You can try to resolve those fqdns as an alias and use that in policy routing. However there's a good chance they resolve to numerous IP addresses. Especially for something like that where anonymising the traffic may be important. They may6 not respond to ping but they do resolve. YMMV!

@stephenw10 just saw that thx,
"By default, the M.2 SATA drive will then be the first drive recognized by pfSense" that's good :)
Thanks for your help!

@stephenw10
Thanks for looking at this and helping me out, when i restarted the states, and toggled some firewall rules after testing with packet capture, it just randomly started working.

ive rebooted a couple times and changed things around and it seems to be good for now, not sure what caused the issue however, but i think i should be good now.

Thank you again for the help.

@stephenw10 said in VM access in LAN pfsense from home network:

add the routes to the Orange Pi directly

Okay, thanks for the idea. initially, I tried to add a path to the router itself, but I did not find such an opportunity. I'll try your idea tomorrow. Thanks for the quick replies, have a nice evening!)

@stephenw10 said in Pfsense 2.6 : Google Map picks last known location:

in some database somewhere

multiple dbs I am sure.. There are a few public ones you can use as an example

https://wigle.net/

It is an interesting problem sure - but its not pfsesnse manipulating your location info ;) I wish it was that simple - then I could easy use my pc for making bets vs having to do it on my phone ;)

Back on Plus - thank you @stephenw10.

Given I do not really mess with my firewall much, this should be stable for a while as long as I do not change any hardware. It would be neat if the NDI did not change with simple hardware changes. I get it, but man alive, I hope I never have to change anything. Time will tell.

Cheers,

@xmacj Perhaps the remote side didn't like something about your original ip address.

I have an ecobee premium (upgraded by ecobee due to wifi issues on a ecobee 3 lite - data drop outs, morse code).

No wifi issues (it's bound to 2.4ghz band). But it does like to phone home to amazon every 50s. None of the amazon features are enabled, but it still insists.

To mitigate this, 2 different measures are in place. On the dns side, only requests to *.ecobee.com are resolved (adguard home). All others return 0.0.0.0 .

On the pfsense side, amazon asn is blocked for this device just in case the dns filters are off (sometimes happens during testing).

@alfredo IIRC this is a FreeBSD issue. I get similar error on my FreeBSD machines in ESXi 7. Does not happen very often but a few times daily. Has never caused any real issues.

Have you tried changing the VMware SCSI controller to LSI SAS instead of VMware Paravirtual? I have read that this can help. I have done so and the LSI SAS machine still has some of these errors.

Cheers,

@stephenw10, that's what i was hoping for! thank you!

@SteveITS I did a cold boot and the serial connection is working now. I was trying serial post boot prior to this and that did not work.

I am good now.

Thank you @patient0 and @SteveITS

@phil-davis said in Traffic Graphc statistics are backwards for LAN interface:

It has always been like that. The graph is with respect to the pfSense interface - so download traffic goes OUT LAN.
The table of clients is with respect to the client - download traffic is IN to the client.
It needs to be this way, because the clients in the table can also be systems out on the public internet (selecting to show "Remote" or "All"). And in that case it looks sensible that the table shows bandwidth out of some public IP and bandwidth in to some LAN client.

Just quoting this comment because, despite being a nearly 10 year old thread, this is the comment that made it click in my head. I had no idea why the graphs worked this way until Phil explained it. Thank you!

@stephenw10 Tried the FreeBSD 15 snapshot 20250227 and it behaves the same way.

@stephenw10 OwnCloud.

@kravenul

First, check why it is slow.
You do this be lookup up what it is doing.
It's one click away : Diagnostics > System Activity

Example :

PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 187 ki31 0B 32K RUN 0 135.7H 100.00% [idle{idle: cpu0}] 11 root 187 ki31 0B 32K CPU1 1 132.5H 90.58% [idle{idle: cpu1}] 85893 root 68 0 150M 64M piperd 1 0:35 8.15% php-fpm: pool nginx (php-fpm){php-fpm} 84969 root 68 0 117M 60M accept 1 0:19 1.56% php-fpm: pool nginx (php-fpm) 65579 unbound 20 0 182M 158M kqread 0 9:16 0.39% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} 65579 unbound 20 0 182M 158M kqread 1 11:33 0.29% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} ....

The top resource intensive process are at the top : mine are "being idle" although I'm still routing 300+ Mbytes per sec right now.

Btw :

The dashboard page, deepening on what widgets you have activated, can be somewhat slow as you said yourself : a lot of resources are needed to update that page every x seconds.
Solution : close the page or look at another, more useful page like the log pages.

@kravenul said in pfSense refuses to reboot:

or simply a corrupted file system

It takes a minute to be sure about that, and deal with it. Go here and click play.

Presumably you made some other backups between 2.4.5 and 2.7.2? Did the sizes increase steadily?

I assume the lagg settings must be correct since it works after re-saving.

It does seem like some issue at boot caused by the delay setting up the lagg I agree.

We need to determine exactly what has failed when that happens.

If the WAN/lagg has a valid public IP and the default route shows the correct gateway then I would expect to be able to ping out from Diag > Ping for example. Even if Unbound (the DNS resolver) fails to start the system itself should still be to ping by IP, to 8.8.8.8 for example.

You may not have the required automatic outbound NAT rules preventing LAN side clients connecting. Check Firewall > NAT > Outbound.

Check the system logs after rebooting. I suspect what you will see is that when the WAN connects and gets an IP it is ignored because it happens during the later bootup process.