lot of broadcast noise..

    There will be a limitation of your state table, etc. If you only have 1 public IP to nat too that could end up being a limiting factor even if you had a 10ge pipe to handle traffic, etc.

    But you could have 1000's of clients behind sure..

  • Problem Authentication Determinate User Active Directory with PfSense

    1
    0 Votes
    1 Posts
    279 Views
    No one has replied
  • Ransomware Detection Capability

    13
    0 Votes
    13 Posts
    8k Views
    M

    @johnpoz:

    How does your blocking their C&C prevent that?

    It doesn't always but it depends on the variant - for example CrytoLocker will stay dormant (and does not encrypt files) if it cannot reach the designated C&C server.

    Has that kept it out?  No.  But you now have a hit on your DNSBL which you can use to isolate an infected machine.

  • Renew lez encrypt pfsense

    4
    0 Votes
    4 Posts
    953 Views
    GertjanG

    @alex1962:

    [Mon Jan 22 15:41:06 CET 2018] 'www.cybercrimine.com' is not a issued domain, skip.

    Can't use https://crt.sh right now - better check with that site when it comes up again.

    @alex1962:

    if I analyze the start of pfsense I see a lot of faied pullup errors.
    can it be connected?

    Don't know what you mean.

  • 0 Votes
    5 Posts
    3k Views
    wgstarksW

    @Derelict:

    That or I suppose someone is trying to spoof ARP for an interface address. You would need to handle that in your switching gear.

    Diagnostics > Packet Capture for ARP on that interface and see what you see.

    No. I think this is caused by my own ignorance.  :D

  • Some sites won't load after a while

    8
    0 Votes
    8 Posts
    1k Views
    johnpozJ

    I use lots and lots of local names.. You shouldn't be using .local - states that right in the notes for when setting up your domain under general settings.

    Do not use '.local' as the final part of the domain (TLD), The '.local' domain is widely used by mDNS (including Avahi and Apple OS X's Bonjour/Rendezvous/Airprint/Airplay), and some Windows systems and networked devices. These will not network correctly if the router uses '.local'. Alternatives such as '.local.lan' or '.mylocal' are safe.

    I would turn off register dhcp… Just have it register reservations.. All devices you want to resolve most likely should have the same IP - so just setup a reservation for them, etc. so they always get the same IP..

  • PROTOCOL-DNS DNS query amplification attempt - now hosting TOR traffic

    6
    0 Votes
    6 Posts
    2k Views
    bmeeksB

    @johnpoz:

    Yeah you can see for sure that IP is part of the ntp pool.

    http://www.pool.ntp.org/scores/95.211.224.12

    Yeah…that's my biggest gripe with a lot of the blacklist type of IP lists.  They mix up the good guys and the bad guys sometimes, and it is frequently difficult to get mistakes fixed.

    Bill

  • WAN Connection Drops; requires Reboot

    1
    0 Votes
    1 Posts
    285 Views
    No one has replied
  • Captive Portal Question

    6
    0 Votes
    6 Posts
    758 Views
    GertjanG

    @pronten2:

    Ok i will try i will update you later tnx

    Nothing to "try" actually, it's disabled by default, so a user can use the same login ID on multiple devices already.
    See image.

    multiple.PNG
    multiple.PNG_thumb

  • Pfsense Can't boot after power failure - kernel panic

    6
    0 Votes
    6 Posts
    6k Views
    H

    @triangleman:

    @Harvy66:

    Probably easier to re-install and restore your config from backup. You backup, right? And using ZFS would probably help prevent this in the future, at the cost of more memory.

    I'm all-for preventing this from happening again and will look into ZFS,
    but re-installing after a mere power failure seems a little much.

    Surely there's a way to use the 'recovery mode' from the CD to run FSCK on the disk right?
    I looked into it, FSCK does run, but i don't know how use it for this.

    I'm not familiar with UFS. Most modern filesystems don't trash committed data, only data or metadata changes that are in-flight run the risk of corruption. My pfSense box has experienced 3 unexpected power failures in the many years. Never had an issue, but could just be lucky or you could be unlucky or something pathological.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.