• WAN repeatedly going down every few days again

    14
    0 Votes
    14 Posts
    767 Views
    JeGrJ

    @pp-ng said in WAN repeatedly going down every few days again:

    @stephenw10 Also - to get my WAN back to 'online' I went into Interfaces > WAN and just clicked Save and then Activate. I know it runs several scripts or whatever in the background, so not sure which one got me back online, but that did it.

    Sounds to me more like a configuration problem on your WAN or your ISP/upstream provider. That somehow smells like you have DHCP on WAN and your box looses its connection because the DHCP address expired or your provider doesn't "know" it anymore. Or you get a quasi static IP from your ISP and configured it as static IP but your ISP needs to hand it out via DHCP.

    We had some of that use cases in support here and most of them had that exact problem. Saving WAN config brought them online and after a few hours or days the connection dropped 'cause packages wouldn't go out/in anymore. Switching the WAN e.g. from static to DHCP or configuring it the way your ISP needs/wants it could solve that. Or check the ISP modem or %device% depending on your internet. That a manual "save & apply" from WAN brings you back seems to indicate that a manual performed DHCP restart seems to work, so I'd have a look at the way you get your IP from your ISP.

    Cheers :)

  • Googling blocked domains let them through

    3
    0 Votes
    3 Posts
    137 Views
    I

    @Gblenn said in Googling blocked domains let them through:

    @iSagen So fortnite.com and www.fortnite.com are "different" in this regard. You need to add all variants in order to completely block a site...

    Try adding www.fortnite.com and it should block also when searching...

    That did the trick, thank you :)

  • troubleshooting reloading filters

    1
    0 Votes
    1 Posts
    89 Views
    No one has replied
  • Auto apply all "Recommended System Patches"

    6
    0 Votes
    6 Posts
    308 Views
    O

    @bozo-bogd
    if you have found a solution, plz post it here ;)

  • 4G gateway monitoring options

    18
    0 Votes
    18 Posts
    737 Views
    GertjanG

    @deanfourie

    You could run a packet capture for a while on your 4G interface and check what goes out and when.
    Exclude ICMP traffic.

  • Captive Portal enable MAC pass-through for only user login?

    7
    0 Votes
    7 Posts
    313 Views
    N

    @Gertjan

    Thanks for replying.

    We have about 100 users/ staffs usually on my location, most use multiple devices, with other staffs that may come and go from another branch (about 500 total if counting all branchs). The portal was intended to use for WIFI and staff only, so we hooked our pfsense with a VPN connection to our AD (which is on another location) and use it as an authentication backend. But now higher-ups want to add voucher option for guests, previously we just made an account to use exclusively for guests instead.

    We do have VLANS for each departments, separately from the portal WIFI networks. Before using portal, the WIFI was more of a convenient thing (which it still kinda is), with no authentication required.

  • 0 Votes
    6 Posts
    217 Views
    stephenw10S

    Hmm, thats shown as mbps but can I assume it's actually Mbps?

    Does the traffic graph in pfSense itself also show traffic during that iperf test?

    If so It sounds like one of those devices on VLAN2 has the wrong subnet mask set and is sending traffic to it's gateway rather than directly.

  • 0 Votes
    14 Posts
    686 Views
    A

    @stephenw10 said in Comcast email doesn't load on iPhones when connected to network - works on PCs with same settings:

    Ultimately try running a pcap on pfSense for the IP of the phone then try to check the email and see what it's sending.

    I'll try - I haven't actually used pcap previously so will have to figure it out.

  • Access to att.com email

    16
    0 Votes
    16 Posts
    833 Views
    johnpozJ

    @BobL4002 so you can't go here?

    https://currently.att.yahoo.com

    does it resolve from your client?

    $ dig currently.att.yahoo.com ; <<>> DiG 9.16.50 <<>> currently.att.yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41641 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;currently.att.yahoo.com. IN A ;; ANSWER SECTION: currently.att.yahoo.com. 3532 IN CNAME atsv2-fp-shed.wg1.b.yahoo.com. atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.143.26 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.231.20 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.231.21 atsv2-fp-shed.wg1.b.yahoo.com. 3532 IN A 74.6.143.25 ;; Query time: 12 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Tue Sep 03 13:21:59 Central Daylight Time 2024 ;; MSG SIZE rcvd: 159

    what about in pfsense dns host lookup?

    dns.jpg

  • Unavoidable freeze first reboot after install

    7
    0 Votes
    7 Posts
    259 Views
    M

    @stephenw10 I just resorted to using opnSense, WiFi interface is detected straight out of the box through iwlwifi (It's FreeBSD 14) and no weird boot problems thus far. Thank you for the quick response, but I believe I might need some missing software/drivers or tweak the configuration accordingly, and I'm not getting much information on what's missing either, so I'm not going through that unnecessary rabbit hole.

  • 0 Votes
    13 Posts
    835 Views
    LaxarusL

    @stephenw10 nope, there is no static routes defined.

  • Logged in As - Webui

    6
    0 Votes
    6 Posts
    601 Views
    M

    @stephenw10 copy that. Along with over 300 APIs 🙌

  • pfSense Crash, 2nd occurrence

    2
    0 Votes
    2 Posts
    102 Views
    K

    @Matt2 That looks like https://redmine.pfsense.org/issues/15684
    The fix is already in 24.08.

  • 2100 with ASUS EBA63 Access Point - DHCP Issue

    10
    0 Votes
    10 Posts
    487 Views
    stephenw10S

    Well there are quite a few Unifi users here so you'll likely see more assistance setting that up. If you need it.

    Both should work for this though.

  • Need some routing assistance with pfSense, DMZ and WebSite

    30
    0 Votes
    30 Posts
    1k Views
    johnpozJ

    @ILO_EWS traffic comes into the wan - that is what is connected to the internet.. Then pfsense would port forwarded it to the IP you set to forward to on your dmz..

    If the traffic never hits your wan, kind of hard to forward it to your IP in your dmz.

    This an example of a port forward.. You should have a port forward rule

    portforward.jpg

    Which would by default create the firewall rule you need

    wanrule.jpg

    So the port forward says any tcp traffic on port 23040, send it to my plex server that is on 192.168.9.10 on port 32400

    The firewall rule allows this.. The only difference really in mine is that I limit what IPs can be forwarded to IPs that are in my pfb_allowPFb alias, which is the IPs that check if plex is available, both from plex check, and my own checks to notify me if plex goes down. And your IP also has to be a listed US ip.. All of my users are in the US.

    But traffic never hits my wan ip, pfsense could never forward this. You will notice have forwarded 6.22GB of traffic through this rule since the last time those counters were reset.

    If when you do a packet capture on pfsense - and do say a test from that can you see me site and you never see anything hit pfsense wan interface how could it ever forward it?

    here via a packet capture I can see on my wan traffic come in on port 23040, and in my case an answer back - but if that traffic never comes in on 23040 pfsense could never forwarded it to be answered.

    trafffic.jpg

  • Pfsense as conditional forwarder

    3
    0 Votes
    3 Posts
    214 Views
    M

    @johnpoz nice 👍
    Appreciate the quick reply

  • nginx errors in log

    3
    0 Votes
    3 Posts
    187 Views
    A

    @stephenw10 Thank you!

  • Using PFSense as a ddns server

    2
    0 Votes
    2 Posts
    141 Views
    stephenw10S

    I would probably setup VPN between the two locations so you can access it using the internal private IP. The client side can be at the dynamic site where it connect out to he fixed site.

    I would also connect from home over VPN too.

    Steve

  • SG-2440 un-reachable via PUTTY or GUI

    53
    0 Votes
    53 Posts
    3k Views
    dareysD

    @stephenw10

    Hello Stephen, thank you for the feedback.

    I read about the part here :

    https://www.marvell.com/content/dam/marvell/en/public-collateral/transceivers/marvell-phys-transceivers-alaska-88e1543-product-brief-2012-07.pdf

    I am not an electronics expert but what I read mentions only the eithernet ports, so yes, replacing it might not fix the problem completely.

    My friend indicated that from the start but at this point, it might be worth the TRY if the part and labour are not too expensive.

    I will keep you posted, thank you.

    Jean-Pierre

  • Iftop not capturing vlan traffic, promiscuous mode enabled

    5
    0 Votes
    5 Posts
    263 Views
    GPz1100G

    Right. I see two workarounds.

    Use netgraph ; this would achieve the result of stripping vlan0 from any traffic but also adds overhead. The whole goal over the last few years was to get away from netgraph (Thanks @cmcdonald ).

    Use a switch between the ont and wan ports that strips vlan 0 tags. There's several out there that are known to work (https://github.com/owenthewizard/opnatt). This is the route I went.

    This solution works well because the ONT is external. This won't work for those on gpon with sfp direct to firewall. Would need a similar arrangement for something in between the sfp and firewall to handle the vlan 0 stripping.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.