Thanks, @SteveITS

I finally saw that it is being updated, which is excellent.

@johnpoz
I do not log block rules. Good point.

@jimp According to this poster, the problem with the Firewall State Policy still exists in CE 2.8. He is using a DSL-Connection as secondary WAN. So the problem is with Port Forwards on WANs which are not the default gateway.

@DaHai8 pfsense doesn't use iptables - so no clue to what your talking about.. That sure didn't fix it.

Detalhando melhor, ja desbloqueei a porta 80 e 443 tanto no pfsense como no winserver22.

Esse é o endereço de conexão com o serviço de BIMserver
cc37acaa-19c5-4311-b846-1600daeb867a-image.png

Pfsense está como firewall+gateway+openvpn
winserver22 | dhcp / dns / ad e aplicações

Funcionamento da Lan está ok, com arquivos, impressoras e etc via WinServer22.
Somente essa conexão entre o BIMserver e os usuários que não está dando certo.

@hacesoft said in Unable to create CRON:

I can't connect to it using the IP address, only the RS232 console works, where I can restart it or hard shut it down

Ah, ok, so not WAN, but all interfaces go stuck.
When that happens, check the most important log files. You can see them using the console, go to /var/log/
Check the last lines of system.log, resolver.log, dhcpd.log and gateways.log.

55 C is somewhat hot but not the end of the world.
My 4100 can reach 55 easily during summer time as I reserve the airco for myself.

@Gianni71

Ok, it's time an azure-expert drops in.

Btw : Your are using this ? Then you have expert support.

@alihashmi

29660dfc-42b3-4d89-bcb3-50ba680a1578-image.png

Something changes, as that is not the default LAN network, 192.168.1.1/24

You had also to change the DHCPv4 server settings.
Overthere, the DNS IP is set to the pfSEnse LAN IP - which isn't 192.168.1.1 any more ,

Btw : the TV image just shows "error".
Nice.
Not what the error is.
Not nice.

Can your TV tell you what its gateway is ?
What its DNS is ?

When you deal with "networking", you have to deal with the details.
Like (a connected Samsung TV nearby) :

4c4325d9-11d7-45c8-a792-3bbcd1e3b59d-image.png

where you can see the IP (less important) and the gateway and DNS - both very important, set to 192.168.10.1 as my upstream router to which the TV is connected uses that LAN IP. The DHCPv4 server in that router gave my TV these parameters.

@Gertjan yes pfsense address is 10.1.0.4

@louis2 said in 1) How to get rid of multicast alarms!? 2) faulty rule behavoir:

@bmeeks

I will study the doc trying to find out how to work around this, however I stick to my conclusion that this is terribly wrong behavoir.

Of course the firewall needs to discriminate packets the correct way, but the resulting effect is definitively not !!

There was a discussion thread about this behavior change when it came out. You can probably find it if you search. I think there may be multiple threads about it over the last year or so. My memory may be faulty, but I think the new behavior came out in pfSense 2.7.2. It was due to an upstream bug fix in pf, the firewall packet filter engine.

@viragomann outboud didnt work, but i changed SiteD as client and now works well.

Thank you so much !!!

@viragomann

There are a lot of things I did always take for granted, up to the moment I had a few things which did not work for some reason and I did start reading the documentation as related to floating rules ..... which really did confuse me start doubt yourself.

@laurens-DS

Ok, I get it "VLAN20 subnets" is a pfSense Interface alias 😊

Your rule 2 :

6fc7dbd2-cf81-46ce-b233-bfcf77b0f4b3-image.png
change the green "VLAN20 subnets" for "VLAN20 address".

@pst 10.10.10.1 is my firewall LAN address. I'm not using pfblocker for any DNS. That part of pfblocker is disabled. Something is reaching out but my state table is only registering the replys.

@QuantumParadox can you run top -HaSP' before killing iftopto see whatiftop` is doing cpu-wise? Is it running while, consuming lots of resources?

On what does box pfSense+ run, what specs, what NICs? And does iftop hang at all download speeds or only when downloading at full speed?

I am trying to play with ntopng and I can't see it get it to run in the command line.

I don't know about ntopng, maybe someone else can step in?

nobody has faced same issue ?
thanks