excellent, I shall make a cup of coffee and knuckle down with some reading.! Thanks again

@above-below_6 We use DHCP... Can’t get through to Comcast... we are trying other things at this point .. Thank you very much for replying, glad you got it figured out... it’s beyond frustrating... I’ll post once we have a solution

There were probably states open already carrying the traffic. Adding the new rule would not have removed those but they would have eventually timed out and been replaced by states with static ports when re-opened. Be aware that static source ports can occasionally be a problem if set for everything like that. If you have two clients behind the firewall trying to connect to the same external IP with the same source and destination ports one will fail. Steve

Have you tried powering off the Comcast router? We've seen more than one case where, when changing routers, the Comcast doesn't update its routing properly, especially if the WAN IP being used didn't change. (e.g. when replacing the client's router) edit: also re: pinging, if the Comcast gateway IP isn't pingable then the gateway monitoring will see it as down.

Hello! Options for notifications, like the Email Reports package for gateway events and script support, have been discussed here : https://forum.netgate.com/topic/155063/notification-on-events?_=1600390142279 My understanding is that pfsense is not an mta, and while is has its own form of "queueing", it will not send notifications if it cannot reach your smtp relay. My preference is to setup a pi along side pfsense as a support server to run things like an mta (postfix, exim, ...), local monitoring (nagios, icinga, ...), and other things that I dont want to burden pfsense with even though it might be able to handle them (squid, nmap, ...). YMMV. John

We've created a feature request/PR against the sudo package that should hopefully mean that there's no more hacking of the actual sudoers file on disk, should it get merged in: https://github.com/pfsense/FreeBSD-ports/pull/936

@M_SCHOFIELD said in OneDrive Upload causing failure: two more CPU cores as well. This is a very good idea, especially if you have a reserve

@leplik said in RRD ho: 2.4.4-RELEASE-p3 (amd64) ....... Proxmox pfctl consumes 100% of one core We know. There was an issue with - mostly - virtual versions of pfSense. It was a FreeBSD 11.2 problem. See old forum posts for what to do. FreeBSD 11.3 solved the issue. Use the latest version of pfSense and you'll be fine.

@justice41 Unless you set the MTU larger than expected, it wouldn't make a difference. You can smaller and it will only affect throughput. So, I assume you set it too big.

Solved

It should automatically boot option 1 from there (the loader menu) when the countdown finishes. What happens? However the default countdown value there is 3 so you have changed a setting there. I suggest you removed any non-default loader.conf values you may have added. Steve

You need to take your server off the transit network... Be it you want it to be a vlan hanging off your downstream router, or a vlan off of your edge router (pfsense).. But currently that network is transit (a network between 2 routers) putting hosts on it that need to talk or get talked too from network via one of the routers lead to asymmetrical traffic flow. Throw another vlan on your pfsense and put your game server there, now you can actually firewall between your downstream networks and the server..

Agree with @Rico. Sounds like ISP issue. If you did want to test something before calling the easiest thing to do it connect a PC directly to the modem and see if you get the same results.

There isn't one currently but it may not be that hard to add. Open a feature request, I don't see anything open for that: https://redmine.pfsense.org/ Steve

@DaddyGo said in New to pfsense: the world is like that now Things are crazy for sure. Stay safe. nd the Lawrence Systems youtube channel I have seen a bunch of Lawrence's videos. They are great for a lot of pfSense and Ubiquiti stuff.

Well the only way that would happen then is redfin for whatever reason resolves to an IP on pfsense. I show redfix.com as ;www.redfin.com. IN A ;; ANSWER SECTION: www.redfin.com. 3600 IN CNAME www.redfin.com.edgekey.net. www.redfin.com.edgekey.net. 3600 IN CNAME e6704.a.akamaiedge.net. e6704.a.akamaiedge.net. 3600 IN A 23.60.171.44 ;; QUESTION SECTION: ;redfin.com. IN A ;; ANSWER SECTION: redfin.com. 3600 IN A 216.211.130.168 I would validate what its resolving so what it should resolve too - if your saying it resolves correctly and your still getting certs on pfsense - then you must have some sort of redirection setup, etc.. Works fine here.. redfin.com redirects to www.redfin.com

Have you tried reinstalling a fresh image and configuring from scratch. Having good performance in that scenario is enough to rule out hardware, besides it's extremely rare anyway. PPPoE and DHCP connections are really binaries called by the system, maybe they got corrupted somewhere between the Internet and your drive. A bad config file can also make your life miserable, I recently had one; having preinstalled master to clone is super helpful because I'm sure I'm getting a known good system but when things sort of work if the worst bc you look in all the wrong places and break things that weren't broken. The config file is a good example of a cause of these issues. I managed to rescue sections of it though, like the aliases which is the biggest, only that section was enough for me to be thankful--it's seriously really big. Snapshots are also useful when recovering in case you goo too far. Hopefully you fixed it by now.

Thanks for the responses. Taking to search I found this http://linorg.usp.br/pfsense/downloads/ Hopefully not spyware-ransomware embedded, but I am only using it in a closed off lab so should be OK. Now that I think about it - not providing older versions (for sake of regression testing like I'm doing) really puts users at more risk if they are forced to go elsewhere for older versions. It's a bit of an own goal if you ask me, but is what it is. I'll take my chances, and try and remember to offline store the installation ISOs and checksums from now on. I never expected I'd be regression testing this product, but then again, I didn't expect pfSense to have such a dire FRR OSPF bug (which OPNsense doesn't have... but it has other issues so not keen to turf all my config out the window just yet!).

Ugh! If only I had checked back my email. I found that only until today, well… I found that the system is mounted read-only, fixable (not that is broken) with mount -uw /. I thought it was like a FreeBSD jail thing. It's never not amazing the simplicity with which UNIX-like systems solve problems while others just pile bloat on top. On other hand though, attempting to break my system, 'cause that's what I'll do, I ran into another of these: [image: 1600251379167-screen_shot_2020-09-16_at_03_55_18.png] Another disappeared key. Does it mean I have to install it through the GUI too? I guess we'll see; I just pushed another copy and I'll let proof here even if I'm only talking to myself to come back to it later. [image: 1600252842844-screen-shot-2020-09-16-at-04.19.54.png] 🧩

@enigma27 You can just disable it at your workstation. You won't have any issues until you are either behind cgn or not assigned an ipv4 address