• pfSense Slow Inter-Subnet Traffic: 1Gb LAN to 10Gb TrueNAS

    4
    0 Votes
    4 Posts
    42 Views
    S
    @Stefan-Milev Bridging is complex and usually slower than a switch. You'd probably be better off just moving it into LAN if that was your goal. Connecting from LAN to a device on another interface is typically not difficult. Off the top of my head: subnet mask correct pfSense is the gateway on both devices no other route between the devices firewall on the server allows connections from the other subnet pfSense LAN allows connection to the other network (it allows to any by default)
  • Return unique identifier when packet is received from outside system

    1
    0 Votes
    1 Posts
    9 Views
    No one has replied
  • LDAPS 636 problems with pfsense

    11
    0 Votes
    11 Posts
    6k Views
    A
    @mcury THANK YOU SO MUCH FOR THIS, it solved my issue.
  • Filter reload causes CPU and latency spike

    1
    0 Votes
    1 Posts
    25 Views
    No one has replied
  • Packet flow data to orion not hsowing

    3
    1
    0 Votes
    3 Posts
    47 Views
    A
    One more item is that I have an interface group called all_interfaces, and have assigned all my interfaces into that group. All my rules are under that interfaces group. Is that why netflow is only showing sync?
  • 0 Votes
    1 Posts
    23 Views
    No one has replied
  • pfsense plus on Azure - PAT not working

    4
    0 Votes
    4 Posts
    40 Views
    V
    @MtMt Also remember, that access to the RDP server is not allowed from outside of the subnet by default in Windows. You have to configure its firewall accordingly.
  • PHP Fatal error

    7
    0 Votes
    7 Posts
    986 Views
    GertjanG
    @jsseb said in PHP Fatal error: .. but they have been in place since day one. For what it's worth : I'm seeing the same thing : [image: 1759300409504-92aa08e1-c0a0-46cf-b8e6-884b5af6d3c4-image.png] which looks like a floating number, but isn't ... I've 16 of them. Using 25.07.1 for weeks now. So, whatever the issue was, this wasn't it.
  • IP Block List - Do I need pfBlockerNG to block IP Addresses?

    5
    0 Votes
    5 Posts
    700 Views
    johnpozJ
    I use pfblocker for alias management.. While I do have some other just native aliases. I use pfblocker functionality to manage more complex lists. Example - here is my scan deny alias, which contains some asn's and lists from different locations that scan for open ports like shodan, etc.. [image: 1759247068669-scandeny.jpg] And use another list for stuff that need to allow, that might be blocked by list like scan deny - this list contains country based IP lists, and other lists provided by services like plex and monitoring to know if service is up, etc. Which I use to alert me if something goes down. [image: 1759246930777-allow.jpg] I don't really use any of the other features of pfblocker - but I do love its easy management of just native aliases. You can also easy add just 1 off networks/ips etc.. to your alias you create in the bottom custom section [image: 1759247195644-custom.jpg] When bored or whatever I take a look at my firewall log - and notice something scanning but not in my scan deny list, I will look up the details and normally block the whole netblock, etc.
  • Alias edits causing firewall rule black holes

    11
    0 Votes
    11 Posts
    2k Views
    D
    @Gertjan if I run this little bit of php: $file = 'test.txt'; file_put_contents($file, "BLOCK ANY | No internet via this device". PHP_EOL, FILE_APPEND); The piped text is appended just fine to my testfile, so I think the script crash is more related to the code printing the contents of the filter_reload_status file.
  • Outbound ping blocked

    16
    1
    0 Votes
    16 Posts
    6k Views
    johnpozJ
    @revengineer the trick is to figure out where it is coming from. Not sure how to figure out what could of created it. But would assume if it labeled it gateway monitoring - that has to come from somewhere. It could be a bug that creates a block vs what I would think a better idea of an allow rule, to make sure you could always ping what your wanting to monitor.. But it doesn't make a lot of sense to be honest, since there is already a hidden rule that allows pfsense itself to do whatever it wants outbound. Which is where the monitoring would come from - ie dpinger. # let out anything from the firewall host itself and decrypted IPsec traffic pass out inet all keep state allow-opts ridentifier 1000016215 label "let out anything IPv4 from firewall host itself" pass out inet6 all keep state allow-opts ridentifier 1000016216 label "let out anything IPv6 from firewall host itself" Other thing about the rule that you posted that is odd - is why would it be logged? Have you looked in /tmp/rules.debug - this is a full listing of the rules, and shows the rules pfsense creates on its own that are hidden, like when you enable dhcp server, hidden rules are created on the interface you enable dhcp on so it is sure to work, etc.
  • 0 Votes
    3 Posts
    1k Views
    T
    @patient0 Hi! Arris and pre-WAN pfSense are set up for the same IP range on their LANs (but of course they're not connected to my main pfSense simultaneously) and my other networks differ -- there is no IP conflict
  • Is it possible to redirect local traffic

    3
    0 Votes
    3 Posts
    3k Views
    JKnottJ
    @aaronouthier To properly support cell phones and devices tethered to them, you should try to set up your PBX to use IPv6, if possible. 4G & 5G phones are IPv6 only and use a translation protocol to send IPv4 over IPv6 networks. Android phones use 464XLAT. I don't know what iPhones use. There's no need for NAT with IPv6.
  • Big issues related to Firewall logging.

    20
    1
    0 Votes
    20 Posts
    6k Views
    GertjanG
    @louis2 said in Big issues related to Firewall logging.: ... of that a hell of a lot IGMP messages are generated by that rule Overlooked that on. That's a ... euh .. new ;) Since 24.0x or so. Suddenly, IGMP gets logged on rules that don't log. This forum talks (a lot) about it, an what you can do against it.
  • Delete Stale Aliases - Used in Firewall Rules - Find Stale Firewall Rules

    5
    0 Votes
    5 Posts
    3k Views
    M
    @SteveITS Thanks I finally go it resolved! It sure would be nice to have a search box on the dashboard ;)
  • IPV4 broadcast log messages (Syncthing) Correct !!??

    1
    2
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • Error(s) loading the rules...errors in queue definition

    5
    1
    0 Votes
    5 Posts
    4k Views
    U
    Dude.... I feel dumb. There's a "Remove Shaper" button RIGHT THERE! :-) Clicked it, rebooted and so far the error has not returned to my notifications area. I don't expect it to either, since all the lines about queues are gone from /tmp/rules.debug. Glad I came here. Thanks for hand-holding me along, @SteveITS.
  • GeoIP Blocking with pfBlockerNG

    11
    2
    0 Votes
    11 Posts
    6k Views
    S
    …and for a couple years, give or take, MaxMind has required the additional field/info to update so the geoIP data probably isn’t updating.
  • pfSense blocking all DNS

    12
    2
    0 Votes
    12 Posts
    6k Views
    tinfoilmattT
    @DouggaDit said in pfSense blocking all DNS: The firewall is simply unstable. Integrated network aliases don't function. The firewall simply doesn't work. Rules to allow all on specific ports appear to be the only type of rule that work consistently. Attempting to narrow the 'allow' to specific ip addresses or networks fail. User defined and system defined interface-related aliases don't function. This forum is not a good use of my time. I assume the silence is simply bait to get people to switch to paid support. Safe to file this one under did-a-derp-and-kept-digging.
  • reCaptcha blocked?

    12
    0 Votes
    12 Posts
    5k Views
    G
    Fyi, I had previously opened a ticket with the website administrators but have had no reply... until today, after I started this chat. So... they just told me that they're already aware of the issue and it probably has to do with the recaptcha quotas. This website is used by many people so, they probably will have to upgrade the plan. I'm sorry to have taken your time on this, and thank you for that.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.