@viragomann said in Port Forwarding not honered for .well-known/acme-challenge: @kiokoman said in Port Forwarding not honered for .well-known/acme-challenge: you should consider setting up a split DNS instead if you can You can not. Since you're doing port translation, you need the NAT rule on pfSense. However , I'm wondering why your server use non-default ports fot HTTP/S. With default ports you could go with local host overrides and get rid of NAT reflection. you can use haproxy in this scenario listening on wan and lan instead of opening ports/creating a nats for each pod in Kubernetes, well if you have a couple of pods it doesn't really matter but since I have 50 services running in test / 50 in staging / 50 in production on Kubernetes behind pfsense it would be unmanageable without haproxy for me

@johnpoz said in Blocking DNS over HTTPS. Seems the only way is to fire a shotgun at it: local-zone: "use-application-dns.net" always_nxdomain local-zone: "local." always_nxdomain local-data: "dns.adguard.com. 120 IN A 172.19.19.19" local-data: "dns-family.adguard.com. 120 IN A 172.19.19.19" local-data: "dns.google. 120 IN A 172.19.19.19" local-data: "cloudflare-dns.com. 120 IN A 172.19.19.19" local-data: "dns.quad9.net. 120 IN A 172.19.19.19" local-data: "dns9.quad9.net. 120 IN A 172.19.19.19" local-data: "dns10.quad9.net. 120 IN A 172.19.19.19" Oh, now clear me forget to set option "server:"

What is logged when that happens? How is UPnP configured? What pfSense version is that? Steve

Maybe this will help: https://docs.netgate.com/pfsense/en/latest/hardware/size.html

No worries, glad it helped.

@keyser Thank you for your help with this.

Thank you @viragomann and @Popolou for your help! I will do some more evaluation and consider a smart host.

Hmm, how are the clients configured for IPv6?

That's a filesystem error. Backtrace: db:0:kdb.enter.default> bt Tracing pid 17 tid 100143 td 0xfffffe00513cc1e0 kdb_enter() at kdb_enter+0x32/frame 0xfffffe005187ca60 vpanic() at vpanic+0x163/frame 0xfffffe005187cb90 panic() at panic+0x43/frame 0xfffffe005187cbf0 ffs_blkfree_cg() at ffs_blkfree_cg+0x67b/frame 0xfffffe005187cca0 ffs_blkfree() at ffs_blkfree+0xa9/frame 0xfffffe005187cd00 freework_freeblock() at freework_freeblock+0x62d/frame 0xfffffe005187cd80 handle_workitem_freeblocks() at handle_workitem_freeblocks+0x168/frame 0xfffffe005187cde0 process_worklist_item() at process_worklist_item+0x24c/frame 0xfffffe005187ce60 softdep_process_worklist() at softdep_process_worklist+0xed/frame 0xfffffe005187ceb0 softdep_flush() at softdep_flush+0x11f/frame 0xfffffe005187cef0 fork_exit() at fork_exit+0x7f/frame 0xfffffe005187cf30 fork_trampoline() at fork_trampoline+0xe/frame 0xfffffe005187cf30 --- trap 0, rip = 0, rsp = 0, rbp = 0 --- The first thing to do here is run a manual filesystem check: https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

@stephenw10 okay - thanks. I've updated the default gateway to be a new gateway group that prioritizes cable over cell phone but has the cell phone in tier 2. I'll see what that does the next time the cable connection fails. Thanks for all the help!

So in the real setup the firewall would be at the client or in the 5G network?

@viragomann yes, thank you. assign separately .

@johnpoz Well Just figured it out. It was UNRAID SERVER Problem .. So for people using UNRAID and having pfsense in VM and sharing a folder. PFSENSE has nothing to do with it you need to configure your unraid and then map your address where the sharing folder exists. For instance in windows I had to map the drive for example: \200.200.1.30 (unraid server addy) (this is not my real address but you get the picture) and boom you get access to that folder you wanted to share. OMG 5 hrs later found easy solution but thanks for clearin up the pfblocker has nothing to do with it..

@stephenw10 It seems that it doesn't work. Probably I would have to cancel my contract.

@dennypage I tracked the issue down to Sony TV having a shitty AirPlay implementation. I have another LG branded TV which works with no issue.

You might be able to use the ix0/1 SFP ports with an appropriate module. Otherwise using an expansion card.

@dr21 said in PFsense Router Slow Web Interface Response - "swap_pager: indefinite wait buffer" Error in Logs: I'm running PFsense version 2.7.2 on a mini PC with an Intel Core i3-7020U and 8GB of RAM. The dashboard widgets show 16% RAM usage and 3% SWAP usage, and these values remain stable. I also don’t have any additional packages installed. With no extra packages installed, then I agree with others here who suspect a faulty disk. Odd that you are using any swap space, though. Typically that should show 0% swap usage.

There have been a number of updates in the monthly newsletter and also in the development section here. But essentially, yes, the addition of significant new functionality required more time over the usual release schedule.

Can you ping that IP? It feels like a server block on your public IP TBH.