• Interface reassignments suggestions?

    6
    0 Votes
    6 Posts
    715 Views
    M

    @stephenw10 If only there was some kind of video on youtube by netgate that can give an example on modifying the config.xml when porting it over to new hardware 😁

  • 0x8007003B unexpected network error when sending files between 2 vlans

    3
    0 Votes
    3 Posts
    615 Views
    stephenw10S

    The speed drop is because when the client is on VLAN1 that traffic is all moving through the switch. When it moves to VLAN2 pfSense has to route all that between the interfaces. That's expected.

    Steve

  • I don't know were to begin... Cloudflare and the dreaded 522 error

    16
    0 Votes
    16 Posts
    2k Views
    S

    @johnpoz I ditched HAProxy and went to Traefik and all is working now. :)

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    5 Views
    No one has replied
  • Alias not updated

    18
    0 Votes
    18 Posts
    2k Views
    S

    @stephenw10

    Maybe.. weird that some updated aliases were working fine though.

  • Learning pfsense

    5
    0 Votes
    5 Posts
    680 Views
    JKnottJ

    @saifullah

    If you have a CCNA then you certainly can learn about pfSense. While the details are different, the principles are the same.

  • I want to view the raw data for the WAN GATEWAY monitor

    2
    0 Votes
    2 Posts
    460 Views
    stephenw10S

    That is the correct file. Assuming your WAN is DHCP. And it's the only WAN you have.

    Steve

  • Блокировка видео/Block video

    19
    0 Votes
    19 Posts
    2k Views
    stephenw10S

    172.21.16.1 is my local pfSense LAN interface where Unbound is listening and responding to queries.
    8.8.8.8 is Google's anycast DNS IP.

    With the override in place I would expect 8.8.8.8 to return an IP address but Unbound locally to fail.

    Steve

  • How to change the external ip

    8
    0 Votes
    8 Posts
    639 Views
    stephenw10S

    You can do that using manual outbound NAT:
    https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#working-with-manual-outbound-nat-rules

    First you need to have those public IPs present on the firewall. So a public subnet that is routed to you be the ISP perhaps.

    Steve

  • Interface name switch in config

    2
    0 Votes
    2 Posts
    486 Views
    stephenw10S

    The 1100 only has one NIC, mvneta0, and all interfaces are VLANs on that including WAN and LAN.
    Your new hardware probably has at least two NICs so you can add the VLANs to either. If it has 4 NICs you may only need VLANs 20 and 66. The other interfaces can be moved to real NICs.

    Steve

  • All Cloudflare forwarded connections blocked. Help me poke holes!

    4
    0 Votes
    4 Posts
    682 Views
    stephenw10S

    The redirect target IP on the port forward should be the internal server IP not the LAN address.

    I expect to see one port forward for each port unless they are all directing to the same internal IP in which case you could use a 1:1 NAT rule.

    Steve

  • WAN_DCHP loss

    6
    0 Votes
    6 Posts
    848 Views
    bingo600B

    @koenh
    This indicates that somewhere between the pfSense WAN interface, and what ever monitoring ip you are using, has some ugly packetloss.

    I would shift the monitoring ip back to "default" ... (the DHCP delivered default gateway) , and maybe change the network cable between the pfSense & the ISP Box.
    Your pfSense Wan IF is connected directly to the ISP box, correct ??

    Maybe i'd power off/on the ISP Box, just to make a "fresh start" ...

    If it continues with packet loss between pfSense Wan and the ISP default gateway , i'd contact the ISP and explain the issue.

    Edit: V'man beat me to it 😊

    /Bingo

  • automatic reboot right after boot finished?

    6
    0 Votes
    6 Posts
    800 Views
    stephenw10S

    I would not expect it to. Disabling NUT as a test is pretty easy though.

  • How to securely manage pfSense in times of increased Cyber Threats?

    18
    0 Votes
    18 Posts
    2k Views
    T

    I don't find it paranoid or over the top to use a dedicated, offline system for managing your IT infrastructure considering the low prices for a Chromebook or similar. My diy nuclear reactor must stay secure... ;)

  • pfSense recommendations

    Locked
    6
    0 Votes
    6 Posts
    829 Views
    stephenw10S

    This is spam lifted directly from here. Locked.

    Steve

  • New installation (with reset), LAN does not work

    Moved
    8
    0 Votes
    8 Posts
    949 Views
    D

    @viragomann
    They are all Realtek, damn them and their drivers.
    However I solved it by putting two NICs on another PC where at least there is an Intel NIC that I use for the LAN.
    How much time wasted for a PC that until a month ago was working without problems and in the last month has simply been turned off.
    Thanks a lot for the support.

  • nut-triggered shutdown reboots instead

    3
    0 Votes
    3 Posts
    704 Views
    F

    @dennypage The power wasn't flickering, the power was out from 10p through 1a. The nut server is not configured to turn the UPS proactively so the UPS just shuts down once the battery is completely depleted a few minutes after every client was supposed to shut down ("low battery" when nut clients are being turned off is set to 10%). I understand the behavior in the log could be explained if the UPS turned the power to pfSense off and then back on between 22:52:05 and 22:52:13 but I don't think it was the case. Based on the timestamps alone it would seem pfSense went from shutdown to boot immediately while the system remained powered by the UPS.

  • Suspicious Traffic?

    54
    0 Votes
    54 Posts
    18k Views
    johnpozJ

    @tquade to be honest port scanning the "world" could be less troublesome - than an isp customer complaining about another same isp customer

    But sure yeah probing the world not normally a good thing ;)

    To be honest many an isp should be filtering fellow customers from talking to fellow customers..

    But forget getting in trouble or what you should be doing or not being doing to be a good netizen. I make sure no rfc1918 traffic leaks out my wan for sure.. Just doing my part to be a good netizen.. Rarely happens but now and then I typo a address or something.. I make sure that dns for my private domain never goes outbound as well - just no point in sending such traffic that isn't going to resolve..

    What would be the point other then pure curiosity knowing that some fellow isp customer has ssh open, or running xyz as their router? What would you even do with that info? I would rather not waste my cpu cycles and bandwidth finding out that info in the first place - and just not send probes out my wan..

    Now if he devices on pfsense wan this 192.168.8 network - and he wants to discovery his own devices on that network. Then going to have to look into making sure ntop only discovers 192.168.8/24 and not whatever his real wan is..

  • 8-10 second Incoming ring delays VIOP phones

    3
    0 Votes
    3 Posts
    545 Views
    J

    @stephenw10 Call quality is fine. I’ll have a look at the logs. Thanks!

  • Can't update to 22.05 - UI just says "unable to to check for updates"

    4
    0 Votes
    4 Posts
    712 Views
    D

    @davewh Power cycling it fixed the problem. Thanks!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.