• frequent outages

    3
    0 Votes
    3 Posts
    405 Views
    J

    @cappie thank you for the reply. i have updated the drivers and rebooted, appears the interfaces were updated successfully. i'll continue to monitor the status over the weekend

  • PHP Error in 23.01 at Status Interfaces

    3
    0 Votes
    3 Posts
    423 Views
    F

    @stephenw10 Thanks! That did indeed solve my issue.

  • Xiaomi phones trying to acces port 80 of the firewall

    2
    0 Votes
    2 Posts
    462 Views
    stephenw10S

    Almost certainly just poorly configured by default rather than anything malicious. Any real attack or scan would be across a range of ports/services and wouldn't waste time hitting the same port repeatedly.

    If you change the rule to reject instead of block they might get the message and stop trying.

    Steve

  • GNUPG install on PFSense

    Moved
    6
    0 Votes
    6 Posts
    751 Views
    johnpozJ

    @mephmanx said in GNUPG install on PFSense:

    organization background tasks that are backed by git repos for config and update purposes.

    Why would you do this on the "firewall" wouldn't those make more sense to do on some resource inside the org? What part of the firewalls role do these tasks help with?

    Problem I have seen over the years is people think oh well this "box" I have is only using like 3% of its cpu doing its current thing, why not just leverage these unused cycles for doing other than firewall things..

    Is that the case here? Do you not have some other resource on your network that could perform these background tasks?

  • How to block a specific MAC address using pfSense

    7
    0 Votes
    7 Posts
    2k Views
    M

    @johnpoz thank you for your reply and suggestions.
    thank you to all of you, guys.

    I really appreciated your help.

    Regards,
    Mauro

  • Upgrade to 23.01 resulted in no internet access

    Moved
    19
    2 Votes
    19 Posts
    3k Views
    stephenw10S

    You can spoof the MAC address on the VLAN parent interface. So assign/enable that, if it is not already, and apply the MAC there.

  • How to restore config from 5100 to 2100?

    5
    0 Votes
    5 Posts
    536 Views
    R

    @rloeb Instant turnaround from Netgate support!!! Got it running. Now need to update system version.

  • 0 Votes
    17 Posts
    5k Views
    E

    @getcom dang man! i feel for you. keep up the good work and keep those ruzzkies out !!!

  • 0 Votes
    8 Posts
    829 Views
    GertjanG

    @cniles said in Need hlep with Captive Portal. I had it working but I changed somthing and can't get it to work:

    but I changed a setting, and the captive portal will not show up

    Like what ?
    Disable the captive portal network interface ? (sorry, had to ask that)
    No info can not generate useful info.

    The sited "captive-portal-does-not-redirect" link above is not some kind of optional step : you have to follow it.

    Added to these steps, I'll add :

    Take note of the interface on which the portal runs :

    942cfca3-0303-4f25-9fe8-cef146119f31-image.png

    and then de activate the portal :

    70cc5b63-b108-4050-97a3-8d26748331b5-image.png

    and save.

    Get the network settings of the interface on pfSense :

    b417c976-ba99-427d-8536-c9e9633f9123-image.png

    and that it has a /24 mask/size (to the right of the IP)

    and also check that the DHCP server is activated on that interface.

    Check that the resolver has the 'good' settings :

    939c028f-e592-4828-8fd8-f1232d078f52-image.png

    Note : the SSL/TLS Certificate is a "don't care" here.

    Now locate (physical) on pfSense and test this interface.

    When you connect to it, lookup up the IP you received. It must be an IP in the portal network you've found above.
    Also, what was the gateway you received ? And the DNS. These two must be identical the the pfSense IP for your portal network.

    What are the firewall rules for the portal interface ?

    For testing purposes, you should use this rule :

    f70d6727-8d9e-4b69-8042-ea9c4c364def-image.png

    Later on, you can change - or remove - this rule for more, restricting rules.

    On the device your using to test, preferably a PC type device, test DNS.
    It has to work.

    The above steps tell you that the interface works fine.

    If you have any questions, tell us.

    Btw : up until here, everything I've mentioned and showed is pretty 'default', no special settings are needed.
    You've probably figured out that my example is using a dedicated Network for the captive portal. That's because a captive portal is a special case network : it should host devices that you don't 'trust', as it is meant to be an access for visiting devices. Your own devices should be on the default LAN interface.
    This makes things easier to implement and understand. Its not mandatory.

  • Failover LAGG of LACP LAGGs (Nested LAGG)

    16
    0 Votes
    16 Posts
    3k Views
    P

    @stephenw10 Yeah, I also noticed the error messages while trying to establish the bond on the command line.

    All my other devices are Linux based and there it is absolutely not problem to have two LACP bonds in another active-backup bond. This has been working reliably for years. I've been tinkering with OpenWRT in the recent hours, and there it's also possible.

  • Netgate 1100 high memory utilization

    3
    0 Votes
    3 Posts
    469 Views
    A

    @steveits said in Netgate 1100 high memory utilization:

    ZFS ARC

    Thank you, did it and now it looks more "normal".
    0177cdce-1b2a-42a0-a947-6a7ec19f28ea-imagen.png

  • Odd dns replies from ARIN and now another server

    11
    0 Votes
    11 Posts
    1k Views
    johnpozJ

    @phlmike said in Odd dns replies from ARIN and now another server:

    I only use pfBlockerNG

    A quick google for pfblocker and PTR seems to point to it doing them.. I don't use most of pfblocker functionality - I only use to mange some aliases via geoip and other lists for native aliases.

    Nor have I noticed any sort of blocks from dns root or gltd or in-appr servers.. But if I had to guess it prob related to that.. flagging @BBcan177 as he would be the guy to when and how pfblocker might do ptrs.. But even if was doing them the responses shouldn't be blocked unless issue with states or the answer coming in on on some interface pfsense doesn't expect the answer to come on

  • Unable to register token

    23
    0 Votes
    23 Posts
    3k Views
    B

    @bavcon22 Solution is to order another home Licence for pfsense+. It Would Be Nice if the licence will not be lost when the hardware changed.

  • 0 Votes
    6 Posts
    652 Views
    I

    @stephenw10 No issues found. :/

  • Unable to carry traffic back and forth between WAN and LAN

    Moved
    3
    0 Votes
    3 Posts
    357 Views
    stephenw10S

    That ^.

    It sounds like you may be confusing the WAN and LAN addresses. The webgui will be accessible on both the WAN and LAN IP addresses from a client on the LAN side.
    All traffic inbound on the WAN side is blocked by default.

    Steve

  • Device Listing of all assigned LAN IP addresses

    16
    0 Votes
    16 Posts
    3k Views
    GertjanG

    Yeah 👍

    These days, most devices get an IPv4 'because there is one' but if you look closely, they all use the other one : IPv6.
    Even when I'm posting here, on this forum, it's a solid IPv6 - no IPv4 in sight.

    So, I stuffed the dhcp6d full with 'static' global "DUID" based IPv6 assignments.
    Not that I'm trying to know these addresses, but that every device has a host name that I chose and remember.

  • Using multiple cheaper residential-type internet connections

    10
    0 Votes
    10 Posts
    1k Views
    R

    Thank you @gertjan for the reply. I'm a newbie and I appreciate all the info and experience :)

    By the way, StarLink has arrived and configured for failover for students and guests. The current Internet (the expensive, guaranteed bandwidth) access is configured as the failover for the rest.

  • HBO Max stopped working

    24
    0 Votes
    24 Posts
    5k Views
    M

    Does anyone have an IP list for HBO Max to whitelist in PfSense?

  • WAN Port at 1000baseT <full-duplex>. but only 100 mbps speed.

    9
    0 Votes
    9 Posts
    3k Views
    M

    @udasboot Excellent, very happy your persistence with the ISP got a resolution.

    Enjoy the awesomeness that pfSense brings to your network quality and capabilities!

  • package list empty - pfsense version v old but shows as up to date??

    8
    0 Votes
    8 Posts
    1k Views
    R

    @pootle I don't recommend everyone do this because it is dangerous but you can shave the last 1/8" (3mm) off a shroud to get it to fit most things!

    Before
    IMG_2029 Medium.jpeg
    After
    IMG_2030 Medium.jpeg

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.