• weekly crash newsyslog

    13
    0 Votes
    13 Posts
    1k Views
    stephenw10S

    Yes, you would think. If it got stuck in a loop compressing the logs it could have high CPU usage for a long while though.

  • Automount ZFS volumes/datasets

    5
    0 Votes
    5 Posts
    994 Views
    M

    @skilledinept said in Automount ZFS volumes/datasets:

    could it be that it's not loading some service that mounts the ZFS pools?

    That is a good possibility. On a normal FreeBSD system /etc/rc.conf has "zfs_enable=YES" to enable/start the zfs service.
    I don't have a pfSense with ZFS in front of me, but in the Web GUI, look under services and see if there is a ZFS somewhere to enable.

  • No-IP Updating DDNS Address from VPN

    27
    0 Votes
    27 Posts
    3k Views
    D

    @bob-dig @stephenw10 You guys were 100% right... lol. I ended up having it configured through my wireless router (which I had setup as ap mode only). In AP only mode, it hides the ddns configuration... (smh). So when I checked it as a possibility it didn't show up. But after monitoring tcpdump I saw it reach out and try to update, so changed it back to router mode and was able to disable it. Thank you all for your help!

  • New tp PFSENSE, how do I change the allowed bandwidth per interface

    2
    0 Votes
    2 Posts
    355 Views
    A

    @matthew_beck You setup a traffic shaper (also called a limiter), or multiple traffic shapers, and apply that to an interface or one specific machine, or an alias of machines (hosts) on an interface.

    https://docs.netgate.com/pfsense/en/latest/trafficshaper/index.html

    Here'a a good video on the process:

    https://www.youtube.com/watch?v=gIvc1qZn5dc

  • Local Password policy

    7
    0 Votes
    7 Posts
    1k Views
    GertjanG

    @hlrobert said in Local Password policy:

    My PCI/SOC2 auditor would like to talk to you.

    I known you're joking ;)

    When handling private data like credit card stuff, medical data, or worse, army stuff, all bets are off. Even simple systems that handle the power grid should be seriously protected, because it's the blood of our society.

    I only need one training when I have to deal with "PCI/SOC2" : and that is wrting clear and correct huge payment checks, as I would eject myself out of the "I know that" position.
    I would pay some one. And sue the hell out of him when thing go wrong.

  • 0 Votes
    7 Posts
    795 Views
    S

    Thanks, everyone.

    You're all correct. The count did include the replies. hahaha, I need more coffee. But, I also would like to reduce the noise. These answers are exactly what I was looking for. Really appreciate the quick responses. Thank you again!!

  • Is there a way to set the source address to gateway monitor?

    4
    0 Votes
    4 Posts
    514 Views
    stephenw10S

    But it could be and by doing that the other side will be able to reply.

    Your rule need only apply to the monitoring pings. So you probably want it on the MPLS interface.

    Steve

  • Excessive Freeradius page load time

    18
    0 Votes
    18 Posts
    2k Views
    stephenw10S

    Right obviously the package is not required and the Radius config is all on the remote and not in the firewall. But from the user auth point of view t configured in the same way. In both cases you need to add a Radius server in User Manager. The only difference there is that with Freeadius the server is specified as running at 127.0.01, because it's local. With a remote Radius server you need to configure the server IP address so pfSense knows where to find it.

    But the OpenVPN config is no different, the only change would be selecting the new radius server to use.

    Steve

  • Reset to factory default from CLI

    3
    0 Votes
    3 Posts
    2k Views
    T

    @tedquade Seems it was quite broken. Did a bare-metal memstick install and config restore. Am now back in operation.

    Thanks for your help.

    Ted

  • Me too.

    2
    0 Votes
    2 Posts
    491 Views
    stephenw10S

    Not sure what post you were refering to there, the link was removed.

    What exactly are you seeing? I assume a 502 error.

    What pfSense version are you running?

    Did this just start happening?

    Steve

  • pfSense pkg from FreeBSD ports or repo

    16
    0 Votes
    16 Posts
    2k Views
    ?

    @stephenw10 said in pfSense pkg from FreeBSD ports or repo:

    That's really only any use if you have wifi hardware in the firewall. And we are all familiar with the issues there.

    Unless you run kismet in server/drone config. But in that setup running the server part on some other host would probably be better. With the drone part running on an AP. Been many years since I did that....

    Ok thanks for clarifying this, I would set up it then better
    on an small RAPI and combine there kismet and fail2ban
    for rough hosts in AP mode.

  • NTP and Leap seconds

    7
    0 Votes
    7 Posts
    1k Views
    stephenw10S

    I've never tried that. But I'd say you're doing it correctly since the logs are reporting the file was loaded as expected.

  • Nagios monitoring of PFsense interfaces

    12
    0 Votes
    12 Posts
    2k Views
    stephenw10S

    Mmm, OK I replicated that. That clearly that is loaded though. Something in the perl config maybe. Someone more familiar with perl will need to look at it.

  • 0 Votes
    6 Posts
    928 Views
    ?

    I'm using the RADIUS class property (Group Membership) > like described here.

    Is there not a way to write into the radius server certificate
    in wich vlan the user must be put in? And each vlan has
    then its own IP range. Done.

  • Access Point Admin portal different subnet help?

    16
    0 Votes
    16 Posts
    1k Views
    C

    @johnpoz
    @stephenw10

    Yes working great, thank ya'll so much :)!

  • No Internet

    12
    0 Votes
    12 Posts
    970 Views
    JKnottJ

    @bert-0 said in No Internet:

    BTW: I am new to CMTs. How can you tell if a device you hit is a CMT or not?

    A CMTS is the device you connect to at the cable company head end. I used Wireshark to examine the DHCPv6-PD packets and saw the error message that identified, by host name, the failing system.

    Anyway, as I said, try connecting a computer to your modem directly. And if a tech comes make sure he can connect with his own equipment.

    BTW, have him try test-ipv6.com to show you everything is working properly. You should get 10/10.

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    16 Views
    No one has replied
  • pfSense on PROXMOX with HomeAssistant

    58
    0 Votes
    58 Posts
    15k Views
    bearhntrB

    @stephenw10 @jimp @Patch @Gblenn

    Thanks again everyone for your help.

    I am going to run this like this for a while - and take weekly backups. When I am ready to move to Proxmox - I will install fresh and then restore the last backup.

    Right now I have another issue... suddenly the 4-port card that I put into the HP Z240 prevents the machine from booting. I can take it out and put into another machine and that one boots just fine. Boots all the way to Windows server 2019, is seen and all 4-ports are there.

    Put it in the HP and I get 3 slow-beeps and RED power light, then 2 fast-beeps and white power light. I have a ticket with the folks at HP. It is an HP card 331T card.

  • NETGATE FIREWALL COMPATIBILITY WITH MIKROTIK AS ROUTER

    4
    0 Votes
    4 Posts
    464 Views
    O

    Yes, should be possible

  • constant timeouts in browser and media players

    16
    0 Votes
    16 Posts
    1k Views
    ?

    My background is dev, I only know basic networking. But
    those numbers look odd to me.

    Then perhaps a fresh install and "only" pfSense and some
    rules set up will be the best starting point for you. If then
    something went wrong it is better to find out or narrow
    down to a special point. Snort and pfBlocker-NG will be
    also not real "set-it-up-and-forget-it" applications and
    this also not for very experienced users.

    Home routers maybe sorted with some small ASICs and running (acting) therefore a bit more faster, also Linux is
    a few bit more liquid and smooth running on the same
    hardware as FreeBSD, it also comes with much more
    hardware and better driver support for many different hardware. So it is not the same running Linux and/or
    FreeBSD based systems on the same hardware.

    My suggestion to not run in a "many-problems-but-what-is-it-searching" loop, fresh install, configure it out, and then if all is fine start the next packet installing and again
    configure it out, .........

    So the forum might be best able to help you, owed to the different sections you maybe point your "problem" or question in.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.