@SamR-0 said in Data parasites:

Actually, the graph showed equal tx & rx transfer, which must be a component of how DO works

When you are in "devices on the internet and my local network" mode
you will be sharing whatever other internet PC are requesting. So yes that's how it works, in that mode.

Easy to monitor
"Find out what you’re getting from other PCs—and what your PC is contributing—with Activity Monitor. "

https://support.microsoft.com/en-us/windows/delivery-optimization-in-windows-10-0656e53c-15f2-90de-a87a-a2172c94cf6d

However since you are a single PC and and have no other PC's on your local network to actually share updates with or spread downloads to, the appropriate setting is to turn it off.

"As always, you decide whether you want Delivery Optimization to share parts of downloads between your PC and others on your local network or the Internet. "

It's Microsoft's "Fun" way of saying here use your computer to help us offload demand from our servers. We’ll even tell you how much of a boost your PC is getting from other PCs on the Internet.

Notice when the DO is off you will still get updates (but only directly from Microsoft) in a single PC environment there is zero benefit to having any of it turned on.

Screen Shot 2023-11-14 at 1.59.15 PM.png

Screen Shot 2023-11-14 at 2.00.01 PM.png

@jimp

Cleaning up the PFBNG lists (deleting many that were not downloading) seemed to resolve this issue. Now, on to an all new issue with SNORT after upgrading!

Thanks!

Yes, but it looks like it may have a significant bug.

In general ZFS may try to use more RAM than other filesystems (like UFS) but a lot depends on the actual usage patterns. Reads cause ARC (read cache) to increase which increases RAM useage, writes wind up in a different location, simplistically "transaction groups". Writes are held until either a timer expires (nominally 30secs) or a lot of items need to be written (not sure but on the order of maybe 4K or 4M).

A firewall would be mostly writes so I'd expect it to go up and down if you are logging a lot. Not sure if pfSense is creating a RAM disk for anything, but that would also increase useage.
The cached memory could be ZFS buffers, could also be network buffers.

@bmeeks
Say no more. The move to a software model that you have to pay for and has exclusive features is the only thing that makes sense.
I understand the hangups people have on the whole CE vs Plus debate and i certainly understand how the messaging on that may have rubbed folks the wrong way but people need to understand that it costs money to make money.

@JonathanLee said in Squid gone now what:

DNS versions don't work, they bypass the DNS with DoH or https3 dns

Long/detailed doc on how to block those:
https://jpgpi250.github.io/piholemanual/doc/Block%20DOH%20with%20pfsense.pdf
from:
https://jpgpi250.github.io/piholemanual/

@michmoor said in Random disconnect:

@stephenw10 @bmeeks
Is that with ANY interface state change or only when an interface is a wan-type?

A flapping interface is not uncommon. So if i have a DMZ leg that is flapping does that mean my LAN -> WAN flows will be impacted? Essentially 2x interfaces that have nothing to do with DMZ will see an outage?

I believe it is either a physical link status change or the execution of ifconfig up or ifconfig down that triggers the restart all packages command. And I think dpinger will trigger that ifconfig up/down command when it fails to reach the monitored IP within the configured time window. I have never examined all the PHP and shell script code for this in pfSense to find every possible trigger.

If it's a policy based IPSec tunnel the only workaround I'm aware of is adding a static route via the LAN:
https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html#static-route-workaround

Steve

Solaris developers that released ZFS under CDDL were setting the stage for everyone else like FreeBSD, IllumOS, the OpenZFS folks to take advatage of things like BEs.

Netgate folk did a very good job integrating the feature with the GUI interface. There are a lot of little bits behind the scenes, keeping them all straight and then presenting them in an easy to use manner is not a trivial thing.

@rloeb said in 4100 upgrade to 23.09 no internet connection:

@keyser Wow. They went general release with that serious a bug? Seems irresponsible. Not many users are going to check Redmine to see whether they should upgrade...

No, it was first discovered right after release as I understand it.

2e3017cc-7fd4-4fca-8014-f09df9ddbf2a-image.png

I had this happen to me recently after a power outage.
For some reason it changed the webConfigurator protocol to http/
I logged in using http and my custom port and changed it back to https/

@jfooobet said in Newbe: Wifi device disconnecting:

ISP router to work as AP somehow

Any wifi router can be used as just an AP, turn off its dhcp server and connect it to your network via one of its lan ports = just AP.. Normally its a good idea to set its lan IP to be on your network so its easier to adjust its wifi settings.

@hacesoft said in Crash Reporter after the PfSense update from 23.05 to 23.09:

it's faster to reinstall it than to repair it, that is, if the firewall is in place. ..

Yup, that is often the case. Unless it's a known issue/workaround.

Hmm. The client side is handled by dhclient and the associated script, it doesn't use either ISC dhcpd or Kea. So changing that should not have made any difference to the WAN.

However if the WAN was pulling an invliad IPv6 lease perhaps then one of those might have been trying to use a bad prefix which would have caused problems. Switching between them may have cleared that.

Yes, the gateway IP doesn't actually matter. For example my ISP here uses a private IP for the gateway but the WAN IP is public which is common for PPPoE.

For other connection types though the gateway is almost always in the WAN subnet which implies if you see a private IP on the gateway you probably also have one on the WAN.
If you see that it means something upstream is NATing the connection so incoming connections to the firewall would have to be forwarded through it.

But even then the block bogons and block private subnets rules would not block traffic from remote clients.

@stephenw10 Indeed, was done by search&replace within a minute. I'm confident we have a stable system now again. Thank you!

Thanks guys, data reset as suggested and the issue was fixed. 👍

☕️

@neil1454 said in 4 LAN ports same ip range:

Just like a commercial router would work.

You mean the soho wifi router you buy the store or online - the ones that come with switchports, and not discrete interfaces..

As mentioned by Steve - if you want switch ports use a switch.. Bridging interfaces is not a switch..

Here a typical block diagram of what makes up those routers your talking about

block.jpg

Notice the "switch" that makes up whats inside of it..