Yup, because Python was upgraded, that is effectively a different package.

Steve

i'ved added two new reject rules on interface vlan876. still not working =(
a7c72de6-08ff-4ad7-be15-ed2020d987f9-image.png

@Gertjan

Both are LAN type interfaces ? Or one of then a WAN ?

Suricata is not set for WAN igb0 however is set for LAN igb1, WLAN igb2

If so, and you have not have any NAT rules that you want to protect - or classic firewall rules that permit IPv6 to enter your network(s), you could remove that interface from the list used by Suricata.
"There is no need to protect a closed door."

@kiekar said in Loosing connectivity between pfsense and webserver:

pfSense is consuming 56%

That is : pfSense uses more like 6 % on your system - mine is - and your packages ( Suricata ?) is using that wopping 2 gigs. That van double on rule reload, so be careful what option you choose. You'll be close of using swap space with all the drastic consequences that comes with it.

Will look into it

Hi,

Troubleshooting network problems : you shouldn't be using them to get needed info. Which means you have to use most important interface : the console access. That one will stay functional when an interface goes down. You'll be able to check the logs and other system specs - the place where all the answers are. You'll see that the system isn't down at all, most probably only the NIC (driver).

Also : is your WAN not a Realteck ? Then swap WAN and LAN interfaces. Realteck NIC's are strange animals. I'm using several of them right now. Other, probably most, came in from Amazon, lasted a day, and are piling up in some box somewhere, being completely useless. You shouldn't doing complicated things with them like "heavy load" and VLAN's at the same time ... that's asking way to much.

Btw : have a look in this forum. There are post that mention an alternative Realteck driver with rather good results, better as the build in stock driver.

First thing I suggest you check is that the DNS is resolving from the firewall:

diagnostics dns lookup
enter 'system76.com' and press lookup and you should get a reply from all of them.

b9bf19ae-2cd3-4919-b12b-20941884bf18-image.png

Here's what I'm seeing. Custom view from 12PM - 5PM today. Processes has been removed from the graph.

What I'm seeing here is not just barely 5% CPU?

monitoring.PNG

yes of course,
but when you want to restore that section you need to select the same section on the drop down menu

@VirtuousMight

I don't know that you can do anything to cause leases to renew. They'll renew when the clients are ready to renew. The server only responds to the requests. What you can do is disconnect/reconnect the Ethernet cable to a device. It will then do a renew.

@kevindd992002 said in pkg update -f and pkf upgrade -f:

apt-get does, but not apt. Anyway, will doing a pkg update -f do any potential damage compared to just letting its thing do without the switch?

No, so long as you have not manually monkeyed with the repo.conf file and say pointed it at some other remote repository that might contain different versions of stuff. But with a stock pfSense installation there is no harm in using the -f switch other than just downloading and rewriting data that strictly does not require such.

@araujovitorpaulo said in Help trying to get a new repo on my 2.4.4 p1:

@NollipfSense that was an alternative at the beginning, but when I search for updates, it says that the server is up to date (http://prntscr.com/rrnrc0).

The only way to recover it is making a brand new server with the 2.4.4p3 installation?

2.4.5 is the new current version. Unless you have an existing copy of the 2.4.4_p3 install media, it is no longer available from official sources. You may find unofficial copies out there someplace on the web, but I would be wary of such things.

You can do a frresh install using 2.4.5 media and import your existing configuration. There are instructions for doing that in the Netgate docs.

Hi,

I'm not using VLAN's (on pfSense) neither VLAN capable switches.
But I have a private entreprise LAN 192.168.1.0/24 which contains several AirPrint printers.

I also have a second LAN, a public network 192.168.2.0/24 that can't access my LAN at all - just the gateway to the Intyernet. It's a pfSense Captive portal, available for the companie'ss visitors and clients (a hotel).

I created this rule on the captive portal's interface :

d563e8e8-4ca9-4f37-9e9f-c7734afb1ffc-image.png

You - as a network admin should also ask yourself : how does AirPrint work ?
This question isn't optional any more as soon as you have multiple LAN's, and you want devices on one LAN network use devices on the other network.

You discover that the question is already known ^^ and you install the pfSense package Avahi.
Test on your device with a software tool like Discovery on an iPhone or iPad and you'll see that Avahi works : devices that expose Airprint - and many other - services are listed, and you can print ...

Btw : again : I'm not using VLAN (yet).

Note : if your printer and devices that want to print are on the same (V)LAN, that your issue isn't a pfSense issue. Redo your VLAN settings which might include your printer. remember : VLAN are like LAN's, they just need more hardware and hassle.

@nevets No problem, given it's widespread it seems like it's a Comcast bug? Firmware? Expect it to recur in a month or two... :(

I do understand but ever since I installed the new version, I had to reboot the system once a day so that my web server and, mail server is accessible from the outside.

When I access the GUI the widget for haproxy is showing the backend as down while the service is running, I can't even remote desktop connect to the server. I Had made no hardware changes and everything was working fine prior to installing 2.4.5

@ptt

Thanks for your help!
pfSense is awesome!

But you can call me an idiot but I could not complete restore during USB install from another USB stick :(

As far as I could verify my internet provider is forcing the resolution of names in your DNS

@bcruze thanks - I'll look into this as well.

https://docs.netgate.com/pfsense/en/latest/book/firewall/time-based-rules.html