• PFSense rewriting all traffic?

    32
    0 Votes
    32 Posts
    4k Views
    johnpozJ

    @dgarner that rule to 50000 shows a state.. So pfsense sent on the traffic at least.

    Here is what I always tell users having issues with port forwards - sniff!

    So you can prove to yourself that pfsense is doing what it is suppose to do.. So you stop looking at pfsense as the problem.. Pfsense has one job here.. To pass on traffic to where your forwarding.. If it does that, its job is done.. And well yes return traffic.. But all of that can be seen with simple sniffing

    Go to can you see me.. Send traffic to your port 50000, while you sniff - you see it hit your wan, then sniff on lan side where this 10.0.0.x address is.. Do you see pfsense send it on to that IP.. Does that IP send back an answer to pfsense? Is it a RST? Do you not see an answer?

    If you do not see an answer - firewall on the host, or pfsense not the gateway. Or something wrong with proxy on that host.. If you see a RST back - then that host said to go away.. And there is nothing pfsense can do about any of those - other than maybe if you source nat the traffic to circumvent firewall on the host your sending traffic to by making it look like the traffic came from pfsense IP on that network - but that is not a good idea normally.

  • no WAN after reboot | gets WAN if unpluging/pluging

    9
    0 Votes
    9 Posts
    1k Views
    A

    Replying here on an old thread because I had the same issue. I made an account here just to reply for anyone in the future.

    In my setup, I have my standard gateway DHCP all disabled, passthrough to the pfsense.

    There must have been an IPV6 conflict on the WAN side pfsense, because after I disabled the IPV6 DHCP on the WAN adapter, the issue went away.

  • Strange Error with pfSctl

    8
    0 Votes
    8 Posts
    1k Views
    fireodoF

    @stephenw10 said in Strange Error with pfSctl:

    Hmm, well if it's hitting SWAP that will slow everything down significantly.

    Now after a few days the error didnt come back - RAM exhaustion and SWAP usage seams to be the culprit for that error. Hoping that the Memory leak in 2.6.0 is closed in 2.7.0 (Memory leak)

  • Port forward not working for LAN

    3
    0 Votes
    3 Posts
    427 Views
    stephenw10S

    @techiemike said in Port forward not working for LAN:

    if I use the diagnostics to test the port I get connection failed

    If the service doesn't respond to a basic TCP test from the same subnet then it's probably something basic like the wrong bridge assigned on one of the interfaces in Proxmox.

    Can pfSense even ping the internal host?

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    10 Views
    No one has replied
  • L2TP/IPsec with pre-shared key in PFsense

    3
    0 Votes
    3 Posts
    448 Views
    A

    @stephenw10 Thank you I will have a look at it

  • What security measures do you have in place at PFSense?

    15
    0 Votes
    15 Posts
    2k Views
    Yet_learningPFSenseY

    @jonathanlee
    Thank you. I did not know that Suricata can be configured to block Nmap attacks. The image you provided is very helpful. Crackers are said to "taste" the target router,

    and when they attack the same target again (the victim notices an anomaly and resets the entire network), they use Nmap to investigate the manufacturer and model of the router. If such a thing happens, knowing whether the attacker came to "taste" with Nmap could be a clue to record the attacker's footsteps.

  • IPSec traffic comes in, but never goes back out

    8
    0 Votes
    8 Posts
    935 Views
    stephenw10S

    If you're able to I would check the packet counters on each tunnel. That does mean other traffic not using it which may not be possible.

    I would bet this is a missing P2 though. Can we see what you have configured?

  • pfSense VM & Virgin Hub 4

    2
    0 Votes
    2 Posts
    347 Views
    stephenw10S

    The local private subnet is usually just to access the modem for diagnostics and it's usually only available when the upstream cable connection has lost sync. I wouldn't expect it to appear on a normal connection.
    However you can stop pfSense pulling a lease from the local server by adding it's IP to the Reject leases from field in the DHCP client config on WAN. So it's probably 192.168.100.1 or 192.168.100.254.

    Steve

  • Help with site-to-site VPN

    9
    0 Votes
    9 Posts
    1k Views
    C

    @stephenw10 I re-followed provided wiki and got it working. One thing I had trouble with, all of the sudden was my Wiregard road warrior user setup stopped providing route. Fixed it by pfsense reboot.

    Thank you for your help!!!

  • Swap use in pfSense+ 23.01

    3
    0 Votes
    3 Posts
    517 Views
    J

    @stephenw10 Thanks for the hint, I've installed the package, applied the recommended patches and rebooted. I'll watch ;-)

  • Random Website Outages?

    9
    0 Votes
    9 Posts
    960 Views
    bmeeksB

    @jbob said in Random Website Outages?:

    @stephenw10
    OH FOUND IT. Snort had picked up the IP as suspicious and blocked it. Now just need to figure out how to add an FQDN to the snort pass list

    Create a FQDN alias under FIREWALL > ALIASES in the pfSense menu. Then either create a new Pass List (or edit any existing one already assigned to the interface) and add the FQDN alias to the Pass List. When editing a Pass List, there are controls at the bottom of the page for adding, editing, or deleting IP addresses, networks, and host or network aliases.

    Once the Pass List has been edited to include the FQDN alias, go edit the Snort interface and assign the Pass List using the drop-down selector for Pass List. Save the change and then restart Snort on the interface so that the binary daemon will see the change.

    Note that FQDN aliases are resolved only once every 5 minutes. A host or domain that changes addresses more frequently than that may not be reliably resolved. Also, if the host or domain in question is part of a CDN (content delivery network), then the IP address will likely change too often to be effectively resolved for use in the Pass List.

    Here is a post I created back a couple of years ago when the FQDN feature was added. There are some screenshots in the post of the feature in action, and from those you can also see how to configure them in a Pass List.

    https://forum.netgate.com/topic/160771/new-often-requested-snort-feature-coming-soon

  • No LAN internet

    Moved
    66
    0 Votes
    66 Posts
    14k Views
    H

    @hoandco

    Final SLD with all devices connected
    93fcb284-0676-4063-a735-e2d7c4a1585c-image.png

  • LAN IPv6 Track Interface doesn't work on initial boot

    2
    0 Votes
    2 Posts
    328 Views
    stephenw10S

    Hmm, but OPT1 always does?

    In 2.6?

  • 0 Votes
    14 Posts
    1k Views
    stephenw10S

    It's a miracle! 😁

  • crash report-random reboot.

    16
    0 Votes
    16 Posts
    3k Views
    stephenw10S

    Yeah, if you've removed the IPv6 traffic that was triggering it you should be fine. 23.05 is not far off now anyway.

  • NUT notifications not working on pfsense+

    50
    0 Votes
    50 Posts
    22k Views
    dennypageD

    This has been moved to a new Redmine issue.

  • When can an update be expected? (Please)

    4
    0 Votes
    4 Posts
    607 Views
    R

    @maverickws Well, note that BSDCan is the thing that is later this month... not specifically a release but the CTO made the above comment on Reddit recently and he's someone that would know, I suspect. 😁

  • Quid Proxy Server Throws an Error

    2
    0 Votes
    2 Posts
    366 Views
    stephenw10S

    It's this: https://redmine.pfsense.org/issues/13984

    Resave the reverse proxy page as shown there.

    Steve

  • Log shows repeated denials from several addresses

    8
    0 Votes
    8 Posts
    1k Views
    johnpozJ

    @gertjan yeah because it doesn't come from some ipv6 link-local address ;)

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.