• Cannot set media/speed on PPPoE Connection

    2
    0 Votes
    2 Posts
    2k Views
    stephenw10S

    You can't set the media type on a PPPoE interface (or any type of virtual interface) you have to set it on the parent interface. If you don't have that available because it isn't assigned just add it as an new interface and set it as type 'none'. Then set the media type there.

    What is the actual hardware the WAN is connected to? Are you sure it's not forced to 100Mbps, have you tried connecting to it with something else?

    Steve

  • Pfsense and freenas

    49
    0 Votes
    49 Posts
    18k Views
    stephenw10S

    Those are both FreeNAS issues. The first looks like some problem with jails perhaps? It's trying to rename the virtual Ethernet pair and can't for whatever reason. The second issue maybe DNS related. Read this: https://bugs.freenas.org/issues/4027 Have you recently updated FreeNAS?

    You will probably have more luck on the FreeNAS forum solving those, though many here run FreeNAS.

    Steve

  • Facebook app images and Google Play store app opening very slow?

    7
    0 Votes
    7 Posts
    6k Views
    I

    Wanted to say thank you for this post, I was struggling to figure out why our new android devices suddenly couldn't load facebook on wifi, and it was draining our batteries trying.

    I set it to "none" and off I went. Now I will go back and set up IPv6 locally since my ISP does support IPv6 (I have it getting an address on the WAN side, so I'll setup IPv6 on the LAN).

    Thanks again!

  • Rule for WAN interface to check for connection and connect if not up?

    1
    0 Votes
    1 Posts
    582 Views
    No one has replied
  • PfSense High CPU Load Out Of Nowhere

    6
    0 Votes
    6 Posts
    4k Views
    stephenw10S

    The hardware offloading features available in the System: Advanced: Networking: section of the webgui do not include a complete TOE as referenced in that Wiki page. They only offload smaller functions: TSO, LRO and checksum.

    It looks like there is at least some support for TOE in FreeBSD but you would need to enable in manually in pfSense. Importantly I have no idea how it would interact with pf. As referenced in the wiki article once you've handed off the entire TCP stack to hardware much of the OS internal networking features are by-passed. It could be potentially completely redundant in pfSense.

    Steve

  • Block all traffic on an interface except HTTP/HTTPS (Layer 7)

    3
    0 Votes
    3 Posts
    1k Views
    K

    All of the methods people use to try to examine and filter the contents of HTTPS amount to a MITM attack.  Which is about the same as breaking HTTPS.

  • Gateway address is a part of the subnet

    6
    0 Votes
    6 Posts
    1k Views
    DerelictD

    Tell them what you want.

  • Transparent Firewall with 2 redundant Hosts

    1
    0 Votes
    1 Posts
    568 Views
    No one has replied
  • Adobe - metafile download failed

    3
    0 Votes
    3 Posts
    975 Views
    S

    It looks like it's HAVP as when I remove never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default; from the integrations box, it then successfully downloads.

    I've now added .adobe.com/ to the whitelist and it seems to be working fine.

    Any ideas why this is happening in the first place? Detect broken executables is turned off.

  • Out of State Packets

    5
    0 Votes
    5 Posts
    1k Views
    KOMK

    Good stuff.  Thanks a lot, Jim!

  • Load Balancer showing wrong Status when using Alias's for the port

    4
    0 Votes
    4 Posts
    1k Views
    S

    Unfortunately no, and even for me using single Ports the monitor just always shows the balancer as unknown status :(, tried numerous guides and set ups and none of them work for me on my 2.1 box so i just gave up on it.

  • Interaction with modems

    11
    0 Votes
    11 Posts
    2k Views
    M

    First thanks for all replies.
    The strange thing is that this setup is working (apart https).
    I have luck that my private lan has another subnet than 192.168.1.0/24 (I never use that!).

    Here is an (censord) extract of netstat -r:

    default          z.y.x.5.cust UGS        em1
    z.y.x.5.cust link#3            UHS        lo0
    5.x.y.z/32  link#3            U          em1

    As you can see default gateway is the same address of pfsense… but it works!
    And, I can reach also 192.168.1.1., probably thanks to default route.

    Now I will try to configure modem as bridge or static ip, anyway I would like to understand this thing. It is a dlink dsl320-b

  • Quickest way to switch on/off WIFI interface, OpenVPN, etc.

    6
    0 Votes
    6 Posts
    1k Views
    stephenw10S

    Hmm, not quite sure what to suggest here. A directional antenna perhaps? An external access point would almost certainly be easier.
    I'm tempted to suggest a tinfoil hat.  :P

    Steve

  • PfSense as Nat on Virtuell Server

    1
    0 Votes
    1 Posts
    560 Views
    No one has replied
  • Isolated and controlled guest wireless

    3
    0 Votes
    3 Posts
    881 Views
    H

    That's definitely what I'm going end up doing. What about the P2P and website filtering? How would I achieve that?

  • Disk is full - DHCP stops working

    4
    0 Votes
    4 Posts
    2k Views
    P

    I guess I don't really understand the "filesystem/mounted on:" that is displayed when issuing df.

    "Filesystem" is the actual device that contains some dirs and files - an actual partition on a disk (these days "disk" means spinning disk, CF card, SD card, SSD or even memory-resident virtual-disk). That is physical space that can (and does) fill up.
    "Mounted on" is the place in the logical dir tree that the physical "disk" appears - e.g. partition "/dev/ad6s1" files are found in "/var/squid"

  • Can’t Connect to Port 25

    5
    0 Votes
    5 Posts
    2k Views
    K

    Here are my hmailserver settings and my results using mxtoolbox to connect to my mail server.

    hmailserver-MyComputer.jpg
    hmailserver-MyComputer.jpg_thumb
    hmailserver_internet.jpg
    hmailserver_internet.jpg_thumb
    IP_Range_SMTP.jpg
    IP_Range_SMTP.jpg_thumb
    mxtoolbox-mail-test.jpg
    mxtoolbox-mail-test.jpg_thumb

  • Best way to find out the top source IP addresses from the State Table?

    2
    0 Votes
    2 Posts
    2k Views
    C

    You may find the 'pftop' console command helpful.  Like the normal 'top', it's interactive by default., but it can be scripted as well.  There's a man page here: http://www.eee.metu.edu.tr/~canacar/pftop/pftop.8.html, though I'm not sure the pfSense pftop is in sync with the one described there.  The help text from pftop in a recent 2.2 snapshot:

      pfTop Help       c  - toggle state Cache            f  - set state Filter       h  - Help (this page)              n  - set Number of lines       o  - next sort Order              p  - Pause display       r  - Reverse sort order            s  - Set update interval       v  - next View                    q  - Quit     0-8 - select view directly     SPC - update immediately     ^L  - refresh display     ^G  - clear command entry line     cursor keys - scroll display   Sorting shortcuts:       A  - Age            B  - Bytes          D  - Dest. port       E  - Expiry        F  - From          N  - None       P  - Packets        S  - Src. port      T  - To       R  - Rate          K  - peaK
  • WAN traffic

    2
    0 Votes
    2 Posts
    774 Views
    jimpJ

    WAN is everything going via WAN, so if the VPNs use WAN, then yes, the WAN graph would include the VPN's external/transport traffic.

  • Adding httpS-filtering "of the box"

    4
    0 Votes
    4 Posts
    1k Views
    H

    What you're asking for is not practical. If you want to block HTTPS, simply add a rule to block port 443. The problem is that you'll also block most major services that your users use (Google, Yahoo, Gmail, Microsoft, etc.). If you're concern over what your users are doing behind the HTTPS layer, simply setup an SSL proxy in pfSense. That way, the connection between the client and gateway will be secured, as well as the connection between the gateway and the website. However, the proxy will still allow you to see what's happening inside the HTTPS tunnel and thus block anything that you don't want the user to have access to.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.