Ah, well to do that you might actually be better using two separate connections. You can route VoIP traffic via one exclusively and have no chance of other traffic ever causing a problem. And you can still setup both as failover to give some redundancy. Steve

@stephenw10 I have not be able to reproduce the behavior again, unless I use the crossover cable and have both OPT1 and WAN going into same switch - which I now believe to be an invalid configuration. MAC addresses need to be unique at the physical LAN subnet level. Hence the marvel with 1 Mac and 3 ports works as long each port is plugged into a different physical subnet. Now that I understand the Sg-1100, pfsense, VLANs better. I have the system working with 1 cable from WAN to Cisco Switch with the untagged VLAN being the WAN interface and the tagged 100 VLAN being the camera interface.

@stephenw10 Hi Stephen, I did have 'my identifier' set to the address with the elastic IP set. I finally found the problem. The inbound rules on the office pfSense did not allow udp/4500. Once I added a allow for the source IP the connection came up instantly. Thanks again, Paddy

@shinobi said in Java log4j vulnerability - Is pfSense affected ?: from what we see across various products and devops environments most often the devs are unaware of it until shown.. log4j can be buried deep so i'm about to scan my local pfsense using latest openvas plugins.. .although im not aware of it,.. it could still be behind something else. ~If i see any hits i will return them here. pfSense is open source software. If there was log4j module used, it would have been found / exposed and fixed by now. There are thousands of people out there checking the code. Not just Netgate. What im trying to say is, you are wasting your time.

Thanks @stephenw10, the rule screenshot's really helpful. I was able to get that rule set working (as long as the "skip rules..." option was selected).

@stephenw10 And gets auto discarded when the cited redmine feature request got implemented. On the down side : this needs some discussions with diff and 'patch'.

Is it possible to create a user on pfSense via SSH? Obviously for my immediate need.

@gertjan Thanks! Its Working as expected!

Yeah, seems like the gateway device is running proxyarp for some reason. If you can connect to devices in the WAN subnet but nothing upstream from that it's either because there's no default route or the outbound NAT is not functioning. Either are probably because the WAN gateway is not configured on the WAN interface itself. Steve

I think it's just the gaming apps not sending UPnP requests. I'll set up a pcap when I have time to fiddle with it. In the meantime, for anybody looking into testing UPnP, here is a good read on the upnpc utility you can use to do just that: FYI: Tool to test and set Port Forwarding with UPnP

Yeah, if those numbers were a lot larger or continually incrementing if would be more of a concern. Those could have been caused by unplugging OPT1 or OPT2 at some point. Steve

Yup, many 'modems' like that no longer route traffic after setting bridge mode because they no longer have a public IP to route it from. So you cannot use the wifi which relies on that. Steve

Yeah, it 'feels' like something that takes too long to process which would be load dependent. Anything less that 5s always seems to fail though. Add anything that might be relevant to the bug there. Steve

@jsmiddleton4 Thank you. I appreciate that! You are right, probably no one is going to hack into my APs but being in IT for years, I also know how us IT nerds are, so its more I want to just be aware. I cant be aware of everything nor will i know how everything works but the more I know about my network and what looks right/doesnt the better off i'll be. Its all fun and learning for me especially now that im in more of a project management role instead of IT i actually WANT to work on these types of projects and learn for fun. Let alone, watching Mr. Robot did not help in the 'people are hacking you' thoughts. lol. DHCP6 will come down the road. My next goal is setting the plugins up and watching everything. I am curious because i just got alerted that im over my data cap again! Something is def. off since its not every month. Ive already got a good idea of whats on my network but i've been running ip scanner for a few months now and just noticed a few more things that im gonna double-check. Good information to note in regards to the NICs etc.

I upgrade numerous boxes daily between snapshots and have never seen it become a problem. Currently I see two previous versions stored there, ~200MB.

Mmm, you could probably run a scan manually using ClamAV if it's installed and updated. No idea if it has any signatures for 64bit ARM FreeBSD though! Steve

@bingo600 said in SOLVED: pfsense vm or physical?: @lewis I'm not talking about a VM going down unexpected. I'm talking about the times. ie. my ESXi servers has been down this year due to critical patches, that had to be applied to ESXi or vCenter (well servers doesn't need to be taken down to patch vCenter). /Bingo Oh yes, very good point. In that respect, pfsense running on its own hardware is never an issue. I've never had an update cause down time. That alone seems to seal the deal. I've also run pfsense as a vm using two of the blade nics. It works as expected, just a bit tricky to set up but you're right about the host.

Hyperthreading enabled. [image: 1641594336666-screenshot-2022-01-07-172457.png] Hyperthreading disabled. [image: 1641594839150-screenshot-2022-01-07-173308.png]

@stephenw10 I may not use it. It fits my design goal, free. Totally not needed. And I'm not all that eager to have a video card fan start squealing. The box is in a work at home office. Someone gave me an electric boat trolling motor. I'm looking at connecting it to the battery in the PFSense box UPS. Stick the propeller into the case. Cool that sucker DOWN. There'd have to be some tweak to the NUT package though.