1. Home
  2. pfSense® Software
  3. General pfSense Questions
Log in to post
Load new posts
  • U

    WAN auto-negotiate incorrectly

    9
    0 Votes
    9 Posts
    4k Views
    U
    I put a Netgear GS110TP infront of my pfsense box as described above. I couldn't get an IP, everything negotiated properly, but no IP. I don't adding a switch will work, maybe a hub but I don't have access to one at the moments. Last night I installed sophos overtop of my pfsense on the same hardware and what do you know it negotiated properly and gave me an IP when plugged directly into the ONT. So I'm kind of sad that that worked so I popped in a different drive installed the latest pfsense again from scratch and it still came back with 10mbps :-/ This is mind boggling… NICs I've tried: HP NC364T PCI Express Quad-Port Gigabit Server Adapter Supermicro AOC-SG-I4 Supermicro X8DTU-F Onboard NICs I guess I'll use Sophos for now until pfsense releases v2.3? My family can't take anymore router downtime. Thanks for the suggestions!
  • B

    DNS_PROBE_FINISHED_NXDOMAIN the first time i open any link.

    Locked
    6
    0 Votes
    6 Posts
    8k Views
    B
    @virgiliomi: The first thing to check, like mer said, is that your computers/clients are using pfSense for DNS (if they're using DHCP, they should be, but check to make sure). However beyond that, I offer a different possibility for the cause of your issues… I think that your problem is likely caused by pfSense's DNS Resolver taking too long to look up the IP address for a site, causing your client to time out the first time you try to access the site. The second time is successful because by that time, the result for the first request has been resolved, so pfSense knows that IP address now and can provide it to your computer. If you have 800ms latency on your connection, then recursive DNS (the default configuration for pfSense) is NOT what you want to be doing. RDNS has your server start at the root for a domain - i.e. .com, .org, etc. - then recurse through the name requesting info from each DNS server along the way. With the latency you have, you're looking at a response time of at least 1.6 seconds just for a standard domain (i.e. google.com). The progression of recursive DNS goes like this: .com -> google.com -> www.google.com = x.x.x.x The faster way would be for your pfSense box to forward a DNS request to another DNS server that can do all of the heavy work faster, and just sends you back the IP address you need. So when you look up www.google.com, your request goes to just one DNS server, not two or three different ones spread around the internet. My recommendation would be to find two DNS servers that are quick to respond for you, put those servers in System > General, then turn on forwarding and see if that improves your situation. You can either go to the DNS Resolver settings and check the box to enable forwarding mode, or you can disable DNS Resolver and enable DNS Forwarder (make sure you follow that order). Sorry i missed your post i had given up on this. Im pretty sure your rite about the cause but unfortunately the fix you suggested did not work. Although now it says "ERR_NAME_NOT_RESOLVED" before loading a few seconds later. And It may be my imagination but it dose seem to be a little faster now. I wasn't able to get the DNS Resolver working with forwarding so im using the DNS Forwarder.
  • A

    Manual l2tp service restart

    2
    0 Votes
    2 Posts
    615 Views
    A
    plz it's important …
  • D

    Alix board - perl exited on signal 4

    3
    0 Votes
    3 Posts
    828 Views
    C
    That's the nature of PBIs, which are gone in 2.3.
  • RangoR

    Can't ping any internet ip from pfsense box. Gatway

    2
    0 Votes
    2 Posts
    744 Views
    M
    Given the wealth of information you've supplied, it could be almost anything. Before you start changing anything more on your firewall have you consulted with Comcast to see if there might be anything wrong with your line out?
  • P

    After power outage cannot connect

    6
    0 Votes
    6 Posts
    2k Views
    P
    @cmb: Ok that rules out the IP conflict theory. What type of WAN do you have, DHCP, PPPoE, ? My next guess is something to do with the WAN not connecting (because the modem hasn't synced up/connected yet) is hanging up PHP, which prevents the web interface from working. I have Cable DHCP I'm thinking maybe your explanation is the only logical one. But I shut the power off and then back on. and left everything for 30 minutes, and I still could not log into the PfSense box, could ping it but not log in and no access to internet.
  • T

    How to access clients that belong to different networks?

    5
    0 Votes
    5 Posts
    2k Views
    T
    thanks for the response, and sorry for having not thanked you guys promptly. Been busy at work, not having much time to play. I understand the AP is easiest and simplest set up. The reason I am using this setup is because I like second router's simple parental control and DNS filtering presets. With AP setup, I have to use pfsense proxy. It is not inyuitive, and I am not sure it is reliable. By the way, the second router is a Netgear R7000 running Asus firmware, merlin variant. This is only for the kids. I have another Access point for the rest of the family. I will review all the responses and play a bit more.
  • E

    Virgin Media L2TP for Static IP's

    3
    0 Votes
    3 Posts
    1k Views
    E
    Hi Chris Really sorry mate, I've not cracked the L2TP with VM's 5 static IP service in modem mode. I pissed and moaned with my best pseudo-litigious vitriol but the best they have done is put me on the trial for the new firmware that supposedly fixes the issue. In fact, for all I know it's probably fixed by now - new firmware appears to be pushed to the box without end user interaction. I'm currently using virtual IP's and 1:1 NAT and that works fine. If your VM box is locking out the lan ports and needing a reboot every couple of days or less, call VM and ask when they're getting the new firmware rolled out. Calling this a business grade internet connection is a joke, the whole point of us paying for static IP's is so we can host stuff from them! It's piss poor that the hardware we have been locked into using is broken. This year I'm going to consolidate all of my isp's/hosting/telephone lines and buying a 100mb leased line it's 400 quid a month but I spend nearly that already and when one or all of these things breaks we, as a company are left bare arsed…
  • G

    APCUPSD on Alix2d13

    1
    0 Votes
    1 Posts
    783 Views
    No one has replied
  • P

    Dynamic vlan

    10
    0 Votes
    10 Posts
    3k Views
    johnpozJ
    You have 3 different networks running over the same Layer 2 sounds like to me if your bridged the 4 nics in pfsense..  That is BROKE setup!!! plain and simple. You can still use the 4 nics each on their own network/vlan or you can lagg them together and connect 4x1g to your switch and then run your vlans on this lagg connection. Since you running different Layer 3 over the same layer 2 you have no real idea if the client are talking to pfsense and then hairpinning to talk to client, or if the traffic is just sent to them directly because they find out the the mac is and just put the traffic on the wire.. Sounds like you have a complete MESS on your hands if you ask me..  If you want to run multiple networks, then these networks need to be different layer 2..  Be it on their own hardware or using a switch that does vlans.  If you want users to be on different networks/vlans based upon their username and password, etc. etc..  Then need to have a switch that can do dynamic vlans, and AP that support this as well.  Not all AP support dynamic vlans based upon auth. Heading out the door - but be happy to post a typical drawing for you to look at.
  • R

    How to configure WAN with DHCP and static IP gateway for multiple ip addresses

    4
    0 Votes
    4 Posts
    2k Views
    ?
    The provider (google fiber) requires the following - You'll need to obtain your IP address via DHCP in order for your service to work. Did you get rid of this problem? They then assigned 6 IP addresses with the first being the gateway address.  xxx.xxx.xxx.9-14 I yould try out the following; at the WAN port using static IP address and set up xxx.xxx.xxx.9/29 and the other 4 IP addresses with 1:1 NAT to the servers inside in the DMZ With the wan set to DHCP where do I enter the gateway static IP address? Someone told me that you only must use DHCP and the first assigned IP address is then the gateway IP address and the other 5 IP address would be able to set up to the servers in the DMZ over 1:1 NAT. My other two units had wan static ip addresses which was a simple setup. Likes me too, but I am interested to this question too.
  • A

    Server @malaysia but cannot connect here @ph with Pfsense

    3
    0 Votes
    3 Posts
    717 Views
    A
    @asistio04: I'm Kinda noob here and company server is located @malaysia so the problem is when we are pinging here ph to malaysia it is ok, but when malaysia to ph, the tracert cannot be completed it always display "Request time out" will vpn will solve this to redirect all connection in our static i.p?
  • C

    [HELP] pfSense VLAN over ADSL - Advanced Setup.

    8
    0 Votes
    8 Posts
    2k Views
    C
    @johnpoz: So it has dual ports built in right?  So you have 1 for wan and 1 for lan.  So you really only need a dual port card to add to its 1 slot that available.  That would give you your 3 wan you need an 1 lan. So I see this off the ebay.my site http://www.ebay.com.my/sch/i.html?_from=R40&_trksid=m570.l1313&_nkw=Broadcom+Dual+Port+1GbE+NIC&_sacat=0 84RM is only $20 USD… I would think that has to be a decent price...  That top one has free postage even, the 2nd one is 30RM postage... Even with the postage these prices would seem reasonable to spend. Those 5709 nics seems to be on the list of compatible cards http://www.dell.com/us/business/p/poweredge-r210/pd Dear johnpoz, Thank you sir for your respond and the link that you suggested. I did my research on the compatible cards and i found a good list of candidates and it should be no problem for me to order and purchase it. 84RM is a good deal considering that it's a dual port, most of the dual ports here costs at least 250RM and above. Anyway thank you again sir.
  • A

    Help with Command Line - Generate Internal CA

    2
    0 Votes
    2 Posts
    622 Views
    jimpJ
    At the moment we don't have a way to generate user certs from the command line. It may not be terribly hard to script for a one-off thing like you're doing, but making a more generally useful script that could be included in the firewall is much more difficult. Even so that only gets you part way there as you'd still have to export them from the GUI, which is much more difficult to automate.
  • T

    Options menu gone in 2.2.6 ?

    2
    0 Votes
    2 Posts
    551 Views
    jimpJ
    You mean on the console? If it gives you a login prompt there, that usually means that the console is password protected. There is an option for that in the GUI under System > Advanced on the Admin Access tab. You should be able to login at the prompt with your admin or root credentials, too.
  • B

    Squid3 / Firewall / DMZ

    4
    0 Votes
    4 Posts
    1k Views
    KOMK
    You could try adding a directive under Advanced features - Custom ACLS like this: acl YourWWWServer dstdomain .YourDomain.tld always_direct allow YourWWWServer This assumes that you have split DNS returning www.YourDomain.tld as a LAN IP address in your DMZ.
  • B

    Use of http instead of tftp in PXE boot environment

    2
    0 Votes
    2 Posts
    1k Views
    jimpJ
    You generally wouldn't want to use the firewall GUI web server as a general web server. It defaults to HTTPS (and should stay HTTPS), and it's best not to mix your roles in that way. On 2.2.x and before, it uses lighttpd, and on 2.3 it is now nginx. You're better off standing up a small but dedicated http server somewhere else on the network to serve up those files instead of attempting to use the firewall as a file server.
  • G

    Download slowness

    2
    0 Votes
    2 Posts
    730 Views
    jimpJ
    Not enough info to go by, check the output of "ifconfig -a", "netstat -ni", and look at the link speed and if there are any interface errors. Could be any number of factors though. What type of WAN is it? PPPoE? DHCP? Static IP address?  Is it cable, DSL, fiber, or what?
  • G

    Log files, BNF format, and jEdit

    2
    0 Votes
    2 Posts
    851 Views
    jimpJ
    You seem to have mixed up a few terms. 1. pfSense log files in general are CLOG format, a binary circular log. You can't open them properly in a plain text editor. 2. pfSense firewall log entries on 2.2 and later are in a form of CSV format described at https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2, the log itself is still a clog file. 3. The "BNF" term is used on the link above is for Backus–Naur Form which is the type of grammar used to convey the actual layout of data in the filter log entries. The log is comma-separated, BNF refers to the way the page shows you how the CSV data can be present in the log entries. Long story short, you'll need to run the log files through clog to get plain text as described in the link on point 1 if you wish to open them in a text editor.
  • T

    How schedule periodic restart of openvpn client?

    2
    0 Votes
    2 Posts
    2k Views
    jimpJ
    Install the cron package and then use "/usr/local/sbin/pfSsh.php playback svc restart openvpn client X" where "X" is the ID of the client you want to restart.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.