@stephenw10 yes you are correct. It was to their own 853 servers (apple’s pricate browsing feature). I’m not sure exactly what I changed but the warning is gone now.

Aha! Well in that case you should really find out what the asymmetry is and correct that. Using interface bound states is more secure. You may hit that asymmetry still in some other way and see more problems in the future.

It's almost certainly because that server is multi-homed and doesn't need to be.

@stephenw10

Thank you!

After applying all the patches, I no longer encountered any crashes in the pfSense GUI.

Will monitor the system status and this error message;

nginx 2025/06/05 07:28:56 [error] 12856#100360: send() failed (54: Connection reset by peer) while logging to syslog, server: unix:/var/run/log

Yup I see it. I'll reach out to the dev and let him know. Though I think he's at BSDCan next week,

@courtalj You can of course. There are a few ways to reduce writing, and one ZFS change coming in 25.03.

https://forum.netgate.com/topic/195879/netgate-2100-life-expectancy/8

@stephenw10 said in upgraded from SG-2220 to 4200 Max and Internet performance is extremely improved... why?:

Disk speed would only make much difference if you're proxying/caching a lot on the firewall. Which you probably aren't.

But when it's running at the limits of the CPU everything is getting queued. Other services, like DNS, will be slower to respond. It cannot prioritise anything unless it's already dropping/queing at some lower bandwidth.

That's it! It is that the CPU is just bogged down because my Internet has grown to rates that the CPU load (or maybe just bus/RAM load) is taking longer to respond. Not because it's maxed out, but because it's just highly loaded.

Glad you like the 4200! 😁

Yah. I wish I had done this a while ago now. I can't believe how snappy things are.

If you send me your NDI in chat I can make it ineligible for Plus.

Hi guys, first of all sorry for the delay, and thank you for your help. Tonight I started working on it again and I downloaded pfSense version 2.7.2 again from here: https://atxfiles.netgate.com/mirror/downloads/. I didn't use Balena Enhancer anymore, and after trying to reinstall everything, this time it worked.

@stephenw10 The best of times, the worst of times.

Unlikely to hurt in most setups. 100 pings a second is more than most pfSense install should ever see.

Disabling redirect shouldn't cause a problem if your network is configured correctly. In reality you would probably see a stuff stop working in a lot of networks that were being redirected. It will allow you to find those misconfigured devices though. 😉

Yes, exactly that. You cannot downgrade and 2.8 is newer than 24.11. When 25.03 is released it show as an available branch for eligible devices.

@kdmiller61 setup a dynamic dns for your pfsense wan IP that changes. Use that fqdn to access pfsense wan IP, setup a port forward for whatever you want to be forwarded to behind pfsense.

@patient0 Got it, thanks for quick explanation, it is helpful.

It worked. Upgrading to Beta resolved this issue.

341a3275-30b8-41b8-b3d7-a9d65c7962ec-{DAAED6F1-7EDE-4A5D-B887-429036BDE695}.png

@detox You can do that, yes, but you should perhaps remove the SSH Host Keys or stuff that is -or should be- host specific from the XML.

So I'd recommend making a quick checklist what you have to change (e.g. admin PW should really change on the boxes), then backup, remove one or two things from the XML and use it for bringing those other boxes up and work your checklist to change passwords and stuff while also doing the next box.

We had such a prod-line at some point and it worked quite well. If you prepare a FAT32 USB Stick with the XML file, you can use that one to boot up the other boxes and the config will get loaded while booting when the stick is recognized by the PFI/config loader. So you even save on the "login, restore config, reboot" step.

Cheers

[2.8.0-RELEASE][admin@t70.stevew.lan]/root: pkg search pfSense-pkg pfSense-pkg-Avahi-2.2_7 pfSense package Avahi pfSense-pkg-Backup-0.6.3 pfSense package Backup pfSense-pkg-Cron-0.3.8_6 pfSense package Cron pfSense-pkg-FTP_Client_Proxy-0.3_9 pfSense package FTP_Client_Proxy pfSense-pkg-Filer-0.60.6_9 pfSense package Filer pfSense-pkg-LADVD-1.2.2_5 pfSense package LADVD pfSense-pkg-LCDproc-0.12_2 LCDproc package for pfSense pfSense-pkg-Lightsquid-3.0.7_5 pfSense package Lightsquid pfSense-pkg-Netgate_Firmware_Upgrade-0.47.1 pfSense package Netgate Firmware Upgrade pfSense-pkg-Notes-0.2.9_5 pfSense package Notes pfSense-pkg-Open-VM-Tools-10.1.0_5,1 pfSense package Open-VM-Tools pfSense-pkg-RRD_Summary-2.2 pfSense package RRD_Summary pfSense-pkg-Service_Watchdog-1.8.7_4 pfSense package Service_Watchdog pfSense-pkg-Shellcmd-1.0.5_4 pfSense package Shellcmd pfSense-pkg-Status_Traffic_Totals-2.3.2_7 Traffic Totals using the vnStat database pfSense-pkg-System_Patches-2.2.20_2 pfSense package System_Patches pfSense-pkg-Tailscale-0.1.8 pfSense package Tailscale pfSense-pkg-Telegraf-0.9_8 pfSense package Telegraf pfSense-pkg-WireGuard-0.2.9_5 pfSense package WireGuard pfSense-pkg-acme-0.9_1 ACME package for pfSense pfSense-pkg-apcupsd-0.3.92_9 pfSense package apcupsd pfSense-pkg-arping-1.2.2_6 pfSense package arping pfSense-pkg-arpwatch-0.2.3 Arpwatch package for pfSense pfSense-pkg-bandwidthd-0.7.7 BandwidthD package for pfSense pfSense-pkg-bind-9.20_1 BIND DNS suite with updated DNSSEC and DNS64 pfSense-pkg-cellular-1.2.4 Voleatech Cellular Module Interface pfSense-pkg-darkstat-3.1.4 pfSense package darkstat pfSense-pkg-freeradius3-0.15.14 FreeRADIUS 3.x package for pfSense pfSense-pkg-frr-2.0.2_6 FRR package for pfSense pfSense-pkg-haproxy-0.63_10 pfSense package haproxy pfSense-pkg-haproxy-devel-0.64_1 pfSense package haproxy-devel pfSense-pkg-iperf-3.0.5 pfSense package iperf pfSense-pkg-lldpd-0.9.11_3 802.1ab Link Layer Discovery Protocol (LLDP) daemon pfSense-pkg-mDNS-Bridge-1.0 pfSense package mDNS Bridge pfSense-pkg-mailreport-3.6.4_5 pfSense package mailreport pfSense-pkg-mtr-nox11-0.85.6_5 pfSense package mtr-nox11 pfSense-pkg-net-snmp-0.1.5_13 Net-SNMP package for pfSense pfSense-pkg-nmap-1.4.4_8 pfSense package nmap pfSense-pkg-node_exporter-0.18.1_5 pfSense package node_exporter pfSense-pkg-nrpe-4.2 pfSense package nrpe pfSense-pkg-ntopng-6.2.0 pfSense package ntopng pfSense-pkg-nut-2.8.2_5 Network UPS Tools pfSense-pkg-openvpn-client-export-1.9.5 pfSense package openvpn-client-export pfSense-pkg-pfBlockerNG-3.2.8 pfSense package pfBlockerNG pfSense-pkg-pfBlockerNG-devel-3.2.8 pfSense package pfBlockerNG pfSense-pkg-pimd-0.0.3_7 PIMD package for pfSense pfSense-pkg-siproxd-1.1.4_2 pfSense package siproxd pfSense-pkg-snmptt-1.0.0_2 pfSense package snmptt pfSense-pkg-snort-4.1.6_25 pfSense package snort pfSense-pkg-softflowd-1.2.6_2 pfSense package softflowd pfSense-pkg-squid-0.5.3 pfSense package squid pfSense-pkg-squidGuard-1.16.23 pfSense package squidGuard pfSense-pkg-stunnel-5.50_13 pfSense package stunnel pfSense-pkg-sudo-0.3_10 pfSense package sudo pfSense-pkg-suricata-7.0.8_2 pfSense package suricata pfSense-pkg-syslog-ng-1.16.2 pfSense package syslog-ng pfSense-pkg-tftpd-0.1.3_6 pfSense package for tftp server pfSense-pkg-tinc-1.0.35_7 pfSense package tinc pfSense-pkg-udpbroadcastrelay-1.2.4 pfSense package UDP Broadcast Relay pfSense-pkg-zabbix-agent5-1.0.9 pfSense package zabbix-agent pfSense-pkg-zabbix-agent6-1.0.9 pfSense package zabbix-agent pfSense-pkg-zabbix-agent7-1.0.9_1 pfSense package zabbix-agent pfSense-pkg-zabbix-proxy5-1.0.9 pfSense package zabbix-proxy pfSense-pkg-zabbix-proxy6-1.0.9 pfSense package zabbix-proxy pfSense-pkg-zabbix-proxy7-1.0.9_1 pfSense package zabbix-proxy pfSense-pkg-zeek-3.0.6_6 Zeek Network Security Monitor package for pfSense

@stephenw10 said in Logging my daily changing WAN-address:

Yup, that's exactly what we thought. Just waiting for a build to test....

Note that Suricata likely has the same issue. See my comment in this thread for the relevant section of source code: https://forum.netgate.com/topic/197701/error-on-snort-with-if_pppoe/8.

You didn't mention specifically, but we assume you mean you upgraded to pfSense 2.8 Community Edition. Generally speaking, you should avoid pulling the power (i.e. physically unplugging/replugging) as much as possible. When running CE on your own hardware, it's not good for the underlying operating system, FreeBSD, nor pfSense's 'system' files for that matter, to experience an abrupt loss of power.

@stephenw10 @gerdesj Thank you both for the information. I am now looking at posts from BBCan177 and there are indeed plenty. As for the link to the official documentation of the pfblocker package, I'm afraid that it isn't of much help, the information there is somewhat limited.

Thanks to all for the conversation, this was very useful!

👍