• Multi NIC and Multi WAN

    11
    0 Votes
    11 Posts
    920 Views
    stephenw10S

    Yes choose option 1 at the console menu and re-assign the interfaces as required onto the new NIC.

    You will have to recreate the VLANs there though so they are also assignable if you have those interfaces in place already.

    Steve

  • 0 Votes
    6 Posts
    324 Views
    stephenw10S

    Ok, you don't have a gateway set on the LAN rules so you are not policy routing.

    In which case you should be able to connect to those IPs directly as long as they are in the same subnet as your WAN. Are they?

    Can you ping them from pfSense in Diag > Ping?

    You have filtering disabled on both the bridge members and the bridge itself. That's not normally how it would be configured, most people want to filter the traffic to the hosts in the DMZ.

    Steve

  • Adding DNS servers for mobile Ipsec VPN connections

    3
    0 Votes
    3 Posts
    435 Views
    C

    @stephenw10 Hi Stephen, yeah I figured it out in the end... Now just have to get the Mac's working ! :-)

  • [SOLVED] PfSense packet capture using Wireshark on Windows

    2
    0 Votes
    2 Posts
    429 Views
    manjotscM

    @manjotsc Worked after changing to from this https://www.youtube.com/watch?v=Qz68aZ6Yf5g&t=279s
    "plink -no-antispoof -P 8934 -i C:\Users\admin.ssh\id_rsa_putty.ppk root@192.168.40.1 tcpdump -i igb2 -U -w - not tcp port 22 | "C:\Program Files\Wireshark\Wireshark.exe" -i -k"

    to

    "C:\Program Files\PuTTY\plink.exe" -no-antispoof -P 8934 -i C:\Users\admin.ssh\id_rsa_putty.ppk root@192.168.40.1 tcpdump -i igb2 -U -w - not tcp port 22 | "C:\Program Files\Wireshark\Wireshark.exe" -i - -k

  • Use pfSense as part of a larger commercial project

    5
    0 Votes
    5 Posts
    656 Views
    delitriumD

    @jsparla - The ideal situation there is that the company selling home automation solutions might work with us to find the best way to integrate tested, supported hardware appliances running pfSense software from Netgate. Many other companies use our appliances as a piece of the overall solution they offer. The SG-1100 and SG-3100 come to mind as highly flexible, supported, affordable solutions for larger projects.

    We have a partner program that might fit right in with the business model you reference.

    Feel free to contact sales@netgate.com and have a chat to see how we can help.

    Thanks!

  • Capture All Traffic

    Locked
    7
    0 Votes
    7 Posts
    2k Views
    stephenw10S

    I going to have to ask you to stop resurrecting ancient threads please.

    If you need to reference an old thread just link to it or quote the relevant text in a new thread.

    Thanks.

    Steve

  • whatsapp calls issue

    2
    0 Votes
    2 Posts
    420 Views
    stephenw10S

    Something there is different. DNS maybe?

    Can the Windows device resolve outlook.com? What error do you get when you try to load it?

    You have any packages running on pfSense?

    Steve

  • [SOLVED] WIFI calling hiccup over bridge

    11
    0 Votes
    11 Posts
    2k Views
    JKnottJ

    @demoso said in WIFI calling hiccup over bridge:

    allowing an untagged LAN on the wireless AP has fixed this issue

    Normally, when you use VLANs with an AP, it's to use multiple SSIDs. While you could send VLAN frames over WiFi, I really don't see the need to, in that you're unlikely to have something like a phone and computer share the same cable with different subnets.

  • Mobile Ipsec VPN routing issues

    5
    0 Votes
    5 Posts
    624 Views
    stephenw10S

    Usually it's because it can't add that route for some reason. Since there doesn't appear to be a conflicting route there, a permissions error maybe?

    Steve

  • Gmail/Google services unresponsive

    22
    0 Votes
    22 Posts
    2k Views
    stephenw10S

    If you have any IPv6 connectivity at all but not full connectivity that can really bork stuff.

    I have seen sites appear to fail because clients think they can connect ober v6 but cannot. Triple check that!

    Steve

  • View all connected devices

    3
    0 Votes
    3 Posts
    5k Views
    JKnottJ

    @bealefay said in View all connected devices:

    Good afternoon.
    Tell me how I can see in pfsense a list of all connected devices.

    You can't, short of writing a script to ping all devices. The arp cache will show devices that have recently sent packets to or through pfSense.

    How to reserve an IP address for a device in DHCP LEaser?

    On the DHCP server page, you can map IP addresses to MAC addresses.

    The system writes that the IP must not match what the DHCP server issued.

    PfSense will not let you assign an IP address that's within the DHCP pool.

    I would also like to know where you can see the interface speed of the connected device.

    Take look at the "Dashboard" page.

    thanks a lot ;)

    My bill is in the mail. 😉

  • WAN Interfacce Traffic Graph with LAN Host Name / IP.

    4
    0 Votes
    4 Posts
    454 Views
    R

    @NollipfSense said in WAN Interfacce Traffic Graph with LAN Host Name / IP.:

    @ramses-sevilla said in WAN Interfacce Traffic Graph with LAN Host Name / IP.:

    If I see Traffic Graph and select Interface: WAN1 and Filter: Local, all traffic destined / originated to/from my LAN appears destined / originated by the WAN IP and not appear the Internal Hosts that really originated the traffic.

    Natted or NAT!

    @NollipfSense, thanks so much by your answer.

    I know that is because the NAT applied in the WAN Interface but I ask if there is any way to see the Bandwidth consumed between the LAN Interface and each WAN Interface "pre-natted".

    Best regards,

    Ramsés

  • Built-in packet capture v. dedicated packet capture appliance

    7
    0 Votes
    7 Posts
    1k Views
    Sergei_ShablovskyS

    Dear Andrew!

    Could You be so please to describe hardware logical scheme when all traffic (in/out) from mine gate are captured for further forensics analyses by other IDS/IPS software like Snort, Surucata, WireShark, Splunk...

    This is something close to port mirroring and send mirrored traffic to capturing applience with pfSense, am I right?

    Thank You for efforts!

  • pfSense router cannot ping or perform nslookups

    15
    0 Votes
    15 Posts
    2k Views
    U

    @JKnott said in pfSense router cannot ping or perform nslookups:

    Can you ping something that's in your half of the Internet, such as 8.8.8.8?

    It pings just fine

    Also, try plugging an ordinary computer, running Windows, into it, see what you get, and give them a call if you're still getting the /1.

    I'll give it a try.

  • 0 Votes
    25 Posts
    68k Views
    jimpJ

    Make your own thread instead of posting to a mostly-irrelevant nearly year-old thread.

  • Multi Wan with same gateway and splitting with Active directory groups

    2
    0 Votes
    2 Posts
    319 Views
    stephenw10S

    It depends what you want to Limit. You can filter sites by group membership.

    No.

    Yes, as long as you can match the required groups in firewall rules. If it's only by AD group member ship that may not be possible. You might be able to have Squid use a different source IP/WAN directly, I'm not sure I've ever seen that tried.

    Steve

  • Pfsense refusing to block 3 ports

    10
    0 Votes
    10 Posts
    1k Views
    johnpozJ

    As stated those are almost always blocked by ISP or even at the cable modem (docsis)...

    As stated sniff on your wan while your sending traffic to that port - does it get there?

    Also sending rejects on wan (that is connected to public internet) is almost always going to be a BAD idea!!!

    example - I just checked 445 to my public on can you see me, and nothing seen at my wan via packet capture.

  • Nextcloud and Haproxy Issues

    6
    0 Votes
    6 Posts
    3k Views
    R

    WooHoo!!!

    I have got it to work!!

    I added to the Nextcloud config.php file

    'overwriteprotocol' => 'https',

    I think it has something to do with HAProxy handling ssl.

    Anyway its SOLVED!

  • Slow WAN when there are lots of OUTBOUND connections (from 40k-80k).

    4
    0 Votes
    4 Posts
    229 Views
    J

    There is no shaping or limiting of any kind on the firewall. We don't actual use/generate that much traffic, but there are a lot of opening/closing of tcp sockets. There are lots of small packets.

    The only package installed on the firewall is openvpn-export-client.

    On and off pfctl will bounces around 100% and then disappear maybe 20-30 seconds on and then 20-30 seconds off.

    Thanks for the responses, this is giving me stuff to look at!

  • SG3100 Can't connect to www.columbia.edu

    4
    0 Votes
    4 Posts
    417 Views
    stephenw10S

    Works fine through an SG-3100 here. Though it resolves to 128.59.105.24 as the main IP for me.

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.