@netblues Actually updated to 2.4.4_1 (or 2.4.4p1 as it says in your thread) and it took care of all of it. Thank you for that first reply you made my search 100% more successful :)

I think I know what it is- proxy ARP on another router causes this problem. Testing it now. I still don't understand why it affects only pfsense.

@johnpoz said in latency of connection monitoring:

Great then ping those - what is the latency..

sorry for the few hours hiatus. I did ping the above, however packets may be dropped as no ping back is received. I heard most game providers do that, probably to lessen the load on servers that i assume may be running at close to full capacity, and, in a conspiracy theory view.... to hide the fact that servers used may be in a different region or may not be as good as players expect them to be.. LOL.
The first reason much more likely.

On PC, the game seems to run better and faster, plus ping is readily available and can be added as an overlay on a corner of the screen, but this is a whole different world.

VLAN 101 is usually required, for residential connections at least.

If you're using one of the Openreach modems they are configured to add that. If you're using some other modem such as in this case you need to add it either at the modem or in pfSense if the modem passes that.

Steve

It's probably connections coming in faster than HAProxy can service them. Once the queue values is exhausted it starts throwing that error.

You can increase that value quite substantially without a problem but it may just delay the problem.

Set a system tunable kern.ipc.soacceptqueue to something larger that the default 128. Try 512.

See if that eliminates the error or simply delays it's appearance.

Steve

NAT+Proxy sets up a service like that for each instance and it appears that one was having some issue. Perhaps the IP you have it running on has been removed or the interface was down.

Running in Pure NAT mode is preferred as it doesn't require such a service. There are very few situation that actually require NAT+Proxy. Setting the NAT reflection type individually for each forward is the best way to avoid something like that though as you have done.

Steve

I tried that in the beginning no change. I have noticed that under the interface status I do get the ip address but the gateway shows pending.

the usb keyboard does work on this computer but when i plug it into the other one it does characters. i plugged in my ps/2(yes i still have ps/2 kb and mouse) it does not show those characters, so you are right it was the keyboard.
thank you for replying. i thought the keyboard was fine but I guess not.

@kom

kill me!

Windows boxes out of the box are going to be Noisy little bastards.. And even if your not using IPv6 are going to put a lot of NOISE on the network via ipv6

You have a few options
Just ignore it and live with the log spam
Set firewall not to log the noise
Configure your client boxes to not send out so much ipv6 noise when your not using ipv6 - with windows easy way is to just disable it.. Take a look here for what option best suites your needs.
https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users

Yes, we do that here. There is some manual work to be done, but see https://github.com/opoplawski/ansible-pfsense/tree/master/roles/pfsense_setup for basically how we do it. I think I still need to figure out how to start nslcd automatically after reboot. /etc/rc.conf.local I thought used to do it, but perhaps not anymore with 2.4.4.

No Not ideally, maybe if you have an ACME/LE trusted cert but even then I would not recommend treating your firewall as a general purpose web server.

Ok it is fixed on the DC instance now.

I simply enabled scrub again and it works. How strange is that? Considering scrub messes with fragmented packets. So with scrub disabled the frag test fails, are you able to test that?

Same fix works on LAN as well.

Ok glad the cause is found, it is odd, but good nevertherless. thanks :)

@grimson Thanks, I do read manual but in this case I don't know where to start so I asked question here and yes I only have 1 physical line (at-least for now), I will add quad gigabit ethernet nic to my PC next month.

The only way is to download the source code, edit the references to pfSense and recompile. You may then use and support the product using the name of your choice.

No.

The pfSense shell :

pfSense - Netgate Device ID: 20cc46dfabc85c78e087 *** Welcome to pfSense 2.4.4-RELEASE-p1 (amd64) on pfsense *** 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell

Option 8 - is a classic shell.
Cisco uses IOS commands, pfSense has a GUI.
With the Cisco GUI (if it has one) you couldn't do all the things you can do with the IOS commands.
pfSense : the other way around.

"Option 8" exists to see the OS file system and to interact with, start some basic or complex "FreeBSD" commands and yes, there are even some less known (and rarely used) made-by-pfSense scripts files.

You cant' manage pfSense purely from the command line.

See also threads like https://forum.netgate.com/topic/125603/cisco-vs-pfsense/9 (and Google can tell you more, as usual)

@mr-newbie thanks for your reply i'm trying to setup user management/privilege in which our users can login with their LDAP credentiel(username and pasword),i want to know why on "system usermanager>settings>test " all are ok but via Diag>authentication,autnetication failed,please can you test "ldap.forumsys.com" or do you know any online ldap server for test on it?(you can see my ldap server config attached)
thanks0_1544691265061_myLdapConfig.png
0_1544691326670_TestLDAP.png