VLAN 101 is usually required, for residential connections at least. If you're using one of the Openreach modems they are configured to add that. If you're using some other modem such as in this case you need to add it either at the modem or in pfSense if the modem passes that. Steve

It's probably connections coming in faster than HAProxy can service them. Once the queue values is exhausted it starts throwing that error. You can increase that value quite substantially without a problem but it may just delay the problem. Set a system tunable kern.ipc.soacceptqueue to something larger that the default 128. Try 512. See if that eliminates the error or simply delays it's appearance. Steve

NAT+Proxy sets up a service like that for each instance and it appears that one was having some issue. Perhaps the IP you have it running on has been removed or the interface was down. Running in Pure NAT mode is preferred as it doesn't require such a service. There are very few situation that actually require NAT+Proxy. Setting the NAT reflection type individually for each forward is the best way to avoid something like that though as you have done. Steve

I tried that in the beginning no change. I have noticed that under the interface status I do get the ip address but the gateway shows pending.

the usb keyboard does work on this computer but when i plug it into the other one it does characters. i plugged in my ps/2(yes i still have ps/2 kb and mouse) it does not show those characters, so you are right it was the keyboard. thank you for replying. i thought the keyboard was fine but I guess not.

@kom kill me!

Windows boxes out of the box are going to be Noisy little bastards.. And even if your not using IPv6 are going to put a lot of NOISE on the network via ipv6 You have a few options Just ignore it and live with the log spam Set firewall not to log the noise Configure your client boxes to not send out so much ipv6 noise when your not using ipv6 - with windows easy way is to just disable it.. Take a look here for what option best suites your needs. https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users

Yes, we do that here. There is some manual work to be done, but see https://github.com/opoplawski/ansible-pfsense/tree/master/roles/pfsense_setup for basically how we do it. I think I still need to figure out how to start nslcd automatically after reboot. /etc/rc.conf.local I thought used to do it, but perhaps not anymore with 2.4.4.

No Not ideally, maybe if you have an ACME/LE trusted cert but even then I would not recommend treating your firewall as a general purpose web server.

Ok it is fixed on the DC instance now. I simply enabled scrub again and it works. How strange is that? Considering scrub messes with fragmented packets. So with scrub disabled the frag test fails, are you able to test that? Same fix works on LAN as well. Ok glad the cause is found, it is odd, but good nevertherless. thanks :)

@grimson Thanks, I do read manual but in this case I don't know where to start so I asked question here and yes I only have 1 physical line (at-least for now), I will add quad gigabit ethernet nic to my PC next month.

The only way is to download the source code, edit the references to pfSense and recompile. You may then use and support the product using the name of your choice.

No. The pfSense shell : pfSense - Netgate Device ID: 20cc46dfabc85c78e087 *** Welcome to pfSense 2.4.4-RELEASE-p1 (amd64) on pfsense *** 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + pfSense tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Disable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Option 8 - is a classic shell. Cisco uses IOS commands, pfSense has a GUI. With the Cisco GUI (if it has one) you couldn't do all the things you can do with the IOS commands. pfSense : the other way around. "Option 8" exists to see the OS file system and to interact with, start some basic or complex "FreeBSD" commands and yes, there are even some less known (and rarely used) made-by-pfSense scripts files. You cant' manage pfSense purely from the command line. See also threads like https://forum.netgate.com/topic/125603/cisco-vs-pfsense/9 (and Google can tell you more, as usual)

@mr-newbie thanks for your reply i'm trying to setup user management/privilege in which our users can login with their LDAP credentiel(username and pasword),i want to know why on "system usermanager>settings>test " all are ok but via Diag>authentication,autnetication failed,please can you test "ldap.forumsys.com" or do you know any online ldap server for test on it?(you can see my ldap server config attached) thanks[image: 1544691328093-myldapconfig-resized.png] [image: 1544691389087-testldap-resized.png]

fsck requires read-only mode because it operates on the filesystem metadata directly. A read-write filesystem could change in the middle of a fsck operation and break it worse.

@bmeeks said in How do I find this device?: @gregeeh if you do not want this traffic filling up your logs, create a rule near the top on your LAN interface that has any as the source, UDP as the protocol, ff02::1 as the destination address and 10001 as the destination port. Set the rule to drop but not log. Right now that traffic is hitting the firewall's default deny rule and that rule is logging the dropped packet. By inserting your own rule up higher in the chain, the packet is "handled" by your rules and thus never gets to the default deny rule (which is at the bottom of the rule chain). Most helpful. Thank you.