For connecting new devices I have separated two ports on my switch into a single dedicated VLAN. So I connect the new devices to one of these ports and patch the Ethernet connection of one PC to the other port, this way they are in their own L2 and can't impact the network.

Another solution is to use a Laptop and connect a new device there first for setup purposes. Just don't connect a device with unknown/conflicting settings to your production network.

@gertjan said in Need to enable Rules to allow UniFi based Captive Portal Page?:

If you pass some time with the acme package you could learn it to obtain a free of cost (that is money, not your time) wild card cert.

Hey thank you for this info will look at the package for sure.

It's possible to workarounbd this using outbound NAT on the internal interface but it's ugly:

https://www.netgate.com/docs/pfsense/book/loadbalancing/troubleshooting-server-load-balancing.html#unable-to-reach-a-virtual-server-from-a-client-in-the-same-subnet-as-the-pool-server

Steve

No, I can let you know we have assisted several ISP's at the support desk.

@johnpoz said in Dynamic dns for local (not exterior) ip?:

@jknott said in Dynamic dns for local (not exterior) ip?:

I think this forum needs an emoticon for "WTF?".

Hehehe I agree - what do you think this would look like exactly?

0_1549052899662_wtf.png

Yep, that's exactly what we need. 😉

+1 on blaming Realtek NICs.

I built a machine in the past two years that had Realtek NICs (horrible oversight on my part). Put pfSense on the box and it locked up randomly requiring a reboot to resolve the issue. No log entries or anything else. I also put VMware ESXi onto the same box and had it purple screen a few times (even with injecting an in-line patch to support the NICs).

IMHO, newer Realtek NICs can hang your box w/o logging issues in the OS. Avoid at ALL costs.

No problem - great that you mention such an issue for sure. Now back to our original programming ;)

Can you put in some details of how your doing the speed testing - and maybe now you should retest since its not impossible that the virus/whatever was eating up some cycles/bandwidth

edit: Seems I confused you with the OP hehehe... Thanks for the PM to mention that.. So we are still waiting for the details of the OP and how they did their testing.

@Raffi_ so what are you running pfsense on and are you seeing your full bandwidth.. Is it gig? ;)

It's a default table that is usually populated with local networks that need to bypass policy routing (e.g. LAN to LAN2/DMZ type traffic). It could be empty if you only have one local interface, or if you don't use policy routing.

@penguin-nut said in pfsense WAN on private network:

Disable hardware checksum offload

FYI, documented at https://www.netgate.com/docs/pfsense/book/config/advanced-networking.html?highlight=xen#hardware-checksum-offloading

@jknott I'm not going to jump the gun but I think I found it. I'm using Home Assistant for my home automation and inside it I have setup trackers for devices. I ping the devices and if they do not respond I send a message to my phone telling which device is down. In my code I was still pinging those old IP's.

Lets hope that was it. Thank you so much for your help.

Okay. Thanks for the explanation.

@jimp

Very confusing but ok, thx !
Case to have real syslog server

There is no way to exclude the hostname, it does this to ensure the filenames are unique between firewalls, so if you connect to multiple firewalls, the filenames are not the same.

I'm not sure it makes much difference for the hostname in that context, whether or not you want it to show "pfsense" there or another hostname is up to you.

The most common time I see this is when my cable connection renews DHCP and switches to a different subnet. Some states are still pointing at the old gateway which is no longer valid, thus the error.

I suspect a similar issue happened there, probably as @heper said, it came from the cable modem. Lots of cable modems will hand you a private address if you lose upstream sync.

Do your sniff, diag packet capture on your lan interface... Do you see the syn to your ftp server private IP... If you do not see an answer its not pfsense that is your problem.

Here I just setup a port forward for ftp (21) and can you see me shows closed..

0_1548858567188_ftpRST.png

See how my client on 192.168.2.11 sent a RST... Basically he said to F off ;)

In what way does the the WAN 'go down'? What do you see logged?

Are you running 2.4.4p2? There were some default gateway issues in 2.4.4.

Steve

Im am using only Cisco 3750 switches in the network. It was 100% opperator error.

LOL Read the book!

Thanks Sir

Hmm, so the command remained the same? Just the interfaces in lagg0 that changed?

Steve