All you have to do is Diagnostics > Packet Capture on WAN for port TCP 445 then run a scan.

If you get a connection refused (CLOSED) but do not see the traffic on WAN, then something upstream is responding.

If they are responding AND forwarding the traffic to you (which wouldn't make much sense) then you will see the SYN to port 445 on your WAN but no SYN/ACK response because you are blocking the port.

Ok, thanks for confirming.

Probably something changed at your ISP or they were doing maintenance etc. Certainly not unusual.

Steve

@stephenw10:

Yes, keep 400,000. As Johnpoz says above that will be the default value in the next release and in current 2.4.4 snapshots.

Steve

Got it / Thanks

ok look, I actually restored my config after I tried all the possible fixes, i tell you not even a vanilla installation fixes it, and i dont want to bother my self to resinstall pfsense just to post new logs.

you can just use your imagination or common sense and think of those extra packages doesnt exits.

I repeat, I restored my config after I tried everything and gave up posted here to ask help and thus those logs says.
just fyi that pfblocker should not be causing issues anyway since it was disabled as I posted those logs.

@jsaad:

Comcast calls them micro-outages which kills the remote desktop and the phone.

It’s fairly common to see 2-10 seconds outages in cable modems, I see notifications all the time from our system and I normally see this on the same sites repeatedly. Usually ends up being signal fluctuations from somewhere up the street but the ISP don’t deem them problematic enough to fix. Higher latency and jitter are also known issues with these types of service and while most applications work fine with this, VDI and RDS do not. If your customer considers these application critical than they really need to look into a fiber solution. I prefer PRI over SIP for phones but it depends on the business and their current phone system. You could look at a low speed fiber for mission critical applications and push everything else out the modem.

Just a bump on my last question about how to use a DHCP special option setting for assigning VLAN's. Thanks.

Since you haven't checked "Don't pull routes", the NordVPN gateway will be your default gateway. That means that any traffic including that one from pfSense itself (DNS) is routed to the VPN gateway. However, that won't work, cause you are missing an outbound NAT rule for pfSense.

So either check "Don't pull routes" in the client settings or add an outbound NAT rule for 127.0.0.0/8 to the NordVPN interface.
The outbound NAT solution should avoid DNS leaks.

I've been trying to get this to work for a long time but just can't get HAproxy setup correctly with Ombi. Any chance you can do a step by step?

Also, are you using SSL?

Cheers,

Zane

https://www.freebsd.org/cgi/man.cgi?query=pf.conf&sektion=5&n=1

urgent Generate debug messages only for serious errors.

The pfSense devs are using "debug urgent" so it only shows debug messages for serious errors.

Probably not.  All your traffic is going to be within your switch but it depends on where you're putting these clients relative to your bridge.

I don't know why you don't just create a fake WAN and LAN.  Make the WAN a bridged adapter on your LAN, and make the LAN an intnet interface.  Then put server on LAN and attacker on WAN.  Then you have pfSense acting as routing firewall between them.  You can use pfSense's Suricata package instead of needing a third system.

@johnpoz:

Huh… Where did Gertjan say you should do a fresh install?

A fresh install might be good idea if your on say 2.1 trying to go to 2.4 etc.. But you should never be there, you should upgrade asap after new versions are released.. 2.4.x+1 and p1 and p2, if they release, etc..

When they make a statement on if any upgrade caveats, etc.. But I had upgraded through all the 2.x to 2.4... I only went fresh install when I moved to sg4860 vs VM, etc.

Sorry English is not my language so I struggle a bit. Okay If an in place upgrade is possible there is nothing better than that.

Thanks.

set the desktop here to an outside source this morning earlier..    Ill play some more later this weekend.

time2.jpg
time2.jpg_thumb

Sure, but I said "most", not "all".

Can your switches export the Netflow instead?

Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…

UPDATE:

Noticed some threads describing same isssue here
https://forum.pfsense.org/index.php?topic=145990.0

SYSTEM > ADVANCED > FIREWALL and NAT >

Firewall Max Table Entries increased from 200000 to 500000

Will see if that fixes it.