@jdeloach said in Sensitive Software & Unable to start vnstatd:

@WannabeMKII Sounds to me like you need a Battery Backup UPS that the SG-1100 is plugged into if it is that sensitive when it is not powered down gracefully.

Yeah, this is something I'm going to have to look at, just a small UPS for the pfsense box. Any recommendations for a small UPS?

I'll check the pfSense firewall rules. I used the Wizards to set up the protocols. Our firewall/VPN router had been running on pfSense 2.3.2 since 2016, but we upgraded to Windows Server 2019 and were informed that one of the protocols was now considered unsecure. The person who set the router up has moved to another city, so while running an engineering practice I'm spending my off-hours dabbling in IT issues that I haven't messed with for ~25 years. I'm now running to pfSense 2.4.5 via incremental upgrades from 2.3.2 - no problem with the upgrades from what I can tell. I'll also check the Windows Server firewall to see if RDP connections are allowed. Thanks for advise.

I found the solution. I activeted the "Enable Forwarding Mode". Now, it is working like a charm.

@RonpfS I know it's an ancient thread but I googled and couldn't find existing solution to this problem.

In my case time sync issues in Windows (all those 0x800705B4 errors) were fixed by unchecking the "Enable KOD packets" option in NTP server ACL page.

Hope it could help someone.

So turns out there is no loop. pfSense rewrites ICMP errors IP addresses. Asking more details about that in https://forum.netgate.com/topic/152252/pfsense-rewrites-source-ip-for-icmp-errors-breaking-traceroute

@NKOADMIN Awesome...congrats!

No problem. 👍

Still should conflict with 192.168.30.0/24 where the printer is.

Also it would be an all-or-nothing type deal. If you can connect at all to the printer it is not a conflict.

Steve

I went ahead and just blew everything away and started over. Once I rebooted and everything was down I figured it was time to start over.

@jlw52761 Thank you for your time and professionalism in presenting...I really appreciate that. Neither is I a Netgate sales person...The OP is an informed network person having taken a Cisco course...he stated, his needing multiple network such as a DMZ...he stated, he "would like advice on what Netgate product would suit me the best." He stated, his having multiple network toys and his looking at the SG-3100.

Personally, I would have recommend the XG-7100 desktop longterm...I am even thinking now of getting that SG-3100 from Amazon and flip it...on a second look, I get the reality check...it's the SG-1100. https://www.amazon.com/SG-3100-pfSense-Security-Gateway-Appliance/dp/B07JBWRQ3K

thanks @jlw52761 that is a great dashboard, and so much easier than what I was trying to do with the above.

Thank you for clearing that up.

-Rico

@jlw52761 said in Downgrade packages:

Unfortunately your comparison doesn't hold much weight because every software vendor I've ever dealt with, Microsoft, Apple, VMware, Cisco, Palo Alto, Ubuntu, etc all maintain support for multiple versions and don't force folks to the "bleeding edge" regardless of issues. In fact, look at what has happened to Microsoft and Apple over the last 2 years, they are having to move to the stance of allowing users to defer updates instead of forcing issues, like loss of data.

By saying the majority of folks don't have issues and only those that have problems post is discouraging those folks from posting or pointing out problems due to fear of being singled out.

Now I don't know about some folks, but 20+ years in the enterprise infrastructure has taught me one constant, bleeding edge in production is the quickest route to disaster, and the method that Netgate is taking flies in the face of stable production.

Now, with that, I have upgraded both of my firewalls to the 2.4.5 release, and guess what, frr still will not start on one and not run reliably on the other, and there's no log entries or indications of why the situation is occurring. If I had this running in my business and I lost BGP in this fashion, I would no longer have this vendor in my environment. Plain and simple.

I understand Netgate tries to test and validate as much as possible before releasing new software, but the reality is they cannot test for every possible use case and scenario, and I wouldn't expect them to be able to either, which is why I would rather have the option of testing a new release in my lab before being forced to place it in production, or have the option to hold off any new releases for several weeks. Personally, I do not want my production to be anyone's guinea pig environment, and I avoid testing in production at all costs, and the current way Netgate does the software push doesn't allow me to easily do this.

What I said about who posts and who does not is generally true. It's not meant to single anyone out. Just to point out that it is not a reliable indicator of how "bad" some particular issue may be.

No matter. My intent was not to pick a fight with you or argue. Just wanted to point out there are reasons for how some things are handled when it comes to free open-source software.

However, in this instance Netgate/pfSense has taken a rather out-of-the-ordinary step of making the prior 2.4.4_p3 release available again, including packages compiled for 2.4.4._p3. Search the recent forum posts and you will see how to roll back.

@Gertjan said in pf 2.4.4-RELEASE Navigation Link Broken:

Thanks for the confidence in the latest pfBlockerNG-devel. Still a bit hesitant to pull the trigger. ☺

@BlankSpace No...your built-in graphic card maybe going out but again that's not a pfSense issue.

@stephenw10 said in First Crash after upgrading to 2.4.5:

What were the two tunables required, for reference?

e.g dev.igb.3.fc = 0, and dev.netmap.buf_size= 2048

https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

-Rico

I presume by sniff you mean diagnostics -> packet capture? I'll try that, and feed it into wireshark. I've only used wireshark really briefly before and I'm definitely no network whizz! Thanks!

@Simbad said in Edit /usr/local/lib/php-fpm.conf:

/usr/local/lib/php-fpm.conf

i would like to change:

pm.max_children = 8
pm.start_servers = 2
pm.max_requests = 5000
pm.min_spare_servers=1
pm.max_spare_servers= 7

and

process.max = 8