How were you testing? From some internal device? That would require NAT reflection. But actual external connections would not.

Since traffic can still reach external sites I'd say more likely a rogue dhcp server.

@stephenw10 Started to work perfectly as soon as I set the outbound NAT!

Thank you so much for your patience and your help! I've been using pfSense for quite some time now and I am slowly learning the ins and outs. Unfortunately sometime when I come to the forum the responders to my questions imply I'm an idiot for asking a question and that it is sorely lacking any relevant information. I guess they don't know we all have to start somewhere and if I was as smart as I should be I wouldn't be asking any questions! 😀

Thanks again for your help.

@zedbra That was an issue that cropped up a while ago. That’s basically the fix.
https://redmine.pfsense.org/issues/13132

Yes the gateway is almost always inside the WAN subnet so most of the IP address will be the same.

@michmoor said in netflow and graylog:

Few things ive been able to do with GROK parsing is not to clean up my unbound log files and create fields that are important to me and good for tracking.

I'm running Graylog 5.2 now, had to build gcc 11.1.0+ from source, it took a few hours in my raspberry pi 4 but it is working :)

@michmoor said in netflow and graylog:

I just dont know how to enrich data using dns for IP lookups but thats ok

I'm using PTR for that purpose, if there is something I can help, just let me know.

@michmoor said in netflow and graylog:

Few things ive been able to do with GROK parsing is not to clean up my unbound log files and create fields that are important to me and good for tracking.

Ow, that is really nice :) If it is possible, can you share how you are getting those statistics from Unbound ?

@NollipfSense I know. Ours is set to reject. We hardly see any spam at all.

@coxhaus said in PFsense hardware recommendation HELP!:

Why 12th gen? Is the CPU instruction set that much different?

It was the OP's choice and I just affirmed...

@uber949 2100 or the new 4200

@Popolou thanks

@heisenberg352 Thank you. This did the trick for me as well.

What’s weird is my safexcel cipher chip shows id errors in 23.09.01 and no info. Like it’s having issues.

@johnpoz

I Hera you, just trying different doors …

I guess it’s ok as is after all

It worked for the old package!!! I needed to install the dependency first.

It is installed and working but I can't see it in the package manager is that ok if it is not listed in that area?

pkg install -f -y /tmp/snort-2.9.20_3.pkg

Screenshot 2024-01-11 at 5.59.10 PM.png

pkg install -f -y /tmp/pfSense-pkg-snort-4.1.6_11.pkg

Screenshot 2024-01-11 at 5.58.48 PM.png

working

Screenshot 2024-01-11 at 5.59.45 PM.png

Only Issue: No snort listed..

Screenshot 2024-01-11 at 6.00.56 PM.png

However it is detected with pkg upgrade

Screenshot 2024-01-11 at 6.02.34 PM.png

Yeah it must be auto-negotiated.

Which NIC are you trying to use?

Do you know what the ISP device is set to? Was it previously connected to something else?

@stephenw10 Thanks, I will look forward to when it's released.

They should close this Redmine the templates are listed in 23.09.01 now correctly.

Unless you use a TAP connection to make an even bigger layer 2 segment spanning it all. Which would be bad!

@stephenw10 A cosmic event.

Ted

@stephenw10 I completely removed Suricata and it's been up for almost 6 days at this point.