I have one of these http://williamknowles.co.uk/?p=16 with a 2Tb external usb drive hooked up to my adsl modem and pfsense wan interface.

This will save more packet capture data over a longer period of time than the the pfsense packet capture which hangs after a period of inactivity relkated in part to the default auto log off setting seen in System, User Manager, Settings tab, Session Timeout which is a default 4 hours.

Might be useful as an alternative packet capture but notethe Rpi only does 10/100 nic speeds so no good on the lan side for most networks but useful for slower broadband connections.

fwiw.

I found the issue, it was snort (even if it was disabled).
so I removed it and google reachable

I did PM KOM and for what he said, my config should be good.

I did a lot of messing around and finally was able to make it partially work.

In my cPanel configuration I made tree DNS ZONES

for example :

a.MyDomain.com
b.MyDomain.com
c.MyDomain.com

All of them are A RECORDS with the IP of my pfSense server.

For some reason, only a.MyDomain.com will work.

The two others won't.

The a.MyDomain.com points to an HTTPS port. The two others to a HTTP port.
Of course both protocols have been enabled in the Reverse Proxy general configuration.

In the "Real Time" tabs, I do see when I type in from an external network the requests for a.MyDomain.com

But i don't see anything when it is for b.MyDomain.com or c.MyDomain.com

So my guess is: when someone types it in a browser, it doesn't even get to pfSense.

But I don't understand why because all three DNS ZONES are perfectly identical!!!

Any idea?

Alright, everyone. Thank you for your help. Got that one up and working perfectly.
But now i have an issue on a new machine, here's a link to that thread

https://forum.pfsense.org/index.php?topic=86329.0

Thanks, that seems to be working.
Google now locks no ssl, and safesearch.

@doktornotor:

Doing this from GUI is troublesome if you are actually using the to-be-bridged interface to connect in the first place. Probably better to just edit and import a config and let the box reboot…

I thought about it, but decided to administer pfSense over the WAN interface.

@stephenw10:

Creating a one interface bridge seems a bit illogical although I see where your coming from.

Probably, but in this case it would only be temporary until the configuration is completed.

Hi,

there isn't enough information posted, is the uverse device configured for outbound NAT or is the WAN of that device being bridged to the PFsense WAN interface?  this is how you should be doing this given that the handoff will make for easier troubleshooting of issues regarding NAT and routing in general, are the VLANs in question being trunked properly to the Cisco Switch?  can you ping the SVI on the PFSense vlan interface?  if so can you ping your WAN interface? if not verify your firewall rules to allow a rule out to the internet from that particular SVI on the pfsense firewall… can the firewall itself ping your TV ip addresses?  do your TV's receive an IP address?

There are just a lot of details about this problem that are unknowns.

switch port to trunk pfsense should be something like:

switchport port trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlans (#)
spanning-tree portfast trunk

verify speed and duplex settings etc..

these are some steps your can try, but by no means all of them.

@P3R:

Rules in pfSense affect traffic coming IN on it's interfaces only. To log what I think you want, both the local source address and the destination (website or other) address in your logs, you should apply logging on the LAN interface rule allowing the traffic. The response to those requests will not, as far as I know be possible to log (and since the request is the interesting part, I see no reason).

Excellent.  Thanks!  You're right- I needed to enable logging in LAN rules.

@P3R:

I'm sorry I have no idea. I almost always use Chrome (later more specifically Iron browser) and can't recall ever having experienced what you report. I wouldn't expect that to be the cause for your issues but I don't use 2.2 yet, only 2.1.5.

After a bit of playing around I (mostly) figured out how to solve this problem.

First of all, I was having problems with the constant reminders because I had too many different machines/browsers connected to the webGUI at once (more than 3).

Second, I figured out how to get the browsers to trust the TLS certificate.  I created a new CA certificate and added it to my Trusted Root CA store.  Then I created a new server certificate off that root with pfsense. <domain.xxx>as the CN, being sure to also set that as a subject alt name.  It took a couple reloads of the page after that (who knows why), but then my browsers now accept and trust the pfsense TLS certificate.</domain.xxx>

Problem solved. Misconfigurated PFsense interfaces was the culprit.

OP donated 20£ as a thankyou for solving the issue and they are much appreciated.

Thanks for the advice everyone.  I looked into, and managed to get the OpenVPN stuff setup and working. You were right, it was super simple to set up and it seems to be working great now!

Thank you!

My issue seems to be related to this one:
https://forum.pfsense.org/index.php?topic=76969.0

I also changed my interface names prior to restoring the config. Anyhow I did not replace any strings within any certificates (AFAIR).

Hey everyone,

I too have been running slow Youtube Video recently.

I searched and searched for a fix but could not find any solution to my setup.

So I logged into Pf and went into the Snort settings.

I turned up the "Detection Performance Settings" in WAN interface settings…

And now I am back up and running full HD 4k and 1080P.

Steps taken:

Services ---> Snort ----> Snort Interfaces ----> Click on "e" or "Edit Snort Interface Settings" on the right

WAN Settings  ------> Scroll Down to "Detection Performance Settings"

Search method -----> changed from default AC-BNFA to AC-NQ

***Warning RAM utilization will spike using AC-NQ

I have 4GB ram and it is running at 87% of 4GB currently.

:o

From the missing-the-forest-for-the-trees department, I hadn't even thought about dumping the serial console. I have a machine hooked up to it now, and will report back if/when I figure this one out. Thanks!

thanks for a direction to look, i will post back my reuslts