With Snort, set the Memory setting to: AC-BNFA-NQ. Also make sure that you don't manually click the start/stop interfaces icons while Snort is attempting to start as this can lead to duplicate pids.

pgrep snort

This command should only show one pid per interface.

Why I asked is because, for some reason pfsense is acting weird. It started blocking send/receive without changing any of the proxy configuration. Further, it blocked the usual http connection on 80 port whereas proxy users are on 3128.

The configurations that I have edited aren't even been applied though it is saved. I'm suspecting that may be due to the unexpected shutdown. It didn't even after replacing an old back up of it.

What could be the reason

I had the same problem.  I connected via the serial port and backed out of the change.

I temporarily made my WAN a static address and used it for configuration, I changed everything over to VLANS on the interface that was once the LAN, now I don't have a "LAN" interface per se, but a physical interface with several VLANs using it as the parent interface.

I had to add the VLAN interfaces to the DNS forwarder to have them all work correctly.

You will have to know the IP address of the switch somehow, and I doubt it really comes from the ISP.

Anyway, if I understand what you want to do, take a look at this https://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall  Works great for me, generally going to cable modems.

@jimp:

No, and you really don't want to. So long as you give them each a unique hostname (which you should be doing anyhow), you can filter the logs entries to separate files on the syslog server.

Thanks - I already did the filtering. I'll just put some non-logging block rules up for broadcast and multicast traffic to limit the noise.

By the way, for users googling this thread: To separate logging on rsyslog (in case you're on linux), do this:

:FROMHOST-IP, isequal, "192.168.10.3" /var/log/pfsense/pfsense-01.log & ~ :FROMHOST-IP, isequal, "192.168.10.4" /var/log/pfsense/pfsense-02.log & ~

Lars

sorry…
ftp clients are on my LAN where pfsense is installed. This pfsense box has two WAN IP.
they connect to an intenet FTP server

Thanks Phil, I was going to go back and check that, appreciate the help!

First, you should upgrade immediately. You're absurdly far behind at this point.

@kejianshi:

When you have rules you don't need, its too many.

Exactly.

You'll impact performance at some level, but it's way beyond what most any reasonable system will use, well into the hundreds of thousands of rules to make a minuscule difference. If you're running in a high traffic datacenter scenario, that's potentially different. For most office and all home use scenarios, no consideration.

I've done this before with only access to the WAN.

1st.  You started off right by disabling the firewall

pcftl -d

then connect via the wan to the Web GUI.  Don't add any firewall rules at command prompt.

Go to firewall rules > WAN tab

delete the "block private address" wan rule.  Its at the top.  Grey.

Now add a pass rule on the wan to allow you to access the web gui via the wan

at this point you can pcftl -e

Now, very gingerly change your pfsense password to something secure.

Now, at this point I'd configure SSH on the WAN and probably OpenVPN also.

Then I would delete the HTTP / HTTPS pass rule you created on the wan

From this point, if you are doomed to only have access via the WAN, at least you can do it securely.

For anyone who may be wondering "why the heck did you ever do this", its because I was using pfsense only as a VPN server and was forwarding ports from a ddwrt router to a VM running in vmware player.  Just to give a friend access to his LAN remotely without him needing to buy any hardware.

Often you will find the cron job pushes the machine to use more ram and cpu than normal, so it exposes perhaps bad areas of ram that are not normally used, marginal chip cooling, or marginal power supplies.

The defaults are fine for Skype. If you have traffic shaping or limiters configured, you might be throttling it. Otherwise, if you're getting appropriate performance in general for your Internet connection, it's not the firewall. Possibly poor connectivity between your ISP and the other person's ISP, among other possibilities.

Sorry for the delay. I'm not familiar with the business hub but it seems very likely that it is causing the open port reports you're seeing. I'm still not clear how you have it configured.

Steve

Just to post a follow-up, the dnsmasq from the 8.3 package has been working as expected for over a week now. Thanks again.

Hi, ok a few ideas

in "reverse SSL certificate" it is set as "webConfigurator default" should be certif1

tic "Transparent http proxy" as well

What is in your "Integrations"

What is in your "Custom ACLS (Before_Auth)"

In webConfigurator

What is your "SSL Certificate" set to? (should be certif1 not webConfigurator default)

And lastly when you created your Certificate was Server set to Yes (see link)

http://www.sxl.net/guides/how-to-setup-pfsense-ssl-certificate-authority/

I hope this helps

I just ran vmstat -i while I was running iperf against PFSense, and the interrupt rate was unflinching. A flat 40/core, for a total of 120/sec.

Then you could have an offline copy of pfsense and even the forum using httrack ?