• 0 Votes
    4 Posts
    545 Views
    KOMK

    A harder way would have been to export your current config, edit out the traffic shaper details, reset your instance back to factory defaults and then imported the edited config.

    Glad you got it going again.

  • Log traffic for single NAT Rule

    2
    0 Votes
    2 Posts
    278 Views
    stephenw10S

    You can enable logging on the firewall rule that passes traffic for that.

    If it's passed by a catch-all rule you can add a more specific pass rule above that to catch only that.

    Steve

  • Syslog server messages

    2
    0 Votes
    2 Posts
    359 Views
    stephenw10S

    There's this for the firewall log:
    https://docs.netgate.com/pfsense/en/latest/monitoring/filter-log-format-for-pfsense-2-2.html

    But that's not really going to help you here. The gateway log messages should be pretty self explanatory. If it shows Alarm there's a problem.

    There is no system log list as that could potentially be any FreeBSD log message.

    Steve

  • High Interface utilization

    4
    0 Votes
    4 Posts
    520 Views
    stephenw10S

    Mmm, not clear what traffic you're seeing and where?

    Reading between the lines it sounds like you might have a misconfigured VLAN port somewhere that's become a member of all VLANs. But that's just a guess...

    Steve

  • Loosing Internet Connectivity Regularly

    5
    0 Votes
    5 Posts
    1k Views
    stephenw10S

    Do you have a switch between the modem and pfSense?

    I would expect power cycling the modem to restore the connection if ifconfig donw/up works.

    Steve

  • 1 Votes
    6 Posts
    1k Views
    T

    @KOM Thank you!

    Regards,

    Mr. Teo En Ming
    Singapore
    29 Mar 2019 Friday

  • 0 Votes
    19 Posts
    4k Views
    T

    @aharrison @Flole @chpalmer

    I believe I have a fix - I've been running this for about 20 minutes with no lag spikes. I won't call it ideal, or even great, but it proves without a doubt that the issue is with the 2.x builds of radvd and not a network card, or vlan or lacp or insert whatever excuse issue, it's radvd.

    I installed an older 1.x binary I was able to find on the freebsd packages mirror to replace the 2.17 binary. It seems to work perfectly fine (it's advertising as expected) and no more lag issues. Steps below (1.15 was the newest version I could find):

    First stop radvd (disable advertisements from the GUI)
    next you need to ssh into the system and go to the console
    cd /usr/local/sbin
    mv radvd radvd.bak
    mv radvdump radvdump.bak
    cd /tmp
    fetch http://pkg.freebsd.org/FreeBSD:10:amd64/release_3/All/radvd-1.15.txz
    tar xf radvd-1.15.txz
    cd /tmp/usr/local/sbin
    cp radvd* /usr/local/sbin/

    restart radvd from the GUI and you should be good to go.

    Hopefully someone at netgate will address this more formally. As far as I can tell at this point it breaks nothing. If you do run into issues you should have no problem backing out, just delete the radvd and move radvd.bak to radvd.

  • Phone on VLAN can't ping PC on LAN

    10
    0 Votes
    10 Posts
    499 Views
    D

    I should clarify, it's not a dumb switch, but it is a managed switch that I just hadn't done any tinkering with. So it has been passing the VLANs just fine. I've since discovered that, as I imagined, my problem pinging PCs from my phone was Windows Firewall settings, which I've corrected. The problem pinging my NAS across subnets turned out to be a limitation of the phone app I was using. Tried a different app and I was connecting to the NAS no problem.

    Thanks, everybody, for the help! Everything's up and running now.

  • My pfsense is limiting the downloads to 4MBps

    2
    0 Votes
    2 Posts
    165 Views
    V

    Hello all,

    I found the problem. I saw in this link (https://docs.netgate.com/pfsense/en/latest/hardware/troubleshooting-lost-traffic-or-disappearing-packets.html) the advise of disable hardware checksum offload in virtual machines. Now is working properly.

    Best regards.

  • Pfsense Firewall Rules

    4
    0 Votes
    4 Posts
    466 Views
    M

    Need more info. Open ports from where to where?

  • 4G LTE Modem Routing Questions

    8
    0 Votes
    8 Posts
    864 Views
    S

    Works now.

    I applied the MOBILE GW to the DNS servers in System / General and checked the Disable DNS Forwarder tickbox.

    All working now.

    Thank you for your help.

  • How to Setting network for open VPN

    3
    0 Votes
    3 Posts
    483 Views
    M

    This is a common request and fairly straight forward to implement.

    1- Buy managed switch and create 3 VLANs one for the private network (wireless) , and one for IoT device and one as managment VLAN. And each one will have separate subnet.

    There are two questions here:

    Will it be a Layer 2 or Layer 3 switch? If it's a L3 switch, do you want to lean towards performance or security? Because each option will change the design.

    Personally, I always lean towards performance, but my concerns and priorities may be different than yours.

    3- Deploy open VPN with PKI and allow redirect traffic only, No access to my internal network.

    This is easy to do. It's as simple as a checkbox on the OpenVPN config and a firewall rule.

    4- Implement AV , snort and web-filter on Pfsense as I use AV and web-filter now on my Asus router.

    You can install Snort or Suricata for IDS/IPS, but the only AV and web-filtering options on PFsense require you to install the Squid package. Personally, instead of trying to leverage PFsense packages that may give you semi-effective, UTM-like features, I'd recommend actually implementing a UTM product. For example, I have Untangle running in bridge mode inside of a VM which sits between PFsense and my core switch providing AV, web filtering, application control, reporting, etc.

  • VLAN OpenVPN issues

    6
    0 Votes
    6 Posts
    609 Views
    johnpozJ

    Good to hear - yeah this is why its a good idea to use non common networks for tunnel and your local networks.. For example 192.168.0 and 192.168.1 are very common!

    Good tunnel networks are in the 17.16/12 rfc1918 space... Like say 172.29.14/24 or something ;)

    Many hot spots that you might be at where you want to go home so using common networks locally.. Can cause you problems from your remote location when your wanting to vpn home... So good to use odd networks at home too.. I use 192.168.9/24 for my normal lan, have yet to run into an issue with that.. But yeah you never know what network you might be on ;)

    Also why good to not use large networks.. When you see someone using 192.168/16 or 10/8 they prob going to have issues trying to vpn out or in ;)

  • pfSense 2.4.4 and Twitch Issues

    11
    0 Votes
    11 Posts
    1k Views
    chpalmerC

    On 2.4.4 here and Twitch works fine.

  • Access webGUI when on subnet

    5
    0 Votes
    5 Posts
    349 Views
    I

    Thank you! That solved my problem.

  • Yet another ping problem with Virtual IPs

    44
    0 Votes
    44 Posts
    9k Views
    stephenw10S

    Mmm, interesting. Two states are created in the firewall, one on WAN and one on LAN.

    It could be the WAN state still giving a problem since the NAT happens before the ACL there so both have the same destination. However the NAT is included in the state so I expect it to still be unique.

    Clearly something is still conflicting.

    Not really anything else we can do there.

    Steve

  • Switching from IPFire to pfSense..............

    16
    0 Votes
    16 Posts
    2k Views
    RicoR

    ...and https://docs.netgate.com/pfsense/en/latest/book/index.html

    -Rico

  • [SOLVED] Cannot access 2 switches on LAN from VLAN.

    18
    0 Votes
    18 Posts
    1k Views
    DerelictD

    Great. Now you can access your switches.

  • pfSense weak DH vuln found with Kali

    28
    0 Votes
    28 Posts
    2k Views
    P

    many thanks for checking /helping and fixing it, to all.
    Really appreciated!

  • RDP not happening

    13
    0 Votes
    13 Posts
    1k Views
    stephenw10S

    Port 1010 which they are using now is commonly used by malware as discussed above. It's probably that triggering whatever is adding it to the blacklist.

    They can forward from any port so just choose some higher unknown port.

    If his Router is open to the internet he has bigger problems! But it might be because you are coming from a known subnet he has opened rules for.

    Steve

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.