• This topic is deleted!

    1
    0 Votes
    1 Posts
    3 Views
    No one has replied
  • rule error There were error(s) loading the rules: /tmp/rules.debug

    4
    0 Votes
    4 Posts
    1k Views
    stephenw10S

    Do you have a wireguard connection still? A wireguard interface?

    If not you should remove (or disable) those rules with that alias in them.

  • cyberstudent with basic questions about interface configurations

    61
    0 Votes
    61 Posts
    6k Views
    JonathanLeeJ

    @JKnott COOL!!

  • Not receiving down emails multi-wan in failover config in 24.03 SG1100

    17
    0 Votes
    17 Posts
    638 Views
    M

    @stephenw10 said in Not receiving down emails multi-wan in failover config in 24.03 SG1100:

    Wow there's no Ethernet when it's acting as a router? That sucks.

    Some other router in between then might be your only option then. Two gateways with the same address is a conflict and can never work correctly. The only exception to that is for PPPoE links because they are point to point connections. Butt even then some things will misbehave.

    I think I misspoke; the Ethernet apparently does work when their router is enabled and from some more reading it appears it does use the SL router's DHCP to serve a different IP address range to the Ethernet in the 192.168.1.0/24 set. Ok, yay. In bypass mode, the SL router's DHCP server is disabled and the dish's own 192.168.100.1 address is served to the pfSense. From the dish, so pfSense gets the same IP from each dish.

    It certainly does suck, though, because I still want the WiFi completely off. I have my own access points and the SL WiFi will pollute the airwaves with traffic that is useless to me. I'll have to keep looking to see if there's a way to shut off WiFi without bypass mode, so I can keep the SL DHCP server delivering different IP addresses than the dish range. So far it doesn't seem so.

    Starlink as a company behaves as if it were founded by a control freak. Strange.

    While they have built a groundbreaking and well-functioning service in many respects, their terrestrial consumer-facing engineering seems to be where they assign the unpaid summer interns.

    I appreciate your help and attention. Best regards.

  • Unknown 10.x.x.x address

    17
    0 Votes
    17 Posts
    1k Views
    stephenw10S

    Mmm, indeed. If you really need UPnP then lock it down to only known devices.

  • 0 Votes
    3 Posts
    385 Views
    C

    I ordered two of these and put them in my Netgate 6100 Max with TNSR and they are not recognized. Running 22.10 software. Does it need an update?

    Well, after reading the reddit post and seeing this comment - It’s a 10G module, so it won’t connect at 1G or 2.5G - I found my problem. I was testing to a 1 Gig port on a Cisco switch. Moved it to a 10G port on server as a temporary workaround and its up now.

  • NO CARRIER on Protectli NIC

    7
    0 Votes
    7 Posts
    325 Views
    dennypageD

    @stephenw10 Given that the interface status is "no carrier" I don't think there is a physical connection to either a host or a switch.

  • pfSense Todo Widget

    1
    3 Votes
    1 Posts
    183 Views
    No one has replied
  • Interface has license all over it

    9
    0 Votes
    9 Posts
    409 Views
    S

    @stephenw10
    That's good news. Just don't want the issue to carry over and get in a bind.

  • System - Certificates using an ICA or CA generated by pfSense

    6
    0 Votes
    6 Posts
    312 Views
    P

    i agree with backing up any of the files that are changed.

    The openssl.cnf file edits was something I did not see many topics within this forum.

    As I was comparing a signed CSR using a customer ICA/CA generated from the pfSsense web UI against ACME, I wanted to ask this question.

    The signed certificate has an intended use within Cockpit within a number of server (not connected to the internet). Naturally the environment will have a different CA generated.

    While the signed CSR from pfsense works well for Apache, Nginx, HAproxy, etc, other applications were not as accepting. I did add my ICA/CA chain to the server's OS. This lead to me to check out the options in the openssl itself (to see what pfSense uses).

    Thank you for the responses. I was going to attempt to edit the openssl.cnf and try that.

  • SONOS Best current solution for cross VLANS setup ?

    14
    0 Votes
    14 Posts
    2k Views
    johnpozJ

    @CharlesT so the speakers on the iot are the upstream.. But the speakers are not found via multicast they are found via mdns..

    Well that works out for you then I would think you can talk to your speakers from multiple networks.

  • 0 Votes
    28 Posts
    2k Views
    J

    @JohnUtiu Too bad, we could not find out what was going one with the 15.xxx ip's. Maybe the ntopng community has an idea about it. I will let you know if I find out what was going on.

  • TAC Licence question

    4
    0 Votes
    4 Posts
    231 Views
    S

    Notably, the NDI changes when network cards are changed.

  • pfsense crypto QAT Atom Vs G4400 no QAT.

    8
    0 Votes
    8 Posts
    770 Views
    M

    @stephenw10

    Yes I've seen that on my XG210 Rev2

  • upgrade error message in pfsense dashboard GUI

    25
    0 Votes
    25 Posts
    2k Views
    GertjanG

    @QuantumParadox said in upgrade error message in pfsense dashboard GUI:

    I am on version 24.03

    An ID is always something unique. As we are all on 24.03, that number can't be an ID.
    This one is :

    90af6c4c-68bc-480d-9a30-b9f20a0e294c-image.png

  • 0 Votes
    15 Posts
    1k Views
    johnpozJ

    If you had something creating a picture with all your devices.. Say something like this..

    devices.jpg

    And then you had some way to input some parameters like port.. It could show you which other devices the firewall rules allow for..

    But even viewing it gets tricky when you have lots of devices.. This is only showing my wireless devices, and you have to really zoom in to see anything.

    And while pfsense can say hey there is a rule that allows that to these other devices in other networks.. Still doesn't know if that device even listens on that port, or that its own possible firewall allows it. And as you mention how would it know if something like private vlans or AP isolation is deployed?

    Is this AI going to validate every connection is actually possible from the devices IP address you selected as your source? And for stuff on the same network as your client, pfsense isn't involved anyway..

    I have worked on many a different firewalls, Palo's, ASAs, Juniper, checkpoints way back in the day.. The only thing I have seen that would come close to what your asking that isn't graphical is where you can put in some parameter(s) and it will list the rules that mention those parameters, you can do with panorama for the palos.. But not freaking cheap! ;)

    But I do not see how this helps you learn to be honest.. If you want to learn.. Learn how to create the rules you want to allow or block and how to create those.. I mean how many rules could you possible have? Its not like enterprise, previous gig we had over 50 different Palo firewalls in the org, and searching for what rules might allow or block specific traffic was really a requirement.. There were 1000's and 1000's of rules across the org.. Finding out if some specific traffic was allowed or not would of been painful if there wasn't a way to easy search through them..

    Biggest save in search in rules was when someone requested something to talk to something else on port X.. Was to search for if those devices are already allowed to talk to each other one some ports so you could just add the port to an existing rule, etc.

  • ArpWatch troubleshooting

    11
    0 Votes
    11 Posts
    543 Views
    stephenw10S

    After set that checkbox? Hmm, try restarting arpwatch. Though I would have expected that to happen anyway...

  • sg-1100 flashing LED (update available)??

    5
    0 Votes
    5 Posts
    294 Views
    stephenw10S

    You can run: pfSense-led.sh update 0

    That will clear the update alert. It be interesting to see if it comes back. It does look like there may be an issue.

  • 0 Votes
    5 Posts
    727 Views
    B

    Regarding using shellcmd to start the iperf3 server ... be sure to include the "-D" option or your boot-up will hang in difficult-to-identify ways. My start-up command in shellcmd is

    iperf3 -s -D

    If you look at your firewall console and don't see your usual menu or login prompt after setting iperf3 to start on boot, a Ctrl-C will get you unstuck. If this sounds like the result of a painful experience ... well, yes. 😆

  • 0 Votes
    6 Posts
    958 Views
    Sergei_ShablovskyS

    Little update for this shell script in case You have MULTIPLE WAN (and need testing each uplink connection):

    THIS SCRIPT SENDS HEARTBEAT ON ONE (1) CERTAIN TEST ID.

    So, if You need really monitoring all WANS and receiving SEPARATE ALERT on EACH WAN,- You may create several Tests on StatusCake and USING V.2 OF THIS SCRIPT

    #!/bin/sh # HEARTBEAT to StatusCake external monitoring and alerting service # Examples and additional information # https://www.statuscake.com/kb/knowledge-base/what-is-push-monitoring/ # Successfully working on pfSense CE 2.7.X # List of network interfaces INTERFACES="igb10 igb11 igb12 igb13" # StatusCake URL URL="https://push.statuscake.com/?PK=123456764226&TestID=7347942&time=0"" # Loop through each interface and send a curl request for INTERFACE in $INTERFACES do echo "Sending request through interface $INTERFACE" /usr/local/bin/curl --interface "$INTERFACE" "$URL" echo "" # Print a newline for better readability done

    YOU MAY TEST exactly script from Diagnostic / Command Shell TO ENSURE THAT ALL ARE WORKING as expected!

    The result MUST be looks like this:

    Sending request through interface igb0 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 7 100 7 0 0 12 0 --:--:-- --:--:-- --:--:-- 12 success Sending request through interface igb1 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 7 100 7 0 0 13 0 --:--:-- --:--:-- --:--:-- 13 success Sending request through interface igb2 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 7 100 7 0 0 13 0 --:--:-- --:--:-- --:--:-- 13 success Sending request through interface igb3 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 7 100 7 0 0 13 0 --:--:-- --:--:-- --:--:-- 13 success

    P.S.
    1.
    After testing on exactly Your setup, You MUST comment both ‘echo’ command to avoid unnecessary output to terminal.
    2.
    logger’ command not using also: because of a lot of calling (1 time / min, 1 time / 5 min,…) system log would be filled by unnecessary records that not helping You even when You have automatic log aggregator & analyser like Splunk, ELK, Graylog,….

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.