• Login successful, but browser not allowing it

    18
    0 Votes
    18 Posts
    10k Views
    stephenw10S

    I will just add here that I am not seeing this and I connect to many different pfSense boxes everyday using Chromium by IP address. Whatever it is you're hitting seems more nuanced than just that.

    Steve

  • PFsense Intel CPU MDS Vulnerabilties

    6
    0 Votes
    6 Posts
    2k Views
    I

    @chrismacmahon Awesome, thank you sir!

  • lan rule block not working have tested today

    11
    0 Votes
    11 Posts
    1k Views
    johnpozJ

    Yeah do some research on how proxy works in general, then do some research how squid is setup in pfsense. Then implement that how you want to.. Its not something that you get from a "snap" ;)

    You prob have a less bumpy right just forcing all your clients to use pfsense as dns - and then making sure that pfsense does not resolve domain.tld.. This can be done via host overrides, domain overrides sent to nowhere. Or a package like pfblocker that allows you to blacklist stuff.

    Proxy would allow you more control where you could allow say url domain.tld/work - but block say domain.tld/game... But this gets more complicated with https, as you can only use domain.tld and not any paths in the url for filtering. And the proxy would for sure have to be explicit and not transparent, etc. etc.

    To be honest trying to filter content is always going to be a wack-a-mole game that users find ways around.. It normally works fine when your just blocking them from stuff they don't really want to get to... Say bad malware sites and the such, or ad domains, etc. But when you try and block them getting to where they actually want to go - they will find ways around your blocks.. Can pretty much promise you that ;)

  • I am not sure this normal

    4
    0 Votes
    4 Posts
    4k Views
    RonpfSR

    https://forum.netgate.com/topic/137401/unbound-log-entries/2
    Sometimes unbound doesn't log anything after a reboot. It will start logging after a Status / Services restart

  • WAN Failed to Get DHCP IP Address (Solved)

    10
    0 Votes
    10 Posts
    1k Views
    johnpozJ

    So you cable modem wasnt actually connected to the internet yet.. ;)

    Yeah you have to wait til its actually on the internet before it can give something behind an IP... 192.168.100.x is what it gives clients when its booted but not connected to internet.

  • How to script rules on OpenAppID to block torrents

    14
    0 Votes
    14 Posts
    2k Views
    bmeeksB

    I will clarify my statement by saying you can't do this on pfSense using the Snort GUI package.

    You can potentially set something up if you go totally command-line with Snort and do not use the GUI at all. The GUI package cannot support inline IPS mode.

    If you use the standalone binary, you can configure DAQ to use netmap IPS mode, but only if you are willing to use two actual physical interfaces and bridge them with a cross-over cable, or else put Snort and DAQ on a separate box that sits between your LAN and pfSense. None of this is easy to set up, and it would be something you would be on your own to configure and support.

  • CPU C States and latency

    1
    0 Votes
    1 Posts
    420 Views
    No one has replied
  • UPnP needs a restart almost every day.

    8
    0 Votes
    8 Posts
    2k Views
    T

    Not a thing. It just stops. The routing log is pretty desolate. I haven't found log entries anywhere else, though part of the problem is knowing what to look for .. and ending up going back through syslog to find them. It hasn't died since I posted yesterday and UPnP rules are still present.

  • Having LAN issues related to a new switch

    39
    0 Votes
    39 Posts
    3k Views
    johnpozJ

    Setting static anywhere... Unless your ISP is doing something really wonky, even dhcp from your ISP would stay the same.. And even if that doesn't - that is the whole point of dynamic dns.

    My comment was made towards the OP comment that he has need to get to his devices, etc.. so he sets a "static" ip on them.. This is lack of understanding of how dhcp actually works is all.

    Unless your connecting to some public network like at starbucks or something where there are hundreds or even 1000's of more devices using the network than what the dhcp scope is setup - unless your client actually relinquishes the lease or is offline for extended period.. Typically the client will maintain the same IP they have always gotten..

    In a home setup with a handful of devices and a /24 scope.. Its almost impossible that a dhcp client would get a different IP then the first one it gets when first joining the network.. Unless old leases are removed from the dhcpd, and or dhcp server changes, etc. etc..

    btw for clarity if I say set a static - I mean on the device, if done with dhcp then to me that is a "reservation" - this term static dhcp is an oxymoron...

  • Traffic Graphs

    4
    0 Votes
    4 Posts
    538 Views
    D

    Thank you Bruce.
    I can tell you that in version 2.4.4 it isnt fix it, I already have that version and still with the same issue.

  • Notification on Connection

    3
    0 Votes
    3 Posts
    409 Views
    H

    @KOM

    Right. Shouldn't be too hard to write a custom piece of code that simply created a pop up notification or a few beeps whenever a certain IP is logged.

    What you can do with this is limited only by your knowledge of php it seems.

  • 0 Votes
    11 Posts
    1k Views
    johnpozJ

    You normally don't use eap-tls in when you need to do such a thing.

  • LDAP Extended Query with Multiple Groups

    6
    0 Votes
    6 Posts
    13k Views
    L

    https://redmine.pfsense.org/issues/9527
    might be of interest too for rfc 2307 enabled

  • Issue Disable interface vlan

    2
    0 Votes
    2 Posts
    271 Views
    jimpJ

    That shouldn't happen, but without more details, such as a crash report, it's impossible to say why it did.

    First things first you need to upgrade to a supported release, 2.4.4-p2.

  • Load Balancing DNS with relayd

    Locked
    16
    0 Votes
    16 Posts
    6k Views
    johnpozJ

    You don't need a ttl of 60 to load share.. They do it because they like lots and lots of queries because you get charged per query.. Set to 5 or 10 minutes.. 30 or so.. Come on 60 freaking seconds.. Lets get real..

    I believe that is what they default too.. And people using them never update... The only reason you might ever get down to be a 60 second ttl is when your about ready to flip to another NS.. And you should really work that down from whatever your standard is, as you get closer to the switch over date and time, and then as soon as you flip over you would ramp it back up..

    Another issue with current dns is that iot devices are not set to do any local caching - so every freaking time they want to go somewhere like every few minutes they have to query for it.. And if where they go has a 60 second ttl, its just nuts...

    No the dns cache would not be shared via ha pair - I don't think so.. doesn't make a lot of sense to be able to do that. Your not active active, your active/standby, etc..

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    6 Views
    No one has replied
  • postmap command

    11
    0 Votes
    11 Posts
    2k Views
    L

    solved
    i run squidGuard - C all to rebuild files database for
    sorry and thanks

  • Realtek RTL8111H drivers for FreeBSD

    9
    0 Votes
    9 Posts
    5k Views
    GertjanG

    Hi,

    You have a 1GB capable switch somewhere ?
    Put it between your modem and pfSense and check link speed again, both WAN cables.

  • pfSense Crash Report

    2
    0 Votes
    2 Posts
    342 Views
    stephenw10S

    Looks to be some issue with the bxe driver/NIC.

    This doesn't look ideal:

    bxe0: ERROR: Changing VLAN_HWFILTER is not supported!

    This is also bad:

    Sleeping thread (tid 100411, pid 62759) owns a non-sleepable lock

    That seems to be the problem. It looks like a software issue, same crash every time.

    You might try a 2.5 snapshot to get the FreeBSD 12 drivers. Though I don't see anything to specifically address this in the driver history: https://github.com/freebsd/freebsd/commits/master/sys/dev/bxe

    Steve

  • Skype on Pfsense

    4
    0 Votes
    4 Posts
    934 Views
    S

    @Azim Did you find any solution until now? because I am also not able to use skype while using transparent proxy... please let me know if you find any solution to got it working....

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.