Mmm, that implies something was opening things using upnp that somehow broke opening new states perhaps. Hard to see how it could do that though. Was it open to requests from WAN maybe?
Something local to the device triggering it would explain why the same setup appears fine on other hardware in other location.

Steve

I advise you to make the captive portal work without this "firewall2".
Add "firewall2" only when everything works perfectly.

I have found solution
The issue was in /usr/local/etc/pkg/repos/FreeBSD.conf where I previously added

After disabling it starts working fine

It's not a package we make available. I don't know that anyone is working on it, either. With VPNs being easy and ubiquitous, there is little need for anything as crude as port knocking these days.

@JKnott

changing the pfsense box to 192.168.2.1 fixed this.

Thank you everyone!

This :

29b49aa8-8aa8-4369-9401-8e7febf29ed2-image.png

means : a 5 Mbits limit is maintained for the entire /24 network, like these devices 192.168.1.1 to 192.168.1.254.
If you select a /32 (as equivalent to /128 for IPv6 - but you are probably not using IPv6) then the limit is set per device.

It's better now than it was earlier today, but could be better still.

@SparkyRih said in Unable to find *.so libraries after power loss?:

I would expect software like this to handle a power failre, not?

This sofware is actually an OS, using a writable disk storage.
Try ripping out the power of any OS (one from Microsoft, Apple, any Linux based one) and you have big chances it will complain when you reboot.

If pfSense was ROMable with some RAM as a scratch pad, like your ISP router/modem device, than it would handle better power outages.

Yeah that looks like dhcpd is enabled. If you had picked /32 you wouldn't of been able to enable dhcpd.

If your device can not get an IP, then its never getting to the internet.. Do you see dhcp requests from it in the dhcp log?

If not then no dhcpd would never hand give it an IP.

You sure your connected to the correct interface - and the cable and this device are good?

Something like the Limiters defined here:
https://forum.netgate.com/post/807490

There are a number of posts in that thread detailing similar arrangements.

Steve

@Vincent_28 said in How to block torrents:

use wireshark. to see the port of torrents and syn. seeds of bitorrent

That is a wack a mole game that will keep you busy to the end of time.. And as already stated - it can be ran over ports that you require to be open. 80/443..

The most effective method is application detection via your IPS - which again as the tech evolves signatures can change depending on the p2p product being used.. Which your IPS might not detect, analysis of traffic flow patterns can help in detection as well, etc..

But blocking of ports is not going to stop someone that knows what they are doing and how the protocol can be used.

Good way to stop it is only allow your proxy outbound.. where clients have NO direct outbound connection capability... And block lists on your proxy to prevent connection to p2p networks even over the proxy, etc.

Trying to control user access once you have given them even 1 port outbound is going to be a never ending battle ;)

@shawnlouis Post your problem in a new thread and provide relevant details like what you are trying to do, what happens, error messages, and your LAN rules & config.

First thing I would do is pretend it's broken, try and recover the device; get an image file from us, reflash the unit see the recovery process first hand.

Once you have done that a few times, have at it...break it, add what you would like to use; when it's in the broken state fix it. This is how I learned many many many moons ago!

@johnpoz

While executing the command I actually typed in “dig +trace to ns1.fmlh.edu” instead of “dig +trace ns1.fmlh.edu”

One thing you could try is booting a live Linux distro to see how it performs. This would tell you if the problem is hardware or software.

@kiokoman said in Issues with two external websites on same subnet:

Both are working well from my side now with fastweb. ciao beppe 🙋

grazie @kiokoman !