• Why does creating interface take such a long time?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    jimpJ

    Actually in many configurations, pfSense 2.0.x is much faster than 1.2.3 with interfaces. Especially with large numbers of VLANs.

    There are quite a few factors that can go into it though. It really depends on the specific action you're taking that you believe feels slow.

  • 0 Votes
    2 Posts
    2k Views
    jimpJ

    Those come up now and then on FreeBSD lists - since you're basically using FreeBSD in a server role there (mostly squid, and freeradius), suggestions for tuning the values mentioned on the error for FreeBSD in general may be good to follow.

    Have a search/look through the freebsd-stable and/or freebsd-questions archive and the FreeBSD forum.

  • Active Directory Local Auth

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Lightsquid 500 - Internal Server Error

    Locked
    19
    0 Votes
    19 Posts
    8k Views
    A

    Sorry to dig up this old thread, but this happened to me recently, TWICE.

    And the fix for me was to go inside lightsquid config and change the squid log directory to var/squid/log. The default on install tell lightsquid to search on var/squid/logs

  • Bridging two ports for LAN

    Locked
    5
    0 Votes
    5 Posts
    2k Views
    stephenw10S

    You can just reassign the LAN interface from the webgui in Interfaces: Assign network ports:
    Use the drop down to set LAN as bridge0. However there is a strong possibility that when you do that you will lock yourself out of the box. Make sure you have firewall rules in place so that doesn't happen, or some plan to get back in!
    See my post here, particularly the attached screenshots.

    The way bridges are controlled in 2.0.X is in fact better once you realise how it works, it's more flexible. However I agree it's confusingly different.  ;)

    Steve

  • Redirecting all traffic from 1 IP (or alias) to another IP.

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    C

    Not entirely clear what you're trying to do, can you elaborate?

  • OpenVPN Interface show all Dropped Packets in RRD > Quality

    Locked
    2
    0 Votes
    2 Posts
    943 Views
    C

    Means it can't ping whatever you have set as the monitor IP (gateway IP if you don't have any set).

  • Does WAN limit is necessary?

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    C

    What do your traffic and quality RRD graphs look like? That'll tell the story on whether it's that you're just exhausting your bandwidth, or if it's a connection problem of some sort.

  • Email notifications

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    W

    @luke240778:

    Is there a way that an admin can setup so that pfsense sends an email to a certain address whenever a certain user makes any changes?  For example, when user "a" adds a name to Captive Portal MAC passthrough list, that i get an email?

    Also, setting up the email notifications.. cant seem to do it with my email which is hosted by 1and1.com  has anyone else had any luck ?

    Is there any way to have pfSense send me an SMS text, or email when a user logs in to OpenVPN?  This would be very helpful for me.

  • IP Addy Works Domain Name Not So Much

    Locked
    6
    0 Votes
    6 Posts
    2k Views
    johnpozJ

    ^ exactly – it is possible for your machine to have a locally cached record for what your doing that got cached from elsewhere.

    Really need to understand how your resolve, and what what your actually wanting to resolve to make sure your resolving the fqdn your wanting to use correctly.

    a simple ping should show you what the box resolves your fqdn too, which should be the exact same thing your ssh client resolves.

    as mentioned before using actual resolvable stuff as example is bad.  And again I would stress if running your own local zones - I would use something that can never be resolved on the public for your tld, like .local or .lan or .localdomain -- when you use actual tlds that can be resolved public you might be having an issue where its being resolve using public dns vs locally if you don't have something setup correctly on your local nameserver.

  • Load Balancer Monitor explanations

    Locked
    3
    0 Votes
    3 Posts
    3k Views
    U

    Thanks for the explanations. All clear now  :).

  • Drop-outs with Modem Bridged and pf PPPoE

    Locked
    10
    0 Votes
    10 Posts
    5k Views
    O

    @chpalmer:

    Id see if you can find a firmware update for your modem.

    Is it possible your running pppoa on the modem but pppoe on your pfsense box when the modem is bridged?

    Thanks for that and I had checked that possibility.  With different modems, it still dropped.  Remove the Realtek cards,,,,,,no more drops.

    I appreciate you taking the time to reply…........

  • Client by pass Proxy Server using firewall ip as a DNS

    Locked
    6
    0 Votes
    6 Posts
    3k Views
    C

    It has nothing to do with what they're using for DNS, you have to configure your firewall rules to only permit traffic to the proxy and other traffic you need to allow directly out, and not allow HTTP or HTTPS directly out.

  • Lots of STP 802.1w on LAN

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    G

    Yep, figured after research.

    Fixed.

  • How to block brute-force RDP login attemps - SNORT?

    Locked
    6
    0 Votes
    6 Posts
    12k Views
    C

    Distinguishing a legit RDP user vs. a brute force attacker is impossible to do accurately at the network level. Nothing at the network level has that kind of visibility into RDP. Limiting the number of simultaneous connections per IP is the best you can do. That type of scenario has to be detected by the server, or something monitoring the server. To react to it, something on the server or monitoring the server could be scripted to block the IP on the firewall.

  • Dips

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    C

    Not on a 32 bit piece of hardware.

  • Setup server to use specific IP (outbound)

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    S

    Big Thanks to MIQ in the IRC channel!!

    here is how to do it for any future searches:

    Pf sense >firewall>virtual IPs
    add a new rule:
    type ip alias,
    wan interface
    type network
    (IP address/subnet mask)
    save and apply

    Pf Sense >firewall>nat
    outbound tab, save in manual mode then add a new rule:
    leave do not nat unchecked.
    interface wan
    select protocols
    source (your internal server)
    destination any
    translation choose your alias
    save and apply.

    move rule up or down in the outbound mappings.

    If all goes well then that box should go out on the IP specified in your alias

    good luck

  • PfSense 2.0.1 Nics limit?

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    E

    Thanks a lot :-)

  • 0 Votes
    1 Posts
    2k Views
    No one has replied
  • RTMP streaming is blocked

    Locked
    8
    0 Votes
    8 Posts
    14k Views
    K

    @johnpoz:

    "Modem is connected directly on pfSense WAN card"

    Depends if what your calling a "modem" is really a modem and not a gateway.  What is your pfsense wan IP, does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?

    "I have now tracked the problem down to the squid proxy"

    thought you said they could make it work for you since they changed something?

    Modem is the real cable modem. IP of wan is 81.x.x.x

    If you watch the tests in the first post, you see the tunneling of rtmp isn't blocked. I guess they didn't use tunneling in the past, turned it on for a moment (the moment it worked for me) and now turned it back off.

    From what i've read flash ignores proxy settings and tries to use port 1935, 80 or 443 and if this doesn't work alot of website will try to send the data in a capsulated http packet. They don't use that method for some reason. I've tried to add port 1935 to the squid savelist but that didn't fix it.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.