@ThePieMonster said in Network Setup Suggestions For XG-7100:

Are you saying that I can delete the VLAN groups 2,3, & 4 in the following screenshot?

Yes, you only need those defined there at all if you want to truck VLAN through the on-board switch. If you're using ix0/1 directly for VLANs the switch plays no part in that.

Steve

I thought pfSense was working on the Pi, since Gonozopancho did it, but I guess he didn't make a how-to. ;) OK, so that's out. As for ad hoc network I had even forgotten that the damned thing excisted, from back in the 90's when it was actually in use! ;) I agree that if it had been a cowboy car factory (like so many electric car companies now) it could be a problem, but Mitsu has been around for a long time, so I wouldn't be more scared about them stopping the service then Volvo doing it for my car. And malware is not really a thing with simple stuff like setting the heater, but with a Tesla I agree it could be a problem.

I will take the extender out there some time during next week and see if that picks up anything, thanks!

Simply creating the group will not do anything beyond giving you a new tab in Firewall > Rules.

Steve

@stephenw10 said in [Solved] Ooma not working:

You shouldn't need any of those ports forwards.

Exactly - says right on their site, these are "outbound" ports

https://support.ooma.com/home/advanced-connections-and-service-ports/

outbound.jpg

If you saw that limit between two hosts in the same subnet that traffic goes directly, or at least it should. pfSense never sees it and cannot do anything to affect it.
I would have to guess something is misconfigured on the client.

Steve

Hard to give any specific advice without knowing exactly how it's setup. But in general...

Try to access the webgui from another device then:

Check the firewall logs for blocked traffic from the test client.

Check the state table in Diag > States for open states from the test client to pfSense on port 80 (asssuming you're using http still).

Run a packet capture on the internal interface the test client is connected to. Filter by the test client IP and port 80. Is that traffic even arriving at pfSense.

Steve

Back then it might have been wiped out automatically. The error was from two days ago in your screenshot, though. I'd still say it was a failed attempt to change a setting to something with an international character.

No matter what, though, the best path forward is to upgrade.

Check the firewall logs for blocked traffic. I could imagine it's trying to open a different port perhaps and has to timeout.
Otherwise it's hard to see what pfSense could be doing there. You are fowarding ports to it I assume? 80 and 443?

Steve

Yes. I was thinking that they might be able to help getting me off those spam lists since it is their IP block. But now that I think about it, talking to ATT is probably a waste of time. At a minimum they will tell me to use sbcglobal.

My email ISP has tried to help with spf and that worked for several years but it's apparent that is no longer good enough. This is the handwriting on the wall for me. I'll have to pull the plug on my old address and wait out the blacklisters.

@JKnott I did, see past reply's. I will not know till and if it happens again.

@hilltop79 Can you login via SSH and run:

systat -vmstat

Then check the interrupts and if the load is high. If that's the case, switching to polling could help.

Cu

I had a large Net limit rule in firewall, ive deleted it, but i wasnt using it for anything

Thank you for your time steve

It doesn't matter if you changed your mind after switching to it, the changes were set at that point. If you change it back to stable, you'll have to at least manually reinstall pkg, which is probably what you already did by following that link.

@inagan Well if you're accessing via your browser, it could be your browser.

I just pushed a fix for that syntax error, new versions of the package should be available shortly.

I found the Problem:

At the proxmox hosting platform, there was an option, to pass the traffic through the Host firewall (what was disabled).
Therefore - pfsense has done everything right. After disabling this flag everything works like expected.

THX for your support!!!

Bfo

Hmm, OK well you need more RAM or less stuff using it. You can certainly tune Snort and Squid to use less.
There are a number of threads about both.

Steve

unbound-checkconf is grabbing a big chunk of memory. It should exit before starting unbound.

When did you reboot last ? What's the size of unbound.conf.
Did you inspect System and Resolver log ? PfblockerNG.log ?

If you stop unbound, is the unbound-checkconf process still present.

IPSec is generally faster so if you have Gigabit at both sites you will be able to use more of it with IPSec.

You can use either though.

https://docs.netgate.com/pfsense/en/latest/book/openvpn/site-to-site-example-configuration-shared-key.html

https://docs.netgate.com/pfsense/en/latest/book/ipsec/site-to-site.html

Steve