@teamits, thank you - firewall reboot helped!

@Gertjan said in Zero Day Exploits - How to Reset Everything:

You saw the film / video @johnpoz mentioned ?

I watched it many (40?) years ago. My girlfriend (later wife) almost jumped out of her seat, when the alien came out of the body! 😄

Yep, i use suricata in inline mode(i have a few public game servers). Didnt noticed any dropouts or issues, and after a while those messages stopped so IDK. Maybe it was a temporary hickup or something.

Thanks. I wasn't sure.
It rebooted fine and works, so...

Oh I think I see you're saying one NIC in for WAN and use two NIC out for like LAN, if that's the case this won't work, I bought a micro computer that came with two NIC's and no way to expand. that one of those little 12"x12" computers

I would download the 2.4.5 installer for your hardware, take a backup, and reinstall. Use the "recover config.xml" option in the installer. You'll be back up in just a few minutes.

@johnpoz
yes the ftp speedtest is only an example.

On the ftp server to which the script connects I have the following error message:

ftp> ls
200 PORT command successful.
425 Can't build data connection with host : "x.x.x.x" Error : Connection refused
ftp> quit

I also tried to enable the parameter:
Rewrite Source to Port 20
but the result does not change.
Thanks.

@CNLiberal said in Solution for Multicast Over Tunnel:

haven't found decent OpenVPN software for the Mac yet.

On this point, the client linked on this page from the OpenVPN Access server docs, in my experience, works fine with an OpenVPN server on pfSense. Just import the standard config. I have not tried this with a tap connection. I used the 2.7 version, and haven't tested the 3.1 beta. The page also mentions alternate clients.
https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-macos/

@JKnott
No, that's my old setup.
I've replaced it with a single-NIC Intel NUC using vlans. Finish reading the post :D (There's an image in the spoiler)

Start here:
https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

@JKnott Yes wired devices are fine also, unaffected. The only things affected are wireless devices and only a couple. Im leaning towards the access point, I'm going to swap it out and see what happens.

@rrebel

Found the problem had to add an extra NAT RULECapture5.PNG

Well ping and rdp are different protocols - the host firewall could allow rdp and not allow ping (icmp). Or if a firewall rule with pfsense, you could be allowing just tcp or tcp/udp while ping icmp..

Hello,

I changed my network and have now just one NIC :-)

Thank you all!

That's me. If I can mess something up, I will. I do know not to set a gateway on the LAN,. I couldn't figure out out it was set that way. I didn't know about the other place it could be set, I was trying to find it in interfaces with no luck. At least I will definitely remember that for future installs. Again, thanks very much for your help. I do appreciate it! BTW, I foot still hurts :-)

Hi

Thank you @kiokoman. Works great

[2.4.4-RELEASE] /root: speedtest Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Cox - Wichita (Wichita, KS) [1.04 km]: 48.268 ms Testing download speed........................................................ Download: 23.99 Mbit/s Testing upload speed......................................................... Upload: 21.58 Mbit/s

Regards

Not talking about what you figured out - I am talking a huge difference in a setup when your HA vs when its a single box, etc..

Did you validate pfsense is seeing the dhcp discover? Troubleshooting dhcp is 30 seconds worth of troubleshooting here... The dhcp service is running or its not running, it sees the discover or it doesn't does it send a offer...

@Gertjan list is pretty spot on to be honest ;) hehehe