@Robust Have you solved the issue? Where did you find the Dropbear?

@Cowby01 said in file encryption: I want to use pfSense along with some type of encryption to ensure that all server files are not accessible on machines outside the company network. You can use pfSense as gate to your network. By default it lets traffic out but nothing in. You can also limit outbound direction if you desire. But pfSense doesn't encrypt files, that are stored on any other hosts inside your network. You can encrypt data in motion, when you want to access your servers from outside by using a VPN. This can be terminated on pfSense though.

Go here : [image: 1730807712063-264159ed-298c-492f-93da-bf0195c5dc91-image.png] and enter IGMP. Hit the Search button. Pick any of the recent (last 6 months or so) search results. read one or 2 of them. Apply what is suggested.

Thinking more about it, I think my problem is that I don't know what "interface subnets" means for IPv6. Does it mean, "the address of the interface/64", which in my case would be the /56 from my ISP + the prefix configured in pfSense?

@Uglybrian Thank you so much. My LAN3 is working now. I had similar setting to yours: [image: 1730475100254-c49a79ef-7b09-447e-bd92-ccc5005d1f1a-image.png] So the changing the "Kea DHCP" to "ISC DHCP (Deprecated)" has fixed the issue?

Thank you both! This was exactly the issue; subnet was configured incorrectly on the device at 192.168.20.4! Thank you!!

@clawsonn In my case, I had a bad WAN connection that was triggering this issue. It was also making HAProxy crash. As soon as I disabled that WAN (it was a 4g backup), everything went back to normal.

@Terho said in Safe isolation of device under forensics analysis: Any other ideas anyone? How to keep danger for my examination laptop minimal? Use a VM, snapshot it and connect that, rather than the host laptop, to the isolated VLAN. Probably easier to accomplish if you use the latops ethernet.

@flo-0 Good for you www.amazone.com www.cnn.com www.whitehouse.gov www.apple.com www.microsoft.com www.netflix.comto to name some big players all switched. google.com adopted it years ago. Others, like twitter or truthsocial.com have still issues .... ^^

@socrateberserk said in If this is not the right place to post my question, please direct me to the correct one.: I am unable to properly configure pfSense to allow the use of the SSH protocol What pfSense does is : routing, and fire-walling : IP packets. These packets might contain - in the so called payload - fragments of the mail you send or receive, a web server that is sending you a web page you requested, or a DNS answer from a DNS server you've requested zone info. The SSH protocol is the description of that payload. And because it's SSH, the payload i, for pfSense, a complete random set of bits, and pfSense can't do anything with it, as it is encrypted. All this boils down to : pfSense doesn't care about the payload. It doesn't use or 'touches' the payload. Out of the box, when you installed it, pfSense behave like any other firewall router out there : it has a WAN, a LAN, and everything from LAN passes to the WAN. pfSense itself also contains a SSH 'server' so you can connect to it. By default, its disabled. I can connect to my web server, a server rented in a data center somewhere in Paris, from a PC connected on pfSense LAN, just fine. And the other way raound also works : the same server can connect to my Syno NAS on my pfSense LAN also : I opened up the IPv4 port 22 on my WAN with a NAT rule (I've set the source address is the IPv6 of my server. So this is secured. For IPv6 things are simpler : just a pass firewall rule, IPv6 destination is the IPv6 of my NAS, destination port is '22' and source address is also set == the IPv6 of my server, so also secured.

@abesh I have pfsense to use external DNS server and i'm running unbound in resolver mode. [image: 1729446332404-428aface-b662-46f8-bc5f-b8a84403ce41-image.png] DNS Resolver: [image: 1729446388447-aebe7f1b-d29b-4b61-96e7-a369f5868321-image.png]

@AndyRH Awesome ! Thank you :) Isn't the setup then sort of similar to one that I started with ?

@TomNick said in Email Client times out trying to reach mailserver in lan: Mine is on default, still not working "default" means "System default". If this is set in the NAT rule, the setting in System > Advanced > Firewall & NAT > NAT Reflection mode for port forwards is used.

@snippem You might consider static addresses on ULA, though I haven't tried that. Unfortunately, pfSense doesn't filter on MACs, at least not in CE.

@Antibiotic it's a new "feature": https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#packets-with-ip-options You can create a rule above the default allow rule, to block it and not log it: [image: 1729179941069-623a0dfd-a921-40f9-9469-3e9c841b7c86-image.png]

@konacat under LAN it should show a outbound rule make sure you make rules for web traffic and all the ports you need and once that is done delete the pre configured rules. Reference this: https://docs.netgate.com/pfsense/en/latest/firewall/configure.html Keep in mind you need your firewall to be accessible to access the GUI for admin needs, if you mess up that rule it is ok you can console in and set it back. If that happens Reference this: https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html If you looking for NAT (network address translations Reference this: https://docs.netgate.com/pfsense/en/latest/nat/outbound.html Also last one for aliases... Reference this: https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html Hope that helps I would work methodically first make a rule for the GUI so you don't get locked out and after make a list of needs and create rules for it. Keep in mind WAN will block everything inbound unless it originated from LAN going outbound requests and return traffic. It is really secure by default. Again you can really lock it down like Fort Knox if you want and protect the Heidelberg printing presses. (hypothetically speaking)