• Alias not updated

    18
    0 Votes
    18 Posts
    2k Views
    S

    @stephenw10

    Maybe.. weird that some updated aliases were working fine though.

  • Learning pfsense

    5
    0 Votes
    5 Posts
    678 Views
    JKnottJ

    @saifullah

    If you have a CCNA then you certainly can learn about pfSense. While the details are different, the principles are the same.

  • I want to view the raw data for the WAN GATEWAY monitor

    2
    0 Votes
    2 Posts
    459 Views
    stephenw10S

    That is the correct file. Assuming your WAN is DHCP. And it's the only WAN you have.

    Steve

  • Блокировка видео/Block video

    19
    0 Votes
    19 Posts
    2k Views
    stephenw10S

    172.21.16.1 is my local pfSense LAN interface where Unbound is listening and responding to queries.
    8.8.8.8 is Google's anycast DNS IP.

    With the override in place I would expect 8.8.8.8 to return an IP address but Unbound locally to fail.

    Steve

  • How to change the external ip

    8
    0 Votes
    8 Posts
    638 Views
    stephenw10S

    You can do that using manual outbound NAT:
    https://docs.netgate.com/pfsense/en/latest/nat/outbound.html#working-with-manual-outbound-nat-rules

    First you need to have those public IPs present on the firewall. So a public subnet that is routed to you be the ISP perhaps.

    Steve

  • Interface name switch in config

    2
    0 Votes
    2 Posts
    484 Views
    stephenw10S

    The 1100 only has one NIC, mvneta0, and all interfaces are VLANs on that including WAN and LAN.
    Your new hardware probably has at least two NICs so you can add the VLANs to either. If it has 4 NICs you may only need VLANs 20 and 66. The other interfaces can be moved to real NICs.

    Steve

  • All Cloudflare forwarded connections blocked. Help me poke holes!

    4
    0 Votes
    4 Posts
    680 Views
    stephenw10S

    The redirect target IP on the port forward should be the internal server IP not the LAN address.

    I expect to see one port forward for each port unless they are all directing to the same internal IP in which case you could use a 1:1 NAT rule.

    Steve

  • WAN_DCHP loss

    6
    0 Votes
    6 Posts
    845 Views
    bingo600B

    @koenh
    This indicates that somewhere between the pfSense WAN interface, and what ever monitoring ip you are using, has some ugly packetloss.

    I would shift the monitoring ip back to "default" ... (the DHCP delivered default gateway) , and maybe change the network cable between the pfSense & the ISP Box.
    Your pfSense Wan IF is connected directly to the ISP box, correct ??

    Maybe i'd power off/on the ISP Box, just to make a "fresh start" ...

    If it continues with packet loss between pfSense Wan and the ISP default gateway , i'd contact the ISP and explain the issue.

    Edit: V'man beat me to it 😊

    /Bingo

  • automatic reboot right after boot finished?

    6
    0 Votes
    6 Posts
    800 Views
    stephenw10S

    I would not expect it to. Disabling NUT as a test is pretty easy though.

  • How to securely manage pfSense in times of increased Cyber Threats?

    18
    0 Votes
    18 Posts
    2k Views
    T

    I don't find it paranoid or over the top to use a dedicated, offline system for managing your IT infrastructure considering the low prices for a Chromebook or similar. My diy nuclear reactor must stay secure... ;)

  • pfSense recommendations

    Locked
    6
    0 Votes
    6 Posts
    827 Views
    stephenw10S

    This is spam lifted directly from here. Locked.

    Steve

  • New installation (with reset), LAN does not work

    Moved
    8
    0 Votes
    8 Posts
    945 Views
    D

    @viragomann
    They are all Realtek, damn them and their drivers.
    However I solved it by putting two NICs on another PC where at least there is an Intel NIC that I use for the LAN.
    How much time wasted for a PC that until a month ago was working without problems and in the last month has simply been turned off.
    Thanks a lot for the support.

  • nut-triggered shutdown reboots instead

    3
    0 Votes
    3 Posts
    704 Views
    F

    @dennypage The power wasn't flickering, the power was out from 10p through 1a. The nut server is not configured to turn the UPS proactively so the UPS just shuts down once the battery is completely depleted a few minutes after every client was supposed to shut down ("low battery" when nut clients are being turned off is set to 10%). I understand the behavior in the log could be explained if the UPS turned the power to pfSense off and then back on between 22:52:05 and 22:52:13 but I don't think it was the case. Based on the timestamps alone it would seem pfSense went from shutdown to boot immediately while the system remained powered by the UPS.

  • Suspicious Traffic?

    54
    0 Votes
    54 Posts
    18k Views
    johnpozJ

    @tquade to be honest port scanning the "world" could be less troublesome - than an isp customer complaining about another same isp customer

    But sure yeah probing the world not normally a good thing ;)

    To be honest many an isp should be filtering fellow customers from talking to fellow customers..

    But forget getting in trouble or what you should be doing or not being doing to be a good netizen. I make sure no rfc1918 traffic leaks out my wan for sure.. Just doing my part to be a good netizen.. Rarely happens but now and then I typo a address or something.. I make sure that dns for my private domain never goes outbound as well - just no point in sending such traffic that isn't going to resolve..

    What would be the point other then pure curiosity knowing that some fellow isp customer has ssh open, or running xyz as their router? What would you even do with that info? I would rather not waste my cpu cycles and bandwidth finding out that info in the first place - and just not send probes out my wan..

    Now if he devices on pfsense wan this 192.168.8 network - and he wants to discovery his own devices on that network. Then going to have to look into making sure ntop only discovers 192.168.8/24 and not whatever his real wan is..

  • 8-10 second Incoming ring delays VIOP phones

    3
    0 Votes
    3 Posts
    543 Views
    J

    @stephenw10 Call quality is fine. I’ll have a look at the logs. Thanks!

  • Can't update to 22.05 - UI just says "unable to to check for updates"

    4
    0 Votes
    4 Posts
    712 Views
    D

    @davewh Power cycling it fixed the problem. Thanks!

  • Offline install package repo

    Moved
    2
    0 Votes
    2 Posts
    858 Views
    M

    @mephmanx

    It took a lot of work but I was able to get through this.

  • Using a Mobile 4G Router as a Modem with pfSense?

    6
    0 Votes
    6 Posts
    2k Views
    stephenw10S

    Minimal. Somethings don't work well (or at all) behind double NAT. Mostly things that require NAT workarounds like UPnP.
    Has no impact on security (arguably improves it!) and performance impact is usually minimal as long as the upstream router does not restrict the throughput. Some SOHO routers have very limit state tables for example.

    Steve

  • Imagine you had a client with 1200 users... That wants VPN and reporting!

    15
    0 Votes
    15 Posts
    1k Views
    stephenw10S

    Mmm, that's tough because generally that means one server process. So 10G is pretty much right out with pfSense.

  • Bridge blocking. [SOLVED]

    5
    0 Votes
    5 Posts
    712 Views
    N

    @stephenw10 said in Bridge blocking.:

    Ah, OK. Yeah that should work.

    Just tried it, and it works flawlessly.

    Thanks.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.