No. The captive portal part of that is what allows pfSense to know which users are connected. You might be able to do it using 802.1x authentication at the APs. That's not something I've ever tried. Steve

The problem has been resolved. I just needed to flush the ARP table on the client computers. Somehow the phisical interface MAC (4c:52:62:2b:57:6d) was in their table not the "CARP MAC" (00:00:5e:00:01:0c). Thats why the AV was fustrated. Thanks for the comments!

@lewis I just tried again and you are right, that's all it took. Thank you for helping.

@bingo600 Ah, you are right. I should have checked closer instead of taking someone else's word. Sorry for the wasted post.

@winlin I suspect your TV box uses UPnP for opening and forwarding ports on the router. This is disabled by deafault on pfSense, cause it's a firewall, not a gaming box. But you can enable it in the Services menu if you need it. Maybe it is a safer option to forward the traffic from the ISPs IP to the box. Allowing the packets in a firewall rule is not sufficient.

@kom that's a fair point.

kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 0; apic id = 00 fault virtual address = 0x320 fault code = supervisor read data, page not present instruction pointer = 0x20:0xffffffff8153fae0 stack pointer = 0x28:0xfffffe000059d7b0 frame pointer = 0x28:0xfffffe000059d820 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1 processor eflags = resume, IOPL = 0 current process = 21 (dom0) trap number = 12 panic: page fault cpuid = 0 time = 1623189232 KDB: enter: panic db:0:kdb.enter.default> bt Tracing pid 21 tid 100091 td 0xfffff800049a8000 kdb_enter() at kdb_enter+0x37/frame 0xfffffe000059d470 vpanic() at vpanic+0x197/frame 0xfffffe000059d4c0 panic() at panic+0x43/frame 0xfffffe000059d520 trap_fatal() at trap_fatal+0x391/frame 0xfffffe000059d580 trap_pfault() at trap_pfault+0x4f/frame 0xfffffe000059d5d0 trap() at trap+0x286/frame 0xfffffe000059d6e0 calltrap() at calltrap+0x8/frame 0xfffffe000059d6e0 --- trap 0xc, rip = 0xffffffff8153fae0, rsp = 0xfffffe000059d7b0, rbp = 0xfffffe000059d820 --- smp_targeted_tlb_shootdown() at smp_targeted_tlb_shootdown+0x420/frame 0xfffffe000059d820 pmap_ts_referenced() at pmap_ts_referenced+0x5c6/frame 0xfffffe000059d8f0 vm_pageout_worker() at vm_pageout_worker+0xf88/frame 0xfffffe000059dcb0 vm_pageout() at vm_pageout+0x193/frame 0xfffffe000059dcf0 fork_exit() at fork_exit+0x7e/frame 0xfffffe000059dd30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe000059dd30 I don't recognize that backtrace, but it seems to be pretty deep in an area unlikely to have a bug. It see it's running in KVM. It could be an issue in the Hypervisor hardware, or something else in the VM settings, but it's unlikely to be a problem in pfSense itself. I'd snapshot it and upgrade it to 2.5.2-RC before anything else, though.

@hshs7129 You'd be better off putting it into bridge mode, so pfsense can handle IPv6 properly.

Hmm, I'm not aware of anything there that actually causes a kernel panic. You see any errors in the wireless logs? You might try a 2.5.2 snapshot. Or 2.6 even. But if this is the first time you've seen an issue since April it's almost impossible to know if it makes any difference. Steve

@beedsley I guess i posted too soon, 3rd try and it is successfully updated.

@viciousxusmc said in Suricata / Netmap Crashing on High Traffic Stable 2.4.5 Broken 2.5.1: Netmap and Suricata running in in-line mode See various posts from bmeeks about this on 2.5.x/FreeBSD 12, e.g. https://forum.netgate.com/topic/163853/snort-and-internet-speed-problem/9. It sounds like inline may be more problematic on 12.

@akegec thank you for your time and suggestion. I already cleared the cache for browser. used different browsers and computer as well. restated the pc/pfsense. I would also like to add that I can see required website in ip-permit logs. But it all never resolved the issue. Thank you

@ifixit not enought information but if i have to guess you need to set the vswitch to vlan10 or vlan4095 if you have configured vlans on pfsense

I would suggest as a first move installing some monitoring tools with historical data, for example telegraf (influxdb + grafana on separate machine) will show dropped packets, pf metrics, system ....

The interfaces themselves must be set as static. You would only set them to DHCP there if you want them to pull an IP from some other DHCP server, like you would for a WAN interface. You to enable a DHCP server instance on those interfaces in Services > DHCP Server. Doing that will allow a client connected to them to pull a lease in the correct subnet. Steve

EXTRA CONTENT: Configure the WebGUI to use HTTPS (port 443) using pfSense's terminal/console/shell. Using option 12 ("12) PHP shell + pfSense tools") perform the commands... $config['system']['webgui']['protocol'] = "https"; $config['system']['webgui']['port'] = "443"; write_config(); exec; ... and exit... exit Use option 11 ("11) Restart webConfigurator") to restart the WebGui. Test WebGUI access (HTTPS, port 443)... curl -k https://10.2.0.101 NOTE: Use "-k" flag to avoid "curl" give the "SSL certificate problem" error message. This will workaround it allowing insecure connections. [Ref(s).: https connection using CURL from command line ] NOTE: Requests on port 80 (HTTP) will automatically be redirected to port 443 (HTTPS). TIP: This file contains many of the ways that pfSense uses to consume its settings... vi /conf/config.xml ... based on these templates we can define ways to use option 12 ("12) PHP shell + pfSense tools") to perform configurations like this example... $config['system']['webgui']['port'] = "443"; write_config(); exec; . Thanks! =D

@sdok said in Install Plex Media Server along side?: I donno if it will come out 1:1 in the end. Yeah there for sure would be some config issues with interface names.. em vs vmx, igb, etc. depending on what the hardware is and vm naming, etc. How complicated is the config - rules, other packages, vlans, etc. etc. A vanilla sort of config can be up in minutes for sure.. Just clean without any restore, etc. You could spend way more time trying to figure out how to manipulate the xml to work as restore on different vm software vs just doing clean from scratch setup - depending on how far your away from just base install.. wan/lan = internet sort of thing.