@DaddyGo Thanks for your prompt response.

Yes I do use pfblocker-ng and resolver so should I enable that option ? I do add mac/ip manually and then dhcp assign that IP to client. My network block is large /20 . IP-range set to 192.168.1.253-192.168.2.254 in this way dhpc does not assign IPs until I add them and then it will be assigned to client .

Regards

You could probably also use this workaround if you don't want or can't use VTI:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/accessing-firewall-services-over-ipsec-vpns.html

Steve

@keesdek

you welcome

@Raffi_ said in Newbie to pfSense, question about network configuration:

@testcb00 I think 0.2b looks better. The only thing is that you don't need the WAN port on the wifi router. The WAN port is only need if you are doing firewalling/routing with that device. You are doing neither with the wifi in your setup. Change that word on the wifi router from 1Gbe RJ45 (WAN) to 1Gbe RJ45 (LAN). You plug the Wifi router LAN port into pfsense OPT1. The wifi router will then be an access point to your network. Rules can be created as need to prevent wifi devices from accessing the LAN on pfsense.

^^ This and switch off DHCP on the WiFi router.

@mattlach said in Maximum Log Size:

@bmeeks said in Maximum Log Size:

@mattlach said in Maximum Log Size:

@bmeeks said in Maximum Log Size:

pfSense currently uses a special logging utility called clog for its system logging. This utility produces a binary circular log file that is first-in first-out. It is not like a normal syslog file on say Linux. Circular logging was implemented when pfSense was first created because many of the installs were on small memory footprint systems with flash memory (remember NanoBSD).

The size limit you are hitting is imposed, I believe, by the clog utility. Most folks who want to maintain tons of log data use the syslog export feature to send the logs to an external syslog or rsyslog host.

Thank you for that.

I will google to see if I can find any guides regarding syslog export.

There are some configuration parameters on the Settings tab of the SYSTEM LOG screen for setting up log export to a remote syslog host. You will find it easiest to create a Linux machine (a VM is perfect on a hypervisor) to be the syslog receiver. There are also packages such as ELK that a lot of folks use. Google the term "ELK" for more info. It is an acronymn for Elastisearch Logstash Kibana if I am remembering correctly. This is a suite of software tools you install on a Linux host.

Thanks again.

I just created an Ubuntu server 18.04 container on my mmain server, and configured rsyslog per this guide.

Next I went into the GUI configuration on pfSense and enabled remote logging and added in the IP of the ubuntu machine, as described here. It doesn't appear to have received any logs yet.

Maybe it needs UDP? I only enabled TCP.

Or maybe I have a permissions problem on the folder I asked it to store the logs in.

I'm troubleshooting.

netstat shows no connections on port 514 though, so the issue seems to not be permissions, but rather be that the connection isn't established.

Do I need to do anything to pfsense to make it start sending logs, or is checking the box, configuring and hitting apply enough?

Turns out it was indeed a filesystem permissions error. I had pointed the logs in a nonstandard location (/mnt/rsyslogd, a mounted drive)

Once I changed the owners to the same as in /var/log (root:syslog for the folder, and syslog:adm for the log files) and then matched the read and write permissions to /var/log as well, things seemed to work as expected.

Thanks for all the help!

--Matt

@JLundberg
Moving this to OpenVPN section

In general using Realtek network interfaces for anything server/infrastructure oriented is just a bad idea. They simply aren't particularly reliable, and usually perform poorly.

@Timbro said in Help, I'm a noob:

UBC1301

https://mediacomcc.custhelp.com/euf/assets/documents/modem%20user%20guides/Ubee_UBC1301-AA00_%20User_Guide.pdf

Yes it is a router by default. This doc shows its LAN subnet as 192.168.100.0/24 so things should work out of the box. But if your ISP has them configured different it may be 192.168.1.0/24 which would not work. You can not have the same subnet on the WAN as you do the LAN.

See if your ISP or yourself can put your cablemodem in bridge mode. Then restart both modem and pfsense.

...and this syntax works fine with Gmail too! Thanks for the tip.

@renjithb said in Issue in Virtual box installation:

Yes the same way I configured

Which is how? What can not talk to what? Your host from what IP can not talk to pfsense IP on what interface in VB..

Your really going to have to give us more if you want any help.. sofar you have told the mechanic its broke..

Still better to have the public IP on the pfSense WAN directly if you can.

Steve

@microkid

yes that's okay, I also wrote this too, but
fix the file system before you scan further the box

everything must be ruled out when searching for such an error..

I know you think of the NIC because the LEDs don't flash but like I said it could be part of a process

@nafeasonto said in Can someone help me please? I can't udpate my packages on PFsense.:

2.5 of Pfsense.

Ah, the bleeding edge technology.

Probably not everything, but most of this page could be helpfull.

edit : also : consider posting in the 2.5 Development forum.

This is a recent, clean install ?
You use packages ? If so, what happens if you disable them all ?

@valentinius Yes, as i posted above the issue is resolved.