@NollipfSense said in log reading to find out why my fw crashed:

@jc1976 said in log reading to find out why my fw crashed:

hmmmmm i wonder if that's it.. could the squid cache overflow from all the downloads be causing the problem?

Sadly, it sounds more like a hardware issue...how is the hard-drive? If you're using Squid for the antivirus, I doubt it.

I'm sorry for getting back so late..

it couldn't have been a hardware issue as all has been fine since.. absolutely zero problems. it had something to do with setting up that linux box and running updates. no idea why.. and it was long enough ago that i don't remember it all, but after reading through my original post to the end where i wondered if it had something to do with the caching of updates and maybe the cache became full and it caused a kernel panic? no idea.. pfsense on that little dell has been so reliable that it almost works against me in that since there aren't any problems, there's no impetus for me to learn how to decipher the logs..

anywho, i ended up going a different route with building my media server, using win10 ltsc IoT because the various applications i was going to be running, that was just a better route to go over debian. (sonarr/radarr/lidarr/nzbget, handbrake & makemkv, and plex server are all first and foremost made to run on windows)..

just wish i knew how to read the logs..

@pfsjap BTW for Snort you should read https://forum.netgate.com/topic/180501/snort-v3/6 and consider Suricata.

"At some point in the future I expect the upstream Snort team will cease development work on Snort 2.9.x (the version currently in pfSense). At that point, unless someone has stepped up and created a Snort3 package, Snort will die on pfSense."

Yes, after looking into those tokens I see there is in fact a 'duration' value for tokens and it's 365 days.

So if a redmine is required here it's for documentation. If it's not shown anywhere it should be.

Not something I've seen before, thanks for pointing it out.

Steve

We have considered changing it many times but at this point it would likely cause more confusion than it would solve. POLA applies. 😉

Mmmm standby hardware is a comforting thing to have in such moments IMO. Yes it will always be slightly behind whatever the failed unit was but as long as it's kept vaguely current you can always update it and restore the current config to it. I have done that myself in exactly this situation.
But, yes, the NDI will be different so both boxes would need to be registered ideally.

@darren200701

No issues on latest Ventura developer beta.

If you are still having issues, Stuffit Expander is available from the Mac App Store

Yeah, if you have a CPU that supports SpeedShift it probably will be running faster/hotter with the default values than when using SpeedStep tuned to reduce power consumption.

@Gomo said in pfSense inpath DPI / setup question:

pfSense transparent bridge

Didn't even entered my mind...thanks for sharing.

@menethoran said in setup new non-active (yet) pfsense machine on network with working pfsense:

I WILL be replacing one with the other, but I want to have the new one as set up as possible before switching.

The way to do that is to download the config file and use it to get started with the new system. However, you will likely have to reconfigure the interfaces to match the old system. You can do that from the console, using ssh.

@SteveITS said in pfBlockerNG - Blocking a domain:

does your log show an error it's trying to update the empty source?

No errors here when updating or reloading.

@stephenw10,

Well I am using the TFTP server and PXE to boot iPXE. Once iPXE takes over I want to use it to "sanboot" an ISO, but that requires the ISO to be made available via HTTP.

It seems like the best thing is going to be for me to just install an HTTP server on a VM or in a container for that purpose, I was trying to avoid that and let pfSense do it, but I see it probably just cannot be. I was hoping pfSense could serve it up, but no problem I'll just setup a container to do it.

Stuart

That is pretty small.

We have to do some odd tricks to parse the lease file since the format used by ISC isn't very friendly to parsers. It's possible there is something in the lease data that is making the parser fall into an infinite loop. Probably something in one of the uid or client-hostname lines, but uid is much more likely to contain something problematic.

@stephenw10 Thank you. I know I have eyes on it now... but every entry helps.

@jimp said in Modify a widget?:

While there are no plans I'm aware of to add that, given the functionality that's already there, it may not be terribly hard for someone to add and make a PR to do.

True, it looks quite nice, not been through the imports yet though. Will be something to figure for a rainy day perhaps. Thanks :)

@Jarei said in pfsense+ upgrade from 22.05 to 23.01 causes kernel panic:

well the good news is changing that problem card solved the problem running 23.01 atm had zfs saved snapshot so could test it quickly

now my license does not work anymore so can't upgrade to 23.05 like yay think i'll move my shit over to something else

just by changing 1 network card license is void
this just plain sucks :(

Are you seriously complaining about a free license that didn't cost you a single dime? Feel free to "move your ****" to another firewall platform.

Yup, if anyone can tell you what the expected behaviour of the AT&T router is it's the guys in that thread. 😉

Hi people, my NIC arrived and it's running so fine. Love it!

Will buy a Netgate 2100 in the future for the low running cost of 5W only!

fada4b50-67bd-45b0-9a3e-52815b36895e-image.png

@SteveITS

Yep it has I believe 3 modes and one of those is AP.

I will do some testing and report back but could be a while as I am not at home due to personal circumstances but will report back.

That option to place the AP there is a really great one as it also frees up a port on the Pfsense SG-1100 (I ordered one before I came to this forum, if I knew then what I know I would have ordered a 2100 😂😉

@tjabas said in need some help assigning ports in new router:

i was trying to do so by assigning igc2 as the same start ip as igc1(192.168.1.1) but it wasnt possible so i made it 192.168.2.1, but i cant get no internet connection in that port.

Unlike the main LAN, you need to provide rules to allow the traffic. Here's what I have for my guest WiFi. It's on a VLAN, but it works the same way. It allows connecting only to the Internet and pinging the interfauce.

b2263027-ed7b-4ba3-876d-a871ead6e324-image.png

@Troutpocket So based on what I have recently done i think you will need a radius proxy.
To add some color, I recently set up Cisco DUO 2FA. Logging into my pfsense using LDAP or OpenVPN using LDAP auth, admins and end-users will get a DUO Push notification. Works brilliantly.
In order to get this accomplished I needed to have a working LDAP server that everyone initially can reach and auth to. Once that is working I set up a DUO Proxy server that also listens for LDAP requests. Now you point all your LDAP configuration to the DUO Ldap you set up and when any LDAP request get sent to this proxy server, the proxy talks to the LDAP server confirms that auth is good then talks to the DUO service to have a push notification sent to the end-users phone.
I bring all that up to say i think you require a proxy as well. You need to have something talking radius and all radius requets get sent to it and the proxy will turn around and send it to Azure.

I found this while searching.

https://wiki.freeradius.org/config/Proxy